Online Help

Tutorial: Deploy an Audit Agent on a Windows Endpoint

In this tutorial, we will install an Audit Agent on a Windows endpoint and verify that the endpoint shows up in your Site Inventory as audited via agent. Along the way you will encounter the Audit agents deploy page, the agent installer, and the Audit agents list in the Admin Center.

By the end, you will have an Audit Agent running on a Windows machine, registered to your Site, and visible in Inventory with a fresh audit snapshot.

Before you begin

  • You have an AlloyScan account with the Administrator role on a Site.
  • The target Windows endpoint runs Windows 10 or later, or Windows Server 2016 or later.
  • The endpoint can reach AlloyScan over outbound TCP 443 (HTTPS). No inbound firewall rules are required.
  • You can copy a file to the endpoint and run it with sufficient rights to install a service.

Note: This tutorial uses Windows. For other platforms, see the Related section at the end of this page — Audit Agents are also available for macOS and Linux.

Step 1 — Open the Audit agents deploy page

We will start by finding the agent installer.

  1. From the left sidebar, navigate to Network.
  2. In the Network area, click Audit agents. You should now see a 2-step page titled Audit agents with Step 1 — Installing the audit agent at the top.

Notice the three download rows — Windows, macOS, and Linux — each with an installer download button and a copy-link icon for the installation URL.

Step 2 — Download the Windows installer

We will download the installer onto the endpoint.

  1. Decide where you will run the installer:
    • If you are working directly on the endpoint, click Download audit agent for Windows in the browser on the endpoint.
    • If you are working from your administration workstation, click the copy-link icon next to the Windows row, then paste the link into a browser on the endpoint, or copy the downloaded installer file to the endpoint by your usual file-transfer method.

You should now have the agent installer on the endpoint.

Step 3 — Install the agent on the endpoint

We will now run the installer.

  1. On the endpoint, run the installer with sufficient rights to install a Windows service.
  2. Allow the installer to complete. It registers the agent with your AlloyScan instance and starts the Audit Agent service.

You should now have an Audit Agent running on the endpoint and reaching back to AlloyScan over HTTPS.

Note: The agent supports automatic updates per the public documentation; you do not need to redeploy it for routine version bumps.

Step 4 — Verify the agent in the Admin Center

We will check that AlloyScan has registered the agent.

  1. From the left sidebar, navigate to Admin Center.
  2. Open the Site Settings tab.
  3. Go to Tasks and services > Audit agents. You should now see a row for your endpoint in the Audit agents list.

Note: The agent submits its first audit within 10–15 minutes of installation. If it does not appear within that window, verify outbound TCP 443 reachability from the endpoint and check the installer logs.

Step 5 — Verify the device in Inventory

We will confirm the audited device shows up with a fresh snapshot.

  1. From the left sidebar, navigate to Inventory.
  2. Open Computers > Windows computers.
  3. Locate the row for the endpoint and click its name.

You should now see the device form. Open the Audit tab and confirm that:

  • The Audit ID is populated with a UUID.
  • The Audit date matches the recent agent submission.
  • The Audit source identifies the snapshot's origin.

Notice that an agent-audited computer can also pick up an automatic tag if your Site enables the Audit Agent auto tag option.

What you have accomplished

You have an Audit Agent installed on a Windows endpoint, registered to your Site, and a fresh audit snapshot in your Inventory. From here, you can: