Elastic Installation Guide
Ideal agent version: 9.3.4
Agents should be a part of the Texas A&M University System stack. You can reach out to get the install information for the System's stack here:
Installation
The TAMU System team maintains scripts for installing the Elastic agent and connecting to their stack. Please refer to the instructions and details provided by the System after making a request at the link above. For Windows devices, Endpoint Security maintains a wrapper script that can be paired with the System script for deployment through management systems such as Configuration Manager and Intune at tamu-edu/Elastic-Deployment.
We have archived the previous instructions for the manual installation of Elastic at Legacy Elastic Installation Guide, however, the System-provided scripts should be used instead.
More Info
For questions regarding historical installations, you may contact endpoint-security@tamu.edu. For all new requests for the TAMUS stack, please use the ticketing portal linked in the "Notice" section at the top of this page.
Considerations for Golden Images
Elastic can be set to delay its enroll until after a 'reboot'. You should do this as the last operation performed on a host before turning it off and taking the golden image. If this command is not used, then multiple hosts may be talking to our stack while appearing to be a single host.
Append the flag --delay-enroll to your install command.
Considerations for 'Legacy' Operating Systems
Elastic notes that they will remove support for an Operating System six months after it hits End of Life. Elastic Agent support and Elastic Defend support statuses can be found at Support Matrix | Elastic.
Usage
This product should be treated like it is a managed piece of software. It is not something that a team should worry about getting access to. The System and the Security Operations team will respond to any issues. Additionally updating will be handled remotely.
Troubleshooting
- You must install the agent with administrative rights.
- A 401 Error returned by the installer likely means that you have a wrong enrollment token.
Windows Permissions Issues
After running C:\"Program Files"\Elastic\Agent\elastic-agent.exe status and seeing something that indicates a failure with exit status 284 like:
status: (FAILED) failed install endpoint service: 2025-06-27 18:05:45: debug: File.cpp:453 Removing [C:\Program Files\Elastic\Agent\data\elastic-agent-9.3.4-52ce20\components\previous\elastic-endpoint.exe]: exit status 284
This is indicative of a permissions issue that the Elastic Agent cannot resolve automatically.
Fix
This issue should be fixed by running the following command to fix the permissions issue of the directory structure:
icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l
Be sure to run this as an administrator!
Management Tools
Installation of Elastic is most easily achieved with a centralized management tool that can execute commands/scripts remotely.
Unified Mac hosts will not have to worry about the extra system configuration settings as the Jamf team will be able to make changes to those system settings.
Questions
For questions you may contact endpoint-security@tamu.edu. Concerns with System controlled endpoints should be addressed with the System.