Installing an application through Active Directory group policies

Kaspersky Security Center allows you to install Kaspersky applications on managed devices by using Active Directory group policies.

You can install applications by using Active Directory group policies only from installation packages that include Network Agent.

To install an application using Active Directory group policies:

  1. Start configuring the application installation by using Remote Installation Wizard.
  2. In the Defining remote installation task settings window of the Remote Installation Wizard, select the Assign package installation in Active Directory group policies option.
  3. In the Select accounts to access devices window of the Remote Installation Wizard, select the Account required (Network Agent is not used) option.
  4. Add the account with administrator privileges on the device where Kaspersky Security Center is installed or the account included in the Group Policy Creator Owners domain group.
  5. Grant the permissions to the selected account:
    1. Go to Control PanelAdministrative Tools and open Group Policy Management.
    2. Click the node with the required domain.
    3. Click the Delegation section.
    4. In the Permission drop-down list, select Link GPOs.
    5. Click Add.
    6. In the Select User, Computer, or Group window that opens, select the necessary account.
    7. Click OK to close the Select User, Computer, or Group window.
    8. In the Groups and users list, select the account that you have just added, and then click AdvancedAdvanced.
    9. In the Permission entries list, double-click the account that you have just added.
    10. Grant the following permissions:
      • Create Group objects
      • Delete Group objects
      • Create group Policy Container objects
      • Delete group Policy Container objects
    11. Click OK to save the changes.
  6. Define other settings by following the instructions of the Wizard.
  7. Run the created remote installation task manually or wait for its scheduled start.

The following remote installation sequence starts:

  1. When the task is running, the following objects are created in each domain that includes any client devices from the specified set:
    • Group policy object (GPO) under the name Kaspersky_AK{GUID}.
    • A security group that corresponds to the GPO. This security group includes client devices covered by the task. The content of the security group defines the scope of the GPO.
  2. Kaspersky Security Center installs the selected Kaspersky applications on client devices directly from Share, that is, the shared network folder of the application. In the Kaspersky Security Center installation folder, an auxiliary nested folder will be created that contains the .msi file for the application to be installed.
  3. When new devices are added to the task scope, they are added to the security group after the next start of the task. If the Run missed tasks option is selected in the task schedule, devices are added to the security group immediately.
  4. When devices are deleted from the task scope, they are deleted from the security group after the next start of the task.
  5. When a task is deleted from Active Directory, the GPO, the link to the GPO, and the corresponding security group are deleted, too.

If you want to apply another installation schema using Active Directory, you can configure the required settings manually. For example, this may be required in the following cases:

The following options for using an alternative installation scheme through Active Directory are available:

See also:

Deployment using group policies of Microsoft Windows

Page top