Skip to content

Deploying Coro Agent with Windows Server GPO

This guide describes how to deploy the Coro Agent to your Windows endpoints through Windows Server Group Policy Object (GPO) manager.

To configure a new GPO, perform one of the following processes.

Choose from:

Using the PowerShell script provided by Coro Support

  1. On your Windows server device, access the Group Policy Management app. Then, either create a new GPO or edit your preferred existing policy.

    Make a note of the ID of the policy. For example:

    Default Domain Policy

  2. Obtain a Windows PowerShell deployment script configured for your workspace, as described here. Save this script as a PowerShell file (named, for example, "Coro_Install_[YourWorkspace].ps1") to the Windows server device hosting your Active Directory and GPO, in the following location:

    \\[your domain]\sysvol\[your domain]\Policies\{ID Specific to the GPO being edited}\MACHINE\Scripts\Startup

    For example:

    Saving the PowerShell file to your server

  3. Within the Group Policy Management Editor, navigate to Computer Configuration > Policies > Windows Settings > Scripts > Startup. Double-click or select “Startup” to display the Startup Properties dialog.

    Startup Properties dialog

  4. In the Startup Properties dialog, select the PowerShell Scripts tab. Select Add, then Browse, and navigate to the location where you saved the PowerShell script file. Select Open to add the file:

    Selecting the Coro PowerShell file

  5. OPTIONAL: If you have additional scripts and commands, use the drop-down menu below the listed script to select the order of execution.

    Changing the order of script execution

  6. Select OK to close the Startup Properties dialog.

  7. Navigate to Computer Configuration > Policies > Administrative Templates > System > Scripts > Specify maximum wait time for Group Policy scripts. The settings in this dialog determine the maximum wait time for all scripts to complete execution.

    Set a wait time for Group Policy scripts

    In the dialog, configure the following settings:

    • Select Enable.
    • Within Options, specify the number of Seconds of wait time. The length of time you choose is dependent on how many startup items you have; the average is recommended to be between 60-120 seconds.

    Select “OK” to save your changes, then close the Group Policy Management Editor.

  8. In the Group Policy Management app, select your GPO and make sure the Scope tab is selected.

    The GPO Scope tab

    In the “Security Filtering” section, add the endpoint devices that you want the script to be pushed to. Use the Add... button to specify either single endpoint devices or groups containing one or more devices.

    Note

    Coro advises pushing the script to devices, or groups of devices, rather than to users or user groups. Choosing users can prevent the script from running.

  9. Reboot your endpoint devices at least twice to make sure the group policy changes take effect. Alternatively, run the command gpupdate /force in a Command Prompt to apply the policy; in this scenario, only a single reboot is necessary.

Using the Agent installer file downloaded from the Coro Console

  1. On your Windows server device, access the Group Policy Management app. Then, either create a new GPO or edit your preferred existing policy.

    Make a note of the ID of the policy. For example:

    Default Domain Policy

  2. Log into your Workspace on the Coro Console. Navigate to Control Panel > Devices > Agent Deployment and locate the latest version of the Windows agent from the list of available versions. From the Actions menu, select Download to download a copy of the agent .MSI file to your local device.

  3. Save this file to the Windows server device hosting your Active Directory and GPO, in the following location:

    \\[your domain]\sysvol\[your domain]\Policies\{ID Specific to the GPO being edited}\MACHINE\Applications\

    For example:

    Saving the Agent installer file to your server

  4. Within the Group Policy Management Editor, navigate to Computer Configuration > Policies > Software Settings > Software Installation. In the right-hand pane, right-click to access the context menu and select New > Package....

    Adding a new software installation package

  5. In the file explorer dialog, navigate to the location of your downloaded Coro Agent installer file, then select Open.

  6. Select your required deployment method:

    • Assigned: Deploy with no installation modifications
    • Advanced: Deploy with changes to the installation behavior

    Deploy Software dialog

    Select “OK” to save your changes, then close the Group Policy Management Editor.

  7. In the Group Policy Management app, select your GPO and make sure the Scope tab is selected.

    The GPO Scope tab

    In the “Security Filtering” section, add the endpoint devices that you want the script to be pushed to. Use the Add... button to specify either single endpoint devices or groups containing one or more devices.

    Note

    Coro advises pushing the script to devices, or groups of devices, rather than to users or user groups. Choosing users can prevent the script from running.

  8. Reboot your endpoint devices at least twice to make sure the group policy changes take effect. Alternatively, run the command gpupdate /force in a Command Prompt to apply the policy; in this scenario, only a single reboot is necessary.