Installing SAF Beat Agent via Group Policy (GPO)
Open the Group Policy Management Console by running the command:
gpmc.msc
In the opened window, expand the following nodes in the console tree: Forest: <Forest Name>
- Domains
- <Your Domain>
. Navigate to the Group Policy Objects section and create a new object named SAFBeat
.
Next, in the Group Policy Management
snap-in, select the previously created SAFBeat
object, right-click it, and choose Edit
. This will open the Group Policy Management Editor.
In the Group Policy Management Editor, navigate to: User Configuration
- Policies
- Software Settings
- Software Installation
. Right-click the Software Installation node and select: New
- Package
.
Before creating the package, ensure the checkbox Make this 32-bit x86 application available to Win64 machines
is enabled. To do this, right-click the Software Installation node and open its properties. If using the SAFBeat-x32.msi
installer, leave the checkbox unchecked.
In the Open window that appears, select the .msi
file that will be used to install the SAF Beat agent.
When specifying the installer file location, use a network path, and ensure the folder has shared access permissions.
Select the deployment method as Advanced
.
In the Package Properties window, go to the Deployment tab and configure the settings as shown in the example below:
After applying the settings, click OK
to save.
After making changes, the Group Policy Editor interface should look like this:
In the Group Policy Management
snap-in console tree, select your domain, right-click it, and choose Link an Existing GPO
from the context menu. Then, select the SAFBeat object from the list and click OK
.
Go to the Group Policy Objects
node, select the SAFBeat object, and open the Scope
tab. In the Security Filtering section, add the users who should have the SAF Beat agent installed. Once configuration is complete, close the Group Policy Management
window.
In the command prompt, run:
gpupdate /force
and restart the computer.
After rebooting, open Services and check the status of the SAFBeat service. Add ca-cert.pem
to the folder where the SAFBeat agent is installed.
The location of ca-cert.pem
in SAF Beat Manager is /app/SAFBeatManager/etc/ssl
.
Next, proceed with Quiet installation. For details, refer to the corresponding section: Quiet installation.
Verify the manager:host
parameter in config.yaml
and update it if necessary to match the current SAF Beat Manager host address.