EDR: How to perform a GPO Deployment for EDR Sensors
search cancel

EDR: How to perform a GPO Deployment for EDR Sensors

book

Article ID: 292462

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To deploy the EDR Sensor via GPO.

Environment

  • EDR Sensor
  • Microsoft Windows: All Supported Versions

Resolution

  1. Downloaded the CarbonBlackGPOInstaller-X.X.X.XXXXX-<SensorGroupName> file from the EDR Server. 
  2. Extract the contents of the CarbonBlackGPOInstaller-X.X.X.XXXXX-<SensorGroupName> file to a network share/shared folder.
  3. In the Group Policy Objects interface, right-click > New 
  4. Name the new GPO 
  5. Right-click the GPO > Edit 
  6. Select Computer Configuration > Policies > Software Settings > Software Installations 
  7. Right-click Software Installations > New > Package > Browse to location of the cbsetup.msi > Select > Open 
  8. The Deploy Software box will pop up. Select > Advanced > OK 
  9. Add the relevant Group/OU/Computer within "Security Filtering" 
  10. Link the GPO created 
  11. Select the GPO > Select the "Details" tab and ensure the "GPO Status" is set to "Enabled"
  12. On the client machine run:
gpupdate /force /boot

Additional Information

  • If the endpoint is removed from the "Security Filtering" within the GPO, once the endpoint updates its GPO again, it will uninstall the EDR Sensor.
  • If that is not desired, skip step 9.
  • This way, if the machine is removed from "Security Filtering", it will not automatically uninstall the EDR Sensor.
  • Please test before deployment.
Powered by Wolken Software