I had to deploy Kaspersky Endpoint Security Cloud to replace a standard Kaspersky Enpoint Security architecture. To do so I've used Microsoft psexec tool and a PowerShell script.
We need a network share (accessible by all) where we will put KESC.exe and the deploy.bat batch script in.
I used the official script as an example : https://support.kaspersky.com/13693.
Modify the red line depending on your infrastructure.
@echo off
REM ECHO ON
:REM if HKLM\Software\KasperskyLab missing, create Key
REG QUERY HKLM\Software\KasperskyLab
IF %ERRORLEVEL% == 1 REG ADD HKLM\Software\KasperskyLab
REG QUERY HKLM\Software\KasperskyLab\KESCloud
IF %ERRORLEVEL% == 1 REG ADD HKLM\Software\KasperskyLab\KESCloud
:REM If HKLM\Software\KasperskyLab\KESCloud\NetAgent DWORD equal to 1 KESC switch else go to NETAGENT switch
REG QUERY HKLM\Software\KasperskyLab\KESCloud /v NetAgentVersion | FIND "0x2"
IF %ERRORLEVEL% == 1 GOTO INSTALL
GOTO END
:INSTALL
ECHO Installing
REG ADD HKLM\Software\KasperskyLab\KESCloud /v NetAgentVersion /t REG_DWORD /f /D 2
\\std.local\netlogon\KAV\KESC.exe -s
REG ADD HKLM\Software\KasperskyLab\KESCloud /v AutoPackageInstalled /t REG_DWORD /f /D 1
:END
ECHO Finish
set /p=Hit Enter to continue...
This PowerShell script checks if the host is available (via a ping command). If yes, the psexec.exe tool will be used to run the deploy.bat batch on the target computer.
Now, the PowerShell script that I executed from the AD. We have to set the following variables :
########################### # author : shebangthedolphins.net # version : 1.2 # date : 2020.12 # role : deploy Kaspersky Endpoint Security Cloud # other : launch it with domain admin user rights. # updates : # - 1.0 (2018/02) : First version # - 1.1 (2020/09) : Add variables and comments # - 1.2 (2020/12) : Updates, variables corrections #VARIABLES $computers = @("COMPUTER15","COMPUTER85","COMPUTER86","COMPUTER98","COMPUTER16","COMPUTER19") $domain = "std.local" $user = "administrator" $password = "Mypassword" $share = "\\std.local\netlogon\KAV\" $psexec = "c:\Users\std\psexec.exe" Foreach ($computer in $computers) { Write-Host "Work on $computer" ping -n 1 "$computer" | findstr "TTL" #check if computer is available if ($LASTEXITCODE -eq '0') #if yes, let's start deployment { & "$psexec" "/accepteula" "\\$computer" "-u" "$domain\$user" "-p" "$password" "$share\deploy.bat" #Start-Process -FilePath ($psexec) -ArgumentList ("/accepteula" + " \\" + $computer + " -u " + $domain + "\" + $user + " -p " + $password + " " + $share + "\" + "deploy.bat") # -Wait } else { Write-Host "$computer cannot be reached" } }
Contact :