removed duplicate directory for threatprevention

Author: jtviolet

docs/threatprevention/7.4/threatprevention/admin/agents/deploy/installing.md renamed to docs/threatprevention/7.4/admin/agents/deploy/installing.md

@@ -0,0 +1,129 @@
+# Deploy Agents
+
+The Threat Prevention Agent can be deployed through any of the following methods:
+
+- Deploy the Agent to server(s) through the Administration Console – You can deploy the Agent to one
+  or multiple servers through the Administration Console
+
+    **_RECOMMENDED:_** This is the recommended method for deploying the Agent.
+
+- Manually through the Windows Agent Setup Wizard – Run the Agent executable to launch this wizard
+
+See the
+[Manual Agent Deployment](/docs/threatprevention/7.4/install/agent/manual.md)
+topic for additional information.
+
+## Deploy Agents Wizard
+
+The Deploy Agents wizard enables you to deploy Agents from the Administration Console. Computers
+targeted for Agent deployment must meet the minimum .NET Framework version required by the Agent or
+the deployment fails. Remember to check server requirements before deploying the Agent, including
+compatibility with other security products. See the
+[Agent Server Requirements](/docs/threatprevention/7.4/requirements/agent.md)
+topic for additional information.
+
+**NOTE:** The wizard does not block access to the Administration Console and can be minimized while
+actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing
+blue link displays on the upper right corner of the interface with the action name displayed. Click
+this link to bring back the focus to the wizard.
+
+The Deploy Agents wizard consists of four windows: Select Computers, Set Options, Prerequisites
+Check, and Installing.
+
+Follow the steps to deploy the Agent from the Administration Console to a new or existing machine
+using the Deploy Agents wizard.
+
+**CAUTION:** Closing the Administration Console while this action is in process causes problems with
+data collection.
+
+**Step 1 –** Click Agents in the left pane to launch the Agents interface.
+
+**Step 2 –** On the Agents interface, click the **Deploy Agent** (**+**) button on the top right
+corner. To re-install a previously uninstalled Agent, select the **Install Agent** right-click menu
+option for that machine in the grid. The Select Computers window opens.
+
+![Deploy Agents wizard – Select Computers page](/img/versioned_docs/threatprevention_7.4/threatprevention/admin/agents/deploy/selectcomputers.webp)
+
+**Step 3 –** On the Select Computers window, add the host or IP addresses of the target machines to
+the Deploy Agents to These Computers box. Use any of the three methods, as represented by the three
+tabs on the window. See the
+[Select Computers Window](/docs/threatprevention/7.4/admin/agents/deploy/selectcomputers.md)
+topic for additional information. Click **Next**.
+
+If you open this window through the
+[Right-Click Menu](/docs/threatprevention/7.4/admin/agents/overview.md#right-click-menu)
+action, the list is auto-populated with the computer(s) selected on the Agents interface.
+
+![Deploy Agents wizard – Set Options page](/img/versioned_docs/threatprevention_7.4/threatprevention/admin/agents/deploy/setoptions.webp)
+
+**Step 4 –** On the Set Options window, enter the credentials required to deploy the Agent on the
+selected machine(s). Review the Enterprise Manager IP address/name and port for accuracy and select
+the desired modules to install for this Agent. You can also set other properties for the Agent. See
+the
