Agent Rollout via Active Directory Policy

Problem:

We are not using .MSI packages since the installation is normally just done when the computer is restarted, which is not always possible for servers.

Solution:

Prepare a public distribution share (SMB) where the install files will be stored

We recommend using the Active Directory NETLOGON share because:

• it is normally available on every site
• it is replicated automatically across the domain sites

You can also use other public availabe network shares (Access Level: Everybody read/execute), please adopt the next steps to your domain configuration and selection of the distribution share.

• login as domain administrator on domain controller
• locate the NETLOGON share (this is typcially the FQDN of your Active Directory)
• e.g. FQDN: hs2n.local → Netlogon Share: \hs2n.local\NETLOGON
• create a folder called "XEOX_Agent"
• copy the .exe File downloaded in step 1 to the folder
• create a batch file called "XEOX_agent_install.bat"
• open the new file "XEOX_agent_install.bat" with notepad and enter the following CODE
• Version 1 (very simple, just checks if at least an agent is installed, and does install when not installed) - Future Agent Update will be done over the internet

XEOX_agent_install.bat

This BAT file checks if the Agent is already installed (Program Files contains the XEOX folder). If not, it will execute the installer with

• /S for silent installation
• /U do not overwrite later versions Upgrades to later versions will be done via XEOX.

if exist "%ProgramFiles(x86)%\xeox\version.txt" goto nothing
if exist "%ProgramFiles%\xeox\version.txt" goto nothing
echo Installing XEOX Agent
%~dp0XEOX_Agent_for_hs2n-1_4_4_18.exe /S /U
echo Install Finished
exit

:nothing
echo XEOX is already installed, doing nothing

Version 2 (more sophisticated, you can also do updates by creating an additional Batch File called serverversion.bat)

XEOX_agent_install_with_version_check.bat

If you prefer to rollout Agent Upgrades via Group Policy too (less network load), you have to check the installed version via BAT file:

rem load installed version
if exist "%ProgramFiles(x86)%\xeox\version.bat" call "%ProgramFiles(x86)%\xeox\version.bat"
if exist "%ProgramFiles%\xeox\version.bat" call "%ProgramFiles%\xeox\version.bat"

rem load version from setup file
call %~dp0setupversion.bat

rem if versions are not equal
if "%xeoxversion%"=="%setupversion%" goto nothing

rem Install XEOX Agent
%~dp0XEOX_Agent_for_hs2n-1_4_4_18.exe /S /U

rem echo Install Finished
exit

:nothing
rem Xeox is already installed, doing nothing

setupversion.bat Insert the version from your downloaded agent. In case of an Agent Upgrade, download new Setup and update the version in setupversion.bat.

set setupversion=1.4.4.18

Adopt the LINE XEOX_Agent_for_hs2n-1_4_4_18.exe /S /U with the .exe file you got in Step 1 (make sure that the %~dp0 and the /S /U is not touched)

the final folder structure should look like this (the .exe filename will be different)

Create a new GPO object with a scheduled task

• logon with a domain admins to a domain controller
• open the Group Policy Management Console
• create a new Group Policy Object (https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-a-group-policy-object)
• name it "XEOX Cloud Agent Rollout"

• Right-click this newly created GPO and then click Edit.
• Expand computer or user configuration and then go to the following path:
  • Preferences -> Control Panel Settings -> Scheduled Tasks
• Right-click on scheduled tasks and then click New -> Scheduled Task (Windows Vista and Later)
• Change the following properties in the tab "General"

• Tab Trigger

  click on "New ..." and change the properties

• Tab Actions

  click on "New ..." and then "Browse ..." and select the .bat file that we have created in step 2 on the NETLOGON Share e.g.

• Make sure that you are using an UNC Path. Do not use the name of the a specific domain controller, but always use the "domain FQDN"
  • e.g. \\hs2n.local\netlogon\XEOX_Cloud_Agent\XEOX_cloud_agent_install.bat
• Click OK and the Apply
• Link the GPO Object to a test OU (organisational unit)
• Wait a few minutes until the GPO objects and links are replicated
• Execute the update on a computer and check if the scheduled task was created
• wait until its executed automatically and manually check if the XEOX Cloud Agent Folders are created on the machine

Firewall exceptions

The XEOX Cloud Agent is communicating via https (port 443) to the XEOX Cloud Server (https://login.xeox.com). Please configure your local firewall to allow port 443 from all windows client machines to login.xeox.com.

Verify installation

• Verfiy that the GP Update is working
• Verify that the scheduled task is created by the GPO
• Verify that XEOX Cloud Agent is created

• Login to XEOX Cloud Console and navigate to XEOX / Hardware List

• the computers should show up here