Up until today, I was installing the KACE agent via login script, which overtime, had become convoluted and cumbersome to manage. So, I decided to move all the software installations that were performed by the login script to non other than the K1000. These work like a charm. However, the installation of the KACE agent itself, obviously can’t be done with the K1000, unless the network parameters and other variables are exactly right. Granted, there are many other methods to do so, among which are login scripts, using the KACE agent distribution tasks, and GPO. In this article, I will be addressing the installation via GPO. Though, this part is very well documented with KACE, there is one item that I will be addressing here that will deal with existing installations of the KACE agent, performed with other methods than GPO Software Installation.

Before I continue,  a bit of background about GPO Software installation that pertain to our situation.
  • GPO Software Installation Policies will only install a new software package if it’s not installed on a workstation AND if the registry corresponding to the that GPO application is populated. The registry key can be found in: HKLM\Software\Microsoft\Windows\Current Version\Group Policy\appmgmt\
  • GPO will always install the application, even if it’s already installed on the workstation, if, the corresponding registry key doesn’t exist.
Based on the 2 points above, and most of your existing clients already have the KACE agent on them have not been installed via GPO, and therefore don’t contain the necessary registry entries to prevent a forced re-installation. Continuing without accounting for this variable, would cause a lot of unnecessary network traffic and CPU cycles; granted it will only be a one time deal.
To mitigate this issue, we will create 2 policies:1- The first policy is a Preference policy (PREF – SW – Fix Installed KACE Agent Registry) which targets computers that match a specific WMI query, as follows:
select * from Win32_Product WHERE (IdentifyingNumber = ‘{C80E28A9-0620-48D7-A015-099636FA6FCB}’ AND InstallState=’5′)
via “Item Level Targeting”. That policy will only add the registry if the above WMI query returns TRUE. Effectively, it means that if the KACE agent is installed, tell the GPO Software Installation the same via adding that registry entry.2- The second policy is the actual installation policy. (SW – KACE Agent Install). That policy is a simple Software Installation policy (Assigned, not Published), which runs the KACE installation MSI:
“\\kbox\client\agent_provisioning\windows_platform\ampagent-x86_kbox.chino.k12.ca.us.msi”Even though these 2 policies could have been potentially merged into one, there is one main reason they are separated: Ordering.In the GPO, this is one of the situations, where the ordering of the GPOs will actually matter. In a case where the KACE agent is in fact installed, but the registry entry doesn’t exist, and the installation GPO is BEFORE the PREF GPO, then, the installation task will always trigger even if KACE is installed, because the PREF GPO didn’t get a chance to run, and evaluate the existence of the agent.

By placing the PREF GPO on a higher priority than the KACE installer, it will take care of the registry entry, and will prevent the installation task from triggering if the KACE agent already exists.

There are  many other methods that can be used to check for the existence of the KACE agent, and to prevent re-installations. This is just one of them. Hope it helps someone having this problem getting the KACE agent installed via Group Policy.

Print Friendly
Subscribe By Email for Updates.