Fortinet black logo

EMS Administration Guide

Preparing Windows endpoints for FortiClient deployment

Preparing Windows endpoints for FortiClient deployment

The following services must be enabled and configured on each Windows endpoint before FortiClient is deployed to them:

  • Task Scheduler: Automatic
  • Windows Installer: Manual
  • Remote Registry: Automatic

The Windows Firewall must be configured to allow the following inbound connections:

  • File and Printer Sharing (SMB-In)
  • Remote Scheduled Tasks Management (RPC)

For AD group deployments, an AD administrator account is required. For non-AD deployments, the installer URL can be shared with users, who can then download and install FortiClient manually. You can locate the installer URL in Manage Installers. Go to Profile Components > Manage Installers.

note icon

When adding endpoints using an Active Directory domain server, FortiClient EMS automatically resolves endpoint IP addresses during initial deployment of FortiClient. FortiClient EMS can deploy FortiClient (Windows) to Active Directory endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to the EMS server.

Preparing Windows endpoints for FortiClient deployment

The following services must be enabled and configured on each Windows endpoint before FortiClient is deployed to them:

  • Task Scheduler: Automatic
  • Windows Installer: Manual
  • Remote Registry: Automatic

The Windows Firewall must be configured to allow the following inbound connections:

  • File and Printer Sharing (SMB-In)
  • Remote Scheduled Tasks Management (RPC)

For AD group deployments, an AD administrator account is required. For non-AD deployments, the installer URL can be shared with users, who can then download and install FortiClient manually. You can locate the installer URL in Manage Installers. Go to Profile Components > Manage Installers.

note icon

When adding endpoints using an Active Directory domain server, FortiClient EMS automatically resolves endpoint IP addresses during initial deployment of FortiClient. FortiClient EMS can deploy FortiClient (Windows) to Active Directory endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to the EMS server.