Setting the Target Devices

Windows Defender

• Windows 10 regards the remote execution of msiexec.exe through the Task Scheduler as malicious activity. Windows blocks this on the target computer.

• To disable Windows Defender's Anti-Malware A component of the Endpoint Security client that protects against known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. with a PowerShell command on the target device: (For Windows server only)

  1. Open PowerShell as Administrator.

  2. Run:

     Uninstall-WindowsFeature -Name Windows-Defender

  3. Reboot the computer after the Windows Defender Anti-Malware uninstalls.

• If the remote installation procedure fails, the Windows Defender enables after a restart. Disable the Windows Defender's Real-Time Protection again.

Other AV Solutions

• We recommend that you disable the Windows Defender and disable or uninstall third-party anti-virus software on the target computer.

• An attempt to run remote software triggers a notification. The remote deployment procedure fails.

Enable Access to the Task Scheduler Through the Windows Firewall in a Domain Profile

• When the Windows Firewall blocks the remote connection to the target's Task Scheduler, run this PowerShell command on the target computer:

  Get-NetFirewallProfile -Name Domain | Get-NetFirewallRule | ? Name -like *RemoteTask-In-TCP-NoScope* | Enable-NetFirewallRule

• Configure these settings on the computer:

  1. Navigate to Control Panel > Network and Internet > Network and sharing center > Advanced sharing settings.

  2. In the Network discovery section, select Turn on network discovery.

  3. In the File and printer sharing section, select Turn on file and printer sharing.

• Allow user to access the %windir%\Tasks directory.

• Navigate to Local Security Policy > Local Policies > User Rights assignment and verify that the Log on as a batch job and Log on a service are configured.

• Navigate to Windows Defender Firewall with Advanced Security > Windows Defender Firewall with Advanced Security - Local Group Policy Object > Inbound Rules and verify that the:

  • Remote Scheduled Tasks Management (RPC) is enabled.

  • Remote Event Log Management (RPC) is enabled.

• Verify that the Remote Registry service is running.