This guide will show you how to deploy Naverisk Agents on a larger scale with the use of a WMI Discovery, GPO or PsExec.
Please note:- Only use one of these methods to deploy on your devices. Using one or more deployment methods may also create the agent twice and duplicate the agent in your Naverisk Instance.
1.0 Deploying WMI Devices
This method uses a script pack in conjunction with the Naverisk WMI probe to allow easy installation of the Naverisk Agent on discovered devices.
Please note that due to the default Windows security settings, it is not possible to deploy Naverisk agents to Workgroup computers using WMI, unless the computers are first configured to allow this. As this is not always practicable, we recommend using Email deployment as discussed in section 4 for Workgroup computers.
1.1 Prerequisites
To ensure that the Naverisk Probe can discover Devices correctly, upload the following Script Pack to your Naverisk Instance and run this script against the Device that you will install the Naverisk Probe on;
This script pack is intended to install a Visual C++ redistributable required for the functionality of the Probe / SNMP package.
1.2 Installing the Naverisk Probe
The Naverisk Probe can be installed on any Microsoft Windows Device on the Network, which the SNMP Devices such as VMWare can connect to. The Host Device (Probe) should always be on. When it is offline you will not get any Alerts raised or Tickets created for your SNMP Devices.
To install the Probe module, you will need to choose a Host Device to have the Probe package installed on. Please note you must install a probe on a device at each client location for this to work correctly.
In the Devices tab, select the Host Device that you will install the Probe package on, under the client you wish to monitor.
From the Device Tasks drop-down select Manage Packages:
3. Under the Available Packages drop-down, select the Probe and click Install:
4. Once the Package is installed, after logging out and back in, you will receive a new tab called Probe;
1.3 Retrieving WMI Devices
In order to discover the WMI devices navigate to Device
Click on the name of the Device that has been set as the Probe, then click on the Probe Tab.
2. Click the 'Add' button under Probe Settings.
3. Select WMI as the Probe Type. Enter the Start IP, End IP, Admin Username and Password.
Note: If the Username/Password is incorrect or you use credentials of a user who is not an Admin, WMI devices will show as 'Unknown Device'.
4. Click Save, then click on Retrieve Information.
There will now be a list of WMI Devices;
Note: If your connection is successful, the operating system of the device will show as per the below image
To deploy the Naverisk Agent onto the discovered WMI Devices, click on the 'Install Agent on Devices' button.
1.4 WMI Device and Discovery Troubleshooting
If the WMI Devices cannot be retrieved and will not show up in the Discovered WMI List ensure that;
The WMI service is running;
2. Check that 'network discovery' and 'file and printer sharing' is enabled on the end-user device;
3. On the end-user Device, The WMI Firewall rules should be enabled (There are options for Private Network and Domain Network so make sure to enable the correct one)
4. Check that Windows Management Instructions (WMI) program is allowed through Windows Firewall for
AT LEAST Domain, Home/Work (Private).
5. Disabling UAC on Stand Alone devices (not domain connected)
To disable UAC remote restrictions, follow these steps:
Click Start, click Run, type regedit, and then press ENTER.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemIf the
LocalAccountTokenFilterPolicyregistry entry doesn't exist, follow these steps:On the Edit menu, point to New, and then select DWORD Value.
Type LocalAccountTokenFilterPolicy, and then press ENTER.
Right-click LocalAccountTokenFilterPolicy, and then select Modify.
In the Value data box, type 1, and then select OK.
Exit Registry Editor.
2.0 Group Policy Deployment of Naverisk Agents
There are two ways to deploy using Group Policy.
