This guide covers the installation, deployment, troubleshooting, and frequently asked questions associated with the Device Management Agent.
We do not support DMA deployments to Citrix or Terminal Services roaming profiles. DMA/DeploymentPro currently only supports Microsoft 365 as the Destination.
Deploy DMA via email
To deploy the BitTitan Device Management Agent (DMA) through email, you ask users to manually install the agent.
DMA will install to the following locations: "C:\Program Files (x86)\BitTitan" and "%LOCALAPPDATA%\BitTitan". It is important there are no policies, antivirus programs, or limitations in place that can block operations in these locations, such as AppLocker.
We recommend installing DMA through a group policy object because it’s automated and non-intrusive.
To deploy DMA through email:
- Click Customers on the navigation sidebar.
- Click the customer name for which you wish to deploy DMA.
- Click Users.
- Add a checkmark next to the user(s) that should receive the email.
- Click the Enable Device Management Through Email button.
- In the Enable Device Management via Email panel, enter your email address in the Reply-To Address field.
- Confirm that all of the users you chose are listed in the To field.
- To personalize the email message that the customer's users will receive, type your changes into the message body text box. If the customer's computers use a proxy, you must add instructions to run the DMA installer with command line parameters that ensure DMA is able to transmit data through the proxy. Read the How do I deploy the Device Management Agent on computers that use a proxy? article for more information.
- Click Send Agent Email.
IMPORTANT: DO NOT change the name of the DMA setup file sent via email, or let users share the file. Each emailed DMA setup file is only for the user and machine for which it is sent to.
The customer’s users will receive the email asking them to manually install the agent. The users and their computer information will start populating in MSPComplete under the customer’s context soon after the agent is installed and running.
Installing DMA on domain-joined computers
In circumstances where a client-to-site VPN does not exist to process/update Group Policy Object (GPO) changes, you cannot install DMA via GPO.
Instead, you can install DMA via email. This will install DMA in limited mode.
HealthCheck for Office 365 is a module of DMA. When DMA is installed in limited mode, HealthCheck for Office 365 cannot detect and report (in MSPComplete) on upload and download network speeds.
Deploy the Device Management Agent with a Group Policy Object (GPO)
To deploy the BitTitan Device Management Agent (DMA) using a Group Policy Object (GPO), complete each of the steps detailed below, in order:
- Download the DMA setup file from MSPComplete.
- Create a network share that is accessible to all of your customer’s computers, and put the DMA setup file in the share folder.
- Create a Group Policy Object that forces the domain-joined computers in a security filter to execute the DMA setup file through a scheduled task.
These three steps are explained in greater detail below.
Step 1: Download the DMA setup file from MSPComplete.
- In MSPComplete, click All Customers from the navigation sidebar.
- Click on the customer name for which you wish to deploy DMA.
- On the horizontal menu bar, click Users.
- Click Add Users, then click Add Users via Device Management Agent .
- On the Add Users via Device Management panel, click Device Management Agent setup file to download the DMA setup file to your local drive.
Note: The instructions here are more detailed than those listed in the Add Users via Device Management Agent panel.
Step 2: Create a network share that is accessible to all of your customer’s computers, and put the DMA setup file in the share folder.
For more information about Windows Server file and storage services, read the File and Storage Services Overview TechNet article.
- Log on to the file server as an administrator.
- Click Start and search for Server Manager.
- Click Server Manager from the search results.
- Click File and Storage Services.
- Click Shares.
- Next to Shares, click Tasks.
- Click New Share.
- Continue through the New Share Wizard prompts until finished, then click Create.
- Right-click on the new share in Server Manager, and click Open Share.
- Put the DMA setup file in the share.
- Write down the share's network path; this will be needed when creating the scheduled task.
Step 3: Create a Group Policy Object that forces the domain joined computers in a security filter to execute the DMA setup file through a scheduled task.
- Log on to the Active Directory Domain Controller as an administrator.
- Click Start, and search for Group Policy Management.
- Click Group Policy Management.
- Right-click on the desired Active Directory domain, and then click on Create a GPO in this domain, and Link it here .
- Enter a name for the GPO, and then click OK.
