Fortinet black logo

EMS Administration Guide

Preparing Windows endpoints for FortiClient deployment

Preparing Windows endpoints for FortiClient deployment

You must enable and configure the following services on each Windows endpoint before deploying FortiClient:

  • Task Scheduler: Automatic
  • Windows Installer: Manual
  • Remote Registry: Automatic

You must configure Windows Firewall to allow the following inbound connections:

  • File and Printer Sharing (SMB-In)
  • Remote Scheduled Tasks Management (RPC)

Active Directory (AD) group deployments require an AD administrator account. For non-AD deployments, you can share the deployment package URL with users, who can then download and install FortiClient manually. You can locate the deployment package URL in Deployment & Installers > FortiClient Installer.

note icon

When adding endpoints using an AD domain server, FortiClient EMS automatically resolves endpoint IP addresses during initial deployment of FortiClient. FortiClient EMS can deploy FortiClient (Windows) to AD endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to FortiClient EMS.

Preparing Windows endpoints for FortiClient deployment

You must enable and configure the following services on each Windows endpoint before deploying FortiClient:

  • Task Scheduler: Automatic
  • Windows Installer: Manual
  • Remote Registry: Automatic

You must configure Windows Firewall to allow the following inbound connections:

  • File and Printer Sharing (SMB-In)
  • Remote Scheduled Tasks Management (RPC)

Active Directory (AD) group deployments require an AD administrator account. For non-AD deployments, you can share the deployment package URL with users, who can then download and install FortiClient manually. You can locate the deployment package URL in Deployment & Installers > FortiClient Installer.

note icon

When adding endpoints using an AD domain server, FortiClient EMS automatically resolves endpoint IP addresses during initial deployment of FortiClient. FortiClient EMS can deploy FortiClient (Windows) to AD endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to FortiClient EMS.