Skip to main content

Configuring a group policy for unattended software installation

The following steps outline the general procedure for configuring a group policy to deploy an installer package to computers in a domain (see your Windows help for more information). You must perform these steps using administrator privileges:

The following steps are for Active Directory 2019, installed on Windows Server 2019 Datacenter. Details may vary depending on your version of Windows.

  1. Log into a domain controller.

  2. Copy the installer package and any transform files you have created to a shared folder with access granted to all target machines.

  3. Launch Server Manager.

  4. Click Tools > Group Policy Management.

  5. If necessary, create a new group policy. To do this, right click on the container where you wish to create the group policy; for example, the container in which the computers reside.

  6. Select Create a GPO in this domain, and Link it here... , and type a unique name for the policy. For example, Bravura Security software policy.

  7. Click OK.

  8. Ensure the group policy is applied only to the appropriate users, computers, or groups:

    1. On the left hand side, select the policy you just created. You may need to expand the tree before you can view the new policy.

    2. Select the Delegation tab.

    3. Click the Advanced… button.

    4. Select the Authenticated Users group.

      Under the permissions for this group, clear the Allow checkbox for the Apply Group Policy permission.

    5. Click Add, type name of the users, computers, or groups to add, then click OK.

    6. Select each user, computer, or group for which you want to apply the group policy. Under the permissions for this object, select the Allow checkbox for the Apply Group Policy permission.

    7. Click OK to return to the Group Policy Management snap-in.

  9. Select the group policy you want to modify, then click Edit… .

    The Group Policy Management Editor snap-in displays.

  10. Expand Computer Configuration > Policies > Software Settings.

  11. Right-click Software installation and select New > Package….

    The Open dialog box appears.

  12. Browse to the shared folder (UNC path) where you copied the MSI, select the file, then click Open.

    The Deploy Software dialog appears.

  13. Choose Advanced, then click OK.

    The properties dialog for the package appears.

  14. Select the Modifications tab. Click Add. In the Open dialog box, browse to the transform file ( .mst), then click Open.

  15. Click OK.

    The package is assigned immediately. The installation is performed when it is safe to do so, typically when the computer starts up.

  16. Close the Group Policy Management Editor and the Group Policy Management snap-in.

In this section: