Views:

Use the Active Directory Group Policy Management console to deploy the agent package to your managed endpoints.

Important
Important
The steps contained in this topic reference Active Directory for Windows Server 2019 and are valid as of December, 2023. If you are using a different version of Active Directory or Windows Server, refer to the documentation for your version.
This deployment method only supports Windows agents.
Configure your agent installation packages to ensure that your newly-deployed agents:
  • Report to the correct Protection Manager or Endpoint Inventory
  • Automatically apply the correct default settings
Note
Note
For Server & Workload Protection agents, Trend Micro recommends that you configure a default policy and use the agent-initiated activation feature before deploying agent packages to simplify the connection process.
For Standard Endpoint Protection agents and Endpoint Sensor only agents, you can set up the agent for VDI environments if your network includes virtual desktops.
This method requires using a PowerShell script to execute the agent installer. For more information, see Group Policy Object Sample Script.

Procedure

  1. Go to Endpoint SecurityEndpoint Inventory.
  2. Click Agent Installer.
  3. Locate the Agent Installer type you want to use and select the Windows operating system.
  4. For Standard Endpoint Protection, specify the following package settings.
    1. Select the OS architecture.
    2. Select the Endpoint Group Manager that the newly-deployed agents report to.
    3. Click the Download installer icon (downloadInstaller=20230617123737.png).
  5. For Server & Workload Protection, specify the following package settings.
    1. Specify the package type.
      • Auto detect: The installation package is light-weight, and downloads and installs additional components after detecting the operating system type (requires more network bandwidth)
      • Full package: The installation package contains all necessary components and automatically installs the correct components after detecting the operating system version
    2. Select the Server & Workload Protection Manager that the newly-deployed agents report to.
    3. Click the Download installer icon (downloadInstaller=20230617123737.png).
  6. For Endpoint Sensor, specify the OS architecture and click the Download installer icon (downloadInstaller=20230617123737.png).
  7. Unzip the Agent Package and move the contents to a directory that is accessible via UNC.
    You must specify the UNC path where the contents are located in the PowerShell script used to execute the installation.
  8. In the Group Policy Management console, right click Group Policy Objects and select New.
  9. In the New GPO window, specify a name and click OK.
    GPO-NewName=GUID-e17d51e3-0664-4995-9482-ab00184d67c2.png
    Step 9 Example
    In this example, the new GPO is named (Demo) Deploy Agent.
  10. Right click the GPO you created and select Edit....
    GPO-Edit=GUID-e789ec67-f13e-46c1-9c8d-91a7b8627a27.png
    Step 10 Example
    In this example, the user right clicks (Demo) Deploy Agent and selects Edit...
  11. Go to Computer ConfigurationPreferencesControl Panel SettingsScheduled Tasks.
  12. Right click the GPO you created, click New, and select Scheduled Task (At least Windows 7).
    GPO-NewTask=GUID-85a650e8-06bb-4a69-9fee-9cbc96e6cb42.png
    Step 12 Example
    In this example, the user navigates to Scheduled Tasks and right clicks the GPO to add a new task.
    The deployment settings window appears.
  13. Configure the General tab.
    Setting
    Configuration
    Action
    Select Update
    Name
    The field should already show the name of the GPO you created
    If the field does not show the correct name, click the ... button to select the correct GPO.
    Security Options
    • Specify the user NT AUTHORITY\System
    • Select Run whether user is logged on or not
    • Select Run with highest privileges
    GPO-GeneralTab=GUID-07010635-66e9-4c82-8d8b-7884e7370431.png
    General Tab Example
  14. On the Triggers tab, configure the time you want the deployment to occur.
  15. On the Actions tab, click New...
  16. Configure the settings in the New Action window.
    1. For Action, select Start a program.
    2. For Program/script, select the PowerShell script to execute the Agent Installer.
      Refer to the sample PowerShell script and modify the variables to match your environment.
    3. For Add arguments, specify the UNC path where the PowerShell script is located.
      For example, -file "\\serverName\demo\sample.ps1".
    GPO-ActionsTab=GUID-97360839-6e2e-4e46-9b47-ceb3d336cfc0.png
    Action Tab Example
  17. Click OK.
  18. Click OK to create the deployment.