The terminology is a little bit confusing
-When you deploy an agent from the system tree, you use credential and it sets up a connection between ePO or AH, and you endpoint to copy files and run the install.
-When you use a client task/task assignment, it uses the agent credentials (aka local system) to do the install.
-When you use "product deployment", it is like a client task with a bit of automation behind it.
ePO allows you to store credential for your own user account, when you do an agent deployment. I don't think there is anything else hidden anywhere.
You should also note, that when agent tasks run we sometimes have the impressions that the installation is rerunning when we look at the agent log but what you see it mainly the client task script verifying that it has something to do or not. If you don't see the "downloading (file name)" in the agent log, then it is probably not reinstalling. In the case of deploying an agent, it pretty sure it always reinstall so only deploy to devices that do not have the right agent version.
I appreciate the response and thanks for the info! Maybe I am going about setting this up the wrong way for what I want it to do.
Here are the steps I'm taking to try to set up a deployment that will install the agent on new laptops.
1. "Laptops" Group in System Tree is synced to an AD OU and it syncs properly (new laptops appear when they are added to the AD OU).
2. The group has an Assigned Client Task that was created in the Product Deployment page...type: Continuous, Auto Update is on, Package is the Agent, Total is set to the group in System Tree, Run at Every Policy Enforcement is checked, and Select Start Time is set to Run Immediately.
By doing this, my assumption is that any new laptop that appears in that group would then have the agent installed on it automatically. However, new systems added to this group do not get the agent. The test group I am using have local admin rights. But the Managed State in the System Tree never changes to Managed and the agent never installs.
When I view the task in the Product Deployment screen, the new laptop does appear there so I know it is seeing it. It just never installs (has one little gray box and one clear box, whereas the laptops with the agent have 3 green boxes). This makes me think it can detect the system, it is just not installing it for some reason. But if I do deploy the agent through the System Tree, it works.
Sorry for the long text. Any thoughts? I've tested this over and over for weeks and can't get it to work how I want it to. In an environment with thousands of laptops, manually deploying is not a sufficient option :-(
That's a relatively easy answer.
Find you AD sync point: in your system tree, select your domain/ou sync point and go to tab called group details, sync type, edit, and everything you want/need is under "push agent". This is how you push the agent to newly synched systems.