Deploy LucidLink on Windows via Group Policy

  • Updated

To assist with mass deployment of the LucidLink Client across a large quantity of domain joined machines you can use an MSI image. This example uses group policy, however it could be extended by using System Center Configuration Manager or any other Windows deployment tool.

  1. The LucidLink installer download for 32-bit and 64-bit Windows contain an MSI packages. 
  2. The LucidLink Client on Windows installer includes a driver and code-signing certificate . To ensure this driver installs appropriately you need to import a Trusted Publisher certificate. To acquire this certificate you retrieve it from the MSI installer package.
    Right-click installer 'Digital Signatures > highlight LucidLink Corporation> Details > View Certificate > Install Certificate'. Import the certificate on the Local machine into 'Trusted Publishers'.
    GP1.png
  3. Once the certificate is installed to to Trusted Publishers you can export the certificate for import future into Group PolicyGP2.png
  4. Place both the latest Windows Installer packages (MSI) on a file share that is accessible across the domain.
    Our MSI packages are regularly updated, please ensure to use the latest and republish as required in steps 4 & 7. It is encouraged to ensure that connected client versions are consistent throughout Filespace. 
  5. To roll these out via Group Policy, open up the Group Policy Management Console and create a new Group Policy Object (GPO). Ensure that the 'Security Filtering' under the 'Scope' tab for this GPO is set to not apply to any users. By default this would be set to Authenticated Users. Under the 'Delegation' tab ensure Authenticated Users only have 'Read' permissions. Now you can link your Group Policy to a specific organizational unit. Once fully configured you can set the 'Security Filtering' to a group of computer objects or a single test computer object to ensure it works as expected.
  6. As part of this GPO, ensure the certificate we exported is rolled out with the Windows Installer package. Import the certificate file under 'Computer Configuration \ Policies \ Windows Settings \ Security Settings \ Public Key Policies \ Trusted Publishers'.
    Note: Code-signing certificates have expirations dates, it will be required that the certificate is periodically updated. Repeat process in steps 2, 3 & 6 as required.
  7. In the same GPO, select 'Computer Configuration \ Policies \ Software Settings \ Software Installation' and create a new package. If you are deploying this on both 32-bit and 64-bit Windows, select both the x86 and x64 installation packages. You may wish to change the package name to LucidLink (x64) and LucidLink (x86) respectively.GP3.png

    Note: In properties remove x86 package will upgrade x64 and deselect `Make this 32-bit x86 application available to Win64 machines` within advanced properties.

  8. You also need to set 'Computer Configuration \ Policies \ Administrative Templates \ System \ Group Policy \ Configure software installation policy processing' to enable 'Allow processing across a slow network connection', but leave 'Process even if the group policy objects have not changed' disabled.
  9. Ensure that 'Computer Configuration \ Policies \ Administrative Templates \ Windows Components \ Windows Installer \ Always install with elevated priveleges' is enabled. For logging data on installation progress you can enable 'Computer Configuration \ Policies \ Administrative Templates \ Windows Components \ Windows Installer \ Specify the types of events Windows Installer records in its transaction log' and set this to iweapv.GP4.png
  10.  

Note: You can also set 'Computer Configuration \ Policies \ Administrative Templates \ System \ Logon \ Always wait for the network at computer startup and logon' if appropriate and machines are always expected to be connected to a domain network. Do not set this if you expect users to go offsite with their laptop.

After successfully configuring this and applying this Group Policy Object to a group of computer objects you will see that the LucidLink Client is automatically installed the next time these machines reboot. Should you have any questions, or need help with LucidLink Client deployment in large environments please contact support.

 

Was this article helpful?

0 out of 0 found this helpful