ManageEngine Endpoint Central — formerly Desktop Central — is one of the most complete unified endpoint management (UEM) platforms available. It combines OS patch management, software deployment, remote desktop, device control, application control, mobile device management, and advanced security features in a single on-premises installation.
This guide walks you through every stage of a production Endpoint Central deployment: server sizing, installation, database configuration, Active Directory integration, agent rollout, license activation, and first-day security hardening. Whether you are setting up Endpoint Central for the first time or migrating from Desktop Central, this is your reference.
If you need a license before starting, visit the Endpoint Central product page or contact our team directly on Telegram.
Need a ManageEngine Endpoint Central license?
Contact us on Telegram for pricing and activation support:
📱 t.me/DoCrackMe
Desktop Central vs Endpoint Central — What Changed?
ManageEngine rebranded Desktop Central to Endpoint Central in 2022 to reflect its expanded security capabilities. If you are coming from an existing Desktop Central deployment, your data, agents, and policies migrate seamlessly — no reinstallation is required. New installations should use the Endpoint Central installer directly.
The key additions in Endpoint Central over Desktop Central include Application Control, Browser Security, Ransomware Protection, BitLocker Management, and a dedicated Security Edition SKU that bundles all security features.
System Requirements
Hardware Requirements by Endpoint Count
| Managed Endpoints | CPU Cores | RAM | Disk Space | Database |
|---|---|---|---|---|
| Up to 500 | 4 cores | 8 GB | 100 GB | Bundled PostgreSQL |
| 500 – 2,000 | 8 cores | 16 GB | 200 GB | Bundled PostgreSQL |
| 2,000 – 5,000 | 16 cores | 32 GB | 500 GB | MS SQL Server recommended |
| 5,000+ | 16+ cores | 64 GB+ | 1 TB+ | MS SQL Server required |
Disk note: Use a dedicated data volume — not the OS drive. Endpoint Central stores patch binaries, software packages, and historical scan data which can grow considerably over time. SSD is strongly recommended for production deployments.
Supported Server Operating Systems
- Windows: Windows Server 2016, 2019, 2022 (64-bit) — recommended for most deployments
- Linux: RHEL 7/8/9, CentOS 7/8, Ubuntu 18.04/20.04/22.04 LTS (64-bit)
- Not supported: Windows 10/11 as a server OS, Windows Server 2012 or earlier
Software Prerequisites
- .NET Framework 4.5+ — required for Windows deployments (pre-installed on Server 2016+)
- MS SQL Server 2014+ — optional for deployments under 2,000 endpoints; required above that
- Browser: Chrome, Firefox, or Edge (latest release) for the web console
Network Ports
| Port | Protocol | Purpose | Direction |
|---|---|---|---|
| 8020 | TCP | Web console (HTTP) | Inbound to server |
| 8383 | TCP | Web console (HTTPS) | Inbound to server |
| 8027 | TCP | Agent communication | Inbound to server |
| 137–139, 445 | TCP/UDP | Agent push (WMI/RPC) | Outbound from server |
| 135 | TCP | RPC endpoint mapper | Outbound from server |
If a firewall sits between the Endpoint Central server and managed endpoints, ensure the agent communication port (8027) is open inbound to the server from all managed subnets.
Downloading ManageEngine Endpoint Central
Download the installer directly from the ManageEngine website. A fully-featured 30-day trial is available at no cost — no credit card required. The trial supports unlimited endpoints during the evaluation period.
Choose the appropriate installer:
- Windows:
ManageEngine_UEMS_Central.exe - Linux:
ManageEngine_UEMS_Central.bin
For a production license, contact us on Telegram after completing your evaluation: t.me/DoCrackMe
Step-by-Step Installation (Windows Server)
Step 1 — Run the installer as Administrator
Right-click ManageEngine_UEMS_Central.exe and select Run as administrator. The Setup Wizard opens. Select your language and click Next.
Step 2 — Accept the License Agreement
Read the End User License Agreement. Select I accept the agreement and click Next.
Step 3 — Choose the installation directory
The default path is C:\ManageEngine\UEMS_CentralServer. We recommend installing on a non-system drive — for example D:\ManageEngine\UEMS_CentralServer — to prevent disk space conflicts with the OS volume. Click Next.
Step 4 — Configure web server ports
Default ports are:
- HTTP: 8020
- HTTPS: 8383
- Agent communication: 8027
Change these only if there are conflicts with existing services. Click Next.
