Windows Agent deployment with GPO
- Guillaume LEROUVREUR
- Alexandre LE SAUX
AD deployment of the provconnect agent
AD requirements
target devices must be present in OU.
GPO creation in the Group Policy Management
We make a new GPO « InstallAgentProv » applied on the OU that contains the target devices
It is crucial that Security Filtering allows the installation on devices, and not on named users.
The group « Authenticated Users » contains user groups and devices, so it's a convenient group to use for the task
GPO details
There is two distinct actions :
- the agent file deployment
- the execution of a .bat file to install the agent
Agent file installer deployment
You need to add an action in Computer Configuration > Preferences > Windows Settings > Files.
the setup path must be a network path
The installation path is up to the administrator, but he must use the same path in the script .bat at step number 2.
Checkboxes must be unchecked
In the common tab, check « Apply once and do not reapply ».
This is the final result for the step 1
Installation script .bat
We need to create a new action in the GPO in Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown) > Startup
- At first, we need to create a .bat file in the startup scripts folder. Just click on show files to have access to this folder
- Then, in the folder that just opens, create the file « deployAgent.bat» whith the following code
set installer=c:\proVconnectDeviceAgent_x.xx.xx.xx.exe IF EXIST %installer% start /WAIT "" %installer% /S /WPSERVER=myserveraddress /WPHTTPPORT=443 IF EXIST %installer% del %installer% /Q
Things to pay attention
- /WPSERVER=myserveraddress needs to be replaced by the server address of your server. it must be a server name, and not an ip address
- make sure that the installer path match the chosen path in the step number 1
Expected behavior of the GPO
At start, the device will install the agent if it was never installed before