Action1 5 Documentation 5 Installation with Group Policy

Installation with Group Policy

 

With the help of Group Policy, you can install the Action1 agents on multiple computers and servers at once. Agents are distributed to the endpoints without your direct supervision. The Group Policy installation is effective if your workstations and servers reside in the corporate domain.

Currently, there are two options to install Action1 agents via Group Policy:

  • Installation with the Group Policy startup script (Recommended) – see instructions below
  • GPO software installation (Alternative method)

To distribute Action1 agents via GPO startup script

1. Start the Group Policy Management Console and drill down to your domain.

2. Right-click it and select Create a GPO in this domain, and Link it here.

3. Provide a name for a new domain policy, e.g., Action1 agent installation.

4. In the policy settings, proceed to the Delegation tab. Select Add at the bottom of the screen.

5. In the Select User, Computer, or Group window, set the Object Types to “Computer”. Enter the computer name and select Check Names to look up for it. Set new group’s permissions to “Edit settings, delete, modify security”.

Note: Add all the computers where you want to install the Action1 agent.

New Group Policy - the Delegation tab

6. Select the new group and specify Advanced. In the dialog that opens, select the computer group and update permissions: set Apply group policy to “Allow”.

Group Policy - Advanced permissions for a computer

7. Right-click the newly created policy and select Edit and proceed to Computer Configuration / Policies / Windows Settings / Scripts (Startup/Shutdown) / Startup.

8. Double-click the Startup label and select Add to upload the following CMD script:

Note: Copy the script below and replace AGENT_DOWNLOAD_URL with your unique agent download link that you can find on the Install Agent page.

Action1 Agent Installation Script
@echo off

set url=AGENT_DOWNLOAD_URL

rem ** Replace AGENT_DOWNLOAD_URL above with your agent URL
rem ** Copy URL from https://app.action1.com/console/endpoints/add/step-1
rem ** Example:
rem **       set url=https://app.action1.com/agent/12345678-1234-1234-1234-1234567890abc/Windows/agent(My_Organization).msi

rem ***** DO NOT MODIFY THE REST OF THE SCRIPT ****************

set msi=%TEMP%\action1_agent.msi
if exist %WINDIR%\Action1\action1_agent.exe GOTO AlreadyInstalled
if exist %msi% del %msi% 

if exist %WINDIR%\System32\curl.exe goto Curl
powershell.exe -Command "$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri '%url%' -OutFile $env:TEMP\action1_agent.msi | Out-Null"
if ERRORLEVEL 1 GOTO DownloadError
goto Install

:Curl
curl.exe -s -f -o %msi% "%url%"
if ERRORLEVEL 1 GOTO DownloadError

:Install
msiexec /i %msi% /quiet /qn /norestart /l*v %msi%.log
if ERRORLEVEL 1 GOTO InstallError
del %msi%
del %msi%.log
echo Successfully installed Action1 agent
exit 0

:AlreadyInstalled
echo Action1 agent is already installed
exit 0

:DownloadError
echo Download error: %ERRORLEVEL%
exit %ERRORLEVEL%

:InstallError
echo Install error: %ERRORLEVEL%. See %msi%.log for details.
exit %ERRORLEVEL%
Adding a startup script

Notes:

There is no need to run gpupdate /force after applying the policy. The startup script will install the Action1 agent with the next computer reboot.