Skip to main content
All CollectionsTroubleshooting and How-ToHow-To Articles
How to protect your Agent installation from tampering
How to protect your Agent installation from tampering
A
Written by Arick Disilva
Updated over 7 months ago

Introduction

Currently, this feature is supported on Windows only.

You can optionally install the Teramind Hidden/Silent Agent in a protected mode. Installing the Agent in protected mode has the following advantages:

  • prevent users from seeing the Agent in system services list

  • prevent the stopping of the service using commands such as “sc stop”

  • prevents corruption of the service registration

  • prevent uninstall by unauthorized admins

There are two steps to protecting an Agent installation:

Step 1: Install the Hidden Agent in Protected Mode

When installing the Agent with MSI, use the DO_PROTECTION=yes parameter. For example:

Local Installation

msiexec /i <teramind_agent.msi> DO_PROTECTION=yes TMINSTANCE=<instance name | ID> /qn

Where, teramind_agent.msi is the exact name of the Agent file, i.e. teramind_agent_v0.1.9999_x64.msi.

<instance name | ID> is either the instance name or instance ID. For example, “mycompany”, or “__b89a5c47a3cdd45682c21d3f764218c2aed88bd5”.

For example:

msiexec /i teramind_agent__v0.1.9999_x64.msi DO_PROTECTION=yes TMINSTANCE=mycompany /qn

Or:

msiexec /i teramind_agent__v0.1.9999_x64.msi DO_PROTECTION=yes TMINSTANCE=__b89a5c47a3cdd45682c21d3f764218c2aed88bd5 /qn

Notes:

  • If the agent file name already contains the instance name (within a -i() parameter), and you don’t include the /qn parameter (silent install), then you don't have to specify the TMINSTANCE parameter. For example:

msiexec /i teramind_agent_x64_s-i(mycompany).msi DO_PROTECTION=yes
  • If there’s already a protected Agent installed, attempting to install agent without protection (DO_PROTECTION=no, or without any parameter) will fail.

  • Installing/upgrading/uninstalling of protected agent must be run from local admin with “Take Ownership” rights. List of users and groups with this rights is regulated by GPO:

    1. mmc.exe

    2. File > Add/Remove Snap-in > Group Policy Object Editor for local computer

    3. Console Root > Local Computer Policy > Computer Configuration > Windows settings > Security Settings > Local Policies > User Rights Assignments > Take Ownership of files or other objects.

Remote Installation

Select COMPUTERS from the main menu on the dashboard. Then click the REMOTE INSTALL AGENT button on top. Add DO_PROTECTION=yes (if it's a On-Premise deployment) or DO_PROTECTION=yes TMROUTER=rt.teramind.co (if it's a Cloud deployment) to the MSI arguments under the MSI Location section. Then do the installation as usual.

Step 2: Set the Protection Password (optional)

You can optionally set a password to protect the Agent. If you set a password, other admins can remove the Agent using the password. Otherwise, only the original admin who installed the Agent will be able to remove it.

You can define the password from the Teramind Dashboard:

1. Click the Gear icon from the top right corner of the dashboard.

2. Select Settings.

3. Select the Security tab.

4. Under Agent removal protection, specify the uninstall password.

5. Click SAVE.

Check out this article, to learn how to uninstall a protected agent.

Did this answer your question?