How to remotely Install Altiris Agent in an unmanaged firewalled machine
|Article:HOWTO8176|||||Created: 2007-10-18|||||Updated: 2011-06-09|||||Article URL http://www.symantec.com/docs/HOWTO8176|
Unable to push the Altiris Agent due to firewall blocking remote connections.
XP SP2 Firewall is not being centrally managed by GPO nor other means
XP SP2 Firewall is blocking Altiris Agent push process. There is no AD in the environment so no way of applying a GPO to disable/configure the firewall globally.
GPOs to configure firewall settings are not in use
psexec is a free tool available on the Internet that allows remote command execution.
The following script use psexec to connect to a list of remote machines with the username and password specified, disable the firewall, map a drive to Altiris Server\NSCAP, run the Altiris Agent installation, delete the map drive, enable the firewall back.psexec @list_pcs.txt -u username -p password -n 5 -e cmd /C (netsh firewall set opmode DISABLE ^& net use n: "\\altirisServer\NSCap\Bin\Win32\X86\NS Client Package" ^& n:\aexnsc.exe -s -a ns="altirisServer.altlab.com.ar" nsweb="http://altirisServer.altlab.com.ar/Altiris/" NOSTARTMENU ADDREMOVE NOTRAYICON /s ^& net use n: /delete ^& netsh firewall set opmode ENABLE)
Note: psexec version in use is 1.86
If you want to track the process remotely, you can make use of pslits, included with pstools, this command will show you a list of running process similar to Task Manager.
pslist \\targetmachine -u username -p password -s Important, if firewall settings are blocking File and Print Sharing (at least tcp 139 and tcp 445, XP SP2 firewall provides an exception checkbox for File and Print Sharing), remote connection will not be possible.
Article URL http://www.symantec.com/docs/HOWTO8176