Goverlan
GUIDE MENU

UNDERSTANDING GOVERLAN AGENTS

What are the Goverlan Agents?


Goverlan needs a agent running on all client machines in order for most features to work properly. Once installed, the Goverlan Agents stay resident on each client machine s that it can compile events information. For more information on how to install the Goverlan Agent, see Installing Goverlan Agents.

Note: Goverlan Agents have been specifically designed to have a very low foot print on memory and CPU consumption.

  • The Goverlan Agents are composed of the Goverlan Service, the Goverlan Remote Control Server and other support files. Only the Goverlan Service (GovSRV8.exe) process is permanently active. The Goverlan Remote Control Server is only active during a live remote control session.
  • The total disk size of all Goverlan Agents is approximately 4.8MB. The average memory consumption of the Goverlan Service is ~2MB.
  • The Goverlan Services spends 99% of its time dormant. It listens for Goverlan requests and only becomes active when a management request is placed. It also wakes up every 30 seconds to monitor local events and execute a self-cleaning procedure.
  • Since the original release of the Goverlan Agents in 1999, we have never received a complaint or report that the Goverlan Agents have degraded the performance of its hosts or become unstable.


What the Goverlan Agents are NOT.

  • The Goverlan Agents do not have any anti-virus or anti-spamware features. Consequently, it doesn't interfere with process spawning and disk activity.
  • The Goverlan Agents do not transfer any information to the internet.
  • The Goverlan Agents do not open any backdoors which could be used to bypass native Windows security. Every communication made to and from the Goverlan Agents are compressed, encrypted and authenticated to prevent attempts to breach the machine's integrity.
  • Goverlan agents have never been in the CVE or NIST database for security exploits.

Automatic Installation of Goverlan Agents


No pre-installation of Goverlan Agents is required. Goverlan can automatically install/update the required agents. By default, executing an action on a remote machine will verify if the Goverlan Agents exist on that machine. If no Goverlan Agents are found, you will be prompted to authorize their installation. If a different version of Goverlan Agents is found, they are automatically updated.

Note: The system drive root share (i.e.: C$) and the ADMIN$ shares must be enabled and accessible on a remote machine for Goverlan to remotely install the client agents.

Consequently, the File and Printer Sharing network service must also be enabled on the remote system. If the system root drive share (C$) and the ADMIN$ share are not accessible, you will need to manually install the Goverlan Agents on your machines using Goverlan_Client_Agents_v8.exe.

Goverlan Agent Options window

You can modify the auto-installation settings for Goverlan in the Goverlan Agents category of the Options window:

Agent Options

Administration & Diagnostic mode:

  • Check Prompt me before Installing remote agents if you want to authorize the installation of Goverlan Agents. Uncheck this option if you want Goverlan to automatically install Goverlan Agents when necessary.
  • Check Prompt me before Updating remote agents if you want to authorize the update of Goverlan Agents. Uncheck this option if you want Goverlan to automatically update Goverlan Agents when necessary.

Scope Actions mode:

During a Scope Action execution, Goverlan cannot prompt you for the installation or the update of Goverlan Agents. The behavior adopted during a scope action execution depends on these settings.

  • When Automatically Install/Update remote agents is checked, Goverlan automatically installs or updates agents on a computer node during the execution of a scope action.
  • When Automatically Install/Update remote agents is unchecked, Goverlan fails all computer nodes which require the installation or update of agents during the execution of a scope action.

Checking the Goverlan Agents Status on a Remote Machine

To view the Goverlan Agents status on a target machine, open its System Information window. The Goverlan Agents status, version number and available actions are displayed on the top right corner of this window.

System Information Agent Status

You can also use a Scope Action to generate a report of the Goverlan Agents status for a group of machines. 

Note: The Goverlan Agents have their own version number which is different from the Goverlan Management Console version number.

Manual Installation/Removal of Goverlan Agents

The installation, update or removal of Goverlan Agents on a remote machine can also be forced manually. See Installing Goverlan Agents for more information. You can do it via any of the following methods:

Using the Administration & Diagnostic Module

Select the machine’s icon from the Users view or the Machines view, right click on the mouse and select Install Goverlan Agents or Remove Goverlan Agents accordingly.

Using the Favorites menu in Goverlan Remote Control

Add the machine to your favorites view in Goverlan Remote Control. Right click the machine and select Install Goverlan Agents or Remove Goverlan Agents accordingly.

Using Goverlan Agent Installation Manager

Click on the Help menu located in the top-right corner of the main application, and select Add/Remove Client Agents. Add one or more machine objects to the list and click on Install Agents or Remove Agents. 

Using a Scope Action

To do a mass install, update or removal of Goverlan agents on your network, use a Scope Action. Create a new Scope Action, define its name and scope, create an Action Module and under Actions select: Add / Remove > Execute Computer Action > Goverlan Agents > Install / Update Agents (or Uninstall Agents).

Exclude Computers from receiving the Goverlan agent

To Exclude Specific Machines from the Installation or Update of the Goverlan Agents
You can prevent Goverlan from installing or updating agents on specific machines. This feature can be used if you do not want the Goverlan Service and other agents to run on business critical servers or other types of machines, or, if you want to "freeze" a particular version of the Goverlan Agents.

To prevent the installation or the update of Goverlan Agents on a machine, add the following registry entry:

HKEY_LOCAL_MACHINESOFTWAREPoliciesPJ TechnologiesGoverlan Universal SettingsGAGTGA_ProtectionType :: REG_DWORD = {0 | 1 | 2} and set its value as follows:

0 => If the GA_ProtectionType value doesn't exist or is set to 0, the normal agents update behavior is executed

1 => Prevents the installation of Goverlan Agents on the local machine

2 => Prevents the update of Goverlan Agents on the local machine

Tip: This setting may be distributed using Active Directory Group Policy (see Goverlan Administrative GPO Template.)


Troubleshooting the Remote Installation of the Goverlan Agents


If you are attempting to remotely install the Goverlan Agents and the process is failing, use the following guidelines to assist in resolving the issue.

Dependencies

The following dependencies apply for the remote installation of the Goverlan Agents. Once the agents are installed, these dependencies no longer apply:

  • The File & Printing Sharing Network Service must be enabled.(Port 445)
  • The C$ and ADMIN$ shares must exist.
  • The Windows Firewall must allow RPC traffic.
  • You need to have local administrative privileges on the client machine.

Network Accessibility

First, the remote machine must be accessible. For this, we need the following:

Open a command prompt and ping the remote machine by its Short name (ie: ping SOME_MAC01 ). An IP address should be returned. If an IP Address is not returned, either the name resolution didn't work or the machine is not reachable.

File System Accessibility

Goverlan needs to transfer the agent files over to the client machine. In order to do that, it uses the C$ and ADMIN$ shares. Make sure that these shares are accessible:

Select Start > Run from Windows, type SOME_MAC01C$ and press enter. This instructs Windows to open the C$ share of the client machine. Please verify that this operation has been done successfully.

Registry Accessibility

Goverlan needs to access a registry key on the client machine in order to query some file system information. Please verify that the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion key of the client machine is accessible from your machine:

  • Open the registry editor (regedt32.exe).
  • Select File > Connect Network Registry... and enter the client machine's name.
  • Navigate to the key that Goverlan needs to read to make sure it is accessible.


For more instructions, please refer to our Knowledgebase.
 


REFERENCES