Workaround:
For security purposes, some companies' software blocks communication with the ADMIN$ and/or C$ share points. It may be easier to simply do a "pull" install instead of "push" with the remote agent installer. This can be done in a couple of ways. One, you can connect to the target system, map to the express share on the DS, and launch the application manually (i.e. \\DS-Server\express\agents\). Two, you could use a GPO or other type of software to have the agent installed, very like the above method. Three, you could make sure the agent is in the default image for the workstations (i.e. if you asked for it to be in the image from the manufacturer
Solution:
First, verify that the Admin$ share is shared and accessible from the Gost Solution Suite Server, which is logged on with the credentials being used to install the agent:
\\ClientComputerName\Admin$
or
\\ClientComputerName\C$
If you can not browse to these from the RUN line on the DS, then the remote agent installer will not work because we rely on that underlying technology from Microsoft to perform the remote install. There are several things that could affect this though, included below.
- On the client, check for Simple File Sharing. This is a common default. Open My Computer and click on Tools > Folder options > View tab, then scroll to the bottom of the list and uncheck the option Use simple file sharing (for Windows* XP clients). XP Home may be limited this way.
- Check for Firewalls or other security software on the client system (Windows firewall is here: Start > Control Panel > Security Center). Disable them and try again to see if they were blocking the traffic. Many Virus Protection tools now include features to block this as well.
- Be sure you can PING the computer. PING can be turned off in some environments, but you may also have a DNS issue preventing the remote agents from being contacted by the DS. For information on how to flush out old DNS entries on your computer, for quidance on this see Microsoft article. Test the ping command by using:
ping -a <client IP address> /402
from the Deployment Server. If DNS is working properly, the "-a" should resolve the Computer Name to be returned as follows:
Pinging <Computer Name> [ip address] with 32 bytes of data.
Replies following.
- On the client computer, right-click My Computer, scroll down to Manage, and expand the section Share Folders. Highlight the shares folders and look for Admin$ or C$.
- On the client computer, enable the Remote Registry Service, and give the LOCAL SERVICE user account read access to
HKLM\System\CurrentControlSet\Control\SecurePipeServers\winreg
. This is done by launching Regedit (Start | Run) and then browsing to HKey_Local_Machine (HKLM)
and the path specified. Right-click on Winreg > Permissions > LOCAL SERVICE account. (If you're using Windows 2000, permissions will have to be set in Regedt32 instead.)
- Also on the client, you may need to enable the NetBIOS over TCP/IP. Right-click on Network places > Properties > Highlight Internet Protocol (TCP/IP). Select the Properties button. On the General tab, select the Advanced button, then select the WINS tab > NetBIOS setting and check the radio button Enable NetBIOS over TCP/IP.
- Since we need to be able to connect to the Client Window Service and Registry, you can check this functionality by executing Windows Services and then choosing to "connect to another computer". If you can connect and see services, you're probably OK.
- Lastly, if clients are in a Workgroup and not a domain, UAC can prevent remote connectivity to admin shares. Disable UAC, log out and back in to client, then retest admin share connection.