Deploying the agent using GPO scheduled tasks

This guide will walk through using the Microsoft Group Policy Objects and Scheduled Tasks to deploy the RocketCyber Agent.

A few notes about the deployment script:

  1. The console generates a PowerShell script per organization that automatically includes the information required to deploy the agent, specifically the license key and the URL.
  2. The script first checks to see if the agent is already installed before performing an install.
  3. If the script does not detect an installed agent, it will download the agent installer package to the local machine and execute it.

Retrieve the appropriate Powershell script

  1. Log onto the RocketCyber console, from the left-hand navigation menu click All Organizations.
  2. Click Deploy for the appropriate organization.
    screen-shot-2020-01-06-at-4-17-56-pm.png
  3. Click the Select & Copy button for the CLI Command script.
    screen-shot-2020-02-25-at-12-44-56-pm.png

Locate The NETLOGON Share

  1. Log on to the Domain Controller that you wish to utilize for deployment.
  2. From a cmd.exe prompt run as administrator type:
 net share

You will see output similar to below
screen-shot-2020-02-25-at-11-54-53-am.png

  1. In the list of shares displayed locate the share named NETLOGON

In this example the directory location is C:\Windows\SYSVOL\sysvol\rocketcyber.com\SCRIPTS

You will use this directory path in the Scheduled Task steps for configuring the Start Directory

Create a Scheduled Task

Open the Group Policy Management App on the server.

  1. Click the magnifying glass on the taskbar.
  2. Type Group Poli.
  3. Click the Group Policy Management app.
    screen-shot-2020-02-25-at-12-19-54-pm.png
  4. Right-click your domain in the navigation tree.
  5. Click Create a GPO in this domain and Link it here.
    screen-shot-2020-02-25-at-12-22-14-pm.png
  6. In the New GPO dialog, enter a name for the Group Policy Object.
    screen-shot-2020-02-25-at-12-23-41-pm.png
  7. Right-click the New GPO and click Edit
    screen-shot-2020-02-25-at-12-25-11-pm.png
  8. The Group Policy Management Editor will open.
    In the left-hand tree navigate to Computer Configuration > Preferences > Control Panel Settings > Scheduled Task.
    screen-shot-2020-02-25-at-12-26-43-pm.png
  9.  In the Scheduled Tasks view, right-click and select New > Scheduled Task.
    screen-shot-2020-02-25-at-12-30-05-pm.png
  10. Complete the fields in the New Task Properties Dialog
    • Action: Create
    • Name: RocketAgent Deploy
    • Run: C:\Windows\System32\cmd.exe
    • Arguments: /C <CLI Script Copied Above>
    • Start In: NETLOGON Share Path identified in Locate NETLOGON Share steps

IMPORTANT  It is very important to add the /C before the CLI Script in Arguments. The task will likely not execute properly if you do not.
screen-shot-2020-02-25-at-12-40-47-pm.png

  1. Click the Schedule tab and set the following properties:
    • Scheduled Task: Run Once
    • Start Time: Sometime in the future
    • Run On: Select the appropriate date to execute
      screen-shot-2020-02-25-at-12-41-40-pm.png
  1.  Click OK to save the scheduled task.
  2.   To apply this scheduled task to all systems in the domain: from a cmd.exe prompt as administrator run
gpupdate

When the task executes on the desired domain-joined computers, the RocketAgent should appear in the RocketCyber Console under the appropriate organization account.