Autodiscovery and manual discovery

Before starting the discovery, ensure that the prerequisites are met.

To discover machines

In the service console, go to Devices > All devices.
Click Add.
In Multiple devices, click Windows-only. The discovery wizard opens.
[If there are units in your organization] Select a unit. Then, in Discovery agent you will be able to select the agents associated with the selected unit and its child units.
Select the discovery agent that will perform the scan to detect machines.
Select the discovery method:
- Search Active Directory. Ensure that the machine with the discovery agent is the Active Directory domain member.
- Scan local network. If the selected discovery agent could not find any machines, select another discovery agent.
- Specify manually or import from file. Manually define the machines to be added or import them from a text file.
[If the Active Directory discovery method is selected] Select how to search for machines:
- In organizational unit list. Select the group of machines to be added.
- By LDAP dialect query. Use the LDAP dialect query to select the machines. Search base defines where to search, while Filter allows you to specify the criteria for machine selection.
[If the Active Directory or local network discovery method is selected] Use a list to select the machines that you want to add.

[If the Manual discovery method is selected] Specify the machine IP addresses or hostnames, or import the machine list from a text file. The file must contain IP addresses/hostnames, one per line. Here is an example of a file:
```
156.85.34.10
156.85.53.32
156.85.53.12
EN-L00000100
EN-L00000101
```
After adding machine addresses manually or importing from a file, the agent tries to ping the added machines and define their availability.
Select what actions must be performed after the discovery:
- Install agents and register machines. You can select which components to install on the machines by clicking Select components. For more details, refer to "Selecting components for installation".
  
  On the Select components screen, define the account under which the services will run by specifying Logon account for the agent service. You can select one of the following:
  - Use Service User Accounts (default for the agent service)
    
    Service User Accounts are Windows system accounts that are used to run services. The advantage of this setting is that the domain security policies do not affect these accounts' user rights. By default, the agent runs under the Local System account.
  - Create a new account
    
    The account name will be Agent User for the agent.
  - Use the following account
    
    If you install the agent on a domain controller, the system prompts you to specify existing accounts (or the same account) for the agent. For security reasons, the system does not automatically create new accounts on a domain controller.
  If you chose the Create a new account or Use the following account option, ensure that the domain security policies do not affect the related accounts' rights. If an account is deprived of the user rights assigned during the installation, the component may work incorrectly or not work.
- Register machines with installed agents. This option is used if the agent is already installed on machines and you need only to register them in Cyber Protection. If no agent is found inside the machines, then they will be added as Unmanaged machines.
- Add as unmanaged machines. The agent will not be installed on the machines. You will be able to view them in the console and install or register the agent later.
[If the Install agents and register machines post-discovery action is selected] Restart the machine if required – if the option is enabled, the machine will be restarted as many times as required to complete the installation.

Restart of the machine may be required in one of the following cases:
- Installation of prerequisites is completed and restart is required to continue the installation
- Installation is completed but restart is required as some files are locked during installation
- Installation is completed but restart is required for other previously installed software
[If Restart the machine if required is selected] Do not restart if the user logged in – if the option is enabled, the machine will not be automatically restarted if the user is logged in to the system. For example, if a user is working while installation requires restart, the system will not be restarted.

If the prerequisites were installed and then the reboot was not done because a user was logged in, then to complete the agent installation you need to reboot the machine and start the installation again.

If the agent was installed but then the reboot was not done, then you need to reboot the machine.

[If there are units in your organization] User for whom to register the machines – select the user of your unit or subordinate units for whom the machines will be registered.

If you have selected one of the first two post-discovery actions, then there is also an option to apply the protection plan to the machines. If you have several protection plans, you can select which one to use.
Specify the credentials of the user with administrator rights for all of the machines.

Note that remote installation of agent works without any preparations only if you specify the credentials of the built-in administrator account (the first account created when the operating system is installed). If you want to define some custom administrator credentials, then you should do additional manual preparations as described in "Enabling remote installation of an agent for a custom administrator" below.
The system checks connectivity to all of the machines. If the connection to some of the machines fails, you can change the credentials for these machines.

When the discovery of machines is initiated, you will find the corresponding task in Dashboard > Activities > Discovering machines activity.

Preparing a machine for remote installation

For successful installation on a remote machine running Windows Vista or later, the option Control panel > Folder options > View > Use Sharing Wizard must be disabled on that machine.
For successful installation on a remote machine that is not a member of an Active Directory domain, User Account Control (UAC) must be disabled on that machine. For more information on how to disable it, refer to "Requirements on User Account Control (UAC)" > To disable UAC.
By default, the credentials of the built-in administrator account are required for remote installation on any Windows machine. To perform remote installation by using the credentials of another administrator account, User Account Control (UAC) remote restrictions must be disabled. For more information on how to disable them, refer to "Requirements on User Account Control (UAC)" > To disable UAC remote restrictions.
File and Printer Sharing must be enabled on the remote machine. To access this option:
- On a machine running Windows 2003 Server: go to Control panel > Windows Firewall > Exceptions > File and Printer Sharing.
- On a machine running Windows Vista, Windows Server 2008, Windows 7, or later: go to Control panel > Windows Firewall > Network and Sharing Center > Change advanced sharing settings.
Cyber Protection uses TCP ports 445, 25001, and 43234 for remote installation.

Port 445 is automatically opened when you enable File and Printer Sharing. Ports 43234 and 25001 are automatically opened through Windows Firewall. If you use a different firewall, make sure that these three ports are open (added to exceptions) for both incoming and outgoing requests.

After the remote installation is complete, port 25001 is automatically closed through Windows Firewall. Ports 445 and 43234 need to remain open if you want to update the agent remotely in the future. Port 25001 is automatically opened and closed through Windows Firewall during each update. If you use a different firewall, keep all the three ports open.