Deploying security applications by using Active Directory

If Active Directory is used in your customer's infrastructure, you can deploy Kaspersky Endpoint Security for Windows on multiple devices simultaneously.

The procedure in this section contains a pre-configured logon script. This script runs automatically every time a device starts up and checks whether Kaspersky Endpoint Security for Windows installation has been started on the device. If it has not been started, the script runs the installation in silent mode.

To deploy security applications on multiple Windows devices by using Active Directory:

  1. Download the distribution package of the required security application.
  2. Save the package to a shared folder that is accessible to the devices on which you want to deploy security applications.

    We recommend that you select a folder for which the full path does not contain space characters.

    If the package name contains spaces, remove them or change them to the underscore (_) character.

  3. Go to the folder with the downloaded package and create a .bat file with the following script:

    set SHARE_PATH=<path to distribution package>
    set PACKAGE_NAME=<name of distribution package>
    set __KESCLOUD_ROOT_KEY="HKLM\Software\KasperskyLab\KESCloud"
    set __KESCLOUD_KEY_NAME="<name of registry entry>"
    set __KESCLOUD_PACKAGE_FULL_PATH="%SHARE_PATH%\%PACKAGE_NAME%"
    set __KESCLOUD_PACKAGE_ARGUMENTS=-s
    REG QUERY %__KESCLOUD_ROOT_KEY% /v %__KESCLOUD_KEY_NAME% | FIND "0x1"
    IF %ERRORLEVEL% == 1 GOTO INSTALL
    GOTO END
    :INSTALL
    REG ADD %__KESCLOUD_ROOT_KEY% /v %__KESCLOUD_KEY_NAME% /t REG_DWORD /f /D 1
    %__KESCLOUD_PACKAGE_FULL_PATH% %__KESCLOUD_PACKAGE_ARGUMENTS%
    :END

    Here:

    • <path to distribution package> stands for the actual path to the shared folder with the downloaded distribution package. We recommend that you avoid using quotation marks.
    • <name of distribution package> stands for the actual name of the downloaded distribution package. We recommend that you avoid using quotation marks.
    • "<name of registry entry>" stands for the name of the registry entry that is used to confirm that the installation has been started. You can specify any name that contains numeric and Latin characters. We recommend that you use the Kaspersky Endpoint Security for Windows version number in quotation marks.
  4. Go to Control PanelAdministrative Tools, and then open Group Policy Management.
  5. Expand the node with the required domain, and then click Group Policy Objects.

    Group Policy Objects node in Group Policy Management window

  6. In the right pane, right-click the empty space, and then select New.

    New shortcut menu item in Group Policy Management window

  7. Name the new object as you like. Click OK to save the object.
  8. Right-click the created object, and then select Edit.
  9. Specify that you want Kaspersky Endpoint Security for Windows installed on the devices at the operating system startup. To do so:
    1. Expand the Computer ConfigurationPoliciesWindows Settings node, and then select Scripts (Startup/Shutdown).
    2. In the right pane, right-click Startup, and then select Properties.

    Properties shortcut menu item in Group Policy Management window

    1. In the Startup Properties window that opens, click Add.
    2. In the Add a Script window that opens, click Browse, and then select the file of the script that you have created. No script parameters are required.
    3. Click OK to close the Add a Script window.
    4. Click OK to close the Startup Properties window.
  10. Associate the created object with the devices to which Kaspersky Endpoint Security for Windows must be installed. The simplest method is to associate the object with the entire domain. To do so:
    1. Right-click the required domain, and then select Link an Existing GPO.

    Link an Existing GPO shortcut menu item in Group Policy Management window

    1. In the Select GPO window that opens, select the created object.
    2. Click OK to close the Select GPO window.

    In a similar way, you can associate the created group policy object with an organizational unit or a site.

  11. Depending on the selected moment when you want Kaspersky Endpoint Security for Windows installed on the devices, do one of the following:
    • If you selected to install Kaspersky Endpoint Security for Windows at the operating system startup, tell the users to restart their devices.
    • If you selected to install Kaspersky Endpoint Security for Windows at the user logon, tell the users either to re-log on to their devices or to restart their devices.

After the security application is installed, the added Windows devices appear in the Devices list. The security profile named Default is applied to these devices.

Page top