Updates done through the Windows Group Policy is recommended as we do not have full control over the computers from the Hub. We are adding more ways of deploying software in the upcoming release. However, the recommended methods in order of preference are as follows.
Method 1: Group Policy deployment through the domain controller.
Method 2: GateKeeper Deploy tool from the computer running the GateKeeper Hub server.
Method 3: Scheduling installation through the GateKeeper Hub web application.
Below are the details of each method of updating the GateKeeper Client software.
Method 1: Group Policy deployment through the domain controller.
There are two methods of deploying the GateKeeper Client application through Windows Group Policy (GPO):
1) Startup Script Method
Create a GPO with Policies>Windows Settings>Scripts>Startup with the batch file containing
the silent install script.
2) Software Settings Method
1. Create a GPO with Policies>Software Settings>Applications with the .msi file from the SharedDrive
2. Setup registry policy with Preferences>Windows Settings>Registry
3. Add Registry Key HKLM\Software\Wow6432Node\UntetheredLabs\GateKeeper Client\Config
Set key’s "Value name" as ServerAddress
Set key’s "Value data" as https://ServerIP:3015
Set key's Value name as ClientAPIKey
Set key's Value data as asfasdgfsfdasfksafdlaksflasdfas (How to find my Hub API key)
Deploying GateKeeper through Group Policy
This article provides a walk-through for administrators who wish to distribute the GateKeeper Client software via Microsoft Group Policy.
Reference
Microsoft Group Policy Software Installation:
https://technet.microsoft.com/en-us/library/cc771306.aspx
Directions for Deploying GateKeeper through Group Policy
Access domain controller
First, you will need to get access to your domain controller. The domain controller is responsible for deploying group policies.
Run the group policy management console gpmc.msc
Once connected to your domain controller, open the group policy management console. This can be done by following the steps below.
- Open the “Run” prompt by holding the Windows key and clicking “R”
- Type gpmc.msc and click Enter
If the group policy management console is not available to you, you must install the “Active Directory Domain Services” role in the “Add roles and features” wizard. This includes “Group Policy Management” as a default feature.
Create and edit a custom Group Policy Object (GPO)
If you do not wish to create a custom group policy object, you may skip to step 5 and edit the “Default Domain Policy” instead.
Editing the default domain policy.
- In the group policy management editor, select the domain you wish to manage and right-click the “Group policy objects” item
- Select “New” to create a new GPO and leave Source Starter GPO at “(none)”
- You may name this GPO “Gatekeeper Client Deployment” and click “OK”
- Right-click the new GPO that you just created and select “Edit”
- In the left-hand pane, navigate to “Computer Configuration\Policies\Software Settings\Software Installation”
Selecting the software installation policy.
- Right-click “Software Installation” and select New -> Package
- Navigate to the Gatekeeper Client MSI package to install and ensure it is on a file share the client computers have access to
- For the deployment method, select “Assigned”
- Once the group policy has been updated on client computers, the GateKeeper Client software will be installed the next time those computers are restarted
Adding GateKeeper Client software configuration
By default, the GateKeeper Client software will not be able to locate the server instance. It requires a configuration key to be set in the registry which provides the IP address of the server software.
- Start by editing the “Gatekeeper Client Deployment” GPO we just created
- Navigate to Computer Configuration -> Preferences -> Registry
Adding Gatekeeper Client configuration registry key.
- Right-click “Registry” and select New -> Registry Item
- Set "Action" to “Replace” and Hive to HKEY_LOCAL_MACHINE
- Set "Key Path" to “SOFTWARE\Wow6432Node\Untethered Labs\GateKeeper Client\Config”
- Fill in the remaining fields as shown below
Registry key configuration.
- "Value data" should be filled with the IP address of your GateKeeper Server installation
The GPO has been created and should be enabled, but it is not applied to any computers yet. You must apply the GPO to the computers you wish to distribute the GateKeeper client to.
Applying your custom Group Policy Object (GPO)
- Right-click the organizational unit that has the computers you wish to apply this GPO to
- Click “Link an Existing GPO”
Linking created group policy object.
- Select your “Gatekeeper Client Deployment” policy and click “OK”
- Right-click the link you just created in the right-hand pane and click “Enforced”
Enforcing a linked group policy.
These settings will take effect when the policy is deployed, and client computers are restarted.
Method 2: GateKeeper Deploy tool from the computer running the GateKeeper Hub server.
