Agent Rollout via Active Directory Policy

Prepare a public distribution share (SMB) where the install files will be stored

We are not using .MSI packages since the installation is normally just done when the computer is restarted (which is not always possible for servers).

We recommend using the Active Directory NETLOGON share because:

  • it normally available on every site
  • it is replicated automatically across the domain sites

You can use also other public availabe network shares (Access Level: Everybody read/execute), please adopt the next steps to your domain configuration and selection of the distribution share.

  • login as domain administrator on domain controller
  • locate the NETLOGON share (this is typcially the FQDN of your Active Directory)
  • e.g. FQDN: hs2n.local → Netlogon Share: \hs2n.local\NETLOGON
  • create a folder called "Wuinstall_Cloud_Agent"
  • copy the .exe File downloaded in step 1 to the folder
  • create a batch file called "wuinstall_cloud_agent_install.bat"
  • open the new file "wuinstall_cloud_agent_install.bat" with notepad and enter the following CODE
  • Version 1 (very simple, just checks if at least an agent is installed, and does and install when not installed) - Future Agent Update will be done over internet

wuinstall_cloud_agent_install.bat

if exist "C:\Program Files (x86)\PatchAll\patchall_service.exe" goto nothing
if exist "c:\program files\Patchall\patchall_service.exe" goto nothing
echo Install Patchall
%~dp0PatchAllSetup-hs2n-1_2_0_8.exe /S
echo Install Finished
exit

:nothing
echo Patchall is already installed, doing nothing

Version 2 (more sophisticated, you can also do updates by creating an additional Batch File called serverversion.bat)

wuinstall_cloud_agent_install_with_version.bat

if exist "%ProgramFiles(x86)%\PatchAll\version.bat" call "%ProgramFiles(x86)%\PatchAll\version.bat"
if exist "%ProgramFiles%\Patchall\version.bat" call "%ProgramFiles%\Patchall\version.bat"

echo program verzeichnis %~dp0
call %~dp0serverversion.bat
if "%localversion%"=="%serverversion%" goto nothing

echo Install Patchall
%~dp0PatchAllSetup-hs2n.exe /S /U
echo echo Install Patchall
if exist "%ProgramFiles(x86)%\PatchAll\" echo set localversion=%serverversion% >"%ProgramFiles(x86)%\PatchAll\version.bat"
if exist "%ProgramFiles%\Patchall\" echo set localversion=%serverversion% >"%ProgramFiles%\Patchall\version.bat"

rem echo Install Finished

exit

:nothing

echo Patchall is already installed, doing nothing

serverversion.bat

set serverversion=1.2.0.8

Adopt the LINE %~dp0PatchAllSetup-hs2n-1_2_0_8.exe /S with the .exe file you got in Step 1 (make sure that the %~dp0 and the /S is not touched)

the final folder structure should look like this (the .exe filename will be different) screenshot

Create a new GPO object with a scheduled task

screenshot

  • Right-click this newly created GPO and then click Edit.
  • Expand computer or user configuration and then go to the following path:
    • Preferences -> Control Panel Settings -> Scheduled Tasks
  • Right-click on scheduled tasks and then click New -> Scheduled Task (Windows Vista and Later)
  • Change the following properties in Tab "General"

screenshot

  • Tab Trigger → click on "New ..." and change the properties

screenshot

  • Tab Actions → click on "New ..." and then "Browse ..." and select the .bat file that we have create step 2 on the NETLOGON Share e.g.

screenshot

  • Make sure that you are using an UNC Path, do not use the name of the a specific domain controller, but always use the "domain FQDN"
    • e.g. \\hs2n.local\netlogon\Wuinstall_Cloud_Agent\wuinstall_cloud_agent_install.bat
  • Click OK and the Apply
  • Link the GPO Object to a test OU (organisational unit)
  • Wait a few minutes until the GPO objects and links are replicated
  • Execute the gpupdate on a computer and check if the scheduled task was created
  • wait until its executed automatically and manually check if the Wuinstall Cloud Agent Folders are created on the machine

Firewall exceptions

The Wuinstall Cloud Agent is communcation via https (port 443) to the Wuinstall Cloud Server (https://patchall.wuinstall.com). Please configure your local firewall to allow port 443 from all windows client machines to patchall.wuinstall.com.

Verify installation

  • Verfiy that the GP Update is working
  • Verify that the scheduled task is created by the GPO
  • Verify that Wuinstall Cloud Agent is created

screenshot

  • Login to Wuinstall Cloud Console and navigate to Wuinstall / Hardware List

screenshot

  • the computers should show up here