To install the Endpoint, we need to use the .exe. Since we cannot install via .exe on Group Policy Management, how do we deploy the endpoint?

Below are the steps for creating the GPO.
 

1. Create a shared folder. 
   • For Microsoft Server 2012: 12 Steps to NTFS Shared Folders in Windows Server 2012
   • For Windows 10/Microsoft Server 2016: Changes to file sharing over a network in Windows 10
   • In either case, make sure the location can be accessed by all PCs that need the Endpoint installed, and the share user is the admin who will run the install.
2. Copy the Endpoint Package you have created into this shared folder. See the Forcepoint One Endpoint Installation Guide for instructions. 
3. Create a batch file (.bat) in the shared folder, for example “installep.bat”.This can be done in any text editor.
4. Create a script and place into the .bat file, making sure the endpoint package path and name is specifically outlined:

for /f "tokens=3" %%a in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Websense\Agent" /v InstallVersion') do set n=%%a
if NOT "%n%" =="8.2.2334" (GOTO CHECKOS) ELSE (GOTO END)
:CHECKOS
IF EXIST "%PROGRAMFILES(X86)%" (GOTO 64BIT) ELSE (GOTO 32BIT)
:64BIT
<Location of the Endpoint Package>\<name of the 64bit endpoint built>.exe /v"/quiet /norestart"
GOTO END
:32BIT
<Location of the Endpoint Package>\<name of the 32bit endpoint built>.exe /v"/quiet /norestart"
GOTO END
:END

 

5. Test your batch file manually to make sure it runs on other workstations. You can do this by opening the server path to the file on a workstation and attempting to run the file. If the file does not run, check your permissions.
6. Open the Group Policy Management Console on the Managing server. (GPMC).
7. Create a new (or open an existing) GPO on the organisation unit (OU) in which your computer accounts reside. To create a new GPO:
   1. In the console tree, right-click Group Policy Objects in the forest and domain in which you want to create a Group Policy Object(GPO)
   2. Click New.
   3. In the New GPO dialog box, specify a name for the new GPO, and click OK.
8. Open Computer Configuration >Windows Settings > Scripts, and double-click Startup in the right pane of the screen.
9. Click Add.
10. In the Script Name field type the full network path and filename of the script .bat file you create in steps 3 and 4.
11. Click Ok.
12. Close the GPMC.
13. Run the gpupdate /force in command prompt to refresh the group policy.

 The application should be installed on startup. The client may not be fully functional until a reboot occurs.

Keywords: Forcepoint One Endpoint; DLP Endpoint; Triton AP-Endpoint; GPO; Deploying Endpoint; Endpoint Installation; Push Endpoint via GPO;