Prerequisites
- Microsoft .NET Framework 4.7.X or above must be installed. It can be downloaded using this link https://support.microsoft.com/en-ca/help/4054530/microsoft-net-framework-4-7-2-offline-installer-for-windows
- Supported Server Operating Systems: Microsoft Windows Server 2012, 2012 R2, 2016 and 2019.
- Windows Server 2008 R2 (Limited Support): Due to Microsoft's ending support for this OS not all features with Quickpass are supported including Service account rotation and enforcement of password history in the self-serve system.
- Supported Workstation Operating Systems: Microsoft Windows 10
- Supported Server Roles: Active Directory Domain Controller, Active Directory Member Server or Standalone Windows Server
- Note: A single Quickpass customer can only include Active Directory joined or non Active Directory joined machines rather than both currently within the same customer.
- Supported Workstation Roles: Active Directory joined or non Active Directory joined workstation
- Failover and Redundancy: Install agent on all Domain Controllers for redundancy and to ensure Quickpass catches password resets performed on directly on all domain controllers.
- Detect Password Changes on Domain Controllers: Install agent on all Domain Controllers to ensure Quickpass catches password resets performed on directly on all domain controllers.
- Active Directory functional level must be minimum Windows Server 2008 R2 or above.
- Ensure all Domain Controllers have the latest service packs installed and are fully patched.
- Password Policy AD: Determine which group policy contains the password settings for the domain. By default Quickpass will take the password settings from the Default Domain Policy but provides the option of selecting an alternative group policy that contains the password policy for the domain.
- Password Policy Non-AD: The local security policy is used in place of a group policy
Download the Agent
1. Click the Download Server Agent link in the lower left hand corner of the Customers screen.
Note: This will download the generic agent installer to your computer. After you have downloaded the agent you can proceed to either manually installing the agent on your customers server or using the silent / unattended installation method.
Manual Install
1. Ensure you have the agent installer located on the customers system you wish to install the agent on. Then right-click the agent installer named Quickpass-Agent-Setup.exe and select run-as-administrator.
Note: You may receive a warning from User Account Control asking for authorization to run the installer. In this case click Yes.
Depending on the Anti-Virus or Endpoint Security solution you have installed on the server or workstation you may also need to add the installer as an exception if it attempts to block the install.
2. When the Quickpass Server Agent Setup window appears click Install.
3. Click Next at the Quickpass Server Agent (64-bit) MSI Installer Setup screen.
4. At the Quickpass server agent Installation window select your region from the drop down list. North America or Europe.
Note: The default region for Quickpass tenants is North America and corresponds to the Web dashboard URL of https://admin.getquickpass.com. Only select Europe if the URL for your tenant is https://eu-admin.getquickpass.com
5. Click the Copy Agent ID option associated with your Quickpass customer in the Quickpass web dashboard Customers screen from the right hand menu. This will copy the customer ID associated with your Quickpass customer to your computers clipboard.
Note: If the Copy Agent ID is greyed out selected the Connect Agent option.
6. Paste the customer ID copied from the Quickpass web portal in step 4 into the Customer GUID field
7. Go back to the Quickpass web portal and navigate to the Settings Menu and to the Admin Login Details section. Then click the COPY button for the Install Token.
8. At the Quickpass server agent installation window paste the Install Token copied from step 6 into the Install Token field.
Click out of the install token field and click Next to continue the install.
9. Select the role of the system.
AD Server: Active Directory Domain Controller
AD Member: Active Directory joined Member Server
AD Workstation: Active Directory joined Windows 10 Workstation
Server: Standalone Windows Server not joined to AD Domain
Workstation: Standalone Windows 10 Workstation not joined to AD Domain
Note: A single Quickpass customer can only include Active Directory joined or non Active Directory joined machines rather than both currently within the same customer.
10. Choose the group policy that contains the domain password policy. By default Quickpass will use the password settings from the default domain policy. Alternatively, you can choose a custom group policy if you use a different group policy to assign password settings to Active Directory users.
Click Next when done your selection.
11. Click Next at the Destination Folder window.
12. Click Install at the Ready to install window.
13. Click Finish when done.
14. To complete the installation click Restart or click Close and manually restart at a later point. Without restarting the agent is fully operational except that the Active Directory password filter will not function until after the restart.
Silent / Unattended Installation
The silent install can be installed through a DOS or PowerShell command line interface (CLI). Similarly you can also deploy the agent through your RMM solution. For deploying through your RMM solution please consult your vendor's documentation on how to push software remotely through their RMM agent.
DOS
1. Make a note of the folder you saved the installer to on the server.
2. Open a DOS command prompt from the server you wish to install from and ensure you select Run as Administrator.
3. In the DOS command prompt change the directory to the folder you downloaded or saved the server agent to.
4. Type in the agent installer executable followed by the following command line parameters.
Quickpass-Agent-Setup.exe /quiet INSTALLTOKEN="<InstallToken>" CUSTOMERID="<CustomerGUID>"
Ie. Quickpass-Agent-Setup.exe /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd"
Custom Group Policy: The default is the agent will take the password settings from the default domain policy. If you use a custom group policy to specify the password settings to your domain you can specify use the GPONAME="<GPO NAME>" option in your silent installer script.
