Kaspersky Administration Kit 8.0

 
 
 

Application deployment task: push method

Back to "Installing client computers"
2012 Jan 23 ID: 2726
 
 
 
 

The article applies to Kaspersky Administration Kit 8.0

This method lets you install software on specific client computers in a logical network. A push deployment task allows to:

  • in a domain:
    • create an Active Directory group policy which will be used to install the desired software,
    • configure delivery of Kaspersky Lab software installation files to a client PC and start installation of such software.

      Delivery of distribution packages can be carried out via:
      • Network agent (if installed),
      • RPC (Remote Procedure Call) from a shared folder on the Administration server (C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Share\Packages, by default).
  • in a workgroup:
    • configure delivery of Kaspersky Lab software installation files to a client PC and start installation of such software.

      Deployment in a workgroup requires additional efforts (for example, it is recommended to disable Simple File Sharing). Therefore we suggest that you use the most convenient way to install Network agent on all computers, and then start installing antivirus software using push installation with installation package delivery type Using Network Agent.

WarningIf an Administration server connects to client PCs via Internet or is protected with a firewall, it is impossible to use shared folders for data transmission. In this case, delivery of installation packages to a client PC requires a Network agent to be installed on it. You can install Network agent on such PCs either locally or by other methods.

WarningRequirements of a successful push installation:

 

  1. Server service should be running on the client PC.

  2. Installation via Network agent requires an established Agent – Server connection.

  3. Initial installation of Network agent using a Kaspersky Administration Kit deployment task needs the following ports to be open on a client PC:
      • TCP 139
      • TCP 445
      • UDP 137
      • UDP 138

If Microsoft Windows Firewall is turned on, do the following to open these ports:

  1. Be sure to uncheck the box Don’t Allow Exception:



  2. Check File and Printer Sharing in the list of allowed exceptions:


A push application deployment task is created using the New Task Wizard. There are several ways it can be started:

  • Create a new task command in the task bar of the node Tasks for specific computers.

  • Install command in the right-click menu of a selected installation package. The installation package selection step will be skipped.

  • Create a new task command in the task bar of the node Group tasks of any group. Selection of client computers to install will be skipped. A group task will be created for the given group.

InformationIt is possible to create a deployment task by selecting Install application command in Administration server right-click menu. A task created by this method cannot be scheduled – it will be run immediately upon creation. This task is saved in the Group tasks node of the selected group.

 

The New Task Wizard will prompt you to:

  • enter a task name. It must be unique within the group.

  • task type and application to run it. This step is skipped if the New Task Wizard has been started from the right-click menu of an installation package.


    Choose Kaspersky Administration Kit > Application deployment from the application list.



  • installation package to be used by the installation. This step is skipped if the New Task Wizard has been started from the right-click menu of an installation package.




    If no installation package for the given application has been created yet, use the button New to start the New Package Wizard.

  • deployment method – choose Push install. This step is skipped if the New Task Wizard has been started from the Group tasks node of a group.



  • task settings and method of installation package delivery to client computers:




    Recommendations on (un)checking boxes in this step:
    • If you are going to install the application using Active Directory, you should check the box Assign the package installation in the Active Directory group policies (unchecked by default) and uncheck the boxes Using Network Agent and Using Microsoft Windows resources from shared folder.


      If for example you leave the box Using Network Agent checked, Network agent will be used for application installation instead of GPO, because it is faster. The deployment will not proceed to installation via Active Directory group policies.

    • If you are not going to install the application using Active Directory, you should leave all the settings as they are (all three boxes in the section Force uploading installation package are checked).


      In this case an attempt to install via Network agent (if installed on the PC) will be made first, followed by RPC (Remote Procedure Call). The task will not repeat attempts to install the application (because the box Do not install application if it is already installed is checked).


      InformationIf you need to reinstall the application, you should uncheck the box Do not install application if it is already installed.


      You can limit the number of simultaneous package uploads from Server, as well as the number of attempts to install an application on a client PC in the properties of a created push deployment task.


      InformationIf there are Update agents in a network, these settings will only apply when a client PC fails to receive an installation package from an Update agent!
  • When creating an application deployment task, New task wizard will prompt you to install Network agent along with the antivirus you are installing. If you need to install the Network agent, check the box Install Network agent along with this application and select a Network agent package or create a new one (button Create).



  • choose the desired operating system restart option (if necessary).



  • configuration of computer relocation after installing the selected applications.



  • select target computers. The list of client PCs to install the application. This step is skipped if the New task wizard has been started from the Group task node of a group.


    Choose a method of selecting target computers:
    • I want to select computer using Windows Networking – if you choose this option and click Next, the Wizard will open a window where you can select the target computers from the Network and Group tree nodes. Check the boxes of the corresponding computers.

    • I want to define computer addresses (IP, DNS or NETBIOS) manually - if you choose this option and click Next, the Wizard will open a window where you can select the target computers by entering their IP addresses, IP ranges or NetBIOS names.


      It is also possible to import IP addresses from a file. A file containing a list of addresses is a TXT file where each address occupies a single line.


      You can edit the IP address list using the buttons Add / Add IP address range / Remove. Use the button Import to select an IP address list file.
  • an account to launch the deployment task.


    If you install an application on a PC which does not have a Network agent installed on it, the account needs to have the following permissions:
    • permission to run applications remotely on client computers in a logical network;

    • permission for Admin$ resource;

    • permission to Log on as Service.

If the Network agent is already installed, it will be copying and installing all the necessary files under the Local System Account.

If you do not specify an account here, the account running the Administration server will be used by default.


WarningNew Task Wizard does not verify the data you enter! Therefore if you mistype login or password, the command to install will not be added to the login script or the application will not be installed.


InformationIf you are going to perform deployment on computers belonging to different domains, you need to establish a trust relationship between such domains first.

  • schedule the task run.


A created task will be available in:

  • Tasks for specific computers node, if you ran the New task Wizard from that node or right-click menu of an installation package.
  • Group tasks node of the group for which you created the task.

When a task has been created, you can change the following settings: list of client computers (for tasks for specific computers), configuration of delivery of installation packages to client PCs, account to run the task, task start-up schedule, limitations on the number of simultaneous package uploads from Server and attempts to install the application on client PC(s), as well as configure notification about execution of the task.

 
 
 
 
Did the provided info help you?
Yes No