Previously, AE agents were supported only for Windows OS, from the 11.3 version of SDP, Endpoint Central is being used for agent-based scan for Windows, Linux, and Mac OS. Therefore, users are requested to switch to Endpoint Central agents. Steps for the same are mentioned below.
Step 1: Downloading and installation of Endpoint Central
Endpoint Central gets installed with PGSQL as the default database. Click here for detailed steps for moving Endpoint Central (formerly Desktop Central) to MSSQL.
Silent Installation
Endpoint Central can be silently downloaded and installed with a click of a button from Admin > Agent Configuration. For downloading Endpoint Central, access to the internet would be required from the server machine. When Endpoint Central gets installed successfully, SDP is informed about the successful installation and agents will be available for download with SDP.
Manual Installation
If internet connectivity is not available from the server machine or if it takes more than 90 minutes for the Endpoint Central to get successfully installed, then the process will be timed out accordingly and a prompt for manual installation of Endpoint Central will be shown. In the case of manual installation, the product can be downloaded (in EXE format) and installed.
Installing Endpoint Central if the SDP server runs on Linux OS
Endpoint Central can only be installed on a Windows machine. So, if the SDP server runs on Linux, clicking on "Download and Install" from the Agent Configuration page will prompt a download link. Endpoint Central can be downloaded (in EXE format) and installed on a separate Windows machine. Here, auto integration of SDP and Endpoint Central (formerly Desktop Central) would not happen and so integrating Endpoint Central (formerly Desktop Central) into SDP has to be done from under Admin > Endpoint Central (formerly Desktop Central) Settings.
Step 2: Configuring the Agent settings
Before downloading the agents and deploying them on the machines, it would be appropriate to configure certain agent settings so that these configurations are bundled into the agents. These settings can be configured from under Admin > Agent configurations.
NAT configuration for scanning roaming user devices
Certain users in the organization will be traveling periodically and their laptops may not be available in the corporate network for scanning. In order to scan such laptops which have the agent installed, public IP has to be configured for agents in these devices to reach the Endpoint Central server. Click here for more details on how to configure public IP for scanning.
Click here for more details on how to configure public IP for scanning.
Endpoint Central Agent - Endpoint Central Server secure communication
By default, the Agent-Server communication will happen through HTTPS (Encrypted) communication. These steps enforce trusted HTTPS communication between agent and server. These configurations can be enabled under Agent security settings.
Enable certificate-based authentication for agent-server communication
Enabling this option would have the agent-server communication with client certificate authentication. Enabling this option in SDP would in turn enable this setting in Endpoint Central too. Click here for more details on the procedure.
Enable agent-server trusted communication
Before enabling this setting, it is required that a valid third-party SSL certificate is applied in Endpoint Central (formerly Desktop Central). Click here for steps to configure SSL certificate in Endpoint Central, this has to be done only from the Endpoint Central console.
Note: Once this setting is enabled it cannot be disabled again as the agents will fail to communicate with the server again. Enabling this setting would enable it in Endpoint Central too and have the agent-server communication to be trusted. Click here for the detailed procedure.
Step 3: Ensure ports used by Endpoint Central (formerly Desktop Central) are open
The ports used by Endpoint Central (formerly Desktop Central) are mentioned above in the document. All the ports are inbound to the server and would be used by the agents residing in the remote client machines to reach the server. These ports have to be opened up in the firewall where ever required.
Step 4: Downloading Endpoint Central agents for Windows, Linux, and Mac machines
Once Endpoint Central is successfully installed and integrated with SDP, then Endpoint Central agents for Windows, Linux, and Mac will be available for download from Admin > Agent configuration page.
Step 5 : Replacing AE agents with Endpoint Central agents in Windows machines
Uninstallation of AE agents and installation of Endpoint Central agents for Windows machines can be performed as a single step by configuring a GPO in Active Directory. Endpoint Central agent for Windows can be downloaded from Admin > Agent Configuration. It would be in zip format and contains DesktopCentralAgent.msi and DesktopCentralAgent.mst files.
You can replace the ServiceDesk Plus Windows Agents with Endpoint Central Agents by executing the ReplaceAgents.vbs as a GPO in Active Directory. The Agents will be replaced once the machines boot up.
Follow the below steps to configure a GPO in Active Directory.
i.Create a network share (e.g,\MyServerMyShare).
ii. Download and extract the Windows Agent zip file.
iii. Save the DesktopCentralAgent.msi and DesktopCentralAgent.mst files in the network share.
iv. From your Domain Controller, click Start >> run >> enter gpmc.msc and click OK. If gpmc is not installed in your Active Directory, install gpmc and proceed.
v. Right-click the domain and select Create and Link a GPO and specify a name for GPO.
vi. To install Agents in only select client computers, follow these steps:
-
Select the GPO and click the Scope tab.
-
Click Add in the Security Filtering section.
-
Click Object Types in the Select User, Computer, or Group dialog box.
-
Select the specific computer Object Types and click OK.
