Use the Active Directory Group Policy Management console to deploy the agent package to your managed endpoints.
 |
ImportantThe steps contained in this topic reference Active Directory for Windows Server
2019 and are valid as of December, 2023. If you are using a different version of
Active Directory or Windows Server, refer to the documentation for your
version.
This deployment method only supports Windows agents.
|
Configure your agent installation packages to ensure that your newly-deployed
agents:
-
Report to the correct Protection Manager or Endpoint Inventory
-
Automatically apply the correct default settings
 |
NoteFor Server & Workload Protection agents, Trend Micro recommends that you configure a default policy and use the agent-initiated activation feature before deploying agent packages to simplify the connection process.
For Standard Endpoint Protection agents and Endpoint Sensor only agents, you can
set up the agent for
VDI environments if your network includes virtual desktops.
This method requires using a PowerShell script to execute the agent installer.
For more information, see Group Policy Object Sample Script.
|
Procedure
- Go to .
- Click Agent Installer.
- Locate the Agent Installer type you want to use and select the Windows operating system.
- For Standard Endpoint Protection, specify the following
package settings.
- Select the OS architecture.
- Select the Endpoint Group Manager that the newly-deployed agents report to.
- Click the Download installer icon (
).
- For Server & Workload Protection, specify the following package settings.
- Specify the package type.
-
Auto detect: The installation package is light-weight, and downloads and installs additional components after detecting the operating system type (requires more network bandwidth)
-
Full package: The installation package contains all necessary components and automatically installs the correct components after detecting the operating system version
-
- Select the Server & Workload Protection Manager that the newly-deployed agents report to.
- Click the Download installer icon ().
- Specify the package type.
- For Endpoint Sensor, specify the OS
architecture and click the Download
installer icon ().
- Unzip the Agent Package and move the contents to a directory that is accessible
via UNC.You must specify the UNC path where the contents are located in the PowerShell script used to execute the installation.
- In the Group Policy Management console, right click Group Policy Objects and select New.
- In the New GPO window, specify a name and click
OK.
Step 9 Example In this example, the new GPO is named(Demo) Deploy Agent. - Right click the GPO you created and select
Edit....
Step 10 Example In this example, the user right clicks(Demo) Deploy Agentand selects Edit... - Go to .
- Right click the GPO you created, click New, and select
Scheduled Task (At least Windows 7).
Step 12 Example In this example, the user navigates to Scheduled Tasks and right clicks the GPO to add a new task.The deployment settings window appears. - Configure the General tab.SettingConfigurationActionSelect UpdateNameThe field should already show the name of the GPO you createdIf the field does not show the correct name, click the ... button to select the correct GPO.Security Options
-
Specify the user NT AUTHORITY\System
-
Select Run whether user is logged on or not
-
Select Run with highest privileges
General Tab Example -
- On the Triggers tab, configure the time you want the deployment to occur.
- On the Actions tab, click New...
- Configure the settings in the New Action window.
- For Action, select Start a program.
- For Program/script, select the PowerShell script
to execute the Agent Installer.Refer to the sample PowerShell script and modify the variables to match your environment.
- For Add arguments, specify the UNC path where
the PowerShell script is located.For example, -file "\\serverName\demo\sample.ps1".
Action Tab Example - Click OK.
- Click OK to create the deployment.