Skip to main content

Windows Server - Deploy Software via Group Policy (GPO)

Introduction

Deploy Software via Group Policy (GPO) is a method used in Windows Active Directory (AD) environments to automatically install, update, or remove software on computers or for users centrally and silently, without manual installation on each machine. It’s mainly handled by Group Policy Objects (GPOs) through Microsoft Installer (MSI) packages.

Open the Windows Server Device:

  • Open Server Manager click Tools on the upper right side and choose the Active Directory Users and Computers.

image.png

  • On the Active Directory Users and Computers right click the Users folder select New and Group.

image.png

After you clicked the Computer, New Object - Computer window displayed.

  • Input your desired Computer Name: TSR-Deployment
  • Group scope: Global
  • Group type: Security

Click "OK" once done and you will see the TSR-Deployment added on the Active Directory Users and Computers.

image.png

image.png

  • Next Process double click the TSR-Deployment on the Active Directory Users and Computers, TSR-Deployment Properties will appear and click the Members tab.

image.png

  • Click Add, then select Object Types. Once it opens, check the Computers.

image.png

image.png

  • Type the computer name that is connected to the domain. Then, click Check Names and select only the Computer icon that corresponds to your device.

    image.png

Creating a UNC Path for Software Folders (Windows Server)

To ensure domain-joined computers can access the AQUILA EDR ZIP file package and folder for centralizing logs, create a shared network folder and configure appropriate permissions.

  1. On a Document folder, create another folder inside of it with your desired name (e.g., software).
    • Inside of the software folder, place the aquila agent 7.msi into this folder.

      image.png


      image.png


  2. Enable Folder Sharing
    • Right-click the software folder and select Properties.
    • Navigate to the Sharing tab and click Advanced Sharing.

      image.png


    • Check the box Share this folder.

      image.png

  3. Set Permissions
    • Click Permissions

    • Grant the Read permission to Domain Computers.

    • Grant the Full Control permission to Domain Admins

      image.png
    • Once the Permission clicked, Permissions for software will be shown and kindly Remove the Everyone.

      image.png

       

    • After clicking the Remove, click the Add, the Select Users, Computers, Service Accounts, or Group will be shown. Type "auth" then click Check Names. the Multiple Names Found will be shown and select the Authenticated Users and click OK.
       

      image.png

      image.png


      image.png


  • Once Authenticated Users allow Full Control, click Apply and OK. Including the Advanced Sharing click Apply and OK.

image.png

  • On the software folder properties click the Security tab. Point your mouse at Administrator ("username"\administrator) and click Edit

image.png

  • On the Permission for software, click Add and type the Security Group name your created earlier "tsr-deployment" and click Check Names. (It will automatically link the Security Group). Click OK

image.png

  • As you can see the "TSR-Deployment" Security Group are added. To proceed click Apply and OK.

image.png

Let's go back to the Server Manager dashboard.

  • On the Server Manager click Tools on the upper right side and choose the Group Policy Management.

    image.png

  • Select or double click the Domain.

    image.png

  • Under you Domain, you will see your domain name (e.g., ronwinser.com).

    image.png

  • Right click your domain name and click the Create a GPO in this domain, and Link it here and put a name (e.g., tsrapp_deployment).

    image.png


    image.png


  • On the GPO you created, right click and choose the Edit.

    image.png

  • Once you Edit, the Group Policy Management Editor will be shown just click the arrow from Computer Configuration > Policies > Software Settings > Software installation, inside the Software installation right click in the enviroment and choose the New > Package.

    image.png


  • Once you clicked the Package it will direct you from the folder you created earlier with a name of "software". Kindly click the Open your software installer will be added it inside to your Group Policy Management Edit or GPO. As is the "Assigned" radio button from Deploy Software.

    image.png


    image.png

  • As we see, we can be able to map out the Network path of the "software" folder we shared earlier. 

    image.png

  • So now your Aquila Agent installer is already added on the GPO.

    image.png

Let's navigate again to the Group Policy Management.

  • On your Group Policy Managent remove your Authenticated Users in Security Filtering.

    image.png

  • Then click the Add from Security Filtering, type Security Groups you created, but for this case was "TSR-Deployment" and click the Check Names and press OK.

    image.png


  • Your TSR-Deployment which is the Global Security group you've created was already added on the Security Filtering

    image.png

In this case, the setup of Active Directory Users and Computers and Group Policy Management for software deployment via Group Policy (GPO) has already been completed. The installer packages have also been added to Group Policy Management and are ready for deployment on the client end.

Let’s proceed to the client-side desktop that is connected to Windows Server domain.

  • This PC is connected to the Windows Server domain.

     

    image.png


 

Back to top