25/10/2019

Malwarebytes – Deploy to your network with GPO

It can be a real pain going to every computer in your network and manually installing a program, fortunately for you this is not required if you are using windows with a domain controller.

This will only work if you are running Windows Server and if the target workstations are joined to the domain. You also have to install the Group Policy Management feature in server manager if this is not already installed (step 3). This only works on MSI files, not EXE or any other type.

 

Step 1: Download your MSI

If you already have an MSI, great. If not, go to Login to – https://cloud.malwarebytes.com/auth/login

Click – Download – from the left stack menu

Then – Download – the MSI for the windows edition you need.

 

Step 2: Copy the MSI into a file share

You need to create a folder on your server for the software installation package, for example a ‘Packages’ or ‘Software’ folder. Copy the MSI file into this folder, and then right-click the folder, and go to “Share with” –> “Specific people”. Type “Domain Computers” in the search box, and then give the “Domain Computers” account read permissions and click “Share”.

 

Step 3: Open or install Group Policy Management

Open Group Policy Management from “Start” –> “Administrative Tools” –> “Group Policy Management”.

If it is not installed, go to the “Server Manager” (also in Administrative tools) and go to the “Features” tab on the left hand side and then click “Add Features” in the pane on the right. Check the box in the new window that says “Group Policy Management”, and then click through the next few screens. It will install and then you can open it like above.

 

Step 4: Go to the existing policies

Navigate to “Forest: YOURDOMAIN” –> “Domains” –> “YOURDOMAIN” –> “Group Policy Objects”. This is where your GPO’s are stored.

 

Step 5: Create a new GPO

Right click the folder “Group Policy Objects” and click New. Type in a name for your GPO “Install MalwareBytes”. Once you create your new GPO, it will show up under the “Group Policy Objects” folder. Click on the new GPO with the name that you just assigned. In the right pane on the bottom, there is a box that says “Security Filtering”. Click on and remove the “Authenticated Users” entry. If you want this program deployed on certain computers, add all of the specific computer names that you want the software to be deployed on. Otherwise, if you want it on all computers, add the group “Domain Computers”. Go back up to the “YOURDOMAIN” folder (in the navigation pane) and right-click it. Click “Link an existing GPO”. Click your new GPO’s name and click OK.

 

Step 6: Add your MSI

Now go back to the GPO under “Group Policy Objects” folder, and right-click it. Click on “Edit”. A new window will open. Navigate to “Computer Configuration” –> “Policies” –> “Software Settings” –> “Software installations”. Right click inside the empty pane on the right and go to “New” –> “Software Package”. In the new windows that pops up, Navigate to the share that you created earlier (\\YOURSERVERNAME\PACKAGES), not the physical folder on the server (C:\EXAMPLE\PACKAGES), and select your MSI. Click the “Assigned” bubble and then click OK.

 

Step 7: Close and make it happen

Your almost done. Just close all of your windows on the server and reboot all of your workstations. When they start, they will install your program before the computer allows a user to logon. As it sits there and says “Please wait…” for the longest time, it is installing the program, not being slow. (Note: It may take a couple of restarts for the server to update the GPO on the workstations.)

 

Not so simples…  Please contact one of the friendly team at support@empsn.org.uk 

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners