ESET Online Help

Search English
Select the category
Select the topic

Agent deployment using GPO or SCCM

Apart from local deployment, you can also use management tools such as Group Policy Object (GPO), System Center Configuration Manager (SCCM), Symantec Altiris or Puppet for remote deployment of Agent.

Use this option for mass deployment of the ESET Management Agent on client computers.

You can create a GPO/SCCM script for Agent deployment on Windows from Quick Links > Deploy Agent or Installers > Create Installer.

1.Click Windows > Use GPO or SCCM for deployment.

2.Select the Participate in product improvement program check box to send anonymous telemetry data and crash report to ESET (OS version and type, ESET product version and other product-specific information).

3.Parent group - Select the Parent group where the ESET PROTECT Web Console will place the computer after an Agent installation.

You can select an existing static group or create a new one to which the device will be assigned after the installer is deployed.

Selecting a Parent group will add all policies applied to the group to the installer.

Selecting the Parent Group does not affect the installer location. After you create the installer, it is placed in the current user's Access Group. Access Group sets the object's Static Group and access to the object based on the user's access rights.

The parent group is mandatory if you use ESET Business Account with sites or ESET MSP Administrator and optional if you use ESET Business Account without sites.

4.Server hostname (optional) - Type the ESET PROTECT Server hostname or IP address. If necessary, specify the Port number (default is 2222).


warning

The Server hostname field does not support special characters—for example, letters with diacritics.

5.Peer certificate:

ESET PROTECT certificate - A Peer Certificate for Agent installation and ESET PROTECT Certification Authority are selected automatically. To use a different certificate, click the ESET PROTECT Certificate Description to select from a drop-down menu of available certificates.

Custom certificate - If you use a custom certificate for authentication, click Custom Certificate > Select , upload the .pfx certificate and select it when installing the Agent. For more information, see Certificates.

Certificate passphrase - Type the certificate passphrase if needed - if you have specified a passphrase during ESET PROTECT Server installation (in the step where you created a Certification Authority) or you use a custom certificate with a passphrase. Otherwise, leave the Certificate passphrase field blank.


warning

The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during Agent initialization.

The password must contain at least 10 characters in three categories: lowercase letters, uppercase letters, digits or special characters. We recommend using a password with no less than 12 characters.

6.arrow_down_business Customize more settings

7.Click Finish.

8.Download the GPO/SCCM script and Agent installers (32-bit, 64-bit, ARM64). Alternatively, you can download the Agent installer .msi files from ESET download page - Standalone installers section.

Click the appropriate link below to view step-by-step instructions for two popular ESET Management Agent remote deployment methods:

Deployment of ESET Management Agent using Group Policy Object (GPO) - This Knowledgebase article may not be available in your language.

Deployment of ESET Management Agent using System Center Configuration Manager (SCCM)