ESET Remote Administrator Push Installation Requirements and Checklist
KB Solution ID: SOLN82|Last Revised: January 20, 2011
ESET Remote Administrator (ERA) allows remote installations from the ESET Remote Administrator Console (ERAC) to any workstation on the network with a Windows NT/2000/XP/2003/Vista operating system (Windows NT only compatible with generation 2.7 security products). This function is called a Push Installation. The steps in this document describe the main requirements for configuration of this process.
NOTE: This method is used only for pushing out an installation of your ESET security product, not for applying configuration settings to clients with ESET security products already installed.
While installation to standardized networking environments is relatively simple, problems can arise due to differences in architecture and configuration from network to network.
The following can be used both as a requirements checklist for configuring a push installation as well as a trouble-shooting guide during the remote installation process. Verifying each of the tasks below is strongly recommended before performing the first trial installation on client workstations:
1.The workstation where you are trying to install the ESET client solution remotely must answer a ping from the computer where ERA Server is installed.
2.If both the workstation and the server are in a mixed environment of Domain and Work Group (or if ERA Server is running Windows 2003), the Use simple file sharing (located under the Tools Folder Options View) option should be disabled.
3.Workstation must have the shared resource ADMIN$ activated (Start Control Panel Admin Tools Computer Mgmnt Shared Folders Shares).
4.The user performing the remote installation must have administrator rights.
5.The user with administrator rights cannot have a blank password.
6.From the server, verify that you can remotely logon to the workstation.
7.Verify that the workstation can access IPC, by issuing the following from the Command Prompt on the client: net use \\servername\IPC$ where servername is the name of the server running ERA.
8.The firewall on the network must not block communications or file sharing between the servers and the workstation.
9.The ERA Server must allow data reception through ports 2221-2224. If the server has any of these ports blocked, communication with the workstations is not possible.
10.For Windows Vista, Windows 7 and Windows Server 2008 operating systems, verify the following:
-User Account Control (UAC) should be disabled.
-On machines where UAC is not or cannot be disabled, the ESET Remote Administrator service should be run with Domain Administrator permissions.
-To set Domain Administrator permissions for ERA, navigate to Start Control Panel Administrative Tools Services. Select ESET Remote Administrator Server service from the list and click the Log On tab.
11.For WinNT/2000/XP/2003 operating systems, verify the following:
-Client workstations are visible in both the server and the workstation connection.
-“File & Print Sharing for Microsoft Networks” must be enabled (Control Panel Network Connections Network Properties)
-The Remote Procedure Call (RPC) service needs to be running on the workstation.
-The Remote Registry service must be running on the workstation.
-The RPC Locator service should be set to “manual” and need not be running.
NOTE: If you are having trouble with registry permissions, click here for instructions on resolving HKEY_LOCAL_MACHINE permissions issues.
12.Version 2.7 only: IMON should not be enabled on your server. IMON's primary functions are to control HTTP communication (web-browsing) and detect possible infiltrations encountered through using internet email (POP3). Given that the server will not be used as a typical workstation, it's recommended that the module be disabled. ESET NOD32's other modules will provide your server with back-up layers of protection against these threats.
If your network configuration meets these requirements, remote installation will be accomplished without communication problems between the server and the workstations.