Technical Support

Need help?


How to deploy agents over a network using the Systems Management Agent Active Directory deployment method

Information applies to:

Systems Management


Systems Management agents can be deployed in a number of ways, depending on how your devices are attached, or located. These deployment methods can include using an existing software deployment mechanism, manual installs (either by technicians or end-users), or using the LAN Deploy tool built into the agent itself.

However, if you are planning on deploying agents across a Windows Active Directory domain, you can use the startup script functionality built into Windows Group Policy to do that deployment for you. This will ensure that the deployment is touching every device that applies the GPO, with minimal levels of manual intervention.


In order to use Active Directory to deploy the agent across the domain, you must first manually install the agent on at least 1 of your Domain Controllers.

You will also need the necessary permissions to be able to create and apply startup scripts within your domain.
This document assumes that you are comfortable with Group Policy management, and the concepts around it.


Creating the deployment component

  1. Download an agent from a Managed profile and rename the installer to AgentSetup.exe.
  2. Download the Deploy PCSM installation files to server for AD deployment component.
  3. Add the Component to your component Library using the Import Component button.
  4. Once imported, attach the newly renamed AgentSetup.exe to the component by clicking Add File.
  5. Click the STAR icon to make this a Quick Job.
  6. Click Save to save the component.

Once that's done, the component should look something like this:

Running the deployment component on your Domain Controller

  • Select the Domain Controller in the Web Portal and click Run Quick Job.
  • Select Deploy PCSM installation files to server for AD deployment.
  • Leave all the other options at their default settings and click OK to run the job.

Add the Startup script to Group Policy

Confirm in the Panda Systems Management console that the quick job has completed successfully. You should see that the stdout looks something like this:

To create the required startup script, you'll need to be logged onto the server itself - you can do that either through an AEM RDP session, or directly at the console, whichever method suits you.

  1. Open the GPO you want to add the script to in the Group Policy Management Console (gpmc.msc).

    Which GPO you choose will depend largely on the planned scope of the agent deployment you want to carry out - for example, if it should be across the entire domain, you may want to use the Default Domain Policy.

    If, on the other hand, you want to target a specific set of devices, you should use either a policy which only applies to that OU, or which has been filtered using security filtering to only apply to your subset of devices.

    (Note that as this is a startup script, it should target machines, not users, and should be set on a policy which does not have the machine part of policy disabled).
  2. In the console tree, click Scripts (Startup/Shutdown).
  3. At the details pane, double-click Startup to open the startup script properties. If any startup scripts are already defined within this policy, they will be shown here.
  4. In the startup properties dialogue box, click Add.
  5. Add the Agent_Deploy.bat file contained in //NETLOGON/PCSM as your startup script.

The group policy is now set and agents will be rolled out to the targeted devices at their next start-up.

Note: It is advisable to periodically update the component Deploy PCSM installation files to server for AD deployment with the latest version of the Panda Systems Management agent.

Help nº- 20160919 300125 EN

Have you resolved your query with this article?

yes no

Thanks for your answer

Why didn't you find it helpful?

The instructions are too complex.
The instructions are too long.
The instructions don't work.
I'd rather have a video.
Other reasons.

Talk to a technician!


Business hours: Mondays-Fridays 9:00 to 18:00 CET

Outside business hours, please use the online form.

Do you need one of our technicians to connect to
your PC or device remotely to fix a problem?

Discover our Premium Services