GEODI can discover data from many sources without any agents. However, in the following or similar cases, GDE (GEODI Desktop Explorer) agent is required.

Network shares are not available or Agentless access is not preferred
EndPoint Discovery/Search is required
EndPoint Remediation (Secure Delete, Quarantine, Classification, Masking ...)

1 How GDE Connection Set
2 GDE configuration settings
3 Troubleshooting
4 FAQ
5 GDE API
6 Installing GDE as a Windows Service
7 MSI Parameters for ManageEngine and Similar Tools
8 GDE Feed Logs

How GDE Connection Set

Open Project Wizard and create a Feed Source, then choose GDE Model. This will open the following dialog and readly present MSI install params.

EndPoints will use the GDE Configuration Settings. You may customise this settings by using IP, IP block, ComputerName or UserName in the settings name.

The network architecture is as follows. Port 1982 at EndPoint side should be open, and EndPoints must have access to GEODI Server.

Connection Requirements for GDE (GEODI Desktop Explorer)

To deploy and connect GDE agents across multiple clients, the following prerequisites must be met:

🛠️ Deployment Tools & User Permissions

Use tools like ManageEngine, SCCM, or similar for mass deployment
A user account that has installation permission on the EndPoint side.
- Write permission required if remediation is required.

🔐 Authentication

A GEODI user with feed permissions is required
This user is only needed for generating the connection token

🌐 Network Requirements

Client machines must be able to access the GEODI server
GEODI server must be able to access the clients, and the default port 1982 (customizable) must be open in both directions

📁 Content Scope

Define which directories and file types to be discovered on client machines

Supported Platforms → Windows, Linux, MacOS ve Pardus

Agent Software Updates → Automatic for Windows Clients

MSI Link → <geodi_url>/GUI/Agents/GDE/GEODI.DesktopExplorer.MSI → For Windows clients, GDE agents are automatically updated. This link is automatically populated during GEODI Discovery module setup. Windows agents regularly check this location and self-update when a new version is available.

Service Installation → On Windows file servers, the GDE agent can be installed as a Windows Service, enabling continuous background operation for server-side discovery and actions.

Agent Monitoring → Active agents, GDE and Classifier, monitored and managed via the Agent Management Panel:

GDE configuration settings

You start with modifying default settings. You can clone each settings and customize. Customization depend on naming and you may use the following rules. Changes become effective in about 10minutes.

<ClientIP> → It is possible to use IP blocks
<ClientUserName>
<ClientMachineName>

{
  "FolderList": ["%UserProfile%"],// "*" scan all directory //
  "ExplorerPort": 1982,
  "IgnoreFiles":["*.MP4","*.MOV","*.MP3"],
  "MetaData": {
	"LDAPDN":"=d.CurrentUser!=null?d.CurrentUser.DistinguishedName:null",
	"IP":"=d.ClientIP",
	"ComputerName":"=d.ClientMachineName",
	"UserName":"=d.ClientUserName"
	}
}

Setting Name	Type	Description

Setting Name	Type	Description
FolderList	string[]*	Used to specify the folders to be scanned. Folders can be identified by separating them with ",".Windows, MacOS, and Linux client folders can be used interchangeably. The default directory is `%UserProfile%` ,`\\Users`, `\\Home`(includes documents, downloads, desktops, etc.). Values are case-sensitive. Subdirectories can also be defined as `%UserProfile%\\Desktop`. You can use ["*"] to scan all disks.
ExplorerPort	int	The default is 1982. Alternatively, you may set the port value to 0. Discovery and search will be fine, but GEODI can not open the local files in this case.
EnableLDAP	bool	If a true value is given, LDAP authorizations of the files are also indexed. Default value: false
IgnoreFolders	string[]	List of folders to ignore. * is accepted. Used in combination with the settings under Geodi Settings/IgnoreFolders. Example: `[":\\data","C:\User"]` Default value: null GEODI central file/folder ignore rules always take precedence. The restrictions specified within the settings are applied additionally. By default, to safeguard the network resource, only the name and date of files larger than 100MB are indexed. This limit is set to 500MB for compressed file contents. These values can be modified on the GEODI server.
IgnoreFiles	string[]	List of folders to ignore. * is accepted and used with the settings under Geodi Settings/IgnoreFileTypes. Default value:`[".MP4",".MOV","*.MP3"]` GEODI central file/folder ignore rules always take precedence. The restrictions specified within the settings are applied additionally. By default, to safeguard the network resource, only the name and date of files larger than 100MB are indexed. This limit is set to 500MB for compressed file contents. These values can be modified on the GEODI server.
Metadata		You can define metadata for parsing files from clients. These metadata are specified in the settings file. The values used in the default settings can be seen in the example file. Searching with metadata is done with <metaname>:<value> Example `IP:192.168.1.1` The defined metadata and values will be visible in the GEODI search interface.

