Related Articles

Managing Computers in LAN

 

Patch Manager Plus installs an agent in all the client computers that have to be managed using Patch Manager Plus. The agent properties can also be customized prior to installing the agents. For details on customization, refer to Configuring Agent settings.

This document will explain you on the following:

Installing Agents from Patch Manager Plus Console

 
  • This feature is applicable only for on-premise version of Patch Manager Plus.
  1. The client computers can be added from Admin tab --> SoM --> Add Computers button. This will list the domains and workgroups that have been added.

  2. Click the Select Computers link pertaining to a domain/workgroup. This opens the Select Computers dialog listing all the available computers of the domain/workgroup.

  3. Select the computers that have to be managed using Patch Manager Plus and click OK. You can also manually specify the computer names instead of choosing them from the list. The selected computers gets added to the Selected Computers table in the Add Computers view.

  4. Repeat steps 2 and 3 for adding computers from multiple domains/workgroups.

  5. Select the "Install Agent Immediately" check box to install the Patch Manager Plus agents in the selected computers immediately. When this option is not selected, the computers are only added. You need to install the agents later to manage them.

 
  • If you are trying to deploy agents to Mac/Linux computers, then ensure that you have provided the root credentials for the deployment to happen remotely.
  • Click Done to add the selected computers. All the selected computers gets added to the Scope of Management.

The Scope of Management page will list all the computers that are being managed by Patch Manager Plus along with the status of the agent installation and the agent version.  Agents can also be installed at a later stage, by selecting the computers from Admin --> SoM page and clicking the Install Agent button from the Patch Manager Plus Console.

Installing Agents Using Windows GPO

Windows GPO is a powerful and versatile tool. Patch Manager Plus agent can be installed using the GPO light-weight tool. Follow the steps given below to create a Group policy and link it with OUs and Domains.

Steps:

    1. Download and extract the Agent Installer files (.msi & .mst).
      • Navigate to Admin tab.
      • Under SoM Settings, click on Scope of Management
      • Click on Download Agent.
      • Select the required remote office.
    2. Save the .msi and .mst in a folder location.

      Kindly include DCAgentServerInfo.json file only if the build version is 10.1.2124.1 and above.

        • Download the GPO_Tool.ps1 script on the location where the .msi and .mst files are saved.
        • If you want to configure the policy using VB script, then download and save the script InstallAgent.vbs on the same location.

      (or)

      • In case you want to configure the policy using PowerShell script, then download and save the script PSInstallAgent.ps1 on the same location.
    3. Run windows PowerShell in administrative mode and navigate to that script (GPO_Tool.ps1) location, then execute the script with arguments as mentioned below.

For vb script configuration: GPO_Tool.ps1 UEMS.msi UEMS.mst InstallAgent.vbs

For Build 100653 and above :

  • If SSL third party certificate is uploaded in the server, go to Admin -> Security Settings -> Import SSL Certificates, the below files should be added along with Agent installer files:-
    DMRootCA.crt
  • Specify the script arguments as "UEMS.msi UEMS.mst \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA.crt"

  • If SSL third party certificate is not uploaded in the server, Admin -> Security Settings -> Import SSL Certificates, the below files should be added along with Agent installer files:-
    DMRootCA.crt and DMRootCA-Server.crt
  • Specify the script arguments as "UEMS.msi UEMS.mst \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA.crt and \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA-Server.crt"

    For PowerShell script configuration: GPO_Tool.ps1 UEMS.msi UEMS.mst PSInstallAgent.ps1

  1. In the PowerShell window, enter the name of the GPO to be created and press Enter.
  2. After creating the GPO, enter the distinguished name of the OU or Domainto be linked with. Follow the steps mentioned below to get the distinguished name:
      • Open Active directory users and computers in Administrative tools.
      • Right click on the OU / Domain which you want to be linked with.
      • Select Properties -> Attribute Editor -> distinguishedName -> View

    GPO lightweight tool

    • Copy and paste the value of distinguishedName in the powershell window and press enter.
  3. Now paste the copied distinguished name in the PowerShell window and click Enter.
  4. If you want to 'Add' another Domain, press y and repeat step 5. Else, press n to end the process.
  • If SSL third party certificate is uploaded in the server, go to Admin -> Security Settings -> Import SSL Certificates, the below files should be added along with Agent installer files:
    DMRootCA.crt
  • Specify the script arguments as "UEMS.msi UEMS.mst \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA.crt"

    If SSL third party certificate is not uploaded in the server, Admin -> Security Settings -> Import SSL Certificates, the below files should be added along with Agent installer files:
    DMRootCA.crt and DMRootCA-Server.crt

    Specify the script arguments as "UEMS.msi UEMS.mst \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA.crt and \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\DMRootCA-Server.crt"

