NetLock RMMNetLock RMM Docs
III — How-To Guides

Deploy your first agent

Generate an installer and install the agent on a Windows, Linux, or macOS device.

Deploy your first agent

This guide takes you from a clean device to a running NetLock RMM agent that has reported in for the first time. It covers only the installer build and the installation itself. The follow-up — approving the pending device and giving it a label — is in Guide H.2. For an end-to-end walk-through with tenant creation and policy assignment, see the First-Run Walkthrough.

Agent Download wizard on the platform-and-architecture step

Before you start

  • A tenant, location, and group already exist to receive the agent. If they don't, do Guide H.3 first.
  • You have administrator or root access on the target device.
  • The target device can reach the Console's communication and remote servers over the network.
  • Required permission: devices_enabled, plus whatever your deployment uses to open the Agent Download dialog (typically exposed alongside the Devices menu).

Steps

  1. In the Console, open Devices from the navigation and launch the Agent Download dialog. On a fresh deployment the same dialog is available from the Setup Wizard on the Dashboard.
  2. Work through the five-step wizard:
    1. Configuration name — a label for this installer build.
    2. Deployment method — pick the target tenant, location, and group.
    3. Target server — select the communication, remote, update, trust, file, and relay servers the agent will talk to.
    4. Authorization — choose whether the agent is pre-authorized or lands in the pending queue for admin approval. For a first agent, pending approval is safer.
    5. Platform and architecture — choose one of win-x64, win-arm64, linux-x64, linux-arm64, osx-x64, osx-arm64. Pick either the Standard Installer (console, silent-capable) or the GUI Installer (graphical).
  3. Click the build action. The Console packages a binary with the embedded configuration into a .zip and returns a download link.
  4. Optionally download the matching install script — Install-NetLockAgent.ps1 for Windows, Install-NetLockAgent.sh for Linux or macOS — if you prefer a scripted install over running the binary directly.
  5. Copy the .zip to the target device and run the installer with the commands below.

Windows (PowerShell, elevated):

Expand-Archive .\NetLockAgent.zip -DestinationPath .\NetLockAgent
.\NetLockAgent\NetLock_RMM_Agent_Installer.exe

For silent deployment via GPO, Intune, or Ansible, add flags:

.\NetLock_RMM_Agent_Installer.exe --hidden --no-log
  • --hidden / -h — hide the console window (Windows only).
  • --no-log / --nolog — delete installer logs after completion.
  • --temp <path> / -t <path> — use a custom temporary directory for the install.

Linux / macOS (Bash, with sudo):

unzip NetLockAgent.zip -d NetLockAgent
chmod +x NetLockAgent/NetLock_RMM_Agent_Installer
sudo ./NetLockAgent/NetLock_RMM_Agent_Installer

With no arguments the installer uses its embedded configuration. For manual re-configuration or repair it also accepts positional modes: clean "<path-to-server_config.json>" runs a fresh install with an external config, fix "<path>" repairs an existing install while preserving its server config, and uninstall removes the agent.

Warning: Treat agent installers like secrets. The server configuration is embedded inside the binary, so anyone with the .zip can register a new device into the configured group. Rotate the installer if it leaves trusted hands.

Verify it worked

  • The installer reports success and exits without an error code.
  • The agent is registered as a Windows service, a systemd unit on Linux, or a LaunchDaemon on macOS, and is running.
  • Within a minute or two the device appears in the Console — in Unauthorized Devices (pending approval), or in Devices directly if you chose pre-authorization in step 4 of the wizard.

Troubleshooting

  • Device never appears. Confirm the target device can reach the configured communication server from its network. A curl or Test-NetConnection against the server address from the device is the fastest check. See Troubleshooting for deeper diagnostics.
  • Installer fails with permission errors. Re-run as Administrator (Windows) or sudo (Linux / macOS). The installer registers a service, which requires elevation on every supported OS.
  • The device appears in the wrong tenant or group. The Agent Download wizard embeds the targeting inside the binary. Rebuild the installer and re-run it with clean "<new-server_config.json>" to reconfigure in place.
  • Installer fails on a Linux NAS or appliance distro. Some Linux distributions — notably those on NAS systems such as Synology — restrict or block execution from the default temporary directory. The installer cannot stage its files there and fails early. Re-run the installer with --temp <path> / -t <path> pointing at a directory the system permits execution from (a path on a regular data volume, for example), then retry.

Community

Where to find Community Scripts, Community Reports, and Community Themes — and how deployment-level Members Portal authentication works.

Approve and label a new device

Move a pending agent into the authorised inventory and give it a meaningful label.

On this page

Deploy your first agentBefore you startStepsVerify it workedTroubleshootingRelated