Skip to main content

Adding Agentless Windows Hosts

This section provides instructions for adding agentless Windows hosts via the GUI, or the command-line client. Agentless Windows deployment only allows monitored hosts. If you want to manage the hosts, use Agent-Based deployment as described in Adding Agent-Based Hosts.

note

Make sure that the Windows hosts have WinRM enabled.

To add agentless Windows hosts via the GUI:

  1. On the Hosts page, click Add Hosts. Under the Select agent type section, ensure Agentless Windows is selected.

  2. Provide the information for connecting to the host(s). At minimum, this includes:

    • Target-host addresses (either IP or FQDN).
    • Management-account credentials

    To add One host or hosts from a Range of IP addresses, provide target-host information directly in the GUI. When adding Multiple hosts, you may provide target-host information directly in the GUI, or from a .csv file. The format of the host-information .csv is described later in this section.

Hosts can also be added using the command-line client, in one of the following ways:

  • One host: Add one host to the managed environment using host information provided in the command arguments.

  • Multiple hosts: Add one or more hosts using host information from a file.

For example, to add a single host:

$ ssh-mgr-client add-hosts -d \
 hostname=hostname,username=username,password=password,winrm=true

Note that for Windows hosts, you need to add the winrm=true option.

As another example, to add multiple hosts, specify host information in a file. Declare the names of the data fields on the first row, then declare the hosts on subsequent rows:

hostname,username,password,winrm
sap1.example.com,username,password,true
sap2.example.com,username,password,true
dbeast.example.com,username,password,true
192.0.2.100,username,password,true
logistics.example.com,username,password,true
192.0.2.124,username,password,true

Then specify the file as input for the add-hosts command:

$ ssh-mgr-client add-hosts -f /path/to/host_information.csv
tip

A comprehensive list of supported fields is available in the add-hosts help:

$ ssh-mgr-client add-hosts help

In some situations, Key Manager may fail to deploy a host to the monitored state. In such situations, the host is left in the available state. You can display all such instances with a command like the following:

$ ssh-mgr-client list-hosts -F "state=available" -H

You can then attempt to redeploy the hosts with:

$ ssh-mgr-client deploy-hosts -F "state=available"

For detailed documentation about the relevant command-line client commands, see the following sections:

When Key Manager first connects to Windows target over WinRM, the scan script will be copied to the target machine. You may significantly speed up the host deployment by copying the script file to the target host manually before deploying to Key Manager. The scan script is found in the following location on Key Manager server:

/opt/sshmgr/hostscript/ssh-mgr-host-utility.exe

Copy the scan script file to the target Windows host, to the location specified in the Host script path on Windows OS setting. The default location is the management user's AppData folder.

note

Debug mode produces detailed information about operations executed on target Windows. These logs are then available on host-executors log output as well as the job log in the Key Manager UI.

The execution script might be flagged as suspicious by Windows Defender. You may want to set the ssh-mgr-utility.exe file as trusted.

If you encounter issues with agentless Windows scan, you can try running the scanning script manually. Run the following on the target host command line:

# ssh-mgr-host-utility.exe --ignoreprivilegecheck scan-local > result.json