Troubleshooting

Check if the client has access to the GEODI Server. GEODI should be accessible through a browser on the client. Enter the GEODI address in a browser on the client; there should be access.
The GEODI server should be accessible from the client's GDE. Using a browser on the client, enter <ClientIP>:<1982>/DEW?op=GetLastError. If everything is fine, it should return null. The ExplorerPort specified in GDE rules, e.g., ExplorerPort=1982 (or the chosen port), should be open.
Inspect the Firewall, Antivirus, or any similar tool to ensure there is no blocking mechanism preventing communication.
Check if the client machine is operational. GDE should be installed and running (Geodi.Desktopexplorer.exe should be in the task list).
Verify the status of the received TOKEN: <GEODI_URL>/API/token_parser.html.
Examine the Agent Management Panel; if the endpoint's status looks good, waiting for a while may resolve the issue. The GEODI Server queues incoming data, so the files at the endpoint might not be due yet.
If everything seems correct but data is still not coming through, check the FolderList and IgnoreFolders values in the GDE rules.
If you are not receiving the expected file type, ensure that the extension is not listed in the IgnoreFiles value in the GDE rules.

The default settings block some large files, like videos. Files larger than 100 MB or compressed files larger than 500MB are blocked. You may change the settings. The settings will be effective in about an hour.

Install the GDE as usual. The endpoint will be treated as new. The old data is preserved.

You can change 1982 to anything available. Please be careful about not assigning ports that have already been used.
You may set the GDE port to 0, but GEODI can not open the remote files in this case. The search and discovery are unaffected.

GEODI Server uses a queue for content coming from all EndPoints and process files depending on Discovery Speed Settings. The total unstructured data comsuption should be no less that 500GB-1.5TB/day if the server has recommended values.
Check Firewall or Virus Check software which might intervene even file. Exclude GEODI from this checks.
Check DLP software which also interfene every file. Exclude GEODI from this check. You can change 1982 to anything available. Please be careful about not assigning ports that have already been used.
Check Network Speed and take action to increase that.
Check I OCR is open, OCR requires more CPU time to process.

FAQ

It is no different than the other. Add layer:GDE <machinename> into query.

layer:GDE <machinename> will query the files.
layer:GDE <machinename> doc:*.pdf will list the PDF files.
layer:GDE <machinename> doc:*.pdf contract will list the PDF files with the word contract.

The GEODI legacy data classification tool classifies remote files if you have the classification agent installed on the same endpoint.

Yes, GEODI remediation tools cover remote files as well. The only requirement is that the user should have delete/update permission on the remote machines. This way, GEODI deletes, makes, or encrypts remote files like the local ones.

Search is unaffected, but you can not open/view or remediate the files.

No, GDE does not copy the local files. But if you need to backup local files, check the “backup content" in the GEODI source dialog. You may activate or deactivate this setting at any time.

Sistem Admins see all files.
Other users' permissions depend on Enable LDAP settings. If LDAP is enabled, then local permissions are used.
It is possible to set each user to see their PC files. Please ask the DECE team how to do that.

Install the GDE as usual. The endpoint will be treated as new. The old data is preserved.