Note: By default, the GPO will apply to all users and computers that successfully authenticate to the Active Directory domain. - To narrow the scope of computers that install DMA, select Authenticated Users, and click Remove.
- To confirm the removal, click OK.
- To add a new security filter, click Add.
- Type the name of the security group that the target computers are a member of, and click Check names.
- Click OK.
- Right-click on the new GPO, and then click Edit.
- In the console tree, under Computer Configuration , click Preferences.
- Click Control Panel.
- Select Scheduled Tasks.
- Right-click under Scheduled Tasks and click New. Then click Immediate Task (At least Windows 7).
Note: For more information about Scheduled Task Items, read the Configure a Scheduled Task Item TechNet article. - Enter a name and a description for the Scheduled Task.
- Click Change User or Group.
- Type "system" into the Object name text box.
- Click Check Names.
Note: Make sure that the system object name resolves to NT Authority\System. - Under Security options , click Run whether a user is logged on or not and add a checkmark next to Run with highest privileges.
- In the Configure for drop-down menu, select Windows 7®, Windows Server™ 2008 R2.
- Click on the Actions tab.
- Click New.
- In the Action drop-down menu, select Start a program.
- In the Programs/script text box, enter the network path for the DMA setup file.
If you use the Browse button to find the location of the script, then it will add the path as c:\xxxx. This is incorrect since the script needs to include the UNC path and not the local path. Be sure to replace the c:\ format with the \\servername\sharename\ format. - If the customer's computers use a proxy, you must add a command line parameter into the Add arguments field to ensure that DMA is able to transmit data through the proxy. Read the How do I deploy the Device Management Agent on computers that use a proxy? article for more information.
- Click OK.
- Click on the Conditions tab.
- Add a checkmark next to Start only if the following network connection is available, and then select Any connection.
- Click OK.
- Close Group Policy Management Editor, and then close Group Policy Management.
The DMA setup file will execute on user computers at the next Group Policy refresh, typically every 90 minutes, with a random offset of 0 to 30 minutes.
Once DMA has been set up, it is important to note that it does not automatically know the email address for the user. It will make calculations on what to report back. If domain joined, we look at the following three things, in the order listed:
1. SMTP address in ProxyEmailAddresses. If the AD has not been extended for Exchange, that attribute will not be present.
2. Email address on the General tab in Active Directory users and Computers
3. UPN they login with on their device
If the one of these three that is reported back is different from what was originally entered in MSPComplete, that address is populated in the customer user list and will appear as a second entry for the user but without a license. That duplicated user is also the one that is populated in DeploymentPro.
Likewise, if a user is not domain-joined at the time DMA reports back, they will show up in your customer list with a ".gen" address and will also be duplicated without a license.
Unfortunately, there is no way to combine these users once they have been created. If you see this in your project, please create a support ticket with the name of the MSPComplete customer and a list of the affected users. While we do not have a way to merge these users, our Support team will be able to help get the licensing set up so that you can run DeploymentPro for the users.
Installing DMA on terminal servers
This guide shows you how to install and configure the Device Management Agent (DMA) on a terminal server. After you complete the steps in this guide, the Agent will run at startup for all users of the terminal server and you can use it for additional services like DeploymentPro and HealthCheck for Office 365.
Prerequisites
Complete these steps before you get started:
- Create the customer in MSPComplete. Read the Add customers topic for more information.
- Add the source and destination endpoints.
- Download the customer's DMA setup file. Read the Add users by deploying DMA topic for more information.
Install DMA on the terminal server
The first step is to copy the DMA setup file to the terminal server and then install it using the Install Application on Remote Desktop Server utility located in the Control Panel. Read the Learn How To Install Applications on an RD Session Host Server TechNet article for more information.
Add a DMA shortcut to the all users startup folder
Add a DMA shortcut to the all users startup folder for the terminal server, to ensure that the Agent runs at startup for all users.
Complete these steps:
- Open a File Explorer window and go to where the agent is installed on the terminal server, which should be C:\Program Files (x86)\BitTitan\DeviceManagementAgent
- In a separate File Explorer window, go to the all users startup folder, which should be C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
- Find the BitTitanDMAExecutor.exe file in the Agent install folder. Right-click on the .exe file, and then select Send To > Desktop (create shortcut). Copy that shortcut from the Desktop into C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup folder\.
