How to remotely Install Altiris Agent in an unmanaged firewalled machine

Article:HOWTO8176  |  Created: 2007-10-17  |  Updated: 2011-06-09  |  Article URL http://www.symantec.com/docs/HOWTO8176
Article Type
How To



Problem

Unable to push the Altiris Agent due to firewall blocking remote connections.

XP SP2 Firewall is not being centrally managed by GPO nor other means

Environment
XP SP2 Firewall is blocking Altiris Agent push process. There is no AD in the environment so no way of applying a GPO to disable/configure the firewall globally.

Cause
GPOs to configure firewall settings are not in use

Resolution

psexec is a free tool available on the Internet that allows remote command execution.

The following script use psexec to connect to a list of remote machines with the username and password specified, disable the firewall, map a drive to Altiris Server\NSCAP, run the Altiris Agent installation, delete the map drive, enable the firewall back.

psexec @list_pcs.txt -u username -p password -n 5 -e cmd /C (netsh firewall set opmode DISABLE ^& net use n: "\\altirisServer\NSCap\Bin\Win32\X86\NS Client Package" ^& n:\aexnsc.exe -s -a ns="altirisServer.altlab.com.ar" nsweb="http://altirisServer.altlab.com.ar/Altiris/" NOSTARTMENU ADDREMOVE NOTRAYICON /s ^& net use n: /delete ^& netsh firewall set opmode ENABLE)

Note: psexec version in use is 1.86

If you want to track the process remotely, you can make use of pslits, included with pstools, this command will show you a list of running process similar to Task Manager.

pslist \\targetmachine -u username -p password -s

Important, if firewall settings are blocking File and Print Sharing (at least tcp 139 and tcp 445, XP SP2 firewall provides an exception checkbox for File and Print Sharing), remote connection will not be possible.


Legacy ID



38820


Article URL http://www.symantec.com/docs/HOWTO8176


Terms of use for this information are found in Legal Notices