This tutorial explains how you can bulk-install the Endpoint Manager agent on multiple Windows endpoints using Active Directory and group policy (GPO).
You will first complete a form with details about your deployment, after which Endpoint Manager will create a custom installation package for your endpoints.
AD Server – Windows Server 2008 or higher
Endpoints – Windows 7 or higher
The method described below is for Windows Server 2008 Standard. The steps may vary slightly for other Window server versions.
Configure the offline package:
Login to ITarian
Click 'Enroll Devices in Bulk' in the ITarian task bar:
This will open the package configuration screen:
Client Communication –
Communication agent (default) – Installs the agent responsible for receiving and implementing commands from the ITSM server
Comodo Client Security - Comodo Client Security will help you to manage your endpoint with Advanced Endpoint Protection
Profile – Choose which profile should be deployed on the devices you are about to add.
Restart options – You need to restart the endpoint to complete CCS installation. You have the following reboot options:
Reboot message - Enter a custom message which is shown to the user
Warn about the reboot and let users postpone it - Show a message to the end-user which advises them that their computer needs to be restarted. The user can choose to restart immediately or postpone until a later time.
Suppress the reboot - Do not restart the device after installation. CCS will only become fully functional after the device is restarted
Force reboot in - Restart the device a certain length of time after installation. Choice of 5, 10, 15 or 30 minutes. The user will see a message warning them of the upcoming reboot.
Show error messages if installation failed – User will be notified if the installation is unsuccessful.
Show a confirmation message upon completion of installation – User will be notified when the installation is complete
Download installer – Creates a .msi installation file. Save this file on the AD server from which you want to enroll the endpoints. You can then deploy the .msi to endpoints via AD group policy object (GPO).
Download MST file – Click if you want to deploy the agent through a proxy server. This creates an additional transform file containing details of your proxy. You need to complete the 'Proxy Settings' fields if you choose this option:
Proxy port - Enter the user-name and password of an administrative account on the proxy server
Proxy host – Enter IP address/hostname of the proxy server and port
Note: The .mst can only be added to the GPO after the .msi has been configured as explained below.
Create a shared network folder
Follow these steps if you already use AD in your environment and are comfortable with GPO.
Create a new folder in your desired location
Name the folder appropriately. For example 'ITSM_agent'
Select the folder, right-click and select 'Share'
Click 'Advanced Sharing'
Enable 'Share this folder' then click 'Permissions'
Check 'Read' box option in the 'Share Permissions' tab
Click 'Apply' in the 'Advance Sharing' dialog
The network path will be applied in the '<domain name> Properties'.
Click 'Start' in the 'Administrative Tools'
Double click 'Group Policy Management'
Select the domain from the 'Domains' folder
Right-click on the domain > click 'Create a GPO in this domain and Link it here ...'
Enter a name and source starter GPO
Click 'OK' to apply your changes
Right-click on the newly created GPO > click 'Edit'
Expand 'Computer Configuration as Computer Configuration' > 'Policies' > 'Software Settings'
Right-click the 'Software install > 'New' > 'Package...'
Copy and paste the path we have already created. Example,
Select the file > Click 'Open' > Click 'OK' in the window 'Deploy Software'
Open cmd as 'Administrator' and run 'gpupdate'
Endpoint will start the installation of ITSM agent when user log in the computer