     

    Installing Agents Manually

    To install a LAN agent manually, follow the steps given below:

    1. Under SoM, select the Remote Offices tab

    2. In the Download Agent column, against the local office you have added, click the Download LAN Agent icon

    3. Save the .zip file in the computer on which you want to install the agent

    4. Extract the contents of the zip file

    5. Open a command prompt with run as admin privilege and navigate to the location of extracted zip folder and run the command setup.bat

    6. Select option 1 to install agent in this computer

    Installing agents using SCCM

    You can install agents using SCCM by following the steps mentioned below:

    1. Download Agent.
    2. Extract these files and put those files in a shared path, which is accessible by all the computers.
    3. Files to be extracted:
    4. i) UEMS.msi
      ii) UEMS.mst
      iii) DCAgentServerInfo.json
      iv) DMRootCA.crt

    5. Change the shared path location as mentioned in the batch file.
    6. Create an SCCM package with this script.
    7. Deploy the package.

    Installing agents using Microsoft Intune

    You can install agents using Microsoft Intune by following the steps mentioned below:

    1. From Patch Manager Plus server web console, navigate to Agent --> Computers --> Download Agent. Rename the downloaded Agent as Agent.exe
    2. download-agent

    3. Download the zip from this link: https://www.manageengine.com/products/desktop-central/Microsoft-Win32-Content-Prep-Tool-master.zip
    4. Extract IntuneWinAppUtil.exe from the downloaded zip.
    5. Double click the IntuneWinAppUtil.exe and provide the following input
      • Source folder: <directory_of_agent.exe>
      • Setup file: agent.exe
      • Output folder: <output_directory>
      • Do you want to specify catalog folder (Y/N)? N
    6. agent.intunewin will be created in the specified <output_directory>
    7. Use the agent.intunewin app package for deployment in Intune.

    To configure the app package :
    Install Command : "agent.exe" /silent
    Uninstall Command : "agent.exe" /X

    (The above are dummy commands that does not affect installation, and thus can't be used to uninstall agents.)

    Detection Rule : Manually configure detection rule.
    Rule type : MSI
    MSI product code : {6AD2231F-FF48-4D59-AC26-405AFAE23DB7}
    MSI product version check : No

    Now you can deploy the agent through Microsoft Intune to the machines in your network.

    Retry Agent Installation

    Enabling this settings will automatically retry to install the Patch Manager Plus agents, on the failed targets. If the one of the target computer is not reachable, instead of manually retrying to install the agent, you can specify the number of times, the automatic retry should happen. You can also specify the maximum frequency for this to be repeated. The retry process will be performed based on the specified frequency for the specified number of days. Mail alerts can be configured to notify when the agent installation has succeeded on one or more computers. Follow the steps mentioned below to configure retry agent installation process:

    1. Click Admin & tab on Patch Manager Plus web console

    2. Choose SoM

    3. Select Settings

    4. Enable the check box, to retry agent installation process

    5. Specify the frequency and the number of days for the retry process to happen.

    6. Specify the email address to which the notifications need to be sent.

    You have successfully configured the settings to retry agent installation on failed computers.

    Uninstalling Agents

    To uninstall the agents from the computers:

    1. Navigate to Agent > Computers (under Scope of Management) > Select the computers > Click on Uninstall Agent
    2. If Uninstallation Restriction is configured, Enter the OTP prompted, either on the command line interpreter or UI displayed. To view the OTP configured, navigate to Agent > Scope of Management > Computers (in product console) or Menu > Scope of Management > Computers > Actions (in mobile app).

    Removing the Computers

    To remove the computers from the list:

    1. Navigate to Agent > Computers (under Scope of Management) > Select the computers > Click on Remove Computer(s)
    2. The Patch Manager Plus agents have to be uninstalled prior to removing a computer from the scope.

    Identifying the Live Status of Patch Manager Plus Agent

    Patch Manager Plus updates the live status of computers periodically. This data is updated every ten minutes or while an on-demand operation is performed on a client computer.  You can see the live status of the Patch Manager Plus agents by clicking on SoM, under "Computers" View. The following status will be displayed:

    1. The computer icon will be in green color if the Patch Manager Plus Agent is live.

    2. The computer icon will be in red, if the Patch Manager Plus agent is down. Patch Manager Plus agent can be down in the following scenarios:

      1. If the computer is not in the network

      2. If the computer is shutdown

      3. If the Patch Manager Plus agent service has been stopped

      4. If the Patch Manager Plus agent has been crashed

    3. The computer icon will be in grey, if Patch Manager Plus agent is not installed in it. Those computers are discovered in the SoM because they are added to the active directory but not managed by Patch Manager Plus.