How to install remotely WIN agent
560 views
Skip to first unread message
Massimiliano De Falco
Jan 24, 2023, 9:35:13 AM1/24/23
to Wazuh mailing list
Hi all,
1) is possible to install the windows agent remotely in silent mode?
I have the manager on 192.168.100.200 and my IP target is 192.168.100.55.
I have the manager on 192.168.100.200 and my IP target is 192.168.100.55.
Is possible to install the agent on this IP 192.168.100.55 in silent mode? (the user doesn't have to notice anything).
2) How can I view the entire lan PC/IP where wazuh agent is installed and where wazuh agent is not installed
Thanks.
Andres Micalizzi
Jan 24, 2023, 10:51:36 AM1/24/23
to Wazuh mailing list
Hi max.
Regarding your questions:
1) Installation in silent mode is possible. You can use the following command, from Powershell:
Msiexec /i <path/to/packate.msi> WAZUH_MANAGER="<manager IP> /qb! /l*v install.log
You can skipt the /l*v install.log if you do not want to save the installation log in the agent.
Then you can start the agent with: NET START WazuhSvc
The agent will register itself and connect to the manager. Further configuration of the agent can be done from the Dashboard or through the API.
2) This is quite a complicated task. First you would need to have access to all the endpoints you want to monitor. Considering you have access, you could write a script that logs through ssh to each endpoint and checks for the existence of the Wazuh service. Just checking for the default installation path would not be enough since if the agent is installed in a different path, then it would not be found. You could first generate a list of endpoints that are already reporting to your network manager, so you do not check those enpoints needlessly.
I hope this answers your question.
In case of any further doubt, do not hesitate to ask.
Cheers.
Regarding your questions:
1) Installation in silent mode is possible. You can use the following command, from Powershell:
Msiexec /i <path/to/packate.msi> WAZUH_MANAGER="<manager IP> /qb! /l*v install.log
You can skipt the /l*v install.log if you do not want to save the installation log in the agent.
Then you can start the agent with: NET START WazuhSvc
The agent will register itself and connect to the manager. Further configuration of the agent can be done from the Dashboard or through the API.
2) This is quite a complicated task. First you would need to have access to all the endpoints you want to monitor. Considering you have access, you could write a script that logs through ssh to each endpoint and checks for the existence of the Wazuh service. Just checking for the default installation path would not be enough since if the agent is installed in a different path, then it would not be found. You could first generate a list of endpoints that are already reporting to your network manager, so you do not check those enpoints needlessly.
I hope this answers your question.
In case of any further doubt, do not hesitate to ask.
Cheers.
Jesus Linares
Jan 24, 2023, 11:05:31 AM1/24/23
to Wazuh mailing list
Hello,
> 1) is possible to install the windows agent remotely in silent mode?
You can install agents in "silent mode" using the deploying variables: https://documentation.wazuh.com/current/user-manual/deployment-variables/deployment-variables-windows.html.
That said, to install the agent remotely you will need to use a Windows native or third-party tool.
For example, Windows has the Group Policy Object (GPO) to distribute software remotely: https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/use-group-policy-to-install-software.
> 2) How can I view the entire lan PC/IP where wazuh agent is installed and where wazuh agent is not installed
You can check the IP of every agent in the Wazuh interface (agents tab), also using the Wazuh API.
Regarding the IPs where the agent is not installed, you will need to use an external tool for that purpose.
Regards.
Reply all
Reply to author
Forward
0 new messages