Articles in this section

How to install GateKeeper Client through Windows Group Policy (GPO).

Proximity Login Solution
  • Updated
Follow

"GateKeeper_Group_Policy_Deployment_GPO_AD" One-pager: https://app.air.inc/a/cIUzyQNUk

There are two methods of deploying the GateKeeper Client application through Windows Group Policy (GPO):

1) Startup Script Method

Create a GPO with Policies>Windows Settings>Scripts>Startup with the batch file containing
the silent install script

Here are the properties for the silent installer:

1. SERVER_ADDR=<URL:PORT> (Default: https://localhost:3015
Address of the GateKeeper Hub server application
 
2. ENABLE_WMI=True or False (Default: True)
Enable GateKeeper client to read computer properties like CPU usage, processes, installed applications, etc. and allow the Hub to show them.
 
3. ENABLE_CREDUI=True or False (Default: True)
Enable the GateKeeper PIN authentication on Windows Security dialogs.
 
4. FINGERPRINT=Yes or No (Default: No)
Install fingerprint drivers for the supported fingerprint readers
 
5. UPLOAD_STATS=True or False (Default: True)
Upload anonymous statistics like number of lock and unlock events to our server
 
6. ENABLE_WINBLE=True or False (Default: True)
Use internal or non-GateKeeper Bluetooth sensors on Windows 10 computers
 
7. API_KEY="asfasdgfsfdasfksafdlaksflasdfas"
The API key is used to automatically sync the client app with the Cloud GateKeeper Hub. If the API key is not provided, a Hub admin must sync the client app manually. How to find my Hub API key.
 
A typical command line silent install for you would be:
msiexec /i GateKeeper-Client-Win.msi /qn SERVER_ADDR=https://192.168.1.100:3015 or (for Cloud Hub dashboards use port # 443) SERVER_ADDR=https://192.168.1.100:443 UPLOAD_STATS=False API_KEY="asfasdgfsfdasfksafdlaksflasdfas"
 

2) Software Settings Method

1. Create a GPO with Policies>Software Settings>Applications with the .msi file from the SharedDrive

2. Setup registry policy with Preferences>Windows Settings>Registry

3. Add Registry Key HKLM\Software\Wow6432Node\UntetheredLabs\GateKeeper Client\Config

Set key’s "Value name" as ServerAddress

Set key’s "Value data" as https://ServerIP:3015 or (for Cloud Hub dashboards use port number: 443) https://ServerIP:443

Set key's "Value name" as ClientAPIKey

Set key's "Value data" as asfasdgfsfdasfksafdlaksflasdfas

 

Deploying GateKeeper through Group Policy

This article provides a walk-through for administrators who wish to distribute the GateKeeper Client software via Microsoft Group Policy.

Reference

Microsoft Group Policy Software Installation:

https://technet.microsoft.com/en-us/library/cc771306.aspx

 

Directions for Deploying GateKeeper through Group Policy

Access domain controller

First, you will need to get access to your domain controller. The domain controller is responsible for deploying group policies.

Run the group policy management console gpmc.msc

Once connected to your domain controller, open the group policy management console. This can be done by following the steps below.

  1. Open the “Run” prompt by holding the Windows key and clicking “R
  2. Type gpmc.msc and click Enter

mceclip0.png

 

If the group policy management console is not available to you, you must install the “Active Directory Domain Services” role in the “Add roles and features” wizard. This includes “Group Policy Management” as a default feature.

 

Create and edit a custom Group Policy Object (GPO)

If you do not wish to create a custom group policy object, you may skip to step 5 and edit the “Default Domain Policy” instead.

mceclip1.png

Editing the default domain policy.

  1. In the group policy management editor, select the domain you wish to manage and right-click the “Group policy objects” item
  2. Select “New” to create a new GPO and leave Source Starter GPO at “(none)”
  3. You may name this GPO “Gatekeeper Client Deployment” and click “OK
  4. Right-click the new GPO that you just created and select “Edit
  5. In the left-hand pane, navigate to “Computer Configuration\Policies\Software Settings\Software Installation

mceclip2.png

Selecting the software installation policy.

  1. Right-click “Software Installation” and select New -> Package
  2. Navigate to the Gatekeeper Client MSI package to install and ensure it is on a file share the client computers have access to
  3. For the deployment method, select “Assigned
  4. Once the group policy has been updated on client computers, the GateKeeper Client software will be installed the next time those computers are restarted

 

Adding GateKeeper Client software configuration

By default, the GateKeeper Client software will not be able to locate the server instance. It requires a configuration key to be set in the registry which provides the IP address of the server software.

  1. Start by editing the “Gatekeeper Client Deployment” GPO we just created
  2. Navigate to Computer Configuration -> Preferences -> Registry

mceclip3.png

Adding Gatekeeper Client configuration registry key.

  1. Right-click “Registry” and select New -> Registry Item
  2. Set "Action" to “Update” and Hive to HKEY_LOCAL_MACHINE
  3. Set "Key Path" to “SOFTWARE\Wow6432Node\Untethered Labs\GateKeeper Client\Config
  4. Fill in the remaining fields as shown below

mceclip4.png

Registry key configuration.

  1. "Value data" should be filled with the IP address of your GateKeeper Server installation. If you have installed the on-premise version of the GateKeeper Hub, skip to Applying your custom GPO.
  2. Right-click “Registry” and select New -> Registry Item
  3. Set "Action" to “Update” and Hive to HKEY_LOCAL_MACHINE
  4. Set "Key Path" to “SOFTWARE\Wow6432Node\Untethered Labs\GateKeeper Client\Config
  5. "Value Name" should be ApiKey
  6. "Value Data" should be filled with your ClientAPI key found in your GateKeeper Hub. If you don't know your ClientAPI Key, please click the following link. How to find your ClientAPI key.

The GPO has been created and should be enabled, but it is not applied to any computers yet. You must apply the GPO to the computers you wish to distribute the GateKeeper client to.

 

Applying your custom Group Policy Object (GPO)

  1. Right-click the organizational unit that has the computers you wish to apply this GPO to
  2. Click “Link an Existing GPO

mceclip5.png

Linking created group policy object.

  1. Select your “Gatekeeper Client Deployment” policy and click “OK
  2. Right-click the link you just created in the right-hand pane and click “Enforced

mceclip8.png

 Enforcing a linked group policy.

These settings will take effect when the policy is deployed, and end users' Client computers are restarted.

For any additional questions or concerns regarding proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.

GateKeeper_proximity_authentication_Enterprise_MFA_2FA_machine-screen.png

---------------------------------------------

Deployment, script; script deployment; GPO deploy; GateKeeper GPO; roll out 2fa; mfa rollout; mfa on premise; mfa on prem software; 2fa on-premise; digital transformation; technology overhaul; tech modernization; mass deployment; client edit; group policy deployment; GateKeeper group policy deployment; mass deployment option; deploy to all computers at once; deploy all software; deploy software to everyone; set software deployment; How to install GateKeeper Client application through Windows Group Policy (GPO).; How to install GateKeeper software through Windows Group Policy (GPO).; How to install GateKeeper end user Client software from Windows Group Policy (GPO).; 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.