This article explains how to create a Microsoft System Center Configuration Manager (SCCM) application to push the Windows Enterprise Agent. It uses the same installation commands for the Agent as used when Manually Installing the Windows Enterprise Agent. You should be familiar with those commands before proceeding.

Sections

• Prerequisites
• Creating the Application
• Optional Configurations
  • Uninstall Command
  • Detection Method

Prerequisites

• Obtain a copy of the desired "AccessData Agent (64-bit).msi".
• Provide the Public Certificate from your Agent Certificate pair (see Agent Certificate Requirements).
• Stage the "AccessData Agent (64-bit).msi" and the Public Certificate in a share accessible by all distribution points.
  
  
• Review Manually Installing the Windows Enterprise Agent to form the installation command you will use when deploying the Agent.
  This article uses the following example installation command, which will silently install the Agent using "AgentCert.crt" as the Public Agent Certificate, with the Agent set to check in to a Public Site Server at 10.10.42.50:

  msiexec /i "AccessData Agent (64-bit).msi" CER="%cd%\AgentCert.crt" PUBSS="10.10.42.50:54545" ALLUSERS=2 /qn

  Note that the %cd% variable in the CER parameter will automatically reference the installation files' cache folder the target machine(s), so that the full path to the certificate is provided in the resulting command.
  
  The use of the ALLUSERS=2 parameter is recommended to ensure that the Agent is installed in a per-machine context regardless of the target host's operatin

  
  
  

Creating the Application

1. In the Configuration Manager console, navigate to Software Library > Application Management > Applications and click Create Application to open the Create Application Wizard.
   
   
   
   
2. On the General page of the Create Application Wizard, choose Automatically detect information about this application from installation files, set the Type to Windows Installer (*.msi file), and enter the path to the staged Agent MSI in the Location field. Click Next.
   
   
   
   
3. On the Import Information page of the Create Application Wizard, confirm that the both the AccessData Agent (64-bit).msi and the public certificate  are listed in the Details under Content Files and click Next. 
   
   
   
   
4. On the General Information page of the Create Application Wizard, confirm the Name, enter any other desired information, and paste your installation command into the Installation Program field. Confirm the Install Behavior option is set to Install for system and click Next.
   
   
   
   
   
5. On the General Information page of the Create Application Wizard, confirm your application's settings and click Next.
   
   

Optional Configurations

Uninstall Command

The Agent uninstall process is designed to leave some artifacts behind by default. These steps will modify the SCCM application to force the removal of those artifacts during the uninstall process. 

1. Right-click on your application and select Properties.
   
   
2. On the application Properties, select the Deployment Types tab, highlight the Deployment types entry for the Enterprise Agent, and click Edit.
   
   
   
   
3. On the Deployment Types Properties, select the Programs tab, and change the Uninstall program value from this:

   msiexec /x {0ADB4ED4-61E5-4325-A832-20753FBF466A} /q

   to this:

   msiexec /x {0ADB4ED4-61E5-4325-A832-20753FBF466A} NUKE=1 /q

   
   
   
   
4. Click OK to close the Deployment Types Properties. Click OK to close the Application Properties.

Detection Method

By default the SCCM application only looks at the MSI Product Code when determining whether an application already exists on a host. Since the Enterprise Agent's MSI Product Code does not change from version to version, this can cause issues when attempting to update Agents. These steps explain one way of addressing this. 

1. Right-click on your application and select Properties.
   
   
2. On the application Properties, select the Deployment Types tab, highlight the Deployment types entry for the Enterprise Agent, and click Edit.
   
   
   
   
3. On the Deployment Types Properties, select the Detection Method tab, and click the Add Clause . . . button.
   
   
4. On the Detection Rule window:
   1. Set the value of Setting Type to Registry.
      
      
   2. Set the value of Hive to HKEY_LOCAL_MACHINE.
      
      
   3. Set the value of Data Type to String.
      
      
   4. Set the value of Key to:

      SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0ADB4ED4-61E5-4325-A832-20753FBF466A}

   5. Set the value of Value to the version of the Enterprise Agent.
      
      

      The following PowerShell script can be used to identify the version on an AccessData Agent (64-bit).msi:
      
       Get-AppLockerFileInformation -Path "AccessData Agent (64-bit).msi" | Select-Object -ExpandProperty Publisher | Select-Object BinaryVersion 
      

      
      
5. Ensure This registry setting must exist on the target system to indicate presence of this application is selected and click OK to close the Detection Rule.
   
   
6. Click OK to close the Deployment Types Properties. Click OK to close the Application Properties.