How can we help?

Deploying Auvik SaaS Management via GPO - Scheduled Task

Follow

Download a .ps1 Deployment file from Auvik SaaS Management.

  1. Log into the Auvik SaaS Management platform, navigate to Org Preferences > Integrations > Custom Script, and select the client or site you’d like to deploy from the drop-down menu.

  1. Select the Download Script button on the right-hand side to download a .ps1 file to deploy the ASM agent for the selected client.

Create a New Policy and Save Your Deployment Script in a Shared Location

  1. Login to your domain controller or any device that is used to create and apply new group policies to workstations and open the Group Policy Management Console.
  2. Create a New Group Policy at the desired level. Note - if you are looking to test the deployment with a small subset of users, it often makes sense to create a new Security Group containing the workstations that you’d like to test with. Once the agent is confirmed to be working, you can then add workstations to this group, or apply to a different policy that reaches a broader set of workstations.
  3. Upload the .ps1 file downloaded from the SaaS Management platform to a shared location accessible to all workstations. Typically the file can be saved in SYSVOL or on another network share that is accessible from all workstations. 

Important Note: Make sure the devices you would like to run the deployment script on have access to this shared location and have the appropriate file permissions to run scripts. This can often be done by right-clicking the file in Windows File Explorer > going to the “Properties” menu, and setting the file to have Read & Execute permissions for the appropriate security groups.

OPTIONAL

If you do not typically use SYSVOL for shared files, the file can also be placed in the `Startup` folder by navigating to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown). Double-click on “Startup” and click “Show Files”. Copy/paste your .ps1 file into the /Startup directory shown.

  1. Whether you are using a network share (like SYSVOL) or if you’re using the /Startup directory, Shift+right click on your .ps1 file and select “Copy as Path”. Paste this value into Notepad or another tool as we’ll be using it later when we configure the script to run.
  2. In Group Policy Management Console, navigate to Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks. Right-click on Scheduled Tasks and select New.

You can then select Immediate Task (At least Windows 7+) or Scheduled Tasks (At least Windows 7+) based on your desired behaviour.



Configure and Run the Scheduled Task via GPO

  1. Give your task a recognisable name, and set the settings on the “General” screen as follows:
    1. Name: Run ASM Install
    2. User Account: System (This can also be set to any other admin user who has the permission to run the script)
    3. Select Run whether user is logged in or not
    4. Check Run with highest privileges

  1. Optional: If you selected a scheduled task, select the Trigger tab and configure it based on your needs (Either at a scheduled time, on log-in, or at startup).
  2. Navigate to the Actions menu and configure as follows:
    1. Action: Start a program
    2. Program/Script: C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
    3. Add arguments - Enter as shown below. This section tells Powershell to run your saved .ps1 file. 
      Be sure to modify these arguments based on your specific file location by replacing [ScriptFilePath] with the correct file path. (You can always Shift+right click and select “Copy as Path” if you’d like to get the exact file path to your saved .ps1 file on a network drive).

Example:

-ExecutionPolicy Bypass -command "& '[ScriptFilePath]\Saaslio-Client-Install_Dec2022.ps1'"

For those using SYSVOL, your arguments should look similar to: 

-ExecutionPolicy Bypass -command "& '\\yourdomain.com\SYSVOL\yourdomain.com\scripts\Saaslio-Client-Install_Dec2022.ps1'"

 

It is recommended to use UNC paths since in some cases, “Shared” Network drives may not be immediately accessible when the device starts up. If you used the Startup folder to store your .ps1 file, you can use the following command (replacing the “Unique-GPO-ID” with the ID of your group policy and ensuring the file name of the .ps1 is correct).

-ExecutionPolicy Bypass -command "& '\\yourdomain.com\SYSVOL\yourdomain.com\Policies\{Unique-GPO-ID}\Machine\Scripts\Startup\Saaslio-Client-Install_Dec22.ps1'"

  1. Under the Settings tab check the following settings:
    1. Stop the task if runs longer than: 1 hour
    2. If the running task does not end when requested, force it to stop: Checked

You’re now ready to apply your Group Policy!

  • Click Apply to save your changes
  • Click OK to apply your new group policy.

You should see new devices appear within ASM under the Devices menu as they check-in. If you’d like to test this immediately on a particular workstation, you can force GPO to update with the latest definitions as described here: https://learn.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/refresh-group-policy

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request