This guide provides a comprehensive method for creating a Windows golden image that includes the Atera Agent pre-installed and ready for deployment.
When properly configured, this allows you to rapidly provision new devices from a prebuilt image without creating duplicate agents in your Atera dashboard.
Note: The recommended PowerShell Identity Reset method applies to Atera Agent version 2.5.12.0 and later. For agents older than 2.0, use the legacy Registry Key method documented further down in this article.
Install the Atera Agent on the Template VM
In the Atera Console, click Install Agent at the top right and select the following:
Operating System: Windows
Site or Customer: Choose the appropriate one
Folder: (Optional)
Install the agent on your template (base) VM and wait for the setup to complete.
Prepare the Agent for Golden Image Deployment
Choose the method that matches your installed agent version.
PowerShell Identity Reset (Recommended — Agent v2.5.12.0 and later)
Starting with Agent v2.5.12.0, golden image preparation has been simplified:
- The script no longer requires execution as the LocalSystem account.
- There is no longer a need to configure first boot behavior or ensure network connectivity at first boot.
- Deployment flow is now similar to the legacy v1 agent.
Steps:
- Open PowerShell ISE as Administrator.
- Paste and run the following script:
<#
.SYNOPSIS
Resets the Atera Agent identity so it re-registers as a new device on next start.
.DESCRIPTION
Stops the AteraAgent service and related processes, then clears the agent's local
identity by removing the AgentId from the settings file, deleting the settings
backup file, removing the ATERA Networks registry key, and cleaning up cached
.txt and .cch files under the agent's packages folder.
.NOTES
Must be run as Administrator.
The agent will re-register with Atera on next service start.
#>
# Requires -RunAsAdministrator
function Stop-AgentService {
param ([string]$ServiceName)
Disable-ScheduledTask -TaskName "AteraAgentServiceWatchdog" -ErrorAction SilentlyContinue | Out-Null
if (Get-Service -Name $ServiceName -ErrorAction SilentlyContinue) {
Stop-Service -Name $ServiceName -Force -ErrorAction SilentlyContinue
}
$Processes = "AteraAgent.exe", "AgentPackageMonitoring.exe", "AgentPackageInformation.exe"
foreach ($Process in $Processes){ Stop-Process -Name $Process -Force -ErrorAction Ignore }
Write-Output "Agent service and processes stopped."
}
function Clear-AgentIdentity {
param ([string]$AgentFolderPath)
$JsonFilePath = Join-Path $AgentFolderPath ".settings.json"
if (-Not (Test-Path $JsonFilePath)) {
throw "JSON settings file not found at '$JsonFilePath'"
}
Set-AgentFileWriteDeletePermission -FilePath $JsonFilePath
$json = Get-Content -Path $JsonFilePath -Raw | ConvertFrom-Json
if ($json.PSObject.Properties.Name -contains 'AgentId') {
$json.PSObject.Properties.Remove('AgentId')
$json | ConvertTo-Json -Depth 10 | Set-Content -Path $JsonFilePath -Encoding UTF8
Write-Output "Removed 'AgentId' from agent settings file."
} else {
Write-Output "'AgentId' not found in settings file, nothing to do."
}
$BackupSettingsPath = Join-Path $AgentFolderPath ".settings.backup.json"
if (Test-Path $BackupSettingsPath) {
Set-AgentFileWriteDeletePermission -FilePath $BackupSettingsPath
Remove-Item -Path $BackupSettingsPath -Force -ErrorAction SilentlyContinue
Write-Output "Removed backup settings file '$BackupSettingsPath'."
}
$AteraRegistryKey = "HKLM:\SOFTWARE\ATERA Networks"
if (Test-Path $AteraRegistryKey) {
Remove-Item -Path $AteraRegistryKey -Recurse -Force -ErrorAction SilentlyContinue
Write-Output "Removed registry key '$AteraRegistryKey'."
}
$PackagesFolderPath = Join-Path $AgentFolderPath "packages"
if (Test-Path $PackagesFolderPath) {
Get-ChildItem -Path $PackagesFolderPath -Recurse -Include *.txt, *.cch -File -ErrorAction SilentlyContinue |
Remove-Item -Force -ErrorAction SilentlyContinue
Write-Output "Removed .txt and .cch files under '$PackagesFolderPath'."
}
foreach ($SubFolder in @("certificates", "data")) {
$SubFolderPath = Join-Path $AgentFolderPath $SubFolder
if (Test-Path $SubFolderPath) {
Remove-Item -Path $SubFolderPath -Recurse -Force -ErrorAction SilentlyContinue
Write-Output "Removed folder '$SubFolderPath'."
}
}
}
function Set-AgentFileWriteDeletePermission {
param ([string]$FilePath)
icacls $FilePath /grant "Administrators:(M,D)" | Out-Null
}
### MAIN ###
$AgentServiceName = "AteraAgent"
$AgentFolderPath = Join-Path ${env:ProgramW6432} "ATERA Networks\AteraAgent\Agent"
Stop-AgentService -ServiceName $AgentServiceName
Clear-AgentIdentity -AgentFolderPath $AgentFolderPath- Once the script completes, do not restart the Atera Agent service.
- Shut down the template machine, capture it as your golden image, and deploy to new systems as needed.
Each deployed system will automatically generate a new Agent ID, register as a unique device in Atera, and appear in your dashboard within ~5 minutes of first boot.
Registry Key Method (Legacy — Agent versions older than 2.0)
This method applies only to Atera Agent versions older than 2.0.
When the Atera Agent is installed, it creates several registry keys in:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ATERA Networks\AlphaAgentThe most important key is AgentId. When the agent is installed, it generates a unique Agent ID that identifies the device within the Atera platform. If you clone or deploy an image that already contains this AgentId, all the cloned machines will appear as duplicate devices under the same entry in Atera. To prevent this, you must clear or reset the agent identity before capturing your image.
To safely clone the machine:
Delete all Atera Agent registry keys except IntegratorLogin. These keys can be deleted manually:
Or by running the following commands in an elevated CMD prompt:
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\ATERA Networks\AlphaAgent" /f /v AgentId REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\ATERA Networks\AlphaAgent" /f /v AccountId REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\ATERA Networks\AlphaAgent" /f /v CompanyId REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\ATERA Networks\AlphaAgent" /f /v DisableRemote REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\ATERA Networks\AlphaAgent" /f /v ServerName
Once the keys are deleted and you have created the cloned image, restart the AteraAgent service either manually from services.msc or by running:
sc stop AteraAgent && sc start AteraAgent
Note: It is very important to create the golden image before restarting the AteraAgent service. Deleting the agent's registry keys prior to creating the image is what prevents duplicated devices from being created in the Atera console.
Troubleshooting Cloned Devices
If cloned devices appear as duplicates or report under the same agent:
- Open Device > Manage > Command Prompt from Atera.
- Run:
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\ATERA Networks\AlphaAgent" /f /v AgentId
- Restart the Atera Agent service via Device > Manage > Service Manager, or run:
sc stop AteraAgent && sc start AteraAgent
After this, the device should re-register with a unique identity. Allow a few minutes for it to appear correctly in your Atera dashboard.
