Installing from a central location by using group policy

You can use a Group Policy Object (GPO) to automate the deployment of Centrify Agent for Windows. Because automated installation fails if all the prerequisites are not met, be sure that all the computers on which you intend to install meet the requirements described in Verify prerequisites.

You can use similar steps to install the Centrify Common Component using the Centrify Common Component64.msi file before you install the agent. If you install the common component first, information about the agent installation is recorded in a log file for troubleshooting purposes. However, you are not required to install the common component separately from the agent.

In most cases, you can use the default agent settings defined in the Group Policy Deployment.mst transform file. If you want to modify the default settings prior to installation, see the instructions in Installing silently by using the Microsoft Windows Installer.

To create a Group Policy Object for the deployment of Centrify Agents for Windows:

  1. Copy the Centrify Agent for Windows64.msi and Group Policy Deployment.mst files to a shared folder on the domain controller or a location accessible from the domain controller.

    When you select a folder for the files, right-click and select Share with > Specific people to verify that the folder is shared with Everyone or with appropriate users and groups.

  2. On the domain controller, click Start > Administrative Tools > Group Policy Management.

  3. Select the domain or organizational unit that has the Windows computers where you want to deploy the Centrify Agent, right-click, then select Create a GPO in this domain, and Link it here.

    For example, you might have an organizational unit specifically for Centrify-managed Windows computers. You can create a group policy object and link it to that specific organizational unit.

  4. Type a name for the new Group Policy Object, for example, Centrify Agent Deployment, and click OK.

  5. Right-click the new Group Policy Object and click Edit.

  6. Expand Computer Configuration > Policies > Software Settings.

  7. Select Software installation, right-click, and select New > Package.

  8. Navigate to the folder you selected in Step 1, select the Centrify Agent for Windows64.msi file, and click Open.

  9. Select Advanced and click OK.

  10. Click the Modifications tab and click Add.

  11. Select the Group Policy Deployment.mst file, click Open, and click OK.

  12. Close the Group Policy Management Editor, right-click the Centrify Agent Deployment group policy object, and verify that Link Enabled is selected.

By default, when computers in the selected domain or organizational unit receive the next group policy update or are restarted, the agent will be deployed and the computer will be automatically rebooted to complete the deployment of the agent.

If you want to test deployment or deploy immediately, you can open a Command Prompt window to log on to a Windows client as a domain administrator and force group policies to be updated immediately by running the following command:

gpupdate /force

After installation, all of the registry settings that were specified in the MSI and MST files are configured. If you need to change any of the default agent settings, open the DirectAudit Agent Control Panel or the Registry Editor.

For more information about how to configure and use Group Policy Objects, see the documentation on the Microsoft Windows website.