Forced deployment through the remote installation task of Kaspersky Security Center Cloud Console
If you need to start deploying Network Agents or other applications immediately, without waiting for the next time target devices log in to the domain, or if any target devices that are not members of the Active Directory domain are available, you can force installation of selected installation packages through the remote installation task of Kaspersky Security Center Cloud Console.
In this case, you can specify target devices either explicitly (with a list), or by selecting the Kaspersky Security Center Cloud Console administration group to which they belong, or by creating a selection of devices based on a criterion. The installation start time is defined by the task schedule. If the Run missed tasks setting is enabled in the task properties, the task can be run either immediately after target devices are turned on, or when they are moved to the target administration group.
This type of installation is performed in two steps:
- Copying files to the administrative resource (admin$) on each device.
- Performing remote registration of supporting services on each device.
The following conditions must be met:
- Devices must be available from the distribution points.
- Name resolution for target devices must function properly in the network.
- The administrative shares (admin$) must be enabled on target devices.
- The Server system service must be running on target devices (the service runs by default).
- The following ports must be open on target devices to allow remote access through Windows tools: TCP 139, TCP 445, UDP 137, and UDP 138.
- Simple File Sharing mode must be disabled on target devices.
- On target devices, the access sharing and security model must be set as Classic – local users authenticate as themselves, it cannot be Guest only – local users authenticate as Guest.
- Target devices must be members of the domain, or uniform accounts with administrator rights must be created on target devices in advance.
Devices in workgroups can be adjusted in accordance with the above requirements by using the riprep utility, which is described on Kaspersky Technical Support website.
During installation on new devices that have not yet been allocated to any of the Kaspersky Security Center Cloud Console administration groups, you can open the remote installation task properties and specify the administration group to which devices will be moved after Network Agent installation.
When creating a group task, keep in mind that each group task affects all devices in all nested groups within a selected group. Therefore, you must avoid duplicating installation tasks in subgroups.
Automatic installation is a simplified way to create tasks for forced installation of applications. To do this, open the administration group properties, open the list of installation packages and select the ones that must be installed on devices in this group. As a result, the selected installation packages will be automatically installed on all devices in this group and all of its subgroups. The time interval over which the packages will be installed depends on the network throughput and the total number of networked devices.
Using the remote installation task of Kaspersky Security Center Cloud Console places a significant load on devices acting as distribution points. Therefore, it is recommended that you select devices with high-performance storage units as distribution points. Moreover, the free disk space in the partition with the %ALLUSERSPROFILE%\Application Data\KasperskyLab\adminkit folder must exceed, by many times, the total size of the distribution packages of installed applications.