GEODI can discover and analyze data from many sources without requiring any agents.
However, in cases where:

Network shares are not available
Agentless access is not preferred
There are many distributed endpoints

...the GDE (GEODI Desktop Explorer) agent is recommended.

The GDE agent enables powerful on-endpoint actions, including:

Secure Delete
Quarantine
Classification
Masking

This makes GDE essential for extending GEODI’s reach to remote endpoints while maintaining centralized control and compliance.

Connection Requirements for GDE (GEODI Desktop Explorer)

To deploy and connect GDE agents across multiple clients, the following prerequisites must be met:

🛠️ Deployment Tools & User Permissions

Use tools like ManageEngine, SCCM, or similar for mass deployment
A privileged user account is required for installation
The Project Wizard → Feed Source → GDE Connection section auto-generates all necessary MSI deployment parameters

🔐 Authentication

A GEODI user with feed permissions is required
This user is only needed for generating the connection token

🌐 Network Requirements

Client machines must be able to access the GEODI server
GEODI server must be able to access the clients, and the default port 1982 (customizable) must be open in both directions

📁 Content Scope

Define which directories and file types to be discovered on client machines
Default paths can be adjusted per client in the setup configurations

Supported Platforms → Windows, Linux, MacOS ve Pardus

Ajan güncellemeleri → Windows Clientlar için tamamen otomatik

MSI Link → <geodi_url>/GUI/Agents/GDE/GEODI.DesktopExplorer.MSI → For Windows clients, GDE agents are automatically updated. This link is automatically populated during GEODI Discovery module setup. Windows agents regularly check this location and self-update when a new version is available.

Service Installation → On Windows file servers, the GDE agent can be installed as a Windows Service, enabling continuous background operation for server-side discovery and actions.

Agent Monitoring → Active agents can be tracked via the GDE Agent Monitoring Panel:
🔗 Monitor Active Agents

1 GDE configuration settings
2 Troubleshooting
3 FAQ
4 GDE API
5 Installing GDE as a Windows Service
6 MSI Parameters for ManageEngine and Similar Tools

GDE configuration settings

Settings should be GEODI server <GEODI_APP>/Settings/Geodi.DesktopExplorer folder named default.json. Installed GDEs will automatically retrieve this setting in about an hour.

Any changes will be effective in about an hour. You may change the settings while GEODI is running.
To define different rules for each machine, you may use additional files named
- <ClientIP>.json
- <ClientUserName>.json
- <ClientMachineName>.json.

{
  "FolderList": ["%UserProfile%"],// "*" scan all directory //
  "ExplorerPort": 1982,
  "IgnoreFiles":["*.MP4","*.MOV","*.MP3"],
  "MetaData": {
	"LDAPDN":"=d.CurrentUser!=null?d.CurrentUser.DistinguishedName:null",
	"IP":"=d.ClientIP",
	"ComputerName":"=d.ClientMachineName",
	"UserName":"=d.ClientUserName"
	}
}

Setting Name	Type	Description

Setting Name	Type	Description
FolderList	string[]*	Used to specify the folders to be scanned. Folders can be identified by separating them with ",".Windows, MacOS, and Linux client folders can be used interchangeably. The default directory is `%UserProfile%` ,`\\Users`, `\\Home`(includes documents, downloads, desktops, etc.). Values are case-sensitive. Subdirectories can also be defined as `%UserProfile%\\Desktop`. You can use ["*"] to scan all disks.
ExplorerPort	int	The default is 1982. Alternatively, you may set the port value to 0. Discovery and search will be fine, but GEODI can not open the local files in this case.
EnableLDAP	bool	If a true value is given, LDAP authorizations of the files are also indexed. Default value: false
IgnoreFolders	string[]	List of folders to ignore. * is accepted. Used in combination with the settings under Geodi Settings/IgnoreFolders. Example: `[":\\data","C:\User"]` Default value: null GEODI central file/folder ignore rules always take precedence. The restrictions specified within the settings are applied additionally. By default, to safeguard the network resource, only the name and date of files larger than 100MB are indexed. This limit is set to 500MB for compressed file contents. These values can be modified on the GEODI server.
IgnoreFiles	string[]	List of folders to ignore. * is accepted and used with the settings under Geodi Settings/IgnoreFileTypes. Default value:`[".MP4",".MOV","*.MP3"]` GEODI central file/folder ignore rules always take precedence. The restrictions specified within the settings are applied additionally. By default, to safeguard the network resource, only the name and date of files larger than 100MB are indexed. This limit is set to 500MB for compressed file contents. These values can be modified on the GEODI server.
Metadata		You can define metadata for parsing files from clients. These metadata are specified in the settings file. The values used in the default settings can be seen in the example file. Searching with metadata is done with <metaname>:<value> Example `IP:192.168.1.1` The defined metadata and values will be visible in the GEODI search interface.

Troubleshooting

Check if the client has access to the GEODI Server. GEODI should be accessible through a browser on the client. Enter the GEODI address in a browser on the client; there should be access.
The GEODI server should be accessible from the client's GDE. Using a browser on the client, enter <ClientIP>:<1982>/DEW?op=GetLastError. If everything is fine, it should return null. The ExplorerPort specified in GDE rules, e.g., ExplorerPort=1982 (or the chosen port), should be open.
Inspect the Firewall, Antivirus, or any similar tool to ensure there is no blocking mechanism preventing communication.
Check if the client machine is operational. GDE should be installed and running (Geodi.Desktopexplorer.exe should be in the task list).
Verify the status of the received TOKEN: <GEODI_URL>/API/token_parser.html.
Examine the Agent Management Panel; if the endpoint's status looks good, waiting for a while may resolve the issue. The GEODI Server queues incoming data, so the files at the endpoint might not be due yet.
If everything seems correct but data is still not coming through, check the FolderList and IgnoreFolders values in the GDE rules.
If you are not receiving the expected file type, ensure that the extension is not listed in the IgnoreFiles value in the GDE rules.

