Deploying Coro Agent with Windows Server GPO¶
This guide describes how to deploy the Coro Agent to your Windows endpoints through Windows Server Group Policy Object (GPO) manager.
To configure a new GPO, perform one of the following processes.
Choose from:
- Using the PowerShell script provided by Coro Support
- Using the Agent installer file downloaded from the Coro console
Important
GPOs check for the existence of application IDs in the endpoint device registry to determine installation status. If the ID does not exist, an app is pushed to the device. When installed apps like Coro update themselves to a newer version, the ID can change. Consequently, a GPO can attempt to reinstall the original app, which can lead to corruption or uninstallation of the later version. Coro recommends disabling the GPO after deployment to avoid this scenario.
Alternatively, create a new organizational unit (OU) in Active Directory and add endpoint devices that do not already have the Coro Agent installed. Then, link the GPO to that OU so that it installs Coro Agent only on those devices.
Using the PowerShell script provided by Coro Support¶
-
On your Windows server device, access the Group Policy Management app. Then, either create a new GPO or edit your preferred existing policy.
Make a note of the ID of the policy. For example:
-
Obtain a Windows PowerShell deployment script configured for your workspace, as described in Using PowerShell to deploy Coro to Windows devices. Save this script as a PowerShell file (named, for example, "Coro_Install_[YourWorkspace].ps1") to the Windows server device hosting your Active Directory and GPO, in the following location:
\\[your domain]\sysvol\[your domain]\Policies\{ID Specific to the GPO being edited}\MACHINE\Scripts\StartupFor example:
-
Within the Group Policy Management Editor, navigate to Computer Configuration > Policies > Windows Settings > Scripts > Startup. Double-click or select “Startup” to display the Startup Properties dialog.
-
In the Startup Properties dialog, select the PowerShell Scripts tab. Select Add, then Browse, and navigate to the location where you saved the PowerShell script file. Select Open to add the file:
-
OPTIONAL: If you have additional scripts and commands, use the drop-down menu below the listed script to select the order of execution.
-
Select OK to close the Startup Properties dialog.
-
Navigate to Computer Configuration > Policies > Administrative Templates > System > Scripts > Specify maximum wait time for Group Policy scripts. The settings in this dialog determine the maximum wait time for all scripts to complete execution.
In the dialog, configure the following settings:
- Select Enabled.
- Within Options, specify the number of Seconds of wait time. The length of time you choose is dependent on how many startup items you have; the average is recommended to be between 60-120 seconds.
Select OK to save your changes, then close the Group Policy Management Editor.
-
In the Group Policy Management app, select your GPO, then select the Scope tab.
In the Security Filtering section, add the endpoint devices to which you want the script to be pushed. Use the Add... button to specify either single endpoint devices or groups containing one or more devices.
Note
Coro advises pushing the script to devices, or groups of devices, rather than to users or user groups. Choosing users can prevent the script from running.
-
Reboot your endpoint devices at least twice to make sure the group policy changes take effect. Alternatively, run the command
gpupdate /forcein a Command Prompt to apply the policy; in this scenario, only a single reboot is necessary.
Using the Agent installer file downloaded from the Coro console¶
-
On your Windows server device, access the Group Policy Management app. Then, either create a new GPO or edit your preferred existing policy.
Make a note of the ID of the policy. For example:
-
Log into your workspace on the Coro console. Navigate to Control Panel > Devices > Agent Deployment and locate the latest version of the Coro Agent for Windows. From the Actions menu, select Download to download a copy of the Agent .msi file to your local device:
-
Copy this file to the Windows server device hosting your Active Directory and GPO, in the following location:
\\[your domain]\sysvol\[your domain]\Policies\{ID Specific to the GPO being edited}\MACHINE\Applications\For example:
Important
Your Agent .msi filename contains an ID code unique to your workspace. Do not change the name of this file.
-
Within the Group Policy Management Editor, navigate to Computer Configuration > Policies > Software Settings > Software Installation. In the right-hand pane, right-click to access the context menu and select New > Package....
-
In the file explorer dialog, navigate to the location of your downloaded Coro Agent installer file, then select Open.
-
Select your required deployment method:
- Assigned: Deploy with no installation modifications
- Advanced: Deploy with changes to the installation behavior
Select OK to save your changes, then close the Group Policy Management Editor.
-
In the Group Policy Management app, select your GPO and make sure the Scope tab is selected.
In the “Security Filtering” section, add the endpoint devices that you want the script to be pushed to. Use the Add... button to specify either single endpoint devices or groups containing one or more devices.
Note
Coro advises pushing the script to devices, or groups of devices, rather than to users or user groups. Choosing users can prevent the script from running.
-
Reboot your endpoint devices at least twice to make sure the group policy changes take effect. Alternatively, run the command
gpupdate /forcein a Command Prompt to apply the policy; in this scenario, only a single reboot is necessary.