Skip to main content

AQUILA EDR Deployment via GPO on Windows Server AD

This document provides a step-by-step guide for deploying AQUILA Endpoint Detection and Response (EDR) on Windows Server environments using Group Policy Objects (GPO). The purpose of this guide is to streamline the installation process, ensure consistent configuration across domain-joined systems, and simplify centralized management of the EDR agent. By leveraging Group Policy, administrators can enforce deployment at scale, reduce manual installation efforts, and maintain stronger security coverage across the organization’s Windows Server infrastructure.

Scope & Audience

This guide is intended for system administrators, IT operations teams, and security engineers responsible for managing Windows Server environments within an Active Directory domain. The deployment process outlined here applies to Windows Server editions that support Group Policy and assumes administrative privileges within the domain.

The scope of this document covers:

  • Preparing the Windows Server environment for AQUILA EDR deployment

  • Configuring and applying Group Policy Objects (GPO) for automated agent installation

  • Ensuring consistent and secure deployment across domain-joined systems

This document does not cover post-deployment tasks such as advanced policy tuning, threat hunting, or incident response workflows.

Prerequisites

Before beginning the deployment of AQUILA EDR via Group Policy, ensure the following requirements are met:

  1. Administrative Permissions
    • Domain Administrator or delegated privileges to create and manage Group Policy Objects (GPOs).
    • Local Administrator rights on the Windows Server hosting the installer.
  2. Windows Server Environment
    • Active Directory domain configured and operational.
    • Supported Windows Server editions (2016, 2019, 2022).
    • Network connectivity between domain controllers and target machines.
  3. AQUILA EDR Installer Package
    • Latest version of the AQUILA EDR MSIZIP  installerfile obtained
    • Obtained the script to be setup on the GPO
    • Installer stored in a shared network location (UNC path) accessible to all domain-joined endpoints.
  4. Group Policy Management Tools
    • Group Policy Management Console (GPMC) installed on the Windows Server or administrator workstation.
  5. Security & Firewall Considerations
    • Ensure that outbound communication to AQUILA EDR cloud services is allowed.
    • Verify no local security policies block software installation.
  6. Testing Environment
    • At least one test machine joined to the domain to validate deployment before organization-wide rollout.
Creating a UNC Path for the AQUILA EDR InstallerZIP file and for Centralize Logs

To ensure domain-joined computers can access the AQUILA EDR installationZIP package,file package and folder for centralizing logs, create a shared network folder and configure appropriate permissions.

  1. Create a Software ShareZIP Folder
    • On a file server, create a folder (e.g., C:\SoftwareShareZIP).
    • Copy the Aquila Agent.msiedr-agent-8.18.1-windows-x86_64.zip installerfile into this folder.
  2. Enable Folder Sharing
    • Right-click the SoftwareShareZIP folder and select Properties.
    • Navigate to the Sharing tab and click Advanced Sharing.

      image.pngimage.png


       
      • Check the box Share this folder.

  3. Set Permissions
    • Click Permissions.
    • Select Add and in the Enter the object names field, type Domain Computers.
    • Click Check Names, then select OK.

      image.png


    • Grant the Read permission to Domain Computers.
    • Grant the Full Control permission to Domain Admins.

      image.pngimage.png


    • Also, in the Security tab, grant the Read & execute permission to Domain Computers and Full control permission to Domain Admins.

             image.png

  • Click Apply, then OK to confirm the changes.

4.

  • Save the Network Path

      • Note the Network Path displayed in the Sharing tab (e.g., \\ServerName\SoftwareShare<ServerHostName>\ZIP).
      • This UNC path will be required when configuring the script for the Group Policy Object (GPO) for deployment.

        image.pngimage.png


    5. Create the Logs Folder

    The purpose of this Logs folder is to centralize all log processes from every endpoint where the EDR is deployed within the domain. This setup allows us to verify whether each endpoint has successfully installed the EDR and to easily identify and troubleshoot any errors that may occur during deployment.

    • On a file server, create a folder (e.g., C:\Logs).

    6. Set Permissions

    • Grant the Full Control permission to both Domain Computers and Domain Admins.
    • Do the same on the Security tab.
    • Note the Network Path displayed in the Sharing tab (e.g., \\<ServerHostName>\Logs)

    image.png

    image.png

    • Also don't forget to create one folder where you can save the script and should be shared advance and that has the same permission as the ZIP folder since when creating a GPO policy, it only accepts UNC Path.

    NOTE:
    If you already have a dedicated folder for storing the ZIP file and centralized logs, we can use that location. Just make sure to take note of its UNC path, as we’ll need it when updating the deployment script later.

    Alternatively, we can update the script for you and send it back—so all you need to do is save the script and configure the Group Policy to deploy it. If you prefer this option, please email us at support@cytechint.com.

