{"id":2463,"date":"2025-07-02T08:07:37","date_gmt":"2025-07-02T08:07:37","guid":{"rendered":"https:\/\/zecurit.com\/help\/?post_type=docs&#038;p=2463"},"modified":"2025-07-02T08:07:39","modified_gmt":"2025-07-02T08:07:39","slug":"enrollment-via-active-directory-gpo","status":"publish","type":"docs","link":"https:\/\/zecurit.com\/help\/asset-management\/device-enrollment\/silent-and-bulk-enrollment\/enrollment-via-active-directory-gpo\/","title":{"rendered":"Enrollment via Active Directory GPO"},"content":{"rendered":"\n<p>Zecurit supports agent deployment through <strong>Group Policy Objects (GPO)<\/strong>, allowing administrators to silently install the Zecurit Agent across multiple domain-joined Windows machines without user interaction.<\/p>\n\n\n\n<p>This method is ideal for large on-premises environments with Active Directory (AD) and ensures consistent agent deployment during machine startup.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is GPO-based Deployment?<\/h2>\n\n\n\n<p>Group Policy Objects (GPOs) allow centralized configuration of Windows environments in Active Directory domains. By attaching a startup script to a GPO, you can silently install the Zecurit Agent on every machine that applies the policy.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">When to Use This Method<\/h2>\n\n\n\n<p>Use GPO enrollment when:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You have a Windows domain environment with Active Directory<\/li>\n\n\n\n<li>You want to silently install agents at system startup<\/li>\n\n\n\n<li>You need consistent, policy-based deployment to a large group of devices<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Step-by-Step: Installing the Zecurit Agent via GPO<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisites<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Active Directory Domain Services (AD DS)<\/strong>\u00a0configured<\/li>\n\n\n\n<li><strong>Group Policy Management Console (GPMC)<\/strong>\u00a0installed<\/li>\n\n\n\n<li><strong>Network share<\/strong>\u00a0accessible by all target computers<\/li>\n\n\n\n<li><strong>Administrative rights<\/strong>\u00a0to create and deploy GPOs<\/li>\n<\/ul>\n\n\n\n<p><strong>Step 1: Prepare the Installation Script<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Download the Agent Package<\/strong>\n<ul class=\"wp-block-list\">\n<li>From the Zecurit portal, download the file: <code>ZecuritAgentStartupScript.zip<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Extract the Package<\/strong>\n<ul class=\"wp-block-list\">\n<li>Unzip the archive to reveal: <code>ZecuritAgentStartup.bat<\/code> (Startup script) <code>ZecuritAgentInstaller.msi<\/code> (Agent installer)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Copy to a Shared Network Folder<\/strong>\n<ul class=\"wp-block-list\">\n<li>Move all extracted files to a shared path accessible to target devices, such as: <code>\\\\\\\\Server\\\\MyShare\\\\ZecuritAgentStartup.bat<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>???? Tip: Ensure the share has read permissions for all target computers.<\/p>\n<\/blockquote>\n\n\n\n<p><strong>Step 2: Create and Configure the GPO<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open <strong>Group Policy Management Console<\/strong>\n<ul class=\"wp-block-list\">\n<li>Press <code>Win + R<\/code>, type <code>gpmc.msc<\/code>, and press Enter.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Right-click the\u00a0<strong>domain<\/strong>\u00a0or\u00a0<strong>OU<\/strong>\u00a0where you want to deploy the agent.<\/li>\n\n\n\n<li>Select\u00a0<strong>&#8220;Create a GPO in this domain, and Link it here&#8221;<\/strong>.<\/li>\n\n\n\n<li>Name the GPO (e.g., <code>Zecurit Agent Deployment<\/code>) and click <strong>OK<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p><strong>Step 3: Configure the Startup Script in GPO<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Right-click the created GPO and choose <strong>Edit<\/strong>.