Home » Endpoint Central Cloud - Agent installation
 

Agent installation

After creating either a domain or a workgroup and defining the scope of management, the next step is to install Endpoint Central agents on all the machines that you want to manage. Use any of the methods below to automate agent installation:

Install distribution server
  1. Log in to the the web console, and navigate to the Agent tab.
  2. Choose Remote Offices under Scope of Management from the left pane.
  3. Select a remote office and click Download Distribution Server under the Download Agent column. This should be done from the computer where the distribution server needs to be ins talled.

    Download Distribution Server

  4. Follow the on-screen installation instructions to complete the installation.
Install distribution servers and remote office agents
  1. Log in to the web console and navigate to the Agent tab.
  2. Choose Agent installation under Scope of Management from the left pane.
  3. Select Other methods and choose the Download option under Command Line tab.
  4. From the downloaded zip file, extract the UEMSAgent.msi, UEMSAgent.mst, and DCAgentServerInfo.json files, and paste them in a shared path accessible by all the computers you want to install the agent on.
  5. From the extracted location, compress the following files using 7-zip:
    • UEMSAgent.msi
    • UEMSAgent.mst
    • DCAgentServerInfo.json
    • Setup.bat
  6. Once the download/installation is completed, you can right-click setup.bat and run as administrator to execute it.
  7. You will be prompted to choose from the following options displayed in the Command Prompt:
    • Install Distribution Server in the computer
    • Install Agent in this computer
    • Install Distribution Server in this computer and agents in multiple computers
    • Install Agents in multiple computers
  8. If you want to install agents on multiple computers, you should add the computer names or IP addresses in a text file, i.e., computernames.txt, and keep this ready.
  9. The admin$\Temp folder of the target machine must be reachable from the computer where you're pushing these agents.

  10. Choose option 3 from the options displayed in the Command Prompt.
  11. Upon providing the administrator credentials, agent installation will begin.
  12. If the distribution server is already installed, choose option 4 from the Command Prompt options to invoke agent installation on multiple computers.

  13. The agents will be installed in the target computers, but in case you have enabled "Waiting for Approval", the further communication with the server occurs only if these target computers are approved from the Waiting for Approval tab that is present at Agent > Computers > Waiting for Approval.

Note:

  • The Waiting for Approval feature is provided to ensure security and prevent the misuse of the product without the administrator's knowledge. Even if the agent has been installed on a computer, it can be declined by the administrator from this console, thereby preventing further communication with the server.
  • The computers added directly from the Managed Computers tab, are not applicable for this feature.
Install roaming agents
  1. Log in to the web console, and navigate to the Agent tab.
  2. Choose Remote Offices under Scope of Management from the left pane.
  3. Select a remote office and click Download WAN Agent under the Download Agent column.
  4. Follow the on-screen installation instructions to complete the installation.
  5. The agents will be installed in the target computers, but in case you have enabled "Waiting for Approval", further communication with the server occurs only if these target computers are approved from the Waiting for Approval tab that is present at Agent > Computers > Waiting for Approval.

Note:

  • The Waiting for Approval feature is provided to ensure security and prevent the misuse of the product without the administrator's knowledge. Even if the agent has been installed on a computer, it can be declined by the administrator from this console, thereby preventing further communication with the server.
  • The computers added directly from the Managed Computers tab, are not applicable for this feature.
Use a GPO script
  1. Navigate to the Admin tab. Under SoM Settings, select Scope of Management > Download Agent, then select the target office.
  2. This can be either a local office or a remote office depending on which computers you want to install the agents in.

