How to Deploy CYRISMA Agents via GPO
This guide outlines the steps for deploying the CYRISMA agent across all domain-managed machines in your environment using Group Policy Objects (GPO). By leveraging domain GPO, you can automate and streamline the installation process.
Written by Chris Zator
Updated at February 14th, 2025
- User Manual
- Agents
- The Cyber Risk Assessment Process
- API Documents
- General Questions and Troubleshooting
- The Cyber Risk Assessment Process (Video Tutorials)
- Sales and Prospecting Articles
- CYRISMA Partner Portal Access
- Glossary
- CYRISMA Change Log
- Support Ticket SLA
- Onboarding Framework
- PSA Integrations
- Billing Questions
- Self Onboarding Guide
Table of Contents
Step-by-Step Deployment Guide
1. Prepare the Netlogon Folder
- On a Domain Controller, navigate to the Netlogon folder.
- Create a new folder named CYRISMA.
- Ensure this folder replicates across all domain controllers in the network.
2. Add the CYRISMA Installer
- Download the
CYRISMA_Setup.exefrom the CYRISMA portal. - Place the downloaded executable in the CYRISMA folder under Netlogon.
3. Create the Installation Script
- In the CYRISMA folder, create a batch file named
cyrisma_install.cmd. - Use the following template for the script:
REM ******* Check if CYRISMA Agent is Already Installed *******
for /F "tokens=3 delims=: " %%H in ('sc query "cyrisma_agent" ^| findstr "STATE"') do (
if /I "%%H" NEQ "RUNNING" (
copy \\[dcServerName]\netlogon\CYRISMA\CYRISMA_Setup.exe %temp%
%temp%\CYRISMA_Setup.exe /verysilent /key=XXXX-XXXX /url=https://ccXXXXX.cyrisma.com
)
)
- Replace the placeholders:
-
[dcServerName]: Replace with your domain controller's server name. -
XXXX-XXXX: Replace with your CYRISMA license key. -
https://ccXXXXX.cyrisma.com: Replace with your CYRISMA portal URL.
-
4. Create a Group Policy Object (GPO)
- Log in to the Domain Controller.
- Open Group Policy Management.
- Create a new GPO named CYRISMA Deployment at the root of the domain.
5. Configure GPO Permissions
- Assign Authenticated Users or the designated group Read and Execute rights to the new GPO.
6. Add the Batch File to the GPO
- Open the newly created GPO for editing:
- Navigate to User Configuration > Policies > Windows Settings.
- Select Scripts (Logon/Logoff) and double-click Logon in the right pane.
- In the Logon Properties window:
- Click Add, then browse to the location of the batch file created in Step 3:
\\[dcServerName]\Netlogon\CYRISMA\cyrisma_install.cmd
- Select the batch file, click Open, and then click OK.
- Click Add, then browse to the location of the batch file created in Step 3:
- Click Apply and OK to save the configuration.
Verification Steps
Replicate GPO Across Domain Controllers:
- Use the command
gpupdate /forceto ensure the new GPO is applied across all domain controllers.
Test Installation:
- Log in to a domain-managed machine and verify that the CYRISMA agent is installed and running by checking for the CYRISMA service.
Monitor Logs:
- Review logs to confirm successful installation or troubleshoot any errors.
Key Notes
- Replication: Ensure the CYRISMA folder replicates properly across all domain controllers.
- Permissions: Verify that all authenticated users or specific deployment groups have the necessary permissions.
- Batch File Updates: Update the batch file if the installer location, license key, or URL changes.
- Maintenance: Renew or update the license key and URL as needed to avoid disruptions.
By following this guide, you can successfully deploy the CYRISMA agent across your domain-managed machines, ensuring consistent security and compliance monitoring.
Deployment Guide
For detailed instructions on how to deploy CYRISMA Agents via GPO, please refer to the comprehensive guide linked below:
Download the CYRISMA Agent GPO Deployment Guid