Get your customized GPO script
Kindly consult with your Block 64 Technical Agent or designated partner to obtain the tailored Group Policy Object (GPO) deployment script and Agent MSI.
To set up scripts on the domain controller
Copy the script and Agent MSI to a shared network folder on the domain accessible at logon to all users. It is important these two files are in the same location. For example, adding the MSI and script to "C:\WINDOWS\SYSVOL\domain\scripts" would achieve this, which then can be removed after assessment.
Additional considerations:
- You must be a member of the Domain Administrators security group to configure scripts on a domain controller.
- Ensure when saving the script, to not include any spaces in the script file name or file path. (for example; "Discovery_Agent_Script.bat" as opposed to "Discovery Agent Script.bat"). If spacing cannot be avoided, please add quotations to the file path when creating the GPO.
Create a Group Policy Object
To create a Group Policy Object (GPO) to use to distribute the script, follow these steps:
- Start the Active Directory Users and Computers snap-in by clicking Start, pointing to Administrative Tools, and then clicking Group Policy Management.
- Expand Forest (your forest) > Domains (your domain).
- Right-click on Group Policy Objects and select New.
- Enter a name for your policy and leave Source Starter GPO as (none).
- Click Properties, and then click the Security tab.
- Clear the Apply Group Policy check box for the security groups that you don’t want this policy to apply to.
- Select the Apply Group Policy check box for the groups that you want this policy to apply to. When you’re finished, click OK.
To assign computer startup scripts
Open the Group Policy Management Console (GPMC). Right-click the Group Policy Object you want to edit, and then click Edit.
- In the console tree, navigate to Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown).
- In the results pane, double-click Startup.
- In the Startup Properties dialog box, click Add.
- In the Add a Script dialog box, do the following:
In Script Name, type the path of the script, or click Browse to search for the script file in the shared folder location.
In Script Parameters, leave it blank.
- Click OK to save the changes.
Important Note: Ensure the file path is the network location as opposed to the local path. For example use:
"\\network\sharedfolder\Discovery_Agent_Script.bat"
instead of
"C:\sharedfolder\Discovery_Agent Script.bat"
Link the GPO to your domain
To apply the startup script, use the Group Policy Manager to link the GPO to the domain or container containing devices where you want the Block 64 discovery agent installed.
- Right-click on the container/OU, select Link an Existing GPO, and select the GPO from the list that appears.
- Once the GPO is linked, when any device in the selected domain/OU is rebooted, the GPO will install the Block 64 discovery agent.