TechIDAgent.Windows Setup

by

This document outlines how to set up the TechIDAgent.Windows, which runs on each domain controller, or a standalone workstation, to create and manage identities for technicians.

Note: TechIDAgent should only be installed on one domain controller in a domain, typically the primary DC.

 

Definitions:

Target Machine – Domain Controller, or a machine, where identities will be managed

Client ID – Guid assigned by RuffianSoftware in the form XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX where X is an alphanumeric character.

If you don’t have one, Request a Client ID. Use the same Client ID for all TechIDAgent, TechIDAgent.EntraID, or TechIDClient installations.

TechIDAgent.zip – Downloadable archive from Ruffian Software containing all required executables.

Install Folder – Directory on the Target Machine where the domain service files reside (default: C:\Program Files\RuffianSoftware)

Steps:

Copy and Extract Files 
  Copy TechIDAgent.zip to the Install Folder on the Target Machine.
  Extract its contents.
Run Installation Command
  From an administrative command line in the Install Folder, run:
  TechIDAgent.exe install
TechIDAgent.exe clientguid {ClientID}
TechIDAgent.exe start
 
  • Omit the curly braces {} in the actual command.
  • Replace {ClientID} with your assigned GUID (you use the same ClientID for all installs).
  • You can rerun the command at any time to modify options.
  • This can be scripted from most RMMs also.
Successful Installation
  The command should complete with a success message.

At this point the domain will be assigned to the “All Domains” domain group in the TechIDPortal and any techs and rights assigned with “All Domains” in a DomainTechRights group will be created.

In general, TechIDAgent.exe is run to set options that are used by the service later when it runs. Options can be set on separate lines to ease scripting and installing. The complete command line help can be seen from the command line with “TechIDAgent.exe help“. 

The options listed on this page are for the most recent version of TechIDAgent.exe. Some older versions don’t support all these options. All options are of the format ABC or XYZ value where ABC is an option to set with no additional parameters and XYZ requires an additional commandline parameter value. See “start” and “clientguid” above. 

