In order to deploy the HEIMDAL Agent through an Active Directory GPO, you need the HEIMDAL Agent MSI Installer file with the Heimdal license key included (you can use the Orca software to embed the HEIMDAL license key in the MSI Installer. For more information on how to use Orca to add a license key in the MSI Installer click here).
Creating a Shared Folder
1. Create a Shared Folder where the Heimdal MSI Installer will be placed.
2. Choose the people in your network you want to share this folder with and establish their permission level.
Creating a new GPO
1. On the Domain Controller, open Server Manager, click on Administrative Tools, and then on Group Policy Management.
2. Under the domain where you want to create the new GPO, select and right-click Group Policy Objects, choose New GPO and type the name of the new GPO:
3. Once created, select and right-click the newly-created GPO and open the Group Policy Management Editor. Here you can configure the deployment through Computer Configuration or through User Configuration:
a. For Computer Configuration select the following: Computer Configuration -> Policies -> Software Settings -> Software installation (right-click)/New Package)/Open and select the MSI Installer. In the Deploy Software window, choose the Assigned option (this way, the installation will run without user interaction) and press OK.
The deployment settings should look like in the snippet below:
Press OK and the GPO is now configured to install the HEIMDAL Agent.
b. For User Configuration select the following: User Configuration -> Policies -> Software Settings -> Software installation (right-click)/New Package)/Open and select the MSI Installer. In the Deploy Software window, chose the Assigned option (this way, the installation will run without user interaction) and press OK.
Select the “Heimdal” package, right-click on it, select Properties, and then the Deployment tab. Select the Assigned type for the Deployment type and choose to Install this application at logon. This way the users will have the HEIMDAL Agent installed at the next login.
After you press Apply and OK, the GPO will be configured to deploy and install the HEIMDAL Agent in your environment.
Applying the GPO to the client machine
On the client machine, you can force the appliance of the Group Policy Object by running the following line from Command Prompt:
gpupdate /force /boot /logoff
This should silently install the HEIMDAL Agent and you will be able to see it in Control Panel -> Programs and Features list after it gets installed.
If you choose to deploy the HEIMDAL Agent through a GPO with Computer Configuration, make sure you also use one of the following options in the GPO (one of them or both):
- Computer Settings -> Policies -> Administrative Templates -> System -> Logon -> Always wait for the network at computer startup and logon -> Enabled
- Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy -> Specify startup policy processing wait time
Here you can specify an interval between 30 seconds and 60 seconds, depending on how you see fits.