Product documentation
uberAgent
Current Release (7.4.0) 7.3.1 7.3.0 7.2.1 7.2.0 7.1.2 7.1.1 7.1.0
View PDF

Installing the Windows Endpoint Agent

April 28, 2025
Contributed by: 
C

Introduction

The uberAgent Windows Endpoint Agent can be installed in two primary ways:

  • Standalone Installation: This installation is independent of Citrix Virtual Apps and Desktops and offers multiple methods for deployment, including manual installation, installation through software deployment tools, and deployment through Splunk Deployment Server.
  • Installation via Citrix Virtual Apps and Desktops: Since uberAgent 7.4 and Citrix Virtual Apps and Desktops (CVAD) 2503, uberAgent can be installed as part of the CVAD installation, allowing centralized management through Citrix Studio or Citrix Web Studio.

Note

Starting with uberAgent 7.2.1, the service does not start automatically after installation. Update your deployment procedures to include a manual service start if required.

Security Considerations

uberAgent configuration files are stored and cached in the %ProgramData% directory. Securing this directory with appropriate Access Control Lists (ACLs) is essential to prevent privilege escalation or misuse. Starting with version 7.0.2, the installer automatically applies secure permissions by default.

  • Administrators: Full Control
  • SYSTEM: Full Control
  • Users: No Access

Users must not have read access to the configuration directory as it may contain sensitive information like backend credentials.

Custom Scripts

Custom scripts that need to be executed in the user context can be securely managed in two ways:

  1. Assign read permissions to individual scripts without exposing the entire configuration directory.
  2. Place the scripts in a separate folder with appropriate permissions, containing only scripts that need execution from the user context.

Automatic Security Configuration

The following MSI parameters control automatic security settings:

  • PROGRAMDATA_CONFIGDIR_RESETPERMISSIONS (default: 1): Ensures secure permissions are applied.
  • PROGRAMDATA_CONFIGDIR_DELETEFILES (default: 1): Deletes existing configuration files during installation.

For Citrix Virtual Apps and Desktops installations:

  • Initial Installation: Both parameters are set to 1 to apply secure permissions and remove existing configurations.
  • Updates: The PROGRAMDATA_CONFIGDIR_DELETEFILES parameter is disabled (0) to preserve existing configurations.

Note

When deploying configuration files, ensure that secure ACLs are applied to the directory and remain intact throughout the process. Neglecting this step could compromise security and allow unintended access to the configuration files.

Standalone Installation

Download Installer

Download the latest uberAgent standalone release from Citrix Observability - uberAgent Product Software and unzip the content. The installer can be found in the uberAgent_endpoint\bin directory:

  • 32-bit Systems: uberAgent-32.msi
  • 64-bit Systems: uberAgent-64.msi

MSI Parameters

INSTALLDIR
  • Required: no
  • Default: %ProgramFiles%\Citrix\uberAgent
  • Description: installation directory
  • Valid values: any local file system path
PROGRAMDATA_CONFIGDIR_RESETPERMISSIONS
  • Required: no
  • Default: 1
  • Description: Set secure permissions on uberAgent’s ProgramData directory (%ProgramData%\vast limits\uberAgent).

  • Valid values:

    • 0: disabled
    • 1: enabled
PROGRAMDATA_CONFIGDIR_DELETEFILES
  • Required: no
  • Default: 1
  • Description: Delete existing config files in uberAgent’s ProgramData directory (%ProgramData%\vast limits\uberAgent). Disable this setting only if you’re removing potentially malicious existing config files as part of your own deployment package logic.

  • Valid values:

    • 0: disabled
    • 1: enabled

Manual Installation

  1. Install the appropriate MSI file from the directory uberAgent_endpoint\bin depending on the bitness of your machine: uberAgent-32.msi or uberAgent-64.msi.
  2. If you have a license file for uberAgent, copy it to the installation directory (default: %ProgramFiles%\Citrix\uberAgent). uberAgent does not start without a license file. Please see the uberAgent licensing guide for more details.
  3. Configure uberAgent as needed; see the Configuration Options section for details.
  4. Start the uberAgent service.

