This article will demonstrate the step-by-step wizard for the KACE SMA (Systems Management Appliance) Group Policy Object (GPO) Provisioning Tool for Agent Deployment on new client systems that have never had the agent previously installed. To download the tool, please reference Using the GPO Provisioning Tool for Agent Deployment (133776).
For more information on this topic, please see the KACE-SMA Course 2 Installing the KACE SMA Agent-Web-based Training.
Once you have downloaded and installed the GPO Provisioning Tool with elevated admin rights, verify it is launched with elevated admin privilege then click Next.
For Step 2 of 7, select/highlight the domain which this new Group Policy will be created under then click on the New GPO button.
Enter a unique name for this New GPO then click OK.
A new GPO object will be created under the Group Policy Objects tree and to the right of the wizard may display the message, “Link Status: Warning: this GPO has NOT been linked”.
Click on the “Link GPO” button. The options to link the GPO is to the domain or to an OU within the domain. This agent provisioning tool is a computer object generating tool, so if you are linking to an OU it must be an OU with computers. If you attempt to link this new GPO object to an OU with users, it will not work properly.
Click on OK when done.
Once OK is clicked, the “Link status:” on the right of the wizard may show that the GPO is not linked yet. You can either click on a different group policy and then click back to the new GPO to refresh the status, or you may try to click on the Nextbutton and then click the Back button to return and verify that the Link Status has changed to “Link status: This GPO has been linked”.
After the new GPO has been linked, click on Next. On Step 3 of 4 (please ignore the odd total number sequence from this screenshot as the content of the page should be the same as what is shown for you), select “Install agent software”. I prefer to allow the Group Policy to complete the task before continuing on to the next task, so we will leave the “Asynchronous installation” option unchecked. Click Next.
For Step 4 of 7, enter the hostname of the K1000 appliance server or the IP address. One thing to note, there may be a chance that even if the hostname is resolvable the Group Policy will still not be able to properly pull/push the files from the Samba share to the share folder. It is just fine to always use the IP address of the K1000 appliance if there are any issues with DNS in this area. Click Next when done.
Step 4-B - There is an added page on the GPO tool (no screen shot at this time) after the host name Page.
Starting on version 11.0, New Agents need a token to be able to register with the SMA
What’s new in version 11.0 Auto-ORG assignment based on tokens (328389)
If not, the agent will go into Quarantine -
Agent Quarantine (328369)
https://support.quest.com/kace-systems-management-appliance/kb/328369/agent-quarantine
If you have not created a token, see KB 328369, under "
To create a token"
On the KACE SMA Token page, put in the token for the ORG you wish to have agents assigned to. If you have org filters, those should still apply.
Verify that the network share folder you wish for everyone to have access has at least the READ permission level.
The share folder should initially be an empty folder as the new GPO will populate the content if successful.
On Step 5 of 7, do not use the “Browse” button, but instead copy/paste (or type it in accurately) the network share path to the empty folder configured for the agent file access.
Clicking next will prompt the GPO to copy the required agent files over to the empty network share folder if the configuration is successful.
Navigate to the network share to verify that the empty share folder now contains all the necessary agent files needed for installation distribution.
Step 6 of 7 should then display the Agent MSI file automatically. If this field is blank, there is a chance that something is wrong with the network DNS or hostname. Restart the wizard or go back to change the hostname of the K1000 appliance to use the IP address of the K1000 appliance and test again. Also, verify that the K1000 Samba share is enabled and that the network share folder is configured with the proper permissions. Click Next when ready.
Step 7 of 7 should display the Summary page and detail of the new GPO.
That’s it, you are done with the wizard. It will now require the DCs to propagate the new group policy throughout all the other DCs and client systems before this new group policy will kick in and install the K1000 agent on the client systems that never had this agent installed previously.
This is what the Group Policy Management console shows for the new GPO.
Under the Settings tab for the new GPO, click on “show all” to view the Extra Registry Settings. The information displayed below should match what you see on a target client system.
It should match the registry key entered under the GPExtensions, the information should look similar to what is displayed below.
This is a computer configuration policy. This particular policy requires a reboot of the client system to apply and install the agent. A logoff/on is NOT sufficient.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center