Give all users access to the DMA installation folder
Give all users of the terminal server access to the DMA installation folder to ensure they are not blocked from running the Agent at startup.
Complete these steps:
- Open a File Explorer window and go to C:\Program Files (x86)
- Right-click the BitTitan folder, and then select Properties.
- Click the Security tab, and then click Edit.
- Click Add.
- Type Domain Users in the Object Name field, and click Check Names. The entry should resolve to Domain users (underlined).
- Click OK.
- Select Domain Users (Domain\Domain Users) in the Group list, and then add a checkmark under Allow and next to Full Control. This allows all users of the system to have full control of the BitTitan folder and its contents.
- Click OK to finish.
Important: You may need to allow UNC path access in your user lockdown Group Policy Object (GPO). You can allow UNC path access to users by disabling the “Remove Run menu from Start Menu” GPO. Read the Remove Run menu from Start Menu article from Microsoft for more information.
Silently install DMA
It is possible to silently install the Device Management Agent (DMA) by using a command line argument to eliminate the DMA installation chat window.
Follow these steps:
1. In the Group Policy Management Editor, go to the Actions tab.
2. Click Scheduled Tasks, and then click on the specific scheduled task.
3. Click Action > Start a Program > Edit.
4. In the New Action box, go to the Add arguments (optional) field, and type -silent in the box.
5. Click OK.
The DMA installation chat window will no longer appear.
Install DMA on domain-joined computers without admin rights
In circumstances where a client-to-site VPN does not exist to process/update Group Policy Object (GPO) changes, you cannot install DMA via GPO.
Instead, you can install DMA via email by following the directions provided in the article How do I deploy the Device Management Agent through email?
This will install DMA in limited mode.
HealthCheck for Office 365 is a module of DMA. When DMA is installed in limited mode, HealthCheck for Office 365 cannot detect and report (in MSPComplete) on upload and download network speeds.
Windows Registry Changes
The following Windows Registry changes are made when the Device Management Agent (DMA) is installed on computers:
- When DMA is installed without administrator rights:
- HKEY_CURRENT_USER\Software\BitTitan\Limited
- Hardwarehash - Hardware Hash
- HKEY_CURRENT_USER\Software\BitTitan\Limited\Proxy
- Proxy-server - Proxy server address
- Proxy-pac - Proxy auto config script address
- HKEY_CURRENT_USER\Software\BitTitan\Limited
- When DMA is installed with administrator rights:
- HKEY_LOCAL_MACHINE\Software\WOW6432Node\BitTitan
- Hardwarehash - Hardware Hash
- HKEY_LOCAL_MACHINE\Software\WOW6432Node\BitTitan\NonLimitedInstallMode
- HKEY_LOCAL_MACHINE\Software\WOW6432Node\BitTitan\Limited\Proxy
- Proxy-server - Proxy server address
- Proxy-pac - Proxy auto config script address
- HKEY_LOCAL_MACHINE\Software\WOW6432Node\BitTitan
Deploy DMA on computers using a proxy
Use command line parameters to deploy the BitTitan Device Management Agent (DMA) on computers that use a proxy.
Important: If you install DMA on a computer that uses a proxy, without using the command line parameters outlined below, DMA will not transmit that computer's information to MSPComplete. To resolve this problem, uninstall DMA from the computer, delete the install logs found in the C:\Users\%USERNAME%\AppData\Local\BitTitan\ directory, and then reinstall DMA using the command line parameters outlined below.
Follow these steps to install DMA on computers that use a proxy:
- Identify which of the proxy configuration methods listed below is being used on your customer's computers, and use the corresponding command line parameter when installing DMA.
Proxy configuration method Command line parameter Automatic detection No command line parameter needed. Setup script -proxy-pac pacurl Manual setup -proxy-server ip:port - Deploy DMA with a Group Policy Object (GPO): With this method, you enter the command line parameter into the GPO scheduled task. Read the How do I deploy the Device Management Agent with a Group Policy Object? article for more information.
