How to Install Endpoint Central agents using Start Up Script?

Windows GPO is a powerful and versatile tool. Endpoint Central agents can be installed on client computers with the help of this tool, even when other installation methods fail for the following reasons:

• Access is denied
• The network path was not found
• Logon Failure: Unknown user name or password
• No Network provider accepted the given Network Path
• Not enough server storage is available to process this command

Clicking on each these reasons provides resolution to the above said problems. If problems still persist with agent installation, then follow the steps given below to use logon script and install agents:

Agent installation can also be initiated using GPO light-weight tool and GPO Scheduler.

Note: Ensure that the network has a Domain based setup and not Workgroup setup. You can map the script to the entire domain even if you have installed the agents in a few client computers as the script will install the agent only in the computers in which the agent is not installed.

• Download the Zip file, extract it and follow the steps given below for Endpoint Central:
  • Navigate to Endpoint Central -> Agent -> Deployment -> Agent Installation.  
  • Under Using Active Directory, in the GPO tab, click on Download Agent.
  • Select the required office.

    Note: This can be a local office or a remote office depending on which computers you want to install agents in.

• Save the .msi & .mst file in this path \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup. Kindly include DCAgentServerInfo.json file only if the build version is 10.1.2124.1 and above.

Kindly include DCAgentServerInfo.json file only if the build version is 10.1.2124.1 and above.

How to obtain { ID } Value :- 

• Click on start>Run
• Enter gpmc.msc
• Click OK
• Right click the domain to select, create and link a GPO here
• Specify a name for the GPO
• Select the GPO

• Right click the GPO and click on Edit.

Note: As an alternative to the execution of VBscript, you can execute PowerShell script for agent installation using GPO.

• For executing VBScript, follow these steps (refer this image):
  • Expand Computer Configuration --> Policies --> Windows Settings --> Scripts
  • Right click Startup and click Properties
  • Click Show Files
  • Drag and drop the InstallAgent.vbs (download the .txt file and rename it as .vbs) UEMSAgent.msi UEMSAgent.mst to this location and Copy the location (\\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup) and close.

  Kindly include DCAgentServerInfo.json file only if the build version is 10.1.2124.1 and above.

  • In the Startup Properties dialog box, click Add
  • Browse and navigate to the location, copy the browsed path (\\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup) and select InstallAgent.vbs script. Then specify the path (copied location) and the script as mentioned below:
    (\\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup)\InstallAgent.vbs
  • Specify the script parameters as mentioned below:
    UEMSAgent.msi UEMSAgent.mst
    
    For Build 100653 and above :-
     
  • If SSL third party certificate is uploaded in the server, go to Admin -> Security Settings -> Import SSL Certificates,the below files should be added along with Agent installer files:-
      DMRootCA.crt

  Specify the script arguments as: 

  • "UEMSAgent.msi UEMSAgent.mst DMRootCA.crt"
  • If SSL third party certificate is not uploaded in the server, Admin -> Security Settings -> Import SSL Certificates,the below files should be added along with Agent installer files:-
    DMRootCA.crt DMRootCA-Server.crt
• Specify the script arguments as
• "UEMSAgent.msi UEMSAgent.mst DMRootCA.crt DMRootCA-Server.crt"
• For executing PowerShell script, follow these steps and refer this image):
  • Ensure if PowerShell is enabled in all the client computers before execution of this script.
  • Expand Computer Configuration --> Policies --> Windows Settings --> PowerShell scripts
  • Right click Startup and click Properties
  • Click Show Files
  • Drag and drop the InstallAgent.ps1 (download the .txt file and rename it as .ps1) & UEMSAgent.msi UEMSAgent.mst to this location and copy the location (\\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup) and close.

  Kindly include DCAgentServerInfo.json file only if the build version is 10.1.2124.1 and above.

  • In the Startup Properties dialog box, click Add
  • Browse and navigate to the location, copy the browsed path (\\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup) and select the PSInstallAgent.ps1 script. Then specify the path (copied location) and the script as mentioned below:

    (\\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup)\PSInstallAgent.ps1
  • Specify the script parameters as mentioned below:
    "UEMSAgent.msi" "UEMSAgent.mst"
    For Build 100653 and above :-
    
  • If SSL third party certificate is uploaded in the server, go to Admin -> Security Settings -> Import SSL Certificates,the below files should be added along with Agent installer files:-
      DMRootCA.crt
  Specify the script arguments as
  "UEMSAgent.msi UEMSAgent.mst DMRootCA.crt"
  • If SSL third party certificate is not uploaded in the server, Admin -> Security Settings -> Import SSL Certificates,the below files should be added along with Agent installer files:-
    DMRootCA.crt DMRootCA-Server.crt
  Specify the script arguments as
  "UEMSAgent.msi UEMSAgent.mst DMRootCA.crt DMRootCA-Server.crt"
• Click OK to close the Add a Script dialog box
• Click OK to close the Startup Properties dialog box
• Close the Group Policy Object Editor
• Close the Group Policy Management dialog box

Note: The script can be deployed to all the computers in the domain. It is to be noted that the target shouldn't be a user group.

Notes

• Set the file association properties of .vbs files to Microsoft Windows (r) based script host in all the client computers. This ensures that the script is executed successfully. Do not modify the file association properties to open in a text editor as the execution of the script will fail.
• You can leave the Endpoint Central GPO object installed indefinitely to ensure that the agent is installed in future client computers.
• This will not re-install the agent that is already installed as the script is programmed to ensure that it doesn't re-install agents that are already installed. This will not cause any problems during startup.
• You also do not need to update and download the UEMSAgent.msi file every time Endpoint Central releases a new version. The agent is programmed to check for new versions from the server and upgrade itself automatically. When an agent is installed, it updates itself automatically when new versions are released.
  
  You have now installed an agent in client computers using a GPO.
  
  

  Configuring IP Scope will help you while you deploy agents using GPO

  • If IP scope is configured for all the remote offices created in Endpoint Central server, administrators can directly download local office UEMSAgent.msi and deploy it in all remote offices using GPO.
  • IP scope has an automatic intelligence to detect computers within the specified IP range and reinstall the appropriate agent for the remote office.
  • Know more on IP Scope here

These are the other ways by which you can proceed with agent installation.

If you still find issues with installing the agents, then feel free to contact our support team at endpointcentral-support@manageengine.com.