Skip to main content

 

ConnectWise

Deploying Windows Agents with Automate

  1. Last updated
  2. Save as PDF

Overview

There are several methods available to deploy agents to Windows computers:

Windows agents are deployed to the C:\Windows\ltsvc folder of the machine. 

Note: The legacy Web Control Center has been retired for use by technicians. The only logins that are now compatible with this legacy Web Control Center are those of Automate contacts. All technicians should be using the new Web Control Center. To deploy Windows agents from the new Web Control Center, please refer to Web Installers. For information on the legacy Web Control Center, refer to Web Control Center End of Life Notice

Deployment Requirements

  • On the agent designated as the Network Probe, verify the account running the LTSVC service. You need to change the account running the service from System to an account that has access to other servers or workstations in that agent’s environment. (e.g.: ‘domain\username’ or ‘.\username’).
  • Clients must be configured, including at least one administrative password added on the Passwords tab.
  • Locations must be set up and configured on the Deployment and Defaults tab including:
    • Default Group for New Agents must be selected drop-down. Typically the All Agents group should be selected.
    • Login to use for Administrator Access must be selected from the drop-down. Commands that require administrative credentials or commands pushing ConnectWise Automate® use this account.

      Note: A user account in the Domain Admins Active Directory group may be used to deploy agents. Alternatively, you can add a domain user account to the Local Administrators group on the servers and workstations you want to deploy to. This domain user to local group assignment can be configured via Group Policy (GPO) and linked at either the domain or the OU (Organizational Unit) scope.

    • Template to include in the deployment package must be selected from the drop-down. Typically, you will use the Default template. If you are an Ignite® partner several templates have already been configured for you. Refer to Alert Templates for more information on each default template. If using custom templates, at least one needs to be configured for deployment. 
  • .NET Framework
    • .NET Framework 3.5 SP1 is required for installation and general functionality.
    • .NET Framework 4.5.2 (minimum) is an additional requirement for agents with the Network Probe role enabled so that the agent can perform commands related to the role.
    • Automate recommends using the latest version of .NET Framework, currently 4.8, as this can be run in conjunction with .NET 3.5 and encompasses all updates to .NET since .NET 4.0 was introduced.
  • Verify Antivirus Exclusions for Windows Environments are configured correctly.
  • If deploying agents using the Network Probe, port 139 must be open and File and Printer Sharing (the ICMPv4 Inbound Windows Firewall Rule) must be enabled. 
  • Important: Windows agents only: Due to the current dependency on a unique MAC Address being a requirement for successful agent signup, please DISABLE any software or services that could be manipulating the machines ‘broadcasting’ MAC (e.g.: VPN software clients or physical USB-to-Ethernet adapters) and confirm that the agent signs-up to your Automate Server with a newly assigned ComputerID. After the initial Agent signup process has completed successfully with a unique ComputerID, you can then re-establish the machine’s regular network communication, as a change in MAC address will not impact future agent check-ins.

Differences in MSI and EXE 

When you are downloading the agent, it doesn't matter what you specify in the template; the server address is always the URL in the browser being used. Therefore, if you are on an internal network and downloading the agent from the IP of your server, the address is going to be just that. If you download the agent with your FQDN in the address bar, it will use the FQDN.

If you need branding to happen on the install, the fastest way to have this happen is to specify a group under the Location Deployments and Defaults where the group has the template that you want to apply. This way, on the agent's initial check-in it will already know to go into the group grabbing the branding information. This works for both the MSI and executable.  

None of the template information is applied when doing a deployment using the MSI. Templates are applied after the agent checks in and an update configuration is received. Compare the information the MSI and EXE files grab in the table below. 

Information MSI EXE
Server address
Server password
Location ID
Proxy settings  
Tray icon branding   
Service branding   

Web Installers

Refer to Web Installers to deploy agents from the Web Control Center. 

Deploy Agents with Group Policy

Agent installation with group policy is the recommended and most reliable method of deploying agents in a domain environment. This is a four-step process. Begin by downloading the custom agent, then create a Startup script, and deploy the Startup script by creating a Group Policy and linking the Startup script to it. Please note that the following process applies to the EXE agent installer. For help deploying the MSI installer via Group Policy, please refer to the Microsoft article Use Group Policy to remotely install software.

Note: Agent installs with Group Policy should not be left automatically running, as this perpetually installs an older agent version. Please enable the group policy for Automate agent installations only for the duration of deployment or onboarding.

Note: If you need help with Group Policy, refer to the Microsoft KB article How to User Group Policy to remotely install software in Windows Server 2003 and in Windows Server 2008 for information on how to create a group policy.

Download the Custom Agent

First, download the custom agent from the Web Control Center.  

