RMM Bulk Deployment

Hi all,

We got some request and questions about how to enroll multiple computers at once to RMM. I would like to start the topic with initial guidence but feel free to share your thoughts and methodology.

There are multiple ways to perform bulk installations, but let us explain the two most common use cases:

  • Deploying through Active Directory with a Group Policy Object Definition:
    • First, obtain a side deployment package from the RMM administration console. Please follow the instructions in this guide: https://help.comodo.com/topic-289-1-...onitoring.html . Next, download the MSI to your machine or Active Directory server. All computers enrolled in this step will be enrolled under your chosen company and site that you made when you were creating the MSI link.
    • Next, configure a group policy object on your Active Directory Server as described in the following article: https://support.microsoft.com/en-us/kb/816102
  • Deploying with a script:
    • First, obtain a side deployment package from the RMM administration console. Please follow the instructions in this guide: https://help.comodo.com/topic-289-1-...onitoring.html and then download the MSI to your machine. All computers enrolled in this step will be enrolled under your chosen company and site that you made when you were creating the MSI link.
    • Once you get the MSI, place it to a shared space or a common path that your other computers can get as well.
    • Next, create and push the installation script to all endpoints within a proper path. An example command could be: “msiexec.exe /i “S:\global\packages\rmm-agent-x86_s3Cxxxxx.msi” /quiet”. Please be sure to configure the example script according to your path and package name when you configure for your own environment.

Please be sure to configure the example script according to your path and package name when you configure for your own environment.

Best regards,
Ilker

What is a ‘side deployment package’?
Your documentation states:
Please note that each agent is unique and will work for only one endpoint. After successful installation, the endpoint will be added to the devices list under the selected company and site.

With the above being true, how can you deploy an agent to multiple devices?

Hi,

Sorry for the confusion, we updated the product and admin guide update is in progress. Right now, every code is unique per customer site and can be used by multiple computers.

Best regards,
Ilker

So I have tested the deployment in an AD domain using both a software installation policy and a scripted policy. The software installation policy worked. The scripted one did not. It may have to do with syntax as I was asked to add a logging switch to the scripted install and that may have caused the problem. The policies were both delivered as a computer policy. On initial install it seems the RMM app pops up on the user’s screen. This is not good. Anyone working with general employees will understand this will not be welcomed by users. An application like this is represents a cultural change requiring that it be eased into user’s working environment. This means significant communication with users or their supervisors to introduce them to the change which is coming at them. This is often a very difficult and stressful process. If there is a way to keep the application from popping up on their screens that would be helpful as administrators like to install the application quietly and then introduce the service to users gently. Cultural changes are never easy. Please keep that in mind.

Hi,

thanks for the feedback. Yes, there is a way to prevent user notification and even UI for RMM. We introduced these features according to previous request in forum. Please go to your RMM web portal (manage.comodo.com) and from the menu choose Settings - Notifications and Settings - Agent Options. You would be able to control what to show and what to not show per customer company from there.

An example use case could be, I want my customers to be notified only on remote desktop connections (unattanded access) and I don’t want to show desktop icon to them but I want to show Tray icon and main UI. That is all configurable per customer and there for you.

Please see the example screenshots below:

Hi
We are using PSEXEC but it is not the perfect approach yet. We need help to write a script that will list computers on the network and pass them as parameters.

3.Deploying with PSEXEC:
• Obtain a side deployment package from the RMM administration console. Please follow the instructions in this guide: https://help.comodo.com/topic-289-1-...onitoring.html and then download the MSI to your machine. All computers enrolled in this step will be enrolled under your chosen company and site that you made when you were creating the MSI link.
• Once you get the MSI, place it to a shared space or a common path that your other computers can get as well.
• Download PSEXEC from https://technet.microsoft.com/en-us/…/bb897553.aspx
• Run psexec \computername -u “computername\username” -p “password” cmd /c “msiexec /i "
etworkshare\rmm-agentxxxxx.msi” /quiet /norestart

We are now building a script, but we havent tryed it yet.

>>>>>>Can anyone help us check if agent is already installed?

@ECHO OFF

ECHO %date%-%time% - Starting checks…

net view|find /I “”>%temp%
etview.txt
FOR /F “Tokens=1 delims=” %%I IN (%temp%
etview.txt) DO CALL :_Run %%I

ECHO %date%-%time% - All Done

GOTO :EOF

:_Run
SET ws=%1
Echo Checking %ws%…
ping -n 1 %ws%>nul
IF NOT %errorlevel%==0 Echo %ws% is not responding to ping& GOTO :EOF
psexec \%ws% -u “%ws%\username” -p “password” cmd /c “msiexec /i "
etworkshare\rmm-agentxxxxxx.msi” /quiet /norestart >>
etworkshare\Who_I_Tryed_To_Install.log 2>nul
Echo ---------------------------------------- >>
etworkshare\Who_I_Tryed_To_Install.log
GOTO :EOF

With this new update, do the installation msi’s still “expire” after ?? days and then no longer link the agent to the MSP’s console? As of a month ago this was an issue. I deployed new machines to the domain (which I had a group policy set to deploy C1 agent to all members of the domain) – and it installed it on a couple new computers, but didn’t link it to my console. Support confirmed this was going to be fixed in the future, but that in the mean time I would have to continually update the GPO and installer with a freshly generated one every month to be safe.

Hello @indieserve

We are going to investigate the reported case and we will get back to you with a certain answer as soon as possible.

Hello @indieserve ,

The latest Comodo One release (6/26/16 - https://forum.mspconsortium.com/forum/committees/technology/3780-new-release-on-comodo-one-platform-06-26-2016) does not include the increased token expiration timeout, but we can confirm that we are actively working on this matter.
We will let you know as soon as this feature has been deployed to production.