Overview
This instruction manual will guide you through performing various deployments based on your needs. It provides you with the steps, parameters and troubleshooting guidelines required for a successful Footprint Agent installation.
Alternatively, you can also use the Super Agent install procedure to deploy the Footprint Agent.
Table of contents
- Overview
- Table of contents
- General Prerequisites
- Downloading the agent
- Basic Silent Install
- Deployment with Active Directory GPO [using batch startup script]
- Deployment with Active Directory GPO [using MSI+MST]
- Deployment with 3rd party Tools
- Deployment with Virtual Infrastructure Desktop
- Check for success
- Uninstall
- Troubleshooting
- [fp_install.bat]
General Prerequisites
-
Minimum OS: Windows 8/ Windows Server 2008 R2 (for deployment on Windows 7 see here)
-
Disk Space Required: 500 MB
-
Windows Management Instrumentation service enabled and running.
-
latest installer version available (FootprintAngetInstaller.exe or FootprintAgentInstaller.msi) from your Footprint console.
-
outbound network access to *.codacloud.net
-
whitelist of CODA’s EV code signing certificate as described here
Downloading the agent
From the Footprint console, go to SCAN SURFACE in the main menu:
Once here, go to the AGENT-BASED SURFACE menu option, then go to the SETUP AGENTS submenu :
Once here, you will be presented with a brief overview of what an agent is, as well as some required information:
-
🌐 Footprint Management URL: This is the URL of your Footprint instance
-
🔑 Footprint Agent Token: This is the token that you will use to authorize the agent on your instance.
Manual download links:
-
Footprint Agent Installer (EXE): https://update.codacloud.net/agent/master-production/FootprintAgentInstaller.exe
-
Footprint Agent Installer (MSI): https://update.codacloud.net/agent/master-production/FootprintAgentInstaller.msi
Configuring the required network permissions (outbound)
Remember to allow access from the Scanner to the following outside world destination if there is any firewall involved.
Destination |
Port |
Protocol |
Encrypted |
Purpose |
---|---|---|---|---|
443 |
HTTPS |
Yes |
Footprint Automated Updates (mandatory) |
|
443 |
HTTPS |
Yes |
Footprint Agent Alerting Service (optional, highly recommended) |
|
443 |
HTTPS |
Yes |
Footprint IS - Console Connectivity (mandatory) |
Basic Silent Install
Silent installation of the FootprintAgentInstaller.exe
Parameters
Parameter |
Description |
---|---|
|
(*required) from Footprint platform |
|
(*required) from Footprint platform |
|
(*optional) Only if you perform SSL inspection. The full path of the root certificate authority public key in PEM format. |
|
(*optional) Used to generate Contexts. |
Examples:
.\FootprintAgentInstaller.exe /S -serverurl https://url.com -token 4cc706dfanehmlml1pa5a2n0 -certfile "C:\Users\UserX\Desktop\certificate.pem" -tags "tag1,tag2,tag3"
If your domain name contains a dash (-), please enclose the entire domain URL in both single and double quotes: -sereverurl "'https://my-domain.registrar'"
Be careful! The parameters of the command line are case sensitive.
If you are using SSL inspection, please provide your root certificate authority public key in PEM format.
PowerShell must be run as Administrator.
Silent installation of the FootprintAgentInstaller.msi
Parameters
Parameter |
Description |
---|---|
|
(*required) from Footprint platform |
|
(*required) from Footprint platform |
|
(*optional) Only if you perform SSL inspection. The full path of the root certificate authority public key in PEM format. |
|
(*optional) Used to generate Contexts. |
Examples:
msiexec.exe /i "C:\Users\UserX\Desktop\FootprintAgentInstaller.msi" /qn /L*V "C:\windows\temp\fp_install.txt" SERVER_URL="https://url.com" TOKEN="4cc706dfanehmlml1pa5a2n0" CERTFILE="C:\Users\UserX\Desktop\certificate.pem" TAGS="tag1,tag2,tag3"
Be careful! The parameters of the command line are case sensitive.
If you are using SSL inspection, please provide your root certificate authority public key in PEM format.
PowerShell must be run as Administrator.
If your username has spaces, please make sure to use double quotation marks for the file path
Deployment with Active Directory GPO [using batch startup script]
Prerequisites
For a successful deployment you must have:
-
latest MSI installer available (
FootprintAgentInstaller.msi
) on the Footprint platform. -
last version of
fp_install.bat
script. Download the attached file or create if from fp_install.bat. -
Working Active Directory.
