Trying to install by GPO CarbonBlack but it doesn't work,
I am following their procedure:
To deploy sensors using Group Policy:
1. Click Start > Administrative Tools > Group Policy Management.
2. Go to Forest: YOURDOMAIN > Domains > YOURDOMAIN > Group Policy Objects.
3. Right-click the Group Policy Objects folder and click New.
4. Type a name for the new Group Policy Object (GPO).
5. In the Group Policy Objects folder, click the new GPO.
6. In the bottom right pane, remove the Authenticated Users entry from the Security
7. To deploy the sensors on specific computers only, add all of the specific computer
names that you want the sensor to be deployed on. To deploy sensors on all
computers in the domain, add the group "Domain Computers". Right-click the
YOURDOMAIN folder in the Navigation pane. Click Link an existing GPO. Click the new
GPO and click OK.
8. Right-click the GPO in the Group Policy Objects folder and click Edit.
9. In the new window, go to Computer Configuration > Policies > Software Settings >
Software installations. Right-click inside the empty pane on the right and go to New
> Software Package. In the new window that appears, go to the share that you
created earlier (\\YOURSERVERNAME\FOLDERNAME).
10. Under Deployment method, click Advanced.
11. Add an easily identifiable package name (for example, DefenseSensor32).
12. For a 32-bit .msi file only, in the Deployment tab, click Advanced and deselect Make
this 32-bit x86 application available to Win64 machines. Click OK.
13. Click the Modifications tab and click Add.
14. Select the .mst file that you created in the previous procedure.
15. Save your changes.
Chapter 3: Deploy and Manage Sensors
Cb Defense User Guide v2.2.2 34
16. Deploy sensors: if you use a script to force a reboot to update the policy objects, run
17. To verify that sensors are deploying correctly, check the console periodically to verify
that sensor information is populating and that the sensors are checking in regularly.
I see in gpresult /R that the strategie is there
The files are located on a share on my file server and the permissions are everyone read on the share and everyone read in the Security
But in even viewer system I get:
event id 108 %%1612
event id 303 successfull
event id 102 failed %%1612
event id 301 successfull
I also tried putting it in the gpo under Users instead of Computers same thing.
I don't know why the procedure ask to remove in step 6 the permissions also... And why under Computer instead of Users?