-
Specify the computer names, click Check Names, and click OK.
vii. Right-click the GPO and click Edit.
viii. Select Computer Configuration>>Windows Settings>>Scripts and right-click Startup and click Properties.
ix. Click Show Files and drag and drop the ReplaceAgent.vbs(downloaded above) to this location and close.
x. In the Startup Properties dialog box, click <strong>Add.</strong>
Browse and select the ReplaceAgent.vbs script.
xi. Specify the script parameters as mentioned below:
DesktopCentralAgent.msi DesktopCentralAgent.mst
If SSL third party certificate is uploaded in the server, go to Admin -> Security Settings -> Import SSL Certificates,the below files should be added along with Agent installer files:-
DMRootCA.crt
Specify the script arguments as "DesktopCentralAgent.msi DesktopCentralAgent.mst DMRootCA.crt"
If SSL third party certificate is not uploaded in the server, Admin -> Security Settings -> Import SSL Certificates,the below files should be added along with Agent installer files:-
DMRootCA.crt DMRootCA-Server.crt
Specify the script arguments as "DesktopCentralAgent.msi DesktopCentralAgent.mst DMRootCA.crt DMRootCA-Server.crt
xii. Click OK to close the Add a Script dialog box and the Startup Properties dialog box
xiii. Close the Group Policy Object Editor and Group Policy Management dialog box.
The agent will be installed automatically when the client computers start.
Step 6 : Uninstalling Windows AE agents
Step 6 : Uninstalling Windows AE agents
If step 4 above is not followed and step 6 is followed during the installation of Windows agents, then the old AE agents will still remain in the remote client machines. Follow the below method to uninstall the AE agents.
You can uninstall the ServiceDesk Plus Windows Agents by executing the UnInstallAgent.vbs as a GPO in Active Directory. The agents will be removed once the machines boot up.
Follow the below steps to configure a GPO in Active Directory
-
Create a network share (e.g,\MyServerMyShare).
-
Download and place UninstallAgent.vbs
-
From your Domain Controller, click Start >> run >> enter gpmc.msc and click OK. If gpmc is not installed in your Active Directory, install gpmc and proceed.
-
Right-click the domain and select Create and Link a GPO and specify a name for GPO.
-
Right-click the GPO and click Edit.
-
Select Computer Configuration>>Windows Settings>>Scripts and right-click Startup and click Properties.
-
Click Show Files and drag and drop the UninstallAgent.vbs(downloaded above) to this location and close.
-
In the Startup Properties dialog box, click <strong>Add.</strong>
-
Browse and select the UninstallAgent.vbs script.
-
Click OK to close the Add a Script dialog box and the Startup Properties dialog box
-
Close the Group Policy Object Editor and Group Policy Management dialog box.
The agent will be uninstalled automatically when the client computers start.
Step 7 : Other methods for deploying Endpoint Central agents in Windows
Below are the other methods to deploy Windows agents through the Active directory and for machines in a workgroup. To be followed if Step 4 is not performed.
Installing Windows agents using GPO Scheduler (Note: This step will be helpful in WFH environments where the agents get deployed after the users get their laptops connected through VPN in a corporate network.
Installing Windows agents using startup script in ActiveDirectory
Installing Windows agents through GPO lightweight tool
Step 8: Imaging a Windows computer with a Endpoint Central agent
Endpoint Central Agent has a unique ID that represents the machine with its name and system details. If more than one Endpoint Central Agent is identified with the same ID, the details listed in ServiceDesk Plus will be overwritten. This will end up listing details of only one computer though there are several computers with the same ID. So, in order to avoid this issue, follow the steps mentioned below to image a computer with Endpoint Central Agent on it.
a). Install Endpoint Central Agent on the computer which is to be used for imaging.
b). Download Agent by accessing the Assets module and selecting Download Windows Agent (or) go to Admin > Agent Configuration > Download Windows Agent.
c). Save and Download this script and store it in the system that is supposed to be imaged.
(running this script will block the Endpoint Central Agent from communicating with the Endpoint Central Server)
d). Rename the .txt file as .vbs file
i. Open the command prompt as administrator and navigate to the folder where the above script is stored.
ii. Execute the script as: cscript.exe dcagentPreImage.vbs
(example : E:Downloads>cscript.exe dcagentPreImage.vbs)
Now your computer is ready to be imaged with Endpoint Central Agent, for deployment.
Endpoint Central Agent in the newly imaged computers will contact the Endpoint Central Server only if they are renamed.
Step 9: Deploying Endpoint Central agents in Linux
Below are methods of agent deployment in Linux machines and for imaging a Linux machine
Installing Linux agent using Linux agent installation tool
Step 10: Deploying Endpoint Central agents in Mac
Below are methods of agent deployment in Mac machines and for imaging a Mac machine
Step 11: What if Remote SDP servers are used?
Remote SDP servers are used in WAN environments wherein all the remote machines are not reachable from the central SDP server. From SDP 11.3 version, Endpoint Central has to be downloaded and installed in the SDP remote servers also for scanning Windows, Linux, and Mac machines. A separate Endpoint Central installation would not be required if the Endpoint Central agents deployed on the remote sites are reachable with the central SDP server. It is highly recommended not to install Endpoint Central on SDP remote servers as remote control and other tools will not work for machines managed in remote servers from the central server, only inventory of these machines would be pushed from the remote server to central servers. Please check here for the ports that need to be configured in the firewall for agent-server communication.