I'm using LDMS 9.5 SP2 and am trying to deploy a new agent that includes LANDesk Antivirus, along with a script that will remove our old Antivirus.  I made a package that will remove the old AV, and put it in as a dependency on an Advance Agent package.  I scheduled the Advance Agent package as a Policy Supported Push, added a test machine to it and kicked it off.  Since the machine I am testing with is outside the network, it failed the first time, but then when it checked in for an updated policy, it saw that it had some work to do, downloaded the script and the msi, ran the script to remove the old AV (success), and ran the msi.  The Advance Agent installed, and pulled down the new Agent EXE.  It seems to run the EXE ok, because the agent appears to uninstall, then reinstall, but the AV doesn't appear to install successfully.  In the LDClient directory, there's an Antivirus directory, but there's no LANDesk Antivirus Service, and no LANDesk Antivirus in the Start menu folder.  Has anyone come across this?  I'm thinking that the previous AV removal may need a reboot first... would putting a reboot into the AV uninstall script cause the Advance Agent package to fail?  The AV that I'm replacing is Sophos, if that's relevant.

Problem:

How can we uninstall LDMS agents on multiple clients. It is known that we could use the UninstallWinClient.exe to uninstall the agent but how can we do that on multiple clients at the same time.

Resolution:

We could distribute the UninstallWinClient.exe as software distribution scheduled task.

The location of UninstallWinClient.exe: Core Server X:\Program Files (x86)\LANDesk\ManagementSuite\ldmain\UninstallWinClient.exe

Detailed Steps:

1. Log into the Console.

2. Click on the Tools->Software Distribution.

3. Click on the "Package distribution" option.

4. In the prompt window, right click and create a new package.

5. In the prompt property window, please fill in the package name and description.

6. In the "Primary file", please choose the UninstallWinClient.exe file. (You can put the UninstallWinClient.exe file to a certain path. For instance my default path is http://XX/landesk/files, This path could be changed under IIS and we could put the exe under that folder by browsing into it.

7.  Click Save to finish the configuration.

8. Right click on the package and choose Schedule Task.

9. Please drag and drop the multiple clients into the scheduled task.

10. Right click on the task and choose start->all.

!Please note that when you distribute this package, the agent will be uninstalled but the status of the task will remain "active" until it times out and eventually fails. This is because the agent is no longer able to report status back to the core.

Problem:

Agent has been deployed to the client machine, but the core server is destroyed , IT people has NOT backup all the certificates and keys , All the client machines can't be managed by core server with the old certificate, we need to copy the new certificate to the client machine using patch, This article is to introduce how to restore the new certificate to the client machine with agent based. It is verified on LDMS 9.5(No sp1 and No sp2)

Description:

Steps for restoring the new certificate to the client machine:

1. Import the attached definitions.

2. Right click on the definition, click properties

3. Click custom Variables tab

4. Click Edit variables button

5. Input the new cert name for the new core server

6. scan the client machines

7. Fix the client machines

We have had a couple of machines that for whatever reason when the agent is deployed to them the Anti virus is not present after the agent deployment finishes.  AV is setup to be deployed with the agent, uninstalling and re-installing the agent does not help.  Anyone else run into anything like this and have some suggestions?  The computer I am most recently having an issue with was re-imaged the other day.

Is there a way to build a Self-contained agent install for MACs?  The option is greyed out for me.

I have two agents in my LDMS 9.5 SP2 environment, Server and PC.  I have noticed that the "Scan and Repair" settings from my Server agent is set as the default in the "Agent Settings" and it is being loaded on the PCs in my environment.  Thus, replacing the "PC Scan and Repair Settings" that is configured in the PC Agent.  Why is that happening?  How do I maintain settings that were set in their respective agents and not have them changed to what is set as "Default"?

I'm installing the agent on Windows 7 x64 machines. About 6 of every 10 computers I install the agent on will fail.

