Overview

This instruction manual will guide you through performing various deployments based on your needs. It provides you with the steps, parameters and troubleshooting guidelines required for a successful Footprint Agent installation.

Alternatively, you can also use the Super Agent install procedure to deploy the Footprint Agent.

Table of contents

General Prerequisites

• Minimum OS: Windows 7 SP1/Windows Server 2008 R2 SP1

• Disk Space Required: 500 MB

• Windows Management Instrumentation service enabled and running.

• latest installer version available (FootprintAngetInstaller.exe or FootprintAgentInstaller.msi) from your Footprint console.

• outbound network access to *.codacloud.net

• whitelist of CODA’s EV code signing certificate as described here

Downloading the agent

From the Footprint console, go to SCAN SURFACE in the main menu:

Once here, go to the AGENT-BASED SURFACE menu option, then go to the SETUP AGENTS submenu :

Once here, you will be presented with a brief overview of what an agent is, as well as some required information:

• 🌐 Footprint Management URL: This is the URL of your Footprint instance

• 🔑 Footprint Agent Token: This is the token that you will use to authorize the agent on your instance.

Manual download links:

• Footprint Agent Installer (EXE): https://update.codacloud.net/agent/master-production/FootprintAgentInstaller.exe

• Footprint Agent Installer (MSI): https://update.codacloud.net/agent/master-production/FootprintAgentInstaller.msi

Basic Silent Install

Silent installation of the FootprintAgentInstaller.exe

Parameters

Examples:

.\FootprintAgentInstaller.exe /S -serverurl https://url.com -token 4cc706dfanehmlml1pa5a2n0 -certfile "C:\Users\UserX\Desktop\certificate.pem" -tags "tag1,tag2,tag3"

Silent installation of the FootprintAgentInstaller.msi

Parameters

Examples:

msiexec.exe /i "C:\Users\UserX\Desktop\FootprintAgentInstaller.msi" /qn /L*V "C:\windows\temp\fp_install.txt" SERVER_URL="https://url.com" TOKEN="4cc706dfanehmlml1pa5a2n0" CERTFILE="C:\Users\UserX\Desktop\certificate.pem" TAGS="tag1,tag2,tag3"

Deployment with Active Directory GPO [using batch startup script]

Prerequisites

For a successful deployment you must have:

• latest MSI installer available (FootprintAgentInstaller.msi) on the Footprint platform.

• last version of fp_install.bat script. Download the attached file or create if from fp_install.bat.

• Working Active Directory.

• A GPO linked to the Domain.

Steps to install

1. Open Group Policy Management on your Domain Controller.

   

2. Right Click and Edit the Group Policy on which you want to install the Footprint Agent.

   

3. After Group Policy Management Editor window opens, navigate to Computer Configuration/Policies/Windows Settings/Scripts(Startup/Shutdown).

   

4. Open Startup Properties

   

5. Press on Add button.

   

6. When pressing on Browse button of the Add a Script window, the explorer will open a directory where you should place both the fp_install.bat script and FooptrintAgentInstaller.msi.

   

7. Select fp_install.bat script and press Open.

   

8. Add SERVER_URL (e.g. https://host.com ), TOKEN (e.g. 4cc706dfanehmlml1pa52n0) and CERT_FILE, if using SSL Inspection (e.g. ca.pem). The SERVER_URL and TOKEN are provided in the Footprint Platform (Scan Surface → Agent Based Surface → Setup Agents) to Script Parameters and press OK.

   

9. Apply the changes and close Group Policy Management Editor window.

10. Make sure to reboot the computers so that the startup script runs and installs the Footprint Agent.

Deployment with Active Directory GPO [using MSI+MST]

Prerequisites

For a successful deployment you must have:

• latest MSI installer available (FootprintAgentInstaller.msi) on the Footprint platform.

• Orca.exe database table editor for creating and editing Windows Installer packageshttps://docs.microsoft.com/en-us/windows/win32/msi/orca-exe

• Working Active Directory.

• A GPO linked to the Domain.

