Group Policy: Install and Configure
  • 17 Oct 2020
  • 2 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Group Policy: Install and Configure

  • Print
  • Share
  • Dark
    Light

Install SecureCircle via Group Policy

Create Group Policy Object

  1. Open Group Policy Management Console (gpmc.msc)
  2. Create a new Group Policy Object (GPO), right click on it, and select Edit.
  3. In the Group Policy Management Editor, select Computer Configuration->Policies->Windows Settings->Scripts (Startup/Shutdown).
  4. Edit the Startup item.
  5. Select the Show Files… button.
  6. Create a new file in the script folder named install_sc.bat
    Edit install_sc.bat, adding installation commands. For example:

Installing from File Server

pushd \\fileserver\files
ads_only.ebd65047d3ef421fbb6325d3121c50ba.exe /S
popd

Installing from Direct HTTP Download

bitsadmin /TRANSFER SecureCircleDownloadJob /PRIORITY FOREGROUND https://_securecircle_server_host_/download/win/ads_only.ebd65047d3ef421fbb6325d3121c50ba.exe %TEMP%\ads_only.ebd65047d3ef421fbb6325d3121c50ba.exe
%TEMP%\ads_only.ebd65047d3ef421fbb6325d3121c50ba.exe /S

In the event you need to remove the previous client silently first, this entry can be run prior to the others. The switches for /keepcircleinfo=true or false and /keeplogfiles=true or false are optional.

Silently uninstall the previous client first

"C://Program Files (x86)/SecureCircle/uninstall.exe" /S /keepcircleinfo=false /keeplogfiles=false
  1. Add install_sc.bat to the script list for this GPO.

group-policy.png

Set desired devices in Security Filtering and link Group Policy Object into container accessible by intended devices.

  1. Add group of Computer Objects (e.g. "Domain Computers") to Security Filtering.
  2. Link Group Policy Object into container accessible by intended devices.

group-policy2.png

Ensure the desired group of devices has "Read" and "Apply group policy" permissions.

  1. Select the Group Policy Object or a link to the Group Policy Object.
  2. Select the Delegation tab.
  3. Select the Advanced… button.
  4. Select the desired group of devices and ensure it has "Read" and "Apply group policy" permissions allowed.

Designate Protected Folder via Group Policy

Create a Group Policy Object

  1. Open Group Policy Management Console (gpmc.msc)
  2. Create a new Group Policy Object (GPO), right click on it, and select Edit.
  3. In the Group Policy Management Editor, select User Configuration->Policies->Windows Settings->Scripts (Logon/Logoff).
  4. Edit the Logon item.
  5. Select the Show Files… button.
  6. Create a new file in the script folder named magic_sc.bat
  7. Edit magic_sc.bat, adding installation commands. For example:
fhtools --attach --input="%USERPROFILE%\Documents" --circle=08e07e89-0ef4-11e9-a1e4-893c4f7f01d5 --url=example.cloud.securecircle.com
  1. Add magic_sc.bat to the script list for this GPO.

group-policy4.png

Set desired devices in Security Filtering and link Group Policy Object into container accessible by intended users.

  1. Add users/groups (e.g. "Domain Users") to Security Filtering.
  2. Link Group Policy Object into container accessible by intended devices.

group-policy5.png

Ensure desired users/groups have "Read" and "Apply group policy" permissions.

  1. Select the Group Policy Object or a link to the Group Policy Object.
  2. Select the Delegation tab.
  3. Select the Advanced… button.
  4. Select the desired users/groups and ensure they have "Read" and "Apply group policy" permissions allowed.

group-policy6.png

Troubleshooting

Startup Items

In Event viewer, find Applications and Services Logs->Microsoft->Windows->GroupPolicy->Operational

  1. In the time range when the device started (booted up), find the entry that describes the applicable Group Policy objects that were applied. Ensure the Group Policy Object created is listed. If it is not, the issue is likely with access permissions or enabled/disabled linking.

group-policy7.png

Logon Items

In Event viewer, find Applications and Services Logs->Microsoft->Windows->GroupPolicy->Operational

  1. In the time range when the user logged-on. Find the entry that describes the applicable Group Policy objects that were applied. Ensure the Group Policy Object created is listed. If it is not, the issue is likely with access permissions or enabled/disabled linking.

group-policy8.png

Was This Article Helpful?