Prerequisites
- Microsoft .NET Framework 4.7.2 or above must be installed. It can be downloaded using this link https://support.microsoft.com/en-ca/help/4054530/microsoft-net-framework-4-7-2-offline-installer-for-windows
Note: If the system does not have at least .NET 4.7.2, the installer will automatically download and install .NET Framework 4.7.2. -
Supported Server Operating Systems: Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025.
-
TLS and Ciphers: TLS 1.2 or higher, and supported Cipher (Cypher) for Server 2012, Server 2012 R2, and Server 2008 R2 may be required.
https://support.getquickpass.com/hc/en-us/articles/32372406650263-Cipher-Support-Agent-Communication -
Windows Server 2008 R2 (Limited Support): Due to Microsoft's ending support for this OS not all features with Quickpass are supported
- Service account rotation
- Active Directory password filter and enforcement of password history in the self-serve system.
-
TLS and Ciphers: TLS 1.2 or higher, and supported Cipher (Cypher) for Server 2012, Server 2012 R2, and Server 2008 R2 may be required.
-
Supported Workstation Operating Systems: Microsoft Windows 10, and 11
- ARM Processors - While some functionality like rotations, or Just in Time creation, will work on systems with ARM Processors, not all features are supported. Elevation, Passwordless, etc. rely on COM Components that are not supported on ARM processors.
- Windows Insider Builds - We do NOT recommend installation of the agent on systems with Windows Insider builds. Microsoft uses these for testing purposes, and some Insider Builds may have features or functionality that cause the Agent or functions of the Agent to not behave as desired.
-
Supported Server Roles: Active Directory Domain Controller, Active Directory Member Server or Standalone Windows Server
- RODC are not recommended as they do not have writable Domain functions.
- Supported Workstation Roles: Active Directory joined or non Active Directory joined workstation
- Failover and Redundancy: Install agent on all Domain Controllers for redundancy and to ensure Quickpass catches password resets performed on directly on all domain controllers.
- Detect Password Changes on Domain Controllers: Install agent on all Domain Controllers to ensure Quickpass catches password resets performed on directly on all domain controllers.
- Active Directory functional level must be minimum Windows Server 2008 R2 or above.
-
Domain Controllers have the latest service packs installed and are fully patched.
- Domain Controllers must have both the DNS Client and DNS Server services installed and services must be allowed to run.
- Password Policy AD: By default Quickpass will take the password settings from the Password Policy that is applied to the Domain Controller via GPO.
- Password Policy Non-AD: The local security policy is used in place of a group policy
- Threat Protection Configured: https://support.getquickpass.com/hc/en-us/articles/7451130677783-Server-Agent-is-getting-blocked-by-Threat-Protection
-
Internet Access: The Agent needs to communicate with the CyberQP infrastructure over the Internet. Please see this KB to ensure outbound communication is available for the Account doing the installation as well as the Service account/System.
https://support.getquickpass.com/hc/en-us/articles/4402712146711-Firewall-Port-Exceptions-IP-Whitelisting-for-Agent-and-API-Communication
Agent Deployment – Install Token and Agent ID ChangesAs of Agent version 6.5.3.1, the Agent ID parameter is optional: 1) Leave the Agent ID field blank, or 2) Enter the Customer name If the customer name is left blank or does not resolve (for example, due to a typo or duplicate customer names), the Agent will install as an Unassigned Agent. Unassigned Agents can be manually assigned to the appropriate customer from the CyberQP Dashboard. |
Silent / Scripted Installation
The silent or scripted installation can be done through a Command Prompt or PowerShell command line interface (CLI).
Similarly, you can also deploy the agent through your RMM solution. We offer two main approaches for RMM deployment:
Single-Customer Deployment: For scripts tailored to a single customer, please see below and review this KB for our precreated scripts that you can simply copy/paste into any solution.
Pre-Created Installation Scripts
Complex/Multi-Customer Deployment: For utilizing a single deployment script across all customers (by supplying the required Tenant and Customer ID numbers), please consult your vendor's documentation on how to push software remotely through their RMM agent and combine it with this KB's specific instructions for your RMM.
Agent Deployment Automation
If your RMM tool is not mentioned on the list, please consult your vendor's documentation on how to push software remotely through their RMM agent. Feel free to contact support@cyberqp.com for direct support as you work through the deployment.
Please see the Article Export Customers List, Status, and Agent ID's for the process to track all of your customer's unique Agent IDs.
Scripting your Installation
Once you have downloaded the agent executable, ensure you note the folder you saved the install into.
| Command Line/DOS | Powershell |
|
Open a Command Prompt from the server you wish to install from and ensure you select Run as Administrator. |
Open a PowerShell command prompt and ensure you select Run as administrator. |
|
In the Command Prompt change the directory to the folder you downloaded or saved the server agent to. |
|
|
Type in the agent installer executable followed by the following command line parameters. Quickpass-Agent-Setup.exe /quiet INSTALLTOKEN="<InstallToken>" CUSTOMERID="<AgentID>" /NORESTART
Quickpass-Agent-Setup.exe /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd" /NORESTART |
Type & followed by the full agent installer executable path in between "" followed by the following command line parameters. & "C:\<PATH>\Quickpass-Agent-Setup.exe" /quiet INSTALLTOKEN="<InstallToken>" CUSTOMERID="<AgentID>" /NORESTART
& "C:\Users\username\Downloads\Quickpass-Agent-Setup" /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd" /NORESTART |
|
Region: The default region will always be North America if the Region value is not specified. To specify the Europe region for the silent installer you must add the REGION="EU" to your silent installer script. To specify the Canada region, you must add the REGION="CA". Quickpass-Agent-Setup.exe /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd" REGION="EU" /NORESTART |
Region: The default region will always be North America if the Region value is not specified. To specify the Europe region for the silent installer you must add the REGION="EU" to your silent installer script. To specify the Canada region, you must add the REGION="CA". & "C:\Users\username\Downloads\Quickpass-Agent-Setup" /quiet INSTALLTOKEN="146f5ad05aaea1e5c2c25015d1fb7495" CUSTOMERID="107f4f54-33d5-4eee-8d65-e8ac5cb6accd" REGION="EU" /NORESTART |
| MSA Account Options | |
| No Value Specified | The Local System Account will run the Quickpass Agent Service |
| MSA=0 | The Local System Account will run the Quickpass Agent Service |
| MSA=1 | A Managed Service Account will be created to run the Quickpass Agent Service NOTE: This is only used for Domain Controllers. All other system types this command will be ignored. |
| Restart Commands | .NET lower than 4.7.2 | .NET 4.7.2 or Higher Already Installed |
| No value Specified | After installation of .NET completes the system will automatically be restarted & After admin login, installation of the Agent system will complete and system will NOT be rebooted | After installation of the Agent system will NOT be rebooted |
| /NORESTART | After installation of .NET completes the system will NOT automatically be restarted & After admin login, installation of the Agent will complete and system will NOT be rebooted | After installation of the Agent system will NOT be rebooted |
| /FORCERESTART | After installation of .NET completes the system will automatically be restarted & After admin login, installation of the Agent will complete and system will NOT be rebooted | After installation of the Agent system will NOT be rebooted |
| RESTART=1 | After installation of .NET completes the system will automatically be restarted & After admin login, installation of the Agent will complete and system will be rebooted | After installation of the Agent system will be rebooted |
Next Steps
- Powershell Script - https://support.getquickpass.com/hc/en-us/articles/4414062591639-PowerShell-Script-for-Agent-Installation
- Pre-Created Scripts - https://support.getquickpass.com/hc/en-us/articles/37046354052759
Troubleshooting
- Ensuring MSA enabled installation allows service to start.
https://support.getquickpass.com/hc/en-us/articles/17291924425111-Using-MSA-for-Agent-on-Domain-Controllers-Resolving-Inability-to-Start-Service
Comments
0 comments
Please sign in to leave a comment.