Install Backup Agent Using Windows GPO

Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.

Group Policy controls what users can and cannot do on a computer system: for example, to enforce a password complexity policy that prevents users from choosing an overly simple password, to allow or prevent unidentified users from remote computers to connect to a network share, to block access to the Windows Task Manager or to restrict access to certain folders. A set of such configurations is called a Group Policy Object (GPO). Some of these configurations - such as those for automated software installation, drive mappings, startup scripts or logon scripts - only apply during startup or user logon. This is exactly what we're going to use for remote installation of or Managed Backup Service desktop agent. Without further ado, let's dive in to the installation guide.

To Install Backup Agent

  1. Open Windows Administrative Tools.

  1. Open Group Policy Management. This Windows tool will be used for remote deployment of Backup Agent software.

  1. Find a target remote computer.
  2. Right-click on the policy for remote deployment, then click Edit.

  1. In the left sidebar menu, navigate to User Configuration => Policies => Windows Settings => Scripts (Logon/Logoff).

  1. Open Logon. A logon script will be used for checking and downloading new builds.

  1. In the Logon Properties dialog box, select a script or add a new one.
  2. Click Show Files.

  1. Right-click on the script, then click Edit.
  2. Enter the following script:
powershell -command "if (-not(Test-Path -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07BCB989-197A-4E3D-852D-DE8363860401}')){mkdir c:\backup 2>null;(New-Object Net.WebClient).DownloadFile('https://s3.amazonaws.com/yourBuildURL.exe', 'c:\backup\cbl.exe');c:\backup\cbl.exe /S}"

In addition, you can append the script with a command that authenticates user via user crendetials:

  1. Open the installation folder.
  2. Run the following command:
cbb.exe addAccount -e yourUserEmail -p userPassword
  1. Once the script is done, save it and exit the Group Policy Management Editor.

Note that this approach requires writing separate scripts for all users

When a user logs on to their computer, a new Backup Agent version will be installed automatically.

Note that script should be run just once, as Windows GPO monitors subsequent installations of the same software builds

Remote Authentication via Management Console

Once user runs a Backup Agent for the first time, an authentication is required. Provided with three options, they should select the last one — Use Windows authentication (AD direct mode).

They will fail at first, expectedly.

To rectify this issue, you need to accept their AD request from the MBS Management Console.

Under Users, click Users. Next, click AD Requests.

There you see it — fiji! Just click the little green tick icon and you're all done.

Now when the user attempts to authenticate, they will succeed. The fully functional app will start, letting you create backup & restore plans alike. Finally, you can even configure backup plans remotely for each of your local computer via MBS Management Console, as it has a full-fledged Backup Wizard right in the browser.

But that's a different story we'll tell you later. For now, we hope that the process of installing our software via Windows GPO is a bit more clear. If you still have any questions with regard to the matter — feel free to let us know in the comment section below.