How to use Active Directory group policy object (GPO) to distribute the endpoint?

To distribute the iSheriff endpoint installation through group policy object (GPO), you need to write a installation script for Windows operating system.

Check in your script to see if the endpoint is installed, because your script should only install the endpoint if it is not already installed. Follow the steps below:

· Create a shared folder



Create a folder and turn on sharing in the Properties menu.


· Create a batch file in the shared folder, for example "iSheriffEP.bat". This can be done in any text editor (DO NOT use word or WordPad).

· Type the following commands into the batch file and save it.

copy \\server\folder\EndpointSecurity.msi C:\Temp\

copy \\server\folder\isf.cfg C:\Temp\

msiexec /package C:\Temp\EndpointSecurity.msi /quiet

del C:\Temp\EndpointSecurity.msi

del C:\Temp\isf.cfg




Command listed above uses example \\server\folder, update it accordingly.


Test your batch file manually to make sure it runs on other workstations. You can do this by opening the server path to the file on a workstation (\\server\folder) and attempting to run the file (\\server\folder\filename.bat). If the file does not run, verify the permissions.


· Open the Group Policy Management Console.


· Create a new Group Policy Object (GPO) on the organization unit (OU) in which your computer accounts reside. You may use an existing Group Policy. To create a new GPO follow the steps below:


In the console tree, right-click Group Policy Objects in the forest and domain in which you want to create a Group Policy object (GPO).

Click New.

In the New GPO dialog box, specify a name for the new GPO, and the click OK.

· Open Computer Configuration à Policies à Windows Settings à Scripts (Statup/Shutdown)

· In the details pane, double-click Startup.

· In the Startup Properties dialog box, click Add.

· In the Add a Script dialog box, under Script Name, type the full network path to the script batch file and the script batch file name was created earlier, or you may click Browse to search for the script file in the Net logon shared folder on the domain controller  




Type the UNC network path and not the drive letter.

Example: \\server\folder\filename.bat

· Click OK.

· Close the Group Policy Management Console.

· Open Command Prompt and run it as Administrator

· Run the gpupdate /force command at the command prompt to refresh the group policy.



The iSheriff endpoint application should be installed on start-up. The client may not be fully functional until a reboot occurs.