Deploying security applications by using Active Directory

If Active Directory is used in your customer's infrastructure, you can deploy Kaspersky Endpoint Security for Windows on multiple devices simultaneously.

The procedure in this section contains a pre-configured logon script. This script runs automatically every time a device starts up and checks whether Kaspersky Endpoint Security for Windows installation has been started on the device. If it has not been started, the script runs the installation in silent mode.

To deploy security applications on multiple Windows devices by using Active Directory:

  1. Download the distribution package of the required security application and save the package to a shared folder that is accessible to the devices on which you want to deploy security applications.

    We recommend that you select a folder for which the full path does not contain space characters.

    If the package name contains spaces, remove them or change them to the underscore (_) character.

  2. Go to the folder with the downloaded package and create a .bat file with the following script:

    ECHO ON
    set SHARE_PATH=<path to distribution package>
    set PACKAGE_NAME=<name of distribution package>
    set __KESCLOUD_ROOT_KEY="HKLM\Software\KasperskyLab\KESCloud"
    set __KESCLOUD_KEY_NAME="<name of registry entry>"
    set __KESCLOUD_PACKAGE_FULL_PATH="%SHARE_PATH%\%PACKAGE_NAME%"
    set __KESCLOUD_PACKAGE_ARGUMENTS=-s
    REG QUERY %__KESCLOUD_ROOT_KEY% /v %__KESCLOUD_KEY_NAME% | FIND "0x1"
    IF %ERRORLEVEL% == 1 GOTO INSTALL
    GOTO END
    :INSTALL
    REG ADD %__KESCLOUD_ROOT_KEY% /v %__KESCLOUD_KEY_NAME% /t REG_DWORD /f /D 1
    %__KESCLOUD_PACKAGE_FULL_PATH% %__KESCLOUD_PACKAGE_ARGUMENTS%
    :END

    Here:

    • <path to distribution package> stands for the actual path to the shared folder with the downloaded distribution package. We recommend that you avoid using quotation marks.
    • <name of distribution package> stands for the actual name of the downloaded distribution package. We recommend that you avoid using quotation marks.
    • "<name of registry entry>" stands for the name of the registry entry that is used to confirm that the installation has been started. You can specify any name that contains numeric and Latin characters. We recommend that you use the Kaspersky Endpoint Security for Windows version number in quotation marks.
  3. Go to Control PanelAdministrative Tools and open Group Policy Management.
  4. Expand the node with the required domain and click Group Policy Objects.

    Group Policy Management 1

  5. In the right pane, right-click the empty space and select New.

    Group Policy Management 2

  6. Name the new object as you like. Click OK to save the object.
  7. Right-click the created object and select Edit.
  8. Select the moment when you want Kaspersky Endpoint Security for Windows installed on the devices—at the operating system startup or at the user logon. Do either of the following:
    • If you want Kaspersky Endpoint Security for Windows installed on the devices at the operating system startup:
      1. Expand the Computer ConfigurationPoliciesWindows Settings node, and select Scripts (Startup/Shutdown).
      2. In the right pane, right-click Startup and select Properties.

        Group Policy Management 3

      3. In the Startup Properties window that opens, click Add.
      4. In the Add a Script window that opens, click Browse, and then select the file of the script that you have created. No script parameters are required.
      5. Click OK to close the Add a Script window.
      6. Click OK to close the Startup Properties window.
    • If you want Kaspersky Endpoint Security for Windows installed on the devices at the user logon:
      1. Expand the User ConfigurationPoliciesWindows Settings node, and select Scripts (Logon/Logoff).
      2. In the right pane, right-click Logon and select Properties.

        Group Policy Management 4

      3. In the Logon Properties window that opens, click Add.
      4. In the Add a Script window that opens, click Browse, and then select the file of the script that you have created. No script parameters are required.
      5. Click OK to close the Add a Script window.
      6. Click OK to close the Logon Properties window.
  9. Associate the created object with the devices to which Kaspersky Endpoint Security for Windows must be installed. The simplest method is to associate the object with the entire domain. To do so:
    1. Right-click the required domain and select Link an Existing GPO.

      Group Policy Management 5

    2. In the Select GPO window that opens, select the created object.
    3. Click OK to close the Select GPO window.

    In a similar way, you can associate the created group policy object with an organizational unit or a site.

  10. Depending on the selected moment when you want Kaspersky Endpoint Security for Windows installed on the devices, do one of the following:
    • If you selected to install Kaspersky Endpoint Security for Windows at the operating system startup, tell the users to restart their devices.
    • If you selected to install Kaspersky Endpoint Security for Windows at the user logon, tell the users either to re-log on to their devices or to restart their devices.

After the security application is installed, the added Windows devices appear in the Devices list. The security profile named Default is applied to these devices.

Page top