[KB6864] Deploy ESET Management Agent using Group Policy Object (Windows)

Issue

• Deploy ESET Management Agent using Group Policy Object (GPO) in enterprise environments or environments with a high number of client computers
• Create and download the ESET Management Agent installer file in ESET PROTECT or ESET PROTECT On-Prem
• Deploy ESET Management Agent using GPO
• Update ESET Management Agent using GPO

Solution

Create and download the ESET Management Agent installer file in ESET PROTECT or ESET PROTECT On-Prem

Create the installer file and a configuration script containing the parameters for the ESET Management Agent to communicate with ESET PROTECT or ESET PROTECT On-Prem Server, which will be used during ESET Management Agent deployment.

1. Open the ESET PROTECT Web Console.

2. Click Installers → Add.

   

3. Click Windows and in the Distribution list, select Use GPO or SCCM for deployment. Edit Server hostname, Port and certificates if you need to change the automatically pre-filled values based on your ESET PROTECT or ESET PROTECT On-Prem Server configuration. Click Finish.

   

4. Click the GPO/SCCM configuration script icon to download the install_config.ini and click your preferred ESET Management Agent version to download the correct installer file. When the downloads are complete, click Finish. Alternatively, you can download the ESET Management Agent installer .msi file from the ESET download page.

   

5. Save the Agent installer file and the install_config.ini file to a shared folder on the domain controller so all your client computers can access it with read and execute permissions.

Deploy ESET Management Agent using GPO

1. Open Group Policy Management. Press the Windows key + R, type gpmc.msc, and click OK. If you do not have Group Policy Management installed, install Microsoft Group Policy Management Console (GPMC) on your Domain Controller server.

2. Create a new Group Policy Object (GPO). Click your domain Forest → Domains → your domain. Right-click Group Policy Objects and click New.

   

3. Type a name for the new GPO into the Name field (for example, ESET Agent deployment) and click OK.

   

4. Right-click the newly created GPO and click Edit.

   

5. In the Group Policy Management Editor window, expand Policies → Administrative Templates: Policy definitions (ADMX files) retrieved from the local computer → System and click Logon. Double-click Always wait for the network at computer startup and logon.

   

6. Select Enabled and click OK.

   

7. In the Group Policy Management Editor window, click Group Policy and double-click Specify startup policy processing wait time.

   

8. Select Enabled. You can change the pre-defined Amount of time to wait from the 120 seconds, but we recommend at least 30 seconds. Click OK.

   

9. In the Group Policy Management window, right-click your domain and click Link an Existing GPO.

   

10. In the Group Policy objects list select the new GPO you created and click OK.

    

11. Right-click the new GPO and click Edit.

    

12. In the Group Policy Management Editor window, expand Policies → Software settings. Right-click Software installation and click New → Package.

    

13. Navigate to the location where you saved the Agent installer file and the install_config.ini file. Type the full Universal Naming Convention (UNC) path of the shared folder, select the ESET Management Agent package, and click Open. See the example below:

    \\DCWIN2025\shared\ESET Management Agent installer\agent_x64.msi

    

14. Ensure Assigned is selected and click OK.

    

    ---

    If you are deploying both 64-bit and 32-bit ESET Management Agents, click here

    
    If you are deploying both 64-bit and 32-bit ESET Management Agents, follow steps 12–14 above for the other ESET Management Agent installer file (agent_x64.msi or agent_x86.msi) and then continue.

    1. Right-click the 32-bit installer file (agent_x86.msi) and click Properties.

       

    2. Click Deployment → Advanced.

       

    3. Deselect the check box next to Make this 32-bit X86 application available to Win64 machines and click OK → OK.

       

    ---

15. In the Group Policy Management window, click the new GPO. In the Security Filtering list select Authenticated Users and click Remove → OK.

    

16. Click OK.

    

17. Assign the new GPO to client computers:

    • Assign the new GPO to all Domain computers: Click Add, type domain computers, and click OK.

      

    • Assign the new GPO to selected computers only:

      1. Click Add → Object Types, ensure the only selected check box is next to Computers, and click OK.

         

      2. Type the name of the computer and click OK.

         

18. The new GPO is now assigned to the selected computers. When the chosen computers start, ESET Management Agent will be automatically installed.

    

See the Microsoft Knowledgebase for more information about using Group Policy to remotely install software.

Update ESET Management Agent using GPO

1. Download the latest version of ESET Management Agent.

2. Create a new shared folder at a shared location that can be accessed by domain computers (for example, ESET Management Agent version xx). Move the new ESET Management Agent installer file and install_config.ini file to the new folder.

3. Follow steps 12–14 above to add a new installation package. Select the location that uses the latest version of ESET Management Agent.

4. When you add a new installation package, GPO automatically detects the installer's version number. To confirm that the latest installation package upgrades the earlier version, double-click the latest installation package, click Upgrade, and verify that the earlier installation package name is listed.