This guide will show you how to deploy Naverisk Agents on a larger scale with the use of a WMI Discovery, GPO or PsExec.
Please note:- Only use one of these methods to deploy on your devices. Using one or more deployment methods may also create the agent twice and duplicate the agent in your Naverisk Instance.
1.0 Deploying WMI Devices
This method uses a script pack in conjunction with the Naverisk WMI probe to allow easy installation of the Naverisk Agent on discovered devices.
Please note that due to the default Windows security settings, it is not possible to deploy Naverisk agents to Workgroup computers using WMI, unless the computers are first configured to allow this. As this is not always practicable, we recommend using Email deployment as discussed in section 4 for Workgroup computers.
To ensure that the Naverisk Probe can discover Devices correctly, upload the following Script Pack to your Naverisk Instance and run this script against the Device that you will install the Naverisk Probe on;
This script pack is intended to install a Visual C++ redistributable required for the functionality of the Probe / SNMP package.
1.2 Installing the Naverisk Probe
The Naverisk Probe can be installed on any Microsoft Windows Device on the Network, which the SNMP Devices such as VMWare can connect to. The Host Device (Probe) should always be on. When it is offline you will not get any Alerts raised or Tickets created for your SNMP Devices.
To install the Probe module, you will need to choose a Host Device to have the Probe package installed on. Please note you must install a probe on a device at each client location for this to work correctly.
In the Devices tab, select the Host Device that you will install the Probe package on, under the client you wish to monitor.
From the Device Tasks drop-down select Manage Packages:
3. Under the Available Packages drop-down, select the Probe and click Install:
4. Once the Package is installed you will receive a new tab call Probe;
1.3 Retrieving WMI Devices
In order to discover the WMI devices navigate to Device
Click on the name of the Device that has been set as the Probe, then click on the Probe Tab.
2. Click the 'Add' button under Probe Settings.
3. Select WMI as the Probe Type. Enter the Start IP, End IP, Admin Username and Password.
Note: If the Username/Password is incorrect or you use credentials if a user who is not an Admin, WMI devices will show as 'Unknown Device'.
4. Click Save, then click on Retrieve Information.
There will now be a list WMI Devices;
Note: If your connection is successful the operating system of the device will show as per the below image
To deploy the Naverisk Agent onto the discovered WMI Devices, click on the 'Install Agent on Devices' button.
1.4 WMI Device and Discovery Troubleshooting
If the WMI Devices cannot be retrieved and will not show up in the Discovered WMI List ensure that;
The WMI service is running;
2. Check that 'network discovery' and 'file and printer sharing' is enabled on the end-user device;
3. On the end-user Device, The WMI Firewall rules should be enable (There are options for Private Network and Domain Network so make sure to enable the correct)
4. Check that Windows Management Instructions (WMI) program is allowed through Windows Firewall for
AT LEAST Domain, Home/Work (Private).
5. Disabling UAC on Stand Alone devices (not domain connected)
To disable UAC remote restrictions, follow these steps:
Click Start, click Run, type regedit, and then press ENTER.
Locate and then click the following registry subkey:
LocalAccountTokenFilterPolicyregistry entry doesn't exist, follow these steps:
On the Edit menu, point to New, and then select DWORD Value.
Type LocalAccountTokenFilterPolicy, and then press ENTER.
Right-click LocalAccountTokenFilterPolicy, and then select Modify.
In the Value data box, type 1, and then select OK.
Exit Registry Editor.
2.0 Group Policy Deployment of Naverisk Agents
This is a very quick and easy way to deploy multiple Agents via Active Directory: There are two ways to deploy using GPO deployment.
Option1: Batch file
Create a file called startup-naverisk.bat and add the following line to it:
msiexec.exe /i AgentSetup_(client-name)(unique string).msi /qn
When Ready, Go to Group Policy Management (server 2012 and higher)
2. Create a GPO policy and apply to all Authenticated Users. This is by default using the default Domain Policy
3. Right click the policy and select EDIT.
4. Under Computer Configuration, Policies, Window Settings, select Scripts (Startup/Shutdown).
5. Double click Startup.
6. Click in SHOW FILES
7. Copy both files to that folder that just opened. (AgentSetup_(Client-Name)(Unique String).msi and startup-naverisk.bat). It is important to save all the files in the root of the Policy folder, without creating any new folder.
8. Close the windows and click ADD to Startup Properties windows.
9. Click BROWSE and select the file startup-naverisk.bat.
10. Click OK.
11. Click Apply, then OK
Option2:- Software distribution package
Open the group policy object editor.
Expand Computer Configuration > Software Settings.
