Qualys Cloud Agent Deployment using Group Policy

This section describes the Cloud Agent deployment using group policy. Using group policy, you can install software on multiple computers or users at once without visiting each device or providing installation media. Also, you can update or uninstall the Cloud Agent just by modifying the group policy object.

Deploying Cloud Agent using group policy in the Windows environment involves the following steps:

Step 1: Create Transform File

Step 2: Create Group Policy Object

Create Transform File

Transforms files are used to customize setups created using Microsoft Installer (MSI) technology. A transform (.MST) file can be used to install Qualys Cloud Agent for Windows pre-determined parameters without a graphical user interface or user interaction. In the transform file, you can customize the properties of the Qualys Cloud Agent Package, including parameters like CustomerID, ActivationID, and WebServerURI.

Following are the steps to create a transform file:

Download Windows SDK and Install ORCA

Following are the steps to download the Windows SDK and Install ORCA:

Download the Windows SDK application from the Microsoft Developer site.
Install the Windows SDK on your system.
Navigate to the folder where Windows SDK is installed and launch Orca.msi from the \bin folder.
Follow the UI instructions to complete the ORCA setup. Once the setup is complete, The ORCA shortcut is displayed in the Start Menu.

Create Transform File (.MST)

Open the QualysCloudAgentSetup.msi in ORCA.
In ORCA's main menu, click Transform > New Transform.
In the Tables pane, select Property table.
Right-click in the Tables pane to add a new row to the Property table. The Add Row window appears.
In the Add Row window, enter the parameter name in the Property field and the parameter value in the Value field.
Create the following three rows in the Property table.

Customer ID: Parameter Name - CUSTOMERID, Parameter Value - {12345678-1234-1234- 1234-123456789012}.

Activation ID: Parameter Name - ACTIVATIONID, Parameter Value - {12345678-1234-1234- 1234-123456789012}

Web Service URI: Parameter Name - WEBSERVICEURI, Parameter Value - <Qualys Platform URL>/Cloud Agent/

The values for Customer ID, Activation ID, and Web Service URI are available on the Cloud Agent user interface while downloading the Cloud Agent package. Refer to Download Cloud Agent Installer to learn more about downloading Cloud Agent Installer.

In the OCRA's main menu, click Transform > Generate Transform.
Provide the path to save this Cloud Agent Transform file (.MST) at a specified location.

Create Group Policy Object

Following are the steps to create a Group Policy Object (GPO) to deploy the Cloud Agent package.

Configure Group Policy Object

Login to the Domain Controller and click Run > Gpmc.msc. The Group Policy Management Console opens.
Expand the Forest and navigate to Group Policy Object. Right-click on Group Policy Object and click New.
Enter the Name of the Group Policy Object and click OK.
Link the Qualys Cloud Agent GPO to the correct domain/OU as per your requirement.
In the Group Policy Object window, right-click Qualys Cloud Agent GPO and select the Edit option to make the following changes.

In the Computer Configuration window, navigate to Policies > Software settings.

Right-click the Software settings and select Software Installation > New > Package.

Select the Cloud Agent package file (.msi).

Ensure that the Cloud Agent installer file (.msi) is saved on a shared network path and everyone has Read permissions for it.

Select the Advanced option and click OK.
In the Package Properties window, navigate to the Modification tab.
Click Add and select the Cloud Agent Transform File (.MST).

Ensure that the Cloud Agent Transform File (.msi) is saved on a shared network path and everyone has Read permissions for it.

Click OK to save the Group Policy Object for Cloud Agent deployment.

Allow Permissions to Group Object Policy

In the Computer Configuration window, navigate to Policies > Administrative Templates.

Click the Windows Components tab. The Windows Installer window opens.

In the Windows Installer window, select Always install with elevated privileges checkbox.
In the Computer Configuration window, navigate to Policies > Administrative Templates > System.

In the Logon window, select Always wait for the network at computer startup and logon checkbox.

In the Group Policy window, select Allow processing across a slow network connection checkbox.

You have to reboot the Cloud Agent host system to complete the installation of Cloud Agent. You can also use the Refresh Group Policy procedure for Cloud Agent installation.