Pricing  Get Quote
 
 

Knowledge Base

Self Service Password Management » Knowledge Base

Sequential ADSelfService Plus Windows agent login installation process

This article highlights the process sequence for the ADSelfService Plus Windows login agent installation via the admin portal and the prerequisites to be addressed to successfully complete each step. Additionally, we're also discussing some common error messages and how to fix them.

Process flow for Windows login agent deployment from the ADSelfService Plus admin portal

Prerequisites:

  • Before deploying the login agent, ensure ADSelfService Plus is running in application mode.
  • The credentials provided during domain configuration must belong to a service account that is a part of the Active Directory Domain Admins group.
  1. The ADSelfServicePlusClientSoftware.msi file gets copied over to the target machine under the admin$ share.

    Note:

    • The service account used for domain configuration in ADSelfService Plus must be a Domain Admin to access the admin$ share of the target user machine.
    • The admin$ share should be accessible over the network.
  2. Remote installation. The copied file then gets executed remotely using RemCom.exe, PAExec.exe, or WMI

    Note: The above applications should not be restricted by any antivirus services to be executed properly.

  3. The login agent's properties are updated after the installation is completed.

    Note:

    • The Windows Remote Registry service must be running on the target user machine.
    • The service account used for domain configuration in ADSelfService Plus must be a Domain Admin to have update permissions for Windows Registry settings on the target machine.

How to configure a domain using service account with Domain Admin permissions in ADSelfService Plus

In order to deploy the Windows login agent, the service account updated in our application must belong to the Domain Admins Active Directory group. Please follow the steps provided below to update the service account in the ADSelfService Plus application:.

  1. Log into the ADSelfService Plus admin portal. Click Domain Settings on the top-right corner.
  2. Under the Actions column, click the Edit Domain Details icon. The Edit Domain Settings page will open.
  3. Here, select the Authentication checkbox, and add or update the preferred service account's credentials as the Domain Username and Domain Password .

When running as ADSelfService Plus as a service, follow the below steps as well:

  1. Log into a Domain Admin account. Go to Start > Run > Services .
  2. In the Services application that opens, browse to ManageEngine ADSelfService Plus. Right-click , and select Properties from the drop-down that appears.
  3. In the Properties window that opens, go to the Log On tab. Under Log on as, select This Account , browse and update the service account's credentials.

Common errors that hinder the Windows login agent installation sequence

  1. Access to admin$ of the client computer is not available

    In the machine where ADSelfService Plus is installed, select Start > Run , and type \\\admin$.If you get the same error, enable Remote Administration exception on the client computers as below:

    • From the client computer, select Start > Run and type gpedit.msc and press Enter .
    • Expand the Administrative Templates > Network Connections > Windows Firewall .
    • Click the Domain Profile and double-click the Firewall: Allow remote administration exception.
    • Select Enabled and click OK.
  2. Windows Remote Registry Services are not enabled To enable Remote Registry Services:
    • Open Services .
    • Find the Remote Registry service.
    • Verify that it runs on System Startup .
  3. Antivirus software blocks the login agent installationPlease disable any antivirus or firewall on the client and server, then try to reinstall the Windows login agent. The RemCom.exe file is used to install the client software remotely to the machines. Please exclude the installation directory of ManageEngine ADSelfService Plus in antivirus software so that the RemCom.exe file is not blocked from accessing the ADSelfService Plus server.

Once the ADSelfService Plus login agent has been successfully deployed, adminstraotrs can enable MFA for machine logins, offline MFA.

Request for Support

Need further assistance? Fill this form, and we'll contact you rightaway.

  • Name
  •  
  • Business Email *
  •  
  • Phone *
  •  
  • Problem Description *
  •  
  • Country
  •  
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.
Highlights of ADSelfService Plus

Password self-service

Allow Active Directory users to self-service their password resets and account unlock tasks, freeing them from lengthy help desk calls.

One identity with single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications using their Active Directory credentials.

Password and account expiry notification

Intimate Active Directory users of their impending password and account expiry via email and SMS notifications.

Password synchronization

Synchronize Windows Active Directory user passwords and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.

Password policy enforcer

Strong passwords resist various hacking threats. Enforce Active Directory users to adhere to compliant passwords by displaying password complexity requirements.

Directory self-update and corporate directory search

Enable Active Directory users to update their latest information themselves. Quick search features help admins scout for information using search keys like contact numbers.

« Home
Knowledge Base »

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust
Password management Adaptive MFA Enterprise SSO Self-service & security Related products