Deploy Kaspersky Endpoint Security Cloud with PowerShell

I had to deploy Kaspersky Endpoint Security Cloud to replace a standard Kaspersky Enpoint Security architecture. To do so I've used Microsoft psexec tool and a PowerShell script.

Network share

We need a network share (accessible by all) where we will put KESC.exe and the deploy.bat batch script in.

Windows | path to sysvol Windows | netlogon share

Batch Script

I used the official script as an example : https://support.kaspersky.com/13693.

Instructions

Modify the red line depending on your infrastructure.

deploy.bat

@echo off
REM ECHO ON

:REM if HKLM\Software\KasperskyLab missing, create Key
REG QUERY HKLM\Software\KasperskyLab
IF %ERRORLEVEL% == 1 REG ADD HKLM\Software\KasperskyLab
REG QUERY HKLM\Software\KasperskyLab\KESCloud
IF %ERRORLEVEL% == 1 REG ADD HKLM\Software\KasperskyLab\KESCloud

:REM If HKLM\Software\KasperskyLab\KESCloud\NetAgent DWORD equal to 1 KESC switch else go to NETAGENT switch
REG QUERY HKLM\Software\KasperskyLab\KESCloud /v NetAgentVersion | FIND "0x2"
IF %ERRORLEVEL% == 1 GOTO INSTALL
GOTO END

:INSTALL
ECHO Installing
REG ADD HKLM\Software\KasperskyLab\KESCloud /v NetAgentVersion /t REG_DWORD /f /D 2
\\std.local\netlogon\KAV\KESC.exe -s
REG ADD HKLM\Software\KasperskyLab\KESCloud /v AutoPackageInstalled /t REG_DWORD /f /D 1
:END
ECHO Finish
set /p=Hit Enter to continue...

PowerShell Script

This PowerShell script checks if the host is avalable (via a ping command). If yes, the psexec.exe tool will be used to run the deploy.bat batch on the target computer.

Instructions

Now, the PowerShell script that I executed from the AD. We have to set the following variables :

Deploy.ps1

###########################
# author : shebangthedolphins.net
# version : 1.2
# date : 2020.12
# role : deploy Kaspersky Endpoint Security Cloud
# other : launch it with domain admin user rights.
# updates :
#       - 1.0 (2018/02) : First version    
#       - 1.1 (2020/09) : Add variables and comments
#       - 1.2 (2020/12) : Updates, variables corrections

#VARIABLES
$computers = @("COMPUTER15","COMPUTER85","COMPUTER86","COMPUTER98","COMPUTER16","COMPUTER19")
$domain = "std.local"
$user = "administrator"
$password = "Mypassword"
$share = "\\std.local\netlogon\KAV\"
$psexec = "c:\Users\std\psexec.exe"

Foreach ($computer in $computers)
{
    Write-Host "Work on $computer"
    ping -n 1 "$computer" | findstr "TTL" #check if computer is available
    if ($LASTEXITCODE -eq '0') #if yes, let's start deployment
    {
	 & "$psexec" "/accepteula" "\\$computer" "-u" "$domain\$user" "-p" "$password" "$share\deploy.bat"
	 #Start-Process -FilePath ($psexec) -ArgumentList ("/accepteula" + " \\" + $computer + " -u " + $domain + "\" + $user + " -p " + $password + " " + $share + "\" + "deploy.bat") # -Wait
    }
    else
    {
	    write-host "$computer cannot be reached"
    }
} 
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :