Install Agents

Client > Install Clients

Show me an explanation of the items on this page.

Install Clients lets you remotely install the Client on any PC detected by LAN Watch. Remote install is only available for Window NT, 2000, and XP based computers. A list of machines with scan results are displayed when you first enter this function. Clicking on any machine ID displays a table listing all machines with a host name.

NOTE: Clients may only be installed on PC computers. Remote install is only supported by Windows NT, 2000, and XP.

How do I install Clients on a machine without going to each machine?

How does this work?

The machine that ran the scan is tasked to run psexec.exe and remotely install the Client on all selected machines. A valid login with administrator rights is required to successfully install an Client remotely.

Typical reasons for failure

Blocked by network security policy - PSEXEC connects to the remote PC through the RPC service and runs as a local account. Remote access to this service is controlled by a Local or Domain Security Setting. Open Local Security Policy (part of Administrative Tools). Open Local Policies\Security Options\Network access: Sharing and security model for local accounts. The policy must be set to Classic for PSEXEC to operate across the network.

NOTE: Classic is the default setting for machines that are members of a domain. Guest is the default setting for machines that are not in a domain. Microsoft does not allow Windows XP Home Edition to become a domain member.

Blocked by Anti-Virus program - PSEXEC is a powerful program capable of remotely running processes on a machine (assuming the it has a valid administrator login). Some anti-virus programs classify PSEXEC as a security threat and may block its execution.
Username/password does not have administrator - The credential must have administrator rights on the local machine. The Client installs as a system service requiring full administrator privileges to install successfully. The username may be a domain administrator of the form domain\user.

Agents will not install. What can I do?

LAN Watch will try to connect to \\<computer>\admin$ using the credentials that you supplied.

First we need to test that the computer is available. Start a Command Prompt and type the following:

ping <IP address>

If you dont get a reply see troubleshooting below. If you do get a reply, we know that the machine is turned on and a firewall is not blocking connections. Next, verify that the share is available. Start a command prompt and type the following:

start \\<computername>\admin$

If you have a problem see troubleshooting below. If all is ok a window appears containing the remote computers c:\windows directory. Now, we now know that the machine is turned on and the share exists. Next verify the psexec command works correctly. Remote control the machine you ran LAN Watch on. Start a command prompt and type

c:\temp\psexec.exe \\<computername> -u <username> -p <password> ipconfig

You should see the results of ipconfig for the target computer displayed on the machine you are running remote control on. If not, the RPC service on the target machine is probably disabled and blocking remote procedure calls.

Troubleshooting

PSEXEC's ability to run processes remotely requires:

Both local and remote computers have file and print sharing enabled
The default Admin$ share (a hidden share that maps to the \Windows directory) is defined on the remote system

Pings fails - either the machine is not on, or there is a firewall on the machine stopping pings. Either of these will stop the process and need to be corrected before continuing.

Start fails - If windows does not accept the username/password combination, you will see a box pop up asking you to try again. Correct the mistake and try again.

If you get a message saying that the network path could not be found, it means that the admin$ share is not available on that machine.

PSEXEC failed to connect - The RPC service is not available on the target machine. For example, XP Home does not support RPC. This prevents anything from remotely executing on that box. On Windows XP you can turn this service on by opening Windows Explorer and selecting Tools - Folder Option... - View tab. Scroll to the bottom of the list and uncheck "Use simple file sharing". The XP default configurations are as follows:

XP Pro on a domain - RPC enabled by default ("Use simple file sharing" is unchecked).
XP Pro in a workgroup - RPC disabled by default ("Use simple file sharing" is checked).
XP Home - RPC disabled always ("Use simple file sharing" is not available).

The admin$ share is a default share that windows creates when it boots, it is possible to turn this off via the local security policy, or domain policy.

If you want to check the shares on that remote machine you can use PSEXEC to retrieve a list for you.

Type PSEXEC \\<computername> "net share". check that admin$ is shared exists and points to c:\windows (or c:\winnt on older OS's)

What is domain\user format?

Typically, you need administrator rights to install software on the remote machine. Multiple accounts may have administrator rights on the same machine. Your domain administrator account may be different than the local administrator account. To insure you are using the domain account enter the login name in the domain\user format. If the domain is left off, the local account will be used.

How do I hide devices that already have Clients installed.

Check the "Hide devices that match the MAC address of existing accounts" box to remove all machines that may already have an Client installed. Any device on the LAN with a MAC address matching the MAC address of an existing Client account is hidden.

What happens if I try to install an Client on a machine that already has an Client?

Nothing happens. The Client installer detects an Client is already there and exits immediately.

Where can I get PSEXEC.EXE?

http://download.sysinternals.com/Files/PsExec.zip

Where do the error messages come from?

If the installation failed for any reason, the VSA passes back the results reported by PSEXEC. Typically, PSEXEC is simply reporting OS errors that it received trying to execute a call.

What command line is PSEXEC.EXE being run with?

The Client tasks PSEXEC with the following command line:

c:\temp\psexec \\hostname -u "adminname" -p "password" -c -f -d "c:\temp\kcssetup.exe" > c:\temp\LANInsAipAddr.txt

where hostname and ipAddr refer to the remote machine. If the Client is on a drive other than C: then the temp files are referenced to the same drive the Client is installed on.

Explanation of items on this page

Install Button

Click Install to schedule a remote Client installation to all selected machines. Remote install runs from the same machine that ran the scan and attempts to remotely connect to the selected machine across the LAN to perform the Client install using the supplied administrator credential for that machine.

Admin Logon Name

Administrator name to use on the selected machine. This account must have administrator rights on the remote selected machine. Multiple accounts may have administrator rights on the same machine. Your domain administrator account may be different than the local administrator account. To insure you are using the domain account enter the login name in the domain\user format. If the domain is left off, the local account will be used.

Password

Password associated with the Admin Logon Name.

Hide devices that match the MAC address of existing accounts

Check this box to remove all machines that may already have an Client installed. Any device on the LAN with a MAC address matching the MAC address of an existing Client account is hidden.

Host Name

Host Name of each devices discovered by the scan. Host Name is only available from computers. Hubs, switches, routers, or other network appliances will not return a Host Name.

IP Address

Private IP address of each devices discovered by the scan.

MAC Address

MAC address of each devices discovered by the scan.

Last Seen

Time each device was last detected by the scan.