GateKeeper Deploy to Computers
MSI application deployment utility for Windows computers on a network.
GateKeeper Deploy is a utility for seamlessly distributing software to computers on a network. It is used to deploy the GateKeeper Client application to Windows machines on your network.
Key requirements:
- File and Printer Sharing must be enabled on all computers
- Network Discovery must be enabled on all computers
- The MSI file of the software to be deployed must be saved in a shared drive that is accessible from all the computers
- System Level or credentials that have administrative rights on all the computers
Background Information:
The GateKeeper Deploy tool uses Microsoft’s PSExec utility to manage software deployment on a network. Other functions include ability to search Active Directory for computers on the network, ping any computer, and to shut down or restart one.
Enabling Network Discovery and File and Printer Sharing:
- Go to Control Panel --> Network and Internet
- Open Network and Sharing Center
- Navigate to Change advanced sharing settings
- Turn on Network Discovery and File and Printer Sharing (usually Domain)
Using the GateKeeper Deploy Utility:
Install the GateKeeper Deploy utility on the computer you will deploy software from. After installation, launch the application.
Click the Computers button to load the Computers menu. From this menu, search for computers on the domain and then select the ones you want to deploy the software to and then click Use List to go back to the main screen.
Check the box next to the computers you want to deploy software to and then ping them to make sure they are available.
The ping command will return an “OK” or “FAIL” result for the computers you have selected.
Next, click the Browse button to select the MSI file. In this example, we are selecting the GateKeeper-Client-Win.msi file from a shared folder on the network. It is important to keep this file in a shared drive that is accessible by all the computers on the network.
Once you choose the MSI file, you can select the various options for the installation. The most recommended option is: Quiet Installation for All Users.
You can also add command line arguments here. For example, for the GateKeeper Client application, you can set the address of the GateKeeper Hub server by typing in:
When you have finished selecting the appropriate options, click Done.
Next, select the appropriate credentials for deployment. You can either select the System Account or you can type in your admin credentials and select Use Credentials Option.
*[Important] In order to use the System Account for deployment, make sure you selected the option for All Users in the previous menu.
Finally, click Deploy to start the deployment process. This will open the deployment status screen where you can monitor installation progress.
You can see the computers where the PSExec process is initialized and the status of the progress. Clicking on the Deployment Log, Raw, and MSI Logging tabs shows information on the different stages of the deployment process. Upon successful deployment to all selected computers, the loading bar will reach 100% status in green and the log file will be shown.
Close this screen and return to the main screen - now you can also see the log of the PSExec commands for each of the computers.
Method 3: Scheduling installation through the GateKeeper Hub web application.
Schedule Update for Client Applications
IT admins that have many computers to deal with can manage/change settings on multiple computers at one time.
- Open Google Chrome/Firefox web browser.
- Log in to the GateKeeper Hub.
- Click the Computers tab then click GateKeeper Computers.
- On the GateKeeper Computers page, you can see all the computers that are in the Hub.
- You can select multiple Computers.
- Clicking a computer brings up the buttons at the top of the Name category versus having it beside the computer if you simply hover over a single computer.
Single Computer
Multiple Computers
- With the computer selected, you have the option of selecting multiple computers in the list and being able to Manage or Deactivate the selected computers.
- Click the Update Client Software tab.
9. Select the Update Time and click Enable Updates.
You can edit Location, Department, change Group, save Kiosk Mode Password, or update GateKeeper software on Client computers.
For any additional questions or concerns regarding proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.
-----------------------------------
best way to update client application; how to update software; best ways to update gatekeeper client software; install did not run smoothly; gatekeeper required a reset; gatekeeper update froze; the computer froze if the computer was locked and someone tried to log in with gatekeeper; hard reset required; GateKeeper required alot of manual involvement than it should have; new enterprise update; first client-side update for all computers on my network; What is the best way to update the client application?; how to update gatekeeper properly; how to update software automatically; autoupdate tool; auto-update GateKeeper software; keeping up to date with software; software updates automatically; Best way to update the hub - anything we should know before doing so?; warnings before updating?; auto update software; auto-update GateKeeper software; GateKeeper Client software update automatically; I tried to update and I got an error message.; Updating gatekeeper software on workstations client; how to update gatekeeper client software on computer; how to update the gatekeeper client software application on workstations;
Comments
0 comments
Please sign in to leave a comment.