This guide will show you how to deploy Naverisk Agents on a larger scale with the use of a WMI Discovery, GPO or PsExec.
1.0 Deploying WMI Devices
This method uses a script pack in conjunction with the Naverisk WMI probe to allow easy installation of the Naverisk Agent on discovered devices.
Please note that due to the default Windows security settings, it is not possible to deploy Naverisk agents to Workgroup computers using WMI, unless the computers are first configured to allow this. As this is not always practicable, we recommend using Email deployment as discussed in section 4 for Workgroup computers.
To ensure that the Naverisk Probe can discover Devices correctly, upload the following Script Pack to your Naverisk Instance and run this script against the Device that you will install the Naverisk Probe on;
This script pack is intended to install a Visual C++ redistributable required for the functionality of the Probe / SNMP package.
1.2 Installing the Naverisk Probe
The Naverisk Probe can be installed on any Microsoft Windows Device on the Network, which the SNMP Devices such as VMWare can connect to. The Host Device (Probe) should always be on. When it is offline you will not get any Alerts raised or Tickets created for your SNMP Devices.
To install the Probe module, you will need to choose a Host Device to have the Probe package installed on.
- In the Devices tab, select the Host Device that you will install the Probe package on, under the client you wish to monitor.
- From the Device Tasks drop-down select Manage Packages:
3. Under the Available Packages drop-down, select the Probe and click Install:
4. Once the Package is installed you will receive a new tab call Probe;
1.3 Retrieving WMI Devices
In order to discover the WMI devices navigate to Device
- Click on the name of the Device that has been set as the Probe, then click on the Probe Tab.
2. Click the 'Add' button under Probe Settings.
3. Select WMI as the Probe Type. Enter the Start IP, End IP, Admin Username and Password.
Note: If the Username/Password is incorrect or you use credentials if a user who is not an Admin, WMI devices will show as 'Unknown Device'.
4. Click Save, then click on Retrieve Information.
There will now be a list WMI Devices;
Note: To deploy the Naverisk Agent onto the discovered WMI Devices, click on the 'Install Agent on Devices' button.
1.4 WMI Device and Discovery Troubleshooting
If the WMI Devices cannot be retrieved and will not show up in the Discovered WMI List ensure that;
- The WMI service is running;
2. Check that 'network discovery' and 'file and printer sharing' is enabled on the end-user device;
3. On the end-user Device, The WMI Firewall rules should be enable (There are options for Private Network and Domain Network so make sure to enable the correct)
4. Check that Windows Management Instructions (WMI) program is allowed through Windows Firewall for
AT LEAST Domain, Home/Work (Private).
2.0 Group Policy Deployment of Naverisk Agents
This is a very quick and easy way to deploy multiple Agents via Active Directory:
- Create a file called startup-naverisk.bat and add the following line to it:
In the below image, the executable is for the client Artificial Construction
2. Create a GPO policy and apply to all Authenticated Users.
3. Right click the policy and select EDIT.
4. Under Computer Configuration, Policies, Window Settings, select Scripts (Startup/Shutdown).
5. Double click Startup.
6. Click in SHOW FILES
7. Copy both files to that folder that just opened. (agent-setup.exe and startup-naverisk.bat). It is important to save all the files in the root of the Policy folder, without creating any new folder.
8. Close the windows and click ADD to Startup Properties windows.
9. Click BROWSE and select the file startup-naverisk.bat.
10. Click OK.
11. Click Apply, then OK
12. The Policy and the Object are created. You just need to reboot the Clients computers.
- You cannot run the script as LOGON SCRIPT, since you need Administrative Rights. The Startup Script runs with Administrative Rights, but you cannot use UNC path to map Drives; for that reason you have to copy the Agent file to the Policy folder.
- The Naverisk training videos mention a nooverwrite option which aborts installation of Agents if an Agent is already present on a Device. This is used by default, so you don’t need to worry about specifying it.Likewise, use of the /overwrite option is also unnecessary in the context of deploying Agents. This is discussed further in our KB ‘Windows Agents - Installation and Removal’.
2.1 Encountering Issues with Group Policy Deployment
If the Installer does not appear to be run against some Devices, run a gpresult /z on those machines from the command prompt. This will tell you if the GPO is set to execute at all. If it is not run against that machine then please examine your GP scope options to correct this.
If you encounter an error during deployment of the Installer by Group Policy Object, you can host the Installer from a Network Share with read/execute permissions for All Users. Then use the command to install it with the Silent Install switch issued from Group Policy:
i.e. AgentSetup.exe / noconfirm
This will install it silently on Devices which execute the GPO on Startup. However, it will not install if the Agent is already present on the Device.
3.0 PsExec Deployment of Naverisk Agents
This is how we can use PsExec to install the Naverisk Agent package onto multiple machines on a network.
PsExec is a tool that we can use to execute a command-line process on a remote machine.
What is needed:
- List of machines (to be placed in a specific file path)
- Username (admin level)
- Password (admin level)
How to use Psexec for installing our Naverisk agent package:
- Download Psexec.exe.
- Download the Agent-Setup.exe from Naverisk for that client to the same folder as the psexec.exe.
- Create a File with a list of all the Devices on the network (list the hostnames) that are to have the Naverisk Package installed.
- Execute the command: psexec.exe @C:\filelist.txt -u username -p password -c Agent-Setup.exe.
This will allow Psexec to run the command on all machines at Admin level, if this is successful, all the machines on the network will now have the Naverisk Agent Package installed.
4.0 Deploying Naverisk Agents via Email
If you would like to deploy Naverisk Agents using email, we recommend the following method to accomplish this:
- From your root Client Level, create a Naverisk Agent Installation Package which you would like to distribute by email.
- Create a Dropbox account or log into an existing one which you would like to use for hosting this Installer File.
- Save the Naverisk Agent installer in your Dropbox
- Right click the Agent and select ‘Share Dropbox link’
5. Paste the link in an email template for convenient access. This Dropbox link will make your Naverisk Installer available for download to anyone you send this to.
6. After a Client receives this link, downloads it and runs it, his Device should appear in your Naverisk Console. From there you can move the Device to the appropriate Client using the Task List available.
7. If you would like to email Naverisk Agent installers for Mac or Linux, just specify that you would like to create the respective agent type in Step 1. The other steps will remain the same regardless of Agent type.
5.0 Deploying Naverisk Agents in a Disk Image
Image deployment is an efficient and convenient way to set up new PCs, complete with operating system and applications. While the Naverisk agent can be included in the image, special attention must be paid to ensure that each deployed instance contains a uniquely identified agent. This is similar to using Syspep, for example, to ensure each PC has a unique network name.
To prepare the initial installation for imaging, follow these steps:
- Install the agent on the master PC in the normal manner
- Open the service control manager and stop the NaveriskAgent service
- Edit the NAS.cfg file located in C:\ProgramData\Naverisk\Agent, changing the AgentID to -1 .Do not modify any other parameters in the config file
- Save the config file. You may now proceed to image the PC.
Important - Do not restart the PC or NaveriskAgent service before imaging. If you do so, this procedure must be repeated to reset the agent ID.
Failure to reset the agent ID using this procedure will result in every PC that is deployed using the image connecting to Naverisk with he same agent ID, which Naverisk will see as being one device. This can cause serious performance issues on Naverisk. In severe cases, this may result in the device with the duplicated agents being automatically deleted without notice.
If you require any assistance of have any queries please feel free to contact us at email@example.com