Step 5 — Select database type
For deployments up to approximately 2,000 endpoints, select Bundled PostgreSQL — it requires no external configuration and installs automatically. For larger deployments, select MS SQL Server and enter the SQL Server instance details, service account credentials, and target database name. Click Next.
Step 6 — Active Directory configuration (optional)
Providing AD credentials at this stage enables automatic computer discovery after installation:
- Domain name: e.g.,
corp.example.com - Domain controller: FQDN or IP of a DC
- Service account: A domain account with read access to AD (no admin rights required)
This is optional — you can configure AD discovery from the console after installation. Click Next.
Step 7 — Review and install
Review your configuration summary. Click Install. The process takes 5–15 minutes depending on server speed.
Step 8 — Launch and first login
Leave Launch ManageEngine Endpoint Central checked and click Finish. Your browser opens automatically to https://[server-ip]:8383.
Default credentials: username admin / password admin. You are prompted to set a new password immediately on first login.
Linux Installation (Brief)
For Linux deployments, make the binary executable and run it as root:
chmod +x ManageEngine_UEMS_Central.bin sudo ./ManageEngine_UEMS_Central.bin
The text-based installer prompts for the same options as the Windows wizard. After installation, start the service with:
sudo /opt/ManageEngine/UEMS_CentralServer/bin/startup.sh
Access the console at https://[server-ip]:8383.
Post-Installation Configuration
Activate your license
Navigate to Admin → License → Import License and upload the .lic file you received after purchase. All features of your licensed edition activate immediately — no restart required.
If you purchased a license through us and have questions about activation:
📱 Telegram: t.me/DoCrackMe
Discover and add endpoints
There are three ways to bring endpoints under management:
Method 1 — Active Directory discovery (recommended for domain-joined machines)
Go to Scope of Management → Add Domain. Enter your domain and service account credentials. Endpoint Central scans AD and lists all computer objects. Select which OUs or individual machines to manage.
Method 2 — IP range scan
Go to Scope of Management → Add Networks. Enter an IP range (e.g., 192.168.1.0/24). Endpoint Central probes via ICMP and WMI to identify Windows machines. Suitable for non-domain workgroups.
Method 3 — Manual agent installation
Download the agent installer from Agent → Downloads. Deploy via group policy, SCCM, or manual execution on each endpoint. Use this method for machines outside your LAN (remote workers, branch offices without VPN connectivity to the server).
Configure patch deployment policy
Navigate to Patch Mgmt → Deployment Policy and create your first policy:
- Deployment window: Set to off-hours (e.g., 02:00–05:00) to avoid disrupting users
- Approval workflow: Enable Test & Approve to push patches to a pilot group first before organization-wide deployment
- Reboot policy: Choose between forced reboot, user-prompted, or no reboot based on your change management requirements
- Third-party apps: Enable patching for Chrome, Firefox, Adobe Reader, Java, and other applications
Configure USB device control (Security Edition)
Navigate to Security → Device Control → Configurations. Create a policy that:
- Blocks all unknown removable storage devices by default
- Allows read-only access to approved USB drives (identified by vendor/product ID or serial number)
- Generates audit alerts for any blocked device attempt
Apply the policy to all managed computers or a specific department OU.
Configure application control (Security Edition)
Navigate to Security → Application Control. Start with a Blacklist policy that blocks known-dangerous applications (torrent clients, unauthorized remote access tools, cryptocurrency miners). Once inventory data is collected from your endpoints, consider transitioning to a Whitelist policy that explicitly permits only approved software — a significantly stronger security posture.
Set up email notifications
Navigate to Admin → Mail Server Settings and configure your organization’s SMTP relay. Endpoint Central uses email to send patch compliance reports, security alerts, and scheduled dashboards to IT managers.
First-Day Security Hardening
Before onboarding your endpoints, apply these hardening steps to the Endpoint Central server itself:
- Change default credentials immediately: The default admin/admin login is well-known. Use a strong, unique password and enable two-factor authentication for the admin account.
- Restrict console access by IP: In your perimeter firewall, restrict access to ports 8020 and 8383 to IT admin workstations and VPN ranges only — not the entire network.
- Enable HTTPS only: Disable HTTP (port 8020) and force all console access through HTTPS (8383) once you have configured a valid SSL certificate.
- Install an SSL certificate: The bundled self-signed certificate generates browser warnings. Replace it with a certificate from your internal CA or a public CA.
