Group Policy with PowerShell Installation

Introduction

Follow this article to install the Blackpoint SNAP-Defense agent to your customer network using a Group Policy to run the PowerShell script created in the Configuring the PowerShell Script article. 

Prerequisites

  • Endpoints requiring the SNAP agent are joined to a domain.
  • Access to the Domain Controller. 
  • The modified .ps1 PowerShell file created by the Configuring the PowerShell Script process.

Instructions

  1. Copy the PowerShell file to a share that is accessible to the endpoints. In this article, we will use the NETLOGON share from the domain controller.
    1. From the domain controller, launch cmd.exe.
    2. Run the net share command.
    3. Note the resource path for the NETLOGON share. In this example, we will be using the share path \\SVGJOE-DC1\NETLOGON.
    4. In File Explorer, navigate to the directory and copy the PowerShell script there.
  2. Launch the Group Policy Management Console.
  3. Right-click the domain containing the endpoints to install the SNAP Agent on. Click Create a GPO in the domain, and Link it here...
  4. Name the GPO "Blackpoint".

  5. Right-click the newly create GPO and click Edit...

  6. Navigate to User Configuration > Preferences > Control Panel Settings > Scheduled Tasks. Right-click New > Immediate Task (At least Windows 7).

  7. Name the task "Install Blackpoint".

  8. Click Change User or Group...

  9. Type "System" in the Enter the object name to select box, click Check Names, and then click OK.

  10. Select Run whether user is logged on or not.

  11. Check the Run with highest privileges checkbox.

  12. Select "Windows 7, Windows Server 2008R2" (or as appropriate) from the Configure for: drop-down menu.

  13. Select the Actions tab and click New...

  14. Select "Start a program" under Actions.

  15. Set the Program/script to powershell.exe.

  16. Set Add arguments: to the share path you copied the PowerShell script to using the format: 

    -ExecutionPolicy Bypass -File "\\<server>\<share>\<filename>.ps1"
    In this example, we would set the argument to: 
    -ExecutionPolicy Bypass -File "\\AVGJOE-DC1\NETLOGON\InstallBlackpoint.ps1"

  17. Click OK.
  18. Select the Common tab.
  19. Check Apply once and do not reapply.
  20. Review the other options in the Conditions, Settings, and Common tab to ensure that they meet the needs of your environment.
  21. Click Apply.