How do I deploy the Device Management Agent with a Group Policy Object (GPO)?
To deploy the BitTitan Device Management Agent (DMA) using a Group Policy Object (GPO), complete each of the steps detailed below, in order:
- Download the DMA setup file from MSPComplete.
- Create a network share that is accessible to all of your customer’s computers, and put the DMA setup file in the share folder.
- Create a Group Policy Object that forces the domain joined computers in a security filter to execute the DMA setup file through a scheduled task.
The Install the Device Management Agent with a Group Policy Object video covers the steps in this article.
The sections below provide more detailed instructions for the steps above.
Step 1: Download the DMA setup file from MSPComplete.
- In MSPComplete, click on All Customers from the navigation sidebar.
- Click on the customer name for which you wish to deploy DMA.
- On the horizontal menu bar, click on Users.
- Click on Add Users, and then click on Add Users via Device Management Agent.
- On the Add Users via Device Management panel, click on Device Management Agent setup file to download the DMA setup file to your local drive.
Note: The instructions here are more detailed than those listed in the Add Users via Device Management Agent panel.
Step 2: Create a network share that is accessible to all of your customer’s computers, and put the DMA setup file in the share folder.
Note: For more information about Windows Server file and storage services, read the File and Storage Services Overview TechNet article.
- Log on to the file server as an administrator.
- Click on Start and search for Server Manager.
- Click on Server Manager from the search results.
- Click on File and Storage Services.
- Click on Shares.
- Next to Shares, click on Tasks.
- Click on New Share.
- Continue through the New Share Wizard prompts until finished, then click on Create.
- Right-click on the new share in Server Manager, and click on Open Share.
- Put the DMA setup file in the share.
- Write down the share's network path; this will be needed when creating the scheduled task.
Step 3: Create a Group Policy Object that forces the domain joined computers in a security filter to execute the DMA setup file through a scheduled task.
- Log on to the Active Directory Domain Controller as an administrator.
- Click on Start, and search for Group Policy Management.
- Click on Group Policy Management.
- Right-click on the desired Active Directory domain, and then click on Create a GPO in this domain, and Link it here.
- Enter a name for the GPO, and then click on OK.
Note: By default, the GPO will apply to all users and computers that successfully authenticate to the Active Directory domain.
- To narrow the scope of computers that install DMA, select Authenticated Users, and click on Remove.
- To confirm the removal, click OK.
- To add a new security filter, click Add.
- Type the name of the security group that the target computers are a member of, and click on Check names.
Note: We preconfigured the "US Employees" security group for demonstration purposes. For more information about Active Directory security groups, read the Active Directory Security Groups TechNet article.
- Click OK.
- Right-click on the new GPO, and then click on Edit.
- In the console tree, under Computer Configuration, click on Preferences > Control Panel > Scheduled Tasks.
- Right-click under Scheduled Tasks and click on New, and then click on Immediate Task (At least Windows 7).
Note: For more information about Scheduled Task Items, read the Configure a Scheduled Task Item TechNet article.
- Enter a name and a description for the Scheduled Task.
- Click on Change User or Group.
- Type "system" into the Object name text box.
- Click on Check Names.
Note: Make sure that the system object name resolves to NT Authority\System.
- Under Security options, click on Run whether a user is logged on or not and add a checkmark next to Run with highest privileges.
- In the Configure for drop-down menu, select Windows 7®, Windows Server™ 2008 R2.
- Click on the Actions tab
- Click on New.
- In the Action drop-down menu, select Start a program.
- In the Programs/script text box, enter the network path for the DMA setup file.
Note: If you use the Browse button to find the location of the script, then it will add the path as c:\xxxx. This is incorrect, since the script needs to include the UNC path and not the local path. Be sure to replace the c:\ format with the \\servername\sharename\ format.
- If the customer's computers use a proxy, you must add a command line parameter into the Add arguments field to ensure that DMA is able to transmit data through the proxy. Read the How do I deploy the Device Management Agent on computers that use a proxy? article for more information.
- Click OK.
- Click on the Conditions tab.
- Add a checkmark next to Start only if the following network connection is available, and then select Any connection.
- Click OK.
- Close Group Policy Management Editor, and then close Group Policy Management.
The DMA setup file will execute on user computers at the next Group Policy refresh, typically every 90 minutes, with a random offset of 0 to 30 minutes.