Device Manager Setup

The Device Manager in PC Matic enables streamlined installation of the PC Matic agent on Windows endpoints using Active Directory. This push installation method, utilizing PowerShell and Group Policy Objects (GPO), ensures efficient deployment without requiring endpoint reboots.

Demonstration Video

The video below guides you through setup and deployment using Device Manager.

Prerequisites for Device Manager Setup

Server Requirements:

  • PowerShell 3.0 or higher.
  • .NET Framework 4.5.
  • Execution Policy set to RemoteSigned.

Endpoint Requirements:

  • PowerShell 2.0 or higher.

Verifying Prerequisites

  1. Download the prerequisite checker script.
  2. Extract the .zip file and run the script in PowerShell as an administrator using a command similar to the one below.

Note: It is necessary to include the prefix '.\' in front of the file name when executing it within PowerShell. Additionally, there is a possibility of encountering a security warning while running the script; however, rest assured that it is safe to run the script from PC Matic/PC Pitstop.

PS C:\users\Administrator\Downloads\prereqs> .\prereqs.ps1

  1. After the script finishes running, you should see an output similar to the one below.

    VERBOSE: Checking the .Net Framework Requirement

    VERBOSE: Result: Meets Minimum .Net Requirement - .Net Version 4.7.2 Found

    VERBOSE: Checking version of PowerShell

    VERBOSE: Result: Meets Minimum PowerShell Version - 4.0 Found

    VERBOSE: Checking Execution Policy

    VERBOSE: Result: Execution Policy is set to Unrestricted

    VERBOSE: All the Minimum Requirements Have Been Met

  2. If any prerequisites are not satisfied, follow the steps below to update your system accordingly.

Setting Up System Requirements

Updating PowerShell:

  • Install PowerShell version 3.0 or higher.
  • Verify the installation by running PowerShell -Command “$PSVersionTable.PSVersion” in the command prompt as an administrator.

Installing .NET Framework:

Setting RemoteExecution Policy:

To set the RemoteExecution Policy to RemoteSigned on your server, follow the steps below:

  • Open PowerShell as an administrator.
  • Execute Set-ExecutionPolicy RemoteSigned -Force .
  • Confirm the setting by running Get-ExecutionPolicy .

Continue with Device Manager Deployment

Once all prerequisites are met, you are ready to proceed with the Device Manager installation and setup in PC Matic.

Active Directory Connection with Device Manager

  1. Navigate to the Device Manager installer from your PC Matic web portal by navigating to Account Settings > Install/Uninstall tab. (MSPs: first select a Customer from the dropdown menu.)
  2. Prior to downloading, it is crucial to enter your Active Directory Administrator credentials at the bottom of the installer window. These credentials will be utilized to execute the Device Manager service with the appropriate authority. It is also recommended to keep the "Create Remote PowerShell GPO" option selected.
  3. Download the Device Manager installer to your domain controller and execute it.
  4. Upon completion, you can click on Finish and close the installer screen. No additional prompts will appear on the server as the Device Manager operates seamlessly in the background.

You will notice a new Network Devices tab in the PC Matic web portal Account Settings sub-menu. Once you access this section, you will observe the devices from your network gradually populating into the Devices tab.

Verifications Before Install

Before you begin deployments, it’s important to verify that the GPO was created correctly and the Domain Controller’s scheduling service is running with the Proper authority.

  1. Open Services on your server, and look for the PC Pitstop Scheduling service. On the right side, it should show the Log On As value as your Admin account that you entered into the console before download.
  2. If it says Local instead, right click and go to Properties and the Log On tab. You can then select This Account and make sure your credentials are present.
  3. Enter Group Policy Management to verify the new GPO “PCMatic Agent EnableRemotePS” has been created successfully.
  4. Then enter Active Directory Users and Groups for a new user group called “PC Matic Agent Devices”. The endpoints in this group should be the same as the endpoints that show within Network Devices > Devices tab in your management console.

  5. To kickstart the sync Process between your server and the management console, you can always run the script below. Syncs happen automatically every 30 minutes to look for installs or uninstalls but if you want it to happen faster this script will reset the clock.

    https://files.pcpitstop.com/DeviceManager/sync.bat


The last piece to verify is that endpoints have received the new GPO that was created. This will happen automatically but it depends on what your settings are locally for each endpoints to pull in GPO updates.

To manually force a GPO update on all machines from the domain controller, run the code below in an administrator PowerShell Prompt, hitting enter after each one:

1. $computers = Get-ADComputer -Filter *
2. $computers | ForEach-Object -Process {Invoke-GPUpdate -Computer $_.name
-RandomDelayInMinutes 0 -Force}

To then check that the GPO was applied correctly, you can run the following command to generate a text file on the desktop with the results:

gpresult /Scope Computer /v > c:\gpresult.txt

After the command runs the text file should contain the following:

Applied Group Policy Objects
------------------------------------
     PC Matic Agent EnableRemotePS
     Default Domain Controllers Policy
     Default Domain Policy

You can also verify the new GPO by going to the Windows Firewall, then advanced and then,

Inbound Rules. There should be 2 new rules named NameRes and WSMAn

Pushing Installations

Now with all of the requirements satisfied and checked, we can begin pushing installations from within the management console. Navigate back to the Network Devices area and the Devices tab. From here, make sure each device has a credential assigned to it by selecting the devices and then clicking the blue key to choose your Admin credential.

