May
24
2012

Options for Deploying the K1000 Agent

Most of you know that deploying the agent from the appliance is a great way to get the agent deployed. Have you ever had a need for an alternate method of deployment though? We’ve got several options that can get you well on your way, such as Group Policy, Login Script, Remote execution, and imaging.

Let’s take a look at each. But first things first… some minor modifications to the agent file for v5.3 can simplify the whole process regardless of which method(s) you choose. We want to make sure the agents will communicate with your server once installed, so we need to give the installer the hostname of your K1000.

The 5.3 Agent is very easy to configure for custom K1000 host names. For these steps we will assume that your K1000 is called kboxhostname.company.com.

  1. In a file manager browse to \\kboxhostname\clientdrop\agent_provisioning\windows_platform This is the writeable fileshare. If necessary, see documentation on how to enable this share.
  2. Copy the msi file to a network share or other location that is used for distribution of software packages.
  3. Rename the ampagent-5.x.xxxxx-x86.msi to include your host name. e.g. ampagent-5.3.44367-x86_hostname.company.com.msi

Group Policy is the favored method for most of our customers right after provisioning directly from the appliance. An Active Directory Group Policy can help you get the machines that miss their scheduled deployment, or in cases where you aren’t able to configure the pre-requisite for agent provisioning from the appliance (File/Print Sharing, UAC, Simple File Sharing).

To publish or assign a computer program, you must create a distribution point on the publishing server:

    1. Log on to the server computer as an administrator.
    2. Create a shared network folder where you will put the Microsoft Windows Installer package (.msi file) that you want to distribute.
    3. Set permissions on the share to allow access to the distribution package.
    4. Copy the MSI you previously renamed to this location.

Next we want to create the GPO. The recommended methos is to use the Group Policy Management Console (GPMC) Snap-in from MMC.

    1. Start the Group Policy Management Console. To do this, click Start, point to Administrative Tools, and then click Group Policy Management Console
    2. In the tree, expand your forest; locate your domain and find the Group Policy Objects section
    3. In the right-hand pane where the Group Policy Objects are listed, right-click and choose New
    4. Enter the Name as KBOX Agent.
    5. Click and Drag the newly created object onto the OU you want to deploy it to. In this case we are using an OU called TestForGPOInstall.

Next we need to assign the GPO to some computers:

    1. Find your group policy object called KBOX Agent. Right-click on it and choose Edit . The Group Policy Object Editor will open.
    2. Under Computer Configuration, expand Software Settings.
    3. Right-click Software installation, point to New, and then click Package.
    4. In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package that you want. For example, \\fileserver\share\ampagent-5.3.44367-x86_kboxhostname.company.com.msi
    5. Important: Do not use the Browse button to access the location. Make sure that you use the UNC path to the shared installer package.
    6. Click Open.
    7. Click Assigned, and then click OK. The package is listed in the right pane of the Group Policy window.
    8. Close the Group Policy snap-in.

For older versions of the agent and variations on methodology check out the full article.

Login Scriptsare used by many companies to check conditions on workstations when each user logs in and remediate anything that might not be quite right. Many companies have moved away from this method in favor of alternate tools because of logon delays and maintenance issues related to complex scripts. Here’s an example batch script that can be assigned to your users to check for the client and install it if missing:

REM ***BEGIN BATCH***
REM ...Other parts of your login script here

:K1000AGENT
:CHECKEXISTINGINSTALL
if exist C:\Program Files (x86)\Dell\KACE\AMPAgent.exe GOTO :NEXT
if exist C:\Program Files\Dell\KACE\AMPAgent.exe GOTO :NEXT
if exist C:\Program Files\KACE\KBOX\kbscriptrunner.exe GOTO :NEXT
\\fileserver\share\ampagent-5.3.44367-x86_kboxhostname.company.com.msi

:NEXT
REM The rest of your Login Scripts here...

 

Remote Execution of processes is a tool that can often help in certain situations where other methods such as GPO or Login Script are not an option. Utilities like PSEXEC from Microsoft SysInternals let you execute programs on remote systems. PsExec’s most powerful uses include launching interactive command-prompts on remote systems and launching installers or other utilities such as IPConfig that otherwise can’t run remotely. Note: some anti-virus scanners report that one or more of the tools are infected with a “remote admin” virus. None of the PsTools contain viruses, but they have been used by viruses, which is why they trigger virus notifications. These tools are generally considered dangerous, but are very useful if needed. Here’s an example How-to for the agent:

    1. Download PsExec (http://download.sysinternals.com/Files/PsTools.zip)
    2. Create a text file containing the hostnames you need to execute against with each PC listed on it’s own line. I’ll refer to it as hostsfilename.txt below.
    3. Copy both to c:\pstools
    4. Make sure the local Administrator account is enabled. In Windows 7 the default is for this account to be disabled. You can use domain credentials if preferred to run the remote program, but you’ll need local administrator access to your own machine to launch PsExec.
    5. From an administrative command prompt launch it with
c:\pstools\psexec.exe @hostsfilename.txt -i -s "\\fileserver\share\ampagent-5.3.44367-x86_kboxhostname.company.com.msi" -u administrativeusername

or, Alternatively, you could launch against all domain computers with

c:\pstools\psexec.exe \\* -i -s "\\fileserver\share\ampagent-5.3.44367-x86_kboxhostname.company.com.msi" -u administrativeusername

Other uses and command combinations are certainly available; See the vendor-provided documentation for PsExec or other remote execution tools that you might be using for more options of course.

Imaging is commonly used to ensure the agent is part of the mix from day one. While we discourage including the agent in the image we do provide an installer switch to allow you to more safely include the agent. We recommend installing the agent as a post-installation task after the OS is provisioned regardless of which systems deployment technology you are using. This is quite easily done using the K2000 Systems Deployment Appliance by adding a Post-Installation task of the Type “K1000 Agent”; simply follow the steps on the screen to upload your latest agent to the K2000 and give the proper command line.

In the case where you’d like to install before sysprep and capturing your image you’d want to use the following command to do the install:

msiexec /qn /i ampagent-5.3.xxxxx-x86.msi HOST=kboxhostname.company.com.msi CLONEPREP=1

or

msiexec /qn /i ampagent-5.3.xxxxx-x86_kboxhostname.company.com.msi CLONEPREP=1

Check the K1000 Administrative Gude and the Kace Knowledge Base for more articles and documentation on K1000 Client deployment. Happy Provisioning!

This entry was posted in New Posts and tagged , . Bookmark the permalink.

Comments are closed.