Installing the Password Manager Pro Agent in Endpoints via Windows Group Policy Objects (GPO)

This document details the steps needed to install the Password Manager Pro Agent in multiple endpoints using Windows Group Policy Objects (GPO). Click here to download the PMP-Agent-Script zip file. Unzip the file and extract the PMPAgentInstallationScript.ps1 and PMPAgentUninstallationScript.ps1 files.

Prerequisites

• Refer to the steps detailed in this help page, download the Password Manager Pro agent installation zip from the Password Manager Pro interface, and copy the Agent Key. Save the key in a secure location—this must be added to the Password Manager Pro PowerShell script later.
• If you already have agents installed in the endpoints, follow these steps to uninstall the agents in bulk using the uninstallation script. This script will uninstall both the C++ and C agents.
• Create a Domain with all the target machines that need to be included in the GPO to be the endpoints where the agent is to be installed.

Steps to Create a GPO in the Domain and add Target Machines

1. Open Server Manager. In the top right corner, click Tools >> Group Policy Management.
2. Right click the Domain name and click the option Create a GPO in this domain, and Link it here.
   
3. Provide a name for the new GPO, for example: AgentGPO. Now, click the newly created GPO. Under Scope >> Security Filtering, click Add. In the Select User, Computer, or Group window, enter the target machine names or the name of the group name that contains all the target endpoints. You can also enter the names of the target machines individually. Click OK.
   
4. Switch to the Delegations tab. Right click the group you added and provide full access permission as shown below.
   
   You have successfully created a Group Policy and added the target machines where the Password Manager Pro Agent is to be installed.

Steps to Add the Installation Script and Agent Installation Zip in the GPO

1. Now right click the GPO name from the left pane and click Edit settings, delete, modify security. The Group Policy Management editor window will open.
   
2. Expand the Policies > Windows Settings folders. Double click Scripts. In the Scripts window, click Startup and then click Properties.
   
3. Switch to the PowerShell Scripts tab and click Show Files. The network directory will open up. Copy the path of the network location.
   
4. Open the Password Manager Pro PowerShell script in an editor. Add the network location path copied in the previous step as the source variable, for example: "\\zylker.com \SysVol\zylker.com\Policies\{33A6F6BE-4A9E-4CCA-AB5A-7C96E14F2ACB}\Machine\Scripts\Startup\PMP_WindowsAgent_CS.zip" and a desired destination path, for example: c:\Program Files. This is the location where the agent will be installed in the target endpoints, so ensure that this path is available in all the target machines.
5. Now, paste the Password Manager Pro agent PowerShell script file and the Agent installation zip in the GPO network location.
   

6. Click Add, add the 'PMPAgentInstallationScript' file name under Script Name and the Agent installation key copied from Password Manager Pro under Script Parameters. Click Apply and OK again to save the settings.
7. In the GPO editor, expand Administrative Templates in the left pane. Expand the System folder under it and open Group Policy.
8. Under the Group Policy folder, right click Specify workplace connectivity wait time for policy processing.
   
9. In this window, click the Enabled option. Enter the Amount of time to wait as 120 seconds. Click Apply and click OK to save the settings.
   
10. The GPO will be applied. Once you restart all the target endpoints, the Password Manager Pro Agent PowerShell script will be invoked and the agent will be installed in the target machines.
11. After successful installation of the agent, disable the startup script for the GPO you created (AgentGPO in this example). This will ensure that the script is not invoked every time the target machines are restarted.

Troubleshooting Steps

Ensure that the AgentGPO has a higher precedence than the other GPOs. This is to make sure that the other GPOs don't override the permissions of the AgentGPO.

To check this, click the GPO name, right click the Enforced option and check if it is enabled.