In an active directory environment, client application deployment is usually managed using a Group Policy Object (GPO). By default, GPO-based application deployment only supports MSI files and does not support EXE. However, in some cases we may need to deploy an EXE file to client systems. We can use the following method to achieve this goal.
Let us consider here an example of deploying Scridea Email Signature Manager Agent (sesm-agent.exe) via GPO. Here, SESM-Agent.exe is deployed to computers using a batch file added as a login script.
Step 1: Create a batch file.
- Copy the .exe file to a network share that is accessible to all domain users.
- Open Notepad.
- Enter the UNC path to the .exe file on the network share. (Example: \\server1\share1\sesm-agent.exe)
- Click on File -> Save As and enter the batch file name with the .bat extension. (Example: Loginscript.bat)
For better performance and security, exe files can be copied to a local folder and run from there. If you want to do it this way, the batch commands will look like the ones below. In this example the exe file is copied to the users’ temporary folder.
copy \server1\share1\sesm-agent.exe %temp%
%temp%\sesm-agent.exeStep 2: Add batch file to Active Directory GPO.
- On a Domain Controller server, click the Start button and select Group Policy Management under Windows Administrative Tools.
- Create a new GPO or edit an existing one.
To learn more about the Group Policy Object (GPO), see the Microsoft article:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-a-group-policy-object - Under User Configuration -> Policies -> Windows Settings, select Scripts (Logon/Logoff)
(Note: Scridea Email Signature Manager Agent needs to add the script as the user login script. If you are deploying another .exe file that you need to add as a startup script, add the batch file under Computer Configuration->Policies->Windows Settings-> Scripts (Startup/Shutdown)) - Double click on the Logon in the right pane.
- In the Logon Properties window, click Add, then click Browse.
- Copy the new batch file to the browse window.
- Select the copied batch file, click Open and then click OK.
- In the Logon Properties window, click Apply and then click OK.
Apply the GPO to the root domain or an OU. If you apply GPO to the OU, make sure all users are members of this OU.