-
A GPO linked to the Domain.
Steps to install
-
Open
Group Policy Management
on your Domain Controller. -
Right Click and Edit the Group Policy on which you want to install the Footprint Agent.
-
After Group Policy Management Editor window opens, navigate to Computer Configuration/Policies/Windows Settings/Scripts(Startup/Shutdown).
-
Open Startup Properties
-
Press on Add button.
-
When pressing on Browse button of the Add a Script window, the explorer will open a directory where you should place both the
fp_install.bat
script andFooptrintAgentInstaller.msi
. -
Select
fp_install.bat
script and press Open. -
Add
SERVER_URL
(e.g. https://host.com ),TOKEN
(e.g. 4cc706dfanehmlml1pa52n0) andCERT_FILE
, if using SSL Inspection (e.g. ca.pem). The SERVER_URL and TOKEN are provided in the Footprint Platform (Scan Surface → Agent Based Surface → Setup Agents) to Script Parameters and press OK. -
Apply the changes and close Group Policy Management Editor window.
The Footprint Agent will be installed on each device targeted by the GPO, when the device is restarted.
Make sure that the GPO is linked to the domain.
10. Make sure to reboot the computers so that the startup script runs and installs the Footprint Agent.
Deployment with Active Directory GPO [using MSI+MST]
Prerequisites
For a successful deployment you must have:
-
latest MSI installer available (
FootprintAgentInstaller.msi
) on the Footprint platform. -
Orca.exe database table editor for creating and editing Windows Installer packageshttps://docs.microsoft.com/en-us/windows/win32/msi/orca-exe
-
Working Active Directory.
-
A GPO linked to the Domain.
-
An accessible Distribution Point [file share]
Steps to install
-
Create a distribution point :
-
Log on to the server as an Administrator user
-
Create a shared network folder (this folder will contain the MSI package)
-
Set permissions on this folder in order to allow access to the distribution package
-
Copy the MSI in the shared folder
-
-
Open
Group Policy Management
on your Domain Controller. -
Create a Group Policy Object
An MSI package is deployed (distributed) through GPO as a Group Policy Object. In order to create an object for your package, you can follow these steps:
-
Click on the Start button and open Go to Start and open Group Policy Management
-
Expand Forest (your forest) > Domains (your domain)
-
Right-click on Group Policy Objects and select New
-
Enter a name for your policy and leave Source Starter GPO as (none)
-
-
Right Click and Edit the Group Policy on which you want to install the Footprint Agent.
-
Open Orca.exe and prepare an .mst modification file for the base .msi downloaded from the Footprint Console.
-
Open Orca.exe and click Open. Navigate and select the FootprintAgentInstaller.msi
-
Navigate to the PROPERTY tab
-
Edit the lines for
SERVER_URL
andTOKEN
and insert the information provided in the Footprint Console > Agent Based Surface > Setup Agents tab. -
If you are using SSL Inspection then also provide the RootCA.cer file in the
CERTFILE
Property. -
Click on Transform > Apply Transform on the top level menu bar and Save the .mst file. Continue to the next step to complete the installation.
-
-
A package can be assigned per-user or per-machine. Also, if the package is assigned, it will automatically be installed silently. In order to assign a package you can follow these steps:
-
Click on your previously created policy
-
In the right panel click on the Settings Tab
-
You should see Computer Configuration and User Configuration, right-click anywhere in the panel and select Edit
-
Expand User Configuration > Policies > Software Settings
-
Right-click Software Installation and select New > Package
-
Select your package from the previously configured network share
-
In the dialog that appears select Assigned and click OK
-
The selected package will appear in the Software Installation panel (wait a bit for it to appear)
-
Double-click on the new package and select the Deployment tab
-
Check Install this application at logon and at the user interface select Basic
-
Navigate to the Modifications tab and Add the previously created .mst file
-
Click OK
-
Close Group Policy Management Editor
-
In the Group Policy Management window right-click on the domain name from the left-side pane and select Link an existing GPO
-
Select the previously created policy with the package and click OK
-
Deployment with 3rd party Tools
PDQ Connect
The Footprint Agent can also be deployed seamlessly using PDQ Connect. Please see the dedicated article below:
KASEYA VSA
Tested silent deployment with a MSI file. The MSI needs to be uploaded to the VSA Repository.
Take note of the token and URL in the Footprint console.
