Deployment via Group Policy on Windows Servers/Active Directory

This guide describes how to use an Active Directory Group Policy to automatically install Emsisoft Enterprise Security (including all product edition plans) on client computers. It’s assumed that you are familiar with how to operate your Windows network, that you have already setup Windows Server and have configured your users and groups in Active Directory.

Key benefits of installing Emsisoft via GPO:

• One click installation, no logins or keys required. When using the /Quiet parameter, installation runs without any user interaction invisibly in the background.
• Installed devices will automatically show up on your workspace in the Management Console within seconds.
• Admins can select in which settings policy group a new device gets added. You can have individual installers for each policy group.
• No scripting required, very basic process.

1. Create a share that acts as a distribution point

Log on to your Server and create a shared network folder where you will put the Microsoft Windows Installer package (.msi file) that you want to distribute. Set the user permissions on the share to allow your clients to access it.

2. Download the installer from your Emsisoft workspace

Log in at MyEmsisoft and navigate to your organization’s workspace.

Option A)
To add newly installed devices to the default ‘New devices’ policy group, use the ‘Add device’ button on the workspace dashboard to download the software. Click the ‘Alternative downloads’ option in the popup to see the MSI installer links.

Option B)
To add newly installed devices to a specific policy group, navigate to the ‘Protection policies’ in your workspace and select the target policy group. In the ‘Policy Settings’ section, click ‘Create’ to generate a new unique installer token. Select for how long your token should stay valid for further installations. Choose a short period of time if there is a risk that your installer gets leaked to non-trusted clients. Once the token is created, click your unique token sequence to get to the MSI installer downloads.

Place the downloaded tagged installer on your earlier created file share.

3. Create a Group Policy Object (GPO) to initiate distribution

Open the ‘Active Directory Users and Computers’ panel in Windows and navigate to the ‘Group Policies’ section in your domain. Create a new GPO with a suitable name for the new policy (e.g. Emsisoft Installation Policy) and leave ‘Source Starter GPO’ as ‘(none)’.

Click on the newly created policy and then select the ‘Settings’ tab on the right. Right-click anywhere and select ‘Edit…’.

Expand ‘User Configuration > Policies > Software Settings’, right-click on ‘Software installation’ and select ‘New > Package…’. Select the network location of the Emsisoft installer. In the dialog that appears select ‘Assigned’ and click ‘OK’.

4. Installation at logon time

When your configured client computers start, the managed software package is automatically installed.

Emsisoft Enterprise Security gets automatically connected to your workspace (including licensing) and assigned to the protection policy group that you took the installer from.

You don’t need to specify a license key or user account during installation. For installations without any visible user interaction, please use the /Quiet parameter with the MSI installers.