MatrixIT

actifile

Discovery & Deployment Variables

Everything We Need to Deploy Actifile

Meeting 2 of 3 — Discovery

Prepared by MatrixIT.net

Client: ____________________ Date: ____________________

Meeting Objective

Goal: Collect every variable MatrixIT needs to create the tenant, prepare scripts, and deploy the Actifile agent across your environment. By the end of this meeting, we will also agree on an installation date and confirm the pre-deployment checklist.

Kickoff

Complete

Discovery

Today

Deploy

Weekend install

First Scan

20–90 min

Review

Meeting 3

Section A – Client & Environment

Form A

Company Information
Company name
Primary contact (deployment)
Email
Phone / mobile
Secondary contact
IT decision-maker (if different)

Device Inventory
Windows workstations (count)
Windows servers (count)
Windows RDS hosts (count / sessions)	Enable data-in-use for full desktop RDS
macOS devices (count)
Cloud users (M365 / OneDrive)
NAS shares (count / make / model)
Total endpoints to deploy

Deployment Scope
Environments in scope	Windows workstations Windows servers Windows RDS macOS Cloud – Microsoft 365 Cloud – OneDrive Cloud – Azure Files Cloud – Google Workspaces NAS Other: ______________
Exclusions	e.g. no servers, specific departments only, exec laptops only

AV / EDR / Security Software
AV/EDR product in use
Version
Can Actifile be allowlisted?	Yes – we will do it Yes – need MatrixIT help No / unsure Critical: Actifile must be allowlisted before deployment. See AV/EDR performance guide.

Regulation & Compliance
Applicable frameworks	Matrix IT regulation policies Canada – PII Canada – PIPEDA Global – PCI DSS Global – IT (ISO, SOC, GDPR) Other: ______________
Specific Canadian PII obligations?	Sector, province, contractual
Provincial privacy laws?	B.C. PIPA, Quebec Law 64, etc.
Payment card data processed?	Yes No Unsure
Other contractual / regulatory notes

Section B – Windows Deployment Variables

Form B

Tenant & Install Key
Tenant / customer name As it will appear in Actifile portal
Portal access	MatrixIT only Client also gets portal view
Client portal email (if applicable)
Install key MatrixIT creates tenant and provides key	One per tenant. Same key for all endpoints of this customer. Do not mix keys between tenants.
Where will install key be stored?

Deployment Method
Preferred deployment method	RMM push PowerShell script PDQ Deploy PsExec AD logon script Manual MSI Complete the applicable conditional section(s) below.
MSI distribution path (UNC) FQDN-accessible from all targets	e.g. \\ServerName\installs\Actifile Agent.msi
Who deploys?	MatrixIT Client IT team

If RMM — Complete this section

RMM product	Kaseya VSA v9 (or earlier) Kaseya VSA-X / Pulseway (v10+) ConnectWise Automate N-able N-central Continuum ITarian Acronis Cyber Protect Cloud Other: ______________
RMM version (if known)
RMM agent temp directory e.g. c:\kworking for Kaseya
Existing procedure/script name or ID?
Can RMM push MSI directly?	Yes No – use PS wrapper Unsure

Kaseya VSA note: Ensure spaces in commands are correct; VSA proportional fonts can make a space look present when it is not. VSA-X (v10+) uses standard PowerShell — use deployActifile.ps1.

If PowerShell — Complete this section

Execution policy on targets	Bypass allowed Restricted by GPO Unknown
TLS 1.2 available on all targets?	Yes No Unknown Required for deployActifile.ps1 to download installer
Script distribution path	e.g. \\Server\scripts\deployActifile.ps1
Run as	Logon script (GPO) PsExec push RMM-triggered Manual elevated PS

If PsExec — Complete this section

PsExec share path	e.g. C:\InstallShare (read-only Authenticated Users + SYSTEM)
Computer list file path	e.g. C:\InstallShare\SoftwareInstall.txt (one resolvable name per line)
MSI share UNC path	e.g. \\ServerName\installs\softwareinstall\ (Authenticated Users + SYSTEM read)
Run as SYSTEM (-s flag)?	Yes (-s) No – provide admin credentials
Admin credentials (if not -s) domain\user format	Securely shared; not stored in this document.
Share permissions confirmed?	Yes Not yet – need to set up

If PDQ Deploy — Complete this section

PDQ Deploy version	Free Licensed (Pro/Enterprise)
MSI on shared folder (FQDN)?
Target list source	Active Directory Text file Manual selection

