Task sequence examples for FortiClient

The task sequence processes described in the preceding section may be applied to any regular Windows tasks that runs on the command line. This section discusses several example FortiClient configurations that could be completed from the Windows command-line.

The examples in this section list only the command-line commands to be used. When deploying these from the Configuration Manager console, remember to always use the processes discussed this chapter to create the task sequence. The procedure is the same, only the contents of the Run Command Line commands will differ.

Install FortiClient

FortiClient can be installed from the command line using msiexec. In this example, a FortiClient MSI file that is provided on a network shared folder is used to install FortiClient to devices in the client collection.

Use the following commands in a task sequence to install FortiClient on a Windows client device.

1. Connect to a network folder:
   • Name: map_network_drive
   • Description: Mount a network shared directory that contains the FortiClient image to install l Path: \\172.21.85.245\accounts_dept l Drive: G: l Account: vNexttest\administrator
2. Run command line:
   • Name: copy_fct_image
   • Description: Copy FortiClient MSI image from network shared directory
   • Command line: cmd /c copy /y G:\FortiClient.msi c:\temp\FortiClient.msi
3. Run command line:
   • Name: install_fct
   • Description: Install FortiClient using MSI image
   • Command line: cmd /c msiexec /i c:\temp\FortiClient.msi /qn

Ensure that the FortiClient.msi file is available in the network share, and that the network share is accessible to all client devices in the client collection before deploying this task sequence.

Export the FortiClient XML configuration file

FortiClient features may be controlled using an XML configuration file. The configuration file is first exported from FortiClient, modified with a text editor, and re-imported into FortiClient. The XML configuration syntax and usage is documented in the FortiClient XML Reference.

Use the following commands in a task sequence to export the XML configuration file from a Windows client device which has FortiClient installed.

1. Connect to a network folder: l Name: map_network_share l Description: Mount a network shared directory to which configuration file will be copied.
   • Path: \\172.21.85.245\engineering_dept l Drive: M:
   • Account: vNexttest\administrator
2. Run command line:

l Name: export_fct_xml l Description: Export the FortiClient XML configuration file l Command line: cmd /c C:\Program Files\Fortinet\FortiClient\fcconfig -o export -f c:\temp\fct_xml.conf

3. Run command line: l Name: copy_fct_xml l Description: Copy FortiClient XML file to network shared directory l Command line: cmd /c copy /y c:\temp\fct_xml.conf M:\

This copies fct_xml.conf to the mounted share. If there is more than one device in the client collection, they will each overwrite the same file. You may use a batch script to uniquely rename the file as it is copied.

The full path to the FortiClient installation directory is used as a prefix to FCConfig.exe. The value provided in this example is the default on a 32-bit system. The default on 64-bit systems is:

C:\Program Files (x86)\Fortinet\FortiClient If the client collection has a mixture of both 32-bit and 64-bit devices, a batch script may be used to selectively run from the correct platformdependent directory.

Import a modified XML configuration file

Use the following commands in a task sequence to import an XML configuration file into FortiClient in a Windows client device.

1. Connect to a network folder: l Name: map_network_share l Description: Mount a network shared directory that contains the XML configuration file l Path: \\172.21.85.245\engineering_dept l Drive: M: l Account: vNexttest\administrator
2. Run command line: l Name: copy_fct_xml l Description: Copy FortiClient XML configuration file from network shared directory l Command line: cmd / c copy /y M:\fct_xml.conf c:\temp\
3. Run command line:
   • Name: import_fct_xml l Description: Import the FortiClient XML configuration file
   • Command line: cmd /c “C:\Program Files\Fortinet\FortiClient\fcconfig -o import -f c:\temp\fct_xml.conf” The same configuration file is used by all devices in the client collection.

When deploying a custom FortiClient XML configuration, use the advanced Endpoint Profile options in FortiGate to ensure the Endpoint Profile settings do not overwrite your custom XML settings. For more information, see the FortiClient XML Reference and the CLI Reference forFortiOS 5.2.

Upgrade FortiClient

The FortiClient upgrade process is similar to the regular installation. The only difference is the use of a different version of FortiClient during the installation. A reboot is required, but the task sequence should handle this properly.

The same procedure listed earlier for FortiClient installation could be reused.

Uninstall FortiClient

Use the following command in a task sequence to uninstall FortiClient from Windows client devices.

Run command line:

• Name: uninstall_fct l Description: Uninstall FortiClient
• Command line: wmic product where name=”FortiClient” call uninstall /nointeractive The task sequence should process the required reboot correctly.