Skip to main content
All CollectionsUsing Guardz
Device Agent Deployment via Group Policy (GPO)
Device Agent Deployment via Group Policy (GPO)
Updated over 5 months ago

Follow the steps below to create a GPO that instead of software deployment, runs as a scheduled task. The main benefit is you don’t need a reboot for the machines and it often works after a few minutes)

When you run that scheduled task as a system, it can start any process. Make sure that Domain Computers have access (NTFS and Share) to the share you are using to run the MSI remotely.

The Task needs to start msiexec and use these arguments:

/i "\\<yourpath>\Guardz Agent.msi" GUARDZ_ORGANIZATION_KEY=<yourorgkey> /qn

Make sure you change the MSI path and the ORG key.

Then assign the GPO to domain computers and do a GPO update /force you can check the eventlog (eventid 1022/11707) application to see the agent installation.

Creating an Immediate Scheduled Task via GPO

  1. Open Group Policy Management Console (GPMC): Navigate to the Organizational Unit (OU) where you want to apply the GPO.

  2. Create or Edit a GPO: Right-click the OU and select "Create a GPO in this domain, and Link it here" or choose an existing GPO to edit.

  3. Navigate to Scheduled Tasks:

    • Go to Computer Configuration -> Preferences -> Control Panel Settings -> Scheduled Tasks.

    • Right-click on Scheduled Tasks, then select New -> Immediate Task (At least Windows 7).

  4. Configure the Task:

    • General Tab:

      • Name the task.

      • Set it to run whether the user is logged on or not.

      • Use the SYSTEM account to ensure it has sufficient privileges.

    • Triggers Tab:

      • Add a New Trigger and configure for "At task creation/modification" to run the task immediately upon policy application.

    • Actions Tab:

      • Click New.

      • Action: Start a program.

      • Program/script: msiexec.exe

      • Add arguments:

        /i "\\<yourpath>\Guardz Agent.msi" GUARDZ_ORGANIZATION_KEY=<yourorgkey> /qn
    • Conditions Tab: Adjust as necessary, typically no changes needed.

    • Settings Tab: Ensure "Allow task to be run on demand" is checked, and adjust other settings as needed.

  5. Apply and Test the GPO:

    • After setting up the GPO, link it to an appropriate OU, site, or domain.

    • Use gpupdate /force on a test computer to apply the new policy quickly and check if the task executes as expected.

You can also apply additional settings to make sure it only runs once;

Did this answer your question?