• An accessible Distribution Point [file share]

Steps to install

1. Create a distribution point :

   1. Log on to the server as an Administrator user

   2. Create a shared network folder (this folder will contain the MSI package)

   3. Set permissions on this folder in order to allow access to the distribution package

   4. Copy the MSI in the shared folder

2. Open Group Policy Management on your Domain Controller.

   

3. Create a Group Policy Object

   An MSI package is deployed (distributed) through GPO as a Group Policy Object. In order to create an object for your package, you can follow these steps:

   • Click on the Start button and open Go to Start and open Group Policy Management

   • Expand Forest (your forest) > Domains (your domain)

   • Right-click on Group Policy Objects and select New

   • Enter a name for your policy and leave Source Starter GPO as (none)

4. Right Click and Edit the Group Policy on which you want to install the Footprint Agent.

   

5. Open Orca.exe and prepare an .mst modification file for the base .msi downloaded from the Footprint Console.

   1. Open Orca.exe and click Open. Navigate and select the FootprintAgentInstaller.msi

   2. Navigate to the PROPERTY tab

   3. 

      Edit the lines for SERVER_URL and TOKEN and insert the information provided in the Footprint Console > Agent Based Surface > Setup Agents tab.

   4. If you are using SSL Inspection then also provide the RootCA.cer file in the CERTFILE Property.

   5. Click on Transform > Apply Transform on the top level menu bar and Save the .mst file. Continue to the next step to complete the installation.

6. A package can be assigned per-user or per-machine. Also, if the package is assigned, it will automatically be installed silently. In order to assign a package you can follow these steps:

   • Click on your previously created policy

   • In the right panel click on the Settings Tab

   • You should see Computer Configuration and User Configuration, right-click anywhere in the panel and select Edit

   • Expand User Configuration > Policies > Software Settings

   • Right-click Software Installation and select New > Package

   • Select your package from the previously configured network share

   • In the dialog that appears select Assigned and click OK

   • The selected package will appear in the Software Installation panel (wait a bit for it to appear)

   • Double-click on the new package and select the Deployment tab

   • Check Install this application at logon and at the user interface select Basic

   • Navigate to the Modifications tab and Add the previously created .mst file

   • Click OK

   • Close Group Policy Management Editor

   • In the Group Policy Management window right-click on the domain name from the left-side pane and select Link an existing GPO

   • Select the previously created policy with the package and click OK

Deployment with 3rd party Tools

KASEYA VSA

Tested silent deployment with a MSI file. The MSI needs to be uploaded to the VSA Repository.

Take note of the token and URL in the Footprint console.

Deployment script contents:

getVariable("Agent Install Drive (C:\)", " ", "agtdrv", "All Operating Systems", "Halt on Fail")
writeFile ("VSASharedFiles\FootprintAgentInstaller.msi", "#agtdrv#temp\FootprintAgentInstaller.msi", "All Operating Systems", "Halt on Fail")
executeShellCommandToVariable ("msiexec /i "#agtDrv#temp\FootprintAgentInstaller.msi" /qn SERVER_URL="https://YOUR_FOOTPRINT_INSTANCE_URL_GOES_HERE" TOKEN="YOUR_TENANTS_TOKEN_GOES_HERE", "System", false, "All Operating Sytems", "Halt on Fail" )
writeProcedureLogEntry ("#global:cmdresults#", "All Operating Systems", "Halt on Fail")

Connectwise Automate

Connectwise Automate is a powerful RMM that can be used to deploy software automatically. You may use it to push the Footprint agent using both exe and msi file

Setup

You need some basic requirements before putting everything together.

1. The name of the software as Connectwise Automate sees it. To find this, install the software on one machine manually, or find one that it is already installed on. Go to the computer screen, switch over to software and note the name. For example: “Footprint Agent”

2. Get a silent installable copy of the software. Most MSI files will work with the /qn parameter.

Setting up the EDFs

Using EDFs(Extra Data Fields) in order to mark clients for deploy and locations/workstations to deny deployment. EDFs can be created from the dashboard, under Configurations, then Additional Fields. We need the following.

1. A workstation level checkbox EDF called “Dont Deploy FP Agent to this workstation”.

2. A location level checkbox EDF called “Dont Deploy FP Agent to this location”.

3. A client level checkbox EDF called “Deploy FP Agent to this client”.

Create a search

We are going to look for workstations that should have FP Agent deployed on them. Create the search, and name it something like “FP Agent to be deployed”. So we will create a search the ensures that the client level EDF is checked, the location level EDF is unchecked, as well as the workstation level EDF.

Navigate to “Advanced” and add the search for Computers with the following rules:

AND[+]
[Computer.Client.extra Data Field.Test - Deploy.Deploy FP Agent to this client] Is true [x]
[Computer.Extra Data Field.Test - Deploy.Dont Deploy FP Agent to this workstation] Is false [x]
[Computer.Location.Extra Data Field.Test - Deploy.Dont Deploy FP Agent to this workstation] Is false[x]

You will notice that workstations that already have the software installed are showing up in the search. Filtering to only workstations that do not yet have the software installed needs to be done using the “Not and - Applications - [Computer.Applications.Name] Equals “Footprint Agent““ statement.

