Installing an application remotely

Deploying Kaspersky applications > Installing applications using a remote installation task > Installing an application remotely

Installing an application remotely

Expand all | Collapse all

This section contains information on how to remotely install an application on devices in an administration group, devices with specific addresses, or a selection of devices.

To install an application on specific devices:

In the main menu, go to Assets (Devices) → Tasks.
Click Add.
The New task wizard starts.
In the Task type field, select Install application remotely.
Select one of the following options:
- Assign task to an administration group
  The task is assigned to devices included in an administration group. You can specify one of the existing groups or create a new one.
  
  For example, you may want to use this option to run a task of sending a message to users if the message is specific for devices included in a specific administration group.
  
  If a task is assigned to an administration group, the Security tab is not displayed in the task properties window because group tasks are subject to the security settings of the groups to which they apply.
- Specify device addresses manually or import addresses from a list
  You can specify DNS names, IP addresses, and IP subnets of devices to which you want to assign the task.
  
  You may want to use this option to execute a task for a specific subnet. For example, you may want to install a certain application on devices of accountants or to scan devices in a subnet that is probably infected.
- Assign task to a device selection
  The task is assigned to devices included in a device selection. You can specify one of the existing selections.
  
  For example, you may want to use this option to run a task on devices with a specific operating system version.
The Install application remotely task is created for the specified devices. If you selected the Assign task to an administration group option, the task is a group one.
At the Task scope step, specify an administration group, devices with specific addresses, or a device selection.
The available settings depend on the option selected at the previous step.
At the Installation packages step, specify the following settings:
- In the Select installation package field, select the installation package of an application that you want to install.
- In the Force installation package download settings group, specify how files that are required for the application installation are distributed to client devices:
  - Using Network Agent
    If this option is enabled, installation packages are delivered to client devices by Network Agent installed on those client devices.
    
    If this option is disabled, installation packages are delivered using the operating system tools of client devices.
    
    We recommend that you enable this option if the task has been assigned to devices with Network Agents installed.
    
    By default, this option is enabled.
  - Using operating system resources through distribution points
    If this option is enabled, installation packages are transmitted to client devices using operating system tools through distribution points. You can select this option if there is at least one distribution point on the network.
    
    If the Using Network Agent option is enabled, the files are delivered using operating system tools only if Network Agent tools are unavailable.
    
    By default, this option is enabled for remote installation tasks that have been created on a virtual Administration Server.
    
    The only way to install an application for Windows (including Network Agent for Windows) on a device that does not have Network Agent installed is by using a Windows-based distribution point. Therefore, when you install a Windows application:
    
    Select this option.
    Ensure that a distribution point is assigned for the target client devices.
    Ensure the distribution point is Windows-based.
  - Using operating system resources through Administration Server
    If this option is enabled, files are transmitted to client devices by using operating system tools of client devices through the Administration Server. You can enable this option if no Network Agent is installed on the client device, but the client device is in the same network as the Administration Server.
    
    By default, this option is enabled.
- In the Maximum number of concurrent downloads field, specify the maximum allowed number of client devices to which Administration Server can simultaneously transmit the files.
- In the Maximum number of installation attempts field, specify the maximum allowed number of installer runs.
  If the number of attempts specified in the parameter is exceeded, Kaspersky Security Center Linux does not start the installer on the device anymore. To restart the Install application remotely task, increase the value of the Maximum number of installation attempts parameter and start the task. Alternatively, you can create a new Install application remotely task.
- If you migrate from one Kaspersky application to another and your current application is password-protected, enter the password in the Password to uninstall the current Kaspersky application field. Note that during the migration, your current Kaspersky application will be uninstalled.
  The Password to uninstall the current Kaspersky application field is only available if you have selected the Using Network Agent option in the Force installation package download settings group.
  
  You can use the uninstall password only for the Kaspersky Security for Windows Server to Kaspersky Endpoint Security for Windows migration scenario when installing Kaspersky Endpoint Security for Windows by using the Install application remotely task. Using the uninstall password when installing other components may cause installation errors.
  