GDE API

You may use a browser to make these calls.

<ClientIP>:<1982>/DEW?op=GetStatus	Gets the status of GDE Agent `{"StatusText":"","RequestCount":0,"FileCount":0,"SendCount":0,"IgnoreCount":0,"Server":"<GEODI_URL>"}` Default port = 1982, may be different

<ClientIP>:<1982>/DEW?op=GetStatus

Gets the status of GDE Agent

{"StatusText":"","RequestCount":0,"FileCount":0,"SendCount":0,"IgnoreCount":0,"Server":"<GEODI_URL>"}

Default port = 1982, may be different

<ClientIP>:<1982>/DEW?op=GetLastError

Gets the GDE agent errors.

If no error, retuns null. Else

{"Server":"<GEODI_URL>", "LastErrorTime": {}, "LastError" : "", "TotalErrorCount": n}

Installing GDE as a Windows Service

This option is used to index/discover FileServers with GDE.

Requirements for Installation

In addition to the Windows MSI requirements:

The Windows Service user must have read-only access to the FileServer directories.
A separate configuration file must be created under the GEODI Server for each File Server to define the directories to be indexed and other rules. Details are provided on the main page..

After installing GDE on Windows, it can be turned into a service using the WindowsServiceInstall.bat file located in the same directory.

The service mode can be removed using the WindowsServiceUninstall.bat file.
When running in service mode, no logged-in user is required for the service to function.

GDE runs under the Local System account in default service installations. No special authorization is required for remediation/data improvement operations performed through GEODI Workflows. If you wish, you can assign a user other than Local System for the GDE service account. In that case, the operations will be carried out with the assigned user's permissions.

MSI Parameters for ManageEngine and Similar Tools

When deploying the GDE agent using ManageEngine, SCCM, or similar tools, you’ll need to provide specific MSI installation parameters.

💡 Good news:
The GDE interface automatically generates these parameters based on your project and feed settings. Copy and paste the generated command line into your deployment tool.

This includes:

GEODI server address
Connection token
Desired scan directories
Optional custom port or labels

✅ Just run the MSI with the generated line—no manual editing needed.

Parameters	Description

Parameters

Description

GEODI_URL=

When configuring GDE agents, you must provide the GEODI server address.

🔐 Best Practice:
Use a secure (HTTPS) address with proper DNS and SSL configuration to ensure encrypted communication and trust between endpoints and the GEODI server.

Requirements:

The address should be publicly resolvable if endpoints are outside the network
An SSL certificate should be installed on the GEODI server
Avoid using IP addresses or unsecured HTTP links in production environments

GEODI_WSNAME=

Workspace Name to Feed

GEODI_TOKEN=

The MSI installation parameters for GDE are automatically generated, including a connection token linked to the GEODI user who created it.

⚠️ Important:
The password of the user who generated the token must not change.
If it changes:

The token becomes invalid
A new token must be generated
All previously installed agents may need to be reinstalled or reconfigured

✅ To avoid disruptions:

Use a dedicated service account for token generation
Keep the password secure and unchanged

The following commands can be used for deployment with a tool such as PDQ, ManageEngine, SCCM.

Process	Commands	Notes

Process

Commands

Notes

Install

"GEODI.Classifier.msi" /quiet GEODI_URL="https://icdemo.dece.com.tr/" GEODI_WSNAME="PII" GEODI_TOKEN="EAAAAL%%2FcQ9RvjWM…"

All params are auto-generated by GEODI. We suggest using those params.

Uninstall

msiexec.exe /x "GEODI.DesktopExplorer.msi" /qn /norestart

You do not need the MSI package to uninstall. Check the PowerShell documentation.

GDE Feed Logs

Data from the GDE is recorded in logs, including information about the machine from which the feed was made and when. At least one row is created for each machine, and an additional row is created for every 1000 GDE contents.

Feed logs are deleted after 10 days.

Discovery Agent - GEODI Desktop Explorer(GDE) Installation