Overview π₯
Liongard has enhanced the Windows Server Inspector to make local agent deployment simpler, faster, and more secure.
Feature | Benefit |
Simplified Deployment | Inspector now works directly with a local Liongard Agent, eliminating the need for WinRM or additional credentials. |
Enhanced Security | No domain credentials required; the agent runs as SYSTEM, minimizing risks associated with elevated user accounts. |
Expanded Data Capture | Collects more system data, including firewall rules, certificates, scheduled tasks, and print drivers. |
Auto-Reassignment | When a Liongard Agent is installed directly on a Windows Server that already has an active remote Windows Server Inspector (matching FQDN) in the same Environment, the platform will automatically reassign that Inspector from the remote agent to the new local agent. |
β οΈ Important: Auto-Reassignment requires:
The new agent installed on the same server as the existing remote inspector (FQDN match).
The agent assigned to the same Environment as that inspector.
Steps to Resolve π§βπ«
Step 1: Identify Remote Windows Server Inspections
Navigate to Admin > Inspectors in Liongard.
Locate Windows Server under the Inspector Type column and click the icon.
On the Windows Server Inspector page, review the Remote Inspection column:
"Yes"indicates the inspector is configured as a remote inspection (FQDN set in the inspector configuration).In most cases, this means the server is inspected via a remote agent rather than a local agent installed on that server.
Export the table using the Export feature (top-right) to create your target list for local agent deployment.
π Pro Tip: The Remote Inspection column may still show "Yes" after Auto-Reassignment or if the inspector name is an FQDN. Confirm by checking:
The Agent assigned to the inspector
Whether a Liongard Agent is installed on that server
Step 2: Deploy Liongard Agents to Target Servers
Using the exported list, install the Liongard Agent on each target Windows Server.
Do not provide a user account; the agent will run as SYSTEM.
During installation, assign the agent to the correct Environment to enable Auto-Reassignment:
Navigate to Admin > Agents
Use the Assign Environment action if not done during installation
Optional Deployment Tips:
Tip | Why It Matters |
Install as SYSTEM | Ensures required privileges, supports auto-update, avoids permission conflicts |
MSI Logging |
|
Check scheduled task | Confirm Liongard Agent Updater exists and is not blocked by EDR/AV |
β οΈ Security Note: Installing under a user or domain account is unsupported and may prevent auto-update or agent functionality.
Step 3: Auto-Reassignment Validation
After deploying agents:
Return to Admin > Inspectors > Windows Server
Verify:
The new local agent is assigned to each targeted Windows Server Inspector
Inspections are running successfully via the local agent
In most cases, the Remote Inspection column will now show
"No"If it still shows
"Yes", confirm:The inspector uses the local agent you just installed
Inspections complete successfully
If both are true, the
"Yes"status is cosmetic and does not indicate an active remote inspection
π§ Auto-Reassignment only works when:
There is an existing remote Windows Server Inspector (FQDN set)
The agent is installed on the same server
The agent is assigned to the same Environment
Post-Deployment Verification π¨βπ»
Confirm the agent service is running:
Open Services and verify Liongard Agent service (LiongardAgentSVC) is Running
Trigger a manual inspection to confirm connectivity and data collection
Confirm auto-update functionality:
Windows Task Scheduler β Ensure Liongard Agent Updater exists and is not blocked
Troubleshooting Tips π
Issue | Suggested Action |
Agent fails to install | Check MSI log; use Liongard Agent Install Script |
Remote inspection not reassigned | Confirm Environment assignment matches the remote Windows Server Inspector; check for duplicate inspectors and archive unused ones |
Agent service shows "Agent Issues" | Check service status, scheduled task, service permissions, firewall/EDR blocking |
β οΈ For detailed troubleshooting, see: Windows Agent | Troubleshooting Installation Issues
FAQs πββοΈ
Q1: Auto-Reassignment is not working. What should I check?
Confirm the agent is assigned to the correct Environment
Confirm it runs as SYSTEM
Verify an existing remote Windows Server Inspector exists for that server (FQDN set) in the same Environment
Reinstall using the Install Script if necessary
Q2: Can I use domain credentials during installation?
No. Agents must run as SYSTEM. Domain/user accounts are unsupported and may break auto-update or inspections.
Q3: Do I need to uninstall remote inspections first?
No. Auto-Reassignment automatically reassigns existing remote inspections to the new local agent if preconditions are met.
Q4: Will this impact existing inspections?
Auto-Reassignment is designed to seamlessly replace remote inspections with local ones without data loss. Historical data is preserved because the existing inspector is reused and only its assigned agent changes.
When to Contact Support π¦
Open Support Chat in the Liongard platform. Include:
Server OS version
Agent version installed
Installation method (MSI or Script)
Remote inspection list
Error messages/screenshots
Relevant Event Viewer or MSI/script logs
π¨ Providing comprehensive logs and screenshots speeds resolution.
Summary π€©
Liongard Windows Agent simplifies local inspection deployment
Auto-Reassignment reduces manual reassignment of remote inspections
Agents must run as SYSTEM for security and functionality
Assign agents to the correct Environment to enable Auto-Reassignment
Use the Install Script for persistent installation failures or MSI issues