Install Agents

Agent > Install Agents

The Install Agents page installs the agent on a remote system and creates a new machine ID / group ID account for any new PC detected by LAN Watch. Install Agent remotely installs the packages created using Deploy Agents. Remote install is only available for Window NT, 2000, XP and Vista based computers.

A list of machines with scan results are displayed when you first display this page. Clicking any machine ID displays a table listing all machines with a host name. Machines without an agent display in red text.

PSEXEC.EXE

PSEXEC.EXE is a light-weight telnet-replacement that lets you execute processes on other systems without having to manually install client software. It used by Agent > Install Agents to install agents on remote systems after a LAN Watch.

A valid logon with administrator rights is required to successfully install an agent remotely. Nothing happens if the agent installer detects an agent is already installed on a target machine. The installer exits immediately.

Uploading PSEXEC.EXE to the KServer

Before Install Agents can be run the first time, the PSEXEC.EXE must be uploaded to the KServer as a shared managed file:

1. Download the PSEXEC.EXE file to your local machine from the following location:

   http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx

2. Click the Scripts tab, then click the toolbar button to display the Manage Files Stored on Server window.

   Note: Only master administrators can upload to shared files.

3. Upload the PSEXEC.EXE file from your local machine to the KServer as a shared managed file.

Running PSEXEC.EXE

When Install Agent is run, PSEXEC.EXE is downloaded from the KServer into the \temp directory and run using the following command line. You don't have to create this command line. Install Agent does it for you.

c:\temp\psexec \\hostname -u "adminname" -p "password" -c -f -d "c:\temp\kcssetup.exe" > c:\temp\LANInsAipAddr.txt

The terms hostname and ipAddr refer to the remote machine. If the agent is on a drive other than C: then the temp files are referenced to the same drive the agent is installed on.

Error Messages

If an agent installation fails for any reason, the KServer passes back the results reported by PSEXEC.EXE. Typically, PSEXEC.EXE is simply reporting OS errors that it received trying to execute a call.

Typical Reasons for Install Failure

• Blocked by Network Security Policy - PSEXEC.EXE connects to the remote PC through the RPC service and runs as a local account. Remote access to this service is controlled by a Local or Domain Security Setting. Open Local Security Policy (part of Administrative Tools). Open Local Policies\Security Options\Network access: Sharing and security model for local accounts. The policy must be set to Classic for PSEXEC.EXE to operate across the network.

  Note: Classic is the default setting for machines that are members of a domain. Guest is the default setting for machines that are not in a domain. Microsoft does not allow Windows XP Home Edition to become a domain member.

• Blocked by Anti-Virus Program - PSEXEC.EXE is a powerful program capable of remotely running processes on a machine, assuming the it has a valid administrator logon. Some anti-virus programs classify PSEXEC.EXE as a security threat and may block its execution.
• Invalid Credential - The credential must have administrator rights on the local machine. The agent installs as a system service requiring full administrator privileges to install successfully. The username may be a domain administrator of the form domain\user.

Testing Agent Install Failures

LAN Watch tries to connect to \\<computer>\admin$ using the credentials that you supplied. First test that the computer is available. Start a command prompt and type the following:

ping <IP address>

If you don't get a reply see Troubleshooting below. If you do get a reply, you know that the machine is turned on and a firewall is not blocking connections. Next, verify that the share is available. Start a command prompt and type the following:

start \\<computername>\admin$

If you have a problem see Troubleshooting below. If all is OK a window appears containing the remote computer's c:\windows directory. Now, you now know that the machine is turned on and the share exists.

Next verify that the PSEXEC.EXE command works correctly. Remote control the machine you ran LAN Watch on. Start a command prompt and type:

c:\temp\psexec.exe \\<computername> -u <username> -p <password> ipconfig

You should see the results of ipconfig for the target computer displayed on the machine you are running remote control on. If not, the RPC service on the target machine is probably disabled and blocking remote procedure calls.

Troubleshooting

PSEXEC.EXE's ability to run processes remotely requires:

• Both local and remote computers have file and print sharing enabled.
• The default admin$ share—a hidden share that maps to the \Windows directory—is defined on the remote system.

Types of failures include:

• Ping Failures - Either the machine is not on, or there is a firewall on the machine stopping pings. Either of these will stop the process and need to be corrected before continuing.
• Start Failures - If Windows does not accept the username/password combination, you will see a box pop up asking you to try again. Correct the mistake and try again.

  If you get a message saying that the network path could not be found, it means that the admin$ share is not available on that machine.

• PSEXEC.EXE Fails to Connect - The RPC service is not available on the target machine. For example, XP Home does not support RPC. This prevents anything from remotely executing on that box. On Windows XP you can turn this service on by opening Windows Explorer and selecting Tools - Folder Option... - View tab. Scroll to the bottom of the list and uncheck Use simple file sharing. The XP default configurations are as follows:
  • XP Pro on a domain - RPC enabled by default. Use simple file sharing is unchecked.
  • XP Pro in a workgroup - RPC disabled by default. Use simple file sharing is checked.
  • XP Home - RPC disabled always. Use simple file sharing is not available.
• The admin$ share is a default share that windows creates when it boots, it is possible to turn this off via the local security policy, or domain policy.

  If you want to check the shares on that remote machine you can use PSEXEC.EXE to retrieve a list for you. Type PSEXEC \\<computername> "net share". Check that the admin$ share exists and points to c:\windows or c:\winnt on older operating systems.

Admin Logon Name

The administrator name used to remotely access the selected machine. The Admin Logon Name must have administrator rights on the remote selected machine. Multiple accounts may have administrator rights on the same machine. Your domain administrator account may be different than the local administrator account. To ensure you are using the domain account enter the logon name using the domain\user format. If the domain is left off, the local account will be used.

Password

The password associated with the Admin Logon Name.

Install

Click Install to schedule an installation of the selected install package on all selected machines. The install runs using PSEXEC.EXE from the same machine that ran the scan. PSEXEC.EXE attempts to remotely connect to the selected machine across the LAN to perform the agent install using the supplied administrator credential for that machine.

Cancel

Click Cancel to cancel execution of this task on selected managed machines.

Select an Agent Package to Install

Select the agent package to remotely install on selected machines. These packages are created using Deploy Agents.

Hide devices that match the MAC address of existing machine IDs

Check this box to hide all machines on a LAN with a MAC address matching the MAC address of an existing machine ID / group ID account.

Hide devices that match the computer names of existing machine in <machine ID>

Check this box to hide machines that have a common computer name in this same group ID. A LAN Watch may discover an managed machine with a second device using a different MAC ID then the one used to report to the KServer. For example, the same managed machine may connect to the internet using direct connection and have a second wireless connection with a different MAC ID. Checking this box hides the second device from this list so that you don't assume you've found a new unmanaged machine.

Host Name

The host name of each device on the LAN discovered by the latest LAN Watch scan. A host name only displays for computers. Hubs, switches, routers, or other network appliances do not return a host name.

IP Address

The private IP address of each device discovered by the latest LAN Watch scan.

MAC Address

The MAC address of each device discovered by the latest LAN Watch scan.

Last Seen

The time each device was last detected by the latest LAN Watch scan.

Topic 400: Send Feedback. Download a PDF of this online book from the first topic in the table of contents.