Deploying Coro Agent with Windows Server GPO
This guide describes how to deploy the Coro Agent to your Windows endpoints through Windows Server Group Policy Object (GPO) manager.
To configure a new GPO, perform one of the following processes.
Choose from:
- Using the PowerShell script provided by Coro Support
- Using the Agent installer file downloaded from the Coro console
Important
GPOs check for the existence of application IDs in the endpoint device registry to determine installation status. If the ID does not exist, an app is pushed to the device. When installed apps like Coro update themselves to a newer version, the ID can change. Consequently, a GPO can attempt to reinstall the original app, which can lead to corruption or uninstallation of the later version. Coro recommends disabling the GPO after deployment to avoid this scenario.
Alternatively, create a new organizational unit (OU) in Active Directory and add endpoint devices that do not already have the Coro Agent installed. Then, link the GPO to that OU so that it installs Coro Agent only on those devices.
Using the PowerShell script provided by Coro Support
-
On your Windows server device, access the
Group Policy Management
app. Then, either create a new GPO or edit your preferred existing policy.
Make a note of the ID of the policy. For example:
-
Obtain a Windows PowerShell deployment script configured for your workspace, as described in
Using PowerShell to deploy Coro to Windows devices
. Save this script as a PowerShell file (named, for example, "Coro
_
Install_
[YourWorkspace]
.ps1") to the Windows server device hosting your Active Directory and GPO, in the following location:
\\[your domain]\sysvol\[your domain]\Policies\{ID Specific to the GPO being edited}\MACHINE\Scripts\Startup
For example:
-
Within the
Group Policy Management Editor
, navigate to
Computer Configuration > Policies > Windows Settings > Scripts > Startup
. Double-click or select “Startup” to display the
Startup Properties
dialog.
-
In the
Startup Properties
dialog, select the
PowerShell Scripts
tab. Select
Add
, then
Browse
, and navigate to the location where you saved the PowerShell script file. Select
Open
to add the file:
-
OPTIONAL
: If you have additional scripts and commands, use the drop-down menu below the listed script to select the order of execution.
- Select OK to close the Startup Properties dialog.
-
Navigate to
Computer Configuration > Policies > Administrative Templates > System > Scripts > Specify maximum wait time for Group Policy scripts
. The settings in this dialog determine the maximum wait time for all scripts to complete execution.
In the dialog, configure the following settings:
- Select Enabled .
- Within Options , specify the number of Seconds of wait time. The length of time you choose is dependent on how many startup items you have; the average is recommended to be between 60-120 seconds.
Select OK to save your changes, then close the Group Policy Management Editor.
-
In the
Group Policy Management
app, select your GPO, then select the
Scope
tab.
In the Security Filtering section, add the endpoint devices to which you want the script to be pushed. Use the Add... button to specify either single endpoint devices or groups containing one or more devices.
note
Coro advises pushing the script to devices, or groups of devices, rather than to users or user groups. Choosing users can prevent the script from running.
-
Reboot your endpoint devices at least twice to make sure the group policy changes take effect. Alternatively, run the command
gpupdate /force
in a Command Prompt to apply the policy; in this scenario, only a single reboot is necessary.
Using the Agent installer file downloaded from the Coro console
-
On your Windows server device, access the
Group Policy Management
app. Then, either create a new GPO or edit your preferred existing policy.
Make a note of the ID of the policy. For example:
-
Log into your workspace on the Coro console. Navigate to
Control Panel > Devices > Agent Deployment
and locate the latest version of the Coro Agent for Windows. From the
Actions
menu, select
Download
to download a copy of the Agent .msi file to your local device:
-
Copy this file to the Windows server device hosting your Active Directory and GPO, in the following location:
\\[your domain]\sysvol\[your domain]\Policies\{ID Specific to the GPO being edited}\MACHINE\Applications\
For example:
Important
Your Agent .msi filename contains an ID code unique to your workspace. Do not change the name of this file.
-
Within the
Group Policy Management Editor
, navigate to
Computer Configuration > Policies > Software Settings > Software Installation
. In the right-hand pane, right-click to access the context menu and select
New > Package...
.
- In the file explorer dialog, navigate to the location of your downloaded Coro Agent installer file, then select Open .
-
Select your required deployment method:
- Assigned : Deploy with no installation modifications
- Advanced : Deploy with changes to the installation behavior
Select OK to save your changes, then close the Group Policy Management Editor.
-
In the
Group Policy Management
app, select your GPO and make sure the
Scope
tab is selected.
In the “Security Filtering” section, add the endpoint devices that you want the script to be pushed to. Use the Add... button to specify either single endpoint devices or groups containing one or more devices.
note
Coro advises pushing the script to devices, or groups of devices, rather than to users or user groups. Choosing users can prevent the script from running.
-
Reboot your endpoint devices at least twice to make sure the group policy changes take effect. Alternatively, run the command
gpupdate /force
in a Command Prompt to apply the policy; in this scenario, only a single reboot is necessary.