Skip to main content

Windows Agent | Prevent Liongard Agent Overwrites When Using Golden Images (Sysprep + DEVICEGUID Deployment Option)

Updated over 3 weeks ago

Overview 💥

Some partners observe that installing the Liongard Agent on one Windows machine causes another Agent—installed on a different machine—to disappear, become Unmanaged, or have its inspectors reassigned.

This behavior is not a Liongard platform defect, but rather the result of duplicate machine identity values introduced during Windows imaging or cloning workflows.

This article explains:

  • Why Agent overwrites occur

  • How Liongard identifies Windows devices

  • The recommended remediation path (Agent Install Script)

  • Long-term prevention using Sysprep or the DEVICEGUID installer option

Reference : Microsoft Sysprep Official Guide

Why This Happens 🤔

Windows assigns each system a unique Machine GUID, stored at:

HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid

This value is intended to be unique per Windows installation.

‼️ The Problem

If a Windows image is captured without running Sysprep /generalize, that Machine GUID is duplicated across all machines deployed from the image.

When the Liongard Agent installs:

  • It reads the Machine GUID

  • Registers the Agent using that value as part of its identity

  • Multiple machines with the same GUID appear as one device to Liongard

🫧 Resulting Behavior

  • Agents overwrite each other

  • Previously installed agents move to Unmanaged

  • Hostnames mismatch

  • Inspectors repeatedly reassign or fail

Partner Impact Summary 🚀

Symptom

What You See in Liongard

Agent disappears after another install

Older agent becomes Unmanaged

Hostname mismatch

Agent name doesn’t match actual machine

Inspectors flip environments

Identity collision during registration

One agent replaces another

Shared Machine GUID

Recommended Resolution Paths 🧑‍🏫

Step 1 (Primary & Recommended): Use the Liongard Agent Install Script

The Agent Install Script is the safest and fastest remediation for environments already affected or where imaging cannot be immediately changed.

🔗 KB: Liongard Agent Install Script

Why This Is Recommended First

The script:

  • Detects Machine GUID / DeviceGUID collisions

  • Prevents silent agent overwrites

  • Generates a new DEVICEGUID only when a collision is confirmed

  • Optionally:

    • Uninstalls the existing agent

    • Removes leftover services, folders, and registry keys

    • Deletes backend records when a confidence threshold is met

  • Produces full transcript and MSI logs

Logs Generated

  • Script Transcript & Diagnostics
    C:\Liongard\LGAgentScript_<timestamp>.log

  • MSI Installer Log
    C:\Liongard\AgentInstall.log

If you are already experiencing agent overwrites, use this script first.

Step 2 (Best Practice / Long-Term Fix): Use Sysprep When Creating Images

For future deployments, Microsoft requires that Windows images be generalized before reuse.

Proper Image Preparation

Before capturing a golden image:

%WINDIR%\System32\Sysprep\Sysprep.exe    → Select "Enter System Out-of-Box Experience (OOBE)"    → Check "Generalize"    → Shutdown

Select:

  • Enter System Out-of-Box Experience (OOBE)

  • Generalize

  • Shutdown

This ensures:

  • A new Machine GUID is generated on first boot

  • Liongard Agents register as unique devices

  • No identity collisions occur

📘 Microsoft documentation confirms this requirement.

Step 3 (Alternative for Existing Environments): Use DEVICEGUID During Installation

For environments where:

  • Reimaging is not possible

  • Machines already exist with duplicate GUIDs

Liongard Agent v5.1.0 and later supports a DEVICEGUID installer parameter.

Example Silent Install

msiexec /i LiongardAgent.msi /qn ^   INSTANCEURL="https://yourprefix.app.liongard.com" ^   AGENTKEY="xxxxx" AGENTSECRET="xxxxx" ^   ENVIRONMENT="Customer Name" ^   DEVICEGUID="ABC123-Unique-Per-Device"

Acceptable DEVICEGUID Sources

  • BIOS Serial Number

  • Asset / Service Tag

  • RMM-provided unique variable

  • Pre-generated GUID

‼️ Do NOT manually edit the Windows MachineGuid registry value.
Microsoft explicitly warns this may break:

  • Windows activation

  • Azure AD / Entra ID trust

  • Intune enrollment

  • Endpoint security tools

How to Check If a Machine Is Affected 👨‍💻

Run on multiple machines:

Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Cryptography' -Name MachineGuid

If the same value appears on more than one system, the image was not generalized.

RMM platforms can be used to inventory and detect duplicates at scale.

Frequently Asked Questions 🙋‍♂️

1. Do all partners need DEVICEGUID?

No. Only environments using cloned images without Sysprep.

2. Can we delete or modify MachineGuid manually?

No. This violates Microsoft guidance and can break OS trust and licensing.

3. Does auto-update fix this issue?

No. Auto-update does not change agent identity.

4. Will Liongard automatically prevent this in the future?

Engineering is exploring composite identity options, but today Sysprep or DEVICEGUID is required.

When to Contact Support 🦁

Contact Liongard Support if:

  • Agents continue overwriting after running the install script

  • Inspectors are misassigned across environments

  • The install script reports collision errors

  • You need help validating imaging workflows

Include With Your Support Ticket

  • Description of deployment method (golden image, RMM, Sysprep status)

  • Screenshot of affected agent records

  • Environment name(s)

  • Script logs:

    • LGAgentScript_<timestamp>.log

    • AgentInstall.log

  • Any relevant error messages

Providing this information upfront significantly reduces resolution time.

Summary 🤩

  • Agent overwrites occur due to duplicate Windows Machine GUIDs

  • First remediation: Use the Liongard Agent Install Script

  • Best practice: Always Sysprep /generalize images

  • Alternative: Use DEVICEGUID during installation

  • Never manually edit Windows MachineGuid

Did this answer your question?