Enrolling Registered Devices

Prerequisites

To start managing your Registered devices, you must first enroll them. This section describes the enrollment processes for the device OS, such as macOS and Windows devices. The following procedures summarize the steps for enrolling your target devices.

Manual Registration
  • Create a Token: Create a token from admin portal.
  • Download Agent Installer: Obtain agent installer from the admin portal or by using the enrollment URL built with the following syntax:
    • https://yoursubdomain.enroll.kacecloud.com/register
    • https://yoursubdomain.enroll.westeurope.kacecloud.com/register (for westeurope data centers only)

    • NOTE: In the enrollment URL, ensure you replace yoursubdomain with your tenant specific details.

  • Install Agent: Use the installer package (.pkg for macOS or .msi for Windows) to install the agent on the target device. Enter token only if prompted.
    Click here to learn the different ways to transfer a token to the agent.
  • Verify Installation: Ensure the installation command completes without errors or error codes to confirm a successful agent installation.
  • Confirm Registration State: Verify that the device is in the expected registration state for the specific tenant associated with the provided token. The agent communicates with the KACE Cloud server, either automatically enrolling or awaiting administrator approval based on configured settings.
  • Check Enrollment Status: Examine the log data in `register.log` located in the following directories:
    • Windows: C:\ProgramData\Quest\KACECloud\logs\register.log
    • macOS: /Library/Application Support/Quest/KACECloud/data/logs/register.log
Third Party Agent Deployment

NOTE: We do not have direct control over the distribution KACE Cloud agent within third-party products. The outlined steps below are for information only; we do not guarantee or influence deployment procedures.

We have VMware Workspace One and Microsoft Intune as an example to demonstrate the deployment process. Before you begin, download the agent installer file and copy the token value.

For VMware Workspace One
  1. Windows:
    • Navigate to Resources: Access the VMware Workspace One console and locate the section for native applications.
    • Upload Agent Installer: Add the KACE Cloud agent installer (.msi file) to the VMware Workspace One environment.
    • Configure Deployment options: Specify deployment options, accept defaults, and edit the install command to include a Token argument with token data.
    • Save and Assign: Save the configurations and assign the new application to desired Windows devices already part of VMware Workspace One, facilitating registration into KACE Cloud.
  2. macOS:
    • Navigate to Native Apps: Access the VMware Workspace One console and locate the section for native applications.
    • Upload Agent Package: Add the KACE Cloud agent package to the VMware Workspace One environment.
    • Configure Full Software Management: Select Full Software Management, accepting defaults in the Details tab.
    • Configure Scripts: Add a pre-install script to handle token data. Assign the new application to desired macOS devices that are already part of VMware Workspace One, facilitating registration into KACE Cloud.

See detailed instructions here.

For Microsoft Intune
  1. Windows:
    • Navigate to Apps: Access the Microsoft Intune console and locate the section for all applications.
    • Upload Agent Installer: Add the KACE Cloud agent installer (.msi file) to the Microsoft Intune environment, providing necessary app information and custom command line arguments.
    • Assign Application: Assign the new application to desired Windows devices that is already a part of Microsoft Intune, facilitating registration into KACE Cloud.
  2. macOS
    • Navigate to Apps: Access the Microsoft Intune console and locate the section for all applications.
    • Upload Agent Installer: Add the KACE Cloud agent installer (.pkg file) to the Microsoft Intune environment, providing necessary app information and an install script to handle token data.
    • Assign Application: Assign the new application to desired macOS devices already part of Microsoft Intune, facilitating registration into KACE Cloud.

See detailed instructions here.

Group Policy Deployment
Prerequisites

Before proceeding with device enrollment, ensure the following prerequisites are met:

  • Network Share Location: You must have a network share location accessible to all targeted devices. This location will host the installation and configuration files needed for enrollment.
  • Active Directory Group: You must have an Active Directory group ready for targeting devices. This group helps specify which devices will receive the enrollment settings.

Device Enrollment Steps

Follow these steps to enroll devices through Group Policy:

1. Check Existing Network Share

  • Verify if the network share is already present. If not, you need to create one.
  • Ensure that the Network Share has read permissions for users and devices. This ensures that devices can access the necessary files.

2. Check Existing Active Directory Group

  • Verify if the Active Directory Group is already present. If not, you need to create one.
  • Create an Active Directory group to assign the policy. This group includes all the target devices that should receive the software. Make sure it also grants permission for these devices to read from the network share.

3. Generating a Transformation File

Generate a transformation file (.mst file) using an administrative tool like ORCA. This file captures the necessary configuration changes during installation. Follow these steps:
  • Download the administrative tool(e.g., ORCA) using the Windows SDK Installer and install it.
  • Open the tool and load the .msi file that corresponds to the software you are deploying.
  • Create a new transform by adding a row to the Property table, enter ‘TOKEN’, and then add the enrollment token value.
  • Save the transformation file (.mst file) and copy it to the previously created network share, ensuring accessibility for target devices.

4. Configuring Group Policy

  • Open the Group Policy Management tool on the Active Directory server.
  • Create a new Group Policy Object (GPO) specifically for device enrollment.
  • In the security filtering section, add the Active Directory group containing the target devices.
  • Edit the GPO and navigate to Computer Configuration > Policies > Software Settings > Software Installation.
  • Right-click and choose New> Package, selecting the .msi file from the network share.
  • Advanced settings allow the addition of the .mst file, ensuring the configuration changes are applied during installation.
Once the Group Policy is configured, it gets applied during the next system restart. Devices automatically receive the enrollment settings. For immediate application, you can run the gpupdate command on target systems.

After successful enrollment, the Registered devices are listed on the Devices tab. If you cannot find an enrolled device in the list, ensure that you do not have any filters applied, and refresh the page. For more information about filtering devices, see Filter devices.