Option1:- PowerShell Script
1. Download a Client specific Agent file, which should be in the format of the example below:
Agent_(client-name)_(unique string).msi
2. Create a Windows Share to hold the Agent file and configure the permissions for Domain Computers to access:
3. Create the following PowerShell Script file with a .PS1 file extension - Replace the \\SHARE\LOCATION\ element with the UNC path to your Agent MSI file
# Define the path to check and the installer file
$naveriskPath = "C:\ProgramData\Naverisk"
$installerPath = "\\SHARE\LOCATION\Agent_<CLIENT NAME>_<UNIQUE ID STRING>.msi"
# Check if the Naverisk directory exists
if (-Not (Test-Path -Path $naveriskPath)) {
# If the directory does not exist, install the Naverisk Agent
Start-Process msiexec.exe -ArgumentList "/i $installerPath /quiet /qn /norestart" -Wait
} else {
Write-Output "Naverisk Agent is already installed."
}
4. Go to Group Policy Management (Server 2012 and higher). Create a GPO policy at the appropriate OU level in your Active Directory Tree.
5. Right click on the Policy to EDIT. Navigate to the PowerShell settings:
Go to
Computer Configuration->Policies->Administrative Templates->Windows Components->Windows PowerShell.
Enable script execution:
Find the setting called Turn on Script Execution.
Double-click it, select Enabled, and choose the appropriate execution policy from the dropdown (e.g.,
Allow local scripts and remote signed scripts)
6. Under Computer Configuration > Policies > Window Settings, select Scripts (Startup/Shutdown). Double click Startup
7. Choose the PowerShell Scripts Tab and allow PowerShell scripts to Run First - Click ADD:
8. Browse to your Script file, OK and Apply to add the Policy to the StartUp folder:
9. Once applied, the Script should run on Start Up of computers in the OU and install the Agent. It will first check whether the Agent is already installed, which should prevent the possibility of duplicate installs.
Option2:- Software distribution package
Download a Client specific Agent file, which should be in the format of the example below:
Agent_(client-name)_(unique string).msi
2. Create a Windows Share to hold the Agent file and configure the permissions for Domain Computers to access:
3. Expand Computer Configuration > Policies > Software Settings.
From the Right-Click menu, select Software Installation > New > Package…
4. Browse to the Share location of the Agent file to Add the installation file:
** PLEASE NOTE - IT IS IMPORTANT TO BROWSE TO THE SHARE VIA ITS UNC PATH, AS ABOVE **
Under Deployment Method, choose Advanced.
Add a name for the package for easy identification and then Save
Please note; We also recommended changing these settings
Computer Configuration > Policies > Administrative Templates > Windows Components> Window Installer > Always install with elevated privileges
Once created, you just need to reboot your Clients computers for the Agent to install.
Encountering Issues with Group Policy Deployment
If the Installer does not appear to be run against some Devices, run a gpresult /z on those machines from the command prompt. This will tell you if the GPO is set to execute at all. If it is not run against that machine then please examine your GP scope options to correct this.
3.0 PsExec Deployment of Naverisk Agents
This is how we can use PsExec to install the Naverisk Agent package onto multiple machines on a network.
PsExec is a tool that we can use to execute a command-line process on a remote machine. Please note you will need to contact support to get an .EXE installer as the default .MSI installer will not work.
What is needed:
List of machines (to be placed in a specific file path)
Username (admin level)
Password (admin level)
How to use Psexec for installing our Naverisk agent package:
Download Psexec.exe.
Download the Agent-Setup.msi from Naverisk for that client to the same folder as the psexec.exe.
Create a File with a list of all the devices on the network (list the hostnames or IP addresses) that are to have the Naverisk Package installed.
Execute the command: (note this is an example and you may not need all the switches) psexec.exe @list.txt -u USERNAME -p PASSWORD -s -e -f -i -d -c AgentSetup-Test.exe /noconfirm /overwrite
This will allow Psexec to run the command on all machines at Admin level, if this is successful, all the machines on the network will now have the Naverisk Agent Package installed.
4.0 Deploying Naverisk Agents via Email
If you would like to deploy Naverisk Agents using email, we recommend the following method to accomplish this:
From your root Client Level, create a Naverisk Agent Installation Package which you would like to distribute by email.
You can use a Dropbox account\OneDrive or something similar to use for hosting this Installer File to share if you wish.
