The installation of the Lumu Agent for Windows is simple and straightforward. This article describes how to deploy the Windows Agent quickly to your entire user population through Group Policy Objects (GPO) in a Windows Server.
Requirements
- Active Directory configured on a Windows Server.
- The Windows devices to which you want to deploy the Lumu agent are members of your existing Windows Active Directory domain.
This document was created using Windows Server 2016 and Windows 10 Enterprise.
Download the Installation File
To download the agent file for online installation on Windows, go to the Lumu Portal, navigate to the Agents menu, , then click to download agent, select the “Windows” option and select the offline installer of your choice based on the needs of your deployment.
Lumu Agent for Windows installers
Save the Agent installer file to a network shared folder accessible by all the endpoints you are deploying to (at least read access).
Make sure that all devices to which you are deploying the agent have access to this network shared location.
The following procedures should be performed for
each group you create in the Lumu Portal, as each group has a unique activation code.
Create a GPO
To create or modify an existing Group Policy Object (GPO) to distribute the Lumu Agent, go to the Windows Server Manager, then navigate to “Tools” > “Group Policy Manager”.
Windows Server Manager Dashboard
Navigate to your target domain, right-click “Group Policy Objects” and select New. Type a name for this new policy, and then press “OK”.
Group Policy Management
Link your new GPO to the domain that contains the group of devices to which you wish to have the policies applied. For this, right-click your domain in the left pane of the “Group Policy Management”, choose “Link an Existing GPO…”, select the GPO you created in the previous step and click “OK” to complete the process.
Linking an existing GPO
Add the devices to which you want to deploy the Lumu Agent in the “Security Filtering” section. Ensure that each GPO contains only the Windows devices related to the group you created in the Lumu Portal. You are not required to add users, only devices.
GPO Security Filtering
Installation Script
You can choose to deploy the Lumu Agent using GPO from the .exe or .msi installation file. We provide both scripts below.
Make sure to edit the following variables:
- “ActivationCode” - add the corresponding activation code of the installation group you created in the Lumu Portal. Example: set ActivationCode="saf4B4G0"
- “LumuShare” - the path where the Lumu Agent installation file you downloaded in step 1 (.exe or .msi) is located. Example: set LumuShare="\\192.168.1.135\lumu\lum_agent_offline.exe"
Script for .exe
Click here to download the .exe script file. Save the file with the extension .bat in a network shared folder accessible by all the endpoints.
Script for .msi
This installation type generates a log file “lumu-agent-installation-output.log” located at the “C:\Temp\” folder that can be useful for troubleshooting purposes.
Click here to download the .msi script file. Save the file with the extension .bat in a network shared folder accessible by all the endpoints.
- @echo off
- :: Set the activation code of the installation group
- set ActivationCode="<activation_code>"
- :: Set the shared path of the Agent installation file
- set LumuShare="<shared_path>"
- ::#####################################################################::
- ::################### Do not change the following lines ######################::
- ::#####################################################################::
- :: Lumu Service Name
- set LocalInstaller="C:\Temp\lum_agent_offline.msi"
- set AgentPath="C:\Program Files (x86)\Lumu\Agent\lumu-windows-agent.exe"
- :: Check if the installation file already exist, if not, copy it
- if not exist %LocalInstaller% (
- mkdir C:\Temp\
- copy %LumuShare% C:\Temp\ )
- :: Check if Lumu Agent is already installed, if not, install it with the defined activation code
- if not exist %AgentPath% (
- msiexec /i %LocalInstaller% /log "C:\Temp\lumu-agent-installation-output.log" /quiet WRAPPED_ARGUMENTS="/activationcode="%ActivationCode%" /acceptlicense=""true"" " )
Assign the script
The startup script option installs the Lumu Agent with administrative privileges before the boot process gets to the login screen.
To assign the installation script to users logging on to the defined workstations, go to the policy from step 2 and click to edit.
Edit the GPO
Navigate to “Computer Configuration” > “Policies” > “Windows Settings” > “Scripts (Startup/Shutdown)” then right-click in the “Startup” option to select “Properties”.
GPO Editor
Once in the startup properties, go to the “Scripts” tab, then click on “Show Files...” to display the directory where the script files are stored in the selected GPO. We recommend that you copy and paste the script .bat file (from step 3) to this directory. Example of path: \\lumu.loc\SysVol\lumu.loc\Policies\{B650E92A-ACC4}\Machine\Scripts\Startup
Startup Properties
In the next step, click to “Add” and then “Browse” to navigate to the “Show Files” directory and select the .bat file you pasted previously.
Assign installation script in the Startup Properties
Confirm all the following prompt windows to apply the changes to the GPO.
Startup Properties confirmation screen
The script will run, and the agent will be installed the next time the Windows computer starts.
It may take several minutes for the GPO / Active Directory replication to occur. This time frame may vary depending on the domain’s size and the time required for Active Directory replication.
You can follow the installations’ success by checking the devices listed on your Agents’ dashboard in the Lumu Portal.