AgentP configuration/installation options

In this topic, you will learn all options available to configure Portnox™ AgentP.

Registry keys (Windows)

AgentP for Windows can be configured using the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Portnox AgentP

The following values are available:

Mode (string):
- umode: Runs AgentP in unattended mode.
  
  For more information, see the following section: Install AgentP on Windows in unattended enrollment mode or switch to unattended enrollment mode.
Etype (string):
- computer_account: Runs AgentP in kiosk mode.
  
  For more information, see the following section: Install AgentP on Windows in kiosk mode or switch to kiosk mode.
EnrollmentIdentity (string):
- certificate: If no user is logged in to Windows, AgentP will attempt to automatically enroll in the background on the basis of the Subject of the computer certificate obtained via SCEP.
  
  For more information, see the following topic: Install AgentP on Windows in unattended mode based on SCEP certificates.
- Any other value or no value: AgentP will attempt to automatically enroll after the user logs in (if EnrollmentCertificate is specified).
EnrollmentCertificate (string):
- issuer:issuer_name: Identifies your Portnox Cloud tenant for automatic enrollment on the basis of the Subject of the user/device certificate.
  
  Note: For automatic enrollment to work, you must add this value to the registry before you install AgentP.
TrayIcon (string):
- hide: Hides the AgentP icon from the system tray (notification area).
AutoUpdateMode (DWORD):
- 0: AgentP is not updated automatically if a new version is available.
- 1: AgentP is updated automatically (default option if value is not specified).
- 2: AgentP is updated automatically only if it is enrolled.
Domain (string):
- user_domain: Lets you override the domain name of the logged-in user.
State (string): Contains the entire configuration of AgentP.
Note: You can remove this value to reset the configuration of AgentP, but this will not remove certificates or network interface configurations from the machine, so it should be treated as an emergency procedure only.
Here are example scripts for this purpose:

PowerShell:
```
Remove-ItemProperty "hklm:\SOFTWARE\WOW6432Node\Portnox AgentP\" -Name State
Restart-Service PortnoxAgentP
```
Windows command:
```
reg.exe delete "\\computer_name\hklm\SOFTWARE\WOW6432Node\Portnox AgentP" /v State /f
net stop PortnoxAgentP
net start PortnoxAgentP
```

Configuration file options (macOS)

AgentP for macOS can be configured using the following configuration file. Configuration values should be entered one per line as key:value pairs. Most options work only if they are present before AgentP is installed.

/var/agentp/uipreferences.cfg:
- "HideUI":true: Hides the AgentP user interface for unattended onboarding.
/var/agentp/unattended.cfg:
- "Mode":"certificate": Lets you automatically onboard AgentP on the basis of the Subject of the user/device certificate obtained via SCEP.
  
  For more information, see the following topic: Install AgentP on macOS in unattended mode based on SCEP certificates.
- "Certificate":"issuer:issuer_name": Required for automatic certificate-based onboarding. Lets you automatically onboard AgentP on the basis of the Subject of the user/device certificate.
- "User":[current] or "User":null: Required for automatic certificate-based onboarding. If [current], onboarding is based on the name/domain of the user logged in to macOS. If null (or no key), onboarding is based on email or UPN from the certificate.
- "Domain":"your_domain": Required for automatic certificate-based onboarding. Use the domain name that you configured in Portnox Cloud.
- "AutoSwitch":true: Required for automatic certificate-based onboarding.
- "UseCertificateSerialNumberAsDeviceId":true: Required for automatic certificate-based onboarding.
- "profileInstallationNeeded":false: Required for automatic certificate-based onboarding.
- "PreventManualEnrollment":true: Activates/deactivates the option to manually enroll AgentP.
- "ProfileInstallationNeeded":true|false: Specifies if AgentP should install a configuration profile with the certificate and network settings.

Command-line options (Windows)

The following command-line options are available for Windows when starting AgentP:

Note: You can only use one option at a time.

-dau: Disable auto-updates.
-eau: Enable auto-updates.
-enrolled-au: Enable auto-updates only if enrolled.
-set-ca: Set this option to switch unattended enrollment to device-based mode.
-remove-ca: Set this option to switch unattended enrollment mode to user-based mode.
-d: Unenroll (deactivate) AgentP.
Note: This command must be preceded by net stop PortnoxAgentP to stop the AgentP service and then followed by net start PortnoxAgentP to start it again.

Windows Installer options

The following Windows Installer options are available when installing AgentP using the following command:

msiexec /i agentp_installer_file.msi options

/qn: Install AgentP in unattended mode based on the Windows enrollment in Active Directory or Entra ID. In this installation mode, the onboarding window is displayed but it disappears after enrollment is complete.

For more information, see the following topic: Install AgentP on Windows in unattended mode.
/qn UI_LAUNCH=1: As above, but no onboarding window is displayed.

For more information, see the following topic: Install AgentP on Windows in unattended mode with no user interaction.