Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Export GYTPOL certificate

  1. Install GYTPOL Client for Windows manually from an elevated CMD.

    1. Please follow this user guide to see manual installation steps.

  2. Once GYTPOL client is installed, please open mmc from Run and add Certificates Snap-in using the file menu.

  1. When you click Add > choose Computer Account and click Next.

  2. Choose Local Computer and click Finish.

  3. Click OK on the Add or Remove Snap-ins window.

  4. In the Certificates console, browse to Trusted Publishers Certificates and look for GYTPOL LTD.

  5. Right click GYTPOL LTD All Tasks Export

Follow the Export Wizard with its defaults and save the file somewhere in your network. We will import it to our GPO created in the next steps, so keep in mind it should be accessible to your Domain Controller.

Creating the GPO

Create a folder named gytpol under your domains NETLOGON folder.

Replace domain.local with your domain name

Copy the MSI files only from GYTPOLs Client zip file into that folder

Download the gytpolClient_GPO.txt from https://gytpol.com/gpoScript and rename it to gytpolClient_GPO.ps1. Copy the gytpolClient_GPO.ps1 script to the Netlogon folder you created.

Go to your Group Policy Management Console (GPMC) → Forest → Domains → yourDomainName → Right click and select “Create a GPO in this domain, and link it here…

Name the GPO as GYTPOL Client Deployment (or any relevant name) → OK

Right click the policy you created Edit

Go to Computer Configuration → Preferences → Control Panel Settings → Scheduled Tasks → New → Immediate Task (At least Windows 7)

Task Properties:

General tab: Name the task “GYTPOL Client deploy”, run it under NT AUTHORITY\SYSTEM, check Run with highest privileges and select the Hidden check boxes.


Actions tab: click New.

Under Settings Program/Settings enter the following: c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Add arguments (optional): -executionpolicy remoteSigned -file \\yourDomainName\netlogon\gytpol\gytpolClient_GPO.ps1

Conditions tab: check Wake the computer to run this task


Settings tab: Set the options as shown

Common tab: leave default settings

Click OK to close the task scheduler properties

Adding the Certificate to our GPO

  1. Browse to Computer Configuration Policies → Windows Settings → Security Settings → Public Key Policies → Trusted Publishers

  2. R. click on Trusted Publishers Import

  3. Browse to the location where the exported certificate is stored and import it to the Certificate Import Wizard

  4. Follow the Wizard with its defaults and the certificate will be shown in the Trusted Publishers folder in GPMC:

Close the GPO window and go back to the Group Policy Management Console (GPMC) → right click on the GYTPOL Client Deployment object → click Enforced and make sure this is what you see:

Once the GPO is refreshed on the PC/Server it will run the task and you should start seeing new devices added to the Dashboard.

You can manually test the policy by running gpupdate /force from an elevated Command Prompt and check if Powershell.exe executes and msiexec.exe is also running.

  • No labels