I'm looking for installing elastic-agent 7.16 on several Windows PCs with a GPO, EPs could be too many to install it manually.
I can't find any guide to do it, so I tried to do it by myself creating a Powershell script to run with a Startup/Logon Script GPO
My problem is that the installation seems to work and the C:\Program Files\Elastic\Agent folder is created at the end of the process, but the agent doesn't enroll to the fleet server and the C:\Program Files\Elastic\Agent\elastic-agent.exe symlink is not present,
meanwhile is present the "C:\Program Files\Elastic\Agent\data\elastic-agent-d420cc\elastic-agent.exe" file.
I paste here the powershell script I created to deploy the agent. Can anybody help me? Somebody had installed the elastic agent massively on domain joined windows PCs?
#Using Powershell 5.0+
$file = '.\Elastic\Agent\elastic-agent.exe'
Set-Location $Env:ProgramFiles
if (-not (Test-Path -Path $file)) {
Set-Location $Env:TEMP
#Uncomment (this ↓) line if you need to download the zip file and comment the Copy-Item line
# Invoke-WebRequest https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-7.16.3-windows-x86_64.zip -OutFile elastic-agent-7.16.3.zip
Copy-Item "\\domaincontroller.local\SYSVOL\domaincontroller.local\scripts\Elastic\elastic-agent-7.16.3.zip" .\elastic-agent-7.16.3.zip
Start-Sleep -s 15 #sleep to ensure previous job was completed
Expand-Archive .\elastic-agent-7.16.3.zip -DestinationPath .
Start-Sleep -s 5 #sleep to ensure previous job was completed
Set-Location .\elastic-agent-7.16.3-windows-x86_64
start-process -FilePath ".\elastic-agent.exe" -ArgumentList "install", "--url=https://fleet.domain.tld:port", "--enrollment-token=my_token", "--insecure", "--force" -Wait
#↑ same as .\elastic-agent.exe install --url=https://fleet.domain.tld:port --enrollment-token=my_token --insecure --force
Start-Sleep -s 10 #sleep to ensure previous job was completed
#Removing files no more needed
Set-Location ..
Remove-Item .\elastic-agent-7.16.3.zip
Remove-Item .\elastic-agent-7.16.3-windows-x86_64 -Recurse
}
else {
exit
}
I tried to manually launch the script in a powershell window and it works like a charm. But I need to deploy the agent using GPO because I need to install it on hundreds of PCs
fleet url and token are valid (I simply posted general names on this page, but in the script they are correct) in fact the script correctly install elastic agent if I run it from powershell.
The problem is present when the script is executed by a Logon Script trough a GPO.
Anyway I post here the output of the same script when launched manually
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\Windows\System32> cd $env:USERPROFILE\desktop
PS C:\Users\user\desktop> .\InstallElasticAgent.ps1
Set-Location $Env:TEMP
Copy-Item "\\domaincontroller.local\SYSVOL\domaincontroller.local\scripts\Elastic\elastic-agent-7.16.3.zip" .\elastic-agent-7.16.3.zip
Expand-Archive .\elastic-agent-7.16.3.zip -DestinationPath .
Set-Location .\elastic-agent-7.16.3-windows-x86_64
start-process -FilePath ".\elastic-agent.exe" -ArgumentList "install", "--url=https://fleet.url.tld:port", "--enrollment-token="token"--insecure", "--force" -Wait
2022-04-19T11:23:36.267+0200 WARN [tls] tlscommon/tls_config.go:98 SSL/TLS verifications disabled.
2022-04-19T11:23:36.820+0200 INFO cmd/enroll_cmd.go:454 Starting enrollment to URL: https://fleet.url.tld:port/
2022-04-19T11:23:37.124+0200 WARN [tls] tlscommon/tls_config.go:98 SSL/TLS verifications disabled.
2022-04-19T11:23:43.467+0200 INFO cmd/enroll_cmd.go:254 Successfully triggered restart on running Elastic Agent.
Successfully enrolled the Elastic Agent.
Elastic Agent has been successfully installed.
Set-Location ..
Remove-Item .\elastic-agent-7.16.3.zip
Remove-Item .\elastic-agent-7.16.3-windows-x86_64 -Recurse
PS C:\Users\user\AppData\Local\Temp>
You should probably try to fetch some output from that execution..
If there's no logfiles from the agent-execution, maybe embed "Start-Transcript" in the script or use ErrorVariable in Start-Process or something.
I had an old script like that lying around in my lab.
Paid it a visit today as i need to enroll in prod soon.
Seems to work (even tried with 7.16.3 like your example)
oviously it needs some error-handling..
using robocopy since i think some 2012-boxes with old wmf lacks Expand-Archive. (and it saves some disk-allocation at scale as well :-p)
Also, i leveraged this by a Immediate Scheduled Task (GPP) instead of a login script.
The script is still located at sysvol but atm, Im pulling the agentfiles from the fleet-server (not suitable for production)...
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.