This guide will show you how to deploy Naverisk Agents on a larger scale with the use of a WMI Discovery, GPO or PsExec.

1.0 Deploying WMI Devices

This method uses a script pack in conjunction with the Naverisk WMI probe to allow easy installation of the Naverisk Agent on discovered devices.

Please note that due to the default Windows security settings, it is not possible to deploy Naverisk agents to Workgroup computers using WMI, unless the computers are first configured to allow this. As this is not always practicable, we recommend using Email deployment as discussed in section 4 for Workgroup computers.

1.1 Prerequisites

To ensure that the Naverisk Probe can discover Devices correctly, upload the following Script Pack to your Naverisk Instance and run this script against the Device that you will install the Naverisk Probe on;

http://docs.naverisk.com/Resources/NavFiles/SNMPVC++Fix.nsp

This script pack is intended to install a Visual C++ redistributable required for the functionality of the Probe / SNMP package.

1.2 Installing the Naverisk Probe

The Naverisk Probe can be installed on any Microsoft Windows Device on the Network, which the SNMP Devices such as VMWare can connect to. The Host Device (Probe) should always be on. When it is offline you will not get any Alerts raised or Tickets created for your SNMP Devices.

To install the Probe module, you will need to choose a Host Device to have the Probe package installed on.

  1. In the Devices tab, select the Host Device that you will install the Probe package on, under the client you wish to monitor.

  2. From the Device Tasks drop-down select Manage Packages:

3. Under the Available Packages drop-down, select the Probe and click Install:

4. Once the Package is installed you will receive a new tab call Probe;

1.3 Retrieving WMI Devices

In order to discover the WMI devices navigate to Device

  1. Click on the name of the Device that has been set as the Probe, then click on the Probe Tab.

2. Click the 'Add' button under Probe Settings.

3. Select WMI as the Probe Type. Enter the Start IP, End IP, Admin Username and Password.

Note: If the Username/Password is incorrect or you use credentials if a user who is not an Admin, WMI devices will show as 'Unknown Device'.

4. Click Save, then click on Retrieve Information.

There will now be a list WMI Devices;

Note: If your connection is successful the operating system of the device will show as per the below image

To deploy the Naverisk Agent onto the discovered WMI Devices, click on the 'Install Agent on Devices' button.

1.4 WMI Device and Discovery Troubleshooting

If the WMI Devices cannot be retrieved and will not show up in the Discovered WMI List ensure that;

  1. The WMI service is running;

2. Check that 'network discovery' and 'file and printer sharing' is enabled on the end-user device;

3. On the end-user Device, The WMI Firewall rules should be enable (There are options for Private Network and Domain Network so make sure to enable the correct)

4. Check that Windows Management Instructions (WMI) program is allowed through Windows Firewall for
AT LEAST Domain, Home/Work (Private).

5. Disabling UAC on Stand Alone devices (not domain connected)

To disable UAC remote restrictions, follow these steps:

  1. Click Start, click Run, type regedit, and then press ENTER.

  2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

  3. If the LocalAccountTokenFilterPolicy registry entry doesn't exist, follow these steps:

    1. On the Edit menu, point to New, and then select DWORD Value.

    2. Type LocalAccountTokenFilterPolicy, and then press ENTER.

  4. Right-click LocalAccountTokenFilterPolicy, and then select Modify.

  5. In the Value data box, type 1, and then select OK.

  6. Exit Registry Editor.

2.0 Group Policy Deployment of Naverisk Agents

This is a very quick and easy way to deploy multiple Agents via Active Directory:

  1. Create a file called startup-naverisk.bat and add the following line to it:

    msiexec.exe /i Agent_(client-name)(unique string).msi /qn

When Ready, Go to Group Policy Management (server 2012 and higher)

2. Create a GPO policy and apply to all Authenticated Users. This is by default using the default Domain Policy

3. Right click the policy and select EDIT.


4. Under Computer Configuration, Policies, Window Settings, select Scripts (Startup/Shutdown).

5. Double click Startup.

6. Click in SHOW FILES

7. Copy both files to that folder that just opened. (AgentSetup_(Client-Name)(Unique String).msi and startup-naverisk.bat). It is important to save all the files in the root of the Policy folder, without creating any new folder.

8. Close the windows and click ADD to Startup Properties windows.

9. Click BROWSE and select the file startup-naverisk.bat.

10. Click OK.

11. Click Apply, then OK

12. Create a software distribution package

Open the group policy object editor.

Expand Computer Configuration > Software Settings.

From the Right-Click menu, select Software Installation > New > Package

Point to the Agent_(client-name)(unique string).msi file

Under Deployment Method, choose Advanced.

Add a name for the package for easy identification and then save

13. We also recommended changing these settings

Computer Configuration > Policies > Administrative Templates > Windows Components> Window Installer > Always install with elevated privileges

Computer Configuration > Policies > Administrative Templates > System > Group Policy > Software Installation policy processing (check “Allow processing across a slow network connection”)

14. The Policy and the Object are created. You just need to reboot the Clients computers.

Considerations:

  • You cannot run the script as LOGON SCRIPT, since you need Administrative Rights. The Startup Script runs with Administrative Rights, but you cannot use UNC path to map Drives; for that reason you have to copy the Agent file to the Policy folder.

Encountering Issues with Group Policy Deployment

If the Installer does not appear to be run against some Devices, run a gpresult /z on those machines from the command prompt. This will tell you if the GPO is set to execute at all. If it is not run against that machine then please examine your GP scope options to correct this.

If you encounter an error during deployment of the Installer by Group Policy Object, you can host the Installer from a Network Share with read/execute permissions for All Users.

3.0 PsExec Deployment of Naverisk Agents

This is how we can use PsExec to install the Naverisk Agent package onto multiple machines on a network.

PsExec is a tool that we can use to execute a command-line process on a remote machine. Please note you will need to contact support to get an .EXE installer as the default .MSI installer will not work.

What is needed:

  • List of machines (to be placed in a specific file path)

  • Username (admin level)

  • Password (admin level)

How to use Psexec for installing our Naverisk agent package:

  • Download Psexec.exe.

  • Download the Agent-Setup.msi from Naverisk for that client to the same folder as the psexec.exe. 

  • Create a File with a list of all the devices on the network (list the hostnames or IP addresses) that are to have the Naverisk Package installed. 

  • Execute the command: (note this is an example and you may not need all the switches) psexec.exe @list.txt -u USERNAME -p PASSWORD -s -e -f -i -d -c AgentSetup-Test.exe /noconfirm /overwrite

This will allow Psexec to run the command on all machines at Admin level, if this is successful, all the machines on the network will now have the Naverisk Agent Package installed.

4.0 Deploying Naverisk Agents via Email

If you would like to deploy Naverisk Agents using email, we recommend the following method to accomplish this:

  1. From your root Client Level, create a Naverisk Agent Installation Package which you would like to distribute by email.

  2. You can use a Dropbox account\OneDrive or something similar to use for hosting this Installer File to share if you wish.

  3. You can also Right click the Agent and select ‘Share this will give you sharing options as well'

  4. Paste a link in an email template for convenient access. The link will make your Naverisk Installer available for download to anyone you send this to.

  5. After a Client receives this link, downloads it and runs it, his Device should          appear in your Naverisk Console. From there you can move the Device to the      appropriate Client using the Task List available.

7. If you would like to email Naverisk Agent installers for Mac or Linux, just specify that you would like to create the respective agent type in Step 1. The other steps will remain the same regardless of Agent type.

5.0 Deploying Naverisk Agents in a Disk Image

Image deployment is an efficient and convenient way to set up new PCs, complete with operating system and applications. While the Naverisk agent can be included in the image, special attention must be paid to ensure that each deployed instance contains a uniquely identified agent. This is similar to using Syspep, for example, to ensure each PC has a unique network name.

To prepare the initial installation for imaging, follow these steps:

  1. Install the agent on the master PC in the normal manner

  2. Open the service control manager and stop the NaveriskAgent service

  3. Edit the NAS.cfg file located in C:\ProgramData\Naverisk\Agent, changing the AgentID to -1 .Do not modify any other parameters in the config file

  4. Save the config file. You may now proceed to image the PC. 

Important - Do not restart the PC or NaveriskAgent service before imaging. If you do so, this procedure must be repeated to reset the agent ID.

Failure to reset the agent ID using this procedure will result in every PC that is deployed using the image connecting to Naverisk with he same agent ID, which Naverisk will see as being one device. This can cause serious performance issues on Naverisk. In severe cases, this may result in the device with the duplicated agents being automatically deleted without notice.

If you require any assistance of have any queries please feel free to contact us at support@naverisk.com

Did this answer your question?