If AD Logon Script — Complete this section

Distribution mechanism	GPO assignment Manual script placement
LAN-accessible MSI path	MSIName and MSIEXEC must reference a LAN-accessible package

If Manual MSI — Complete this section

Who runs installer on each machine?
Install mode	GUI (wizard) Silent (MSIEXEC /quiet)

Rollout Plan
Pilot group	e.g. department, machine list, number of devices
Pilot target date
Full rollout target date
Rollout owner (client side)

Network Requirements
FQDN resolution between machines?	Yes No / need to verify
Firewall rules for Actifile cloud?	Already open Need to configure Unknown
Proxy / SSL inspection in use?	Yes – details: __________ No

Section C – Cloud Deployment Variables

Form C — Complete if cloud is in scope

Cloud Platform
Cloud platforms in scope	Microsoft 365 SharePoint OneDrive for Business Azure Files Google Workspaces (in development)

Cloud Deployment Method
Cloud agent deployment	Windows app – CLI Windows app – GUI Docker container Azure VM
Where will cloud agent run?	e.g. on-prem server, Azure VM, Docker host

Microsoft 365 Configuration
Config file generation method	Via Actifile Portal (auto-generate) Via Azure PowerShell script Via Azure manual setup
Azure app registration access?	Client has Azure admin MatrixIT creates it Need to arrange
Who has M365 global admin?
Who has Azure admin?
M365 tenant domain	e.g. contoso.onmicrosoft.com
Save config files to Actifile DB?	Yes No – store locally

Scan Configuration
Scan interval preference	Default Custom: __________
Google Workspaces status	In use – waiting for support Not in use N/A

Section D – macOS Variables

Form D — Complete if macOS is in scope

macOS Environment
macOS versions in use	Big Sur 11.x Monterey 12 Ventura 13 Other: __________
Chip architecture	Intel Apple M1/M2 Mixed
MDM in use?	Yes – product: __________ No
Scan permissions via MDM needed?	Yes No Unsure See MDM scan permissions guide
Install method	Silent install Manual install MDM push Deployment script

Section E – NAS Variables

Form E — Complete if NAS is in scope

NAS Environment
NAS make / model
NFS-mountable?	Yes No Unsure
Mount point / path
Scan interval preference	Default Custom: __________

Section F – Security & Tamper Resistance

Form F

Tamper Resistance
Enable uninstall key / tamper resistance?	Yes No Decide later Prevents users from uninstalling while encryption is active. Protection only when agent is running.
Who stores the uninstall key?
Tamper detection expectations	Actifile tamper resistance is not tamper-proof; use monitoring/alerting for tamper detection.

Section G – Installation Scheduling

Form G

⚠ Important: Keep All Computers Powered On

During and after installation, all target computers must remain powered on (do not shut down or hibernate) so the initial scan can complete. The first audit typically takes 20–90 minutes per machine. For large deployments, we recommend scheduling the install on a Friday evening and leaving computers on over the weekend.

Scheduling
Proposed installation date
Installation window	Friday evening Saturday Sunday Weekday after-hours Other: __________
Computers on over weekend?	Confirmed – will stay on Need to communicate to staff
Client IT contact during install	Name, phone, availability window
Rollback plan if issues arise	e.g. uninstall script, contact MatrixIT immediately

Section H – Pre-Deployment Checklist

Confirm before install date

Both MatrixIT and the client must confirm all items below are complete before the scheduled installation date.

Client Checklist

AV/EDR allowlist completed for Actifile processes and paths
MSI / script accessible from all target machines (UNC path verified)
Install key received from MatrixIT and securely stored
Pilot device list finalized and approved
Staff notified: computers must remain powered on during install weekend
Client IT contact confirmed and available during install window
Firewall / proxy rules configured for Actifile cloud endpoints
If cloud: Azure app registration created / M365 admin available
If macOS: MDM scan permissions configured (if applicable)
If NAS: NFS mount point verified and accessible

MatrixIT Checklist

Tenant created in app.actifile.com
Install key and uninstall key documented securely
Deployment script/procedure prepared (RMM, PS, PsExec, etc.)
Cloud configuration files generated (if applicable)
Test install completed on pilot machine (if possible)
Follow-up meeting (Meeting 3) tentatively scheduled for post-scan

After deployment: MatrixIT will monitor the first scan. Once the initial audit completes (typically 20–90 minutes), we will schedule Meeting 3 — Post-Installation Review to review scan results and train your team on the Actifile dashboard.