So I tried pushing our the Patch agent via Group Policy per the instructions on help.comodo.com.
However, since GPO assignment cannot use switches, it appears to have installed on every endpoint but not properly configured so there is no connection to the server. This is also something to consider for documentation since it is blatantly wrong. If the msi’s require command line switches, which it appears they do, GPO assignment is the 100% incorrect way to deploy (unless using an MST).
I then used PDQDeploy (free) to test deploying the patch agent with the switches and as of now only one of the PDQ machines are reporting back to the ONE portal; but not to the RMM console.
Which leads me to my primary question:
—Do I have to install BOTH the patch agent and the RMM agent?
--------If yes, is there a plan to combine them into one installer? I, personally and in my own use case, cannot think of a machine I would want remotely managed but not the option of installing patches should they need them.
—Is it normal to have a (substantial) delay in reporting to the ONE portal after installation?
-----The PDQ machine reporting took ~1 hr to report in and the other 4 test machines still haven’t made first contact and it’s been about an hour and a half.
To expand after some experimentation:
Having to create an MST file to install the .msi’s is rather advanced and I wouldn’t recommend it.
I sent out both of the agents, individually, via PDQDeploy to the entire domain.
Only 8 are showing installed (on PDQ) but are not showing on the RMM Console.
However, of 102 “successful” deployments shown (on PDQ) only 15 are showing on the Patch Management console.
I dug around the Comodo ONE Portal and found where I can download the installer for BOTH the RMM and Patch Agents. Yay!
However, they’re .exe’s which mean they require specified switches. I have been completely unable to find the needed switches to install the combined agent.
So I would have to take this, manually, to each of my endpoints to Run As Administrator?
Good input. I hope others would provide their expertise as well. As far as I know, the facts:
- you can't put .exe as GPO directly but you can create a script to run on endpoints via GPO.
- We have RMM standalone site agent (.msi) where you can deploy via GPO
- We have Patch Management site agent (.msi) where you need to provide parameters during install. So, you wouldn't configure it directly on GPO but you can write a script to be placed on GPO to run it.
- We have RMM and Patch Agent combined as .exe and again, you can create a script to be run on domain controller to be installed on every computer.
For now, I can recommend two options for mass deployment.
Please let us know if you need further help.
For everyone, feel free to suggest / contribute on this topic.