When you use the Deployment feature in the Windows console for Secure Configuration Manager to push the agent installation or updates to remote computers, ensure that your environment meets the following requirements:
Your console account must have the following permissions:
Access IT Assets
Remote Deploy and Install
Remote Uninstall
Run Security Checks
For more information about managing console permissions, see the User’s Guide for Secure Configuration Manager.
The computer from which you deploy agents, such as the Deployment Agent computer, must be running the following Windows services:
DHCP client (if the computer uses DHCP)
Server service
Workstation service
The target computers to which you are deploying the agent software must be running the Remote Registry service.
The Deployment Agent and target computers must support communication through network and personal computer firewalls. For more information about required firewall settings, see Understanding Firewall Requirements.
Port 700 must be open for outbound communication on the deploying computer, such as the Deployment Agent computer, and for inbound communication on the target computer. For more information about default ports, see Understanding Port Requirements. For more information about the Deployment Agent, see Understanding the Deployment Agent.
If the target computers reside in a domain outside the Core Services computer or in a secure network, such as a demilitarized zone, you must locally install at least one Windows agent in that domain or network. Once registered with Core Services, the locally installed agent becomes the Deployment Agent for that network or domain. For more information about the Deployment Agent, see Understanding the Deployment Agent.