From the Right-Click menu, select Software Installation > New > Package…
Point to the Agent_(client-name)(unique string).msi file
Under Deployment Method, choose Advanced.
Add a name for the package for easy identification and then save
Please note; We also recommended changing these settings
Computer Configuration > Policies > Administrative Templates > Windows Components> Window Installer > Always install with elevated privileges
Computer Configuration > Policies > Administrative Templates > System > Group Policy > Software Installation policy processing (check “Allow processing across a slow network connection”)
Once created, you just need to reboot your Clients computers for it to install.
You cannot run the script as LOGON SCRIPT, since you need Administrative Rights. The Startup Script runs with Administrative Rights, but you cannot use UNC path to map Drives; for that reason you have to copy the Agent file to the Policy folder.
Encountering Issues with Group Policy Deployment
If the Installer does not appear to be run against some Devices, run a gpresult /z on those machines from the command prompt. This will tell you if the GPO is set to execute at all. If it is not run against that machine then please examine your GP scope options to correct this.
If you encounter an error during deployment of the Installer by Group Policy Object, you can host the Installer from a Network Share with read/execute permissions for All Users.
3.0 PsExec Deployment of Naverisk Agents
This is how we can use PsExec to install the Naverisk Agent package onto multiple machines on a network.
PsExec is a tool that we can use to execute a command-line process on a remote machine. Please note you will need to contact support to get an .EXE installer as the default .MSI installer will not work.
What is needed:
List of machines (to be placed in a specific file path)
Username (admin level)
Password (admin level)
How to use Psexec for installing our Naverisk agent package:
Download the Agent-Setup.msi from Naverisk for that client to the same folder as the psexec.exe.
Create a File with a list of all the devices on the network (list the hostnames or IP addresses) that are to have the Naverisk Package installed.
Execute the command: (note this is an example and you may not need all the switches) psexec.exe @list.txt -u USERNAME -p PASSWORD -s -e -f -i -d -c AgentSetup-Test.exe /noconfirm /overwrite
This will allow Psexec to run the command on all machines at Admin level, if this is successful, all the machines on the network will now have the Naverisk Agent Package installed.
4.0 Deploying Naverisk Agents via Email
If you would like to deploy Naverisk Agents using email, we recommend the following method to accomplish this:
From your root Client Level, create a Naverisk Agent Installation Package which you would like to distribute by email.
You can use a Dropbox account\OneDrive or something similar to use for hosting this Installer File to share if you wish.
You can also Right click the Agent and select ‘Share this will give you sharing options as well'
Paste a link in an email template for convenient access. The link will make your Naverisk Installer available for download to anyone you send this to.
After a Client receives this link, downloads it and runs it, his Device should appear in your Naverisk Console. From there you can move the Device to the appropriate Client using the Task List available.
7. If you would like to email Naverisk Agent installers for Mac or Linux, just specify that you would like to create the respective agent type in Step 1. The other steps will remain the same regardless of Agent type.
5.0 Deploying Naverisk Agents in a Disk Image
Image deployment is an efficient and convenient way to set up new PCs, complete with operating system and applications. While the Naverisk agent can be included in the image, special attention must be paid to ensure that each deployed instance contains a uniquely identified agent. This is similar to using Syspep, for example, to ensure each PC has a unique network name.
To prepare the initial installation for imaging, follow these steps:
Install the agent on the master PC in the normal manner
Open the service control manager and stop the NaveriskAgent service
Edit the NAS.cfg file located in C:\ProgramData\Naverisk\Agent, changing the AgentID to -1 .Do not modify any other parameters in the config file
Save the config file. You may now proceed to image the PC.
Important - Do not restart the PC or NaveriskAgent service before imaging. If you do so, this procedure must be repeated to reset the agent ID.
Failure to reset the agent ID using this procedure will result in every PC that is deployed using the image connecting to Naverisk with he same agent ID, which Naverisk will see as being one device. This can cause serious performance issues on Naverisk. In severe cases, this may result in the device with the duplicated agents being automatically deleted without notice.
If you experience issues with agent being deployed then please check as below.
Remove any old agent installers from your server. This will create new ones going forward. This folder is installed by default on your site controller or deployed network controller.
C:\Program Files (x86)\Naverisk\SiteController\AgentDataFiles\WMIAgentInstall
E.g. Delete all of these, leaving only PsExec and AgentUpload.
Also uninstalling and re-installing the Probe once files are deleted will also help. See http://kb.naverisk.com/en/articles/2814523-probe-installation if required,
If you require any assistance of have any queries please feel free to contact us at firstname.lastname@example.org