- Create role-based admin accounts: Do not use the master admin account for daily operations. Create role-limited accounts for helpdesk staff, patch administrators, and auditors.
- Configure scheduled backups: Navigate to Admin → Backup/Restore and schedule daily backups to a location outside the Endpoint Central server. Test restoration periodically.
Endpoint Central Within the ManageEngine Ecosystem
Endpoint Central is most powerful when paired with other ManageEngine products on the same infrastructure:
| Requirement | Complementary Product |
|---|---|
| Monitor the network devices your endpoints connect through | OpManager |
| Identify vulnerabilities Endpoint Central can’t patch (misconfigs, EOL software) | Vulnerability Manager Plus |
| Manage user accounts and AD permissions for endpoint users | ADManager Plus |
| Let users reset their own passwords without calling IT | ADSelfService Plus |
| Route endpoint issues into a structured helpdesk workflow | ServiceDesk Plus |
| Add behavioral ransomware detection to managed endpoints | Ransomware Protection Plus |
Questions about Endpoint Central or the broader ManageEngine ecosystem?
Our team provides free pre-sales consultation and full post-purchase deployment support.
📱 Telegram: t.me/DoCrackMe
Frequently Asked Questions
Can I install Endpoint Central on Windows 10 or 11?
No — at least not for the Central Server component. ManageEngine supports Windows 10/11 only as managed endpoints (agents). The server must run a supported Windows Server OS (2016, 2019, or 2022) or a supported Linux distribution. Running the server on a workstation OS will cause stability and support issues.
Can I run Endpoint Central on a virtual machine?
Yes, fully supported. VMware vSphere, Microsoft Hyper-V, Nutanix AHV, and other hypervisors all work. Ensure the VM is allocated dedicated resources matching the hardware requirements above — avoid overcommitting CPU or RAM on the host, as Endpoint Central is I/O intensive during patch scans and software deployments.
How many endpoints can the free trial manage?
The 30-day trial is fully functional with no endpoint limit. After the trial expires, the software downgrades to the Free Edition which supports up to 25 endpoints with core features. To continue managing more than 25 endpoints, a paid license is required.
Does Endpoint Central require internet access to function?
No. Core functionality — endpoint discovery, policy enforcement, remote desktop, software deployment, and reporting — works entirely on-premises with no internet connectivity. Internet access is only needed to download patch definitions and third-party application updates from ManageEngine’s patch database. This can be managed through an internal proxy server if direct internet access from the server is not permitted.
How does the agent affect endpoint performance?
The Endpoint Central agent has a minimal footprint. Memory consumption is typically under 50 MB. CPU usage spikes briefly during scheduled scans (patch compliance, software inventory) but returns to near-zero between cycles. Users should not notice any performance degradation under normal conditions.
What is the difference between Endpoint Central Standard, Professional, and Security Edition?
| Feature | Standard | Professional | Security Edition |
|---|---|---|---|
| Patch Management | ✅ | ✅ | ✅ |
| Software Deployment | ✅ | ✅ | ✅ |
| Remote Desktop | ✅ | ✅ | ✅ |
| Mobile Device Management | ❌ | ✅ | ✅ |
| Application Control | ❌ | ❌ | ✅ |
| Browser Security | ❌ | ❌ | ✅ |
| Data Loss Prevention (DLP) | ❌ | ❌ | ✅ |
| BitLocker Management | ❌ | ❌ | ✅ |
| USB Device Control | ✅ Basic | ✅ Basic | ✅ Advanced |
For most security-conscious organizations, Security Edition is the recommended choice. For environments that primarily need endpoint management without advanced security controls, Standard or Professional may suffice.
Can Endpoint Central manage Mac and Linux endpoints as well?
Yes. Endpoint Central supports Windows, macOS, and Linux endpoints from the same console and single agent framework. macOS management covers patch management for Apple OS updates and third-party apps, software deployment via PKG/DMG, remote desktop via Screen Sharing, and basic device control. Linux support covers patch management and software deployment for supported distributions (Ubuntu, RHEL, CentOS, Fedora, Debian).
Is there a migration path from Desktop Central?
Yes. Existing Desktop Central installations upgrade directly to Endpoint Central by applying the latest update package through the Admin → Updates section. All existing agents, policies, configurations, patch history, and software packages are preserved. No reinstallation or agent redeployment is required.
