Updates through the Windows Group Policy are recommended, as we do not have full control over the computers from the Hub. We are adding more ways of deploying software in the upcoming release. However, the recommended methods in order of preference are as follows.

For Client software updates to the latest version, we recommend installing the GateKeeper Client using the MSI file through your own deployment tools. We do not recommend installing through the older Client app or through the Hub. Instead, recommend using the command line tool with the MSI file, or your own deployment tools such as SCCM, GPO, PDQ Deploy, etc.

Method 1: Group Policy deployment through the domain controller.

Method 2: GateKeeper Deploy tool from the computer running the GateKeeper Hub server.

Method 3: Scheduling installation through the GateKeeper Hub web application.

Below are the details of each method of updating the GateKeeper Client software.

Method 1: Group Policy deployment through the domain controller.

There are two methods of deploying the GateKeeper Client application through Windows Group Policy (GPO):

1) Startup Script Method

Create a GPO with Policies>Windows Settings>Scripts>Startup with the batch file containing
The silent install script.

The API key is used to automatically sync the GateKeeper Client app with the Cloud GateKeeper Hub admin console. If the API key is not provided, a Hub admin must sync the client app manually.

How to find my Hub API key.

2) Software Settings Method

1. Create a GPO with Policies>Software Settings>Applications with the .msi file from the SharedDrive

2. Set up registry policy with Preferences>Windows Settings>Registry

3. Add Registry Key HKLM\Software\Wow6432Node\UntetheredLabs\GateKeeper Client\Config

Set key’s "Value name" as ServerAddress and Type as REG_SZ

Set key’s "Value data" as https://ServerIP:3015

3. Add Registry Key HKLM\Software\Wow6432Node\UntetheredLabs\GateKeeper Client\Config

Set key's Value name as APIKey and Type as REG_SZ

Set key's Value data as ABCD1234, where ABCD1234 is the API KEY for your Hub installation

Deploying GateKeeper through Group Policy

This article provides a walk-through for administrators who wish to distribute the GateKeeper Client software via Microsoft Group Policy.

Reference

Microsoft Group Policy Software Installation:

https://technet.microsoft.com/en-us/library/cc771306.aspx

Directions for Deploying GateKeeper through Group Policy

Access the domain controller

First, you will need to get access to your domain controller. The domain controller is responsible for deploying group policies.

Run the group policy management console gpmc.msc

Once connected to your domain controller, open the group policy management console. This can be done by following the steps below.

1. Open the “Run” prompt by holding the Windows key and clicking “R”
2. Type gpmc.msc and click Enter

If the group policy management console is not available to you, you must install the “Active Directory Domain Services” role in the “Add roles and features” wizard. This includes “Group Policy Management” as a default feature.

Create and edit a custom Group Policy Object (GPO)

If you do not wish to create a custom group policy object, you may skip to step 5 and edit the “Default Domain Policy” instead.

Editing the default domain policy.

1. In the group policy management editor, select the domain you wish to manage and right-click the “Group policy objects” item
2. Select “New” to create a new GPO and leave Source Starter GPO at “(none)”
3. You may name this GPO “Gatekeeper Client Deployment” and click “OK”
4. Right-click the new GPO that you just created and select “Edit”
5. In the left-hand pane, navigate to “Computer Configuration\Policies\Software Settings\Software Installation”

Selecting the software installation policy.

6. Right-click “Software Installation” and select New -> Package
7. Navigate to the Gatekeeper Client MSI package to install and ensure it is on a file share the client computers have access to
8. For the deployment method, select “Assigned”
9. Once the group policy has been updated on client computers, the GateKeeper Client software will be installed the next time those computers are restarted

Adding GateKeeper Client software configuration

By default, the GateKeeper Client software will not be able to locate the server instance. It requires a configuration key to be set in the registry which provides the IP address of the server software.

1. Start by editing the “Gatekeeper Client Deployment” GPO we just created
2. Navigate to Computer Configuration -> Preferences -> Registry

Adding Gatekeeper Client configuration registry key.

3. Right-click “Registry” and select New -> Registry Item
4. Set "Action" to “Replace” and Hive to HKEY_LOCAL_MACHINE
5. Set "Key Path" to “SOFTWARE\Wow6432Node\Untethered Labs\GateKeeper Client\Config”
6. Fill in the remaining fields as shown below

7. Set key’s "Value name" as ServerAddress and Type as REG_SZ

   Set key’s "Value data" as https://ServerIP:3015

8. Set key's Value name as APIKey and Type as REG_SZ

   Set key's Value data as ABCD1234, where ABCD1234 is the API KEY for your Hub installation

Registry key configuration.

The GPO has been created and should be enabled, but it is not applied to any computers yet. You must apply the GPO to the computers you wish to distribute the GateKeeper client to.

Applying your custom Group Policy Object (GPO)

1. Right-click the organizational unit that has the computers you wish to apply this GPO to
2. Click “Link an Existing GPO”

Linking created group policy object.

3. Select your “Gatekeeper Client Deployment” policy and click “OK”
4. Right-click the link you just created in the right-hand pane and click “Enforced”

 Enforcing a linked group policy.

These settings will take effect when the policy is deployed, and client computers are restarted.

Method 2: GateKeeper Deploy tool from the computer running the GateKeeper Hub server.

GateKeeper Deploy to Computers

MSI application deployment utility for Windows computers on a network.

GateKeeper Deploy is a utility for seamlessly distributing software to computers on a network. It is used to deploy the GateKeeper Client application to Windows machines on your network.

Key requirements:

• File and Printer Sharing must be enabled on all computers
• Network Discovery must be enabled on all computers
• The MSI file of the software to be deployed must be saved in a shared drive that is accessible from all the computers
• System-level or credentials that have administrative rights on all the computers

Background Information:

The GateKeeper Deploy tool uses Microsoft’s PSExec utility to manage software deployment on a network. Other functions include ability to search Active Directory for computers on the network, ping any computer, and to shut down or restart one.

Enabling Network Discovery and File and Printer Sharing:

1. Go to Control Panel --> Network and Internet
2. Open Network and Sharing Center
3. Navigate to Change advanced sharing settings
4. Turn on Network Discovery and File and Printer Sharing (usually Domain)

Using the GateKeeper Deploy Utility:

Install the GateKeeper Deploy utility on the computer you will deploy software from. After installation, launch the application.

Click the Computers button to load the Computers menu. From this menu, search for computers on the domain and then select the ones you want to deploy the software to and then click Use List to go back to the main screen.

Check the box next to the computers you want to deploy software to and then ping them to make sure they are available.

The ping command will return an “OK” or “FAIL” result for the computers you have selected. 

Next, click the Browse button to select the MSI file. In this example, we are selecting the GateKeeper-Client-Win.msi file from a shared folder on the network. It is important to keep this file in a shared drive that is accessible by all the computers on the network.

Once you choose the MSI file, you can select the various options for the installation. The most recommended option is: Quiet Installation for All Users.

You can also add command-line arguments here. For example, for the GateKeeper Client application, you can set the address of the GateKeeper Hub server by typing in “SERVER_ADDR=https://<IPAddressOfHub>:<PortNumberOfHub> API_KEY=YOURAPIKEY” 

When you have finished selecting the appropriate options, click Done.

Next, select the appropriate credentials for deployment. You can either select the System Account or you can type in your admin credentials and select Use Credentials Option.

*[Important] In order to use the System Account for deployment, make sure you selected the option for All Users in the previous menu.

Finally, click Deploy to start the deployment process. This will open the deployment status screen, where you can monitor installation progress.

You can see the computers where the PSExec process is initialized and the status of the progress. Clicking on the Deployment Log, Raw, and MSI Logging tabs shows information on the different stages of the deployment process. Upon successful deployment to all selected computers, the loading bar will reach 100% status in green and the log file will be shown.

Close this screen and return to the main screen - now you can also see the log of the PSExec commands for each of the computers.

Method 3: Scheduling installation through the GateKeeper Hub web application.

Schedule Update for Client Applications

IT admins who have many computers to deal with can manage/change settings on multiple computers at one time.

1. Open Google Chrome/Firefox web browser.
    
2. Log in to the GateKeeper Hub.
    
3. Click the Computers tab.
   
   
    
4. On the App Computers page, you can see all the computers that are in the Hub with their GateKeeper Client version. 
   
   
    
5. To select multiple computers, simply click on one of the computers that are displayed in the Computers View field.
   
   
   
    

6. Clicking a computer brings up the 

   buttons at the top of the Name category, versus having it beside the computer if you simply hover over a single computer.
   
   Single Computer
   
   
   Multiple Computers
   
    

7. With the computer selected, you have the option of selecting multiple computers in the list and being able to Manage or Deactivate the selected computers.
    
8. Click the Update Client Software tab.

9. Select the Update Time and click Enable Updates.

You can edit Location, Department, change Group, save Kiosk Mode Password, or update GateKeeper software on Client computers.

For any additional questions or concerns regarding proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form at https://gkaccess.com/support/ or email support@gkaccess.com.

-----------------------------------

best way to update client application; how to update software; best ways to update gatekeeper client software; install did not run smoothly; gatekeeper required a reset;  gatekeeper update froze; the computer froze if the computer was locked and someone tried to log in with gatekeeper; hard reset required; GateKeeper required alot of manual involvement than it should have; new enterprise update; first client-side update for all computers on my network; What is the best way to update the client application?; how to update gatekeeper properly; how to update software automatically; autoupdate tool; auto-update GateKeeper software; keeping up to date with software; software updates automatically; Best way to update the hub - anything we should know before doing so?; warnings before updating?;