  To complete the migration scenario successfully, make sure that the following prerequisites are met:
  - You are using Kaspersky Security Center Network Agent 14.2 for Windows or later.
  - You are installing the application on devices running Windows.
- Define the additional setting:
  - Do not re-install application if it is already installed
    If this option is enabled, the selected application will not be re-installed if it has already been installed on this client device.
    
    If this option is disabled, the application will be installed anyway.
    
    By default, this option is enabled.
  - Verify operating system type before downloading
    Before transmitting the files to client devices, Kaspersky Security Center Linux checks if the Installation utility settings are applicable to the operating system of the client device. If the settings are not applicable, Kaspersky Security Center Linux does not transmit the files and does not attempt to install the application. For example, to install some application to devices of an administration group that includes devices running various operating systems, you can assign the installation task to the administration group, and then enable this option to skip devices that run an operating system other than the required one.
  - Assign package installation in Active Directory group policies
    If this option is enabled, an installation package is installed by using the Active Directory group policies.
    
    This option is available if the Network Agent installation package is selected.
    
    By default, this option is disabled.
  - Prompt users to close running applications
    Running applications may prevent a restart of the client device. For example, if a document is being edited in a word processing application and is not saved, the application does not allow the device to restart.
    
    If this option is enabled, such applications on a locked device are forced to close before the device restart. As a result, users may lose their unsaved changes.
    
    If this option is disabled, a locked device is not restarted. The task status on this device states that a device restart is required. Users have to manually close all applications running on locked devices and restart these devices.
    
    By default, this option is disabled.
- Select on which devices you want to install the application:
  - Install on all devices
    The application will be installed even on devices managed by other Administration Servers.
    
    This option is selected by default. You do not have to change this setting if you have only one Administration Server in your network.
  - Install only on devices managed through this Administration Server
    The application will be installed only on devices managed by this Administration Server. Select this option if you have more than one Administration Server in your network and want to avoid conflicts between them.
- Specify whether devices must be moved to an administration group after installation:
  - Do not move devices
    The devices remain in the groups in which they are currently located. The devices that have not been placed in any group remain unassigned.
  - Move unassigned devices to the selected group (only a single group can be selected)
    The devices are moved to the administration group that you select.
  Note that the Do not move devices option is selected by default. For security reasons, you might want to move the devices manually.
At the this step of the wizard, specify whether the devices must be restarted during installation of applications:
- Do not restart the device
  If this option is selected, the device will not be restarted after the security application installation.
- Restart the device
  If this option is selected, the device will be restarted after the security application installation.
If necessary, at the Select accounts to access devices step, add the accounts that will be used to start the Install application remotely task:
- No account required (Network Agent installed)
  If this option is selected, you do not have to specify the account under which the application installer will be run. The task will run under the account under which the Administration Server service is running.
  
  If Network Agent has not been installed on client devices, this option is not available.
- Account required (Network Agent is not used)
  Select this option if Network Agent is not installed on the devices for which you assign the remote installation task. In this case, you can specify a user account or an SSH certificate to install the application.
  - Local Account. If this option is selected, specify the user account under which the application installer will be run. Click the Add button, select Local Account, and then specify the user account credentials.
    You can specify multiple user accounts if, for example, none of them have all the required rights on all devices for which you assign the task. In this case, all added accounts are used for running the task, in consecutive order, top-down.
  - SSH certificate. If you want to install an application on a Linux-based client device, you can specify an SSH certificate instead of a user account. Click the Add button, select SSH certificate, and then specify the private and public keys of the certificate.
    To generate a private key, you can use the ssh-keygen utility. Note that Kaspersky Security Center Linux supports the PEM format of private keys, but the ssh-keygen utility generates SSH keys in the OPENSSH format by default. The OPENSSH format is not supported by Kaspersky Security Center Linux. To create a private key in the supported PEM format, add the -m PEM option in the ssh-keygen command. For example:
    
    ssh-keygen -m PEM -t rsa -b 4096 -C "<user email>"
At the Finish task creation step, click the Finish button to create the task and close the wizard.
If you enabled the Open task details when creation is complete option, the task settings window opens. In this window, you can check the task parameters, modify them, or configure a task start schedule, if necessary.
In the task list, select the task you created, and then click Start.
Alternatively, wait for the task to launch according to the schedule that you specified in the task settings.

When the remote installation task is completed, the selected application is installed on the specified devices.