- Deploy DMA through email: With this method, you must provide end users with additional steps to run the DMA setup file with the command line parameters. Depending on the configuration method, copy and paste the appropriate set of instructions from the box into the email message that you will send to end users. Read How do I deploy the Device Management Agent through email? for more information.
For computers that use a scripted proxy configuration method:
1. Click this link: [Install BitTitan Desktop Management Agent Application]({dma_download_url} "Install BitTitan Desktop Management Agent")
2. Save the Desktop Management Agent (DMA) setup file to your C:\ drive root folder.
3. On your computer, click **Start**.
4. Type **Run** into the search bar and open the Run desktop application.
5. Type the command listed below into the **Open** text box and replace **<DMA setup file name>** with the exact name of the DMA setup file that is saved on your C:\ drive root folder.
C:\\**<DMA setup file name>** -proxy-pac pacurl
**Example:** C:\BitTitanDMASetup\_F4048C4401A81234\_.exe -proxy-pac pacurl
6. Click **OK**.
1. Click this link: [Install BitTitan Desktop Management Agent Application]({dma_download_url} "Install BitTitan Desktop Management Agent")
2. Save the Desktop Management Agent (DMA) setup file to your C:\ drive root folder.
3. On your computer, click **Start**.
4. Type **Run** into the search bar and open the Run desktop application.
5. Type the command listed below into the **Open** text box and replace **<DMA setup file name>** with the exact name of the DMA setup file that is saved on your C:\ drive root folder.
C:\\**<DMA setup file name>** -proxy-server ip:port
**Example:** C:\BitTitanDMASetup\_F4048C4401A81234\_.exe -proxy-server ip:port
6. Click **OK**.
3. To enable the Device Management Agent and DeploymentPro functions to bypass the URL, you can create a group policy that sets the following URLs as an exclusion:
https://dma.bittitan.com
https://dmacdn.azureedge.net
https://btazcdnstorage.blob.core.windows.net
https://bittitandma.s3.amazonaws.com
https://bittitanprod.servicebus.windows.net
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Create a Windows Installer Packa (MSI) to deploy DMA
Download the DMA setup file from MSPComplete.
- In MSPComplete, click All Customers from the navigation sidebar.
- Click on the customer name for which you wish to deploy DMA.
- On the horizontal menu bar, click Users.
- Click Add Users, and then click Add Users via Device Management Agent.
- On the Add Users via Device Management panel, click Device Management Agent setup file to download the DMA setup file to your local drive.
Step 1: Download MSI Wrapper
Choose a tool that allows you to convert an executable setup program into an MSI package. In the example below, we guide you through the steps when using the freeware software from Exemsi.com.
Important: This is a third-party utility that is not owned or supported by BitTitan.
Download and install the free version of MSI Wrapper from http://www.exemsi.com/
Step 2: Run MSI Wrapper
Step 3: Select the BitTitanDMASetup_xxxxxxxxxxx_.exe installer file.
Step 4: Get a GUID for the MSI application.
Get a GUID from https://www.guidgenerator.com/online-guid-generator.aspx
Copy and paste the GUID into the Application ID field (in MSI Wrapper application) and Click Create New for Upgrade Code.
Step 5: Accept default information for the Properties and More Properties screens.
Step 6: Proxy Information (if needed). If DMA needs to use a proxy, enter the command line as described in the KB article here to the Install Arguments field. Otherwise, leave the field blank. Enter -uninstall for the Uninstall Arguments.
Step 7: Verify and build. Once you have built the MSI package, it can be deployed via a GPO, or via a software deployment tool, such as SCCM.
Troubleshooting
There can be an error with the Modern Authorization failing. This can happen because the client and server cannot communicate, because they do not possess a common algorithm. In order to resolve this issue ahead of time, please review the information below.
Cause:
-
Windows default TLS version is not pointing to TLS 1.2.
-
Despite setting the TLS version to 1.2, the issue will still arise in the following scenario:
-
Net framework is <=4.5.2
-
And when these keys are missing or marked as disabled:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] " SchUseStrongCrypto"=dword:00000001
-
Resolution:
Add the following registry keys and ensure TLS version 1.2 is enabled.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] " SchUseStrongCrypto"=dword:00000001