There are two methods of deploying the GateKeeper Client application through Windows Group Policy (GPO):
1) Startup Script Method
Create a GPO with Policies>Windows Settings>Scripts>Startup with the batch file containing
the silent install script
Here are the properties for the silent installer:
2) Software Settings Method
1. Create a GPO with Policies>Software Settings>Applications with the .msi file from the SharedDrive
2. Setup registry policy with Preferences>Windows Settings>Registry
3. Add Registry Key HKLM\Software\Wow6432Node\UntetheredLabs\GateKeeper Client\Config
Set key’s "Value name" as ServerAddress
Set key’s "Value data" as https://ServerIP:3015
Deploying GateKeeper through Group Policy
This article provides a walk-through for administrators who wish to distribute the GateKeeper Client software via Microsoft Group Policy.
Microsoft Group Policy Software Installation:
Directions for Deploying GateKeeper through Group Policy
Access domain controller
First, you will need to get access to your domain controller. The domain controller is responsible for deploying group policies.
Run the group policy management console gpmc.msc
Once connected to your domain controller, open the group policy management console. This can be done by following the steps below.
- Open the “Run” prompt by holding the Windows key and clicking “R”
- Type gpmc.msc and click Enter
If the group policy management console is not available to you, you must install the “Active Directory Domain Services” role in the “Add roles and features” wizard. This includes “Group Policy Management” as a default feature.
Create and edit a custom Group Policy Object (GPO)
If you do not wish to create a custom group policy object, you may skip to step 5 and edit the “Default Domain Policy” instead.
Editing the default domain policy.
- In the group policy management editor, select the domain you wish to manage and right-click the “Group policy objects” item
- Select “New” to create a new GPO and leave Source Starter GPO at “(none)”
- You may name this GPO “Gatekeeper Client Deployment” and click “OK”
- Right-click the new GPO that you just created and select “Edit”
- In the left-hand pane, navigate to “Computer Configuration\Policies\Software Settings\Software Installation”
Selecting the software installation policy.
- Right-click “Software Installation” and select New -> Package
- Navigate to the Gatekeeper Client MSI package to install and ensure it is on a file share the client computers have access to
- For the deployment method, select “Assigned”
- Once the group policy has been updated on client computers, the GateKeeper Client software will be installed the next time those computers are restarted
Adding client software configuration
By default, the GateKeeper Client software will not be able to locate the server instance. It requires a configuration key to be set in the registry which provides the IP address of the server software.
- Start by editing the “Gatekeeper Client Deployment” GPO we just created
- Navigate to Computer Configuration -> Preferences -> Registry
Adding Gatekeeper Client configuration registry key.
- Right-click “Registry” and select New -> Registry Item
- Set "Action" to “Replace” and Hive to HKEY_LOCAL_MACHINE
- Set "Key Path" to “SOFTWARE\Wow6432Node\Untethered Labs\GateKeeper Client\Config”
- Fill in the remaining fields as shown below
Registry key configuration.
- "Value data" should be filled with the IP address of your GateKeeper Server installation
The GPO has been created and should be enabled, but it is not applied to any computers yet. You must apply the GPO to the computers you wish to distribute the GateKeeper client to.
Applying your custom Group Policy Object (GPO)
- Right-click the organizational unit that has the computers you wish to apply this GPO to
- Click “Link an Existing GPO”
Linking created group policy object.
- Select your “Gatekeeper Client Deployment” policy and click “OK”
- Right-click the link you just created in the right-hand pane and click “Enforced”
Enforcing a linked group policy.
These settings will take effect when the policy is deployed, and client computers are restarted.
For any additional questions or concerns regarding proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email firstname.lastname@example.org.
Deployment, script; script deployment; GPO deploy; GateKeeper GPO; roll out 2fa; mfa rollout; mfa on premise; mfa on prem software; 2fa on-premise; digital transformation; technology overhaul; tech modernization; mass deployment; client edit; group policy deployment; GateKeeper group policy deployment;