/build/static/layout/Breadcrumb_cap_w.png
05/02/2019 157 views

Good Day,


I would like to know what would be the best way to bundle a Kace Agent in all my Windows Server VM template. I was thinking about the following method:


- Installing the Agent directly on the Windows server and convert back the VM in template. (Not sure if that method will affect the KUID when i will deploy VM)

- Make a one time script at the launch of a VM deployment

- Deployment by GPO

- Manually deployment (That would be my last resort)


Let me know your thought.


Thanks

0 Comments   [ + ] Show comments

Comments


All Answers

0

Best Practice.

the KACE Agent must NOT be part of any Golden Image or Template.

Install the agent via Post installation tasks (this is possible if you have a KACE Systems Deployment Appliance), or install it later via GPO, SCCM or any other enterprise software distribution or management tool.


I theory, you could just delete the KUID.txt file... but you are going to need to find a way to push a script or run a command to force the agent to generate a brand new KUID for each new VM.

Answered 05/02/2019 by: Channeler
Red Belt

  • this is not correct.
    You _CAN_ (it is not suggested but possible) install the agent sysprepready (it does not start at the time of installation, so no KUID is written)
    This option is CLONEPREP=1
    (so the manual install would be:
    msiexec /i AGENT.msi /qn CLONEPREP=1 NOHOOKS=1 (I always use the nohooks option since some of the systems are not always able to reach the appliance (no internet access) when on tour, so the login procedure would run longer than I would like to have it. The cons of not being able to run scripts before the user is logged in is acceptable for these systems)
    • I always believed using NOHOOKS has it's downsides... like .. If you set this property you will not be able to run scripts/managed installations etc before an user is logged in and loaded the Desktop
      • NOHOOKS has its downsides, as I wrote:
        - you are not able to run MI/Scripts with "after login but before desktop loads" or similar.
        But it is important in the following environments:
        1. you use your own userinit settings (for instance VDI or special "security snake oil")
        2. your users are on tour and want to work with their devices but don't have the opportunity to reach out to the KACE (not logged into VPN or no Internet access etc) which slows down the login process (I seen up to 25min waiting time from Windows logo until logged in and seeing the desktop, 10min is the usual timeframe)
        3. you don't reboot your systems regulary but switch permanently between WLAN, WWAN and LAN