Installing Protocol Handler Through Group Policy

Group policy allows you to install Secret Server Protocol Handler on specific computers and groups of computers in your domain. Installing through group policy does not require changes to your firewall.

Step 1: Prerequisites

The Secret Server Protocol Handler Installer requires that .NET Framework 4.8 or greater be installed on the client machine. Most machines should already have this installed.

Step 2: Downloading the MSI From Secret Server

  1. Log in to Secret Server

  2. Go to Tools > Launcher Tools and click Download Protocol Handler to download the MSI.

Step 3: Setting up a Network Share

  1. Place the downloaded MSI file into a Network Share on your domain controller.

  2. Give domain users read access to the share.

Step 4: Creating a Group Policy That Allows for the Installation of the MSI

  1. Open up the group policy management console (Start >AdministrativeTools >Group Policy Management)

  2. Expand the Forest and Domain nodes until you locate the domain on which you are installing Secret Server Protocol Handler

  3. Right click on Group Policy Objects and click New

  4. Enter a descriptive name for your GPO (such as Secret Server Protocol Handler Installation) and click “OK”

  5. Right click on the newly created GPO node and click Edit.

  6. Select Computer Configuration > Policies > Software Settings > Software Installation

  7. Right click on the “Software Installation” node and select “New > Package”

  8. Browse to the MSI on your network share (that is, \\ServerMachineName\Shared is a valid network share, while C:\Shared is not) and click Open.

  9. Select the Advanced radio button and click OK.

    If you wish to have Secret Server Protocol Handler uninstalled when it falls out of the scope of management, then click on the “Deployment” tab and check the “Uninstall this application when it falls out of the scope of management”

  10. Click OK

  11. In the group policy management object editor, expand Computer Configuration > Administrative Templates > System and click on the Logon node

  12. Right click on the “Always wait for the network at computer start-up and logon”, select Edit, click Enabled, and click OK.

Step 5: Linking Your Group Policy Object to an OU

If you want to install Secret Server Protocol Handler for specific computers and not for an entire OU, then the MSI allows for manual installation directly

  1. Open up the group policy management console (Start > Administrative Tools > Group Policy Management)

  2. Expand the Forest and Domain nodes until you locate the domain on which you are installing Secret Server Protocol Handler

  3. To link the GPO to an entire OU:

The OU is now linked to the GPO. To immediately force the group policy change and install the software on a client machine, open a command console on the client machine (start > run > cmd), type gpupdate /force, and restart the client machine. You can also wait for the group policy to go into effect, which usually takes one to two hours.

Step 6: Verifying the Configuration

  1. Start > Administrative Tools > Active Directory Users and Computers

  2. Right-click the Organizational Unit for which Secret Server Protocol Handler is now configured and select All Tasks > Resultant Set of Policy.

  3. Check the box next to Skip to the final page of this wizard without collecting additional information , then click Next and Next again.

  4. Click Finish.

  5. In the new “Resultant Set of Policy” window, expand Software Settings under Computer Configuration and select Software installation.

  6. Secret Server Protocol Handler” should be visible under the Installed Applications column.