[KB3675] Deploy the ESET Remote Administrator Agent via SCCM or GPO (6.x)


ESET business product in Limited Support status

This article applies to an ESET product version that is currently in Limited Support status and is scheduled to reach End of Life status soon.

For a complete list of supported products and support level definitions, review the ESET End of Life Policy for business products.

Upgrade ESET business products.

  • Distribute the ESET Remote Administrator Agent (ERA Agent) installer file for distribution via Group Policy Object (GPO) or System Center Configuration Manager (SCCM)
  • An alternate method to distribute ERA Agent in enterprise environments or environments with a high number of client computers


This article explains how to create a modified version of the ERA Agent Installer file for distribution in large and enterprise-level environments. The .msi file for the ERA Agent is separated from the .bat file available from ESET Remote Administrator and then modified so that it will be able to recognize the proper certificate and port for communication with your ERA Server after distribution to client computers.


Getting Started with ERA: Step 4 of 6

Add Client Computers | Deploy ESET endpoint solutions

This article is for ESET Remote Administrator version 6.4 and later.

View permissions needed for least privilege user access

ERA 6.5 User Permissions

This article assumes that your ERA user has the correct access rights and permissions to perform the tasks below.

If you are still using the default Administrator user, or you are unable to perform the tasks below (the option is grayed out), see the following article to create a second administrator user with all access rights (you only need to do this once):

A user must have the following permissions for the group that contains the modified object:

Functionality Read Use Write

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers

A user must have the following permissions for their home group:

Functionality Read Use Write
Stored Installers
Agent Deployment  

Once these permissions are in place, follow the steps below.

Default certificates

Peer certificates and Certification Authority created during the installation are by default contained in the static group All.

  1. On your ERA Server, click the appropriate ERA 6.5 Agent installer file below and save the file to a shared folder your client computers can access. Visit our Knowledgebase article for a complete list of ERA 6.5 Component installers.
Agent    Windows                   Linux                        macOS
64-Bit 64-bit Download 64-bit Download
32-Bit 32-bit Download 32-bit Download 32-bit Download
  1. Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in.
  2. Click Deploy ERA Agent.

Figure 1-1
Click the image to view larger in new window

  1. In the Use GPO or SCCM for deployment section, click Create Script.

Figure 1-2
Click the image to view larger in new window

  1. Click Create Package. Save the install_config.ini file to the same shared folder from Step 2. For customers using custom certificates, refer to the Custom certificates with ERA Online Help topic for more details.

Figure 1-3
Click the image to view larger in new window

Client computers need read/execute access

Verify all appropriate client computers have read/execute access to the folder containing the .msi and .ini files. Right-click the folder from Step 2 and click Properties. Click the Security tab. Review each machine and confirm the check box next to Read & execute is selected under the Allow column. If not, click Edit, adjust the settings and click Apply.

Figure 1-4

  1. Refer to one of the processes below to deploy the package:
  1. Once you have completed the instructions from the appropriate article, proceed to Step 5, deploy ESET endpoint products to your client computers if you are performing a new installation of ERA.