Preparing Windows endpoints for FortiClient deployment
The following services must be enabled and configured on each Windows endpoint before FortiClient is deployed to them:
- Task Scheduler: Automatic
- Windows Installer: Manual
- Remote Registry: Automatic
The Windows Firewall must be configured to allow the following inbound connections:
For AD group deployments, an AD administrator account is required. For non-AD deployments, the installer URL can be shared with users, who can then download and install FortiClient manually. You can locate the installer URL in Manage Installers. Go to Profile Components > Manage Installers.
When adding endpoints using an Active Directory domain server, FortiClient EMS automatically resolves endpoint IP addresses during initial deployment of FortiClient. FortiClient EMS can deploy FortiClient (Windows) to Active Directory endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to the EMS server.