If a Network Agent has already been installed on a device, remote installation of applications on that device is performed through this Network Agent. The distribution package of an application to be installed is transferred over communication channels between Network Agents and Administration Server, along with the installation settings defined by the administrator. To transfer the distribution package, you can use relay distribution nodes, that is, distribution points, multicast delivery, etc. For more details on how to install applications on managed devices with Network Agent already installed, see below in this section.
You can perform initial installation of Network Agent on devices running Windows, using one of the following methods:
With third-party tools for remote installation of applications.
By cloning an image of the administrator's hard drive with the operating system and Network Agent: using tools provided by Kaspersky Security Center for handling disk images, or using third-party tools.
With Windows group policies: using standard Windows management tools for group policies, or in automatic mode, through the corresponding, dedicated option in the remote installation task of Kaspersky Security Center.
In forced mode, using special options in the remote installation task of Kaspersky Security Center.
By sending device users links to stand-alone packages generated by Kaspersky Security Center. Stand-alone packages are executable modules that contain the distribution packages of selected applications with their settings defined.
Manually, by running application installers on devices.
The following methods can be used for the initial installation of Network Agent on a device running Linux:
By sending device users links to stand-alone packages generated by Kaspersky Security Center. Stand-alone packages are executable modules that contain the distribution packages of selected applications, with pre-defined settings.
When selecting a method and a strategy for deployment of applications on a managed network, you must consider a number of factors (partial list):
Presence of devices on the organization's network, which are not members of any Active Directory domain, and the presence of uniform accounts with administrator rights on those devices.
Capacity of the channel between the Administration Server and devices.
Type of communication between Administration Server, and remote subnets and the capacity of the network channels in those subnets.
Security settings applied on remote devices at the start of deployment (such as use of UAC and Simple File Sharing mode).