Install GFI MAX Agent via Startup Script

GFI MAX RemoteManagement has instructions on using Group Policy Software Settings to deploy the Advanced Monitoring Agent. However, this note warned me off:

Please note: to avoid configuration issues we suggest that any updates to the Agent are deployed from the Software Distribution Point folder.

I don’t want to use Software Settings for agent updates; I want to use the RemoteManagement dashboard. And in fact, my experience trying to use Software Settings to manage other programs has not been great. I’d rather just install the agent with a startup script.

This ServerFault answer got me going in the right direction. And this TechNet article on installing Office 2013 with a startup script includes some helpful parallels.

Prerequisites

Some notes before we begin:

• Startup scripts run in the context of the Local System account, which is what we need to install the agent. This is in the Computer section of the GPO as opposed to the User Logon script. It does require a computer restart to get the agent installed.
• The startup script will be connecting to the install program with the computer account, not a user account. Therefore the install program needs to be in a share where Authenticated Users have Read permissions. From this article, a very helpful tip re. GPO Security Filtering that apparently applies to general file permissions as well:

Remember that Domain Users includes all users, Domain Computers includes all computer, and Authenticated Users includes all users and computers.

Setup

1. Create a server folder that is accessible to Authenticated Users (see above), for example \\<SERVER>\Install\Advanced Monitoring Agent\.

2. Download the client-site-specific agent installer form the GFI dashboard (Agent > Download Agent > Download Site Installation Package > Remote Worker Installer). Extract the .exe file to the server folder. Rename it to AdvMonAgent_Installer.exe.

3. Create a GPO called “Install Advanced Monitoring Agent.” Attach it to the domain root.

Optionally set a WMI filter to limit the GPO to client operating systems:

select * from Win32_OperatingSystem Where ProductType="1"

Get the ID of the GPO.

4. Browse to the GPO’s startup folder:

%systemroot%\sysvol\domain\Policies\{GPO ID}\Machines\Scripts\Startup

5. Create a file in that folder called AdvMonAgent_Installer.cmd containing the following text. Edit the <SERVER> name and path to match your site:

@echo off
REM 10/01/2014  Install the Advanced Monitoring Agent unless it is already present
REM             This script can be deployed to a Group Policy Object under
REM             Computer Configuration > Policies > Windows Settings > Scripts > Startup.

REM Check for agent in 32-bit and 64-bit paths.  Skip if found.
if exist "%ProgramFiles%\Advanced Monitoring Agent\winagent.exe" (goto Skip)
if exist "%ProgramFiles(x86)%\Advanced Monitoring Agent\winagent.exe" (goto Skip)

REM If the program _doesn't_ exist, install it (CUSTOMIZE for local server name and path!)
"\\<SERVER>\Install\Advanced Monitoring Agent\AdvMonAgent_Installer.exe"
goto End

:Skip
echo Advanced Monitoring Agent already installed.  Skipping installation.

:End

Note that the script checks for an existing Advanced Monitoring Agent and skips the install if it is present.

6. Edit the new GPO. Under Computer Configuration > Policies > Windows Settings > Scripts > Startup, add AdvMonAgent_Installer.cmd.

To test, update the group policy on a client computer (gpupdate /force) and reboot.

Although the script checks whether the agent is already installed, once the agent succeeds on all machines, you might want to disable the GPO. Re-enable it if you need to add more machines.