After some testing I found that if I uncheck the Antivirus option in the agent, the agent will install without issues. If I immediately try running vulscan.exe /installav it will time out and fail. If I install the agent, then reboot the machine, THEN run vulscan.exe /installav it solves the problem. I looked in the wscfg32.xlg file after a failed agent install and here are the last few lines:

06/17/2014 12:09:48.263    5692    5680    tokens.cpp    664    Starting process: C:\Program Files (x86)\LANDesk\LDClient\vulscan.exe /changesettingsnoreport

06/17/2014 12:09:49.901    5692    5680    tokens.cpp    688    Processes returned : 229835193

06/17/2014 12:09:49.901    5692    5680    tokens.cpp    552    WARNING:  Non-standard return code for: C:\Program Files (x86)\LANDesk\LDClient\vulscan.exe, Exit code: 229835193

06/17/2014 12:09:49.901    5692    5680    tokens.cpp    709    SUCCEEDED:  Running application: C:\Program Files (x86)\LANDesk\LDClient\vulscan.exe /changesettingsnoreport

06/17/2014 12:09:49.901    5692    5680    ntstacfgDlg.cpp    1480    INI:  EXEC8=C:\Program Files (x86)\LANDesk\LDClient\ldHpMgr.exe, /install, INSTALLONLY

06/17/2014 12:09:49.901    5692    5680    tokens.cpp    664    Starting process: C:\Program Files (x86)\LANDesk\LDClient\ldHpMgr.exe /install

06/17/2014 12:09:50.166    5692    5680    tokens.cpp    688    Processes returned : 0

06/17/2014 12:09:50.166    5692    5680    tokens.cpp    709    SUCCEEDED:  Running application: C:\Program Files (x86)\LANDesk\LDClient\ldHpMgr.exe /install

06/17/2014 12:09:50.166    5692    5680    ntstacfgDlg.cpp    2411    Processing LANDesk Desktop Manager Post Copy

06/17/2014 12:09:50.166    5692    5680    ntstacfgDlg.cpp    2571    FAILED:  Finished

06/17/2014 12:09:50.166    5692    5680    tokens.cpp    1618    SUCCEEDED:  Deleting files - no matching files

06/17/2014 12:09:50.197    5692    5680    ntstacfgDlg.cpp    2453    Vulscan wants to reboot the machine

06/17/2014 12:09:50.197    5692    5680    ntstacfgDlg.cpp    2659    gProcessExitCode set to ERROR_SUCCESS_REBOOT_REQUIRED

06/17/2014 12:09:50.197    5692    5680    ntstacfgDlg.cpp    2665    FAILED:  bCriticalError is true.  Setting exit code to ERROR_INSTALL_FAILURE

As I said, this happens on just over half of the machines I install it on. It happens on machines which are already up and running and it happens on machines which are being freshly imaged. At the moment I am using an agent without antivirus checked and just installing the antivirus portion after a reboot of each machine, which is cumbersome and will present a problem once I start upgrading machines in a computer lab environment where I need to do a mass-rollout.

Thank you for any assistance!

There's a link here within this community that I found once on how to create a version of agent to put on, say, a developers computer, where we want their machine cataloged within Landesk, but we don't ever want Landesk to deploy anything to that computer.  I had created a "neutered" version of the agent based on a document I found here where vulnerability scan was commented out of the agent configuration.

I can't find that article and need access to it again. Can someone please  point me to it?

Thanks

So we have one user that seems determined to keep removing the LANDesk agent from his system. He once admitted to me that he looked up on the Internet on how to do it and it took him 6 hours as i was putting back on his system so he could install software he wanted, now it seems he has removed it again. Any suggestions on how we can prevent this or alert us if it is removed again?