Once ready, select the endpoints you’d like to deploy to and click the green install button. Choose your installation settings and click Install. This install Process will not be immediate and will depend on the amount of devices selected and the speed of the domain controller. Again, to manually speed up the install process you can reset the sync clock using the script below.

https://files.pcpitstop.com/DeviceManager/sync.bat

Each device will begin to appear in your management console after the install completes and will have the green SuperShield icon in it’s system tray.

If you have questions during the Device Manager Process or run into Problems, please contact our dedicated onboarding team.

Network Devices Deployment

After the installation has completed on your server, or if you set credentials for the Device Manager before downloading, you can access the Network Devices tab. Click Account Settings and then choose Network Devices. This will give you access to all of the devices that are on your active directory network. From this view you’re able to set credentials and remote install or uninstall.

There are two tabs available from this view, the Devices tab that shows all of your computers and servers on the network, and Credentials which will allow you to store admin credentials for installation. From the Devices tab you can use the check boxes at the left for bulk selection.

Each icon to the right of every endpoint gives different information on the device.

  1. Bulk Options
    • Select individual devices or all devices to view bulk options for Install, Uninstall, Credential Set, and Removal.
  2. Endpoint Status
    • Installed: PC Matic MSP is currently installed on the endpoint.
    • Uninstalled: PC Matic MSP is currently not installed on the endpoint.
    • Pending Install: PC Matic MSP will be installed on the endpoint when the scheduler service on the server runs (1 hour max).
    • Pending Uninstall: PC Matic MSP will be uninstalled on the endpoint when the scheduler service on the server runs (1 hour max).
  3. Endpoint Details
    • Displays information about the endpoints AD network, as well as current PC Matic configurations after installation.
  4. Install/Uninstall Endpoint Software
    • Green Icon: Push installation to the endpoint.
    • Red Icon: Pull (uninstall) client from the endpoint.
  5. Remove From Account
    • Before installing, this will remove the device from the device manager screen so you will no longer be able to push install to it.

Manually Add a Device

If you have any endpoints that are not currently on your active directory network, but the server with the device manager installed is able to see them they can be added by IP address or computer name. From the Devices tab you can input that device name or IP address and add the machine so that push installs can be made to that endpoint.

Credentials

The Credentials tab in the Network Devices window will allow you to save encrypted admin credentials for installation. The credentials can then be assigned to each endpoint in a bulk fashion or individually. This will allow you to push install to each endpoint even if the user doesn’t have admin access on the computer.

While adding each encrypted credential, set a nickname that will help you remember each admin credential in the future. The nickname will be used to assign each credential to an endpoint before pushing out the installation. The credentials Provided for each device must be domain administrator credentials for the install/uninstall to work correctly.


Use to Run Device Manager: When setting up a credential, if you haven’t already chosen a credential to run the device manager under, check the box here if this credential is a Domain Administrator.

It is critical that the Device Manager is run with Domain Administrator access or installs will most likely not function correctly.

If you change the password for a credential, the Device Manager will switch to running under the local user. Update your Credentials in this section or installs may stop working. After updating it may take 24 hours to update the service to no longer run as Local.

Push Installation Fallbacks

If the push installation attempt fails via Remote PowerShell, we have implemented two fallbacks to still attempt the install. These fallbacks will happen automatically without any need for action from you.

  • PsExec
  • RemoteWMI

Installing via Workgroup

You can also make use of the Device Manager to remotely deploy to your endpoints even if they’re not on an active directory network. Instead of using AD we will be installing to all of the computers that are on your workgroup. This Process takes a little more manual setup steps than using Active Directory but allows full push and pull control after setup.

To install via workgroup, you need to install the device manager onto a computer or server that is in the workgroup and has network access to the computers you would like to remote deploy to. This allows the device manager the access it needs to each endpoint to push or pull installations.

1. Beginning this Process, make sure your workgroup is set up and all computers you would like to deploy to are in it.

2. From each endpoint, open a command Prompt as an administrator and open a PowerShell Prompt by typing PowerShell and pressing enter. Then type the command Enable- PSRemoting and answer yes to all Prompts.

3. Now begin the installation Process by downloading the device manager and installing it on a computer or server that is in the workgroup. After installation completes, visit the Network Computers button on your group or company home page to view the list of computers on your workgroup.

4. Each endpoint is going to need it’s own unique credential using this approach. You may want to nickname your credentials with the computer name so you remember which one to assign.

5. In the network devices window click the credentials tab to create or edit credentials.

6. Add in the computer’s name as a Nickname so you remember which computer this is for, set the domain to the computer’s name as well. Input the admin username and password and click save when complete. Repeat this for each endpoint.

7. Now from the devices tab with all endpoints and unique credentials created, assign the credentials to each computer by selecting it from the dropdown.

8. You can now push installations out to your endpoints!

Troubleshooting Tools

The Device Manager syncs automatically with the web portal every 30 minutes to look for changes in settings or new installs/uninstalls to push out. However, if you want to manually force this sync to happen we have created a simple batch file you can run on the domain controller. You can download it below.

https://files.pcpitstop.com/DeviceManager/sync.bat

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us