Windows Agent

Windows Agent


Role Required: Administrator

Refer here for a list of the supported Windows OS versions.

Manually Install an Endpoint Central Agent on Windows

The following steps guide you on how to deploy an agent on a single Windows computer manually.
  1. Download the Endpoint Central Windows agent from Admin > Discovery > Agent Configurations > Download Windows Agent
  2. Save and extract the zip file on the computer on which you want to install the agent.
  3. Open the command prompt with admin privilege and navigate to the location of the extracted ZIP folder.
  4. Run the command setup.bat.
  5. Select option 1 to install the agent.
You have now successfully deployed the agent on this computer.
 

Install Endpoint Central Agents on Windows using Startup Scripts in Active Directory

This method deploys agents on multiple computers
You can install Endpoint Central Windows agents using startup scripts in Active Directory. This ensures that the agents are deployed on Windows machines as soon as they are powered on.
 
To deploy agents using startup scripts, follow these steps:
Make sure that the network is configured with a domain-based setup instead of a workgroup setup. This will enable you to apply the script to the entire domain. Even if some client computers already have Endpoint Central agents installed, the script will only install the agent on computers where it is not yet installed. 
  1. Download the Windows agent from Admin > Discovery > Agent Configuration > Download Windows Agent and extract the ZIP file.
  2. Save the UEMSAgent.msi and UEMSAgent.mst files in this path:
           \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup 
Save the DCAgentServerInfo.json file along with MSI & MST if the Endpoint Central build is 10.1.2124.1 and above. 
  1. From your domain controller, open the Group Policy Management Console by going to Start > Run or pressing Windows + R.  Type gpmc.msc and click OK.
  1. Right-click the domain and select Create a GPO in this domain and link it here.
  1. Specify a name for the GPO in the New GPO pop-up.
  2. To install Agents on only select client computers, follow these steps:  
    1. Select the GPO and click the Scope tab.
    2. Click Add in the Security Filtering section.
    3. Click Object Types in the Select User, Computer, or Group dialog box.
    4. Select the specific computer Object Types and click OK.
    5. Specify the computer names.
    6. Click Check Names, and click OK.
Endpoint Central agents can be installed on Windows computers using VBScript or PowerShell scripts. 
  1. For executing VBScript, follow these steps:
    1. Right-click the GPO and click Edit. The Group Policy Management Editor will open.
    2. Expand Computer Configuration > Policies > Windows Settings > Scripts.
    3. Right-click Startup and go to Properties.
    1. Click Show Files.
    2. Download the InstallAgent.vbs file. Then, drag and drop the InstallAgent.vbs, UEMSAgent.msi and UEMSAgent.mst files to this location. Copy its path before closing.
                    Example:  \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup\InstallAgent.vbs   
    1. In the Startup Properties dialog box, click Add.
    2. Browse and select the InstallAgent.vbs file (or) specify the copied path in the EdIt Script popup.
    1. Specify the following Script Parameters if Endpoint Central uses HTTP mode for agent server communication: UEMSAgent.msi UEMSAgent.mst 
When Endpoint Central is configured to use HTTPS mode for agent-server communication, follow the methods below:
  1. If a valid SSL third-party certificate is uploaded on the server,  
    1. Add the DMRootCA.crt file along with the UEMSAgent.msi and UEMSAgent.mst agent installer files in the network share.
    2. Specify the script parameters as: UEMSAgent.msi UEMSAgent.mst DMRootCA.crt
  1. If an invalid or self-signed SSL third-party certificate is uploaded on the server,
    1. Add the DMRootCA.crt DMRootCA-Server.crt file along with the UEMSAgent.msi and UEMSAgent.mst files.
    2. Specify the script arguments as: UEMSAgent.msi UEMSAgent.mst DMRootCA.crt DMRootCA-Server.crt 
To add the SSL third-party certificate in AssetExplorer, go to Admin > Security Settings > Import SSL Certificates.
  1. To execute the PowerShell script, follow these steps:
Ensure that PowerShell is enabled on all client computers before executing this script.
    1. Right-click the GPO and click Edit.
    2. Expand Computer Configuration > Policies > Windows Settings > PowerShell scripts.
    3. Right-click Startup > Properties.
    4. Click Show Files.
    5.  Download the PSInstallAgent.ps1 file. Then, drag and drop the PSInstallAgent.ps1 and  UEMSAgent.msi UEMSAgent.mst files to this location. Copy its path before closing.
                     Example: \\Domain name\SysVol\Domain name\Policies\{ID}\Machine\Scripts\Startup
    1. In the Startup Properties dialog box, click Add.
    2. Browse and select the PSInstallAgent.ps1 file (or) specify the copied path in the EdIt Script popup.
    3. Specify the following Script Parameters if Endpoint Central uses HTTP mode for agent server communication: UEMSAgent.msi UEMSAgent.mst 
When Endpoint Central is configured to use HTTPS mode for agent-server communication, follow the methods below:
  1. If a valid SSL third-party certificate is uploaded on the server,  
    1. Add the DMRootCA.crt file along with the UEMSAgent.msi and UEMSAgent.mst agent installer files in the network share.
    2. Specify the script parameters as: UEMSAgent.msi UEMSAgent.mst DMRootCA.crt
  1. If an invalid or self-signed SSL third-party certificate is uploaded on the server,
    1. Add the DMRootCA.crt DMRootCA-Server.crt file along with the UEMSAgent.msi and UEMSAgent.mst files.
    2. Specify the script arguments as: UEMSAgent.msi UEMSAgent.mst DMRootCA.crt DMRootCA-Server.crt 
To add the SSL third-party certificate in AssetExplorer, go to Admin > Security Settings > Import SSL Certificates.
  1. Click OK to close the Add a Script dialog box and the Startup Properties dialog box.
  2. Close the Group Policy Object Editor and Group Policy Management dialog box.
The script will be executed when the client computers power on, and Endpoint Central agents will be installed automatically.
Ensure that the file association properties of VBS files are set to Microsoft Windows(R) script host on all client computers. This ensures successful execution of the script. 
 
