Some partners are seeing a behavior where installing the Liongard Agent on one machine causes another agent (on a different machine) to disappear or become “Unmanaged” in the Liongard platform.
This occurs when multiple Windows machines were deployed from the same golden image or cloned system that was created without using Microsoft Sysprep. As a result, all these machines share the same Machine GUID, which the Liongard Agent uses as a unique identifier during installation.
🛠Prevent Liongard Agent Overwrites When Using Golden Images (Sysprep + DEVICEGUID Deployment Option)
1. Purpose / Problem Statement
Some partners are seeing a behavior where installing the Liongard Agent on one machine causes another agent (on a different machine) to disappear or become “Unmanaged” in the Liongard platform.
This occurs when multiple Windows machines were deployed from the same golden image or cloned system that was created without using Microsoft Sysprep. As a result, all these machines share the same Machine GUID, which the Liongard Agent uses as a unique identifier during installation.
2. Why This Happens (Root Cause)
Windows assigns each system a Machine GUID stored in the registry at:
HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuidThis value is meant to be unique per machine.
If an image is created without using Sysprep /generalize, that GUID is copied to all machines built from that image.
When the Liongard Agent is installed, it reads the Machine GUID and registers the device using that value.
If multiple machines share the same GUID → Liongard treats them as one device → resulting in:
✅ Agents overwriting each other
✅ Previously-installed agents being moved to Unmanaged
✅ Incorrect hostnames or agent names in the platform
3. What is Microsoft Sysprep, and Why It Matters
Microsoft requires that Windows images be “generalized” before being deployed to multiple devices.
From Microsoft’s documentation:
“Sysprep removes system-specific information (such as the computer SID) from a Windows installation so it can be safely reused on different hardware.”
(Source: Microsoft Learn — Sysprep (Generalize) a Windows installation)
In practice:
Running sysprep /generalize /oobe /shutdown before capturing your image ensures every deployed machine generates a unique Machine GUID, preventing Liongard Agent collisions.
4. Partner Impact Summary
Symptom | What You See in Liongard |
Agent shows as replaced or missing | Previous agent is moved to Unmanaged |
Hostname mismatches | Device name on agent record doesn't match actual machine |
Multiple devices merge into one record | All devices share identical Machine GUID |
Inspectors flip to Unmanaged repeatedly | Each new install overwrites the previous one |
5. Recommended Resolution Paths
✅ A) Best Practice (Permanent Fix) – Use Sysprep When Imaging
Before capturing your golden image:
%WINDIR%\System32\Sysprep\Sysprep.exe → Select "Enter System Out-of-Box Experience (OOBE)" → Check "Generalize" → Shutdown
Then capture and deploy the image normally.
This ensures each machine receives a new Machine GUID at first boot.
✅ B) Optional Workaround – Use DEVICEGUID During Agent Installation
For environments already affected or unable to reimage devices:
Liongard Agent version 5.1.0 and later supports a new installer flag:
DEVICEGUID="<unique-per-machine-value>"
Example (silent install):
msiexec /i LiongardAgent.msi /qn ^ INSTANCEURL="https://yourprefix.app.liongard.com" ^ AGENTKEY="xxxxx" AGENTSECRET="xxxxx" ^ ENVIRONMENT="Customer Name" ^ DEVICEGUID="ABC123-Unique-Per-Device"
You may use:
BIOS Serial Number
Asset Tag / Service Tag
Pre-generated GUID per device
RMM system variables
⚠ Do NOT directly edit the MachineGuid in Windows Registry.
This can break licensing, Azure AD / Intune trust, endpoint security, and violates Microsoft guidance.
6. How to Check if a Machine Is Affected
On any Windows machine, run:
Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Cryptography' -Name MachineGuid
If the same value appears on multiple systems → Sysprep was not run.
You may also use RMM platform inventory scripts to detect duplicate GUIDs across endpoints.
7. Frequently Asked Questions
Question | Answer |
Do all partners need to use | No — only partners who use cloned images without running Sysprep. |
Can we modify or delete the MachineGuid manually? | No — Microsoft warns this can break Windows activation, AAD registration, and security systems. |
Is Sysprep required by Microsoft? | Yes — Microsoft requires |
Will Liongard auto-fix this in the future? | Dev is exploring a composite ID (Machine GUID + BIOS Serial + MAC). For now, Sysprep or |
8. Additional Resources
Microsoft Sysprep Official Guide:
https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installationAgent v5.1.0 Release Notes (pending)