  • AccountDescription value – Specify the format used to set the Account Description in AD for managed tech accounts (use “reset” to return to default value) https://ruffiansoftware.com/username-displayname-accountdescription-feature-in-techidagent-piece-of-techidmanager/
  • AgentGroup value – (version 5.0 and newer) Specify the AgentGroup name that this Agent should join by default. The AgentGroup must already exist in the TechIDPortal, and the name must be an exact match, otherwise the request is ignored. The use of quotes (“…”) is recommended.
    https://ruffiansoftware.com/techidmanager-guide-agent-group-command-line-edit/
  • AllowLongnames – allow the use of user names with any length (this is the default behavior)
  • AutoLogon – set this computer’s autologon password to this shareduser. This requires a shareduser setup, and is only valid on the commandline after a “shareduser”
  • ClearMsdsSupportedEncryptionTypes – (version 5.0 and newer) don’t set the value for msDSSupportedEncryptionTypes in AD for techs in AD. This is the default.
  • ClientGuid value – Specify the ClientGuid to use when accessing the TechIDPortal
  • Company value – (version 5.0 and newer) Specify the company name for techs in AD. This defaults to the UserNameAddon from the TechIDPortal.
  • DisplayName value – Specify the format used to set the Display Name in AD for managed tech accounts (use “reset” to return to default value) https://ruffiansoftware.com/username-displayname-accountdescription-feature-in-techidagent-piece-of-techidmanager/
  • Domain value – (version 4.073 and newer) Specify the “Alternate UPN Suffix” to use when creating techs’ users. This only needs to be specified if you have alternate UPN suffixes setup on a DC and want to use one of those to create techs’ users. 
  • DomainGuid value – Specify the DomainGuid to use when accessing the TechIDPortal (This is unique to each domain, and should ONLY be set when migrating a domain controller)
  • Email value – Specify the format used to set the phone number in AD for managed tech accounts (use email “{blank}” to not set the email, use email “{Email}” to set the email).  Email value is blank by default.
    https://ruffiansoftware.com/username-displayname-accountdescription-feature-in-techidagent-piece-of-techidmanager/
  • FriendlyName value – Specify a searchable string for use in the TechIDClient that is specific to this domain or machine
  • Force – Run once in this context and exit (for testing only – do not use without explicit direction to do so from Ruffian Software)
  • ForceShortnames – force the use of user names with length no more than 20 character
  • GuaranteedRight value – (version 5.438 and newer) set a right that is always granted to tech’s accounts on this agent. Even when an account is disabled (and all other rights are removed) this right will be assigned. Think about the “Protected Users” AD Group. This can be a single right or a comma separated list of rights. 
  • GUI – show a graphical user interface for setting options
  • HideOnLoginScreen – prevent techs’ local accounts from showing on the windows login screen. If using this option on a non-domain joined machine for local accounts read Login Screen Changes.
  • Host value – specify the address of the TechIDHost if using self-hosted TechIDManager (normally left blank)
  • HourToRun value – 24 hour based hour in which runtime changes passwords (default is 0). This can be a comma separated list of hours to run in (i.e.  “0,9,18” will at midnight, 9 am, and 6 pm). 
  • Install – Install the TechIDAgent service
  • JustInTime – (version 4.0 and newer) make all accounts controlled by this instance be Just-In-Time accounts 
  • Leaf value – (version 5.0 and newer) Specify the leaf that accounts for this Agent will be on. The Leaf must already exist in the TechIDPortal, and the name must be an exact match, otherwise the request is ignored. The use of quotes (“…”) is recommended. https://ruffiansoftware.com/trees-and-leaves-or-leafs/
  • LogLevel value – Specify the loglevel used to 0 (less) to 10 (more)
  • Managed – (version 4.050 and newer) make all the accounts controlled by this instance be managed accounts (this is the default) 
  • OU value – Specify the OU to create tech accounts in the form x.y.z… where x is the top level OU, and y is a child OU of X, and Z is a child OU of Y, etc… (use “reset” to return to default value) https://ruffiansoftware.com/ad-ou-feature-in-techidagent-piece-of-techidmanager/
  • PasswordLength value – override TechIDPortal password length setting for just this domain (range is 8-128) (use “reset” to return to using TechIDPortal value)
  • PasswordWordCount value – (version 5.438 and newer) override the TechIDPortal option on minimum number of words to use to build a word list password (range is 2-20) (use “reset” to return to using management console value)
  • Phone value – Specify the format used to set the phone number in AD for managed tech accounts (use phone “{blank}” to not set the phone number, use phone “{Phone}” to set the phone number).  Phone value is blank by default.
    https://ruffiansoftware.com/username-displayname-accountdescription-feature-in-techidagent-piece-of-techidmanager/
  • RMMName value – Specify a searchable string for use in the TechIDClient that is specific to this domain or machine (This is NOT the name of the RMM used on this machine)
  • RunAfterMiss – If the HourToRun window is missed, then run as soon as the machine is capable.
  • RunInWindow – Only run during the HourToRun window. Don’t run at other times (this is the default). 
  • ServiceName value – when rotating the sharedusername password also stop this service, set this service entries password, and start this service. This requires a shareduser setup, and is only valid on the commandline after a “shareduser”
  • SetMsdsSupportedEncryptionTypes value – (version 5.0 and newer) set the value for msDSSupportedEncryptionTypes in AD for techs in AD.
  • SetTechSecondFactor tech value – (version 6.074 and newer) set the second factor secret for a tech to the given value. This is to allow integration with Duo or any other MFA provider that you want that support TOTP MFA. https://ruffiansoftware.com/settechsecondfactor-tech-value/
  • Show – show all options that are set. 
  • ShowOnLoginScreen – show techs’ local accounts on the windows login screen
  • Start – start the TechIDAgent service(same as “net start TechIDAgent”)
  • Stop – stop the TechIDAgent service(same as “net stop TechIDAgent”)
  • Uninstall – Uninstall the TechIDAgent service
  • Update – shortcut for the commandline: stop uninstall install start. See update documentation for how to do this. 
  • UserName value – Specify the format used to make the UserName for managed tech accounts (use “reset” to return to default value) https://ruffiansoftware.com/username-displayname-accountdescription-feature-in-techidagent-piece-of-techidmanager/
  • UseDefaultPassword – (version 5.438 and newer) use the TechIDPortal options for building passwords
  • UseRandomPassword – (version 5.438 and newer) override the TechIDPortal option and use only random characters to build a password instead of the word list.
  • UseWordListPassword – (version 5.438 and newer) override the TechIDPortal option and use words to build a password instead of fully random passwords 
  • Version – print out the version of this TechIDAgent.exe
  • InstallLAPS – Install TechIDAgent and tell it to only run a shared user setup, and do not run the default unique user setup of TechIDAgent.
  • SharedUser name – Create a shared user setup for TechIDAgent and control the password for the name user. This will show up as an agent with the MachineName\name in the TechIDPortal. All options after this on the command line apply only to this named instance. 
  • Instance name – Create a unique user setup of the TechIDAgent. This can be used to control the username formatting for a subset of techs in a co-managed setup. This will show up as an agent with the MachineName\name in the TechIDPortal. All options after this on the command line apply only to this named instance.
  • RemoveInstance name – Remove the unique user setup with the given name
  • RemoveSharedUser name – Remove the shared user setup with the given name
  • DoNotRun – Cause the current setup (as specified earlier on the commandline) to not run. This leaves all the data intact for the instance and it can be set to run later with “DoRun”.
  • DoRun – Cause the current setup (as specified earlier on the commandline) to be run. This is the default for all setups that are created.

Here is some documentation on the setups/instances and how to use them. https://ruffiansoftware.com/instances-in-techidagent/

Here is some documentation on converting a PAM setup/instance to a shared/LAPS setup/instance. https://ruffiansoftware.com/convert-pam-to-laps/

CONTACT
Call us at 1-864-214-5049
Schedule a Demo at https://ruffiansoftware.com/demo
Email us at: sales@techidmanager.com
Contact Customer Support
Call: 1-864-214-5643
Email: support@techidmanager.com
Quick Links:
How It Works
Pricing
Portal
Install Today
How-To Guides
Get in Touch!

Secure all your technician access across all of your client networks.
Follow Us On IG @techidmanager
Follow US On FB at https://www.facebook.com/TechIDManager/
Follow Us On LI at https://www.linkedin.com/company/techidmanager
Follow Us On YT at https://www.youtube.com/@techidmanager
© 2025 Ruffian Software, INC. All rights reserved. | Privacy Policy | Terms of Service