LAN deployment from the Web Portal

• The device you want to use for Agent deployment must be online and selected as a Network Node with network scanning. Refer to Network discovery in the legacy UI and Network Discovery in the New UI.
• The device you want to use for Agent deployment must have completed a full audit in order to populate the discovered devices list. Refer to Audits.
• You need to have a username and password for the device or devices you're going to deploy the Agent to. We recommend that you cache these credentials in the web interface so that you do not have to enter them each time for each device. Refer to Account Settings and Site Settings in the legacy UI and Credentials - New UI in the New UI.

Further Windows requirements

This method of deployment has prerequisites that weaken the overall security of the environment. It should only be used if Active Directory deployment is not an option.

IMPORTANT  In the past, PsExec has been utilized by some viruses to remotely run malicious code. PsExec itself is not a virus, nor does it run malicious code on its own. Adding a registry key to enable access to the ADMIN$ share, making exceptions to any antivirus product, and opening ports is by definition going to weaken the overall security of the environment. By using this method of deployment, you acknowledge that you are aware of this.

NOTE  After you have deployed the Agent, reverse all changes you made to allow Agent deployment.

Requirement	Description
Enable remote access to the Admin$ share	Starting with Windows Vista, UAC has by default required elevated privileges to access the administrative shares. Details on this can be found here: Microsoft Support Article (951016). You can enable this share either by accessing the Microsoft support article above and following the instructions, or you can copy the following into an Administrative Command Prompt window: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
File and printer sharing	File and printer sharing must be enabled on the devices you wish to deploy to. Ports 445 and 139 inbound must be open.
Password	You cannot authenticate as a user with a blank password. The user account with the correct permissions to enable an install must have a password to work using PsExec.
Antivirus	This process assumes that all antivirus programs are configured to allow the use of PsExec, which can stop the use of those programs.

Further macOS requirements

NOTE  After you have deployed the Agent, reverse all changes you made to allow Agent deployment.

Requirement	Description
Remote Login	Needs to be ON. Navigate to Apple menu > System Preferences > Sharing and set Remote Login to ON. You can also use the Terminal or SSH and run the following command as root: systemsetup -setremotelogin on. If root is not enabled, make sure you run the command in the following format: sudo systemsetup -setremotelogin on.
Firewall	Needs to be OFF. If Firewall is ON, then Remote Login needs to be allowed to connect. Navigate to Apple menu > System Preferences > Security or Security & Privacy > Firewall > set Firewall to OFF. If it is set to ON, then configure the Firewall Options to allow incoming connections.

You can cache logon credentials (Agent deployment credentials, SNMP credentials, and ESXi credentials) at the account or site level. When deploying from a site, any details entered at the site level will be used in addition to those specified at the account level, unless you turn this option off. For further information on how to cache logon credentials, refer to Account Settings and Site Settings in the legacy UI and Credentials - New UI in the New UI.

IMPORTANT  A Windows Agent can only be deployed from a Windows device with a Windows Agent installed, and the macOS Agent can only be deployed from a macOS device with an macOS Agent installed.

For information on the discovery and deployment steps, refer to Network discovery.