1.Download the agent package
- Open the server web console.
- Navigate to the Agent > Computers
- Select the required remote office
- Click the Download Agent button
- Rename the file to LocalOffice_Agent.exe
3. Create a GPO to identify targets for deployment
- Open the Group Policy Management Console (GPMC) by opening Run (Windows key + R) and typing gpmc.msc .
- Once in the GPMC, right-click on your target "organizational unit" (typically a domain), and select 'Create a GPO in this domain, and Link it here' option.
Note: To install agents selectively on a few devices
- Click on the Scope tab
- Under Security Filtering section, click Add
- In the Select User, Computer, or Group dialog box, click Object Types
- Select specific computer object types
- Click OK
- Specify the computer names
- Click on Check Names
- Click Ok
4. Enter a Name for the new GPO. For example, "EC_Agent_Install". Once the new GPO is created, you can see it in the GPMC in the left navigation pane, under Group Policy Objects.
5. Create a start-up task to execute the deployment and installation of the Windows Agent.
- Open the Group Policy Management Editor by right-clicking on the new GPO you created, and selecting Edit.
- Expand Computer Configuration --> Policies --> Windows Settings --> Scripts(Startup/Shutdown).
- Right click Startup and click Properties and switch to PowerShell Scripts.
- Click Show File
- Paste the Installagent.ps1 and LocalOffice_Agent.exe downloaded above into the created folder.
- Now copy the network path, as it is needed in later steps. Network path format - \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup
Note: If the files can't be placed in the shared UNC folder path, open folder and with local path and paste the files.
- Open Server manager -> File and storage services -> Shares
- Copy the Local Path of SYSVOL
- Open the SYSVOL folder and respective script folder Eg: C:\Windows\SYSVOL\sysvol\Domain\Policies\{853CF422-03F1-4C6A-8C3C-9F941F40E23B}\Machine\Scripts\Startup
- Browse and navigate to the location, copy the full path (\\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup) of PSInstallAgent.ps1 script.
- In the Startup Properties dialog box, click Add.
- Make sure to select "PowerShell Scripts". Then specify the path (copied location) and the script as shown below:
- Script name:\\domain.com\SysVol\ \Policies\{id}\Machine\Scripts\Startup\Installagent.ps1 (Replace \\domain.com\SysVol\domain.com\Policies {id}\Machine\Scripts\Startup with the network path you copied earlier.
- Script parameters:LocalOffice_Agent.exe (exe file name)
Note: As an alternative to the execution of PowerShell, you can also execute VBscript script for agent installation using GPO
- 1. Download the
VB script (SHA 256 Checksum: Calculating...) and place it in the folder.
- 2. Place it in the Script folder as mentioned above.
- 3. Select "Scripts".
- 4. Change the script and parameters as below.
- Script Name: \\domain.com\SysVol\domain.com\Policies\{id}\Machine\Scripts\Startup\Installagent.vbs (*replace \\domain.com\SysVol\domain.com\Policies\{id}\Machine\Scripts\Startup with the network path you copied earlier.
- Script Parameters: LocalOffice_Agent.exe
6. Click OK to close the Add a Script dialog box
7. Click OK to close the Startup Properties dialog box
8. Close the Group Policy Object Editor
9. Close the Group Policy Management dialog box
10. The script will be executed when the client computers reboot
Troubleshooting steps:
Ensure the network path is accessible from the endpoints and check if the required files for installation are present in the shared folder.
Reach out to support with the below files if issue persists.
1. GPO result from the client machine.
- In client machine, open command prompt with administrator mode.
- In command prompt, navigate to C:\ and run the command gpresult /h gprep.html
- Kindly upload gprep.html file under C:\ from the client machine.
2. Event Logs
Export and upload application and system event viewer logs
Note: Ensure that the network has a Domain based setup and not Workgroup setup. You can map the script to the entire domain even if you have installed the agents in a few client computers as the script will install the agent only in the computers in which the agent is not installed.
- Download the Zip file, extract it and follow the steps given below
- Navigate to the server web console, -> Agent -> Deployment -> Agent Installation.
- Under Using Active Directory, in the GPO tab, click on Download Agent.
- Select the required office.
Note: This can be a local office or a remote office depending on which computers you want to install agents in.
- Save the .msi & .mst file in this path \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup. Kindly include DCAgentServerInfo.json file only if the build version is 10.1.2124.1 and above.
Kindly include DCAgentServerInfo.json file only if the build version is 10.1.2124.1 and above.
How to obtain { ID } Value :-
- Click on start>Run
- Enter gpmc.msc
- Click OK
- Right click the domain to select, create and link a GPO here
- Specify a name for the GPO
- Select the GPO
Note: These steps need to be followed if you wish to install agents in a select few devices (refer this
image). Do not follow these steps if you want to install agents in all the devices.
- Click on the Scope tab
- Under Security Filtering section, click Add
- In the Select User, Computer, or Group dialog box, click Object Types
- Select specific computer object types
- Click OK
- Specify the computer names
- Click on Check Names
- Click OK
- Right click the GPO and click on Edit.
Note: As an alternative to the execution of VBscript, you can execute PowerShell script for agent installation using GPO.
Note: The script can be deployed to all the computers in the domain. It is to be noted that the target shouldn't be a user group.
Notes
- Set the file association properties of .vbs files to Microsoft Windows (r) based script host in all the client computers. This ensures that the script is executed successfully. Do not modify the file association properties to open in a text editor as the execution of the script will fail.
- You can leave the GPO object installed indefinitely to ensure that the agent is installed in future client computers.
- This will not re-install the agent that is already installed as the script is programmed to ensure that it doesn't re-install agents that are already installed. This will not cause any problems during startup.
- You also do not need to update and download the UEMSAgent.msi file every time the server is updated to a new version. The agent is programmed to check for new versions from the server and upgrade itself automatically. When an agent is installed, it updates itself automatically when new versions are released.
You have now installed an agent in client computers using a GPO.
Configuring IP Scope will help you while you deploy agents using GPO
- If IP scope is configured for all the remote offices created in the server, administrators can directly download local office UEMSAgent.msi and deploy it in all remote offices using GPO.
- IP scope has an automatic intelligence to detect computers within the specified IP range and reinstall the appropriate agent for the remote office.
- Know more on IP Scope here
These are the other ways by which you can proceed with agent installation.
If you still find issues with installing the agents, then feel free to contact our support team at endpointcentral-support@manageengine.com.