Service accounts are deliberately spread out, but you can reduce the number of LANDESK accounts.
The account names are examples, and these names will be used throughout the rest of the article.
LDMSadmin (SQL)
Permissions: DBowner of the SQL database
LDMSreport (SQL)
Permissions: Data_Reader of the SQL database
Support (CSA)
Usage: Account for PMAD on internet workstations
LDMSinstall (AD Account)
Permissions: Add this account to the local Administrators group of the LANDESK server
Usage: LANDESK installation
LDMSread (AD Account)
Permissions: Read access to shares containing applications, patches, and masters
Usage: Preferred server
LDMSwrite (AD Account)
Permissions: Write access to shares containing applications, patches, and masters
Usage: Preferred server
LDMSservice (AD Account)
Permissions: Administrator of the core server, administrator of workstations
Usage: Used for the LANDESK scheduler and for installing agents on workstations
LDMScom (AD Account)
Permissions: Member of the local Administrators group, LANDESK administrator group, and LANDESK Management Suite group
Usage: For COM+ objects
LDMSIntegrationAD (AD Account)
Permissions: Integrate workstations into the domain
Usage: LANDESK provisioning
LDMSreadAD (AD Account)
Permissions: Standard user of AD
Usage: Read access in AD
Installation
Download Sources
See download for installation sources. You will need an IVANTI account to download the sources.
Creating the Database
Simply create an empty database on a SQL server. The SQL server can be installed on the LANDESK core server or on a shared SQL server.
Two points of attention for SQL:
Do not use a French collation but rather the collation SQL_LATIN_CP1_CI_AS. I have not found documentation on the possible collations, but the French collation causes problems during LANDESK version upgrades.
Use passwords for SQL accounts that do not contain the characters $, -, _
=> Create an empty database
=> Create the LDMSadmin account
=> And grant this account DB_Owner rights on the LANDESK database
=> Create the LDMSreport account
=> And grant it db_datareader rights on the LANDESK database
EPM Installation
As a habit, I install LANDESK/EPM in English on an EN-US core server
Use the LDMSinstall account to install LANDESK
=> Start the LANDESK installation and choose the installation language
The installation language will also be the EPM console language on the core server
=> Select “Primary Server”
=> Install prerequisites
=> For a new installation, configure a new database
=> SQL Server is recommended, but in a lab, SQL Express can be used
=> Enter the information to connect to the empty database you created. The port number is not necessary if it is the default on SQL
=> Specify the installation path. Some files will still be present in C: (such as LANDESK certificates)
=> Enable certificate management. Note that if you have LANDESK clients 9.5 or 9.6, DO NOT ENABLE this option
=> Start the installation and go get a coffee. The installation takes about an hour.
=> Once the installation is complete, install the SU patches if needed, with a reboot each time.
Activation
At the first launch, the activation request should appear.
Once the credentials are entered, the core server will be activated.
Configuration
Creating Shares
To function correctly, LANDESK needs two shares:
One UNC share that will be primarily used for OS deployments and for replication with preferred servers
One HTTP share that will be used for deploying applications and patches
=> Create a Windows share with everyone having full control in share permissions (or authenticated users)
This folder can be located on the core server or on a separate file server
=> Add the LDMSread account with read permissions and the LDMSwrite account with write permissions in NTFS permissions
=> Launch the IIS console, then in the default website, create a “Virtual Directory”
Note, this share must be located on the core server if you have a CSA
Note: if the share is on a UNC share (separate file server), use the LDMSwrite account. When enabling directory browsing in IIS, IIS will need to create a config XML file.
=> Specify a share name IDENTICAL (not mandatory but simpler) to the Windows share name
=> Enable directory browsing in this folder
=> In package management, change the default path to point to your HTTP share
Scheduler Configuration
Launch “Ivanti Configure Services”
In the Scheduler tab, select the LDMSservice account
SQL Account Configuration for Reports
=> In the “Configure” menu, then “Service” from the LANDESK console
In the General tab, specify the LDMSreport account
Certificate Management
Launch the IVANTI console
In the “Configure” menu, then “Client Access”
Check “Automatically approve new certificates”
This will facilitate deployment. Once the EPM agent deployment is finalized, you can disable this option.
COM+ Configuration
In Windows Administrative Tools
Select “Component Services”
Configure the two COM+ objects
LANDESK
LANDESK1
with the LDMScom account
Patch Management
On the core server, launch “Core Server Activation”, then click on the licenses button
When upgrading to a new version of Ivanti, the patch management license may no longer work if the patch management versioning does not match your version of LANDESK.
Open a ticket with Ivanti for the patch management license update, then re-run the activation.
Resolve the IVANTI agent installation issue by ensuring the correct installation sequence of .NET Framework, including reboot steps and provisioning integration.
