Install ACC with Group Policy Object

Overview

If your company manages the users by the Active Directory, it’s possible to provide and install Acreto Connect Client using Group Policy Object. ACC is ready to be installed and configured by GPO rules. This solution allows you to quickly onboard the whole of your team to the Acreto Ecosystem.

This article consists of two parts:

  1. Install Acreto Connect Client with Group Policy Object
  2. Importing Profile into Acreto Connect Client with Group Policy Object

Prerequisites

This feature is available only for version 2.4.3 and newer. Update your ACC if you want to use this option.

To complete these tutorial steps, the following items are required:

  • Windows Server machine
  • Basic knowledge of Windows Server configuration
  • Active Directory setup experience

Install Acreto Connect Client with Group Policy Object

Acreto Connect Client uses *.EXE installer - this means that you cant use the default way of software installation for GPOs. To install ACC you need to create a Scheduled Task to run the installation script. Scheduler task allows to run the script and install software with administrator privileges. What’s more important - installation is completely invisible for the user.

How to

  1. First, create the shared folder that will be available for the users.

  2. Download the last version of Acreto Connect Client for Windows.

1.Rename the installer to Acreto-Connect-Client.exe and place it in a shared folder. Installation script also takes care of the updates - it will read the installation version and compare it to the one existing on the users device - if the available version is newer, it will install it.

  1. On the domain controller server, create an acreto_install.ps1 file with the below content:

    # ADD YOUR VALUES HERE
    $InstallPath = 'C:\Program Files (x86)\Acreto Connect Client' #local installation path
    $InstallerFile = '\\SERVER\acc\Acreto-Connect-Client.exe' #ACC installer path shared in internal network
    # END
    
    IF (Test-Path -Path $InstallPath) {
    #if path exists then... 
    $InstallPathExe = 'C:\Program Files (x86)\Acreto Connect Client\Acreto Connect Client.exe' #local installation binary
    $update = ((Get-Item $InstallerFile).VersionInfo.ProductVersion) #Version of ACC available on server
    $current = ((Get-Item $InstallPathExe).VersionInfo.ProductVersion) #Version of ACC available on server
    
    IF ([System.Version]"$update" -gt [System.Version]"$current"){
       #if update is available than install
       & "$InstallerFile" /qn /SILENT /norestart INSTALLSTARTMENUSHORTCUTS=1 DISABLEADVTSHORTCUTS=0
       & 'C:\Program Files (x86)\Acreto Connect Client\post_install.exe'-y /qn /SILENT /norestart
    } ELSE {
       #If thers no update, exit. 
       EXIT
    }
    } ELSE {
    & "$InstallerFile" /qn /SILENT /norestart INSTALLSTARTMENUSHORTCUTS=1 DISABLEADVTSHORTCUTS=0
    & 'C:\Program Files (x86)\Acreto Connect Client\post_install.exe'-y /qn /SILENT /norestart
    }
    
  2. In Group Policy Management, create a new Group Policy under your domain. image1

  3. Edit the GPO by right-clicking on it and select Edit.

  4. Navigate to User Configuration > Preferences > Control Panel Settings > Scheduled Tasks image2

  5. Click Right Mouse Button on Scheduled Task panel and choose New > Immediate Task (At least Windows 7) image3

  6. In task creation widow set:

    1. Name: ACC installer

    2. When running the task, use the following user account: click on Change User or Group button and inpute SYSTEM as a user and click on Check names button. As a Result you should recive the NT AUTHORITY\System.

    3. Check: Run whether user is logged or not

    4. Check: Run with highest privileges

    5. Configure for: Windows 7, [..]

      image3

  7. Go to Actions tab and click on New… tab

    1. Action: Start a program

    2. Program script: %windir%\System32\WindowsPowerShell\v1.0\powershell.exe - path to the PowerShell

    3. Add arguments: -Noninteractive -ExecutionPolicy Bypass –Noprofile -file PATH-TO-acreto_install.ps1 - make sure that path to script will be available throught the network.

    4. Click Ok butten and the sace whole task.

      image3

Result

As a result, the scheduled task will be run regularly on users devices and run the installer script. Installer script working with system privileges will check if ACC needs to be installed or updated.

Importing Profile into Acreto Connect Client with Group Policy Object

Acreto Connect Client is already installed on the user’s computer. To establish a connection the ACC required a profile with configuration. Create the policies to download the correct Profile for ACC.

How to

  1. Add the script to import the profile, navigate to User Configuration > Policies > Windows Settings > Scripts ( Logon / Logoff ): image5

    Copy and paste the below code into acreto_profile_deep_link.ps1:

    Start-Process "acreto://import-profile?code=123456"
    

    This action needs to be made on user log-on because it required Internet access to download the profile data.

  2. Navigate to Computer Configuration > Policies > Administrative Templates > All Settings

  3. Do the following change under settings:

    1. Configure Logon Script Delay: Enabled
    2. Turn on Script Execution: Enabled image6
  4. Double click on Turn on Script Execution and modify its setting. Make sure that the Execution Policy is set to Allow all scripts. If you want to run only signed scripts it is also possible, but you will need to sign in with your certificate before running it. image7

This script will be executed on the user login. ACC import profile by the deep link. No user actions are required.

Next step

All computers should be configured to use Acreto Connect Client. The user needs to use their credentials to login into the Ecosystem (if the profile needs that).
If users were imported from the AD the credential should be the same as stored in AD.

Next page: IPsec Gateway