Installing the Agent for Windows

This page guides you through the installation of a Windows Agent.

The Windows Agent can be used for 32-bit and 64-bit. Each version is identified using a three-digit abbreviations. These abbreviations are used in the file names of the Agents. In this page, the specific abbreviation is replaced by "???."

Tip! This page refers only to the manual installation process. If you want instructions on how to install a containerized Windows agent, see Installing Containerized Windows Agents.

Watch the Video: Installing Windows Agents

Notes:

  • 64-bit Windows platforms: Install a 64-bit Agent if you intend to start 64-bit programs and applications through it. Using a 32-bit Agent for this purpose may cause problems.

  • The following guide describes how to install an Agent in an AE system in which authentication is not used. Additional installation steps are required before the Agent can be started and used, if you intend to use one of the available authentication methods. For more information, see Agent Authentication.

  • It is best to install the Agent in a separate directory (such as C:\AUTOMIC\AGENT\WINDOWS).

This page includes the following:

Overview

Installation Files Supplied

The files of the Windows Agent are found in the directory IMAGE:AUTOMATION.PLATFORM\AGENTS\WINDOWS. Other files from this sub-directory are components of the installation program and the AE runtime system. For information about CallAPI files and their implementation, see CallAPI for Windows.

Potential Problems

  • Uppercase and lowercase letters used in the host name.
  • IP address with leading zeros.

Windows Agent for System-Wide Email Connection

A system-wide email connection can be implemented using a Windows Agent. For more information, see Email Connection.

Additional Rights Required

The Windows Agent requires certain additional rights under Windows in order to be able to use the Windows APIs that are listed below.

The Agent requires these rights in order to process file transfers and start jobs in different user contexts. Although users are defined in the Automation Engine jobs, the Agent must still be able to log on with the privileges of the particular user, read user profiles and start Jobs, for example. Therefore, start the Agent via the Service Manager as a SYSTEM user.

When you start the Agent as a regular user, however, you should install it with the recommended additional authorizations in order to make sure that it can process the above tasks:

  • Act as part of the operating system
  • Adjust memory quotas for a process
  • Back up files and directories
  • Log on as a service
  • Replace a process level token
  • Restore files and directories

The right 'log on as a batch job' is required when the option "log on as a batch user" has been activated in the Windows Jobs of the AE system's Job objects.

Powershell Configuration - File Backup or Rollback

The Agent must be configured to be able to execute Powershell commands for file backup or rollback. To do so, add the following key-value pairs in the [GLOBAL] section of the INI file of the Windows Agent:

ECPEXE=powershell.exe -NonInteractive -ExecutionPolicy bypass -NoLogo -file

Note: To run powershell scripts, the line below must be uncommented in the HEADER.WINDOWS object in Client 0:

:INC HEADER.WINDOWS.PWSH.HEAD ,nofound=ignore

Connecting to the Automation Engine

The Automation Engine and the Windows, UNIX, and Java Agents communicate using TLS/SSL. These agents establish a connection with the Java communication process (JCP), which uses trusted certificates to prove their identity to other communication partners.

Important! Make sure you are familiar with the TLS/SSL and certificate implementation before installing and/or upgrading the respective component. For more information, see:

When you used certificates signed by a CA, the certificates are stored in the respective Java or OS store by default; that is the Java trust store for Java components and Java Agents, the Windows OS store for Windows Agents, or the TLS/SSL store for UNIX Agents. In this case, you only have to check that the root certificates already are in the respective store.

If the relevant certificates are not there and you want to import them, you can use OS or Java specific tools for that purpose, such as Keytool, cert-manager, OpenSSL and such. For more information on how to use those tools, please refer to the respective product documentation.

If you do not want to use the default locations for the components and Agents listed above, make sure you use the trustedCertFolder=, agentSecurityFolder=, and keyPassword= parameters (if applicable) in the respective configuration (INI) file to define the path to the folder where the trusted certificates are stored.

Important! TLS/SSL Agents (in containers and on-premises) as well as the TLS Gateway, when used for the Automic Automation Kubernetes Edition, establish a connection to an ingress / HTTPS load balancer, which requires a certificate for authentication.

