cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mttmortensen
Engaged Sweeper II

 

Hi everyone,

I'm facing an issue when deploying a package through Lansweeper. The deployment log shows a "Result: Deployment ended: The operation completed successfully.. Stop(Success). Credential: (4life\svclansweeper). ShareCredential: (lansweeper)," but nothing actually happens on the end user machine.

After some investigation, I suspect our EDR solution, Xcitium, might be isolating the deployment package in a contained environment, preventing it from executing on the actual end user system.

Before I dive deeper into troubleshooting, I wanted to check if anyone here knows:

  1. Are there specific processes that Lansweeper tries to launch via CMD during deployment?
  2. Does Lansweeper rely on any particular files that must be present on the end user's system or accessible during package deployment?

I’m considering the possibility that Xcitium is blocking these processes or files, and I might need to whitelist something to ensure the deployment can proceed as intended.

Any insights or suggestions would be greatly appreciated!

Thanks in advance!

1 ACCEPTED SOLUTION
DavidPK
Lansweeper Tech Support
Lansweeper Tech Support

Hi 

 

When running commands via the Lansweeper deployment module, keep in mind that what you're effectively doing is sending CMD commands down to the targeted computers, to be run in the user context of the Run Mode user.

 

Just to provide a bit more context on what deployments specifically do and which credentials are used, you can find an overview below of the actions that are performed by the Lansweeper deployment module when deploying to a computer.

 

  • Writes the deployment executable to the target computer using your scanning credentials (why c$ access is required)
  • Writes the contents of the deployment, the steps required, and commands used to the registry, using your scanning credentials.
  • Creates a scheduled task that calls the deployment executable with a parameter referring to the registry entry that was created, using your scanning credential. The Run Mode credential is added as the account that should run the scheduled task. (Your scanning credentials must be able to create a scheduled task remotely from your scanning server)
  • The scheduled task is run, which executes the commands contained within your deployment package. If you specify a network share that is not your package share, this share is accessed using your Run Mode credentials.

It is possible that your EDR is preventing one of the above steps however, we suspect you would have seen an error output or some feedback that steps were missing. 

View solution in original post

1 REPLY 1
DavidPK
Lansweeper Tech Support
Lansweeper Tech Support

Hi 

 

When running commands via the Lansweeper deployment module, keep in mind that what you're effectively doing is sending CMD commands down to the targeted computers, to be run in the user context of the Run Mode user.

 

Just to provide a bit more context on what deployments specifically do and which credentials are used, you can find an overview below of the actions that are performed by the Lansweeper deployment module when deploying to a computer.

 

  • Writes the deployment executable to the target computer using your scanning credentials (why c$ access is required)
  • Writes the contents of the deployment, the steps required, and commands used to the registry, using your scanning credentials.
  • Creates a scheduled task that calls the deployment executable with a parameter referring to the registry entry that was created, using your scanning credential. The Run Mode credential is added as the account that should run the scheduled task. (Your scanning credentials must be able to create a scheduled task remotely from your scanning server)
  • The scheduled task is run, which executes the commands contained within your deployment package. If you specify a network share that is not your package share, this share is accessed using your Run Mode credentials.

It is possible that your EDR is preventing one of the above steps however, we suspect you would have seen an error output or some feedback that steps were missing. 

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now