Requesting advice on a problem we are having. We are in the process of rolling out LANdesk for the first time. Many of our systems have McAfee 8.8 workstation version on them. From my testing I have had some issues with LD AV not installing correctly.Deploying an agent that has LD AV to a machine that still has McAfee on it can result in it removing McAfee but not properly installing LD AV after removing McAfee. McAfee and LD AV are not compatible and a restart must occur before LD AV will start to function. In our tests about 20% of the time the LD agent will uninstall McAfee and then not succeed in prompting the user to restart to finish the install. We want to limit how long our users are without AV protection. We figured the best course was to remove McAfee first and then restart and proceed with the LD agent with LD AV. Ideally this would be easily accomplished by installing LD without the LD AV component on a machine and then using LD to run our provisioning package to uninstall McAfee. (Our McAfee does not have a central management console). This works great, but this is where I am requesting advice. Once we have LD agent on the system and we use it to remove McAfee first then we need to install another agent containing LD AV. I am only aware that can be done by deploying/installing a new agent with LD AV as part of the agent components. My experience with this is that when re-installing a new agent that contains LD AV onto a machine that already has an agent it uninstalls the agent components and installs LD AV. I would then have to schedule another deployment to re-install the agent on the machine. This is what I would like to avoid. The more installs I have to go through the more chance at an interruption or failure. If anyone has any suggestions on installing the LD AV after the agent is on the system in a manner that will allow LD AV to be integrated with the core and not having to do multiple agent installs that would be very helpful. Any other suggestions to help streamline this would also be much appreciated.

Thank you

We have the LD agent running on devices that are reboot often, with a login to a default Windows account.  I would like the agent to check for policies every time the user logs on (in case the device was reboot in the middle of a package install), so I checked that option under Agent configuration.  I set the "max random delay" to 0 hours, which I hope means immediately.  However, the agent did not resume an interrupted package download (using a policy-supported push)  until after I performed an inventory scan.  Can anyone help me with what these options are actually doing?  Any tips for best practices to get an agent to check in frequently?  Or should I control it from the core and change the task to run on failed devices more frequently?  Thank you in advance.

Problem:

How do I force the agent to update without rebooting?

Resolution:

Run the LDISCN32.exe out of the C:\Program Files (x86)\LANDesk\ManagementSuite\ldlogon directory using an elevated command prompt with the applicable switches attached.

The switches are as follows:

Question:

I've been trying to figure out how I can do some application blocking.  Everything I find points to DOC-7485    Is there a way to do this?  Is there a doc that shows me how? Say I want to block notepad.exe

Answer:

Reference the following articles:

LANDesk Patch and Compliance Landing Page

http://community.landesk.com/support/docs/DOC-23839

How to use Custom Groups and Blocked Applications

http://community.landesk.com/support/docs/DOC-6731

How to create a custom Blocked Application

http://community.landesk.com/support/docs/DOC-6713

LANDesk Management Suite 9.5 patch & compliance documentation

http://community.landesk.com/support/docs/DOC-29597

E-Learning - Patch & Compliance Overview and Download

http://community.landesk.com/support/docs/DOC-22198

Additionally.....

Be aware that "If you make changes to what applications are blocked, do you have to redeploy the agent"? The answer in that case would be no. If you make changes in the console around Blocked Applications, you do not need to redeploy the agent. The next time vulscan runs it will get updated settings and those settings will be applied.

As it relates to the blocking of application on some clients and not on others. The short answer is yes. It can be done in agent settings. The Scan and Repair Settings controls what applications are or are not blocked and Scan and Repair Settings can be assigned to individual machines, groups, etc. regardless of what "Agent Configuration" is on the machine. However, to do what you want, you will need to create multiple custom groups in the patch tool. One group would have notepad.exe only and another group would have outlook.exe and notepad.exe. Then in the scan and repair settings, under the blocked apps, select the "only apps in group" option.

Problem:

The customer recently had problems with the following operations:

- Cannot build an advanced agent

- Cannot build a contained agent

- Cannot build any packages

- Cannot schedule package deployments (Failed to build)

- Cannot force inventory scans (Lost contact)

Resolution:

Disabled EPS, App Control and Device Control in all the Agent Settings. That way, when agents check in, even if they still have EPS installed, they will get new settings that tell them to do nothing. This will help decrease the activity to the Core, and especially the Trusted Files Lists.

Question:

When I deploy an advanced agent how can I tell where the full agent was pulled from?  Core, Preferred or Peer?

Answer:

The pull location information can be manipulated within the advance agent.  However whatever location is referred to needs to have the created .msi file present.  Therefore the generated .msi file will need to be moved to the location that had been set.

