Deploy Agent Smith with Microsoft Intune
Last updated
Was this helpful?
Last updated
Was this helpful?
Rewst has two methods for deploying Agent Smith using Microsoft Intune:
Use Win32 Packaging
Deploy via Intune PowerShell Scripts
Win32 is the preferred Microsoft way of deployment. This method provides more granular installation and health feedback, plus the ability to uninstall if the deployment is unsuccessful. However, this method is more complicated and time consuming. The use of Intune platform scripts is much simpler, but yields a much less robust result. You'll be shown a yes/no response for if the script runs, which may or may not install the app successfully. Choose the deployment method that fits your level of comfort and experience.
Intune licensing
Properly configured Agent Smith environment
Agent Smith PowerShell configuration script, generated via Rewst form
Click on each of the methods to expand and view its instructions.
Follow the instructions under the Provision agents section of the Agent Smith Configuration Guide to generate the dynamic PowerShell configuration script. Your generated script will look something like this:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Set-ExecutionPolicy RemoteSigned
iwr ((irm {{ INSTALLER }}).assets|?{$_.name -eq \\\\"rewst_agent_config.win.exe\\\\"}|select -exp browser_download_url) -OutFile rewst_agent_config.win.exe
.\\\\\\\\rewst_agent_config.win.exe --config-url {{ ENGINE_URL }}/webhooks/custom/trigger/{{ trigger_id }}/{{ ORG.ATTRIBUTES.id }} --config-secret {{ CONFIG_SECRET }} --org-id {{ ORGID }}
Create a PowerShell Install Script - install.ps1
Create a clean folder structure for your application. Your folder should contain:
Installer files: .ps1 in this case
Optional PowerShell detection script
Example folder structure:
AgentSmith
├── source
│ ├── install.ps1
├── scripts
│ └── DetectionScript.ps1
└── output
Create install.ps1 using the provided install script mentioned earlier.
Save the provided install script as install.ps1
.
Use Microsoft Win32 Content Prep Tool (IntuneWinAppUtil.exe) to complete the following.
Download IntuneWinAppUtil from GitHub.
Open a command prompt, either CMD or PowerShell.
Run the following command:
c: Source folder, which contains your installer files.
s: Powershell install script
o: Output directory for the .intunewin package.
IntuneWinAppUtil.exe -c "FOLDERLOCATION" -s "INSERTPOWERSHELLFILENAMEHERE" -o "OUTPUTFOLDER"
Example:
IntuneWinAppUtil.exe -c "C:\\AgentSmith\\source" -s "install.ps1" -o "C:\\AgentSmith\\output"
Upon completion, your .intunewin package will be generated in the specified output folder.
Sign in to the Microsoft Endpoint Manager Portal.
Navigate to Apps > Windows > + Add > Windows app (Win32).
Upload your .intunewin package (AgentSmithSetup.intunewin).
Fill out the Name, Description, and Publisher fields under the App information tab of the Add App menu.(The other fields are optional, you are welcome to fill them out if you’d like.)
Under the Program tab, paste the following into the relevant fields:
Install command - replace install.ps1 with the name of the ps1 installer script you created earlier in the process:
powershell.exe -ExecutionPolicy Bypass -File install.ps1
Uninstall command:
powershell.exe -ExecutionPolicy Bypass -Command "Get-Service -Name 'AgentSmithService' -ErrorAction SilentlyContinue | Stop-Service -Force -ErrorAction SilentlyContinue; sc.exe delete 'AgentSmithService'"
Install behavior: select System
Under the Requirements tab:
Specify the Minimum operating system - Windows 10, Windows 11, etc.
Specify the Operating system architecture - 32-bit or 64-bit.
Under the Detection Rules tab:
Choose Manually configure detection rules from the drop-down selector.
Add a rule.
Set the Rule type to File.
Set the Path to C:\Program Files\RewstRemoteAgent\
Set File or folder to rewst_remote_agent_REPLACEWITHORGID.win.exe
after replacing the placeholder ORGID.
Set the Detection method to File or folder exists.
Alternatively you can use a detection script such as the one provided in the Immybot install guide.
No alterations to the Dependencies or Supersedence tabs are needed. Under the Assignments tab:
Assign the application to required groups, be they users or devices.
Once your group is selected, the defaults here will work, but feel free to modify the settings to your comfort level.
Under the Review and Create tab:
Confirm your settings.
Click Create.
Deploy initially to a test group to verify the agent installs and detects correctly before wider distribution.
Intune checkin times can be sporadic at times, app deployment times may take up to 48 hours.
After clicking create, you’ll be brought to the App overview page where you can monitor deployment progress. Verify that the deployment completes.
Ensure that you have your PowerShell script from the Provision agents section of your Agent Smith Configuration Guide. Use a text editor such as VS Code to take this copied PowerShell script and save it as a .ps1 file.
Navigate to Devices > Scripts and remediations in Intune.
Click Platform Scripts > Add > Windows 10 and later to upload your PowerShell script.
Add the script in the screen that appears:
Enter Agent Smith
into the Name field under the Basics tab.
Under the Script settings tab:
If you are not signing your scripts, set Enforce script signature check is set to no. Enforcing script signature check will require any scripts to be signed.
Assign the script to your target device or user groups under the Assignments tab.
Monitor deployment progress and status via the Intune portal.
Validate deployment success through Intune reports.
Monitor device statuses in the Azure IoT Hub portal.
Review logs at C:\\ProgramData\\RewstRemoteAgent
for troubleshooting.
Ensure communication with Azure IoT Hub is not blocked by firewalls or endpoint protection software.
For additional support, refer to the Agent Smith Troubleshooting Guide or reach out via the Rewst Discord server in the #agent-smith channel.