+[Set Options Window ](/docs/threatprevention/7.4/admin/agents/deploy/setoptions.md)topic
+for additional information.
+
+**Step 5 –** Once configurations are set, click **Next**.
+
+![Deploy Agents wizard – Prerequisites Check page](/img/versioned_docs/threatprevention_7.4/threatprevention/admin/agents/deploy/prerequisitescheck.webp)
+
+**Step 6 –** On the Prerequisites Check window, the credentials provided on the Set Options window
+either succeed or fail during a prerequisites or verification check. It also initiates a
+prerequisite check for the Agent. See the
+[Prerequisites Check Window](/docs/threatprevention/7.4/admin/agents/deploy/prerequisitescheck.md)
+topic for additional information.
+
+![Deploy Agents wizard – Installing page](/img/versioned_docs/threatprevention_7.4/threatprevention/admin/agents/deploy/installing.webp)
+
+**Step 7 –** The Installing window performs the installation and displays whether or not the action
+was successful. See the
+[Installing Window ](/docs/threatprevention/7.4/admin/agents/deploy/installing.md)
+topic for additional information.
+
+**Step 8 –** When the task is successfully completed, click **Finish** to close the window.
+
+The Agent will be listed in the table on the Agents interface.
+
+**NOTE:** If the server where the Agent is deployed has multiple network adapters (multi-homed),
+then it is necessary to bind the Agent to an adapter that can communicate with the Enterprise
+Manager. See the
+[Bind To](/docs/threatprevention/7.4/troubleshooting/agentcommunication.md#bind-to)
+topic for additional information.
+
+## Update Agent Settings
+
+Follow the steps to update the settings for a deployed Agent through the Agents interface.
+
+**Step 1 –** Click Agents in the left pane to launch the Agents interface.
+
+**Step 2 –** On the Agents interface, right-click the Agent and select Update Agent Settings on the
+[Right-Click Menu](/docs/threatprevention/7.4/admin/agents/overview.md#right-click-menu).
+The Select Computers window opens.
+
+**Step 3 –** On the Select Computers window, the computer where the Agent is deployed is
+automatically added to the Update Agent settings on These Computers box. See the
+[Select Computers Window](/docs/threatprevention/7.4/admin/agents/deploy/selectcomputers.md)
+topic for additional information. Click **Next**.
+
+**Step 4 –** On the Set Options window, ensure the proper credentials, modules, and Enterprise
+Manager location are accurate alongside additional options. To make changes to the settings, uncheck
+the **Keep Existing Settings** box. Make necessary updates as needed. See the
+[Set Options Window ](/docs/threatprevention/7.4/admin/agents/deploy/setoptions.md)
+topic for additional information.
+
+**Step 5 –** On the Prerequisites Check window, the credentials provided on the Set Options window
+either succeed or fail during a prerequisites or verification check. See the
+[Prerequisites Check Window](/docs/threatprevention/7.4/admin/agents/deploy/prerequisitescheck.md)
+topic for additional information. Click **Next**.
+
+**Step 6 –** On the Updating Settings window, the Agent will be stopped and restarted. One of two
+status messages display:
+
+- Failed – Read the failure message and either click **Back** to provide new credentials or click
+  **Finish** to close the window and ensure any error messages are taken care of prior to next
+  attempt
+- Completed – Indicates that the Agent has been successfully updated
+
+**Step 7 –** Click **Finish** to close the window.
+
+The status of the Agent update will display in the grid on the Agents interface.

