SoftLINK Deploy Requirements

Download PDF:  KB0226

Summary

This document covers the items required to use the SoftLINK Class Control Deploy utility.

Installation Package

Ensure you are using the SoftLINK EXE (within the Deploy folder) and NOT the MSI. If the MSI resides in the Deploy folder, please delete this. The EXE is the only executable that can be used in the SoftLINK Deploy program.

Proper Rights

Ensure you are logged in as a network/domain admin so the Deploy will use the proper authentication. Insufficient rights will prevent a successful deployment.

File and Printer Sharing

The File and Print Sharing service may be Disabled. Please confirm that this is Enabled.

Note: If using Windows Starter/Home/RT edition, the SoftLINK Deploy utility will be unable to work due to operating system limitations.

  1. Click Start then Control Panel (or Find and enter “Control Panel”)
  2. Select Network and Sharing Center
  3. Select your current connection and click Properties
  4. Ensure File and Printer Sharing for Microsoft Networks is installed and selected

Sharing and Security Model

Ensure the Sharing and Security for Local Accounts is set to Classic

  1. In Administrative Tools select Local Security Policy
  2. Select {Security Settings}{Local Policies}{Security Options}
  3. Select {Network access: Sharing and security model for local accounts}
  4. Alter the setting for this policy to {Classic – local users authenticate as themselves}

Disable Firewall

Temporarily Disable the Firewall

  1. Click Start and then Control Panel (or Find and enter “Control Panel”)
  2. Select Windows Firewall and then Advanced Settings
  3. Select Windows Firewall Properties
  4. Select Firewall State to Off for Domain Profile/Private Profile/Public Profile


Admin$ Share

To be able to deploy to the machine you will need to be able to access the machine’s Admin$ share.  If you are unable to access the share folder then there could be security restrictions causing the issue.

To see if you have access to the Admin$ share please try the following:

  1. Go to Start then click on Run (or hit Windows Key + R)
  2. Type \\MachineName\Admin$ or \\IPAddress\Admin$
  3. Once you can access the Admin$ share try to create a file in the remote folder. If you can create the file it means you have the required write permissions.

Remote Services Test

A good test to perform to see if you have sufficient privileges to initiate a deployment would be to attempt to access the Remote Services. This must be tested on the machine you are Deploying from.

  1. Open Control Panel / Administrative Tools / Computer Management. In Windows 8+ hit Windows Key + X and select Computer Management.
  2. Right click on Computer Management and select ‘Connect to another computer’
  3. Ensure you select the ‘Another computer’ tab and enter the target/destination machine you are attempting to Deploy to and select OK.
  4. This will open the Computer Management pane on the target/destination machine if you can then select the ‘Services and Applications’ section and expand so you see the full list.
  5. Once the list is open, select ‘Services’. Does this allow you to see the list of Services on the target/destination client you are attempting to Deploy to?

Note:  If you are unable to access the Remote Services on the destination machine you are attempting to Deploy to, this would indicate either a permissions problem restricting you from performing this action and would need to be resolved, or remote services is disabled on the target machine. Remote Services are normally listed as Remote Desktop Services in the services menu.

Deploying to a Workgroup Environment

If you have your clients within a Workgroup environment, you may need to modify the client machine to allow for SoftLINK Deploy to work properly. You will need to disable UAC remote restrictions.

As per Microsoft Documentation:

  1. To disable UAC remote restrictions, follow these steps:
  2. Press your Windows Key + R (brings up Run dialog) then type regedit, and then press ENTER.
  3. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  4. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
  5. On the Edit menu, point to New, and then click DWORD Value.
  6. Type LocalAccountTokenFilterPolicy, and then press ENTER.
  7. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
  8. In the Value data box, type 1, and then click OK.
  9. Exit Registry Editor.

Microsoft Windows Networking

If you are unable to see all machines from within the Deploy tool there may be several reasons why this is not working.

  • Computer Browser service is disabled on Client machines.
  • In a Workgroup environment only one master browser is present and normally will only be able to view machines on that Workgroup.
  • Network restrictions. Some networks have the browser protocol blocked. Please check with your network department for information related to restrictions.

Description of Computer Browser per Microsoft Technet

What Is Computer Browser Service? The Computer Browser service is the mechanism that collects and distributes the list of workgroups and domains and the servers within them. The list displays in the Microsoft Windows Network window and related windows in My Network Places.

Microsoft Active Directory services in Windows Server 2003 and Windows Desktop OS create a searchable list of computers and resources that is separate from the list of domains, workgroups, and servers in My Network Places. Computer Browser service provides backward compatibility with computers running earlier versions of Windows that must use Network Basic Input/Output System (NetBIOS) over TCP/IP (NetBT) and are not Active Directory– capable.

For more information on how this process works please refer to the link below:
https://www.petri.com/microsoft-computer-browser-service

You can also do a test to check the list of machines that can be seen by the deploy program.

Open a Command Prompt – Windows Key + R and type CMD, then hit Enter.

Type NET VIEW and hit Enter

This will list the machines which can be seen by the browser service. If you receive an Error 7, then this is disabled or is being blocked.

DNS Consideration

There are instances when deploying to a machine name will actually be sent to the wrong machine. This is due to problems with DNS/Name Resolution.

To test Name Resolution, please try the following:

  1. Open a Command Prompt – Windows Key + R and type CMD, then hit enter
  2. Type PING [machine name] and hit enter. Example PING MYDOMAINPC. This will return the resolved IP Address for that machine. Example: PING MYDOMAINPC {ENTER} Pinging MYDOMAINPC [192.168.1.65] with 32 bytes of data:
  3. Now type PING –a [IP Address] and hit Enter. This will return the resolved machine name for that IP Address. Example: PING –a 192.168.1.65 Pinging MYDOMAINPC [192.168.1.65] with 32 bytes of data:

If the PING results do not match, you have a DNS/Name Resolution issue.

Antivirus Issues

Some EndPoint antivirus programs will actively block a deploy attempt. To ensure this is not an issue, temporarily disable any antivirus running on the system. In rare cases, the antivirus must be removed and added back again after deployment.

 

Leave A Comment?

This site uses Akismet to reduce spam. Learn how your comment data is processed.