The Setting file may not be a valid JSON. Validate it with an online tool.
Settings will generally be adjusted in an hour. If the IP of the endpoint has changed, this may take up to 3 hours.

The default settings block some large files, like videos. Files larger than 100 MB or compressed files larger than 500MB are blocked. You may change the settings. The settings will be effective in about an hour.

Install the GDE as usual. The endpoint will be treated as new. The old data is preserved.

You can change 1982 to anything available. Please be careful about not assigning ports that have already been used.
You may set the GDE port to 0, but GEODI can not open the remote files in this case. The search and discovery are unaffected.

FAQ

It is no different than the other. Add layer:GDE <machinename> into query.

layer:GDE <machinename> will query the files.
layer:GDE <machinename> doc:*.pdf will list the PDF files.
layer:GDE <machinename> doc:*.pdf contract will list the PDF files with the word contract.

The GEODI legacy data classification tool classifies remote files if you have the classification agent installed on the same endpoint.

Yes, GEODI remediation tools cover remote files as well. The only requirement is that the user should have delete/update permission on the remote machines. This way, GEODI deletes, makes, or encrypts remote files like the local ones.

Search is unaffected, but you can not open/view or remediate the files.

No, GDE does not copy the local files. But if you need to backup local files, check the “backup content" in the GEODI source dialog. You may activate or deactivate this setting at any time.

Sistem Admins see all files.
Other users' permissions depend on Enable LDAP settings. If LDAP is enabled, then local permissions are used.
It is possible to set each user to see their PC files. Please ask the DECE team how to do that.

Install the GDE as usual. The endpoint will be treated as new. The old data is preserved.

GDE API

You may use a browser to make these calls.

<ClientIP>:<1982>/DEW?op=GetStatus	Gets the status of GDE Agent `{"StatusText":"","RequestCount":0,"FileCount":0,"SendCount":0,"IgnoreCount":0,"Server":"<GEODI_URL>"}` Default port = 1982, may be different

<ClientIP>:<1982>/DEW?op=GetStatus

Gets the status of GDE Agent

{"StatusText":"","RequestCount":0,"FileCount":0,"SendCount":0,"IgnoreCount":0,"Server":"<GEODI_URL>"}

Default port = 1982, may be different

<ClientIP>:<1982>/DEW?op=GetLastError

Gets the GDE agent errors.

If no error, retuns null. Else

{"Server":"<GEODI_URL>", "LastErrorTime": {}, "LastError" : "", "TotalErrorCount": n}

Installing GDE as a Windows Service

This option is used to index/discover FileServers with GDE.

Requirements for Installation

In addition to the Windows MSI requirements:

The Windows Service user must have read-only access to the FileServer directories.
A separate configuration file must be created under the GEODI Server for each File Server to define the directories to be indexed and other rules. Details are provided on the main page..

After installing GDE on Windows, it can be turned into a service using the WindowsServiceInstall.bat file located in the same directory.

The service mode can be removed using the WindowsServiceUninstall.bat file.
When running in service mode, no logged-in user is required for the service to function.

MSI Parameters for ManageEngine and Similar Tools

When deploying the GDE agent using ManageEngine, SCCM, or similar tools, you’ll need to provide specific MSI installation parameters.

💡 Good news:
The GDE interface automatically generates these parameters based on your project and feed settings. Copy and paste the generated command line into your deployment tool.

This includes:

GEODI server address
Connection token
Desired scan directories
Optional custom port or labels

✅ Just run the MSI with the generated line—no manual editing needed.

Parametre	Açıklama

Parametre

Açıklama

GEODI_URL=

When configuring GDE agents, you must provide the GEODI server address.

🔐 Best Practice:
Use a secure (HTTPS) address with proper DNS and SSL configuration to ensure encrypted communication and trust between endpoints and the GEODI server.

Requirements:

The address should be publicly resolvable if endpoints are outside the network
An SSL certificate should be installed on the GEODI server
Avoid using IP addresses or unsecured HTTP links in production environments

GEODI_WSNAME=

Workspace Name to Feed

GEODI_TOKEN=

The MSI installation parameters for GDE are automatically generated, including a connection token linked to the GEODI user who created it.

⚠️ Important:
The password of the user who generated the token must not change.
If it changes:

The token becomes invalid
A new token must be generated
All previously installed agents may need to be reinstalled or reconfigured

✅ To avoid disruptions:

Use a dedicated service account for token generation
Keep the password secure and unchanged

PDQ , ManageEngine, SCCM gibi bir araç ile dağıtım için aşağıdaki komutlar kullanılabilir.

İşlem	Komut	Notlar

İşlem

Komut

Notlar

Install

"GEODI.Classifier.msi" /quiet GEODI_URL="https://icdemo.dece.com.tr/" GEODI_WSNAME="PII" GEODI_TOKEN="EAAAAL%%2FcQ9RvjWM…"

All params are auto-generated by GEODI. We suggest using those params.

Uninstall

msiexec.exe /x "GEODI.DesktopExplorer.msi" /qn /norestart

You do not need the MSI package to uninstall. Check the PowerShell documentation.

Discovery Agent - GEODI Desktop Explorer(GDE) Installation