docs/threatprevention/7.4/admin/agents/deploy/overview.md

@@ -0,0 +1,24 @@
+# Prerequisites Check Window
+
+The Deploy Agents wizard's Prerequisites Check window is the third in a sequence of four windows to
+deploy the Agent on a computer. On this window, Threat Prevention checks if the provided credentials
+successfully allow Agent deployment.
+
+![Deploy Agents wizard – Prerequisites Check page](/img/versioned_docs/threatprevention_7.4/threatprevention/admin/agents/deploy/prerequisitescheck.webp)
+
+After the check is run, the status registers as either Success or Failed. Select a host to view the
+full message in the box at the bottom of the window.
+
+- Failed – Read the failure message and either click **Back** to provide new credentials or click
+  **Finish** to close the window and ensure any error messages are taken care of prior to next
+  attempt
+- Success – Click **Next** to install the Agent
+- If some but not all items fail, you can click **Next** to deploy the Agent on those where access
+  verification was successful
+
+In addition to confirming access, Threat Prevention also verifies if the target machine has the
+minimum .NET Framework version needed by the Agent already installed; else the deployment fails.
+
+See the
+[Installing Window ](/docs/threatprevention/7.4/admin/agents/deploy/installing.md)topic
+for the next step.

docs/threatprevention/7.4/admin/agents/deploy/prerequisitescheck.md

@@ -0,0 +1,56 @@
+# Select Computers Window
+
+The Deploy Agents wizard's Select Computer window is the first in a sequence of four windows to
+deploy the Agent on a computer. It provides three methods for selecting computers where Agent(s) can
+be deployed:
+
+- Add Single Host
+- Add from AD
+- Add from File
+
+Any combination of these three methods can be used to select computers.
+
+## Add Single Host Tab
+
+The Add Single Host tab is displayed by default when the Select Computer window opens.
+
+![Deploy Agents wizard – Select Computers page](/img/versioned_docs/threatprevention_7.4/threatprevention/admin/agents/deploy/selectcomputers.webp)
+
+Manually enter and select the host name or IP address of a computer. Use the double-arrow button to
+add it to the Deploy Agents to These Computers box.
+
+## Add From AD Tab
+
+Click the Add From AD tab.
+
+![Deploy Agents wizard – Select Computers page: Add from AD tab](/img/versioned_docs/threatprevention_7.4/threatprevention/admin/agents/deploy/addfromad.webp)
+
+Browse the domain's computer objects (Domain Controllers and Computers) to select those where you
+want to deploy the Agent.
+
+- Domain to Browse – Displays the domain where the Enterprise Manager resides. If unpopulated, type
+  the desired domain in the textbox. Click Connect to connect to the domain.
+- List of Domain Controllers/Computers – Populates with computers found in Active Directory
+- Add (>) button – Adds the selected computer(s) to the Deploy Agents to These Computers box
+
+> **NOTE:** Multiple computers can be selected and moved to the Deploy Agents to These Computers
+> box. Checking a top-level node automatically selects all child objects.
+
+## Add From File Tab
+
+Click the Add From File tab.
+
+![Deploy Agents wizard – Select Computers page: Add from File tab](/img/versioned_docs/threatprevention_7.4/threatprevention/admin/agents/deploy/addfromfile.webp)
+
+You can import a text file with a list of computer names or IP addresses with carriage returns, or a
+CSV file with comma-separated values.
+
+- Text File to Read – Click Open to browse and select the required file. The box displays the path
+  to the file.
+- List of Hosts/IP Addresses – Populates with computers from the text/CSV file
+- Add (>) button – Adds the selected computer(s) to the Deploy Agents to These Computers box
+
+Once the list in the Deploy Agents to These Computers box is complete, you can continue through the
+wizard to deploy the Agent. See the
+[Set Options Window ](/docs/threatprevention/7.4/admin/agents/deploy/setoptions.md)topic
+for the next step.

