Zecurit supports agent deployment through Group Policy Objects (GPO), allowing administrators to silently install the Zecurit Agent across multiple domain-joined Windows machines without user interaction.
This method is ideal for large on-premises environments with Active Directory (AD) and ensures consistent agent deployment during machine startup.
What is GPO-based Deployment?
Group Policy Objects (GPOs) allow centralized configuration of Windows environments in Active Directory domains. By attaching a startup script to a GPO, you can silently install the Zecurit Agent on every machine that applies the policy.
When to Use This Method
Use GPO enrollment when:
- You have a Windows domain environment with Active Directory
- You want to silently install agents at system startup
- You need consistent, policy-based deployment to a large group of devices
Step-by-Step: Installing the Zecurit Agent via GPO
Prerequisites
- Active Directory Domain Services (AD DS) configured
- Group Policy Management Console (GPMC) installed
- Network share accessible by all target computers
- Administrative rights to create and deploy GPOs
Step 1: Prepare the Installation Script
- Download the Agent Package
- From the Zecurit portal, download the file:
ZecuritAgentStartupScript.zip
- From the Zecurit portal, download the file:
- Extract the Package
- Unzip the archive to reveal:
ZecuritAgentStartup.bat(Startup script)ZecuritAgentInstaller.msi(Agent installer)
- Unzip the archive to reveal:
- Copy to a Shared Network Folder
- Move all extracted files to a shared path accessible to target devices, such as:
\\\\Server\\MyShare\\ZecuritAgentStartup.bat
- Move all extracted files to a shared path accessible to target devices, such as:
???? Tip: Ensure the share has read permissions for all target computers.
Step 2: Create and Configure the GPO
- Open Group Policy Management Console
- Press
Win + R, typegpmc.msc, and press Enter.
- Press
- Right-click the domain or OU where you want to deploy the agent.
- Select “Create a GPO in this domain, and Link it here”.
- Name the GPO (e.g.,
Zecurit Agent Deployment) and click OK.
Step 3: Configure the Startup Script in GPO
- Right-click the created GPO and choose Edit.
- In Group Policy Management Editor, navigate to:
Computer Configuration → Windows Settings → Scripts → Startup - In the Startup Properties window:
- Click Add, then Browse to the shared folder OR
- Paste the script path:
\\\\Server\\MyShare\\ZecuritAgentStartup.bat
- Click OK to confirm and close the editor.
Ensure that the script runs under Computer Configuration, not User Configuration.
Step 4: Assign the GPO to Target Computers
- In Group Policy Management, select the GPO you created.
- Navigate to the Security Filtering section:
- Click Add
- In the Object Types, check Computers
- Enter the names of target machines or an AD group (e.g.,
Workstations-DeptA) - Click OK to apply.
This ensures only selected devices will apply the policy and receive the agent.
Step 5: Agent Deployment and Execution
- On the next system startup, the script will execute automatically.
- The agent will be installed silently in the background.
- Once installed and connected, the devices will appear in the Zecurit dashboard under Devices > All Devices.
If a machine does not reboot, the script won’t run — ensure all target machines restart to apply the policy.
Troubleshooting Tips
- Confirm that the shared folder is accessible by the target computers (try accessing via UNC path).
- Use gpresult /r on client machines to confirm GPO is applied.
- Check Event Viewer under
Applications and Services Logs → Microsoft → Windows → GroupPolicyfor script execution errors. - Ensure
.msiinstaller and.batscript are not blocked by antivirus or UAC.
Using Group Policy Startup Script, you can efficiently deploy the Zecurit Agent across multiple domain-joined Windows devices.