Installation Through a Software Deployment Tool

  1. Install the appropriate MSI file from the directory uberAgent_endpoint\bin depending on the bitness of your machine: uberAgent-32.msi or uberAgent-64.msi.
  1. Distribute the license file and configuration templates as part of your deployment package. uberAgent does not start without a license file. Please see the uberAgent licensing guide for more details.
  2. Optional: The uberAgent service does not start automatically after installation, so a service start step may be included.

Installation Through Splunk Deployment Server

Note:

Deployment Server can only be used with Splunk Enterprise and requires Splunk Universal Forwarder on the endpoint as a deployment client.

uberAgent

Copy the directory uberAgent_endpoint from the unzipped uberAgent download package to $SPLUNK_HOME\etc\deployment-apps on your deployment server.

Note: $SPLUNK_HOME refers to the base directory of the Splunk installation, typically C:\Program Files\Splunk.

Configuration

To deploy a customized configuration file, copy it into the directory $SPLUNK_HOME\etc\deployment-apps\uberAgent_endpoint\bin. This overwrites the default configuration file from the installation package.

License File

If you have a license file for uberAgent, copy it into the directory $SPLUNK_HOME\etc\deployment-apps\uberAgent_endpoint\bin.

Serverclass

Create a file called serverclass.conf in $SPLUNK_HOME\etc\system\local on your deployment server. Serverclass.conf defines what to deploy where. For a quick start, paste the following content into serverclass.conf to deploy uberAgent to all Windows machines. You may want to fine-tune this to suit your needs.

# [global]
# We cannot match by machine type here. We'll do that on the app level below.
whitelist.0 = *

# Define a serverclass
[serverClass:windows]
# Deploy only to Windows machines
machineTypesFilter = windows-*

# Define which apps to deploy to the serverclass
[serverClass:windows:app:uberAgent_endpoint]
stateOnClient = enabled
restartSplunkd = true
<!--NeedCopy-->

To make Splunk read the new file serverclass.conf, run the following command:

$SPLUNK_HOME\splunk.exe reload deploy-server
<!--NeedCopy-->

Installation via Citrix Virtual Apps and Desktops

Since uberAgent 7.4 and Citrix Virtual Apps and Desktops 2503, uberAgent can be installed and updated as part of the Citrix VDA installation.

Note

To install and update uberAgent using the Citrix Virtual Apps and Desktops (CVAD) installation, you must first uninstall all existing uberAgent installations and then reinstall them using the CVAD installation.

Installation Steps

  1. Start the Citrix Virtual Apps and Desktops installation.
  2. In the Optional Software step, ensure that Citrix uberAgent is selected.
  3. Configure uberAgent as needed; see the Configuration Options section for details.
  4. Enable uberAgent Data Collection in Citrix Studio or Web Studio.
  5. Start the uberAgent service.

Note:

By default, the uberAgent Data Collection policy is disabled. uberAgent will run in idle mode until the policy is enabled.

uberAgent Director Integration

When uberAgent is installed as part of the Citrix Virtual Apps and Desktops installation, you only need to enable the uberAgent Data Collection policy. Everything else works seamlessly.

For more information, please refer to the Director documentation.

Citrix Site Monitoring

uberAgent supports Citrix Site Monitoring in both standalone mode and Citrix Virtual Apps and Desktops installations.

If some or all of your endpoints are running the Citrix Virtual Apps and Desktops (CVAD) VDA, you should install uberAgent on the Citrix delivery controller(s), too. Please see this page for details.

Imaging & Citrix PVS

If you intend to copy the agent installation via an imaging method or Citrix PVS, we recommend you remove instance-specific information. To do that, follow these steps right before capturing the image:

  • Stop the service uberAgent (but leave the start type at automatic).
  • Open an administrative command prompt.
  • Run the command: reg delete "HKLM\SOFTWARE\vast limits\uberAgent" /f /reg:64.
  • Optionally: delete existing log files.
  • Optionally: delete existing Persistent Output Queue files/folders.
  • Prepare the machine for cloning as necessary, but do not reboot.

If you have Splunk Universal Forwarder installed, please follow the steps listed here, too.

Endpoint to Backend Communication via Splunk Universal Forwarder

Note: This is optional and not required for the recommended architecture.

If you decide to implement the alternative endpoint to backend communication path via Splunk Universal Forwarder, you need to install Universal Forwarder on each endpoint.

Installing the Windows Endpoint Agent
April 28, 2025
Contributed by: 
C
April 28, 2025
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.