Microsoft Active Directory is a powerful directory service that can be used to distribute, enforce and audit MetaAccess usage on managed PCs.
Automatic Installation (one-time)
Because the persistent OPSWAT agent is packaged as an MSI, it is very easy to perform distribution to managed endpoints. A simple one-time installation can be performed by hosting your MetaAccess installer in a central location and then referencing it as a parameter to MSIEXEC, for example the following line would cause a silent installation of a MetaAccess installer hosted on a shared network drive mounted as drive Z:
MSIEXEC /a "Z:\Shared\Public\OPSWAT_GEARS_Client_3445-2e5e65e6b68ce141d-0.msi" /qn
Automatic Installation (enforced)
Active Directory can used to not only distribute and install the software, but also to enforce that it remains installed. In Active Directory terms, this is called 'assigning software'. You have a choice to assign software to authenticated users or machines. Both are viable options and you should choose the one that aligns with your other corporate software installations.
The official Microsoft guide can be found here: https://support.microsoft.com/en-us/kb/816102
MetaAccess provides a way to audit OPSWAT agent on your network with the OPSWAT domain controller agent. Check more details at How can I synchronize devices from Active Directory to my MetaAccess account?
Beside that, Active Directory supports the creation of audit policies. These can be used to record events when processes are created and/or terminated on your managed devices. When combined with event log forwarding this can be an effective tool to get a centralized view of process changes across your organization. The downside is that filtering for a specific process (like GearsAgentService.exe) is not natively supported.
This article applies to the Windows persistent OPSWAT agent.
This article was last updated on 2017-09-26
(This article was changed to reflect the new name of MetaAccess on 2017-09-27)