  3. Save the .msi, .mst, and DCAgentServerInfo.json files in the network share that you've created.
  4. Click Start > Run. Enter gpmc.msc and click Ok.
  5. Right-click the domain, and select Create and Link a GPO here.
  6. Specify a name for the Group Policy Object (GPO), and select the GPO.
  7. If you want to install the agent on only a few computers, follow the steps given below; if you want to install the agents on all computers, skip these steps.
    • Click the Scope tab. In the Security Filtering section, click Add.
    • In the Select User, Computer, or Group dialog box, click Object Types.
    • Specify specific computer object types, and click Ok.
    • Specify the computer names, click Check Names, and click Ok.
  8. Right-click the GPO, and click Edit.
  9. Expand Computer Configuration > Policies > Windows Settings > Scripts.
  10. Right-click Startup > Properties > Show Files.
  11. Download the .txt file and rename it to a .vbs file. Drag and drop the InstallAgent.vbs, UEMSAgent.msi, UEMSAgent.mst, and DCAgentServerInfo.json files to this location. Copy the location (Domain name\Sys Vol\Domain name\Policies\{ID}\Machine\Scripts\Startup) and close the window.
  12. In the Startup Properties dialog box, click Add.
  13. Browse and navigate to Domain name\Sys Vol\Domain name\Policies\{ID}\Machine\Scripts\Startup, and select the InstallAgent.vbs script. Alternatively, specify the path you copied and the script below: (Domain name\Sys Vol\Domainname\Policies\{ID}\Machine\Scripts\Startup)\InstallAgent.vbs
  14. Specify the script parameters as given below:
    UEMSAgent.msi UEMSAgent.mst.
  15. Click OK to close the Add a Script dialog box.
  16. Click OK to close the Startup Properties dialog box.
  17. Close the Group Policy Object Editor, and the Group Policy Management dialog box. The agents will now be installed on the target computers.
  18. If you have enabled "Waiting for Approval", then further communication with the server occurs only if these target computers are approved from the Waiting for Approval tab that is present at Agent > Computers > Waiting for Approval.
Use agent installation link

Endpoint Central agent can be downloaded from a copied link. The copied link can be shared to end users who could then download and install the agents in their machines. This option is available on clicking Download Agent from Remote Offices or Computers tab. On clicking copy option, the URL for the selected Remote Office will be created. The default expiry time of the URL is 15 days. Using the copied link, agent can be installed:

  • Directly from the browser
  • From the terminal

Directly from the browser:

On visiting the copied URL from the browser, the user will be presented with an option to download the agent. The user has to select the OS and the agent download will be initiated. If the user visits the URL from an unsupported browser, an error page will be displayed. If the user visits the copied URL from a supported browser post the expiry time, the error page will be displayed.

From the terminal:

In case the user wishes to download the agent via terminal, he/she can do so, by modifying the copied URL. The format of the copied URL from the console (for US Data Center) is:

https://desktopcentral.manageengine.com/link.do?actionToCall=download&encapiKey=<encapiKey>

For terminal based download, an extra OS parameter is required:

https://desktopcentral.manageengine.com/link.do?actionToCall=download&encapiKey=<encapiKey>&os=<supported-os>

Valid OS parameters are:

  • windows
  • macos
  • Linux
  • Note: OS must be supported for the product for which agent is downloaded.

    Agent can be downloaded using CURL. The CURL download command is:

    • curl "paste_copied_url_with_os_param" --output DCAgent.exe - (Windows)
    • curl "paste_copied_url_with_os_param" --output DCAgent.zip - (macOS or Linux)

    copy-link-1

    copy-link-2

    copy-link-3

    Silent Installation of Agent EXE (Windows):

    Once the URL is downloaded, the agent can be installed silently using EXE itself for Windows machines by adding "/silent" argument. The command to install agent is:

    DCAgent.exe /silent

    Alternatively, the installation process can be automated using a powershell script.

    1. Replace the url in the below script with the copied url
    2. Save the script as .ps1 filetype
    3. Run the powershell script

    Downloaded User:

    For additional security, on enabling waiting for approval option, we can get to know from which technician's shared link, the agent was installed. Based on this, we can approve the computers to be managed.

Remove a Distribution Server

Go to Agent > Remote Offices. Against the desired remote office, by clicking the action menu on the right, you'll be able to modify and delete the distribution server.

The above should delete your distribution server. If you're unable to delete the Distribution Server, you'll encounter an Alert message that reads something like this--

If the above arises, close the Alert, head over to Agents > Domain and select the AD connector as shown below.