Deployment script contents:
getVariable("Agent Install Drive (C:\)", " ", "agtdrv", "All Operating Systems", "Halt on Fail") writeFile ("VSASharedFiles\FootprintAgentInstaller.msi", "#agtdrv#temp\FootprintAgentInstaller.msi", "All Operating Systems", "Halt on Fail") executeShellCommandToVariable ("msiexec /i "#agtDrv#temp\FootprintAgentInstaller.msi" /qn SERVER_URL="https://YOUR_FOOTPRINT_INSTANCE_URL_GOES_HERE" TOKEN="YOUR_TENANTS_TOKEN_GOES_HERE", "System", false, "All Operating Sytems", "Halt on Fail" ) writeProcedureLogEntry ("#global:cmdresults#", "All Operating Systems", "Halt on Fail")
Connectwise Automate
Connectwise Automate is a powerful RMM that can be used to deploy software automatically. You may use it to push the Footprint agent using both exe and msi file
Setup
You need some basic requirements before putting everything together.
-
The name of the software as Connectwise Automate sees it. To find this, install the software on one machine manually, or find one that it is already installed on. Go to the computer screen, switch over to software and note the name. For example: “Footprint Agent”
-
Get a silent installable copy of the software. Most MSI files will work with the /qn parameter.
Setting up the EDFs
Using EDFs(Extra Data Fields) in order to mark clients for deploy and locations/workstations to deny deployment. EDFs can be created from the dashboard, under Configurations, then Additional Fields. We need the following.
-
A workstation level checkbox EDF called “Dont Deploy FP Agent to this workstation”.
-
A location level checkbox EDF called “Dont Deploy FP Agent to this location”.
-
A client level checkbox EDF called “Deploy FP Agent to this client”.
Create a search
We are going to look for workstations that should have FP Agent deployed on them. Create the search, and name it something like “FP Agent to be deployed”. So we will create a search the ensures that the client level EDF is checked, the location level EDF is unchecked, as well as the workstation level EDF.
Navigate to “Advanced” and add the search for Computers with the following rules:
AND[+] [Computer.Client.extra Data Field.Test - Deploy.Deploy FP Agent to this client] Is true [x] [Computer.Extra Data Field.Test - Deploy.Dont Deploy FP Agent to this workstation] Is false [x] [Computer.Location.Extra Data Field.Test - Deploy.Dont Deploy FP Agent to this workstation] Is false[x]
You will notice that workstations that already have the software installed are showing up in the search. Filtering to only workstations that do not yet have the software installed needs to be done using the “Not and - Applications - [Computer.Applications.Name] Equals “Footprint Agent““ statement.
AND[+] [Computer.Client.extra Data Field.Test - Deploy.Deploy FP Agent to this client] Is true [x] [Computer.Extra Data Field.Test - Deploy.Dont Deploy FP Agent to this workstation] Is false [x] [Computer.Location.Extra Data Field.Test - Deploy.Dont Deploy FP Agent to this workstation] Is false[x] NOT AND[+] Applications[+] [Computer.Applications.Name] Equals Footprint Agent
Separating out the not statement for the software check is to make sure that we list only workstations that do not already have this software installed.
Create a group
Create a group called FP Agent Deploy. On that group, set the search to the one previously created. This will populate the group automatically with computers that are set to deploy, aren’t blocked from deploy, and don’t already have the software installed.
Create your scripts
You would normally want to create at least two scripts. One to deploy, and one to uninstall. The Footprint Agent can be easily uninstalled from the Footprint Console so the latter script is not a hard requirement.
The deploy script should have the following parts.
-
Check to see if the software is already installed, if not, go to step 2.
-
Transfer the installer to the workstation.
-
Install the software
-
Verify the software installed correctly.
-
Delete the installer.
Itarian Endpoint Manager
Endpoint Manager has a feature to install MSI packages for all devices or a particular device. This allows you to install an MSI package without a reboot or with force reboot or warn about the reboot and let users postpone it based on technician opinion
Step [1] : Go to "Endpoint Manager portal" -> "Device List "-> "Device Management". Select the device that you want to install the package, then go to "Install or Update Package" - >"Install Custom MSI /Package".
