Scheduled Task based Deployment

This section describes the method for Scheduled Task-based Cloud Agent Deployment.

Prerequisites

Before starting with Cloud Agent deployment you must meet the following prerequisites for successful deployment.

• The Qualys Cloud Agent setup is downloaded and stored on a network share e.g. \\server\share\QualysAgent.exe.
• Download the following install script and store it at the same location as that of Cloud Agent setup.
  
  qualys_install.batqualys_install.bat

   
  :: Script to deploy QualysAgent.
  :: Arguments:
  :: 		[Required]	InstallerPath= 	<Folder path where Qualys Agent installer is present>
  :: 		[Required]	InstallerName= 	<Filename of Qualys Agent installer>
  :: 		[Required]	CustomerId= 	<Customer GUID>
  :: 		[Required]	ActivationId= 	<Activation GUID>
  :: 		[Required]	WebServiceUri= 	<WebService URI>
  :: Example: 
  :: qagent.bat InstallerPath=\\10.10.10.10\Share InstallerName=QualysAgent.exe CustomerId={11111111-2222-3333-4444-555555555555} ActivationId={12345678-1234-1234-1234-123456789012} WebServiceUri=https://qagprivate.qualys.com/CloudAgent/
  @ECHO off
  :: Path used to check if Qualys Agent is already installed. 
  SET qAgentPath="C:\Program Files\Qualys\QualysAgent\QualysAgent.exe"
  :: Temp path to copy Qualys Agent installer from shared folder.
  SET TempPath=C:\Windows\Temp
  :: Log file
  SET LogFile=C:\Windows\Logs\QualysAgent\qagscript.log
  SET InstallerPath=
  SET InstallerName=
  SET CustomerId=
  SET ActivationId=
  SET WebServiceUri=
  :: Log that script execution started
  ECHO %date% %time%    INFO: Started Qualys Agent installation script. >> %LogFile%
  :: Get all command line arguments
  :GETARGS
   IF /i "%~1" == "InstallerPath" SET "InstallerPath=%2" & SHIFT
   IF /i "%~1" == "InstallerName" SET "InstallerName=%2" & SHIFT
   IF /i "%~1" == "CustomerId" SET "CustomerId=%2" & SHIFT
   IF /i "%~1" == "ActivationId" SET "ActivationId=%2" & SHIFT
   IF /i "%~1" == "WebServiceUri" SET "WebServiceUri=%2" & SHIFT
   SHIFT
  IF NOT [%1]==[] goto GETARGS
  IF [%InstallerPath%]==[] (
  ECHO %date% %time%    ERROR: InstallerPath is required. >> %LogFile%
  EXIT /B 1
  )
  IF [%InstallerName%]==[] (
  ECHO %date% %time%    ERROR: InstallerName is required. >> %LogFile%
  EXIT /B 1
  )
  IF [%CustomerId%]==[] (
  ECHO %date% %time%    ERROR: CustomerId is required. >> %LogFile%
  EXIT /B 1
  )
  IF [%ActivationId%]==[] (
  ECHO %date% %time%    ERROR: ActivationId is required. >> %LogFile%
  EXIT /B 1
  )
  IF [%WebServiceUri%]==[] (
  ECHO %date% %time%    ERROR: WebServiceUri is required. >> %LogFile%
  EXIT /B 1
  )
  IF NOT EXIST %qAgentPath% (
  ECHO; >> %LogFile%
  ECHO %date% %time%    INFO: InstallerName: %InstallerName% >> %LogFile%
  ECHO %date% %time%    INFO: InstallerPath: %InstallerPath% >> %LogFile%
  ECHO %date% %time%    INFO: Installer Command: %InstallerName% CustomerId=%CustomerId% ActivationId=%ActivationId% WebServiceUri=%WebServiceUri% >> %LogFile%
  ECHO %date% %time%    INFO: Installer Fullpath: %InstallerPath%\%InstallerName% . >> %LogFile%
  ECHO %date% %time%    INFO: Executing Command: %InstallerPath%\%InstallerName% CustomerId=%CustomerId% ActivationId=%ActivationId% WebServiceUri=%WebServiceUri% >> %LogFile%
  PUSHD %InstallerPath%
  %InstallerName% CustomerId=%CustomerId% ActivationId=%ActivationId% WebServiceUri=%WebServiceUri%
  POPD
  ECHO %date% %time%    INFO: Done. Exiting. >> %LogFile%
  EXIT /B 1
  )
  :: If Qualys Agent path already present, exit the script.
  ECHO %date% %time%    ERROR: Qualys Agent already installed. Path: %qAgentPath% >> %LogFile%
  ECHO %date% %time%    INFO: Exiting. >> %LogFile%
          
          

• Only an enterprise or domain administrator user can deploy Cloud Agent using group policy.

