Environment
- EDR Sensor
- Microsoft Windows: All Supported Versions
Objective
To deploy the EDR Sensor via GPO.
Resolution
- Downloaded the CarbonBlackGPOInstaller-X.X.X.XXXXX-<SensorGroupName> file from the EDR Server.
- Extract the contents of the CarbonBlackGPOInstaller-X.X.X.XXXXX-<SensorGroupName> file to a network share/shared folder.
- In the Group Policy Objects interface, right-click > New
- Name the new GPO
- Right-click the GPO > Edit
- Select Computer Configuration > Policies > Software Settings > Software Installations
- Right-click Software Installations > New > Package > Browse to location of the cbsetup.msi > Select > Open
- The Deploy Software box will pop up. Select > Advanced > OK
- Add the relevant Group/OU/Computer within "Security Filtering"
- Link the GPO created
- Select the GPO > Select the "Details" tab and ensure the "GPO Status" is set to "Enabled"
- On the client machine run:
gpupdate /force /boot
Additional Notes
- If the endpoint is removed from the "Security Filtering" within the GPO, once the endpoint updates its GPO again, it will uninstall the EDR Sensor.
- If that is not desired, skip step 9.
- This way, if the machine is removed from "Security Filtering", it will not automatically uninstall the EDR Sensor.
- Please test before deployment.