Step [2]: Add the URL for Footprint agent MSI installer. The unauthenticated URL is: https://update.codacloud.net/agent/master-production/FootprintAgentInstaller.msi
Step [3]: Add the Command-line options[make sure to copy the URL and Token from your own tenant]:
Example:
Parameters/Cmd-line options: SERVER_URL="https://url.com " TOKEN="4cc706dfanehmlml1pa5a2n0"
MSI /Package URL: Enter the file link. The URL entered here must be a file
Command-line options: By default, the MSI package installs with default command parameters on your device. If you need to give any additional command, you can refer the read more options. Reboot options: In reboot options, the technician can reboot the device after the installation of the package or he can suppress the reboot. Otherwise, he can warn the user about the reboot and let the user can postpone it
Footprint Agent does NOT require a reboot to start sending data.
Step [4]: After filling these fields, click "Install." Admin can view the installation state of MSI package in the "MSI Installation State" of that device.
Step [5]: Once the MSI package is installed, you can view the installed application in the control panel or check the services for Footprint Agent and Footprint Updater.
The exe file has been renamed in this example to “footprint.exe”.
Reference: https://wiki.itarian.com/frontend/web/topic/download-pdf/how-to-install-custom-msi-packages
Deployment with Virtual Infrastructure Desktop
Virtual Desktop Infrastructure (VDI) enables centralized virtual desktop implementation and management on servers. Users can access complete desktops and applications through any internet-connected device. VDI ensures personalized virtual workspaces for each user, with custom applications and settings.
Key Providers: Citrix with XenDesktop/XenApp and VMware with Horizon are popular VDI solution providers known for their robust platforms and services.
In the context of VDI, a crucial component is the Master Image, also known as a Golden Image.
The Master Image (Golden Image) is a pre-configured and standardized foundation for deploying identical virtual environments. It includes the necessary operating system, applications, settings, and security configurations to meet organizational needs efficiently.
Prerequisites
For a successful deployment you must have:
-
latest installer available on the Footprint platform
-
use any VDI provider
-
preparing a master Image(golden Image)
Steps to install.
1.Download and running the Agent Installer
2.Select Virtual Desktop Infrastructure and click on "next" button.
3.Enter the Hostname of Golden Image and click the “Next” button:
(This should be the agent's initial installation name.)
!Note!
The installation of the agent using this method(Virtual Desktop Infrastructure) will be done on the Master(Golden) Image.
This means that the Footprint agent will be deployed also on every machine that is created from the master image.
In Footprint Web Console the entries for the agent will be visible per device created/used. There will be no duplicates or changing names of the devices created.
Check for success
After install, check the log to see if the install was successful. A successful installation should be accompanied by the following log message:
[NOTICE] Agent was successfully installed
The path of the log is:
PATH: %PROGRAMDATA%\Footprint\Agent\logs\installer.log
For GPO Installations you can find the logs in: %WINDIR%\TEMP\fp_install.txt
If this message does not appear as the installation failed due to an error, please check the Troubleshooting section to learn more about solving procedures.
Uninstall
Uninstalling the agent can be done in several ways such as:
1.From control panel
2.By calling the uninstall.exe executable
You can do a silent uninstall by calling the uninstall.exe executable from the folder where the agent is installed with /S as parameter.
example: C:\Program Files (x86)\Footprint\Uninstaller.exe /S
3.From Footprint platform
Scan Surface-> Agent-based Surface ->Deployed agents
Troubleshooting
Any other error occurred during the installation process, except for those related to Log on as a Service or Firewall rules, should be accompanied by the following log message:
[NOTICE] Install process was cancelled due to an error. Please try again.
The log message above that should clearly state the cause of the error and should have the following format:
[ERROR] The body of the error
The body of the error should provide you with enough evidence to use the Troubleshooting section in the Footprint Active Directory - Installation & Troubleshooting Guide to learn how to solve any of those problems.
[fp_install.bat]
@echo off
SC QUERY FOOTPRINT_AGENT > NUL
IF ERRORLEVEL 1060 GOTO MISSING
echo "Footprint Service detected. Skiping install." >> "C:\windows\temp\fp_install.txt"
EXIT
:MISSING
echo msiexec.exe /i %~dp0FootprintAgentInstaller.msi /qn /LV "C:\windows\temp\fp_install.txt" SERVER_URL="%1" TOKEN="%2" CERTFILE="%~dp0%3" >> "C:\windows\temp\fp_install.txt"
msiexec.exe /i %~dp0FootprintAgentInstaller.msi /qn /LV "C:\windows\temp\fp_install.txt" SERVER_URL="%1" TOKEN="%2" CERTFILE="%~dp0%3"
Comments
0 comments
Please sign in to leave a comment.