How to prepare workstations for EPS / BEST remote deployment
One of the main features that EPS and BEST provide is the possibility to remotely install network stations, process called deployment. In some cases it is possible to encounter an error message while trying to perform such deployment ("Access denied" or "Log off network").
The current document presents how network stations should be prepared for remote deployment.
Please prepare the network computers for deployment as follows:
Make sure the network computers meet the corresponding system requirements:
For Windows XP, you need to have Service Pack 3. To check the currently installed Service Pack, right-click My Computer and select Properties. This information is available in the General tab, System section.
For Windows Vista and Windows 7, 8, 10, you will need to disable User Account Control (UAC). To disable UAC go to Start > Control Panel > User Accounts. Here you must click Change User Account Control Settings. Set UAC on Never Notify and then click OK.
For Windows 8.1 and 10 stations, you need full administrative privileges (the credentials of the built-in administrator account or a domain user account). For more information on how to successfully deploy EPS / BEST to Windows 8.1 and 10 stations, please refer to this KB article.
- For Windows XP, you need to have Service Pack 3. To check the currently installed Service Pack, right-click My Computer and select Properties. This information is available in the General tab, System section.
Configuration required on the Workgroup computers:
Configure each Windows XP workstation not to use simple file sharing. Follow these steps:
a. On the Windows Start menu, click My Computer
b. Click Tools > Folder Options, then the View tab
c. Clear the Use simple file sharing check box in the advanced settings list
On all workstations and servers you want to manage, configure the firewall to allow the communication ports used by the security components. Or, if you prefer, you can disable the firewalls. These are the default communication ports you need to allow:
- 8443 - the communication port between the On Premise console and EPS / BEST. This port must be allowed on all network computers;
7074 - the communication port used to deploy and update when using a Relay;
Note:These ports must not be used by any other application installed in the network. If any of these ports is used by another application, you will need to choose anew communication port and set the firewalls to allow it instead of the default port.
Verify if the File and Printer Sharing protocol is enabled: please go to Start > Control Panel > Network Connections (or Network and Sharing Center on Windows Vista/7) . Identify the NIC on which the network connection is established, Local Area Connection, right click it and then click Properties (or double click and then click Properties)
Note: For the connection to be successful you must either disable the Windows Firewall or configure it to allow traffic through File and Printer Sharing protocol and also to allow ICMP traffic (so you can successfully PING the workstation). To disable Windows Firewall please open Control Panel > Windows Firewall and click Off. In order to check that the network stations are correctly configured please try the following:
- Ping the respective network station;
Try to log in on the administrative share \\\\computer_nameadmin$
- Configure each Windows XP workstation not to use simple file sharing. Follow these steps:
Remove any other security software installed on your workstations
Before you deploy EPS / BEST on the workstations, REMOVE any third-party security software installed on the managed workstations. Failing to do so may result in failure to deploy EPS / BEST and in system instability.