Cloud Agent Deployment Steps

The following are the steps to create a group policy for scheduled task-based Cloud Agent deployment.

Create New Group Policy Object

The following are the steps to create a new group policy object:

1. Launch the Windows Group Policy Management (GPM) tool (gpmc.msc) on the Domain Controller (DC).
2. Right click on an existing Organizational Unit (OU) and select Create a GPO in this domain, and Link it here... .
   
   
3. Enter a name for the new GPO. For example, QualysDeployment.

Edit Group Policy Object

The following are the steps to edit group policy object:

1. Right click this newly created GPO and select Edit. The Group Policy Management Editor window opens.
2. In the Group Policy Management Editor window, navigate to Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks.
3. Right click in the Scheduled Task option, and select New > Immediate Task (At least Windows 7). The New Task Properties window opens.
   
   

Configure New Task Properties

Configure General Parameters

In the New Task Properties window, on the General tab, enter the following information.

1. Name: Set the name of the task e.g. QualysAgent-Install.
2. For User Account field use the SYSTEM user account.
3. Select Run whether the user is logged on or not.
4. In the Configure for options menu, select Windows 7®️, Windows Server™️ 2008R2.

Configure Actions

1. Open the Actions tab and click New. The New Action window opens.
   
   
2. In the New Action window, enter the following details:
   
   Action: Select Start a program from available options.
   
   Program/script: Enter the complete UNC path for installation script. For example, \\server\share\qualys_install.bat.
   
   Add arguments(optional): Enter the following parameters as an argument:
   InstallerPath=\\server\share InstallerName=QualysAgent.exe CustomerId={11111111-2222-3333-4444-555555555555} WebServiceUri=https://qagpublic.qualys.com/CloudAgent/
3. Click OK.

Configure Conditions

1. Open the Conditions tab on New Task window and edit the following details.
   
   
2. Select the Start only if the following network connection is available checkbox. This enables the options menu.
3. Select the Any connection from the available options.
4. Click OK.

Configure Settings

1. Open the Settings tab on New Task window and edit the following details.
   
   
   
   Select the Allow task to be run on demand checkbox.
   
   Select the If the task fails, restart every checkbox and select 1 hour from the available options.
   
   Attempt to restart up to: Enter the value for maximum number of retries system should attempt.
   
   Select the Stop the task if it runs longer than checkbox and select 1 hour from the available options.
   
   Select the If the running task does not end when requested, force it to stop check box.
2. Click OK.

Configure Common Settings

1. Open the Common tab on New Task window.
2. Select the Item-level targeting checkbox and click Targeting. The Targeting Editor window opens.
   
   
3. On the Targeting Editor window you can create the following filters to skip the Cloud Agent deployment if it is already installed on targeted asset.

Steps to create File Filter

The following are the steps to create a File Filter:

1. Click the New Item menu and select File Match as field value.
2. Click Item Options menu and select Is Not as field value.
3. For the Match type field , select File Exists as field value.
4. For the Path field, enter the following path: C:\Program Files\Qualys\QualysAgent\QualysAgent.exe
5. Click OK.

Steps to create Registry Filter

The following are the steps to create a Registry Filter:

1. Click the New Item menu and select Registry Match as field value.
2. Click Item Options menu and select Is Not as field value.
3. For the Match type field , select Key Exists as field value.
4. For the Hive field, select HKEY_LOCAL_MACHINE as the feild value.
5. For the Key Path field, enter the following path: SYSTEM\CurrentControlSet\Services\QualysAgent
6. Click OK.
7. Click Apply and then OK to create a scheduled deployment task.