How To: Upgrade a LDMS 2016 Agent on an Off-Network Device Using a Custom Definition

Version 5

    Overview

     

    If you're a LANDESK Security Suite only customer, with managed devices deployed that only connect in via the LANDESK Cloud Service Appliance, upgrading the LANDESK agent to LDSS 2016, or to any completely new agent version, may prove to be a bit difficult. LANDESK Management Suite customers have the luxury to create a self-contained agent and deploy it out via a policy.  LANDESK Security Suite only customers don't have access to Software Distribution to create this type of policy based upgrade.

     

    As a Security Suite only customer, the only way to upgrade from an older agent version to a newer agent version on a device that is off-network is going to be to use a custom definition.  This article will walk you through using an example custom definition attached that can be tailored for your environment. 

     

    Agent Upgrade Process Using a Custom Definition for an Off-Network Device

     

    1. Log into the Management Suite console and find out what your patch location is currently set to
      • Go to Tools > Security and Compliance > Patch and Compliance
      • Click on the Download Updates button, it’s the 4th button in the menu bar for Patch and Compliance
      • Select the Patch Location tab and make note of the UNC and Web URL paths
      • Patch Location.jpg
    2. Create the self contained agent and copy it to the path directory
      • Go to Tools > Configuration > Agent Configuration and find the desired Agent Configuration you want to deploy.  This is most likely going to be in the Public Configurations folder.
      • Right click on the agent configuration and select Create self-contained client installation package
      • Save the executable to the patch repository
    3. Import the custom definition I created for you
      • Go to Tools > Security and Compliance > Patch and Compliance
      • Find the Scan folder from the menu tree, right click on it and select Import
    4. Customize the custom definition for your environment
      • Go to Tools > Security and Compliance > Patch and Compliance
      • Select the Scan folder
        • Make sure the dropdown button for the displayed definitions is set to All Types or Custom Definitions
        • Types Cus Def.png
      • Search for the definition, the name is LANDESK 2016 Agent Upgrade
      • Right click on it and go to Properties
      • Edit the Detection Rule LDMS Agent Detection & Remediation
      • Select the Patch Information menu tree item
      • Change the unique file name to match your self-contained agent name
      • Custom Def Rules.png
      • Push the Calculate Hashes button
      • Hit OK and Save the definition
    5. Scan against a test machine
      • Make sure the agent scan settings includes the scan type "custom definitions”
      • Go to Tools > Configuration > Agent Settings and find the desired Agent Setting deployed to the machine and edit the properties on the file
        • You can find out which one is applied by going to the Inventory tree for the device and selecting LANDESK Management > Agent Settings > Distribution and Patch and looking at the Name value in the right hand panel.
      • Click on the Scan options from the menu tree under Patch-only settings
      • Under the Type radio button, scroll to the bottom and make sure Custom Definitions is checked at the bottom of the window and hit Save
        • If you’re scanning by Group instead of Type, make note of the Group and add the custom definition to the Group instead of changing the scan to Type
      • Find your test machine from the Network View > Devices > All Devices
      • Right click on the machine and select Patch and Compliance Scan Now
      • Leave the Distribution and patch settings as is and hit OK
    6. Repair the test machine
      • Go to Tools > Security and Compliance > Patch and Compliance
      • Select the Scan folder
      • Search for the definition, the name is LANDESK 2016 Agent Upgrade
      • Right click on it and select Repair
      • Add the appropriate targets from the dropdown selector
      • Set the Task Settings Task Type to policy
      • Set the appropriate Scheduled start time
      • Wait for the machine to check in based on it’s policy schedule
    7. Validate and deploy to the rest of your environment

     

    Do You Have LANDESK Management Suite?

    If you have access to LANDESK Management Suite, the process to upgrade an off-network device is substantially less-complicated.  Follow the steps below.

     

    1. Go to Tools > Configuration > Agent Configuration and find the desired Agent Configuration you want to deploy.  This is most likely going to be in the Public Configurations folder.
    2. Right click on the agent configuration and select Create self-contained client installation package
    3. Save the executable to the same package share you use to deploy any type of SWD package – basically you need an http share
    4. Now go to Tools > Distribution > Distribution Packages and right click on My Packages or Public Packages and select New Windows Package > Executable
    5. Give the package a name, point to the self-contained executable you just created and then save the package
      • Note: You’ll have two self-contained packages, one with the name you saved it as and a second with status appended to it.  Status runs verbose, so select the one without.
    6. Right click on the package and select Create scheduled tasks(s)…
    7. Right click on the task and go to properties and select Task settings.  Make sure your task type is either policy or policy-supported push
    8. Add your targets and start the task