How to Deploy SolarWinds Log and Event Manager Agent via Group Policy

Monalytic provides a short how-to on quickly deploying a SolarWinds Log and Event Manager agent via Microsoft Active Directory® Group Policy.

  • Why You Want to Do This
  • How to Architect the Deployment in 5 Easy Steps
  • Best Practices and Areas to Watch Out For

Why You Want to Do This

SolarWinds Log and Event Manager out-of-the-box has a remote deployment tool and stand-alone executable that is great for initial implementations. The gap here being, after your initial deployment, how do you ensure long term that all your Windows nodes (or a defined subset if you so desire) have the agent. Many security standards require centralized logging of all nodes; using this procedure and having that defined by Group Policy will ensure every machine on your network, that does not have the agent, gets it installed upon system startup. In addition, if a new machine is deployed or a user uninstalls the agent, it will be redeployed during the next operating system boot sequence.

How to Architect the Deployment in 5 Easy Steps

  1. Cache the local LEM Agent installation file in a network share accessible by ALL nodes that will need it User Account Disabled.
  2. Build the unattended installer file.
    • Open Notepad
    • Enter the information in the same format in the screenshot below
      • Modify MANAGER_IP to match the IP of your LEM appliance
      • The INSTALL_USB_DEFENDER setting has two options
        • 1=Enabled
        • 0=Disabled
      • Make sure you have a carriage return where the red arrow is in the screenshot below, without that additional return in there it won’t work.
    • Save the file as and save it in the same directory as the setup.exe for the local LEM Agent.
  3. Build a script that checks if an agent is installed. Basic logic that checks IF LEM agent installation directories exist (check for 32-bit directory or 64-bit directory) THEN Exit ELSE run the installation silently. Note: Modify the IP in the syntax below to the share with the LEM Agent setup.exe
    • Syntax:
    • Screenshot:
  4. Assign that script to a Group Policy object to run at startup.
  5. Apply the group policy where applicable. At this point the install is completely silent from an end users’ perspective. From a compliance standpoint this will check that all nodes have the agent installed every time a computer starts.

Best Practices and Areas to Watch Out For

  • This procedure is NOT a vendor supported deployment method for the SolarWinds Log and Event Manager agent. If you call SolarWinds support directly they will not help you with any portion of this.
  • This is only applicable to Windows nodes and therefore only the Windows agent.
  • Ensure the share location where the source agent data is hosted is available to all nodes that receive the policy. If the policy attempts to execute, but can’t reach the UNC path, then the agent will not install.
  • Ensure if you define a server name (\\Servername\Share) in the startup script area ensure all nodes can resolve the servers name via DNS. Poorly architected domain trust structure or a whole host of other DNS related issues can cause the name to not be able to resolve. In some situations, using an IP address (\\Server’sIP\Share) is the more reliable option.
  • Ensure all nodes that receive the startup script have “read only” access to the network share hosting the SolarWinds Log and Event Manager agent.
  • Always test Group Policy changes on a subset of lower priority machines before defining against a large group of node.

For more information on how Monalytic can further optimize your SolarWinds Log & Event Manager deployment or product licensing, contact us at

Back to News