Deploying an MSI via GPO
Hideez Client App – Deploying MSI via GPO
1. Create a distribution point
The first step in deploying an MSI through GPO is to create a distribution point on the publishing server. This can be done by following these steps:
Log on to the server as an Administrator user
Create a shared network folder (this folder will contain the MSI package)
Set permissions on this folder in order to allow access to the distribution package
Copy the MSI in the shared folder
2. Create a Group Policy Object
An MSI package is deployed (distributed) through GPO as a Group Policy Object. In order to create an object for your package, you can follow these steps:
Click on the Start button and open Go to Start and open Group Policy Management (or press Win+R , then type gpmc.msc, then press Enter)
Expand Forest (your forest) > Domains (your domain)
Right-click on you domain and select “Create a GPO in this domain, and Link it here...”
Enter a name for your policy (for example "Install HES application v.3.3.10") and leave Source Starter GPO
3. Assign an MSI package
To edit a GPO, right click it in GPMC and select Edit from the menu. The Active Directory Group Policy Management Editor will open in a separate window.
You should see Computer Configuration and User Configuration, right-click Computer Configuration in the panel and select Edit
Expand Computer Configuration > Policies > Software Settings
Right-click Software Installation and select New > Package
Select your package from the previously configured network share
In the dialog that appears select Assigned and click OK
The selected package will appear in the Software Installation panel
Click OK
Close Group Policy Management Editor
4. Creating a key in the registry with HES server address
Right click it in GPMC and select Edit from the menu. The Active Directory Group Policy Management Editor will open in a separate window.
Expand Computer Configuration Preferences -> Windows Settings -> Registry and select New -> Registry Item
Enter the following values for the key:
- Action: Update
- Hive: HKEY_LOCAL_MACHINE
- Key Path: SOFTWARE\Hideez\Client
- Value Name: client_server_address
- Value Type: REG_SZ
- Value data: [the path to your server] (For example, https://hideez.example.com).
- Action: Update
- Hive: HKEY_LOCAL_MACHINE
- Key Path: SOFTWARE\Hideez\Client
- Value Name: mode
- Value Type: REG_DWORD
- Value data: 1
- Action: Update
- Hive: HKEY_LOCAL_MACHINE
- Key Path: SOFTWARE\Hideez\Client
- Value Name: use_hdongle
- Value Type: REG_DWORD
- Value data: 0 or 1 (1 to use Dongle, 0 to not use)
- Action: Update
- Hive: HKEY_LOCAL_MACHINE
- Key Path: SOFTWARE\Hideez\Client
- Value Name: use_win10
- Value Type: REG_DWORD
- Value data: 0 or 1 (1 to use internal Windows Bluetooth, 0 to not use)
In the current version you need to set only one of the parameters (use_hdongle and use_win10) to 1, the second parameter should be set to 0.
Now you need to restart the workstation and log in with a domain account with the rights to install programs and the Hideez application will be installed
To update, just delete the rule and create a new one with a new msi file.
For more information please read this instruction.