You can also Right click the Agent and select ‘Share this will give you sharing options as well'
Paste a link in an email template for convenient access. The link will make your Naverisk Installer available for download to anyone you send this to.
After a Client receives this link, downloads it and runs it, his Device should appear in your Naverisk Console. From there you can move the Device to the appropriate Client using the Task List available.
7. If you would like to email Naverisk Agent installers for Mac or Linux, just specify that you would like to create the respective agent type in Step 1. The other steps will remain the same regardless of Agent type.
5.0 Deploying Naverisk Agents in a Disk Image
Image deployment is an efficient and convenient way to set up new PCs, complete with operating system and applications. While the Naverisk agent can be included in the image, special attention must be paid to ensure that each deployed instance contains a uniquely identified agent. This is similar to using Sysprep, for example, to ensure each PC has a unique network name.
To prepare the initial installation for imaging, follow these steps:
Install the agent on the master PC in the normal manner
Open the service control manager and stop the NaveriskAgent service
Edit the NAS.cfg file located in C:\ProgramData\Naverisk\Agent, changing the AgentID to -1 .Do not modify any other parameters in the config file
Save the config file. You may now proceed to image the PC.
Important - Do not restart the PC or NaveriskAgent service before imaging. If you do so, this procedure must be repeated to reset the agent ID.
Failure to reset the agent ID using this procedure will result in every PC that is deployed using the image connecting to Naverisk with he same agent ID, which Naverisk will see as being one device. This can cause serious performance issues on Naverisk. In severe cases, this may result in the device with the duplicated agents being automatically deleted without notice.
6.0 Deploying Naverisk Agents via InTune
** NOTE – WORKS WITH WINDOWS 10 – BUILD 1607 AND LATER **
Download and Save a Client specific Agent MSI file
Convert the .msi file into a .intunewin file that Intune can process
Download the Microsoft Win32 Content Prep Tool:
Extract the Tool:
Extract the downloaded .zip file to a folder on your computer.
Prepare Your Files:
Place your .msi file and any other necessary files in a single folder.
Run the Win32 Content Prep Tool:
Open a command prompt and navigate to the folder where you extracted the Win32 Content Prep Tool.
Use the following command to start the conversion process:
IntuneWinAppUtil.exe -c <setup_folder> -s <setup_file> -o <output_folder>
Replace <setup_folder> with the path to your folder containing the .msi file, <setup_file> with the name of your .msi file, and <output_folder> with the path where you want the .intunewin file to be saved.
Add your Application into Intune
From your Intune Admin Center, go to Apps > All Apps > Add
Choose App Type of Windows app (Win32)
Select app package file from App information
Choose your previously configured .intunewin file
Configure the App Information settings (1) – Enter Naverisk as the Publisher
Configure the Program settings (2) – Install and Uninstall strings should be pre-populated
Configure the Requirement settings (3) - Choose Operating System Architecture/s and minimum windows build for deployment
Configure the Detection rules settings manually for verification purposes and to avoid duplicate installs (4)
Add a Detection Rule and configure the settings as below (4)
Settings Sections 5 & 6 do not need configuring
Configure the Assignments settings (7) to determine whether the App is Required*, and which Users, Groups or Devices to deploy the App to:
* If Required is not selected, application can be made available for installation manually on the client device via the Microsoft Company Portal Application
7.0 Troubleshooting
If you experience issues with the agent being deployed then please check as below.
Remove any old agent installers from your server. This will create new ones going forward. This folder is installed by default on your site controller or deployed network controller.
C:\Program Files (x86)\Naverisk\SiteController\AgentDataFiles\WMIAgentInstall
E.g. Delete all of these, leaving only PsExec and AgentUpload.
Also uninstalling and re-installing the Probe once files are deleted will also help. See http://kb.naverisk.com/en/articles/2814523-probe-installation if required,
If you require any assistance of have any queries please feel free to contact us at support@naverisk.com