|
|
|
|
Install Agents
The Install Agents page installs the agent on a remote system and creates a new machine ID / group ID account for any new machine detected by LAN Watch. Install Agents remotely installs the packages created using Deploy Agents. A list of machines with scan results are displayed when you first display this page. Clicking any machine ID displays a table listing all machines with a host name. Machines without an agent display in red text.
Note: See System Requirements for a list of operating systems agents can be installed on.
LAN Watch and Install Agents using Windows or Macintosh
Both Windows and Macintosh agents can discover Windows and Macintosh machines on the same LAN using LAN Watch. Agent > Install Agents can only install agents on:
- Windows machines if the LAN Watch discovery machine was a Windows machine.
- Macintosh machines if the LAN Watch discovery machine was a Macintosh machine.
Note: Macintosh agent install packages require a credential when using Agent > Install Agent, or when installing agents using the /s "silent install" switch.
PSEXEC.EXE and SSH
PSEXEC.EXE is a lightweight telnet-replacement that lets you execute processes on other systems without having to manually install client software.
SSH (aka Secure Shell) is a network protocol that allows data to be exchanged using a secure channel between two networked devices. This protocol is primarily used on Unix-based systems, including Mac OS X.
Both of these technologies are used by Agent > Install Agents to install agents on remote Windows & Macintosh systems respectively after a LAN Watch scan is run on a Macintosh or Windows-based agent.
A valid credential set with administrator rights is required to successfully install an agent remotely.
Note:The KcsSetup installer skips installation if it detects an agent is already on a machine if the /e switch is present in the installer package. The installer overwrites installation if it detects an agent is already installed on a machine if the /r switch is present in the installer package. The /r switch overrides the /e switch if both switches are included in the agent package.
Using PSEXEC.EXE on Windows Machines
Uploading PSEXEC.EXE to the KServer
Before Install Agents can be run the first time on Windows machines, the PSEXEC.EXE must be uploaded to the KServer as a shared managed file:
- Download the PSEXEC.EXE file to your local machine from the following location:
http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx
- Select Agent Procedures > Schedule / Create, then click the Manage Files button to display the Manage Files Stored on Server window.
- Upload the PSEXEC.EXE file from your local machine to the KServer as a shared managed file.
Running PSEXEC.EXE
When Install Agent is run, PSEXEC.EXE is downloaded from the KServer into the c:\kworking directory and run using the following command line. You don't have to create this command line. Install Agent does it for you.
c:\kworking\psexec \\hostname -u "adminname" -p "password" -c -f -d "c:\kworking\kcssetup.exe" > c:\kworking\LANInsAipAddr.txt
The terms hostname and ipAddr refer to the remote machine. If the agent is on a drive other than C: then the working files are referenced to the same drive the agent is installed on.
PSEXEC.EXE Error Messages
If a remote Windows agent installation fails for any reason, the KServer passes back the results reported by PSEXEC.EXE. Typically, PSEXEC.EXE is simply reporting OS errors that it received trying to execute a call.
Using SSH on Macintosh Machines
Enabling SSH on Remote Macintosh Machines
Mac OS X 10.3.9 and above machines must have SSH Remote Login in System Preferences > Sharing > Remote Login enabled to support the remote install of Macintosh agents using Install Agents.
Typical Reasons for Install Failure
- File and Printer Sharing Not Enabled - Verify File and Printer Sharing is enabled on the target machine's firewall.
- Blocked by Network Security Policy
- Windows - PSEXEC.EXE connects to the remote PC through the RPC service and runs as a local account. Remote access to this service is controlled by a Local or Domain Security Setting. Open Local Security Policy (part of Administrative Tools). Open Local Policies\Security Options\Network access: Sharing and security model for local accounts. The policy must be set to Classic for PSEXEC.EXE to operate across the network.
Note: Classic is the default setting for machines that are members of a domain. Guest is the default setting for machines that are not in a domain. Microsoft does not allow Windows XP Home Edition to become a domain member.
- Macintosh - SSH can be blocked by client management network policies, which are configured using Server Admin in Mac OS X 10.4 and later.
- Windows - PSEXEC.EXE connects to the remote PC through the RPC service and runs as a local account. Remote access to this service is controlled by a Local or Domain Security Setting. Open Local Security Policy (part of Administrative Tools). Open Local Policies\Security Options\Network access: Sharing and security model for local accounts. The policy must be set to Classic for PSEXEC.EXE to operate across the network.
- Blocked by Anti-Virus Program - Some anti-virus programs may classify PSEXEC.EXE and SSH as security threats and block its execution.
- Invalid Credential - The credential must have administrator rights on the local machine. The agent requires administrator rights to install successfully. The username may be a domain user of the form
Domain\User. - Mac OS - Macintosh agent install packages require a credential when using Agent > Install Agent, or when installing agents using the /s "silent install" switch.
Testing and Troubleshooting
Admin Logon Name
The administrator name used to remotely access the selected machine. The Admin Logon Name must have administrator rights on the remote selected machine. Multiple accounts may have administrator rights on the same machine. Your domain administrator account may be different than the local administrator account. To ensure you are using the domain account enter the logon name using the domain\administrator format. If the domain is left off, the local account will be used.
Password
The password associated with the Admin Logon Name.
Install
Click Install to schedule an installation of the selected install package on all selected machines.
Cancel
Click Cancel to cancel execution of this task on selected managed machines.
Select an Agent Package to Install
Select the agent package to remotely install on selected machines. These packages are created using Deploy Agents.
Hide devices that match the MAC address of existing machine IDs
Check this box to hide all machines on a LAN with a MAC address matching the MAC address of an existing machine ID / group ID account.
Hide devices that match the computer names of existing machine in <machine ID>
Check this box to hide machines that have a common computer name in this same group ID. A LAN Watch may discover an managed machine with a second device using a different MAC ID then the one used to report to the KServer. For example, the same managed machine may connect to the internet using direct connection and have a second wireless connection with a different MAC ID. Checking this box hides the second device from this list so that you don't assume you've found a new unmanaged machine.
Select All/Unselect All
Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.
Host Name
The host name of each device on the LAN discovered by the latest LAN Watch scan.
IP Address
The private IP address of each device discovered by the latest LAN Watch scan.
MAC Address
The MAC address of each device discovered by the latest LAN Watch scan.
Vendor
The system manufacturer.
Last Seen
The time each device was last detected by the latest LAN Watch scan.
Topic 400: Send Feedback. Download a PDF of this online book from the first topic in the table of contents.