The Windows login agent that comes bundled with ADSelfService Plus must be installed on users' machines to enable:

• Self-service password reset and account unlock options from the Windows login screen.
• MFA during machine login.
• Cached credentials updates after a password reset for a remote user.

When installing the Windows login agent through the GINA/Mac/Linux Installation option (Configuration > Administrative Tools > GINA/Mac/Linux (Ctrl+Alt+Del)) in ADSelfService Plus, the product tries three methods in the following order:

• RemCom
• PAExec
• WMI

At times, RemCom or PAExec services may be flagged by some antivirus solutions as threats, which may cause issues with the installation of the login agent. By default, if the RemCom method fails, ADSelfService Plus will automatically try the PAExec method. If PAExec also fails, the WMI method will be tried to ensure successful installation.

You can change the order of these installation methods so that the login agent is directly installed through a method that assures a higher success rate based on the constraints in your environment. This documentation will show you how.

Steps to change the ADSelfService Plus login agent installation method

1. Start ADSelfService Plus.
2. Connect to the ADSelfService Plus database.
   • If you're using an external Microsoft SQL Server or PostgreSQL database, use their database-specific steps to connect to the database server.
   • If you're using our built-in PostgreSQL database, please contact the ADSelfService Plus support team at support@adselfserviceplus.com to connect to the database server.
3. Execute the following query to view the current priorities of the login agent installation methods:
   select ADSAgentRemoteExecutors.REMOTE_EXECUTOR_NAME,
   ADSAgentVsRemoteExecutors.REMOTE_EXECUTORS_MAPPING_ID,
   ADSAgentVsRemoteExecutors.PRIORITY from ADSAgentRemoteExecutors inner join ADSAgentVsRemoteExecutors ON
   ADSAgentRemoteExecutors.REMOTE_EXECUTOR_ID = ADSAgentVsRemoteExecutors.REMOTE_EXECUTORS_MAPPING_ID;

   
   

   Figure 1. Viewing the current priorities of the login agent installation methods in an external PostgreSQL server.

4. Based on your requirements, execute the query below to change the priorities of the installation methods:
   update ADSAgentVsRemoteExecutors set priority = CASE WHEN priority = <existing_priority> THEN <new_priority> WHEN priority = <existing_priority> THEN <new_priority> END where PRIORITY in (<existing_priority>,<new_priority>>;

   For example, if you want ADSelfService Plus to use the WMI method first to install the login agent, execute the command given below:

   update ADSAgentVsRemoteExecutors set priority = CASE WHEN priority = 1 THEN 3 WHEN priority = 3 THEN 1 END where PRIORITY in (1,3);

   Here, we are setting the priority of RemCom (default priority of 1) to 3 and the priority of WMI (default priority of 3) to 1. After executing this command, WMI will be set as the default installation method, while PAExec and RemCom will be tried only if the WMI method fails.

5. Run the query from step 3 to check if the changes are reflected and the login agent installation method priorities are updated as required.
   
   
   Figure 2. Checking whether the changes are reflected.

If you need help performing these steps for your ADSelfService Plus instance, feel free to contact support@adselfserviceplus.com.