Installing Endpoint Central Agents Using GPO Scheduler

 
Home » Features »

 

Installing Endpoint Central Agents Using GPO Scheduler

 

How to install Endpoint Central Agent Using GPO Scheduler?

Endpoint Central Agents can now be installed in an Active Directory environment using the scheduler option. When the installation process is initiated with the Scheduler, it is triggered in the time specified while configuring the same, unlike a normal GPO script where the installation happens when a device is turned on or when a user logs in.

For Endpoint Central version 10.1.2124.1 and above, it is recommended to use exe based agent installation.

Steps

  • .EXE
  • .MSI

1. Download the agent package

  • Open the Endpoint Central server web console.
  • Navigate to Agent -> Computers
  • Select the required remote office
  • Click the Download Agent button
  • Rename the file to LocalOffice_Agent.exe

gposched1

2. Download the script and place it in a folder.

3. Open the AD machine to configure GPO.

4. GPO configuration - Creating/Provisioning Network Share

  • Log on to the Windows Server machine as an administrator.
  • Open the Server Manager Console by selecting it from the Administrative Tools menu.
  • From the Server Manager Dashboard, select File and storage devices.
  • Now, open the Shares tab, select SYSVOL and click on Open Share.

    • gposched2

  • Navigate to the scripts folder and create a new folder.
  • Paste the InstallAgent.ps1 and LocalOffice_Agent.exe downloaded above into the created folder.
  • Now copy the network path, as it is needed in later steps. Network file path format - \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup

    • gposched3

5.Create a GPO to identify targets for deployment

  • Open the Group Policy Management Console (GPMC) by opening Run (Windows key + R) and typing gpmc.msc .
  • Once in the GPMC, right-click on your target "organizational unit" (typically a domain), and select 'Create a GPO in this domain, and Link it here' option.

    • gposched4

6. Enter a Name for the new GPO. For example, "MEDC_DC_agent_installation". Once the new GPO is created, you can see it in the GPMC in the left navigation pane, under Group Policy Objects.

7. Create a scheduled task to execute the deployment and installation of the Windows Agent

  • Open the Group Policy Management Editor by right-clicking on the newly created GPO and selecting Edit.
  • In the editor navigation tree, under Computer Configuration, click Preferences -> Control Panel Settings; then right-click Scheduled Tasks.
  • Now, click on New -> Select Immediate Task (At least Windows 7).

    • gposched5

  • In the New Task dialog box enter a name and a description (if needed). Under Security options, click the Change User or Group button.
  • In the dialog box that appears, enter "system" in the text box, then click Check Names. Confirm that you have the correct values and click OK.
  • Make sure that the system object resolves to the value "NT Authority\System," as shown in the Security Options group.

8. Kindly ensure that,

  • 'Run whether user is logged on or not' is selected.
  • 'Run with the highest privileges' is selected.
  • 'Configure for:' is set to Windows Vista or Windows Server 2008.

9. Click on the Actions tab and then click New. In the New Action dialog box, set the Action drop-down to Start a program. In the Program/script text box, enter the network file path to the shared folder that was created earlier. Then provide the arguments and Start in folder details and click OK.

gposched6

  • Program/Script: powershell.exe
  • Add arguments: -ExecutionPolicy Bypass -File \\DCNAME.zoho.com\SYSVOL\zoho.com\scripts\agent_reinstallation\InstallAgent.ps1
  • Start In: \\DCNAME.zoho.com\SYSVOL\zoho.com\scripts\agent_reinstallation\

**(replace \\domain.com\SYSVOL\domain.com\scripts\agent_reinstallation\psinstallagent.ps1 with the network path you copied earlier.

10. In the Conditions tab, select the checkbox for Start only if the following network connection is available, then select Any connection. Finally, click APPLY and OK

Note:

  • Test it in a few test machines before mass deployment.
  • Execute the command gpupdate /force on the client machine with admin privileges to trigger the GPO task. 
  • The task result can be viewed on the task scheduler tool in the client machine.
  • If the scheduled task fails, remove the computer name from the network path. For example, if the network path copied earlier is \\DCNAME.zoho.com\SYSVOL\zoho.com\scripts\agent_reinstallation\psinstallagent.ps1, remove the computer name and change it to \\zoho.com\SYSVOL\zoho.com\scripts\agent_reinstallation\psinstallagent.ps1 and check again.

Troubleshooting steps

Please reach out to support with the below files if issue persists.

1. GPO result from the client machine.

  • In client machine, open command prompt with administrator mode.
  • In command prompt, navigate to C:\ and run the command gpresult /h gprep.html
  • Kindly upload gprep.html file under C:\ from the client machine.

