The Windows connection manager allows you to scan (additional) nodes agentlessly using WinRM and remote PowerShell. In essence, it is a connection proxy that provides for a single point of management, configuration, logging and updating. A single connection manager can scan several thousand remote nodes using WinRM.

System Requirements

  • A Windows virtual machine to install the connection manager. Recommended specs: Windows 2012, 8GB, 4 Core.
  • .NET framework version 4.5.2 or higher
  • Microsoft Visual C++ 2015 Redistributable package (for Windows CM v4.19.0 and higher) - linked on UpGuard Download Site
  • PowerShell (Windows Management Framework) version 3 or higher installed on both the connection manager and the target nodes.
  • WinRM to be enabled in your environment. Each target node that you wish to scan agentlessly will need to have port 5985/5986 exposed for the connection manager.

Creating a Connection Manager Group

Connection manager groups help you logically organize connection managers and a connection manager group can include one or more connection managers of the same type.

  1. To configure the UpGuard website to communicate with a connection manager click the Discover button on the top toolbar and choose Connection Managers.

  2. Click the Add Group button on the left bar. You will see the following screen:


  3. Give the Connection Manager group a unique name that makes sense to you.

  4. Click the green Add Group button and you will be given an API Key. Copy the key as you will need this during the Windows connection manager installer setup.


Windows Domains

To ease with setup and node scanning, it is highly recommended that a Windows connection manager is installed and registered with the UpGuard appliance for each domain in your environment. These connection managers can be a part of the same connection manager group or different groups corresponding to the different domains in your environment.

Connection managers attempting to issue WinRM requests to machines in a different domain will need to have a TrustedHosts rule configured.

Downloading and Installing

  1. Download and install the latest Windows connection manager to the provisioned virtual machine.
  2. You will be prompted during the installation process for a “Group API Key”. Paste in the key generated for you in step 2. “Creating a Connection Manager Group” (see above).
  3. Review “Target URL” and “Configuration Directory” options. If you have installed UpGuard on-prem, you will need to change the “Target URL” to point at your appliance URL.
  4. Click next to continue. The connection manager will proceed with the installation process and will attempt to register against the “Target URL” with the “Group API Key” you provided.

Installation Verification

If the connection manager has been successfully installed and registered, you will see the connection manager be listed in the connection manager group that you created earlier. This connection manager group can now be used when adding additional nodes to UpGuard.

Registration Failed

The connection manager registration process (a step of the installation process) will fail if a self-signed certificate is detected on the UpGuard website (target URL). This is a security mechanism that prevents the connection manager from being vulnerable to man-in-the-middle attacks. Please contact to speak to a customer success engineer who can guide you through an alternative installation process.

After Installation

To successfully scan remote systems, the UpGuard connection manager service needs to be configured to run as a service user.

  1. Open the Services management snap-in as an Administrator and locate the UpGuard service in the list.
  2. Right-click the UpGuard service and select ‘Properties.’
  3. Switch to the Log On tab.
  4. Input the credentials for the service user and click ‘OK.’
  5. Restart the UpGuard service.


You can update the UpGuard connection manager by installing a new version right over the top of an existing install.

  1. Visit our downloads page to obtain the latest installer.
  2. New versions of the UpGuard connection manager can then be installed in-place.


The UpGuard connection manager can be uninstalled either through “Add/Remove Programs” or via the “UpGuard Uninstaller” link located in the install directory. By default this is C:\Program Files (x86)\UpGuard.

Additional Help

Adjusting Settings When Adding Connection Managers via Command Line


You can adjust the Settings for Connection Managers via appending the following to

upguard -r --target_url=<URL> --api_key=<KEY>

Enable Debug Mode:


Disable Debug Mode:


Change Timeout Settings when Adding New CMs


30 seconds is the default timeout; change number to the desired amount in seconds.