Installing SAF Beat Agent via Group Policy (GPO)
Open the Group Policy Management Console by running the command:
gpmc.msc
In the opened window, expand the following nodes in the console tree: Forest: <Forest Name> - Domains - <Your Domain>. Navigate to the Group Policy Objects section and create a new object named SAFBeat.
Next, in the Group Policy Management snap-in, select the previously created SAFBeat object, right-click it, and choose Edit. This will open the Group Policy Management Editor.
In the Group Policy Management Editor, navigate to: User Configuration - Policies - Software Settings - Software Installation. Right-click the Software Installation node and select: New - Package.
Before creating the package, ensure the checkbox Make this 32-bit x86 application available to Win64 machines is enabled. To do this, right-click the Software Installation node and open its properties. If using the SAFBeat-x32.msi installer, leave the checkbox unchecked.
In the Open window that appears, select the .msi file that will be used to install the SAF Beat agent.
When specifying the installer file location, use a network path, and ensure the folder has shared access permissions.
Select the deployment method as Advanced.
In the Package Properties window, go to the Deployment tab and configure the settings as shown in the example below:
After applying the settings, click OK to save.
After making changes, the Group Policy Editor interface should look like this:
In the Group Policy Management snap-in console tree, select your domain, right-click it, and choose Link an Existing GPO from the context menu. Then, select the SAFBeat object from the list and click OK.
Go to the Group Policy Objects node, select the SAFBeat object, and open the Scope tab. In the Security Filtering section, add the users who should have the SAF Beat agent installed. Once configuration is complete, close the Group Policy Management window.
In the command prompt, run:
gpupdate /force
and restart the computer.
After rebooting, open Services and check the status of the SAFBeat service. Add ca-cert.pem to the folder where the SAFBeat agent is installed.
The location of ca-cert.pem in SAF Beat Manager is /app/SAFBeatManager/etc/ssl.
Next, proceed with Quiet installation. For details, refer to the corresponding section: Quiet installation.
Verify the manager:host parameter in config.yaml and update it if necessary to match the current SAF Beat Manager host address.