AND[+]
[Computer.Client.extra Data Field.Test - Deploy.Deploy FP Agent to this client] Is true [x]
[Computer.Extra Data Field.Test - Deploy.Dont Deploy FP Agent to this workstation] Is false [x]
[Computer.Location.Extra Data Field.Test - Deploy.Dont Deploy FP Agent to this workstation] Is false[x]
 NOT AND[+]
  Applications[+]
    [Computer.Applications.Name] Equals Footprint Agent

Separating out the not statement for the software check is to make sure that we list only workstations that do not already have this software installed.

Create a group

Create a group called FP Agent Deploy. On that group, set the search to the one previously created. This will populate the group automatically with computers that are set to deploy, aren’t blocked from deploy, and don’t already have the software installed.

Create your scripts

You would normally want to create at least two scripts. One to deploy, and one to uninstall. The Footprint Agent can be easily uninstalled from the Footprint Console so the latter script is not a hard requirement.

The deploy script should have the following parts.

1. Check to see if the software is already installed, if not, go to step 2.

2. Transfer the installer to the workstation.

3. Install the software

4. Verify the software installed correctly.

5. Delete the installer.

Itarian Endpoint Manager

Endpoint Manager has a feature to install MSI packages for all devices or a particular device. This allows you to install an MSI package without a reboot or with force reboot or warn about the reboot and let users postpone it based on technician opinion

Step [1] : Go to "Endpoint Manager portal" -> "Device List "-> "Device Management". Select the device that you want to install the package, then go to "Install or Update Package" - >"Install Custom MSI /Package".

Step [2]: Add the URL for Footprint agent MSI installer. The unauthenticated URL is: https://update.codacloud.net/agent/master-production/FootprintAgentInstaller.msi

Step [3]: Add the Command-line options[make sure to copy the URL and Token from your own tenant]:

Example:

Parameters/Cmd-line options: SERVER_URL="https://url.com " TOKEN="4cc706dfanehmlml1pa5a2n0"

MSI /Package URL: Enter the file link. The URL entered here must be a file

Command-line options: By default, the MSI package installs with default command parameters on your device. If you need to give any additional command, you can refer the read more options. Reboot options: In reboot options, the technician can reboot the device after the installation of the package or he can suppress the reboot. Otherwise, he can warn the user about the reboot and let the user can postpone it

Footprint Agent does NOT require a reboot to start sending data.

Step [4]: After filling these fields, click "Install." Admin can view the installation state of MSI package in the "MSI Installation State" of that device.

Step [5]: Once the MSI package is installed, you can view the installed application in the control panel or check the services for Footprint Agent and Footprint Updater.

Reference: https://wiki.itarian.com/frontend/web/topic/download-pdf/how-to-install-custom-msi-packages

Check for success

After install, check the log to see if the install was successful. A successful installation should be accompanied by the following log message:

[NOTICE] Agent was successfully installed

If this message does not appear as the installation failed due to an error, please check the Troubleshooting section to learn more about solving procedures.

Troubleshooting

Any other error occurred during the installation process, except for those related to Log on as a Service or Firewall rules, should be accompanied by the following log message:

[NOTICE] Install process was cancelled due to an error. Please try again.

The log message above that should clearly state the cause of the error and should have the following format:

[ERROR] The body of the error

The body of the error should provide you with enough evidence to use the Troubleshooting section in the Footprint Active Directory - Installation & Troubleshooting Guide to learn how to solve any of those problems.

[fp_install.bat]

@echo off
SC QUERY FOOTPRINT_AGENT > NUL
IF ERRORLEVEL 1060 GOTO MISSING
echo "Footprint Service detected. Skiping install." >> "C:\windows\temp\fp_install.txt"
EXIT

:MISSING
echo msiexec.exe /i %~dp0FootprintAgentInstaller.msi /qn /LV "C:\windows\temp\fp_install.txt" SERVER_URL="%1" TOKEN="%2" CERTFILE="%~dp0%3" >> "C:\windows\temp\fp_install.txt"
msiexec.exe /i %~dp0FootprintAgentInstaller.msi /qn /LV "C:\windows\temp\fp_install.txt" SERVER_URL="%1" TOKEN="%2" CERTFILE="%~dp0%3"