<img alt="" src="https://secure.inventive52intuitive.com/789747.png" style="display:none;">
Pre-requisites for deploying AppSense agents to an endpoint

Pre-requisites for deploying AppSense agents to an endpoint

Posted by HTG

When you deploy AppSense agents to an endpoint machine, whether it’s from the Management Console directly, via a Deployment Group, or simply by connecting manually from the endpoint to the Management Server website, there are a few pre-requisites you’ll need to be aware of for a successful installation.

We already covered the necessary firewall ports in a previous post, but there are a few other things you’ll need to be aware of to ensure that the installation doesn’t hit any problems. Installing the Client Communications Agent (CCA) is key – if this is successful, then the other agents should follow suit without any issues.

The credentials you supply are key to most of this, obviously. You can specify credentials for AppSense agent installation on a global or Deployment Group level dependent on your setup.

Aside from the firewall entries (which, as mentioned previously, you can get around by enabling the exceptions for File and Print Sharing), you’ll need to make sure that:-

  • The Windows Installer service is running and not disabled or stopped (bear in mind, as well as checking standard GPO/GPP service controls, there’s a separate GPO to prevent Windows Installer from running at Computer Configuration | Policies | Admin Templates | Windows Components | Windows Installer | Disable Windows Installer)
  • The Server service is running and not disabled or stopped
  • Access is available to the admin$ and IPC$ shares (this requires local admin access, so you may need to deploy these permissions via Restricted Groups)
  • Access is available to the Service Control Manager with the following access rights:-

Create a service (SC_MANAGER_CREATE_SERVICE)
Query service status (SERVICE_QUERY_STATUS)
Service all access (SERVICE_ALL_ACCESS)
Service stop (SERVICE_STOP)
Service start (SERVICE_START)
Service delete (DELETE)

If all of the preceding points are satisfied, then the deployment of AppSense agents should complete without any problems at all.

The only other note I can think of to bear in mind is if you are doing Endpoint Analysis in Application Manager, you’ll need to ensure that the Remote Registry service on the endpoint is running.

Share

Contact

Want to partner with us?

Get in touch to learn more about our services or arrange a free 30-minute consultation with one of our Secure Cloud Experts.

Get in touch
HTG - Contact CTA