Skip to main content

Group Policy Object (GPO) installation method

Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.

Microsoft provides a program snap-in that allows you to use the Group Policy Management Console (GPMC) to create and edit a Group Policy Object (GPO). You configure the GPO to define software installation options for selected Active Directory containers such as sites, domains, or organizational units (OU).

Important

To use the GPO installation method, the target systems for agent installation must be members of an Active Directory domain. A domain user must log into each target system to complete the installation process.

Before you begin

  • Make sure you have completed all the steps in the Windows agent silent mode preparation and know the network path to the shared silent mode installer script (for example, \\my-server\WindowsAgent\DigiCertAgentGPOInstaller.bat).

  • Make sure you can access the Group Policy Management Console (GPMC) feature on the server where you will create the GPO object.

Create the GPO for agent installation

Use the GPMC to create the GPO and add the agent silent mode installer script (DigiCertAgentGPOInstaller.bat) as a logon script:

  1. Select Start, navigate to Administrative Tools, and then select Group Policy Management.

  2. In the console tree, right-click your domain, and then select Create a GPO in this domain, and Link it here...

  3. Enter a name for this new policy, and then select OK.

  4. Back in the console tree, under your domain, right-click on the GPO you created and select Edit.

  5. Expand User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff).

  6. Right-click Logon and select Properties.

  7. In the Logon Properties window, in the Scripts tab, select Add.

  8. In the Add a Script window, select Browse to add the DigiCertAgentGPOInstaller.bat script using the shared universal naming convention (UNC) path.

    Important

    Make sure to use the UNC path for the installer script via the shared network distribution point (for example, \\my-server\WindowsAgent\DigiCertAgentGPOInstaller.bat)).

  9. Select Open and then select OK.

  10. Select Apply and then select OK to close the Logon Properties window.

What's next

The next time a domain user logs into each target system, the DigiCert agent will install on that system in silent mode in the background.

Agents that were successfully installed and provisioned are listed on the Discovery & automation tools > Agents page in DigiCert​​®​​ Trust Lifecycle Manager. Each agent is named based on the system hostname where it's running.

Dans cette section​: