Introduction
...
Ensure that the following GYTPOL requirements are satisfied before initiating the installation of the GYTPOL Validator software:
Server Sizing – Determine appropriate sizing based on the number of users and reporting computers. OS – Verify compatibility with the GYTPOL dsRequester server.
Users and Groups – Validate configurations in Active Directory and the GYTPOL dsRequester server for seamless integration.
Ports – Confirm that the required ports are open on both the server and client sides to facilitate proper communication.
Antivirus – Take precautions to prevent any interference from antivirus software that could impede the GYTPOL Validator's correct execution.
...
Server Sizing
A dedicated server is not mandatory; any existing server can be utilized.
...
Refer to the table to configure the permissions for both the user and the group (consult the hyperlinks for detailed instructions):
Type | Name | Permission set |
AD User | GytpolSvc | Domain level: Member of Domain Group: “Performance Log Users” |
GYTPOL Server local settings:
|
Follow the How to Test Permissions instructions.
Ports
From | To | Port number | Purpose |
GYTPOL dsRequester server | DC’s | 389, 9389, 636, 135, 138-139, 445, 464, 53, 3268, 3269 + Dynamic ports (49152-65535) | Group Policy PowerShell queries + Group Policy modeling queries |
GYTPOL dsRequester server | GYTPOL AWS Cloud During the onboarding process, GYTPOL team will supply the URLs for reference. | 443 | Group Policy PowerShell reporting + Group Policy modeling reporting |
Antivirus
If whitelisting is required, ensure that the following paths and their subfolders and files are included:
...
Within the Windows PowerShell window, input the following command: $PSVersionTable.PSVersion
...
Ensure that the Major version is set to 5 or above, and the Minor version is set to 1 or above by checking the output of the
$PSVersionTable.PSVersioncommand.
...
In the same PowerShell window, enter the following command:
Get-ExecutionPolicy -List. Confirm that the PowerShell scripts are not set to "Restricted" in any of its categories. The desired results include "RemoteSigned", "AllSigned", or "Undefined" for the execution policies.
...
Include the GYTPOL user in the Domain group "Performance Log Users"
...
Open the command prompt on the GYTPOL dsRequester server.
Type
lusrmgr.mscand press ENTER.In the left pane, select "Groups."
In the right pane, double-click on "Administrators."
...
Click “Add...”
...
Ensure that "From this location" is configured to the domain name rather than the GYTPOL dsRequester server.
Confirm that "From this location" is set to the domain name.
In the "Enter the object names to select" field, type
gytpoSvc.Click on "Check Names" and wait until you see the name underlined and associated with the domain name.
Press OK to complete the addition of the specified user (
gytpoSvc) to the local Administrators group.
...
To verify the setting, execute the following command in PowerShell as an Administrator. The expected output should be 0:
...
(Get-ItemProperty
...
-Path
...
"HKLM:\SYSTEM\CurrentControlSet\Control\Lsa"
...
-Name
...
disabledomaincreds
...
-ErrorAction
...
Stop).disabledomaincreds
This PowerShell command retrieves and displays the value of the "disableDomainCreds" registry key under the specified path. If the output is 0, it confirms that the setting is disabled.
...
Windows Features installation
...
Pay attention to the results:
Red X sign (error): Indicates a critical error that requires resolution before proceeding with the installation. Hover over the question mark (?) for guidance on the necessary actions.
Yellow Exclamation mark (warning): Represents a failed check that is not critical for immediate resolution. However, consider addressing warnings for optimal performance.
Defender icon: Denotes a successful check, confirming that the specific aspect has passed verification.
...