In order to deploy HEIMDAL Agent through a GPO with Task Scheduler, you need the HEIMDAL Installer .msi file with the HEIMDAL license key included (you can use the Orca editor to embed the Heimdal license key) and a batch script that runs the HEIMDAL Agent MSI Installer silently on the scheduled task (the batch script can be found at the end of this article). More information about embedding the Heimdal license key in the MSI Installer with Orca is found here).
1. Create a shared folder where you will store the HEIMDAL Agent MSI Installer and the deployment batch script.
2. Choose the people in your network you want to share this folder with and establish their permission level.
3. On your server (Domain Controller), open Server Manager, click on Tools, and then on Group Policy Management.
4. Under the domain for which you want to create a GPO:
- Select Group Policy Objects
- Right-click
- Choose New and name your New GPO
5. Right-click the newly-created GPO and click Edit to open the Group Policy Management Editor.
6. Extend the Computer Configuration -> Preferences -> Control Panel Settings folders, and select Scheduled Tasks. Right-click Scheduled Tasks and click New -> Scheduled Task (At least Windows 7).
7. Configure the newly-created Scheduled Task with the following settings:
General Tab
Action: Create (or Replace if another scheduled task exists or if the Create option does not work)
Name: HEIMDAL Agent deployment
Description: HEIMDAL Agent deployment
When running the task, use the following user accounts: NT AUTHORITY\System (use this user account since Domain Admin users might not work)
Run whether user is logged on or not - ticked
Run with highest privileges - ticked
Configure for: Windows 7, Windows Server 2008 R2
Triggers tab
Click New and configure the triggers according to your preferences or as in the screenshot below.
Actions tab
Click New, leave the Action on Start a program, and in the Settings section copy and paste the exact path to the batch script (eg. \\Server1\Downloads\heimdal_deploy.bat) and hit Ok.
Conditions tab
Configure the conditions according to your preferences.
Settings tab
Configure the settings according to your preferences.
Common tab
Configure the common settings according to your preferences. After you finish configuring everything, click Apply and Ok.
8. After setting the scheduled task, you need to link the GPO to an OU. In our case, we linked the newly-created GPO to the Computers group in our Heimdal OU.
9. If you want to apply the newly-created GPO to your client computer, run the following command line from the Command Prompt window: gpupdate /force /boot /logoff
10. After the GPO applies to the client computer, you can check for the newly added task in the Task Scheduler.
11. Depending on the run time set for the batch script, you will be able to see that the script will deploy the HEIMDAL Agent silently.
Below you can find the Heimdal Deployment batch script we used for this example.