Global Threat Condition: Elevated
Installing the agent with login scripts
Use this task to set up and use network login scripts to install the agent on systems logging on to the network.
Using network login scripts is a reliable method to make sure that every system logging on to your network is running an agent.
You can create a login script to call a batch file that checks if the agent is installed on systems attempting to log onto the network. If no agent is present, the batch file can install the agent before allowing the system to log on. Within ten minutes of being installed, the agent calls in to the server for updated policies, and the system is added to the System Tree.
This is a desirable method to use when:
• Sorting filters or NT domain names are assigned to the segments of your System Tree.
• You already have a managed environment and want to ensure that new systems logging
on to the network become managed as a result.
• You already have a managed environment and want to ensure systems are running a current
version of the agent.
Best practices
McAfee recommends you first create segments of your System Tree that use either network domain names or sorting filters that add the expected systems to the desired groups. If you don’t, all systems are added to the Lost&Found group and you must move them later manually.
The details of the login script depends on your needs. Consult your operating system documentation for writing login scripts. This task uses a basic example.
Task
For option definitions, click ? on the page displaying the options.
1 Copy the FRAMEPKG.EXE agent installation package on your server to a shared folder on
a network server to which all systems have permissions.
Systems logging on to the network are directed to this folder to run the agent installation
package and install the agent when they log on.
By default, the agent installation package is in this location:
C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3000\Install\0409\FramePkg.exe
2 Create a custom agent installation package with embedded administrator user credentials.
These credentials are required to install the agent on the system.
3 Create a batch file that contains the lines you want to execute on systems when they log
onto the network. The contents of this batch file may differ depending on your needs, but
its purpose is to:
• Check whether the agent has been installed in the expected location.
• Run FRAMEPKG.EXE if it is not present.
Below is a sample batch file that checks whether the agent is installed and, if it is not, runs
the FRAMEPKG.EXE to install the agent.
IF EXIST "C:\Windows\System32\ePOAgent\NAIMAS32.EXE"
\\
IF EXIST “C:\ePOAgent\FRAMEWORKSERVICE.EXE” GOTO END_BATCH
\\MyServer\Agent\UPDATE$\FRAMEPKG.EXE /FORCEINSTALL /INSTALL=AGENT
:END_BATCH
NOTE: The installation folders for your distribution may be different than in this example, depending on where you have specified to install the agent.
This example checks:
• The default installation location of the older agent version 2.5.1 and, if present, upgrades
it to the agent version 3.5.
• The default installation folder for the agent version 3.5 and, if not present, installs the
new agent.
4 Save the EPO.BAT batch file to the NETLOGON$ folder of your primary domain controller
(PDC) server. The batch file runs from the PDC every time a system logs on to the network.
5 Add a line to your login script that calls the batch file on your PDC server. This line would look similar to this example:
CALL \\PDC\NETLOGON$\EPO.BAT
Each system runs the script and installs the agent when it logs on to the network.
