Technical Support and Services

How to use Active Directory group policy object (GPO) to distribute the endpoint?

To distribute the iSheriff endpoint installation through group policy object (GPO), you need to write a installation script for Windows operating system.

Check in your script to see if the endpoint is installed, because your script should only install the endpoint if it is not already installed. Follow the steps below:

· Create a shared folder

· Create a batch file in the shared folder, for example "iSheriffEP.bat". This can be done in any text editor (DO NOT use word or WordPad).

· Type the following commands into the batch file and save it.

copy \\server\folder\EndpointSecurity.msi C:\Temp\

copy \\server\folder\isf.cfg C:\Temp\

msiexec /package C:\Temp\EndpointSecurity.msi /quiet

del C:\Temp\EndpointSecurity.msi

del C:\Temp\isf.cfg

· Open the Group Policy Management Console.

· Create a new Group Policy Object (GPO) on the organization unit (OU) in which your computer accounts reside. You may use an existing Group Policy. To create a new GPO follow the steps below:

o In the console tree, right-click Group Policy Objects in the forest and domain in which you want to create a Group Policy object (GPO).

o Click New.

o In the New GPO dialog box, specify a name for the new GPO, and the click OK.

· Open Computer Configuration à Policies à Windows Settings à Scripts (Statup/Shutdown)

· In the details pane, double-click Startup.

· In the Startup Properties dialog box, click Add.

· In the Add a Script dialog box, under Script Name, type the full network path to the script batch file and the script batch file name was created earlier, or you may click Browse to search for the script file in the Net logon shared folder on the domain controller  

· Click OK.

· Close the Group Policy Management Console.

· Open Command Prompt and run it as Administrator

· Run the gpupdate /force command at the command prompt to refresh the group policy.