Prerequisites
- Microsoft .NET Framework 4.7.2 or above must be installed. It can be downloaded using this link https://support.microsoft.com/en-ca/help/4054530/microsoft-net-framework-4-7-2-offline-installer-for-windows
Note: As of Agent Version 2.9.2.0 we are now including a process to automatically download and install .NET Framework 4.7.2 for those systems that do not currently have it installed. -
Supported 64 Bit Server Operating Systems: Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022.
- Windows Server 2008 R2 (Limited Support): Due to Microsoft's ending support for this OS not all features with Quickpass are supported including Service account rotation, Active Directory password filter and enforcement of password history in the self-serve system.
- Supported 64 Bit Workstation Operating Systems: Microsoft Windows 10, and 11
- Supported Server Roles: Active Directory Domain Controller, Active Directory Member Server or Standalone Windows Server
- Supported Workstation Roles: Active Directory joined or non Active Directory joined workstation
- Failover and Redundancy: Install agent on all Domain Controllers for redundancy and to ensure Quickpass catches password resets performed on directly on all domain controllers.
- Detect Password Changes on Domain Controllers: Install agent on all Domain Controllers to ensure Quickpass catches password resets performed on directly on all domain controllers.
- Active Directory functional level must be minimum Windows Server 2008 R2 or above.
-
Domain Controllers have the latest service packs installed and are fully patched.
- Domain Controllers must have both the DNS Client and DNS Server services installed and services must be allowed to run.
- Password Policy AD: By default Quickpass will take the password settings from the Password Policy that is applied to the Domain Controller via GPO.
- Password Policy Non-AD: The local security policy is used in place of a group policy
- Threat Protection Configured: https://support.getquickpass.com/hc/en-us/articles/7451130677783-Server-Agent-is-getting-blocked-by-Threat-Protection
-
Internet Access: The Agent needs to communicate with the CyberQP infrastructure over the Internet. Please see this KB to ensure outbound communication is available for the Account doing the installation as well as the Service account/System.
https://support.getquickpass.com/hc/en-us/articles/4402712146711-Firewall-Port-Exceptions-IP-Whitelisting-for-Agent-and-API-Communication
Download the Agent
1. Click the Download Agent button in the lower left hand corner of the Quickpass Dashboard.
Note: This will download the generic agent installer to your computer. After you have downloaded the agent you can proceed to either manually installing the agent on your customers server or using the silent / unattended installation method.
Manual Install
1. Ensure you have the agent installer located on the customers system you wish to install the agent on. Then right-click the agent installer named Quickpass-Agent-Setup.exe and select run-as-administrator.
Note: You may receive a warning from User Account Control asking for authorization to run the installer. In this case click Yes.
Depending on the Anti-Virus or Endpoint Security solution you have installed on the server or workstation you may also need to add the installer as an exception if it attempts to block the install.
2. When the Quickpass Agent Setup window appears click Install.
3. Click Next at the Quickpass Agent (64-bit) MSI Installer Setup screen.
4. At the Quickpass server agent Installation window select your region from the drop down list. North America or Europe.
Note: The default region for Quickpass tenants is North America and corresponds to the Web dashboard URL of https://admin.getquickpass.com. Only select Europe if the URL for your tenant is https://eu-admin.getquickpass.com
5. Click the Copy Agent ID option from the three dot menu associated with your Quickpass customer in the Quickpass dashboard's Customers screen. This will copy the customer ID associated with your Quickpass customer to your computers clipboard.
6. Paste the Agent ID copied from the Quickpass web portal in step 5 into the Agent ID field
7. Go back to the Quickpass Dashboard and navigate to the Settings Menu and to the Admin Login Details section. Then click the COPY button for the Install Token.
8. At the Quickpass agent installation window paste the Install Token copied from step 7 into the Install Token field.
Click out of the install token field and click Next to continue the install.
9. The Automatically detected Role for the system will be shown.
AD Server: Active Directory Domain Controller
AD Member: Active Directory joined Member Server
AD Workstation: Active Directory joined Windows 10 or 11 Workstation
Server: Standalone Windows Server not joined to AD Domain
Workstation: Windows 10 or 11 Workstation not joined to AD Domain OR Joined to Azure AD.