After enabling the AD connecter, go back to Agent > Remote Offices and try deleting the distribution server as mentioned above.

Use local Active Directory

The distribution server must be added and installed manually before proceeding with agent installation.

  1. Navigate to the Agent tab > Computers > Add Computers. Select an AD Connector, and add a domain or workgroup.
  2. Click Select Computers.This opens the Select Computers dialog box, which lists all the available computers of the domain or workgroup.
  3. Select the computers that need to be managed, and click Ok. You can also manually specify the computer names instead of choosing them from the list. The selected computers get added to the Selected Computers table in the Add Computers view.
  4. Repeat steps 2 and 3 for adding computers from multiple domains or workgroups. Check the box next to Install Agent immediately to install Endpoint Central agents in the selected computers immediately. When this option is not selected, the computers are only added, and the agents need to be installed later via the Agent tab > Computers > Install Agent.
  5. Click Done to add the selected computers. All the selected computers get added to the Scope of Management.
  6. The Computers page will list all the computers that are being managed along with the status of the agent installation and the agent version. Agents can also be installed later via the Agent tab > Computers > Install Agent.
  7. Roaming agents cannot be installed through the AD.

Use SCCM
  1. Navigate to the Agent tab > Agent Installation > Other methods > Download the zip folder present under SCCM tab.
  2. Extract the UEMSAgent.msi, UEMSAgent.mst, and DCAgentServerInfo.json files, and paste them in a shared path accessible by all the computers you want to install the agent on.
  3. Change the shared path location as mentioned in the batch file, and create an SCCM package with this script.
  4. Deploy this package, and the agents will be installed in the target computers.
  5. If you have enabled "Waiting for Approval", then further communication with the server occurs only if these target computers are approved from the Waiting for Approval tab that is present at Agent > Computers > Waiting for Approval.
Use Microsoft Intune
  1. Navigate to the Agent tab > Agent Installation > Other methods > Download the zip folder present under Command Line tab.
  2. Extract the UEMSAgent.msi, UEMSAgent.mst, and DCAgentServerInfo.json files, and paste them in a shared path accessible by all the computers you want to install the agent on.
  3. From the extracted location, compress the following files using 7-Zip:
    • UEMSAgent.msi
    • UEMSAgent.mst
    • DCAgentServerInfo.json
    • Setup.bat (Note: Download the Setup.bat file here, and use this batch file while compressing. Do not use the file that is already present in the Agent folder.)
  4. Name this compressed file desktopcentralagent.7z.
  5. Open the following link, copy the content, and paste it in a text file named config.txt.
  6. Download the LZMA SDK package from the link, extract the contents, go to the bin folder, and locate the 7zS2.sfx file.
  7. Create a folder and include the following files:
    • desktopcentralagent.7z
    • config.txt
    • 7zS2.sfx
  8. Open the Command Prompt with administrator privileges in the same folder, and run the following command:
    copy /b 7zS2.sfx + config.txt + desktopcentralagent.7z agent.exe
  9. An executable file, agent.exe, will be generated in the same folder.
  10. Install agent.exe manually in a machine without an agent (a test machine). If the agent installation fails in this machine, retrace your steps and try again. If the installation succeeds, then proceed.
  11. Download the zip from the GIT page.
  12. Extract IntuneWinAppUtil.exe from the downloaded zip folder and double-click the executable to provide the following input:
    • Source folder: <directory_of_agent.exe>
    • Setup file: agent.exe
    • Output folder: <output_directory>
    • Do you want to specify catalog folder (Y/N)? N
  13. agent.intunewin will be created in the specified <output_directory>.
  14. Use the agent.intunewin app package for deployment in Intune. To configure the app package:
    • Install Command: "agent.exe" /S
    • Uninstall Command: "agent.exe" /X
    • The above are dummy commands that will not affect installation, and thus can't be used to uninstall the agent.