2. Event Logs
Export and upload application and system event viewer logs

Creating/Provisioning Network Share:

  1. Log on to the Windows Server machine as an administrator.
  2. Open the Server Manager Console by selecting it from the Administrative Tools menu.
  3. From the Server Manager Dashboard, select File and Storage Services.
  4. Now, open the Shares tab, click on Tasks and select New Share.

    5. Endpoint Central: Shares in GPO

  5. On clicking, a New Share Wizard opens up. In the wizard, click on Select Profile, select the option SMB Share - Quick, then click Next.
  6. On the Shared Location tab, enter the file path to the shared folder that is created for deploying the agent installer, then click Next.

    7. Endpoint Central: Selecting Share Location in GPO

  7. On the Specify share name tab, enter a name for your share. Enter a share description, if needed.
  8. The wizard will now automatically create the local and remote file paths in the share.
  9. After this, click Next to configure the settings.
  10. On the Configure share settings wizard page, accept the default options in Other Settings (Allow caching of share) and Click Next.

    11. Endpoint Central: Configuring other settings in GPO

  11. On the Specify permission to control access page, accept the default permissions and click Next.
  12. On the Confirm selections page, review your selections, then click Create.
  13. The new public share is now visible in the Shares pane (It is recommendable to make the network share accessible to everyone).
  14. Now, right-click on the share and select Open Share.
  15. Download the agent installable from the Endpoint Centralconsole by navigating to Agent-->Agent Installation-->GPO-->Download Agent.
  16. Also, copy the text from this page and save it as installagentscript.vbs.
  17. Place UEMSAgent.msi, UEMSAgent.mst,DMRootCA.crt, DMRootCA-Server.crt and installagentscript.vbs file in the share.

    18. Kindly include DCAgentServerInfo.json file only if the build version is 10.1.2124.1 and above.

    Note: Be sure to capture and store the full network file path (not the local path), it is needed in the later steps.


    Endpoint Central: Agent Installable Path

Create a GPO to identify targets for deployment

  1. Open the Group Policy Management Console (GPMC) by opening Run (Windows key + r) and typing gpmc.msc.
  2. Once in the GPMC, right-click on your target "organizational unit" (typically a domain), and select Create a GPO in this domain, and Link it here option.

    3. Endpoint Central: Creating GPO for agent installation

  3. Enter a Name for the new GPO. For example, "Desktopcentral_agent_install."

    Note: By default, the GPO applies to all users and computers that successfully authenticate to the Active Directory domain that you selected.

  4. Once the new GPO is created, you can see it in the GPMC in the left navigation pane, under Group Policy Objects.

    5. Note: You can modify the scope of computers to which the agent is deployed and installed by changing the Security Filtering values for the new GPO.

Create a scheduled task to execute the deployment and installation of the Windows Agent

  1. Open the Group Policy Management Editor by right-clicking on the new GPO you created, and selecting Edit.
  2. In the editor navigation tree, under Computer Configuration, click Preferences > Control Panel Settings; then, right-click Scheduled Tasks.
  3. Now, click on New and select Immediate Task (At least Windows 7).

    4. Endpoint Central: Creating new task in GPO for agent installation

  4. This opens the New Task dialog box. Enter a Name and a description (if needed).
  5. Under Security options, click the Change User or Group button.
  6. In the dialog box that appears, enter "system" in the text box, then click Check Names. Confirm that you have the correct values and click OK.
  7. Make sure that the system object resolves to the value "NT Authority\System," as shown in the Security Options group.
  8. Also ensure the following:
    • Ensure that Run whether user is logged on or not is selected.
    • Ensure that Run with highest privileges is selected.
    • Ensure that Configure for: is set to Windows Vista or Windows Server 2008.
  9. Click on the Actions tab and then click New.
  10. In the New Action dialog box, set the Action drop-down to Start a program. In the Program/script text box, enter the network file path to the shared folder that was created earlier. Then provide the arguments and Start in folder details and click OK.
    11. Endpoint Central: Defining action for new task in gpo for agent installation

    Program/script:
    \\computer_name\DCAgentShare\installagentscript.vbs

    Add arguments:
    UEMSAgent.msi UEMSAgent.mst (for below 10.0.653 version)
    UEMSAgent.msi UEMSAgent.mst DMRootCA.crt DMRootCA-Server.crt(for versions after 10.0.653)

    Start in:
    \\computer_name\DCAgentShare\

  11. In Conditions tab, select the checkbox for Start only if the following network connection is available, then select Any connection.
  12. Finally, click OK

    13. You have now successfully initiated agent installation using GPO Scheduler.

    How To's

 

Trusted by