Installing Agents Using Active Directory

Use Active Directory to deploy the installer simultaneously to multiple endpoints.

  1. Download and extract the agent installer Setup MSI file. See Extracting Agent Setup MSI.
  2. Copy the Setup MSI file to a shared folder accessible to users.
  3. On your Active Directory server, prepare to edit the Group Policy Object for the Endpoint Application Control agent.

    The following table explains the steps to take for some versions of Windows Server:

    Option Description

    Windows Server 2003 and earlier

    1. Open the Active Directory console.

    2. Right-click the Organizational Unit (OU) where you want to deploy the installer and click Properties.

    3. In the Group Policy tab, click New.

      The Group Policy Management Editor screen appears.

    Windows Server 2008 and Windows Server 2008 R2

    1. Open the Group Policy Management Console.

    2. Click Start > Control Panel > Administrative Tools > Group Policy Management.

    3. In the console tree, expand Group Policy Objects in the forest and domain containing the GPO that you want to edit.

    4. Right-click the GPO that you want to edit, and then click Edit.

      The Group Policy Management Editor screen appears.

    Windows Server 2012 and Windows Server 2012 R2

    1. Open the Group Policy Management Console.

    2. Click Server Management > Tools > Group Policy Management.

    3. In the console tree, expand Group Policy Objects in the forest and domain containing the GPO that you want to edit.

    4. Right-click the GPO that you want to edit, and then click Edit.

      The Group Policy Management Editor screen appears.

  4. In the The Group Policy Management Editor, select the type of configuration you want to use.
    Option Description

    Computer-based

    Expand Software Settings under Computer Configuration.

    User-based

    Expand Software Settings under User Configuration.

    Tip:

    Trend Micro recommends using Computer Configuration to ensure installation regardless of which user logs on the endpoint.

  5. Under Software Settings, right-click Software installation and then select New and Package.
  6. Under General, select the agent installer Setup MSI file that you want to deploy.
  7. Under Deployment, select a Deployment type.

    The following table explains your choices based on the configuration method you selected earlier:

    Option Description

    Assigned

    This method does not require any user intervention.

    • If you selected User Configuration earlier, users log on the endpoint and then the Endpoint Application Control agent installs.

    • If you selected Computer Configuration earlier, the endpoint restarts and then the Endpoint Application Control agent installs.

    Published

    This method requires users to take action.

    Users go to Start > Control Panel > Add/Remove Programs and then select the option to install a program from the network. The Endpoint Application Control agent installer displays in the list and users proceed to install the agent.

  8. If the agent installer Setup MSI file that you want to deploy is 32-bit, do the following:
    1. Click Advanced....
    2. Clear the check box for Make this 32-bit X86 application available to Win64 machines.
    3. Click OK to close the Advanced Deployment Options window.
  9. Click OK to save your changes to the agent package.

    Active Directory deployment of Endpoint Application Control agents will follow your settings.

    After installation, the Endpoint Application Control system tray icon appears on the endpoint.

    Figure 1. The System Tray Icon