Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1369
Views
50
Helpful
4
Replies

Automate deployment of secure endpoint?

rubdeadman
Level 1
Level 1

‎02-16-2022 02:41 PM

Hello all, 

Does anyone have suggestions for the best way to automate the installation of secure endpoint to end devices?

Have a large deployment and trying to find solutions to simplify it. The environment will be a mix of Windows and Mac.

 

Any resource or ideas would be great. 

Thanks!

Labels:
4 Replies 4

Ken Stieers
VIP
VIP

‎02-28-2022 08:07 PM

Use whatever normal deployment you use for other software... we use a task sequence in our build process and then do upgrades from the endpoint console. The one twist we have is that Orbital, which is pulled down by Secure Endpoint. The download and the Task Sequence don't play well, so we deploy to a group that doesn't have orbital and move the machines over later via an API call.

soup_dragon
Level 1
Level 1

‎03-01-2022 06:04 AM - edited ‎03-01-2022 06:05 AM

As Ken said use whatever you use now. One tip is if that is part of a build image make sure you use the switch /goldenimage 1. This prevents Endpoint from registering. If you this is not used you will end up with multiple machines with the same GUID which will cause a load of issues. I know this from first hand experience  

 

Whole bunch of info here on the Cisco site regarding command line switches. 

While I am here there is a Best Practices guide for Endpoint can be found here 

Both of the links above open in a new page/tab

 

If you are looking for an automated tool for installation of software then suggest a look at automox.com, can be used to install software as well as patching. 

MavDuncan
Level 1
Level 1

‎03-01-2022 06:33 AM

I was able to wrap the .exe with a tool called MSI Wrapper. From there I used PowerShell to deploy the .MSI across 200 servers. It took about an hour roughly for them to all report in.  You can put whatever flags you need into the MSI tool.

The script relies on an array file that lists what servers you are targeting. Basically a .CSV with the FQDN's of each server.


Here is the script:

$file = '\\*Server*\*Share*\AmpConnector.msi'
$computers = Get-Content C:\Users\*yourUserName*\Desktop\array1.csv

 

foreach($computer in $computers){
Copy-Item -Path $file -Destination "\\$computer\c$\windows\temp\AmpConnector.msi"

Invoke-Command -ComputerName $computer -ScriptBlock{
&cmd.exe /c MSIEXEC /I "c:\windows\temp\AmpConnector.msi"
}
Write-Host($computer + "install is completed.")
}

Ken Stieers
VIP
VIP
In response to MavDuncan

‎03-01-2022 07:08 AM

I mean at that point (as an MSI) you can do it via GPO.
Customers Also Viewed These Support Documents