Make sure that address of the load balancer is defined on both sides: the Automation Engine and the Agent / TLS Gateway and that your HTTPS load balancer has the required certificates in place. For more information, see Connecting to AWI, the JCP and REST Processes Using an Ingress.

Installing the Agent for Windows

  1. Install the Microsoft Visual C++ 2017 Redistributable Package.

    This installation step can be ignored if the package is already available in the required version. Refer to the Control Panel -> Add or Remove Programs to see if the package is installed, and if so, which version.

    • Host (32-bit): Install the package from the IMAGE:EXTERNAL.RESOURCES\CRTS2010\WINDOWS\X86 directory.
    • Host (64-bit): Install the package from the IMAGE:EXTERNAL.RESOURCES\CRTS2010\X64 directory.
  2. Install the Agent.

    On a 32-bit host:

    1. Start the program SETUP.EXE in the directory IMAGE:AUTOMATION.PLATFORM\AGENTS\WINDOWS\X86.
    2. Select a separate directory for the Agent (such as C:\AUTOMIC\AGENT\WINDOWS). Click the large button (computer, packing and disc) to start the installation.
    3. The Automic program group is automatically created and the Agent specified.

    On a 64-bit host:

    1. Start the program SETUP.EXE in the directory IMAGE:AUTOMATION.PLATFORM\AGENTS\WINDOWS\X64
    2. Select a separate directory for the Agent (such as C:\AUTOMIC\AGENT\WINDOWS). Click the large button (computer, packing and disc) to start the installation.

      The Automic program group is automatically created and the Agent specified.

  3. Set up the system environment.

    • On the host, adjust the INI file of the Windows Agent (64-bit) to your system environment. For more information, see Agent Windows 64-bit.

      When you used certificates signed by a CA, the certificates are stored in the respective Java or OS store by default. In this case, you only have to check that the root certificates already are in the respective store.

      If you do not want to use the default location for this component, make sure you use the trustedCertFolder=, agentSecurityFolder=, and keyPassword= parameters (if applicable) in the respective configuration (INI) file to define the path to the folder where the trusted certificates are stored.

      For more information, see Securing Connections to the AE (TLS/SSL).

      The user who starts the agent must have the following rights if the logon= parameter in the INI file of the agent is set to 1 (default):

      • Act as part of the operating system
      • Adjust memory quotas for a process
      • Allow log on locally
      • Back up files and directories **)
      • Logon as batch job *)
      • Logon as service
      • Replace a process level token
      • Restore files and directories

      *) This right is only required if you start jobs by using the start option Logon as batch user.

      For more information, see Windows Jobs.

      **) This right is necessary for the execution of job objects.

      For the extended File Transfer object (as of v9) this right is usually optional. It is necessary, however, when the agent transfers encrypted files with a file transfer because the agent uses the WinAPI LoadUserProfile.

      On Windows, the Local Security Policy can be called via the Control Panel > Administrative Tools. Rights are defined in User Rights Assignment in the Local Security settings.

      All Windows users that should execute BATCH-type jobs required the right Read & Execute for the agent's bin and temp directories. Otherwise, an error message occurs when the job starts (Access denied). This is necessary when the logon= parameter in the INI file of the agent is set to 1 (default) or the UC_HOSTCHAR_*'s setting ANONYMOUS_JOB is set to "N".

    • On the Admin or server computer, adjust HEADER.WINDOWS, TRAILER.WINDOWS and RESTART.WINDOWS if necessary. For more information, see Include Objects in Headers and Trailers.

  4. Start the Agent.

    • On the server computer, the AE system must be running. For more information, see Multi-Server Operations.

    • On the host, start the Agent from the Automic program group. An Agent object is automatically created in system client 0000 and stored in the folder HOST.

    • In AWI, client 0, verify that the Agent is logged on to the Automation Engine.

      Newly logged on Agents are not assigned to a client automatically and can only be viewed in Client 0. Once you have logged in to Client 0, access the Administration perspective and select Agents & Groups.

      Assign the new Agent to clients with the required rights using the Agent object definition. For more information, see Authorizations Page.

    You can use the ServiceManager to start and end the Agent as a service. For more information, see ServiceManager.

  5. On the host, shut down the Agent by right-clicking the Agent in the task bar and selecting Exit.

See also: