Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
_heading=h.28h4qwu
_heading=h.28h4qwu
Export GYTPOL certificate

...

Easy heading
linkText4
linkText10
linkText3
linkText6
linkText5
relatedLinksLabels
linkText2
linkText1
headingTagsH1,H2,H3
sidebarMaxHeight450
linkType2Page
linkType3Page
linkType1Page
linkType10Page
sidebarTitleON THIS PAGE
linkUrl3
linkUrl4
linkUrl1
linkUrl2
linkUrl10
includedPageModeDisable_Included_Pages
linkText8
linkText7
relatedLinksOrderLabels_First
sidebarModeOpened
headingNumberingModeDisable_Numbering
linkText9
sidebarMarginRight20
relatedLinksTargetNew_Window
relatedLinksTitleRELATED LINKS
linkUrl9
linkUrl7
linkUrl8
numberedHeadingTagsH1,H2,H3
linkUrl5
linkUrl6
linkType8Page
linkType9Page
linkType6Page
headingLinkTextModeWrap
linkType7Page
linkType4Page
linkType5Page
sidebarWidth240
sidebarTop160
headingLinkExpandModeCollapse_All_By_Default
headingLinkIndent10
  1. Install GYTPOL Sensor for Windows manually from an elevated CMD.

    1. Please follow this user guide to see manual installation steps.

  2. Once GYTPOL client Sensor is installed, please open mmc from Run and add Certificates Snap-in using the file menu.

...

Follow the Export Wizard with its defaults and save the file somewhere in your network. We will import it to our GPO created in the next steps, so keep in mind it should be accessible to your Domain Controller.

Creating the GPO

Create a folder named gytpol under your domains NETLOGON folder.

...

Copy the MSI files only from GYTPOLs Client Sensor zip file into that folder

...

Download the gytpolClient_GPO.txt from https://gytpol.com/gpoScript and rename it to gytpolClient_GPO.ps1. Copy the gytpolClient_GPO.ps1 script sent you by the GYTPOL team under that folder (if not sent, please contact support@gytpol.com)to the Netlogon folder you created.

Go to your Group Policy Management Console (GPMC) → Forest → Domains → yourDomainName → Right click and select “Create a GPO in this domain, and link it here…

...

Name the GPO as GYTPOL Client Sensor Deployment (or any relevant name) → OK

...

Go to Computer Configuration → Preferences → Control Panel Settings → Scheduled Tasks → New → Immediate Task (At least Windows 7)

...

Task Properties:

General tab: Name the task “GYTPOL Client Sensor deploy”, run it under NT AUTHORITY\SYSTEM, check Run with highest privileges and select the Hidden check boxes.

...

Click OK to close the task scheduler properties

Adding the Certificate to our GPO

  1. Browse to Computer Configuration Policies → Windows Settings → Security Settings → Public Key Policies → Trusted Publishers

  2. R. click on Trusted Publishers Import

  3. Browse to the location where the exported certificate is stored and import it to the Certificate Import Wizard

  4. Follow the Wizard with its defaults and the certificate will be shown in the Trusted Publishers folder in GPMC:

...

Close the GPO window and go back to the Group Policy Management Console (GPMC) → right click on the GYTPOL Client Sensor Deployment object → click Enforced and make sure this is what you see:

...