Installation via Group Policy
This step-by-step instruction describes how to use Group Policy to automatically distribute DeviceLock Service to client computers. DeviceLock Service can be deployed in an Active Directory domain using the Microsoft Software Installer (MSI) package DeviceLock Service.msi and DeviceLock Service x64.msi.
Note: If you use a custom MSI package with defined DeviceLock Service settings to deploy DeviceLock Service using Group Policy, these settings are not applied to client computers if any one of the following conditions is true: •The default security is disabled on remotely running DeviceLock Services. •The GPO applied to client computers has the Override Local Policy setting enabled. For information about how to create a custom MSI package, see
Create MSI Package. |
You can use Group Policy to distribute DeviceLock Service by using the following steps:
•Create a Distribution Point
To install DeviceLock Service, you must create a distribution point on the server. To create a distribution point, do the following:
1. Log on to the server computer as an administrator.
2. Create a shared network folder in which to place the MSI package.
3. Set permissions on the share to allow access to the distribution package.
4. Copy the MSI package DeviceLock Service.msi and/or DeviceLock Service x64.msi to the distribution point.
•Create a Group Policy Object
To create a Group Policy object (GPO) with which to distribute DeviceLock Service, do the following:
1. In the Group Policy Management console tree, right-click your domain and then select the following command from the shortcut menu: Create a GPO in this domain, and Link it here.
2. Type the name that you want to call this policy, and then press ENTER.
3. In the console tree, select your Group Policy object, click the Delegation tab, and then click Advanced.
4. In the Security Settings dialog box that appears, select the Deny check box next to Apply group policy for the security groups that you want to prevent from having this policy applied. Select the Allow check box for the groups to which you want to apply this policy.
5. When you are done, click OK.
•Assign a Package
To assign DeviceLock Service to computers running Windows:
1. Use the Group Policy Management console to open the Group Policy object in the Group Policy Management Editor.
2. Under Computer Configuration, expand Software Settings.
3. Right-click Software installation, point to New, and click Package.
4. In the Open dialog box, type the full Universal Naming Convention (UNC) path to the shared folder that contains the DeviceLock Service MSI package. For example: \\file server\share\DeviceLock Service.msi.
Important: Do not browse to the location. Ensure that you use the UNC path to the shared folder. |
5. Click Open.
6. Click Assigned, and then click OK.
The package is listed in the right pane of the Group Policy Management Editor window.
7. Close the Group Policy Management Editor. When the client computer starts, DeviceLock Service is automatically installed.
•Upgrade a Package
If the previous version of DeviceLock Service was already deployed and you want to upgrade it to the new one:
1. Use the Group Policy Management console to open the Group Policy object that contains the old DeviceLock Service package in the Group Policy Management Editor.
2. Under Computer Configuration, expand Software Settings.
3. Right-click Software installation, point to New, and then click Package.
4. In the Open dialog box, type the full Universal Naming Convention (UNC) path to the shared folder that contains the new DeviceLock Service MSI package. For example: \\file server\share\DeviceLock Service.msi.
5. Click Open.
6. Click Assigned, and then click OK.
The new package is listed in the right pane of the Group Policy Management Editor window.
7. Right-click the new package, click Properties, and then click the Upgrades tab.
8. Click Add, select the old DeviceLock Service package you want to upgrade, choose the options Uninstall the existing package, then install the upgrade package, and then click OK.
9. Click OK to close the Properties dialog box. Then, close the Group Policy Management Editor.
When the client computer starts, DeviceLock Service is automatically upgraded.
Note: Normally, when upgrading DeviceLock Service, the new MSI package detects the package to update in the GPO so the actions in Step 7 and Step 8 are performed automatically. |
•Redeploy a Package
In some cases you may want to redeploy DeviceLock Service.
To redeploy a package:
1. Use the Group Policy Management console to open the Group Policy object which contains the deployed package in the Group Policy Management Editor.
2. Expand the Software Settings container that contains the Software installation item with which you deployed the package.
3. Click the Software installation container that contains the package.
4. In the right pane of the Group Policy Management Editor window, right-click the program, point to All Tasks, and then click Redeploy application.
The following message is displayed: “Redeploying this application will reinstall the application everywhere it is already installed. Do you want to continue?”
5. Click Yes.
6. Close the Group Policy Management Editor.
•Remove a Package
To remove DeviceLock Service:
1. Use the Group Policy Management console to open the Group Policy object which contains the deployed package in the Group Policy Management Editor.
2. Expand the Software Settings container that contains the Software installation item with which you deployed the package.
3. Click the Software installation container that contains the package.
4. In the right pane of the Group Policy Management Editor window, right-click the program, point to All Tasks, and then click Remove.
5. Click Immediately uninstall the software from users and computers, and then click OK.
6. Close the Group Policy Management Editor.
Please be aware that:
•Deployment occurs only when the computer starts up, not on a periodic basis. This prevents undesirable results, such as uninstalling or upgrading an application that is in use.
•DeviceLock Service will be copied to the folder %ProgramFiles%\DeviceLock Agent if this service doesn’t exist on the system. If the service exists on the system but its version is lower than 7.0, DeviceLock Service will also be copied to the default folder %ProgramFiles%\DeviceLock Agent. If the service exists on the system but its version is 7.0 or higher, DeviceLock Service will be copied to the folder containing the old version and the old version will be replaced.
