Deploying Windows Agents with Automate
Overview
There are several methods available to deploy agents to Windows computers:
- Use the Web Installers
- Deploy Agents with Group Policy
- From the Network Probe Settings - Deployment Tab
- Deploy Agents on Windows Server Core
Windows agents are deployed to the C:\Windows\ltsvc folder of the machine.
Note: The legacy Web Control Center has been retired for use by technicians. The only logins that are now compatible with this legacy Web Control Center are those of Automate contacts. All technicians should be using the new Web Control Center. To deploy Windows agents from the new Web Control Center, please refer to Web Installers. For information on the legacy Web Control Center, refer to Web Control Center End of Life Notice.
Deployment Requirements
- On the agent designated as the Network Probe, verify the account running the LTSVC service. You need to change the account running the service from System to an account that has access to other servers or workstations in that agent’s environment. (e.g.: ‘domain\username’ or ‘.\username’).
- Clients must be configured, including at least one administrative password added on the Passwords tab.
- Locations must be set up and configured on the Deployment and Defaults tab including:
- A Default Group for New Agents must be selected drop-down. Typically the All Agents group should be selected.
- A Login to use for Administrator Access must be selected from the drop-down. Commands that require administrative credentials or commands pushing ConnectWise Automate® use this account.
Note: A user account in the Domain Admins Active Directory group may be used to deploy agents. Alternatively, you can add a domain user account to the Local Administrators group on the servers and workstations you want to deploy to. This domain user to local group assignment can be configured via Group Policy (GPO) and linked at either the domain or the OU (Organizational Unit) scope.
- A Template to include in the deployment package must be selected from the drop-down. Typically, you will use the Default template. If you are an Ignite® partner several templates have already been configured for you. Refer to Alert Templates for more information on each default template. If using custom templates, at least one needs to be configured for deployment.
- .NET Framework
- .NET Framework 3.5 SP1 is required for installation and general functionality.
- .NET Framework 4.5.2 (minimum) is an additional requirement for agents with the Network Probe role enabled so that the agent can perform commands related to the role.
- Automate recommends using the latest version of .NET Framework, currently 4.8, as this can be run in conjunction with .NET 3.5 and encompasses all updates to .NET since .NET 4.0 was introduced.
- Verify Antivirus Exclusions for Windows Environments are configured correctly.
- If deploying agents using the Network Probe, port 139 must be open and File and Printer Sharing (the ICMPv4 Inbound Windows Firewall Rule) must be enabled.
-
Important: Windows agents only: Due to the current dependency on a unique MAC Address being a requirement for successful agent signup, please DISABLE any software or services that could be manipulating the machines ‘broadcasting’ MAC (e.g.: VPN software clients or physical USB-to-Ethernet adapters) and confirm that the agent signs-up to your Automate Server with a newly assigned ComputerID. After the initial Agent signup process has completed successfully with a unique ComputerID, you can then re-establish the machine’s regular network communication, as a change in MAC address will not impact future agent check-ins.
Web Installers
Refer to Web Installers to deploy agents from the Web Control Center.
Deploy Agents with Group Policy
Agent installation with group policy is the recommended and most reliable method of deploying agents in a domain environment. This is a four-step process. Begin by downloading the custom agent, then create a Startup script, and deploy the Startup script by creating a Group Policy and linking the Startup script to it. Please note that the following process applies to the EXE agent installer. For help deploying the MSI installer via Group Policy, please refer to the Microsoft article Use Group Policy to remotely install software.
Note: Agent installs with Group Policy should not be left automatically running, as this perpetually installs an older agent version. Please enable the group policy for Automate agent installations only for the duration of deployment or onboarding.
Download the Custom Agent
First, download the custom agent from the Web Control Center.
- Open your internet browser and log in to your Web Control Center.
- Navigate to System > Installers > Custom Agent to download an agent for that company site.
- Select a site from the Agent Destination drop-down.
- Select Windows EXE from the Installer Type drop-down.
- Click Download.
- Navigate to the folder where you want to save it.
- Save as Agent_Install.exe.
Create a Startup Script
After you have downloaded the agent installer file, create a Startup script to use to deploy the agent.
Note: Customizations to this script can be made to suit your environment, but fall outside the boundaries of Support. Only the standard script documented below is supported.
