• Final

    • Deploying GYTPOL Sensor via GPO

    Owned by Mark Zuk
    Last updated: Oct 01, 2024
    4 min read

    Export GYTPOL certificate

    1. Install GYTPOL Sensor for Windows manually from an elevated CMD.

      1. Please follow this user guide to see manual installation steps.

    2. Once GYTPOL Sensor is installed, please open mmc from Run and add Certificates Snap-in using the file menu.

     

    1. When you click Add > choose Computer Account and click Next.

    2. Choose Local Computer and click Finish.

    3. Click OK on the Add or Remove Snap-ins window.

    4. In the Certificates console, browse to Trusted Publishers Certificates and look for GYTPOL LTD.

    5. Right click GYTPOL LTD All Tasks Export

    Follow the Export Wizard with its defaults and save the file somewhere in your network. We will import it to our GPO created in the next steps, so keep in mind it should be accessible to your Domain Controller.

    Creating the GPO

     

    Create a folder named gytpol under your domains NETLOGON folder.

    Replace domain.local with your domain name

    Copy the MSI files only from GYTPOLs Sensor zip file into that folder

    Download the gytpolClient_GPO.txt from https://gytpol.com/gpoScript and rename it to gytpolClient_GPO.ps1. Copy the gytpolClient_GPO.ps1 script to the Netlogon folder you created.

    Go to your Group Policy Management Console (GPMC) → Forest → Domains → yourDomainName → Right click and select “Create a GPO in this domain, and link it here…

    Name the GPO as GYTPOL Sensor Deployment (or any relevant name) → OK

    Right click the policy you created Edit

     

    Go to Computer Configuration → Preferences → Control Panel Settings → Scheduled Tasks → New → Immediate Task (At least Windows 7)

    Task Properties:

    General tab: Name the task “GYTPOL Sensor deploy”, run it under NT AUTHORITY\SYSTEM, check Run with highest privileges and select the Hidden check boxes.



    Actions tab: click New.

     

    Under Settings Program/Settings enter the following: c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

     

    Add arguments (optional): -executionpolicy remoteSigned -file \\yourDomainName\netlogon\gytpol\gytpolClient_GPO.ps1

    Conditions tab: check Wake the computer to run this task



    Settings tab: Set the options as shown

    Common tab: leave default settings

     

    Click OK to close the task scheduler properties

    Adding the Certificate to our GPO

    1. Browse to Computer Configuration Policies → Windows Settings → Security Settings → Public Key Policies → Trusted Publishers

    2. R. click on Trusted Publishers Import

    3. Browse to the location where the exported certificate is stored and import it to the Certificate Import Wizard

    4. Follow the Wizard with its defaults and the certificate will be shown in the Trusted Publishers folder in GPMC:

     

    Close the GPO window and go back to the Group Policy Management Console (GPMC) → right click on the GYTPOL Sensor Deployment object → click Enforced and make sure this is what you see:

    Once the GPO is refreshed on the PC/Server it will run the task and you should start seeing new devices added to the Dashboard.

    You can manually test the policy by running gpupdate /force from an elevated Command Prompt and check if Powershell.exe executes and msiexec.exe is also running.