Sequential ADSelfService Plus Windows agent login installation process

Sequential ADSelfService Plus Windows agent login installation process

This article highlights the process sequence for the ADSelfService Plus Windows login agent installation via the admin portal and the prerequisites to be addressed to successfully complete each step. Additionally, we're also discussing some common error messages and how to fix them. 

Process flow for Windows login agent deployment from the ADSelfService Plus admin portal

Prerequisites:

  1. Before deploying the login agent, ensure ADSelfService Plus is running in application mode. 
  2. The credentials provided during domain configuration must belongs to a service account that is a part of the Active Directory Domain Admins group.

Step 1) The ADSelfServicePlusClientSoftware.msi file gets copied over to the target machine under the admin$ share

  1. The service account used for domain configuration in ADSelfService Plus must be a Domain Admin to access the admin$ share of the target user machine.
  2. The admin$ share should be accessible over the network.

Step 2) Remote installation. The copied file then gets executed remotely using RemCom.exe, PAExec.exe, or WMI

The above applications should not be restricted by any antivirus services to be executed properly.

Step 3) The login agent's properties are updated after the installation is completed

  1. The Windows Remote Registry service must be running on the target user machine.
  2. The service account used for domain configuration in ADSelfService Plus must be a Domain Admin to have update permissions for Windows Registry settings on the target machine.

How to configure a domain using service account with Domain Admin permissions in ADSelfService Plus

In order to deploy the Windows login agent, the service account updated in our application must belong to the Domain Admins Active Directory group. Please follow the steps provided below to update the service account in the ADSelfService Plus application:.
  1. Log into the ADSelfService Plus admin portal. Click Domain Settings on the top-right corner.
  2. Under the Actions column, click the Edit Domain Details icon. The Edit Domain Settings page will open.
  3. Here, select the Authentication checkbox, and add or update the preferred service account's credentials as the Domain Username and Domain Password.
When running as ADSelfService Plus as a service, follow the below steps as well

1. Log into a Domain Admin account  Go to
Start > Run > Services.
2. In the
Services application that opens, browse to ManageEngine ADSelfService Plus. Right-click, and select Properties from the drop-down that appears.
3. In the
Properties window that opens, go to the Log On tab. Under Log on as, select This Account, browse and update the service account's credentials.

Common errors that hinder the Windows login agent installation sequence

  1. Access to admin$ of the client computer is not available
    In the machine where ADSelfService Plus is installed, select Start > Run, and type \\<client ComputerName>\admin$.  If you get the same error, enable Remote Administration exception on the client computers as below:
  1. From the client computer, select Start > Run and type gpedit.msc and press Enter.
  2. Expand the Administrative Templates > Network Connections > Windows Firewall.
  3. Click the Domain Profile and double-click the Firewall: Allow remote administration exception.
  4. Select Enabled and click OK.
  1. Windows Remote Registry Services are not enabled
    To enable Remote Registry Services:
  1. Open Services.
  2. Find the Remote Registry service.
  3. Verify that it runs on System Startup.
  1. Antivirus software blocks the login agent installation
    Please disable any antivirus or firewall on the client and server then try to reinstall the Windows login agent. The RemCom.exe file is used to install the client software remotely to the machines. Please exclude the installation directory of ManageEngine ADSelfService Plus in antivirus software so that the RemCom.exe file is not blocked from accessing the ADSelfService Plus server.

                    New to ADSelfService Plus?

                      • Related Articles

                      • Updating the ADSelfService Plus Login Agent in Windows

                        The ADSelfService Plus login agent can be installed on machines running Windows manually, through the ADSelfService Plus admin portal, via GPOs, SCCM, and tools like Endpoint Central. You can update the Windows login agent to its latest version in ...
                      • Updating the ADSelfService Plus Login Agent for macOS

                        The ADSelfService Plus login agent for macOS can be updated from the ADSelfService Plus admin portal, manually through the Terminal on the machine running macOS, or via tools like Endpoint Central. Updating the login agent through the ADSelfService ...
                      • How to migrate the ADSelfService Plus installation from one machine to another

                        Description This article will guide you through the process for migrating the ADSelfService Plus installation from one machine to another. Important: Before you start the migration process, please update your ADSelfService Plus installation to the ...
                      • How to install ADSelfService Plus as a Windows service?

                        ManageEngine ADSelfService Plus can be run both as an application and as a Windows service. When installed as a Windows NT service, the tool will be up and running in the background even when the user has logged off from his system. Furthermore, ...
                      • Excluding ADSelfService Plus from antivirus software

                        Antivirus software plays a huge role in securing an organization's IT environment. Some antivirus software might not trust third-party applications, like ADSelfService Plus, and flag them as threats, which can impede how the product works. To prevent ...