To create the Startup script:
- Create a new file on your desktop and name it AutomateDeployment.bat.
- Open the file and paste the following:
@echo off
REM
If EXIST c:\windows\ltsvc\ltsvc.exe GOTO EXIT
GOTO INSTALL:INSTALL
copy \\[[domainname]]\netlogon\Agent_Install.exe %windir%\temp
call %windir%\temp\Agent_Install.exe /sGOTO EXIT
:EXIT
Exit - Replace
[[domainname]]
with your domain name.Note: If you choose to place the Agent_Install.exe file in a directory other than Netlogon, ensure the alternative network share has at minimum read-only permissions. For additional information on the Netlogon directory, please refer to the Microsoft site. - Save. Take note of the location where the file was saved.
Create a Group Policy Object (GPO)
To create a GPO:
- Open the Group Policy Management Console window.
- Right-click on Group Policy Objects and select New.
- Enter a name for the GPO policy in the Name field.
- Click OK.
- Right-click on the newly created GPO and select Edit.
- Navigate to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown).
- Double-click Startup. The Startup Properties window displays.
- Click Add > Browse.
- In your File Explorer, locate the AutomateDeployment.bat file and copy it to the Startup Folder in the Group Policy Management window.
- Click Open > OK > Apply > OK.
- Close the Group Policy Management Editor window. The group policy has been created.
Link the GPO
After the GPO has been created, it must be linked to the relevant Organizational Unit(s) (OUs) for the policy to take effect. Once servers or workstations have been rebooted the agent is deployed on startup.
To link the policy:
- Right-click on the relevant OUs and select Link an Existing GPO.
- Select the newly created GPO and click OK. The agent is deployed when the server or workstation is rebooted next.
Network Probe
For more information refer to Network Probe Settings - Deployment Tab.
Deploy Agents on Windows Server Core
- Edit the machine.config file located in the %windir%\microsoft.net\framework64\v3.5..50727\config folder.
Locate the final closing </configuration> tag, and add the following after:
<system.net><defaultProxy><proxy usesystemdefault="false" bypassonlocal="true"/></defaultProxy></system.net>
- Start the Automate service by running SC START LTService.
Agent_Install Command Line Parameters
When using the EXE, parameters that can be set directly from the command line using the properties in the table below:
Parameter | Description |
---|---|
/d | Displays the GUI |
/d/? | Displays the Setup Help window |
/s | Installs silently (no GUI displayed) |
/install | Installs a complete local copy of the bundle in the directory. Install is the default parameter. |
/layout | Creates a complete local copy of the bundle in the directory. |
/log log.txt | Logs to a specific file. By default, a log file is created in %TEMP%. |
/norestart | Suppresses any attempts to restart. By default, the UI will prompt before a restart. |
/passive | Displays minimal UI with no prompts. By default, the UI and all prompts are displayed. |
/quiet | Displays neither a UI nor prompts. By default, the UI and all prompts are displayed. |
/repair | Repairs the local copy of the bundle in the directory. |
/uninstall | Uninstalls the local copy of the bundle in the directory. |
When using the MSI (Windows installer), parameters that can be set directly from the command line using the properties in the table below:
Property Name | Property Default |
---|---|
SERVICEPATH | %WINDIR%LTsvc |
SERVICENAME | LTService |
SERVICEDISPNAME | Automate Monitoring Service |
SERVICEDESCRIPTION | Automate Monitoring Service. This connects the computer to the main database for monitoring and maintenance. Stopping or disabling this service will disconnect you from the monitor services. This might be against your company's policy. This is not Spyware and was installed by your IT department. |
SERVICEKEY | Automate |
SERVICEPORT | 42000 |
SERVICETEMP | %WINDIR%Temp |
SERVICEVNCNAME | LabVNC |
SERVICEFINISHMSG | The Automate Monitoring Service has been installed successfully. |
SERVERADDRESS | Enter the server address here. |
SERVERPASS | Enter the server password here. |
LOCATION | Enter the Location ID here. |
SERVICEFULLSYSFUNC | False |
TEMPLATE | "" (no default value) |
SERVICEMONNAME | LTSvcMon |
SERVICEMONDISPNAME | Automate Service Monitor |
SERVICEMANDESCRIPTION | Ensures the Automate Service stays running and updated. |