3 Replies Latest reply on Aug 14, 2017 1:30 PM by andrep1

    Product Deployment Credentials


      I am trying to make a product deployment that will install the McAfee Agent and MCP, but only if they aren't already installed.  So far, I'm having two problems. 


      1.  How do I change the credentials that are stored and used by Product Deployment?

      The deployment doesn't work.  I believe this has to do with credentials.  I didn't set up the ePO server originally so I don't know which credentials were used.  But, if I Deploy Agent from the System Tree, it works fine.  I use credentials I know have rights to install software on clients.  However, when setting up a task through Product Deployment, it doesn't ask me for credentials so I assume it is using credentials that are already stored.  I can't find them anywhere, though.  I have gone through all of the Server Settings and there is nowhere that is storing any credentials, unless I am missing something.


      2.  When I set Deploy Agent on a schedule, it works but it reinstalls the application instead of checking if it's installed first.  My assumption is that Product Deployment will not do an install if the Agent/MCP already exists on the client.  Since I can't get Product Deployment to work, I can't test this theory.  But, if I am wrong does anyone know a way to set a schedule and not have it do an install if it already exists on the client?


      I appreciate any help I can get and thank you in advance.

        • 1. Re: Product Deployment Credentials

          The terminology is a little bit confusing

          -When you deploy an agent from the system tree, you use credential and it sets up a connection between ePO  or AH,  and you endpoint to copy files and run the install.

          -When you use a client task/task assignment, it uses the agent credentials (aka local system) to do the install.

          -When you use "product deployment", it is like a client task with a bit of automation behind it.


          ePO allows you to store credential for your own user account, when you do an agent deployment. I don't think there is anything else hidden anywhere.


          You should also note, that when agent tasks run we sometimes have the impressions that the installation is rerunning when we look at the agent log but what you see it mainly the client task script verifying that it has something to do or not. If you don't see the "downloading  (file name)" in the agent log, then it is probably not reinstalling.  In the case of deploying an agent, it pretty sure it always reinstall so only deploy to devices that do not have the right agent version.

          • 2. Re: Product Deployment Credentials

            I appreciate the response and thanks for the info!  Maybe I am going about setting this up the wrong way for what I want it to do.


            Here are the steps I'm taking to try to set up a deployment that will install the agent on new laptops.

            1.  "Laptops" Group in System Tree is synced to an AD OU and it syncs properly (new laptops appear when they are added to the AD OU).

            2.  The group has an Assigned Client Task that was created in the Product Deployment page...type:  Continuous, Auto Update is on, Package is the Agent, Total is set to the group in System Tree, Run at Every Policy Enforcement is checked, and Select Start Time is set to Run Immediately.


            By doing this, my assumption is that any new laptop that appears in that group would then have the agent installed on it automatically.  However, new systems added to this group do not get the agent.  The test group I am using have local admin rights.  But the Managed State in the System Tree never changes to Managed and the agent never installs.


            When I view the task in the Product Deployment screen, the new laptop does appear there so I know it is seeing it.  It just never installs (has one little gray box and one clear box, whereas the laptops with the agent have 3 green boxes).  This makes me think it can detect the system, it is just not installing it for some reason.  But if I do deploy the agent through the System Tree, it works.


            Sorry for the long text.  Any thoughts?  I've tested this over and over for weeks and can't get it to work how I want it to.  In an environment with thousands of laptops, manually deploying is not a sufficient option :-(

            • 3. Re: Product Deployment Credentials

              Ah! Ok,

              That's a relatively easy answer.

              Find you AD sync point: in your system tree, select your domain/ou sync point and go to tab called group details, sync type, edit, and everything you want/need is under "push agent". This is how you push the agent to newly synched systems.