<\/li>\n\n\n\n<li>In <strong>Group Policy Management Editor<\/strong>, navigate to: <code>Computer Configuration \u2192 Windows Settings \u2192 Scripts \u2192 Startup<\/code><\/li>\n\n\n\n<li>In the <strong>Startup Properties<\/strong> window:\n<ul class=\"wp-block-list\">\n<li>Click <strong>Add<\/strong>, then <strong>Browse<\/strong> to the shared folder OR<\/li>\n\n\n\n<li>Paste the script path: <code>\\\\\\\\Server\\\\MyShare\\\\ZecuritAgentStartup.bat<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>OK<\/strong> to confirm and close the editor.<\/li>\n<\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Ensure that the script runs under Computer Configuration, not User Configuration.<\/p>\n<\/blockquote>\n\n\n\n<p><strong>Step 4: Assign the GPO to Target Computers<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In Group Policy Management, select the GPO you created.<\/li>\n\n\n\n<li>Navigate to the <strong>Security Filtering<\/strong> section:\n<ul class=\"wp-block-list\">\n<li>Click <strong>Add<\/strong><\/li>\n\n\n\n<li>In the <strong>Object Types<\/strong>, check <strong>Computers<\/strong><\/li>\n\n\n\n<li>Enter the names of target machines or an AD group (e.g., <code>Workstations-DeptA<\/code>)<\/li>\n\n\n\n<li>Click <strong>OK<\/strong> to apply.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>This ensures only selected devices will apply the policy and receive the agent.<\/p>\n<\/blockquote>\n\n\n\n<p><strong>Step 5: Agent Deployment and Execution<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>On the next <strong>system startup<\/strong>, the script will execute automatically.<\/li>\n\n\n\n<li>The agent will be installed silently in the background.<\/li>\n\n\n\n<li>Once installed and connected, the devices will appear in the <strong>Zecurit dashboard<\/strong> under <strong>Devices > All Devices<\/strong>.<\/li>\n<\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>If a machine does not reboot, the script won\u2019t run \u2014 ensure all target machines restart to apply the policy.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Troubleshooting Tips<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Confirm that the shared folder is <strong>accessible<\/strong> by the target computers (try accessing via UNC path).<\/li>\n\n\n\n<li>Use <strong>gpresult \/r<\/strong> on client machines to confirm GPO is applied.<\/li>\n\n\n\n<li>Check <strong>Event Viewer<\/strong> under <code>Applications and Services Logs \u2192 Microsoft \u2192 Windows \u2192 GroupPolicy<\/code> for script execution errors.<\/li>\n\n\n\n<li>Ensure <code>.msi<\/code> installer and <code>.bat<\/code> script are not blocked by antivirus or UAC.<\/li>\n<\/ul>\n\n\n\n<p>Using\u00a0Group Policy Startup Script, you can efficiently deploy the\u00a0Zecurit Agent\u00a0across multiple domain-joined Windows devices.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Related Articles<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.notion.so\/help-zecurit-com-21ebe43fb75a80e680ced6bf64f15817?pvs=21\" target=\"_blank\" rel=\"noopener\">Enrollment via Domain using Zecurit Connector<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.notion.so\/help-zecurit-com-21ebe43fb75a80e680ced6bf64f15817?pvs=21\" target=\"_blank\" rel=\"noopener\">Self-Enrollment via Link<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.notion.so\/help-zecurit-com-21ebe43fb75a80e680ced6bf64f15817?pvs=21\" target=\"_blank\" rel=\"noopener\">Inventory Overview<\/a><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"featured_media":0,"parent":2456,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[],"class_list":["post-2463","docs","type-docs","status-publish","hentry"],"comment_count":0,"_links":{"self":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/types\/docs"}],"replies":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/comments?post=2463"}],"version-history":[{"count":1,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2463\/revisions"}],"predecessor-version":[{"id":2514,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2463\/revisions\/2514"}],"up":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2456"}],"wp:attachment":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/media?parent=2463"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/doc_tag?post=2463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}