Environment

LANDESK Management Suite 9.x

Problem

• Installing the agent on a machine with the user language set to Chinese fails
• Installing the agent on a machine with the user language set to Russian fails
• Setting the user language of the user to English makes the agent deployment successful
• There is no non-ascii character in the agent configuration
• The LANDESK Management folder in the Start Menu doesn't list all the expected items

• The LANDESK Services are not installed correctly

Cause

The agent installer has difficulties in recognize that the machine was set in Chinese.

This happens when some registry keys are set to a Latin character set language (for example English) while the operating system is set to a language not using the Latin character set language, for example Chinese and Russian.

As a result, the agent gets installed incompletely, and it just doesn't work.

Solution

Set the relevant registry keys to the language code of the operating system. The keys are the following:

HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language
(Default)

HKLM\SYSTEM\CurrentControlSet\Control\Nls\CodePage
ACP
MAACP
OEMCP

For the semplified Chinese language for instance, the keys must be set to the following values:

HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language

(Default) 0804

HKLM\SYSTEM\CurrentControlSet\Control\Nls\CodePage

ACP 936

MAACP 10008

OEMCP 936

Where to find the right codes

Microsoft locale codes

Locale Code Table

ACP and OEMCP codes

Code page - Wikipedia, the free encyclopedia

I have a project I am working on and I am trying to get my LANDesk client on to my Dell WYSE terminal. Every time I try to patch it it causes the write filter to fill out and restarts. Has anyone dealt with the Dell WYSE devices and successfully got the agent deployed to it?

Hello.

We are in a position where we in near future would like to deploy the latest agent to all our workstations in the environment (+10k devices world wide). Most of the devices are currently on a 9.5 SP1 with LDAV+EPS agent and the latest agent will be a 9.5 SP2 with LDAV+EPS and 0417 BASE + AEM patches.

The component I'm worried about when doing this is LDAV. If we hadn't been using LDAV, then reinstalling using the Advance Agent would be quick and easy and it would work almost always, but it's my experience that reinstalling an agent with LDAV can be a little tricky and just reinstalling on top of the existing agent will probably result in various issues with LDAV afterwards (sort of described in the "Uninstall" section here - How to troubleshoot LANDesk Antivirus 9.5).

As I see it, there's 3 ways this can be done:

1. Use the Advance Agent to reinstall. Expect issues with LDAV and repair via "vulscan /removeav" and "vulscan /installav" on devices that show bad or incorrect inventory data
2. Patch the existing agent with Patch Manager using the client side patches for the "LD-95-SP2", "LD95-CP_BASE-2014-0417" and "LD95-CP_AEM-2014-0417" definitions
3. Use self-made agent reinstalling script/procedure that via Patch Manager downloads the full agent installer and script, completely removes the existing agent incl. AV, reboots devices and automatically installs the new downloaded agent

Suggestion 1 requires minimal preparation and is easy to initiate. Downside is that many issues are expected and can take a long time to fix. Can potentially require a lot of manpower.

Suggestion 2 is not something I've done in large scale before. Only tried to install a component patch on a few devices - never tried something large as a service pack for the agent. Looking at the content of the <patch>-client.zip files, I'm not sure if this will actually fully update the agent at all as a file like LDAV.exe is not in the client BASE zip file and files like LDSecSvc64.exe and viguard.exe are not in the client AEM zip file. Will this still require us to reinstall AV and EPS?

Suggestion 3 requires by far the most preparation, but is also the most automated procedure and the end result will most likely be better and require less cleaning up.

How do you guys handle a situation like this?

Thanks in advance.

Once a Core server is upgraded to 9.5 version, what is the best way to upgrade the existing 9.0 agents to 9.5 ?

Hi,

I have just been given the task of LANdesk operator..

I am attempting to create an installer for windows XPE 2009, however when it runs i get a text file saying done and no icon in the system tray and when landesk scans the machine doesnt have the agent software.

i tried the scheduler to push the agent, but alas i dont have the script to push this to Wyse XPE2009 units...

can any one help?

Easyk