You can optionally install the Teramind Hidden/Silent Agent in a protected mode. Installing the Agent in protected mode has the following advantages:
prevent users from seeing the Agent in system services list
prevent the stopping of the service using commands such as “sc stop”
prevents corruption of the service registration
prevent uninstall by unauthorized admins
There are two steps to protecting an Agent installation:
Step 1: Install the Hidden Agent in Protected Mode
When installing the Agent with MSI, use the
DO_PROTECTION=yes parameter. For example:
msiexec /i teramind_agent.msi DO_PROTECTION=yes
teramind_agent.msi is the exact name of the Agent file, i.e.
If there’s already a protected Agent installed, attempting to install agent without protection (
DO_PROTECTION=no, or without any parameter) will fail.
Installing/upgrading/uninstalling of protected agent must be run from local admin with “Take Ownership” rights. List of users and groups with this rights is regulated by GPO:
File > Add/Remove Snap-in > Group Policy Object Editor for local computer
Console Root > Local Computer Policy > Computer Configuration > Windows settings > Security Settings > Local Policies > User Rights Assignments > Take Ownership of files or other objects.
Select COMPUTERS from the main menu on the dashboard. Then click the REMOTE INSTALL AGENT button on top. Add
DO_PROTECTION=yes to the MSI arguments under the MSI Location section. Then do the installation as usual.
Step 2: Set the Protection Password (optional)
You can optionally set a password to protect the Agent. If you set a password, other admins can remove the Agent using the password. Otherwise, only the original admin who installed the Agent will be able to remove it.
You can define the password from the Teramind Dashboard:
1. Click the Gear icon from the top right corner of the dashboard.
2. Select Settings.
3. Select the Security tab.
4. Under Agent removal protection, specify the uninstall password.
5. Click SAVE.