In this article
This articles outlines how to mass distribute the Windows Roaming Client via Active Directory (AD, also known as Entra ID).
Deploying the Windows agent via AD is beneficial to set policies for different user groups, e.g. Executives/Employees or Faculty/Students. Easily integrate AD Organizational Units (OUs) with the DNSFilter Sync Tool to apply policies quickly, and add a blanket network policy by setting up DNS Forwarding on the domain controller.
Active Directory deployment is done by creating a Group Policy Object (GPO). Using Microsoft Transform (MST) files, integrate any of the command-line options listed in our silent installation article with the installer. This means you can smoothly deploy the client with preset tags, show/hide the tray icon, and associate the client with a specific network location.
Once deployed, manage Roaming Client settings like tags, Site, Filtering Policies, and Block Pages. Assign by individual agent or as groups to ensure filtering policies are as specific as possible for your environment.
Deploy via Active Directory
The installation procedure for the Roaming Client is based on the standard method of using Group Policy.
Step one: Download the agent Installer
- From the DNSFilter dashboard, navigate to Deployments and select Roaming Clients
- Tab to Install
- Download the DNSFilter installer
Step two: Edit the MSI file in Orca
Download the Orca tool for free from the Windows SDK.
Before you begin: Any line labeled SETCMD in the MST file can be changed, but it may not be wise to do so in Orca because it is easier to customize via the DNSFilter dashboard.
We recommend making the MST file as widely applicable as possible and customize in the dashboard. Hardcoding too many values here will result in increasing the deployment complexity in AD, which should be avoided.
If possible, generate just one Orca transform file per location/network site registered with DNSFilter.
- From Orca, open the MSI file (the Windows installer)
- Navigate to Tables and select Custom Actions
- Update any command-line options listed in our silent installation article if applicable
✍️ We recommend using tags as a command-line flag that correspond to the user groups in AD, such as Sales or Engineering. This will result in a similar structure reflected in the DNSFilter dashboard as your AD environment.
- Update any command-line options listed in our silent installation article if applicable
- Select Transform
- Select New Transform
- Enter the Site Secret Key
- Navigate back to the DNSFilter dashboard's Roaming Clients install tab
- Select a Site to associate with the deployment
- Copy the Site Secret Key
- Navigate back to the Transform file
- Paste the Site Secret Key in the SETCMD NKEY line
✍️ edited fields turn green to note the change
- Select Transform
- Select Generate Transform
- Save the file and exit Orca
Step three: Create a Network Share
This is necessary to distribute MSIs in Active Directory. If you already have this setup, skip this section.
- From the Windows Server, open Server Manager
- Navigate to File and Storage Servers
- Select Shares
- From the Tasks dropdown, select New Share
- Click through Next until Specify Share Name
✍️ Note the Local Path. You'll navigate back here during step four. - Name the Share
- Select Next until the end
Step four: Move the MSI and MST Files to the Network Share
- From Downloads, cut the MSI and MST files
- Navigate to the Network Share's Local Path
- Paste the files
Step five: Create and the Group Policy
- Navigate to Server Manager
- Select Tools
- Select Group Policy Management
- Select computer's OU inside the headquarters
- Right click and select Create new GPO
- Name the new GPO
Step six: Edit the Group Policy
- Navigate to Policies and select software settings
- Select software installation
- Right-click and select new package. It will prompt for the MSI file
- Navigate to the network share and open the MSI file
- Select advanced under deployment method
- Select OK
- Navigate to modifications
- Select add
- Add MST file
That's it! During the next policy refresh the Roaming Client will automatically complete a silent deployment across the OU along with the certificate file for HTTPS block pages. The client will register to DNSFilter and begin filtering and logging DNS query traffic in the DNS Query Log.
Comments
0 comments
Article is closed for comments.