You can deploy Windows endpoints to Nebula in a few different ways. The most common method is to copy an installer file to the endpoint and run the file manually. For more information, see Add Windows endpoints in Nebula.
TIP - The endpoint agent automatically updates to a newer version when an older version is installed. However, updating from a very outdated installer can cause issues. We recommend downloading a new installer from the console every few months to ensure a smooth deployment.
You may also deploy endpoints using Microsoft’s Group Policy Object (GPO) which is part of the Active Directory infrastructure. Endpoints run automatic Group Policy updates to retrieve new settings and packages for deployment.
For Group Policy deployment information, see Use Group Policy to remotely install software.
GPO deployment
If you are deploying with GPO, you must configure your firewall.
Here is a list of firewall prerequisites:
- Open ports 135, 137, and 445
- Enable Windows Management Instrumentation (WMI)
- Enable Remote Procedure Call (RPC)
Configure Windows Firewall
Follow these steps to configure the Windows Firewall.
Open Domain Profile settings
- Click the Start menu.
- To open GPMC, type Group Policy Management and press Enter.
- For Windows Server 2008 R2 and older operating systems, type gpmc.msc.
- Under Group Policy Management, double-click Forest.
- Double-click Domains to view your domain.
- Under your domain, right-click Default Domain Policy and click Edit....
- Go to Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile.
Add ports 135, 137, and 445
- Double-click Windows Firewall: Define inbound port exceptions.
- Select Enabled.
- In the same window under Options:, click Show.
- When the Show Contents window appears, under the Value column, enter 135, 137, and 445.
- Click OK.
- On the Windows Firewall: Define inbound port exceptions window, click Apply > OK.
Enable WMI and RPC
- From the Group Policy Management Editor window, double-click Windows Firewall: Allow inbound remote administration exception.
- On the Windows Firewall: Allow inbound remote administration exception window, click Enabled > Apply > OK.
- Double-click Windows Firewall: Allow inbound file and printer sharing exception.
- On the Windows Firewall: Allow inbound file and printer sharing exception window, click Enabled > Apply > OK.
After completing all three steps, you can deploy the endpoint agent to your endpoints.
Command Prompt commands
Alternatively, use the Command Prompt to configure the firewall. Execute the following commands on each endpoint.
Windows 7
netsh firewall set service RemoteAdmin enable
Windows 8, 8.1, 10, and 11
netsh advfirewall firewall set rule group="remote administration" new enable=yes
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes