cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 26

EPO Agent Distribution

I'm trying to implement EPO server within my organisation.  I want to disribute the agent and VSE using group policy.  I've setup VSE and that installs fine.  The agent however, seems to install in unmanaged mode.  After the installation has completed I can manually change the client to managed mode by running frminst.exe with the appropriate command switches or I can run Framepkg.exe which is where I extracted the msi from.  I'd want the client to be installed in managed mode in the first place as this seems the optimal was to do things.

Ultimately I'm looking for the best method to ensure all clients new and old will be installed with vse and the client in managed mode without any user intervention.

Cheers

25 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 26

Re: EPO Agent Distribution

Bascially the easiest way to install the Agent is to deploy it from ePO.

If you need to do the install manually then use the agent installer generated by ePO (Add new system -> create and download agent installion package) as that will have all the management config wrapped into the installer.

UPDATE: Forgot to mention....I usually install the managed agent first via ePO or manaul install and then install VSE but it really doesn't matter which way you do it.

Message was edited by: Tristan on 14/03/12 17:38:11 GMT
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 26

Re: EPO Agent Distribution

That's no good because you have to do that every time a system is setup.  I prefer the installation of antivirus to be automatic and be there from day 1.

I'm not looking for the easiest way, I'm looking for the best way to ensure all systems are covered.

With kaspersky the agent is configured so when it's installed it joins the appropriate server management application automatically.

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 26

Re: EPO Agent Distribution

ePO is really the best tool for the job.

I have multiple install groups in my ePO system tree with different tasks permenently assign to them. Install VSE, Install DLP, Update to Patch 1, Full system scan ....etc. When ever i want to add a new machine or upgrade an existing one i just drop it in the relevant groups.

Step 1. Add system to ePO. This installs an agent in managed mode

Step 2. Move computer in ePO to a group with the VSE install task assigned to it

Step 3. Sit back and relax as ePO does the rest.

If you really want to use group policy then you'll need to look into building a custom install package for VSE, that contains the framepkg.exe generated by ePO, the agent that comes with the downloaded VSE installer will always be in a generic unmanaged mode.

Another option in the non-ePO route is to look at 'local update publisher' http://localupdatepubl.sourceforge.net/ which allows you to use WSUS to distribute anything you want.

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 26

Re: EPO Agent Distribution

That's sub-optimal.  At the moment the only steps required for me to depoy a workstation, (be it one or the entire network) is to press deploy next to the appropriate workstation.  Anything that would require further intervention would mean that I have to wait till that whole process completes, which is about an hour for a single workstation, and then complete further steps.  I don't want any additional steps to that process as it only creates a potential area for errors.  A deployment process that requires administrators to carry out multiple steps is not what I want under any circumstances.

As I said I've already made the installer package for VSE, and I've made a package for the agent.  All that's required to convert the agent to managed mode is (from the manual) to run either Framepkg.exe or "C:\Program File\McAfee\Common Framework\frmins.exe /Install=agent /siteinfo=<full path\SiteList.xml."  Running both these is relatively trivial, if I wanted I could modify the MFEagent.msi package I have already produced to do this, however, this seems like it could potentially create problems.  I would expect given that this is so trivial that the installer was designed with this functionality already and if it isn't then why isn't it?

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 26

Re: EPO Agent Distribution

As i've tried to explain. If you use the FramePkg.exe agent installer created by ePO it will install in managed mode.

I'm 99% sure that the instructions you quoted from the manual are if your using the generic installer downloaded from the McAfee website.

Former Member
Not applicable
Report Inappropriate Content
Message 7 of 26

Re: EPO Agent Distribution

In order to deploy the agent via group policy I require the installer to be in the windows installer package (.msi) format.  I could write a script that runs FramePkg.exe however this again seems sub-optimal as you often lose the error handling and logging associated with msi packages.

I can extract FramePkg.exe to produce the files contained within in it ie MFEagent.msi, Sitelist.xml etc which is how I've created the agent installer package already however the files extracted from FramePkg.exe still install the client in unmanaged mode.

Former Member
Not applicable
Report Inappropriate Content
Message 8 of 26

Re: EPO Agent Distribution

Moved this to our ePO product space for housekeeping.

jmcleish
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 26

Re: EPO Agent Distribution

John,

Why not use a computer startup script? even a simple batch file or something to check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\EPOAGENT3000- version for your required version and if its not the same then run the install?

Copy the framepkg.exe from here on your ePO server:  c:\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3000\Install\0409  and install using the framepkg.exe /install=agent /silent

this file has the embedded info from the ePO server.

And the framepkg.exe creates the  frminst* log and also an msi log on the local machine.

There's also this article in the KB which could also help:

https://mysupport.mcafee.com/eservice/Article.aspx?id=KB67796

HTH

Jane

Message was edited by: jmcleish on 15/03/12 10:01:08 CDT
Former Member
Not applicable
Report Inappropriate Content
Message 10 of 26

Re: EPO Agent Distribution

As I say, I don't like using scripts because they lack the logging and error handling of windows installer packages.  From experience it's quite easy for a the application to prompt because of an error at which point the startup process hangs and never gets resolved.

That KB article however is pretty much exactly what I want.  However it states "McAfee Agent 4.6 simplifies the process of creating a deployment package to use with the Group Policy Object. For more informatoin, see PD23185 - McAfee Agent 4.6 Product Guide." and PD23185 has no information in it.

And while I could probably achieve what I wanted as the article says "

  • MFEAgent.msi contains many options and components required to ensure a successful Agent installation. Do not modify this file except as instructed below.

"

So I'd rather not poke arround in the windows installer without specific instructions.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community