The purpose of this document is to show some useful commands you can use to finish getting an out of the box core server ready to test agentless scanning/deployment with Protect.
You will need to create exceptions in Windows Firewall to meet the Port Requirements for Ivanti Patch for Windows Servers (Formerly Shavlik Protect).
An easy way to test is with the firewall disabled.
To disable Windows firewall:
netsh advfirewall set allprofiles state off
Best practice is to create port exceptions, which you should be able to accomplish with some of the other firewall commands:
If you have any other 3rd party or hardware firewalls work with your network team to ensure the port requirements are met.
A few services are required to perform agentless scan and deployment tasks, including:
- Remote Registry
- Windows Update (Cannot be disabled, but can be set to Manual start-up)
By default the Server and Workstation services should be running, but Remote Registry and Windows Update services may need to be enabled and set to a different start-up type.
Below are some examples to show how you can do this:
-Note that there are other ways to perform this as well, including via GPO.
Turn on Remote Registry service:
sc start remoteregistry
Set the Remote Registry service to Automatic (Optional):
sc config remoteregistry start=auto
Set Windows Update service to Manual start-up:
sc config wuauserv start=demand
Other service controller commands:
Ensure you've checked the full prerequisites list for scanning or deployment below, and you should be all set as long as Windows is activated. Protect will scan and deploy to a core server just as it would any other system. It's not seen as a different version of Windows in Protect. The only difference is that there's no Windows UI besides command line. These commands will obviously work on a regular Windows OS as well.
Shavlik Protect, All Versions