.. include:: /includes.txt ==================================== Installer Windows (Active Directory) ==================================== As Zercurity comes as an MSI it can be distributed to client machines with an Active Directory GPO (Group Policy Object). Before continuing you must have both Active Directory (AD) installed and a Windows File Server, from which to serve the MSI. This walkthrough uses Windows Server 2016 Datacenter edition. .. container:: clear .. image:: /_static/installer_windows_ad_01.png :scale: 40 % :align: right From your Windows Server. Open up the Windows **Server Manager** (which should launch automatically upon login). Select **Tools** -> **Group Policy Management** This will open the **Group Policy Management** window. Within your organisational structure you can apply GPOs to specific teams within your domain. .. container:: clear .. image:: /_static/installer_windows_ad_02.png :scale: 40 % :align: right In this example however, we're going to apply our new policy to the entire domain. This will mean that every computer managed under AD domain will have Zercurity installed. Under your domain **right click** on **Group Policy Objects** and from the context menu select **New**. .. container:: clear .. image:: /_static/installer_windows_ad_03.png :scale: 40 % :align: right Provide a name for your new **Group Policy Object**. We've called ours **Zercurity Installer** Click on your newly created GPO. In the right pane on the bottom, under the heading **"Security Filtering"**. Click on and remove the **"Authenticated Users"** entry. If you want this program deployed on certain computers, add all of the specific computer names that you want the software to be deployed on. **Otherwise, if you want it on all computers, add the group "Domain Computers".** Go back up to your domain (in the navigation pane) and **right-click** it. Click **"Link an existing GPO"**. Click your new GPO's name and click OK. Now go back to the GPO under **"Group Policy Objects"** folder, and **right click** and select **Edit** from the context menu. .. container:: clear .. image:: /_static/installer_windows_ad_04.png :scale: 40 % :align: right This will now open the **Group Policy Management Editor** for our Zercurity Installer GPO. .. container:: clear .. image:: /_static/installer_windows_ad_05.png :scale: 40 % :align: right Under **Policies** -> **Software Settings** there's a tree item called **Software installation**. **right click** and select **New** -> **Package** from the context menu. .. container:: clear .. image:: /_static/installer_windows_ad_06.png :scale: 40 % :align: right You'll now need to provide a **valid** network path for the Zercurity installer. **IMPORTANT** The location of ``zercurity-2.1.msi`` must be hosted from an accessible and readable drive on the network. You can use Window's File Server to host the installer. .. container:: clear .. image:: /_static/installer_windows_ad_07.png :scale: 40 % :align: right Accept the default setting of **Assigned** and click **OK**. .. container:: clear .. image:: /_static/installer_windows_ad_08.png :scale: 40 % :align: right That's it. Zercurity will now be installed when a user next logs onto their machine and you'll see it listed on Zercurity's :doc:`/inventory/assets/index` page. If you are testing this on your location computer first. You can force the installation of Zercurity onto client machines by running the ``gpupdate`` command. This will cause the system to be restarted as Zercurity is installed before the user logs in. .. code-block:: powershell gpupdate /target:computer /force If you need any help. Please raise a ticket via the Zercurity application. Lastly, you can check the GPO rules using the following command: .. code-block:: powershell gpresult /Scope Computer /v