1.1 Install Agent for Windows

RoboShadow Agent Deployment Guide for IT Managers

Introduction

This guide provides IT Managers with detailed steps and considerations for deploying the RoboShadow Agent on Windows machines. It is designed to ensure a smooth and successful rollout by addressing critical elements such as the OrganisationID, deployment strategies, and best practices for various scenarios.

Key Considerations

OrganisationID

• Importance: The OrganisationID is crucial for the agent to report data correctly to the RoboShadow portal. Without it, no data will be displayed.

• Planning: Plan the organisational structure before deployment. Changing organisations post-deployment is complex due to the DeviceId and public key being tied to the initial OrganisationID.

Uninstalling and reinstalling the agent

• When the RoboShadow Agent is uninstalled, certain registry files are kept to assist with Agent upgrades and re-installing the Agent to a previously installed organisation.

• Use case: Organisation A tests the RoboShadow Agent. After Testing, the Agent is uninstalled. At a later date Organisation A wants to go ahead with the rollout. The Agent is re-installed and needs to report into the same organisation.

Migrating the RoboShadow agent to another organisation

• As the registry and public key are tied to an organisation, when migrating the RoboShadow Agent to a different organisation, a clean install is required and the device will need deleting from the previous organisation in the portal.

1. In the Windows “Apps and Features”, uninstall the RoboShadow Agent and the RoboShadow Update Service.

2. Delete the following folder “C:\ProgramData\RoboShadow”.

3. In the registry, delete the following entry “Computer\HKEY_LOCAL_MACHINE\SOFTWARE\RoboShadowLtd”.

4. If the device is seen in the RoboShadow Portal, navigate to

5. https://portal.roboshadow.com/devices and remove the device using the “Trash can” icon.
     a.  If the device appears on the Cyber Heal page https://portal.roboshadow.com/cyber-heal, remove the device using the “Trash can” icon.

6. Re-install the RoboShadow Agent.

Troubleshooting issues with the RoboShadow Agent not reporting into the portal:

1. Confirm the Windows service RoboShadowAgent is running on this device.

2. Take a screen shot of the registry parameters and values at these locations:  a. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\RoboShadowLtd\Rubicon\Agent
     b. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\RoboShadowLtd\Rubicon\Control
     c. Copy and share the entire DeviceId seen in the registry.

3. Check the Windows Event Viewer logs for any errors for the RoboShadow Agent:

  a. Event Viewer > Windows Logs > Application > Actions panel on right-hand side “Filter Current Log …” > Event Sources “RoboShadow Agent” > Click OK.    
  b. Save the event logs and send along with the above information to hello@roboshadow.com.

Deployment Methods

Intune Deployment

o   Navigate to https://portal.roboshadow.com/devices and select the organisation you wish to deploy the RoboShadow Agent via InTune, using the organisation drop down menu.

o   Click the “Deploy RoboShadow With InTune”

o   Follow the on-screen setup guide.

 Super Ops Deployment

• To deploy the agent via RMM with an ORGID variable use the following PowerShell script:

# Set a flag to indicate if OrgID is set
$haveSetOrgId = $True

# Attempt to retrieve the version from the registry
$version = (Get-ItemProperty -Path "HKLM:\SOFTWARE\RoboShadowLtd\Rubicon\Agent" -Name "Version" -ErrorAction SilentlyContinue).Version

# Check if OrgID is set and if the version is not found or less than 4
if ($haveSetOrgId -and (-not $version -or [int]($version -split '\.')[0] -lt 4)) {
    # Define the arguments for msiexec
    $arguments = @(
        "/i", "https://cdn.roboshadow.com/GetAgent/RoboShadowAgent-x64.msi",
        "/qb", "/norestart", "ORGANISATION_ID=$OrgID"
    )

    # Start the process to install the RoboShadow agent
    Start-Process -FilePath "C:\Windows\System32\msiexec.exe" -ArgumentList $arguments -Wait
}

When you run the script it will ask for the ORGID to be entered

MSI-Based Installation

1. Preparation:

   • Ensure you have the correct OrganisationID.

   • Plan your organisational structure in advance.

2. PowerShell Installation:

   • Download the installation PowerShell script:

   • https://raw.githubusercontent.com/roboshadow/RolloutScripts/master/DeployAgent/deploy.ps1

   • Replace YOUR_ORGANISATION_ID with the organisationID from the correct organisation in the Portal. Note changing this after install is not trivial.

   • Organisation ID can be found here: https://portal.roboshadow.com/account/organisations

   • Set $haveSetOrgId to $True

   • Save and run the PowerShell Script

Golden Image Deployment

1. Recommendation:

   • Do not install the RoboShadow Agent on the golden image. Deploy the agent post-cloning to avoid issues with OrganisationID, DeviceId, and Public Key.

2. If Installing on Golden Image:

   • Follow these steps to clean the image before running sysprep:

     • Ensure Updater is Installed: Verify that the updater component of RoboShadow is installed.

     • Delete OrganisationID Registry Key:

       • HKEY_LOCAL_MACHINE\Software\RoboShadowLtd\Rubicon\Agent\OrganisationId

       • HKEY_LOCAL_MACHINE\Software\RoboShadowLtd\Rubicon\Control\OrganisationId

     • Delete DeviceId Registry Key:

       • HKEY_LOCAL_MACHINE\Software\RoboShadowLtd\Control\DeviceId

     • Delete Public Key:

       • C:\ProgramData\RoboShadow\Rubicon\Control\Data\PublicKey

Summary

By following these guidelines, IT Managers can ensure a successful deployment of the RoboShadow Agent across their Windows environments. Proper planning and adherence to the recommended practices will mitigate common issues and enhance the effectiveness of the rollout.