Crowdstrike Agent Deployment Only Succeeds When Logged Into Target

SysAdm492 · ‎11-20-2025

We have a bit of an odd situation: When we push a deployment to install a Crowdstrike agent it fails when it tries to update the root certificate store on the target machine. However, if a user is logged into the machine when the deployment runs, it succeeds.

The Deployment Task can access the file share and the scripts do run. I can see the resulting log files with the certificate failure error. These logs are only created when the script runs.

The Deployment is being done by the System Account in both cases. The only difference between a successful deployment and a failed deployment is that a user is logged into the target machine.

Why would being logged in affect the accessibility of the root certificate store to the System Account?

vladgreyze · ‎11-23-2025

We also deploy CS using Lansweeper (many thousands deployed across multiple countries) and it does take some fine tuning to get the deployment to succeed. It would be hard to get to the root cause without knowing your specific scenario.

Deployment package configuration:

Do you use FalconSensor_Windows.exe installer with command line parameters? If so, what are the params related to proxy configuration - proxy bypass/hardcoded proxy/no specific configuration?
Do you use PowerShell scripts provided by CS support/available on CS GitHub repo?

Machine configuration:

Do you have user specific proxy settings (WPAD/PAC or hardcoded proxy)
Do you have machine specific proxy settings (WinHTTP etc)

If I understand your problem correctly, it sounds like the package deployment fails when no user is logged on could be caused by lack of internet access to perform certificate revocation checks.

Feel free to msg me directly if you don't want to share your configs here.

DavidPK · ‎11-21-2025

Hi,

This is not a Lansweeper‑specific limitation but rather a Windows permission and environment behavior related to how the SYSTEM account and certificate store access work during Lansweeper software deployments.

When Lansweeper runs a deployment, it executes the installer or script under the local SYSTEM account on the target machine. The SYSTEM account indeed has elevated privileges, but under certain conditions—especially when no user session is active—some operations requiring user‑profile context or interactive Windows session components can fail.

When running commands via the Lansweeper deployment module, keep in mind that what you're effectively doing is sending CMD commands down to the targeted computers, to be run in the user context of the Run Mode user. Most feedback received, that isn't related to Deployment connectivity, is returned directly as a result of running the command on the computer in question.

With this in mind, ordinarily, you should be able to troubleshoot most deployment packages by running the command in your package in a CMD that's running with the same user as your selected Run Mode. The output, if run in the exact same user context on the exact same machine, should match the one received in the Deployment\Installer Logs page.

Crowdstrike Agent Deployment Only Succeeds When Logged Into Target

Deployment Packages

New to Lansweeper?

Try Lansweeper For Free