Avoid modifying file association properties to open in a text editor, as it will cause the script execution to fail. 
 

Install Windows Agents through the GPO Lightweight Tool

This method deploys agents on multiple computers
Endpoint Central agents can be installed using the Group Policy Object (GPO) lightweight tool. Follow the steps below to create a GPO and link it with Organizational Units (OUs) and Domains. 
  1. Download the Windows agent from Admin > Agent Configuration > Download Windows Agent and extract the downloaded file.
  2. Save the UEMSAgent.msi and UEMSAgent.mst in a new folder.
  3. Download GPO Tool.ps1 and save the file in the same location as the UEMSAgent.msi and UEMSAgent.mst files.
  4. If you want to configure the policy using VBScript, download InstallAgent.vbs and save the script in the same folder (or) If you want to configure the policy using PowerShell script, download PSInstallAgent.ps1 and save the script in the same folder.
Ensure you save the files as .vbs and .ps1 files
  1. Run Windows PowerShell in administrative mode and navigate to the GPO_Tool.ps1 script. 
  2. Execute the script with the arguments.
    1. For VBScript configuration:
  1. \ GPO_Tool.ps1 UEMSAgent.msi UEMSAgent.mst InstallAgent.vbs  
    1. For PowerShell script configuration:
  1. \GPO_Tool.ps1 UEMSAgent.msi UEMSAgent.mst PSInstallAgent.ps1 
  1. In the PowerShell window, type the name of the GPO to be created and press Enter.
  2. Type the distinguished name of the Organization Unit (OU) or Domain you want  the GPO to be linked with and press Enter.
    1. Follow the steps mentioned below to obtain the distinguished name.
      1. Go to Start > Server Manager and click Tools > Active Directory Users and Computers.
      1. Under View, enable Advanced Features.
      1. Right-click the OU/Domain you want the GPO to be linked with in the left pane. Select Properties > Attribute Editor > distinguishedName > View and copy the distinguished name.
  1. If you want to add another Domain, press Y on the keyboard and repeat the previous step. Otherwise, press N to end the process.
The Endpoint Central agents will be installed on the client computers associated with the domain.
 

Install Endpoint Central Agent for Windows Workgroup Machines   

This method deploys agents on a single computer as well as multiple computers
Endpoint Central agents for Windows workgroup machines can be installed using IP addresses and IP ranges. Follow the steps below to install the agents.
  1. Download EC_AGENT_REMOTE_INSTALL_TOOL and extract the zip file.
If the Endpoint Central build version is 10.1.2124.1 and above, kindly include DCAgentServerInfo.json
  1. Download the Endpoint Central agent under Admin > Discovery > Agent Configuration in AssetExplorer.
  2. Copy and paste UEMSAgent.msi and UEMSAgent.mst files to the extracted EC_AGENT_REMOTE_INSTALL_TOOL folder.
  3. Open the extracted folder and right-click SetupUtility.bat file with administrative privilege.
  4. Choose Option 1 to install the agents.
  1. Choose the installation option from the list displayed.
  1. To install agents using IP Address, enter the IP addresses in ipaddress.txt and save the file.
  2. To install agents using machine names, enter the computer names in computernames.txt and save the file.
  3. To install agents using a range of IP addresses, enter the range in ipAddressRange.txt and save the file
Computer names and IP addresses of the client computers listed in the TXT file must be independent lines.  