  1. Open your internet browser and log in to your Web Control Center.
  2. Navigate to System > Installers > Custom Agent to download an agent for that company site.

    wcc_system_installers_customagent.png

  3. Select a site from the Agent Destination drop-down.
  4. Select Windows EXE from the Installer Type drop-down.
  5. Click Download.
  6. Navigate to the folder where you want to save it.
  7. Save as Agent_Install.exe.

Create a Startup Script

After you have downloaded the agent installer file, create a Startup script to use to deploy the agent.

Note: Customizations to this script can be made to suit your environment, but fall outside the boundaries of Support. Only the standard script documented below is supported.

To create the Startup script: 

  1. Create a new file on your desktop and name it AutomateDeployment.bat
  2. Open the file and paste the following:

    @echo off
    REM
    If EXIST c:\windows\ltsvc\ltsvc.exe GOTO EXIT
    GOTO INSTALL

    :INSTALL
    copy \\[[domainname]]\netlogon\Agent_Install.exe %windir%\temp
    call %windir%\temp\Agent_Install.exe /s

    GOTO EXIT

    :EXIT
    Exit

  3. Replace[[domainname]]with your domain name. 
    Note: If you choose to place the Agent_Install.exe file in a directory other than Netlogon, ensure the alternative network share has at minimum read-only permissions. For additional information on the Netlogon directory, please refer to the Microsoft site.
  4. Save. Take note of the location where the file was saved. 

Create a Group Policy Object (GPO)

To create a GPO:

  1. Open the Group Policy Management Console window. 
  2. Right-click on Group Policy Objects and select New.
  3. Enter a name for the GPO policy in the Name field.
  4. Click OK.
  5. Right-click on the newly created GPO and select Edit.
  6. Navigate to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown).
  7. Double-click Startup. The Startup Properties window displays.
  8. Click Add > Browse.
  9. In your File Explorer, locate the AutomateDeployment.bat file and copy it to the Startup Folder in the Group Policy Management window. 
  10. Click Open > OK > Apply > OK.
  11. Close the Group Policy Management Editor window. The group policy has been created.

Link the GPO

After the GPO has been created, it must be linked to the relevant Organizational Unit(s) (OUs) for the policy to take effect. Once servers or workstations have been rebooted the agent is deployed on startup. 

To link the policy: 

  1. Right-click on the relevant OUs and select Link an Existing GPO.  
  2. Select the newly created GPO and click OK. The agent is deployed when the server or workstation is rebooted next. 

Network Probe

For more information refer to Network Probe Settings - Deployment Tab

Deploy Agents on Windows Server Core

  1. Edit the machine.config file located in the %windir%\microsoft.net\framework64\v3.5..50727\config folder.
    Locate the final closing </configuration> tag, and add the following after: 
    <system.net><defaultProxy><proxy usesystemdefault="false" bypassonlocal="true"/></defaultProxy></system.net>
  2. Start the Automate service by running SC START LTService.

Agent_Install Command Line Parameters

When using the EXE, parameters that can be set directly from the command line using the properties in the table below:

Parameter Description
/d Displays the GUI
/d/? Displays the Setup Help window
/s Installs silently (no GUI displayed)
/install Installs a complete local copy of the bundle in the directory. Install is the default parameter.
/layout Creates a complete local copy of the bundle in the directory.
/log log.txt Logs to a specific file. By default, a log file is created in %TEMP%.
/norestart Suppresses any attempts to restart. By default, the UI will prompt before a restart.
/passive Displays minimal UI with no prompts. By default, the UI and all prompts are displayed.
/quiet Displays neither a UI nor prompts. By default, the UI and all prompts are displayed.
/repair Repairs the local copy of the bundle in the directory.
/uninstall Uninstalls the local copy of the bundle in the directory.

When using the MSI (Windows installer), parameters that can be set directly from the command line using the properties in the table below:

Property Name Property Default
SERVICEPATH %WINDIR%LTsvc
SERVICENAME LTService
SERVICEDISPNAME Automate Monitoring Service
SERVICEDESCRIPTION Automate Monitoring Service. This connects the computer to the main database for monitoring and maintenance. Stopping or disabling this service will disconnect you from the monitor services. This might be against your company's policy. This is not Spyware and was installed by your IT department.
SERVICEKEY Automate
SERVICEPORT 42000
SERVICETEMP %WINDIR%Temp
SERVICEVNCNAME LabVNC
SERVICEFINISHMSG The Automate Monitoring Service has been installed successfully.
SERVERADDRESS Enter the server address here.
SERVERPASS Enter the server password here.
LOCATION Enter the Location ID here.
SERVICEFULLSYSFUNC False
TEMPLATE "" (no default value)
SERVICEMONNAME LTSvcMon
SERVICEMONDISPNAME Automate Service Monitor
SERVICEMANDESCRIPTION Ensures the Automate Service stays running and updated.