Install the Endpoint Software with Centralized Tools (Windows Computers)

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product., WatchGuard EDR Core This topic applies to the WatchGuard EDR Core, available in the Total Security Suite license.

On medium-sized and large networks we recommend that you use centralized tools to install the endpoint software for Windows computers.

Install the Client with Command Line Tools

You can automate the installation and integration of the WatchGuard Agent into the management UI with these command-line parameters:

• GROUPPATH="group1\group2": Path in the group tree where the computer will reside. The 'All' root node is not specified. If the group does not exist, the computer will be integrated into the 'All' root group.
• PRX_SERVER: Name or IP address of the corporate proxy server.
• PRX_PORT: Port of the corporate proxy server.
• PRX_USER: User of the corporate proxy server.
• PRX_PASS: Password of the corporate proxy server.

This example shows how to use command-line parameters to install the agent:

Msiexec /i "WatchGuardAetherAgent.msi" GROUPPATH="London\AccountingDept"

PRX_SERVER="ProxyCorporative" PRX_PORT="3128" PRX_USER="admin" PRX_PASS="panda"

For a silent installation, you must add the /qn parameter. For example:

Msiexec /i "WatchGuardAetherAgent.msi" /qn GROUPPATH="London\AccountingDept"

PRX_SERVER="ProxyCorporative" PRX_PORT="3128" PRX_USER="admin" PRX_PASS="panda"

Deploy the Agent with Microsoft Active Directory

You can use a Microsoft Active Directory Group Policy Object (GPO) to deploy the endpoint software on a computer for the first time. Active Directory does not support updates of previously installed software.

The computer where you define the GPO cannot have the WatchGuard Agent installed. You must uninstall the agent before you can create the GPO. You can re-install the agent after you add the GPO. If you try to define the GPO on a computer with the agent installed, this error message displays: The process of adding failed. The deployment information could not be retrieved from the package. Make sure the package is correct.

The steps in this section might not work for your environment. If you encounter any deployment issues that are not related to our MSI package, contact Microsoft Support.

To deploy the agent with an Active Directory GPO:

1. Download and share the endpoint software installer. Save the installer file to a shared folder accessible to all the computers that are to receive the software.
2. In Active Directory, create a new Organizational Unit called Cloud deployment.
   1. Open the mmc.
   2. Add the Group Policy Management snap-in.
   3. Right-click the domain node, and select New > Organizational Unit.
   4. Create an Organizational Unit called Cloud deployment.
3. Create a new GPO with the installation package.
   1. Right-click the new organizational unit and select Create a GPO in this Domain.
   2. Name the GPO (for example, Cloud deployment GPO).
4. Edit the new GPO and add the installation package that contains the WatchGuard Endpoint Security software.
   1. Click Computer configuration, Policies, Software Settings, Software installation.
   2. Right-click Software installation, and select New > Package.
   3. Add the WatchGuard Endpoint Security .msi installation package.
5. Edit the package properties:
   1. Right-click the package you added, and select Properties > Deployment tab > Advanced.
   2. Select the Ignore Language when Deploying this Package and Make this 32- bit X86 Application Available to Win64 Machines check boxes.
   3. Add all network computers that will receive the agent to the Cloud deployment Organizational Unit.

Related Topics

Installation Requirements