Deploying agent on newly added computers automatically

[shmtsb 0]

Is that possible to create a task - for example an Agent Deployment task - that gets executed automatically only on machines that newly added to a dynamic group?

 

I know there is a trigger named Dynamic Group Members Changed. But it is my understanding it is invoked on all members when the contents of a Dynamic Group change. Am I correct?

 

Any help would be really appreciated.

[Turbo 0]

As far as i know ERA can't deploy agents automatically to new computers. To show in dynamic group computer has to have installed agent allready.
Here you get eset kb about agent deployment: hxxp://support.eset.com/kb3595/?locale=en_US
Only way to do it remotely and automatically is using GPO, SCCM or scripting it yourself

[NWDreamer 0]

To show in dynamic group computer has to have installed agent allready.

 

 

I'm afraid I can't contribute to the original question since I'm about as new to ERA6 as they come, however I can comment on the sentence I quoted above.  From both what I read and what I saw with our own console, the dynamic group computers gets populated from the hierarchy of the AD on the server (i.e., you can see them in the console, but they are kind of dim and without icons or highlighting).  Only once I was able to deploy an ERA Agent to the client was I able to see the Agent icon (as well as others that describe the client like desktop, file server, exchange server, etc.).

[jimwillsher 65]

Yes, all correct. The process of saying "which groups do I belong to" is a task executed by the agent on the computer, so by definition, agent must already be installed.

 

My suggestion would be a GPO and a Software Installation task, as GPOs "know" which computer the GPO has been run on, so once it has run it will not rerun. Alternatively, you could create a script which runs at boot time which checks the registry for a flag; if the flag is not present then run the installer and set the flag to prevent rerun.

 

 

Jim

[mstroud_pfi 0]

Are you serious? There is no way to automatically install the agent to newly added computers within the console?

[jimwillsher 65]

Can you deploy via GPO?

Edited September 7, 2016 by jimwillsher

[Rook 2]

@shmtsb and mstroud_pfi

 

GPO is your best bet, it was designed for that purpose. ERA6 is not ADDS. If you add a new computer to your domain, you would need to resync ERA with AD and then create a new server task (or edit an old task) for deployment. My recommendation for an 'automatic' install of ESET would be as follows:

-Create GPO for software install of the ERA Agent: hxxp://support.eset.com/kb3677

-Setup dynamic grouping for automatic Security Product Installation: hxxp://support.eset.com/kb3702(step 9 you could just use 'contains - ESET Endpoint')

        -I would also recommend adding 'contains - server' that way any server OS will not get added to the group, as you do not want Endpoint products installed on a server.

        -I also set this group as a child to the built-in 'Windows computer'dynamic group. That way this group will only pull in Windows OS computers.

 

This should ensure that when new computers are added to the domain, they should complete the software install of the Agent upon next reboot (or gpupdate /force). The ERA Agent on those new computers will then be able to check-in with ERA server, and get sorted appropriately into Dynamic groups for the automatic Security product installation. The 'Software Install' task for the Security product should both install and activate ESET Security products.

 

 

@NWDreamer

Groups populated in ERA after sync with AD are Static groups. Dynamic groups are specifically created in ERA and can only pull in entries that shows as 'managed' (have the ERA Agent install).

 

Regards,

Rook

[mstroud_pfi 0]

Thanks for the help! I'll try deploying it through GPO.

[RedLine 0]

We`re deploying agent by SCCM Task Sequence