Skip to main content

Deploy Quickpass Agent via Group Policy - Command Line Script

  • Updated

 

Introduction

This is a guide to deploying the Quickpass Agent via Microsoft Group Policy for On Premise Active Directory Environments via Command Line

Prerequisites

 

Implementation

 

Prepare the script

  1. Copy and modify the script here. 
    1. Alter the "OUTPUTPATH" value to a Folder you want to store the installer EXE
    2. Alter lines 9 & 10 with the InstallToken and Client Agent ID values.
  2. Copy that script to a File Share or use a GPO Startup Script Location
    1. If using a File Share make sure that the DOMAIN COMPUTERS security group has access to that Share and Folder
    2. You can use the SysVOL share which all Domain joined systems have access to.  See the Group Policy section (Step 7) below for these instructions.

Create a GPO to Push to Domain Systems via Command Line

  1. Log on to a Domain Controller as a Domain Admin
  2. Open the Group Policy Management Console for the Domain
  3. Decide what OU level you want this to be configured for
    1. You can use a Sub OU to run a test on a sample set of Computers (this is a Computer Based Group Policy) or you can set the Policy at the Root of the Domain and specify a Security Group Containing the computers you want to trial this for.
    2. Once your Proof of Concept has been confirmed to work, then you can add the Group Policy to other OUs or add additional computers to the Defined Security Group
  4. Right click the location you want to start configuring this Policy on and select "Create a GPO in this Domain and Link it Here
    mceclip0.png
  5. Name the GPO something appropriate for what you are trying to accomplish
  6. Right Click that new GPO that you created and Select Edit
  7. If you want to use the SysVol location to store the PowerShell script to execute, please follow these steps.  If using a File Server/Shared Folder please move on to Step 8.2
    1. Expand Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown)
    2. Double Click Startup
    3. Click Show Files
    4. Paste the tested script into this Folder and close the File Browser window
  8. Click Add Button -> Browse
    1. If you are using SYSVOL/GPO folder click on the file that appears (it should be there because you pasted it in on step 7.4)
    2. If you are using a File share to store the script file - browse to that location VIA UNC Path (Drive Map/File Path will not work)
    3. Click OK until you have cleared all the open Windows and then close the Edit GPO screen.
  9. You can limit the Security Filtering for this Start Up Script if you want to further limit which systems you are applying this to.
    1. You can also use WMI Filtering if you are familiar with the configuration.
  10. Now you can test on a sample set of systems in that OU by restarting them
    1. Create a Security Group and add a few Computers to that Group (remember this Policy applies to the Computer not the user)
    2. In the Security Filtering section of the Policy you just created click ADD and add that newly created Group to the list.
      1. Once you have tested that this works on those machines, you can remove the Group entirely from the Security Filtering List or add additional machines to the Group or Link the GPO to other OUs.

 

 

Troubleshooting

  1. This script will check and output to a log file in the path you specified for the installer to be stored.
    1. Does the Quickpass Agent Service exist (it doesn't check if it's running)?
      1. If so it skips the entire process - this makes sure it doesn't install over and over again.  This overwrites the log file.
    2. Outputs all steps performed to the Log file.  Review this if you have any challenges.

 

 

 

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.