How to install the Unified Agent through Group Policy.
search cancel

How to install the Unified Agent through Group Policy.


Article ID: 166416


Updated On:


CDP Integration Server


How do I use Windows Group Policy (GPO) to install the Unified Agent on client systems?



  • Windows 2008, or Windows 2012 domain controller
  • DNS server
  • Windows workstation, such as Windows 7, Windows 8 or higher
  • Target workstation must have the Entrust Root CA (2048) installed or else installation might fail.
  • AD and DNS, including the DNS lookup of the AD domain controller, must all be functioning properly.
  • Verify the workstation can resolve the name of the AD server that contains the client library.
  • NOTE:  If you need to add command line parameters, this installation method will not work for you.


How to install the Unified Agent via GPO

  1. From the domain controller or from a server on the network, access the ThreatPulse portal at
  2. Select (Service mode > Network > Mobility and download the Windows client(s).
  3. If the location of the file is not a Windows share, create a share. Verify that the directory and files have Read and Read and Execute file system rights.
  4. On the domain controller, go to Start > Control Panel > Administrative Tools > Active Directory Users and Computers.
  5. Right-click the domain and select Properties.
  6. On the Group Policy tab click New.  Name the policy, such as InstallCloudClientMSI.  Highlight the new GPO object and click Edit.
  7. Go to Computer Configuration > Software Settings > Software installation.  Right-click Software Installation and select New > Package.  (Note:  Verify that you have a valid UNC path.  Click My Network Places > Entire Network > Microsoft Windows Network > The domain the server is located > Server name > Share name that has the client binary > Select the binary.)  For Deployment method, select Assigned and click OK.  If your new policy is not visible, right-click Software installation and select Refresh
  8. If the workstation properly joins the domain, the client installs on the second reboot (it reads the policy on the first bootup) and executes policy.  The workstation installs the client and reboots once more.
  9. Test.


Removing the client via GPO

To remove the client, go to the location in policy where the client is pushed and remove the installer.  Some settings ask if you want to leave the application installed or to remove it.  To remove, select the remove option.


Additional resources and information

The information contained in this document came from and is provided "as is" and is subject to change.


*Please note:

  • Windows 7 will no longer be supported with Unified Agent after end of life on January 14, 2020
  • Windows 7 and earlier is not supported with WSS Agent.