Overview
Using the PhishingBox Outlook Add-in MSI installer, it's possible to deploy the add-in via Group Policy. Follow the instructions below to achieve this.
NOTE: Because Microsoft Windows Server has multiple versions, the following instructions may differ slightly. This guide was created using Windows Server 2016.
Use the links below to jump to a section:
Group Policy Installation Instructions
- Create a shared network folder that contains the MSI installer for the Outlook plugin.
- Open Group Policy Management from the Server Manager > Tools.
- Right-click the domain or OU you wish to deploy the package on, and select "Create a GPO in this domain, and Link it here".
- Provide a name and Click "OK".
- Under the newly created GPO, define groups, users, and computers for package deployment.
- Right-click on the newly created GPO and select "Edit".
- Expand Computer Configuration > Policies > Software Settings and click the "Software installation" option.
- Right-click in the right pane, select New > Package.
- Select the UNC path to the shared installation folder.
NOTE: Do not select the file on the local machine, use the network share path. E.g.
\\SERVER\share\setup.msi
- Select "Assigned" and click "OK".
- The package should now show in the right pane of the GPO editor.
- To test, log into a domain user workstation and the package should automatically be installed and visible under the Control Panel as an installed application.
Troubleshooting
- Check the Event Viewer on a single domain user's machine to verify there is a log entry for the installation of the package. It will likely appear under Windows Logs > System. You should see an error related to why the plugin was not installed, or a success message.
- If after checking the Event Viewer logs on the client machine, an error 1612 is encountered during GPO installation, this indicates that the Active Directory client cannot read from the server network share specified in the GPO options.
- Verify that a full UNC path has been entered for the shared installer package.
- Verify that a full UNC path has been entered for the shared installer package.
- Verify that the Share permissions are set appropriately and can be accessed with READ permissions from the client machine.
- To troubleshoot, try setting the share to give "Everyone" read access, then limit access to specific groups after verifying that the issue has been resolved.
- On the Windows Server for the domain, reopen the Group Policy Management screen with the software installation package selected. Right-click the software package, go to All Tasks > Redeploy Application. This will trigger a reinstallation on all the clients that currently have the package installed upon the next system reboot.
If the above steps do not seem to fix the issue and the Event Viewer isn't showing any entries for the installation, or the installation was deferred, try purging the software's registry entry and rebooting the client machine. The registry entry will be located in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GroupPolicy\AppMgmt
There will be an entry for the software application. Delete this entry as an administrator, then try rebooting the machine.
For more information, you can view article Microsoft Help - How to use Group Policy to remotely install software in Windows Server 2008 and in Windows Server 2003.
Comments
0 comments
Please sign in to leave a comment.