Deploying the Datto Endpoint Security agent via Group Policy Object (GPO)

NAVIGATION > Organizations > select an organization > select a location > > Download Agent

SECURITY Datto EDR subscription with administrator-level platform access or Datto AV subscription with administrator-level platform access

SECURITY Service account or administrator-level rights on the target endpoint

This article describes the process for deploying the Endpoint Security agent via Group Policy Object (GPO). If you are directly installing the Endpoint Security agent on an endpoint, refer to Deploying the Datto Endpoint Security agent.

NOTE Datto AV protection is delivered by the Datto Endpoint Security agent and is managed from the Policies page.

Prerequisites

Before you begin, we need to understand your current environment and what you'd like to do.

If you're a Datto EDR or Datto AV customer deploying the Endpoint Security agent to endpoints that currently don't have it, proceed to the next section of this article.
If you're a Datto EDR or Datto AV customer seeking to enable AV protection on one or more endpoints where the Endpoint Security agent is present, you do not need to redeploy any software. Refer to our Working with the Policies page article.

System requirements

Windows Server 2012 R2 or greater
Domain Administrator account
Microsoft Windows endpoint
install_agent.bat download from our Github page
Optional: A registration key to assign your agents to a location and automatically authorize them

Create the batch file

Navigate to our Github example Install Agent bat file and copy the code to a text editor.
Save the file as install_agent.bat.

IMPORTANT If you use Notepad, ensure that it doesn't save the file as install_agent.bat.txt.
Open the file in a text editor and set the instancename value to your instance name. For example, if you log in to alpha.infocyte.com, then your instancename should be set to alpha, as shown below.

set instancename=alpha

If you have a registration key, you can use the regkey variable. If you are not planning on using a registration key, you can leave it blank (not recommended). For more information, refer to Assigning agents to a location.
```
set regkey=myregkey123
```
Save the .bat file in your \\domainname\sysvol\domainname\scripts directory or in a shared folder to which all devices have access.

Create the GPO file

In Windows Server, navigate to Server Manager > Tools > Group Policy Management.
From the Group Policy Management Console, select your domain and click Group Policy Objects.
Right-click Group Policy Objects and select New.
In the Name field, enter Install HUNT Agent and click OK.
Right-click the new GPO and click Edit.
In the Group Policy Management Editor window, click Computer Configuration > Policies > Windows Settings > Scripts. Then, double-click Startup.
On the Scripts tab of the Startup Properties box, and click Show Files.
Click Add.
Click Browse and select the file install_agent.bat.
Click OK.
Find the domain or OU that you wish to link to the newly created GPO.
Right-click it and select Link an Existing GPO.
Click OK. Your script should now run and install the agent on all machines in the selected group.

Wrapping up

If this agent deployment is for or will include Datto AV service, proceed to our Working with the Policies page article to continue.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.