Deploying Agents to Other Computers
You need to deploy agents to computers to get the most comprehensive and detailed audit, but remote scan via WMI is also an alternative. See Running an Agentless Audit.
Agents can only be deployed to computers with a minimum specification of Windows XP. Before performing the remote client installation, make sure to open the network ports for the gateway to communicate effectively with the domain controller. In your firewall settings for the service, enter port 139 or 445, and select the option UDP (for DNS) or TCP protocol. To manually open ports in your Internet connection firewall, refer to operating system help.
Before planning to deploy agents to other computers, you need to run an Active Directory scan to make sure you have a full list of any computers that are not audited. (See Running an Active Directory Scan.)
1.Log in to Service Manager.
2.Open the Gateway workspace.
3.Click Scan Active Directory.
4.Click Yes in the confirmation window to start the scan.
5.View the task in the Agent Task list.
6.Click the task link to open the Agent Task tab from where you can view the progress of the scan.
The scan is displayed as an agent task, with a status (pending or complete). When the active directory scan has finished, all the computers that are not audited are listed.
7.Click the Configuration Item tab, then select the devices to which to deploy the agent, and click Deploy Agent.
8.Click Yes to deploy to the selected computers.
When the deployment is complete, the computers are then audited in the same way as other computers to which the agent has been deployed.
Agent tasks are created for the gateway for each computer on which the agent is deployed.
Agents cannot be deployed to the remote computers that are not in your intranet. However, you can install client agents on these computers.
See Folder Permissions on Windows before installing the client agent on Windows.
Folder Permissions on Windows
If the following permissions are not set correctly, the Service Manager client agent service cannot run and messages cannot be sent to the server.
The default configuration for Windows is to grant the local users group read, read + execute, and list folder contents permissions to the C:\Program Files folder (and the C:\Program Files (x86) folder on 64-bit computers). This is sufficient for running the Service Manager client agent service using the built-in network service user. The other services use the built-in application user, which has administrator privileges.
The installation directory is configurable beginning with Service Manager Release 2016.2. The log folder location is configurable beginning with Service Manager Release 2016.1. During installation, the Service Manager agent modifies the permissions of the following folders to the default values as seen in the following list:
•C:\Program Files (x86)\Common Files\FRS\Logs:
•Network service is granted GENERIC_ALL permissions (that is, read + write + execute + delete + list folder).
•Local users group is granted GENERIC_ALL permissions.
•C:\Program Files (x86)\Common Files\FRS\SaasIMClient\ClientMsgSender\Outbox
•Network service is granted GENERIC_ALL permissions.
•Local users group is granted GENERIC_ALL permissions.
•C:\Program Files (x86)\HEAT Software\InventoryClient\AUDIT\MESSAGES
•Network service is granted GENERIC_ALL permissions.
•The folders are under C:\Program Files on a 32-bit computer).
Installing the Client Agent from a Command Line
The following instructions apply to both on-premise and Cloud installations.
1.Open the command prompt window.
2.Enter the following command line to manually download the client agent installer from the Internet (The command line qn allows you to do a silent installation of the client agent):
msiexec/qn/iTenant_URL/IM/ClientInstaller/ClientInstallation_1.9.msi CLNTCFGCAK=Client_ authentication_key CLNTCFGBASEURL=HEAT_IM_web_service_base_address CLNTCFGDEFOUDefault_organizational_unit_name
where:
•Tenant_URL is the URL for the Service Manager Cloud instance.
•Client_authentication_key is the unique key for every tenant; obtain this key from your Service Manager Administrator.
•HEAT_IM_web_service_base_address is the base portion of the address for the web service endpoint. This is for either Cloud or on-premise installations.
•Default_organizational_unit_name is the organizational unit with which the machine is associated.
To deploy the client agent through a Discovery gateway, enter the following:
msiexec/qn/itenant url/IM/ClientInstaller/ClientInstallation_1.9.msi CLNTCFGCAK=Client_ authentication_key CLNTCFGBASEURL=App_server_name:Port_number CLNTCFGDEFOUDefault_organizational_unit_name
where:
•App_server_name is the name of the Service Manager Inventory Management web server.
•Port_number is 8097.
Deploying Agents Using a List
You can deploy agents to a list of computers, a list of domains, or a list of IP ranges by using the Deploy Agent tab from the Gateway workspace.
1.Log in to Service Manager.
2.Open the Gateway workspace.
3.Click the Deploy Agent tab.
4.Select an option from the Deploy Target Type drop-down list.
5.Enter a list of computers, domains, or IP ranges. Use the examples on the tab as a guideline on how to enter the information.
6.If the deployment will require user credentials such as administrator name and password, enter them in the User Name and Password fields.
7.Click Deploy to deploy the agents. This generates a task that is executed by the gateway.
Clicking Deploy or Deploy Settings from the toolbar to deploy new settings or configurations, changes the version number of the gateway. (The version is listed under the gateway name.)
The next time that the gateway pings the server, it checks whether there is a version number match (or mismatch). For example, the server has version 5 and the gateway was recently updated to version 6. In this scenario, the gateway runs the new deployments on the server so that the configurations are updated and the version numbers match.