This article describes how to remotely deploy the Symantec Management Agent (SMA) to Windows computers using the Symantec Management Console.

Push installation allows centralized deployment of the SMA to individual computers or managed targets using administrative credentials and Windows administrative shares.

This article specifically describes Windows push installation workflows. UNIX, Linux, and Mac installations use platform-specific deployment methods.

IT Management Suite (ITMS) 8.6 and later

Client Management Suite (CMS) 8.6 and later

NOTE:
ITMS 8.6 RU3 and later releases include improvements related to agent deployment reliability and installation handling.
Customers experiencing persistent deployment failures should verify they are running a supported ITMS release and review related release notes for known issues and fixes.

How Push Installation Works

The Symantec Management Platform (SMP) remotely deploys the Symantec Management Agent (SMA or Altiris Agent) using administrative credentials and Windows administrative shares.

During a push installation:

1. SMP identifies the target computer resource.
2. SMP connects to the target computer using SMB/RPC.
3. Installation files are copied to the target system.
4. A remote installation process or service is started.
5. The SMA installs and registers with SMP Server.
6. The SMA performs an initial configuration update.
7. Assigned policies and plug-ins are downloaded.

After registration, the managed computer begins normal communication with the SMP Server or assigned Site Server.

Push Install to a Single Computer

1. Open the Symantec Management Console.

2. Navigate to:

   Actions > Agents/Plug-ins > Push Symantec Management Agent

3. On the Install Agent tab, under Roll out Agent to Computers, select the computers for installation.
4. Click Install.
5. Select the desired installation options.
6. Click Proceed with Install.

Note: Installation timing depends on network connectivity, DNS resolution, firewall configuration, client responsiveness, and package download performance. Installations may require 10 minutes or longer in large or distributed environments.

Push Install to a Group of Computers (Target)

1. Open the Symantec Management Console.

2. Navigate to:

   Actions > Agents/Plug-ins > Push Symantec Management Agent

3. In the View section, select Targets.

4. Click Apply To and select the desired target.

   Common example:

   Windows Computers with no Symantec Management Agent Installed

5. Click OK.
6. Configure the desired schedule.
7. Click Save Changes.
8. Set the policy to ON.

The rollout policy installs the SMA on computers that become members of the selected target.

Requirements and Dependencies

Required Permissions

The account used for push installation must have:

• Local Administrator rights on the target computers
• Permission to access administrative shares

Required Network Connectivity

The following services and protocols must be accessible between SMP and target computers:

• SMB (TCP 445)
• RPC/WMI communication
• Administrative shares (Admin$)
• DNS resolution

Required Windows Services

The following services should be operational on target systems:

• Remote Procedure Call (RPC)
• Windows Installer
• Remote Registry (environment dependent)

Validation

After installation, verify the following:

Verify the SMA Service

Confirm the following Windows service exists and is running:

Altiris Agent

Verify Agent Registration

Run the following command on the client computer:

aexagentutil.exe /server

Verify the client reports the correct SMP Server assignment.

Verify Resource Registration in SMP

In the Symantec Management Console, verify the computer appears under:

Manage > Computers

Verify Initial Configuration Update

Confirm the agent successfully downloads:

• Policies
• Plug-ins
• Assigned tasks

Troubleshooting

Common Push Installation Failures

Enterprise Environment Checks

Verify the following if push installations fail:

• Group Policy does not deny:

  Log on as a service

  for the account used during push installation.

• The Remote Procedure Call (RPC) service is running on the SMP Server and target systems.
• DNS resolution is functioning correctly between SMP and clients.
• Administrative shares are accessible.
• Remote Registry service is not blocked by hardening policies.
• Antivirus or endpoint protection products are not blocking temporary installer execution.
• Push installation credentials are valid and not locked or expired.

Logs

SMP (NS) Logs

Typical NS log location:

C:\ProgramData\Symantec\SMP\Logs\

• a*.log

Example indicators:

Failed to open the Service Control Manager
Access denied
RPC server unavailable
HTTP 401 Unauthorized

Client Logs

After partial installation, client logs may exist under:

C:\ProgramData\Symantec\Symantec Agent\Logs\

• Agent*.log
• aexnsc-xxxx.log

Additional Information

Push installation behavior and success rates may vary depending on:

• Network latency
• Security hardening policies
• Firewall configuration
• Credential management practices
• Existing agent state
• Site Server assignment and package availability

For persistent deployment failures, review SMP and client logs together to determine whether the failure occurs during:

• Remote connection
• File copy
• Service creation
• Agent installation
• Registration
• Initial configuration update