Skip to main content

PsExec installation method

PsExec is a lightweight telnet replacement that lets you execute processes on remote systems.

You can use PsExec to install the DigiCert agent software onto your Windows servers in silent mode over the network.

Before you begin

  • Make sure you have completed all the steps in the Windows agent silent mode preparation and know the network path to the shared silent mode installer script (for example, \\my-server\WindowsAgent\DigiCertAgentGPOInstaller.bat).

  • All target systems must be members of an Active Directory (AD) domain.

  • You need user credentials for an account with AD domain admin privileges.

  • Make sure you can access the PsExec64.exe executable on the AD server where you will manage the installation. You can download the PsTools software bundle from the official Microsoft site.

Installation commands

To install the DigiCert agent on one or more remote Windows servers, run PsExec from an Active Directory server that can reach all the target systems by resolving their hostnames.

Single agent deployment

Run the following command:

PsExec64.exe -h -d -i \\{TARGET SYSTEM AD NAME} -u {AD DOMAIN}\{USERNAME} -p {PASSWORD} "{INSTALL SCRIPT PATH}" -accepteula -nobanner

For example:

PsExec64.exe -h -d -i \\WS2012node1 -u gpo-domain\Administrator -p AdDomain09 "\\my-server\WindowsAgent\DigiCertAgentGPOInstaller.bat" -accepteula -nobanner

Descriptions of command arguments:

Argument

Description

{TARGET SYSTEM AD NAME}

Active Directory name of the target system to install the agent on.

{AD DOMAIN}

Active Directory domain name.

{USERNAME}

Username for an account with AD domain admin privileges.

{PASSWORD}

Password for the above AD user account.

{INSTALL SCRIPT PATH}

Shared universal naming convention (UNC) path for the silent mode installer script (DigiCertAgentGPOInstaller.bat).

Bulk deploy multiple agents

To use PsExec to install the DigiCert agent on multiple systems at once, create a text file on the local AD server (for example, target_systems.txt) that contains the AD names of the target systems, one per line. For example:

WS2012node1
WS2012node2
WS2012node3

Run the following command to install the agent on all the target systems in the list:

PsExec64.exe -h -d -i @{TEXT FILE} -u {AD DOMAIN}\{USERNAME} -p {PASSWORD} "{INSTALL SCRIPT PATH}" -accepteula -nobanner

For example:

PsExec64.exe -h -d -i @target_systems.txt -u gpo-domain\Administrator -p AdDomain09 "\\my-server\WindowsAgent\DigiCertAgentGPOInstaller.bat" -accepteula -nobanner

Descriptions of command arguments:

Argument

Description

{TEXT FILE}

The local text file containing the Active Directory names of target systems to install the agent on. Make sure the file lists each AD name on a line by itself. The AD names will be read and the DigiCert agent installed on each system in the order listed in this file.

{AD DOMAIN}

Active Directory domain name.

{USERNAME}

Username for an account with AD domain admin privileges.

{PASSWORD}

Password for the above AD user account.

{INSTALL SCRIPT PATH}

Shared universal naming convention (UNC) path for the silent mode installer script (DigiCertAgentGPOInstaller.bat).

What's next

The installation script execution log is available in the C:\DigiCertAgentLogs\AgentScriptExecutor.log file on each target system.

Agents that were successfully installed and provisioned are listed on the Discovery & automation tools > Agents page in DigiCert​​®​​ Trust Lifecycle Manager. Each agent is named based on the system hostname where it's running.

Dans cette section​: