To deploy the BitTitan Device Management Agent (DMA) using a Group Policy Object (GPO), complete these steps:
- Download the DMA setup file from MSPComplete. Do NOT change the name of the setup file.
- Create a network share that is accessible to all of your customer’s computers, and put the DMA setup file in the share folder.
- Create a Group Policy Object that forces the domain-joined computers in a security filter to execute the DMA setup file through a scheduled task.
These three steps are explained in greater detail below.
NOTE: Some environments have settings which can prevent the successful creation of GPO or the running of scheduled tasks. If you are unable to install DMA with a GPO, our recommendation would be to share the install file from step 1 below with your users either via a Shared Drive or via email in order to allow them to run it themselves. Alternately, you can create a MSI package which can be used to install DMA using your preferred software deployment tool, such as SCCM.
Step 1: Download the DMA setup file from MSPComplete.
- In MSPComplete, click on All Customers from the navigation sidebar.
- Click on the customer name for which you wish to deploy DMA.
- On the horizontal menu bar, click Users.
- Click Add Users, and then click Add Users via Device Management Agent.
- On the Add Users via Device Management panel, click Device Management setup file to download the DMA setup file to your local drive. Please note that this file should not be renamed or altered in any way or it could cause issues when DMA is installed.
Note: These instructions are more detailed than those listed in the Add Users via Device Management Agent panel.
Step 2: Create a network share that is accessible to all of your customer’s computers, and put the DMA setup file in the share folder.
Note: For more information about Windows Server file and storage services, read File and Storage Services Overview.
- Log on to the file server as an administrator.
- Click Start and search for Server Manager.
- Click Server Manager from the search results.
- Click File and Storage Services.
- Click Shares.
- Next to Shares, click Tasks.
- Click New Share.
- Continue through the New Share Wizard prompts until finished, then click Create.
- Right-click on the new share in Server Manager, and click Open Share.
- Put the DMA setup file in the share.
- Write down the share's network path. This will be needed when creating the scheduled task.
Step 3: Create a Group Policy Object that forces the domain joined computers in a security filter to execute the DMA setup file through a scheduled task.
- Log on to the Active Directory Domain Controller as an administrator.
- Click Start and search for Group Policy Management.
- Click Group Policy Management.
- Right-click on the desired Active Directory domain, and then click Create a GPO in this domain, and link it here.
- Enter a name for the GPO, and then click Ok.
Note: By default, the GPO will apply to all users and computers that successfully authenticate to the Active Directory domain.
- To narrow the scope of computers that install DMA, select Authenticated Users, and click Remove.
- To confirm the removal, click Ok.
- To add a new security filter, click Add.
- Type the name of the security group that the target computers are a member of, and click Check names.
- Click Ok.
- Right-click on the new GPO, and then click Edit.
- In the console tree, under Computer Configuration, click Preferences > Control Panel > Scheduled Tasks.
- Right-click Scheduled Tasks and click on New, and then click on Immediate Task (At least Windows 7).
Note: For more information about Scheduled Task Items, read the Configure a Scheduled Task Item TechNet article.
- Enter a name and a description for the Scheduled Task.
- Click Change User or Group.
- Type "system" in the Object name text box.
- Click Check Names.
Note: Make sure that the system object name resolves to NT Authority\System.
- Under Security options, click Run whether a user is logged on or not and add a check next to Run with highest privileges.
- In the Configure for drop-down menu, select Windows 7, Windows Server 2008 R2.
- Click the Actions tab
- Click on New.
- In the Action drop-down menu, select Start a program.
- In the Programs/script text box, enter the network path for the DMA setup file.
Note: If you use the Browse button to find the location of the script, then it will add the path as c:\xxxx. This is incorrect since the script needs to include the UNC path and not the local path. Be sure to replace the c:\ format with the \\servername\sharename\ format.
- If the customer's computers use a proxy, you must add a command line parameter into the Add arguments field to ensure that DMA is able to transmit data through the proxy. Read the How do I deploy the Device Management Agent on computers that use a proxy? article for more information.
- Click Ok.
- Click the Conditions tab.
- Add a checkmark next to Start only if the following network connection is available, and then select Any connection.
- Click Ok.
- Close Group Policy Management Editor, and then close Group Policy Management.
The DMA setup file will execute on user computers at the next Group Policy refresh, typically every 90 minutes, with a random offset of 0 to 30 minutes.