docs/threatprevention/7.4/admin/agents/deploy/selectcomputers.md

@@ -0,0 +1,109 @@
+# Set Options Window
+
+The Deploy Agents wizard's Set Options window is the second in a sequence of four windows to deploy
+the Agent on a computer.
+
+On the Set Options window, you can manage Agent settings, such as credentials, Enterprise Manager
+information, modules, DNS host name resolution, and safe mode.
+
+![Deploy Agents wizard - Set Options page](/img/versioned_docs/threatprevention_7.4/threatprevention/admin/agents/deploy/setoptions.webp)
+
+The Set Options window provides the following options:
+
+- Use These Credentials – Credentials to be used to deploy the Agent on the selected computers
+    - Username – Must be in the DOMAIN\Username format
+    - Password – Username password
+- Enterprise Manager – IP address/name and port where the Enterprise Manager is located
+- Modules to Install – Select the check boxes for the modules to be installed on the selected
+  computers:
+    - Windows AD Events – Installs the Threat Prevention for Active Directory Solution and Threat
+      Prevention for LDAP Solution
+    - Windows File System – Installs the Threat Prevention for File System Solution
+    - Exchange Server Monitoring – Installs the Threat Prevention for Exchange Solution
+    - Windows Event Logs – Deprecated functionality for v7.0+ Agents
+- Agent Service
+
+    - Safe Mode – The Agent checks LSASS versions on start up. Any changes in LSASS since the
+      previous start prevents the AD Events monitoring module from loading. See the
+      [Agent Safe Mode](/docs/threatprevention/7.4/admin/agents/safemode.md)
+      topic for additional information.
+    - Use local Pwned hash DB – A local copy of the Pwned hash database is sent to the Agent after
+      installation from the Enterprise Manager. Any updates to the database are sent from the
+      Enterprise Manager to the Agent(s) as long as the Agent service is enabled.
+    - Start Agent Service – Starts the Threat Prevention Agent service on host after installation
+
+        **NOTE:** If the Agent Service is not started at the time of deployment, the Agent requires
+        a manual start or will be started automatically after a server reboot. Until the Agent is
+        started, no activity is monitored or blocked.
+
+- Create Windows Firewall Rules – Creates firewall rules on the selected computers for Agent
+  communication
+- Install to default location – Installs the Agent on the machine to the default location or a
+  specified location.
+
+![Deploy Agents wizard – Set Options page: Agent Install Path box](/img/versioned_docs/threatprevention_7.4/threatprevention/admin/agents/deploy/installpath.webp)
+
+If checked, the Agent is installed to the default location: ...\Netwrix\Netwrix Threat
+Prevention\SIWindowsAgent
+
+If unchecked, specify the desired installation location, e.g. d:\myagent.
+
+The installation location applies to all computers where the Agent is being deployed in this session
+(as specified on the
+[Select Computers Window](/docs/threatprevention/7.4/admin/agents/deploy/selectcomputers.md)
+of the Deploy Agents wizard). Once these settings are configured as desired, the Agent is ready for
+deployment on the selected machines. See the
+[Prerequisites Check Window](/docs/threatprevention/7.4/admin/agents/deploy/prerequisitescheck.md)
+topic for the next step.
+
+##### DNS Host Name Resolution
+
+The Agent is configured to “Enable DNS Host Name Resolution” by default during deployment. Depending
+on the event type, the Agent may see some but not all of the following information:
+
+- NetBIOS name
+- Fully Qualified Domain Name
+- IP Address
+
+This information is stored in the SIWindowsAgent.exe.confg file as XML tags/values in the folder the
+Agent is installed to. When the Agent Service starts, it reads this file.
+
+When the Enable DNS Host Name Resolution option is enabled, the Agent looks up the missing data. Raw
+events may have one or more of following: SID, domain name, NetBiosName, machine name, and IP
+address. When any one of these data points is available, Threat Prevention uses Windows DNS, if
+enabled, to collect the missing data points for the raw event from LSASS. This provides more uniform
+data, but may have a performance impact on the machine where the Agent is deployed, especially if
+name resolution is not handled locally by that machine.
+
+## Set Options Window for Update Agent Settings
+
+On the Agents interface, when you open the Set Options window through the Update Agent Settings
+option on the
+[Right-Click Menu](/docs/threatprevention/7.4/admin/agents/overview.md#right-click-menu),
+the window appears as follows:
+
+![Update Agent Settings > Set Options page](/img/versioned_docs/threatprevention_7.4/threatprevention/admin/agents/deploy/updatesetoptions.webp)
+
+This window displays the default selections in the Modules to Set and Additional Options areas; they
+do not represent the actual current state of the Agent.
+
+**NOTE:** To view the current state and configured options for an Agent, hover over the Version
+String column on the
+[Agents Interface](/docs/threatprevention/7.4/admin/agents/overview.md)
+data grid for the tool tip. The AD Agent column indicates the Agent’s mode.
+
+This Set Options window is the same as discussed above, with the exception of the following:
+
+- Enable DNS Host Name Resolution – See the
+  [DNS Host Name Resolution ](#dns-host-name-resolution)topic for information. Even when this option
+  is enabled for the Agent, it is displayed as unchecked. You must either check this setting or
+  check the Keep Existing Settings checkbox to keep it enabled for the Agent.
+- Keep Existing Settings – When checked, options in the Modules to Set and Additional Options areas
+  are grayed out and cannot be changed, indicating that the same current settings are retained for
+  the Agent.
+
+    This setting has no impact on the Use These Credentials and Enterprise Manager areas.
+
+**CAUTION:** Make sure you select the desired settings for the Agent on this window, such as the
+Enable DNS Host Name Resolution and Safe Mode options, even when they are currently enabled for the
+Agent. Leaving them unchecked will disable those settings when the wizard completes.