Windows Server 2012 R2 includes a feature called Software Installation and Maintenance that
AD DS, Group Policy, and the Windows Installer service use to install, maintain, and remove the
software from your organization’s computers.
Setting up a share:
The first step to distributing any software across a network is to provide a shared location from
which clients can access the software setup files. If there is not already a shared folder set up
for this purpose then one can be created in the following manner:
1. Create a folder in a suitable location with a suitable name ‘Shared folder’
2. Right-click on the new folder and select Properties
3. In the properties dialog select the ‘Sharing’ tab and then click on ‘Advanced Sharing…
4. Tick ‘Share this folder’ and then click on the ‘Permissions’ button
5. Add the ‘Read’ permission to users or groups that should be able to install the software.
6. ‘OK’ all of the dialogs and open the new folder in Windows Explorer.
7. Create any further folders desired to make it easier to manage the file system.
8. Now you copy the desired window installer in this folder and use this folder path in GPO
while distributing the software through Group Policies.
Setting up a GPO:
Let's go through the step on how we can deploy EDR agents to our infrastructure using GPO.
1. In your Domain Server, open Server Manager, click Tools and open Group Policy
Management.
2. In the Group Policy Management console, right-click the domain name (which is, in this
case, osi.com.my), and click Create a GPO in this domain, and link it here.
3. In the New GPO box, in the Name box, type Deploy EDR Agent, and then click OK.
4. Next, on the Group Policy Management console, right-click Deploy EDR GPO and click
Edit.
5. In the Group Policy Management Editor, under Computer Configuration, expand Policies,
and then expand Software Settings.
6. Right-click Software installation. From the context menu, click New, and then click
Package.
7. In Open dialog box, browse to the shared folder and click on
Setup.MBEndpointAgent.msi, and then click Open.
8. In the Deploy Software window, ensure that the Assigned option is selected, and then
click OK.
9. Wait for a few seconds and verify that the Malwarebytes Agent is listed in the Group
Policy Management Editor.
10. Now let's switch to our Windows client PC, we do recommend that you run gpupdate
/boot /force in the client PC and then restart the client PC.
11. After restarting your client PC and logging in as a domain user, you can verify that
Malwarebytes Agent is installed.