Skip to content
  • There are no suggestions because the search field is empty.

Deploying Block 64 Discovery Agent via Group Policy

This guide will walk you through how to deploy the Block 64 Discovery Agent .MSI using a Group Policy Object (GPO) in an Active Directory environment. Please follow all instructions carefully to ensure a successful deployment.

Step 1: Get Your Customized GPO Script

To begin, contact your Block 64 Technical Agent or your designated partner to obtain:

  • The tailored GPO deployment script

  • The Block 64 Agent MSI installer

 

⚠️ Important: Using the PowerShell script requires your environment to allow PowerShell execution, as well as application download and installation permissions on target devices.

Step 2: Prepare the Domain Controller

  1. Copy the script and Agent MSI to a shared network location accessible to all users at logon.

    • Example: C:\WINDOWS\SYSVOL\domain\scripts

  2. Ensure both the script and the MSI are in the same location.

⚠️ Important Notes:

  • You must be a member of the Domain Administrators security group.

  • Do not include spaces in the script filename or path.

    ✔️ Use: Discovery_Agent_Script.bat
    ❌ Avoid: Discovery Agent Script.bat

    If spaces are unavoidable, enclose the path in double quotes when creating the GPO.

Step 3: Create a New Group Policy Object (GPO)

  1. Open the Group Policy Management Console (GPMC):

    • Click StartAdministrative ToolsGroup Policy Management.

  2. Navigate to: Forest > Domains > [Your Domain]

  3. Right-click on Group Policy Objects and choose New.

  4. Name your new policy and leave Source Starter GPO as (none).

  5. Right-click your new GPO, choose Properties, and go to the Security tab.

  6. Configure permissions:

    • Clear "Apply Group Policy" for groups that should not receive the policy.

    • Select "Apply Group Policy" for groups that should receive the policy.

    • Click OK to save.

Step 4: Assign a Computer Startup Script

  1. In Group Policy Management Console, right-click your GPO and select Edit.

  2. Navigate to:
    Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown)

  3. In the right pane, double-click Startup.

  4. In the Startup Properties dialog box, click Add.

  5. In the Add a Script dialog box:

    • Script Name: Enter the full network path to the script

      ✔️ \\network\sharedfolder\Discovery_Agent_Script.bat
      C:\sharedfolder\Discovery_Agent Script.bat

    • Script Parameters: Leave this field blank.

  6. Click OK to save your changes.

Step 5: Link the GPO to Your Domain

  1. In Group Policy Management, right-click the desired container or OU (Organizational Unit).

  2. Select Link an Existing GPO, then choose the GPO you created.

✅ Once linked, the script will run when any device in the selected domain or OU reboots, triggering the installation of the Block 64 Discovery Agent.

Final Notes

  • Confirm that client devices have read access to the shared folder.

  • Validate deployment by checking installed programs or reviewing event logs after a reboot.

  • The script and MSI can be removed from the share once the agent is installed across all intended devices.