Deploy the Latest Automox Agent using a Powershell Script via Windows GPO Policy

Prepare Your Installer

Using the link provided here, download the Automox Installer Powershell script to your local device, or on your Windows Server if you cannot transfer files from your local device.

Create Your GPO - Run at Logon

PowerShell Script

  1. Store the script file in a location that is accessible to your target devices. You can use the SYSVOL directory or a network share that is accessible to your device.

  2. Create a new Group Policy Object (GPO) and add the script to your GPO. The path is Computer Configuration → Policies → Windows Settings → Scripts (Startup/Shutdown)

  3. From the right pane, double-click Startup.

  4. In the dialog box, click the PowerShell Scripts tab then click Add....

  5. Browse to the script file and click Open.

    win-gpo-addscript.png

  6. Your Automox Access Key is needed in the script as a parameter. Enter this into the "Script Parameters" box:

    -AccessKey your-access-key-goes-here
  7. Now that these values are set, you can assign the GPO to your target audience.

On startup, the script will check for the agent. If it's not present it will download, install, and start the service. If it's already there, it will not take any further action.

MSI Installer

With a minor modification, the Automox Installer MSI can be deployed using the Software Installation GPO. This method requires that you include your Automox Access Key as a parameter. Since deployment using this method doesn't allow for command line arguments, you must either create a Transform file (.mst) or modify the installer file to include the Access Key.

Follow these steps to deploy the installer:

  1. See the following article for details about modifying the MSI file: Embedding Your Access Key into the Automox MSI

  2. After you modify the MSI file, store it in a location that is accessible to your target devices. This requires that you store this in your SYSVOL directory or set up a network share that is accessible to your devices.

  3. When your file is in the desired location, add the file to your GPO. The path is Computer Configuration → Policies → Software Settings → Software Installation → New → Package...

    win-gpo-newpackage.png

  4. Browse to and select the modified MSI file and click OK.

  5. In the next dialog box select "Assigned" then click OK.

  6. Select the package and select the Deployment tab. Check the box for Install this application at logon and at the user interface select Basic.

  7. Once these values are set, assign the GPO to your desired audience.

Note: You should periodically update this deployment to use the latest Automox Installer. An outdated MSI file will not harm existing installations, but it is best to install the latest version when possible.

The latest file downloads can be found here: Download Links for the Latest Automox Installers or alternatively, you can use the PowerShell script method to download the latest version. If you have modified the MSI file to include the access key, you will need to do this again after downloading a newer MSI file.

Create Your GPO - Scheduled Task

How to bulk deploy the Automox agent using Windows Group Policy for devices that connect to company networks through a VPN.

Remote computers connecting to their company networks through a VPN present a challenge for the most common GPO solutions. Many VPNs do not automatically connect at startup. Due to the way Startup scripts and GPO MSI installations policies are designed, they most likely will fail to apply for remote devices.

Here is an alternative method to use Active Directory GPOs to deploy the Automox agent for your remote users.

The Challenge

We must distribute the file, and then the file must be installed with elevated rights. Preferably, this should be fully automated.

The Solution

We will leverage Group Policy preferences to distribute a Powershell script to each device, and then after it is in place, we will create a scheduled task to run the installation.

Distribute the File

  1. Create a new GPO, and open the Group Policy Management Editor.

  2. Navigate to Computer Configuration → Preferences → Windows Settings → Files

  3. Right click Files and select New → File

  4. From the General tab, update the following:

    • Source File(s): \\YOUR_DOMAIN.COM\NETLOGON\Install-AXAgentMSI.ps1

    • Destination File: C:\Windows\Temp\Install-AXAgentMSI.ps1 NOTE: Leave the rest of the General settings as default.

  5. From the Common tab, select the checkbox for Remove this item when it is no longer applied. This will clean up the msi file when the policy is no longer applied.

  6. Create a new GPO, and open the Group Policy Management Editor.

  7. Navigate to Computer Configuration → Preferences → Control Panel Settings → Scheduled Tasks

  8. Right click Scheduled Tasks and select New → Scheduled Task (Windows 7 or later)

  9. Click the General tab, update the following:

    • Select the Action: Replace

    • Enter a name and optional description.

    • Set the user account to NT AUTHORITY\System

    • Run whether logged in or not and with the highest privileges.

      image-20240102-152207.png

  10. Click the Triggers tab, start a new trigger and set the following:

    • Begin the task: At task creation/modification

    • Clear the checkbox Delay task for:

    • Select Stop task if it runs longer than: and set to 1 hour

    • Set the preferred activate time and select the checkbox

    • Set to Enabled

      image-20240102-152244.png

  11. Click the Actions tab and start a program with these settings:

    • Program/script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

    • Add arguments (with quotes): "C:\Windows\Temp\Install-AXAgentMSI.ps1" "-AccessKey YOUR_AUTOMOX_KEY"

      image-20240103-140630.png

      • Your Automox Access Key is in your Console under Devices → Add Devices.

  12. Click the Conditions tab.

    • Select Start only if the following network connection is available: Any connection

      image-20240102-152548.png

  13. Click the Settings tab and select the following:

    • Stop the task if it runs longer than: 1 hour

    • If the running task does not end when requested, force it to stop.

    • If the task is already running, then the following rule applies: Do not start a new instance.

      image-20240102-152607.png

  14. Click the Common tab and select the following:

    • Remove the item when it is no longer applied.

    • Item-level targeting → click Targeting

    • In the Targeting Editor, click New Item → File Match.

    • For Match type, select File exists

    • In the Path field enter: C:\Windows\Temp\Install-AXAgentMSI.ps1

      image-20240102-152810.png

      After these values are set, assign the GPO to your desired audience.

Additional Group Handling

If you need to add devices that are deployed with the GPO policy to a specific Group in Automox, you can amend the arguments in Step 6 with the following:

"C:\Windows\Temp\Install-AXAgentMSI.ps1" "-AccessKey YOUR_AUTOMOX_KEY" "-GroupName 'My Group Name'" "-ParentGroupName 'My Parent Group Name'"

Note: ParentGroupName is only required if the target Group is a child Group in the Automox Console.

Related Topics

Was this article helpful?
0 out of 0 found this helpful