    • Detection Rule - manually configure detection rule:
      • Rule type: MSI
      • MSI product code: {6AD2231F-FF48-4D59-AC26-405AFAE23DB7}
      • MSI product version check: No
  15. You can now deploy agents in the target computers through Microsoft Intune.
  16. The agents will be installed in the target computers, but if you have enabled "Waiting for Approval", then further communication with the server occurs only if these target computers are approved from the Waiting for Approval tab that is present at Agent > Computers > Waiting for Approval.
Bulk agent installation in AWS instances
  1. Navigate to the Admin tab. Under SoM Settings, select Scope of Management > Download Agent, then select the target office.
  2. Create an S3 bucket in the region where you want to deploy the agents.
  3. Upload all the files from the downloaded agent zip folder to the created bucket, and set the permissions as public.
  4. Create an IAM role for SSM by following the steps below:
    • In the IAM console, navigate to Roles > Create Roles.
    • In the Select type of trusted entity box, choose AWS service.
    • Choose the service EC2.
    • If the specified service has only one use case, it is selected automatically. Choose NEXT: Permissions.
    • Use cases are defined by the service to include the trust policy that the service requires.

    • In the Create role window, search for AmazonEC2RoleForSSM, and select it.
    • You can also add AmazonEC2RoleForSSM in the already existing IAM role.

    • Choose NEXT: Review.
  5. Change the EC2 settings.
    • Select the existing instance, and choose Action at the top of the screen.
    • Choose Instance settings and assign the created role.
  6. In the AWS System Manager console, choose Run Command and run the following command:

    BUCKETPATH is object URL.

    New-Item -ItemType directory -Path C:\\LocalOffice\\localsetup
    $WebClient = New-Object System.Net.WebClient
    $WebClient.DownloadFile("BUCKETPATH/DCAgentServerInfo.json","LOCALPATH/DCAgentServerInfo.json")
    $WebClient.DownloadFile("BUCKETPATH/UEMSAgent.msi","LOCALPATH/UEMSAgent.msi")
    $WebClient.DownloadFile("BUCKETPATH/UEMSAgent.mst","LOCALPATH/UEMSAgent.mst")
    $WebClient.DownloadFile("BUCKETPATH/setup.bat","LOCALPATH/setup.bat") cmd /c msiexec /i
    C:\\LocalOffice\\localsetup\\UEMSAgent.msi REBOOT="REALLYSUPPRESS" MSIRESTARTMANAGERCONTROL="Disable" TRANSFORMS=C:\\LocalOffice\\localsetup\\UEMSAgent.mst ENABLESILENT=yes /qn
  7. The agents will be installed in the target computers, but if you have enabled "Waiting for Approval", then further communication with the server occurs only if these target computers are approved from the Waiting for Approval tab that is present at Agent > Computers > Waiting for Approval.
Image and deploy the OS along with the agent

Deploying an operating system is the first step in configuring a computer for business use. You can choose to image the agent and deploy the imaged OS to computers, wherein the agent is bundled with the OS.

Every agent has a unique ID that represents the machine and contains its name and system details. When an agent communicates with the server, the specific machine details are updated on the server. When you choose to image an agent and deploy the image, all the deployed images will have the same details instead of unique IDs.

In order to avoid this issue, follow the steps below:

  1. Install the agent on the computer that will be imaged.
  2. Download this script and store it in the system that will be imaged. (Note: execution of this script will temporarily prevent the agent from communicating with the server.)
  3. Rename the .txt file to a .vbs file.
  4. Open the Command Prompt as an administrator, and navigate to the folder where the above script is stored.
  5. Execute the script as: cscript.exe dcagentPreImage.vbs (Example : E:\Downloads>cscript.exe dcagentPreImage.vbs)
  6. Now your computer is ready to be imaged and deployed with the agent.
  7. The agent installed in the newly imaged computers will contact the server only if they are renamed.
  8. If you want to manage those computers, download this script and run it as an administrator on the imaged computer after being used for deployment (rename the .txt file to a .vbs file).
  9. This will restore the agent - server communication.