Provide the required admin credentials details when prompted. The agent will be installed automatically in the client machines.
  

Install Endpoint Central Agent using GPO Scheduler

Endpoint Central agents can be installed on client machines through a GPO task. This method is beneficial in WFH settings where the agents are deployed only after users connect their laptops to the corporate network via VPN.

Unlike a regular GPO script that installs the agent when the client machine is powered on, the installation process is triggered at a specified time configured in the Scheduler. For a detailed procedure on installing Endpoint Central agents using the GPO Scheduler, click here.
 

Image a Windows Computer with an Endpoint Central Agent   

Every Endpoint Central agent has a unique ID that represents the machine along with its name and system details. If more than one Endpoint Central agent is identified with the same ID, the details listed in AssetExplorer will be overwritten. This would result in listing the details of only one computer, even though there are several computers with the same ID. To avoid this issue, follow the steps mentioned below to image a computer with the Endpoint Central agent.
  1. Install the Endpoint Central agent on the computer intended for imaging.
  2. Download this script and save it on the system that is supposed to be imaged as a VBS file
  3. Open the command prompt as an administrator and navigate to the folder where the above script is stored.
          Example: E:\Downloads>cscript.exe dcagentPreImage.vbs 
  1. Execute the script as: cscript.exe dcagentPreImage.vbs
While running this script, communication between the Endpoint Central agent and the server will be blocked.   
  1. Deploy the OS image in the new machine
The agent on the newly imaged computers will only be able to communicate with the Endpoint Central server if they are renamed. 

Stopping Endpoint Central Agent Service on Client Machines

Endpoint Central agent service can be stopped on client machines.
To stop an Endpoint Central agent:
  1. Navigate to Tools on the Endpoint Central server.
  2. Choose System Manager.
  3. Select the computer on which you want to stop the service and click Manage.
  4. Under the Services tab, select ManageEngine Endpoint Central > Agent.
  5. Go to Actions and click Stop to halt the Endpoint Central agent service. 

Uninstall Endpoint Central Agents from Windows

You can uninstall Endpoint Central agents manually as well as using PsExec utility.

Manually Remove Agent from an Individual Computer

  1. Download the script UninstallAgent.txt and rename the file as UnInstallAgent.vbs
  2. Run the following script on the computer from the command prompt: 
  1. cscript UnInstallAgent.vbs 


Use PsExec Utility to Remove Agents from Multiple Computers 

You can use the PsExec utility to execute the agent uninstallation script on multiple computers simultaneously.
  1. Create a common network share path accessible to every machine on the network
  2. Download the script UninstallAgent.txt and rename it as UninstallAgent.vbs.
  3. Save the downloaded file in the network share
  4. Download the PsExec utility from here and save it.
  5. Create a computernames.txt file containing a list of computers from which the agent needs to be uninstalled. Each computer name must be specified in individual lines.
  6. Run the script using the following command from the command prompt:
  1. C:\for /f %f in (c:\computernames.txt) do psexec \\%f -u <domain>\administrator -p <password> CSCRIPT \\MyServer\MyShare\UnInstallDCAgent.vbs  
In the above command, replace <domain> with the domain or workgroup admin username, and <password> with the corresponding administrator password for the domain or workgroup.  

Specify the complete path of computernames.txt in the command.

    • Related Articles

    • Linux Agent

      Role Required: Administrator Refer here for a list of supported Linux OS versions. Install Linux Agent Manually The SSH port (port 22) should be open on the computers where the agent needs to be installed. To install an agent on a Linux Computer ...

    • Agent Configuration

      Agent-based scanning is supported for Windows, Linux, and Mac machines. Before proceeding with an agent-based scan, Endpoint Central has to be installed. Click here to learn more. Configure Endpoint Central agent settings in AssetExplorer under Admin ...

    • Agent-Based Scan

      How does an agent-based scan work? Refer to the following link: UEM Agent What are the OS supported in the agent-based scan? The following Windows OS versions are supported: Windows 10 Windows 8.1 Windows 8 Windows 7 Windows Vista Windows XP* ...

    • FAQs on Agent-Based Scan

      How does an agent-based scan work? Please refer to this link for more details. What is the OS supported in the agent-based scan? Windows OS Windows Server OS MAC Linux Windows 11 Windows 10 Windows 8.1 Windows 8 Windows 7 Windows Vista Windows XP ...

    • Endpoint Central for Agent-Based Scan

      AssetExplorer uses Endpoint Central agents (from build ≥ 6900) for scanning Windows, Linux, and Mac machines. About Endpoint Central ManageEngine Endpoint Central (formerly Desktop Central) is a unified endpoint management system. Agents from ...