How to Deploy CYRISMA Agents via GPO

This guide outlines the steps for deploying the CYRISMA agent across all domain-managed machines in your environment using Group Policy Objects (GPO). By leveraging domain GPO, you can automate and streamline the installation process.

Written by Chris Zator

Updated at February 14th, 2025

+ More

Table of Contents

Step-by-Step Deployment Guide 1. Prepare the Netlogon Folder 2. Add the CYRISMA Installer 3. Create the Installation Script 4. Create a Group Policy Object (GPO) 5. Configure GPO Permissions 6. Add the Batch File to the GPO Verification Steps Key Notes Deployment Guide

Step-by-Step Deployment Guide

1. Prepare the Netlogon Folder

On a Domain Controller, navigate to the Netlogon folder.
Create a new folder named CYRISMA.
Ensure this folder replicates across all domain controllers in the network.

2. Add the CYRISMA Installer

Download the CYRISMA_Setup.exe from the CYRISMA portal.
Place the downloaded executable in the CYRISMA folder under Netlogon.

3. Create the Installation Script

In the CYRISMA folder, create a batch file named cyrisma_install.cmd.
Use the following template for the script:

batch

REM ******* Check if CYRISMA Agent is Already Installed *******
for /F "tokens=3 delims=: " %%H in ('sc query "cyrisma_agent" ^| findstr "STATE"') do (
    if /I "%%H" NEQ "RUNNING" (
        copy \\[dcServerName]\netlogon\CYRISMA\CYRISMA_Setup.exe %temp%
        %temp%\CYRISMA_Setup.exe /verysilent /key=XXXX-XXXX /url=https://ccXXXXX.cyrisma.com
    )
)

Replace the placeholders:
- [dcServerName]: Replace with your domain controller's server name.
- XXXX-XXXX: Replace with your CYRISMA license key.
- https://ccXXXXX.cyrisma.com: Replace with your CYRISMA portal URL.

4. Create a Group Policy Object (GPO)

Log in to the Domain Controller.
Open Group Policy Management.
Create a new GPO named CYRISMA Deployment at the root of the domain.

5. Configure GPO Permissions

Assign Authenticated Users or the designated group Read and Execute rights to the new GPO.

6. Add the Batch File to the GPO

Open the newly created GPO for editing:
- Navigate to User Configuration > Policies > Windows Settings.
- Select Scripts (Logon/Logoff) and double-click Logon in the right pane.
In the Logon Properties window:
- Click Add, then browse to the location of the batch file created in Step 3:
  - \\[dcServerName]\Netlogon\CYRISMA\cyrisma_install.cmd
- Select the batch file, click Open, and then click OK.
Click Apply and OK to save the configuration.

Verification Steps

Replicate GPO Across Domain Controllers:

Use the command gpupdate /force to ensure the new GPO is applied across all domain controllers.

Test Installation:

Log in to a domain-managed machine and verify that the CYRISMA agent is installed and running by checking for the CYRISMA service.

Monitor Logs:

Review logs to confirm successful installation or troubleshoot any errors.

Key Notes

Replication: Ensure the CYRISMA folder replicates properly across all domain controllers.
Permissions: Verify that all authenticated users or specific deployment groups have the necessary permissions.
Batch File Updates: Update the batch file if the installer location, license key, or URL changes.
Maintenance: Renew or update the license key and URL as needed to avoid disruptions.

By following this guide, you can successfully deploy the CYRISMA agent across your domain-managed machines, ensuring consistent security and compliance monitoring.

Deployment Guide

For detailed instructions on how to deploy CYRISMA Agents via GPO, please refer to the comprehensive guide linked below:

Download the CYRISMA Agent GPO Deployment Guid

gpo deploy cyrisma agents agents installation script script group policy management