LAN deployment from the web interface
About LAN deployment
If one of the devices on the LAN has the Agent installed, the deployment to the remaining devices can be initiated from the Agent Browser and the web interface.
For information on deploying from the Agent Browser, refer to LAN deployment using the Agent Browser (Windows only).
The LAN deployment from the web interface works for both Windows and macOS. Deployment of a Windows Agent must be initiated from a device with a Windows Agent installed, and deployment of a macOS Agent must be initiated from a macOS device with a macOS Agent installed.
- The device you want to use for Agent deployment must be online and selected as a Network Node with network scanning. Refer to Network Discovery.
- The device you want to use for Agent deployment must have completed a full audit in order to populate the discovered devices list.
- You need to have a username and password for the device or devices you're going to deploy the Agent to. We recommend that you cache these credentials in the web interface so that you do not have to enter them each time for each device. Refer to Credentials.
Further Windows requirements
This method of deployment has prerequisites that weaken the overall security of the environment. It should only be used if Active Directory deployment is not an option.
IMPORTANT In the past, PsExec has been utilized by some viruses to remotely run malicious code. PsExec itself is not a virus, nor does it run malicious code on its own. Adding a registry key to enable access to the ADMIN$ share, making exceptions to any antivirus product, and opening ports is by definition going to weaken the overall security of the environment. By using this method of deployment, you acknowledge that you are aware of this.
NOTE After you have deployed the Agent, reverse all changes you made to allow Agent deployment.
Requirement | Description |
---|---|
Enable remote access to the Admin$ share | Starting with Windows Vista, UAC has by default required elevated privileges to access the administrative shares. Details on this can be found here: Microsoft Support Article (951016). You can enable this share either by accessing the Microsoft support article above and following the instructions, or you can copy the following into an Administrative Command Prompt window: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f |
File and printer sharing | File and printer sharing must be enabled on the devices you wish to deploy to. Ports 445 and 139 inbound must be open. |
Password | You cannot authenticate as a user with a blank password. The user account with the correct permissions to enable an install must have a password to work using PsExec. |
Antivirus | This process assumes that all antivirus programs are configured to allow the use of PsExec, which can stop the use of those programs. |
Further macOS requirements
NOTE After you have deployed the Agent, reverse all changes you made to allow Agent deployment.
Requirement | Description |
---|---|
Remote Login | Needs to be ON. Navigate to Apple menu > System Preferences > Sharing and set Remote Login to ON. You can also use the Terminal or SSH and run the following command as root: systemsetup -setremotelogin on. If root is not enabled, make sure you run the command in the following format: sudo systemsetup -setremotelogin on. |
Firewall | Needs to be OFF. If Firewall is ON, then Remote Login needs to be allowed to connect. Navigate to Apple menu > System Preferences > Security or Security & Privacy > Firewall > set Firewall to OFF. If it is set to ON, then configure the Firewall Options to allow incoming connections. |
How to...
You can cache logon credentials (Agent deployment credentials, SNMP credentials, and ESXi credentials) at the global level or site level. When deploying from a site, any details entered at the site level will be used in addition to those specified at the global level, unless you turn this option off. For further information on how to cache logon credentials, refer to Credentials.
IMPORTANT A Windows Agent can only be deployed from a Windows device with a Windows Agent installed, and the macOS Agent can only be deployed from a macOS device with an macOS Agent installed.
For information on the discovery and deployment steps, refer to Network Discovery.