Install Backup Agent Using Windows GPO

Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.

Group Policy controls what users can and cannot do on a computer system: for example, enforce a password complexity policy that prevents users from choosing an overly simple password, allow or prevent unidentified users from remote computers to connect to a network share, to block access to the Windows Task Manager or to restrict access to certain folders. A set of such configurations is called a Group Policy Object (GPO). Some of these configurations - such as those for automated software installation, drive mappings, startup scripts, or logon scripts - only apply during startup or user logon. This is exactly what we're going to use for the remote installation of the Backup Agent.

To Install Backup Agent

  1. Open Windows Administrative Tools.

  1. Open Group Policy Management. This Windows tool will be used for remote deployment of Backup Agent software.

  1. Find a target remote computer.
  2. Right-click on the policy for remote deployment, then click Edit.

  1. In the left sidebar menu, navigate to User Configuration => Policies => Windows Settings => Scripts (Logon/Logoff).

  1. Open Logon. A logon script will be used for checking and downloading new builds.

  1. In the Logon Properties dialog box, select a script or add a new one.
  2. Click Show Files.

  1. Right-click on the script, then click Edit.
  2. Enter the following script:
powershell -command "if (-not(Test-Path -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07BCB989-197A-4E3D-852D-DE8363860401}')){mkdir c:\backup 2>null;(New-Object Net.WebClient).DownloadFile('https://s3.amazonaws.com/yourBuildURL.exe', 'c:\backup\cbl.exe');c:\backup\cbl.exe /S}"

In addition, you can append the script with a command that authenticates a user via user credentials:

  1. Open the installation folder.
  2. Run the following command:
cbb.exe addAccount -e yourUserEmail -p userPassword
  1. Once the script is done, save it and exit the Group Policy Management Editor.

Note that this approach requires writing separate scripts for all users

When a user logs on to their computer, a new Backup Agent version will be installed automatically.

Note that script should be run just once, as Windows GPO monitors subsequent installations of the same software builds

Remote Authentication via Management Console

Once a user runs a Backup Agent for the first time, authentication is required. Provided with three options, they should select the last one — Use Windows authentication (AD direct mode).

They will fail at first, expectedly.

To rectify this issue, you need to accept their AD request from the MBS Management Console.

Under Users, click Users. Next, click AD Requests.

Click the little green tick icon and you're all done.

Now when the user attempts to authenticate, they will succeed. The fully functional app will start, letting you create backup & restore plans alike. Finally, you can even configure backup plans remotely for each of your local computers via Management Console, as it has a full-fledged Backup Wizard right in the browser.

https://git.cloudberrylab.com/egor.m/doc-help-mbs.git