Ie. Quickpass-Agent-Setup.exe /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd" GPONAME="Password Settings"
Agent Role: The default is the agent will be installed with the AD Server role.
If you are installing on one of the other 4 roles you need to specify the AGENTROLE="<ROLE>" option to your silent installer script.
- AD Server
- AD Member
- AD Workstation
- Server
- Workstation
Ie. Quickpass-Agent-Setup.exe /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd" AGENTROLE="AD Member"
AD Server: Active Directory Domain Controller
AD Member: Active Directory joined Member Server
AD Workstation: Active Directory joined Windows 10 Workstation
Server: Standalone Windows Server not joined to AD Domain
Workstation: Standalone Windows 10 Workstation not joined to AD Domain
Region: The default region will always be North America for the silent installation. To specify the Europe region for the silent installer you must add the REGION="EU" to your silent installer script.
Ie. Quickpass-Agent-Setup.exe /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd" REGION="EU"
No Restart: If desired there is also the option to force the installer not to reboot after installation. To use this option add a /norestart after /quiet in your silent installer script.
Ie. Quickpass-Agent-Setup.exe /quiet /norestart INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd"
The CUSTOMERID field can be copied from the Quickpass web dashboard Customers screen by clicking the Copy Agent ID option from the right hand menu.
The INSTALLTOKEN can be copied from the Settings menu then Admin Login Details Section.
5. When finished typing in the command type enter to execute the install.
PowerShell
1. Make a note of the folder you saved the installer to on the server.
2. Open a PowerShell command prompt and ensure you select Run as administrator.
3. Type & followed by the full agent installer executable path in between "" followed by the following command line parameters.
& "C:\<PATH>\Quickpass-Agent-Setup.exe" /quiet INSTALLTOKEN="<InstallToken>" CUSTOMERID="<CustomerGUID>
Ie. & "C:\Users\username\Downloads\Quickpass-Agent-Setup" /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd"
Custom Group Policy: The default is the agent will take the password settings from the default domain policy. If you use a custom group policy to specify the password settings to your domain you can specify use the GPONAME="<GPO NAME>" option in your silent installer script.
Ie. & "C:\Users\username\Downloads\Quickpass-Agent-Setup" /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd" GPONAME="Password Settings"
Agent Role: The default is the agent will be installed with the AD Server role.
If you are installing on one of the other 4 roles you need to specify the AGENTROLE="<ROLE>" option to your silent installer script.
- AD Server
- AD Member
- AD Workstation
- Server
- Workstation
Ie. & "C:\Users\username\Downloads\Quickpass-Agent-Setup" /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd" AGENTROLE="AD Member"
AD Server: Active Directory Domain Controller
AD Member: Active Directory joined Member Server
AD Workstation: Active Directory joined Windows 10 Workstation
Server: Standalone Windows Server not joined to AD Domain
Workstation: Standalone Windows 10 Workstation not joined to AD Domain
Region: The default region will always be North America for the silent installation. To specify the Europe region for the silent installer you must add the REGION="EU" to your silent installer script.
Ie. & "C:\Users\username\Downloads\Quickpass-Agent-Setup" /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd" REGION="EU"
No Restart: If desired there is also the option to force the installer not to reboot after installation. To use this option add a /norestart after /quiet in your silent installer script.
Ie. & "C:\Users\username\Downloads\Quickpass-Agent-Setup" /quiet /norestart INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd"
4. Type enter on your keyboard to execute the command.
Verify Installation
Quickpass Web Portal
1. After the install is complete refresh the web page on the Quickpass web portal to verify that the server agent is checking in. Under the AD Status column you will see a green dot next to Online. For Local Status since there are potentially multiple separate systems with the Local agent we show the status Installed in an AD environment.
Note: If you navigate to the Quickpass Customer and select the Agents menu on the left hand side you will see more details about the agent. Also, if you install the agent on all of your domain controllers and members servers they will also show in this screen with their appropriate role.
Services
Note: If you open the Services MMC snap-in by going to start -> run then typing services.msc you will see a service called Quickpass Server Agent.
MSA (Managed Service Account)
The Quickpass installer will create an MSA account to authenticate the Quickpass Windows Service.
The MSA account will be added to the Domain Admins group to provide necessary permissions to Active Directory.
Note
- MSA accounts cannot be used to log on locally to the server and can only be used to authenticate Windows Services
- Quickpass will create a separate MSA account for each domain controller its installed on.
- For all systems other than Domain Controllers Quickpass will use the Local System Account for the Quickpass windows service authentication.
- If there are any issues creating the MSA account Quickpass will failover to using the Local System Account.
Programs & Features
The server agent will contain two entries in Programs & Features. One is for the agent itself and the second if for the agent setup utility.
Agent Auto Update
The Quickpass server agent once installed will automatically update itself via a Windows Scheduled Task that will check Quickpass for new versions daily. You can verify find the Scheduled task by navigating to Administration Tools then Task Scheduler. The task will look similar to the image below.
Next Steps
- Import Users from Active Directory into Quickpass https://support.getquickpass.com/hc/en-us/articles/360035207914-How-to-Import-Users-into-Web-Admin-Console
Comments
0 comments
Please sign in to leave a comment.