Note:
- The Role of the System is automatically detected now based upon the Operating System and Domain Joined Status
10. If this is a Domain Controller (AD Server Role), you will then be shown an option to either use the Local System Account or to Create an MSA Account.
- Select Local System Account if you want to use the Local System Account to run the Quickpass Agent Service.
- Select Custom Managed Service Account if you want to have an MSA Account Created for you to run the Quickpass Agent Service.
- This functionality is similar to how previous versions of the Agent worked.
MSA (Managed Service Account)
The Quickpass installer will create an MSA account to authenticate the Quickpass Windows Service.
The MSA account will be added to the Domain Admins group to provide necessary permissions to Active Directory.
Note
- MSA accounts cannot be used to log on locally to the server and can only be used to authenticate Windows Services
- Quickpass will create a separate MSA account for each domain controller its installed on if this is selected.
- This functionality is similar to how previous versions of the Agent worked.
11. Click Next at the Destination Folder window.
12. Click Install at the Ready to install window.
13. Click Finish when done.
14. To complete the installation click Restart or click Close and manually restart at a later point. Without restarting the agent is fully operational except that the Active Directory password filter will not function until after the restart.
Silent / Scripted Installation
The silent or scripted installation can be done through a DOS or PowerShell command line interface (CLI). Similarly you can also deploy the agent through your RMM solution. For deploying through your RMM solution please consult your vendor's documentation on how to push software remotely through their RMM agent.
For details on the installation of the Agent via a Scripted process please see this KB Article.
https://support.getquickpass.com/hc/en-us/articles/4413576799639-Scripted-Agent-Installation
Verify Installation
Quickpass Web Portal
1. After the install is complete, refresh the web page on the Quickpass web portal to verify that the server agent is checking in. Under the AD Status column you will see a green dot next to Online. For Local Status since there are potentially multiple separate systems with the Local agent we show the status Installed in an AD environment.
Note: If you navigate to the Quickpass Customer and select the Agents menu on the left hand side you will see more details about the agent. Also, if you install the agent on all of your domain controllers and members servers they will also show in this screen with their appropriate role.
Services
Note: If you open the Services MMC snap-in by going to start -> run then typing services.msc you will see a service called Quickpass Server Agent.
-
Local System
- The service will use the Local System Account if that was selected during the installation.
- The service will use the Local System Account if that was selected during the installation.
-
MSA (Managed Service Account)
- The Quickpass installer will create an MSA account to authenticate the Quickpass Agent Service if this option was selected during the installation process.
- The MSA account will be added to the Domain Admins group to provide necessary permissions to Active Directory.
Note
- All systems other than Domain Controllers Quickpass will use the Local System Account for the Quickpass windows service authentication.
- If there are any issues creating the MSA account Quickpass will failover to using the Local System Account.
Programs & Features
The server agent will contain two entries in Programs & Features. One is for the Agent itself and the second is for the Agent setup utility.
Agent Auto Update
The Quickpass server agent once installed will automatically update itself via a Windows Scheduled Task that will check Quickpass for new versions every 8 hours. You can find the Scheduled task by navigating to Administration Tools then Task Scheduler. The task will look similar to the image below.
Next Steps
- Automatic Import of Active Directory End Users (No Office 365/Azure) - https://support.getquickpass.com/hc/en-us/articles/4403746488471-Automatic-Import-of-Active-Directory-End-User-Accounts-Not-Linked-to-Office-365-
- Automatic Import of Active Directory End Users (With Office 365/Azure) - https://support.getquickpass.com/hc/en-us/articles/4403759906327-Automatic-Import-of-Active-Directory-End-User-Accounts-Linked-to-Office-365-
- Manual Import End Users from Active Directory into Quickpass https://support.getquickpass.com/hc/en-us/articles/360035207914-How-to-Import-Users-into-Web-Admin-Console
Automating the Installation Process
- https://support.getquickpass.com/hc/en-us/articles/4413576799639-Scripted-Agent-Installation
- https://support.getquickpass.com/hc/en-us/articles/4414062591639-PowerShell-Script-for-Agent-Installation
- https://support.getquickpass.com/hc/en-us/sections/8400847538967-Agent-Deployment-Automation
Comments
0 comments
Please sign in to leave a comment.