    Editing the Script

    To edit the provided script, you can use PowerShell ISE by following these steps:

    • Click the Start menu and type PowerShell ISE.

    image.png

    • In the upper-right corner, click the Open Script icon (folder symbol).

    image.png

    • Navigate to the folder where the script was saved, then open the file.

    image.png

    • Variables need to change:
      • $elasticZipFile: put the UNC path where the ZIP file was saved. (e.g. \\WINJDHSGFYR\ZIP\edr-agent-8.18.1-windows-x86_64.zip).
      • $logServerPath: put the UNC path of the created Logs folder. (e.g. \\WINJDHSGFYR\Logs).

    image.png

    • Then Save Script.
    Deploying AQUILA EDR via Group Policy

    Use Group Policy Management to create and link a Group Policy Object (GPO) that deploys the AQUILA EDR agent to domain-joined computers.

    1. Open Group Policy Management
      • In Server Manager, go to Tools → Group Policy Management.

        image.png


    2. Create a New GPO
      • In the Group Policy Management Console, expand your domain and right-click the Domain Controllers container (or the appropriate Organizational Unit (OU)).
      • Select Create a GPO in this domain, and Link it here.

        image.png



      • Provide a descriptive name (e.g., DeployNew AQUILAPatch Elastic Agent MSIDeployment), then click OK.

        image.pngimage.png


    3. Edit the GPO
      • Right-click the newly created GPO and select Edit.

        image.png


      • In the Group Policy Management Editor, navigate to:
        Computer Configuration → PoliciesPreferencesSoftwareControl Panel Settings → SoftwareScheduled InstallationTasks

    4. AddScheduled the MSI PackageTasks
      • Right-click then choose Software InstallationNewNewScheduled Task Package(At least Windows 7).

        image.png

      • In the

        General fileTab

        dialog,
          browse
        • Action: toCreate
          • the
        • Name: UNCyou pathcan set a name of the installerscheduled task. (e.g., \\ServerName\SoftwareShare\Deploy EDR Aquila Agent.msi)Agent)
          • and
        • When selectrunning Openthe task, use the following user account: .

          NT

          image.png

          AUTHORITY\SYSTEM
        • ChooseEnable AssignedRun whether user is logged on or not
        • Enable Run with highest privileges
        • Configure for: toWindows ensure7, theWindows agentServer installs automatically for all targeted computers.

          image.png


          2008R2

             image.png

    • Triggers Tab
      • Click New
      • Begin the task: At startup
      • Delay task for: 1 minute
      • Enabled

            image.png

    • Actions Tab
      • Click New
      • Action: Start a program
      • Program/script: powershell.exe
      • Add arguments(optional): -NoProfile -ExecutionPolicy Bypass -File "\\<SERVERHOSTNAME>\Script\Install-EDRAgent.ps1" (e.g. \\WINSJHGJDHR\Script\Install-EDRAgent.ps1)

            image.png

    • Settings Tab
      • Enabled Allow task to be run on demand
      • If the task fails, restart every: 1 minute
      • Attempt to restart up to: 3 times

          image.png

    1. Finalize the GPO
      • Close the Group Policy Management Editor.
    2. ApplyTest in the PolicyClient Computer before Deployment
      • Go to the test client computer that is connected to the domain.
      • Open CommandPowershell Prompt as Administrator.administrator
      • Run the command:
        gpupdate /force
      • Running it here refreshes the Group Policy on the server itself.
      • Open Task Scheduler and check if the scheduled task was reflected on the Task Scheduler Library.
      • If confirmed go back to Powershell
      • Run the command:
      • shutdown /r /t 0
      • To restart the test client computer
    3. Verify Installation
      • Reboot the domain-joined computer, the AQUILA EDR agent should install automatically during startup.
      • Confirm the agent appears in the Programs and Features list or within the AQUILA EDR management console.

    Troubleshooting Tips

    If the AQUILA EDR agent does not install as expected after deploying the GPO, consider the following checks:

    1. Verify UNC Path Accessibility
      • Ensure the network share (e.g., \\ServerName\SoftwareShare\Aquila Agent.msi) is accessible from target machines.
      • Confirm that Domain Computers have Read permissions on the shared folder.
    2. Check GPO Application
      • Run gpresult /r on a target machine to confirm the deployment GPO is applied.
      • Verify that the GPO is linkedLogin to the correcttest Organizationalclient Unitcomputer (OU)and containingwait for the target1 computers.
        • minute
      to run the task.
    3. ConfirmYou MSIcan Installer Integrity
      • Testopen the AquilaTask Agent.msiScheduler fileagain byand manuallycheck installingTask itScheduler onLibrary a test machine.
      • Re-download the installer if the packagetask is corrupted.
      successful.
    4. Ensure Policy Refresh
      • Run gpupdate /force onConfirm the clientagent, machine.
      • Restart the computer to trigger software installation.
    5. Check Event Viewer Logs
      • Opencheck EventTask ViewerManager and Windows Logs → Application.
      • Looksearch for Groupelastic-agent Policy or MSI installation errors (Event IDs 103, 104, 108).
    6. Review Software Installation Settings
      • Confirm that the package was added underand Computer Configuration → Policies → Software Settings → Software Installationelastic-endpoint (not under User Configuration).
      • Ensure the package was configured as Assigned, not Published.
    7. Firewall or Security Software Conflicts
      • Verify that local security software is not blocking MSI execution.
      • Ensure firewall rules allow communication to AQUILA EDR services.

    If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.

    • Back to top