Jump to content
Sign in to follow this  
Antoine

GPO agent deployment difficulties

Recommended Posts

Hi,

As stated in the title, I have issues deploying remote administration agents through GPO (windows server 2012) to Windows 10 machines.

 

My Eset server (dedicated windows 10 machine) is ESET Security Management Center (Server), Version 7.2, ESET Security Management Center (Console Web), Version 7.2 .

 

I was able to download an .ini file with the desired configuration for the agent (from the Eset server console), and the .msi file from this URL : https://download.eset.com/com/eset/apps/business/era/agent/latest/agent_x64.msi

 

I ran several tests with a dedicated OU, with dedicated GPO and assigned user/computer (and tried both user and computer configuration strategies).

 

Using the same method and parameters I was able to remove a previous version of Firefox and install an updated one (.msi installer also, but no .ini), but the same process did not work for the remote agent.

 

Remark 1 : no issue manually installing the very same agent_x64.msi file (from the aforementioned URL) from the same shared folder.

Anyone has an idea ? I'm probably missing something but Eset’s ressources didn’t help ?

Remark 2 : Why GPO ? The console doesn't allow to update agent remotely (the update end up with a failure message) and our IT infrastructure is starting to grow (I can't update this much machines every other month), so I need something to manage and update these remotely ; GPO seemed to be a fitting option.

Thanks for your help.

 

Ps : Eset ressource I used https://help.eset.com/esmc_admin/70/fr-FR/fs_agent_deploy_gpo.html

https://help.eset.com/esmc_admin/70/en-US/fs_agent_deploy_gpo.html

https://support.eset.com/en/kb6864-deploy-the-eset-management-agent-using-a-group-policy-object-gpo

https://help.eset.com/esmc_admin/72/en-US/fs_agent_deploy_gpo_sccm.html?zoom_highlightsub=gpo

Share this post


Link to post
Share on other sites

Fwiw, GPO is the best way to install the Agent in a Domain controlled network.

That said, if possible, go to one of those systems that agent can't seem to be installing on and take a gander at c:\programdata\eset.  Does it exist?

If it exists, locate the log and post snippets of it (obviously redacting information that is private).

If it doesn't exist, then take a look at the Event Viewer and locate any errors in the (I think) Application log.

 

Share this post


Link to post
Share on other sites

Hello,

I've been looking into the location you pointed, nothing seems to refer to the Agent (only Endpoint logs it seems).

I'll have a look at admx update, the server is a 2012 and didn't get admx updates for Windows 10 I think.

ADMX update did not seem to make it work better.

 

I think I found the source of the problem : the computer itself wasn't in the same OU in terms of AD. It was in the GPO's security filter, but not placed in the AD 'folder' of the OU (it was still in the basic 'Computers' folder).

It seems to be working now that I did that.

Thanks for your help.

Regards,

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...