How to install PG Desktop via Group Policy
- Christopher R. Perry
Problem
You want to install PG Desktop on multiple machines without manually interacting with each one. You also do not have access to a 3rd party software deployment service.
Solution
Use Group Policy to deploy PortalGuard desktop along with an MST file to apply specific settings for your deployment.
Requirements
Access to Group Policy Management
A Network Path accessible to all machines/users on the domain with at least ‘Read’ access.
Implementation Steps
From a Domain Controller on your network, Launch the Group Policy Management utility.
You can either use the ‘Search’ functionality, or use ‘run’ and execute the following:
gpmc.msc
Right-click your domain name in the left-hand navigation bar and choose the option to ‘Create a GPO in this domain and Link it here…’
Set a name for the GPO.
e.g. “PG Desktop Installation”
Right-click the new GPO from the left-hand navigation bar and select ‘Edit' to bring up the GPO editor.
In the new ‘Group Policy Management Editor’ window, expand Computer Configuration → Policies → Software Settings within the left-hand navigation bar.
Right-click ‘Software Installation’ and choose New → Package…
Point to the PortalGuard Desktop Installation MSI.
IMPORTANT: You MUST point to the MSI on a Network Share, otherwise client machines will not be able to access the MSI in order to complete the installation.
On the ‘Deploy Software’ screen, choose ‘Advanced’ and click ‘Okay’.
Required for utilizing the MST.
Navigate to the Modifications tab and click ‘Add…’.
Point to the MST file.
IMPORTANT: You MUST point to the MST on a Network Share, otherwise client machines will not be able to access the MST in order to apply custom settings to the base MSI.
Click ‘Ok’.
Still within the ‘Group Policy Management Editor’ window, enable the following settings:
Computer Configuration → Policies → Administrative Templates → Windows Components → Windows Installer
Enable the ‘Always install with elevated permissions’ setting.
Computer Configuration → Policies → Administrative Templates → System → Logon
Enable the ‘Always wait for the network at computer startup and login’ setting.
Computer Configuration → Policies → Administrative Templates → System → Group Policy
Enable the ‘Configure Software Installation policy processing’ setting and then check the ‘Allow processing across a slow network connection’.
We also recommend configuring the following settings to ensure that the MSI distribution process is smooth and seamless:
Computer Configuration → Policies → Administrative Templates → Windows Components> Window Installer → Always install with elevated privileges
Computer Configuration → Policies → Administrative Templates → System → Logon → Always wait for the network at computer startup and logon
IMPORTANT: You may wish to leave this setting at the default (disabled) if you require frequent ‘offline’ use of your domain-joined workstations (e.g. Remote Work).
Computer Configuration → Policies → Administrative Templates → System → Group Policy → Software Installation policy processing
Check “Allow processing across a slow network connection”
Close the ‘Group Policy Management Editor’ window.
Within the Group Policy Management utility, select the GPO that you just created.
On the right-hand side of the screen, update the ‘Security Filtering’ section to apply a scope of only the machines you wish to have the PG Desktop software installed on.
