Your browser does not allow storing cookies. We recommend enabling them.


Installing Manually on Windows

On Windows, the initial installation of Management Agents can be done either manually or by using a third-party software deployment system. Initial installation via the Management Server is not supported.

The Management Agent uses and requires the MSI installation package 2.0 format used by the Windows Installer Service. (This service is included by default in Windows XP and later, so there is no need to install it separately on these systems.)

For information on the supported platforms, see Table 5.1.

On Windows Vista, .NET Framework 3.5 Service Pack 1 is reguired.

To install the Management Agent manually on Windows, follow these instructions:

  1. Double-click the ssh-mgmt-agent-<v>-windows-x86.msi file (where <v> is the version number).

  2. Follow these steps in the installation wizard:

    1. At the introduction screen, click Next.

    2. Click the radio button to accept the license and then click Next.

    3. Select a location where you what to install the agent and click Next.

    4. Click Install.

    The wizard will install the Management Agent to the selected directory.

  3. Download a valid ICB from the Management Server administration interface (see Downloading ICBs), and copy it to the Management Agent installation directory:

    C:\Program Files\SSH Communications Security\Tectia Manager\icb.dat

In case of problems, see Problems with Management Agents.

Alternatively, you can perform the installation with the command-line options detailed in the next section.

Command-Line Options

This section lists the command-line options for installing Management Agent to multiple host using silent installation.

MSI packages are generally installed from the command line with the following command:

msiexec.exe /i <path_to_msi_file> [options]

A typical script for a silent installation might look like this:

msiexec.exe /i "ssh-mgmt-agent-" /L* "C:\temp\setup.log" 
/qn INSTALLDIR="C:\Program Files\SSH Communications Security\Tectia Manager" 
ICBDIR="H:\Management Settings" 

In this example script:

  • /i <path_to_msi_file> specifies to msiexec.exe the MSI file to use.

  • /L* <path_to_log_file> indicates that a log of the installation is written.

  • /qn specifies that the installation should be silent.

  • ICBDIR="<path_to_icb_location>" specifies the directory name where the ICB file can be found.

  • INSTALLDIR="<path_to_installation_location>" specifies the directory name where the agent is installed. If this option is omitted, the default location "C:\Program Files\SSH Communications Security\Tectia Manager" is used.

Installer Details

When deploying the Management Agent on Windows using the command-line scripts, you should know a little about how the installer works. The following is a step-by-step description of the actions the installer typically runs in silent mode or after the Install button has been clicked in the installation wizard mode.

Pre-Installation Phase

1. The installer shuts down the Management Agent service ssh-mgmt-sysmonitor.exe.

2. The installer uninstalls any existing Management Agents. The installer removes all binaries, agent-secsh.dat and all registry entries associated with the application.

Installation Phase

3. The installer installs the following components to the path specified in the INSTALLDIR option:

  • the Management Agent binary: ssh-mgmt-sysmonitor.exe

  • the registry entries associated with the product

4. The installer attempts to install the ICB file based on the ICBDIR variable:

  1. If a file named icb.dat is located in the directory specified by the ICBDIR variable passed to the installer, it will be copied to the installation directory.

  2. If no ICBDIR is specified, the installer checks the root of the C:\ drive for the file.

  3. If no icb.dat file exists, nothing happens here.

5. The installer starts the Management Agent service ssh-mgmt-sysmonitor.exe.

The process is started for each user as they log on to Windows. To restart the system monitoring right away after installation, log off and then log back on.

See also Management Agent on Windows.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more