Endpoint Discovery (Recommended)
Endpoint Discovery enables you to automatically detect networked endpoints and keep their agents up-to-date.
Installing the Action1 Connector
- Go to the Endpoint Discovery page and select Install Connector.
- On the Download step, download the installation package. The installer name is unique and indicates your Action1 account and the organization. The Connector supports both 32- and 64-bit systems. Once the download has completed, right-click the Connector and run it as administrator.
- Provide administrator credentials. They will be used to automatically deploy Action1 agents on your endpoints. We suggest you to create a dedicated account for Action1 Connector service. The account you specify must have the following rights:
- Logon as a service (on the local computer). The installer will attempt to grant this right to the specified account.
- Member of the local Administrators group on all of your managed endpoints. You can add a dedicated domain account to local Administrators groups via Group Policy. Note that the account itself does not require any domain administrative rights to Active Directory, only local permissions are needed.
How to add the Action1 Connector service account to local Administrators via Group Policy?
- On a domain controller, start Active Directory Users and Computers and navigate to your domain / Users.
- Create a new user for the Action1 Connector service, e.g., “Action1Connector”.
- Create a domain global security group, e.g., “Action1LocalAdmins” and make Action1Connector a member of this group.
- Start the Group Policy Management Console (GPMC).
- Locate an effective domain policy (most likely Default Domain Policy) or create a new Group Policy object that applies to the entire domain or just the needed OUs with your managed endpoints.
- Right-click a policy and select Edit.
- Navigate to Computer Configuration / Policies / Windows Settings / Security Settings / Restricted Group.
- Right-click an empty space and select Add Group. Specify the name of the group dedicated to Action1 Connector (Action1LocalAdmins).
- Configure settings. In the Members of this group section, click Add and select the account you’ve created (Action1Connector). In the This group is a member of section, click Add and select Administrators.
- To apply these changes, run `gpupdate /force` in the command prompt.
Why does Action1 Connector require these settings?
Action1 Connector installs itself into %ProgramFiles%\Action1\Connector or %ProgramFiles(x86)%\Action1\Connector depending on the type of the system. After the installation, the Connector will securely connect to Action1 Cloud using embedded information about your organization that includes an authentication certificate for mutual authentication and a private encryption key, specific to your organization.
4. Check that Action1 Connector has been successfully installed and connected to Action1 Cloud.
Configuring Endpoint Discovery
Return to the Endpoint Discovery page to finish the configuration process and start using Action1.
- Discover all endpoints in the domain or OU—to do it, specify one or several domains or organizational units, separated by commas (e.g., widgets.local, organization.com/Servers). You’ll have an option to exclude domain controllers or all machines running Windows Server OS.
- Discover and connect to Action1 specific computers from the list.
- Additionally, exclude endpoints that shouldn’t be connected to Action1 Cloud.
How it works? Once you specify the scope of deployment (such as an Active Directory domain or list of computers), Connector will automatically reach out to each managed computer, copy the Action1 agent executable into \\computername\admin$\Action1 folder (which maps to %WinDir%\Action1 locally), and then create and start the Action1 Endpoint Agent service. Bypassing the Connector, the Action1 agents will connect to Action1 Cloud and discovered devices will appear in the Managed Endpoints list.
If you manage multiple organizations, you should install Connectors for each organization and configure discovery settings individually.
NOTE: To disconnect an endpoint from Action1 Cloud, on the Managed Endpoints page select an option to uninstall the Action1 agent and then add this endpoint to the excluded list on the Endpoint Discovery page. Otherwise, the Connector will try reinstalling the agent you’ve removed.