To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Updated MSI deployment via GPO

bmaster
bmaster Posts: 12 Security Scout
edited July 22 in Elements Endpoint Detection and Response (EDR)

We use a GPO to deploy WithSecure Elements Agent to all client pc's. Works fine.

Now I downloaded a new version of the MSI from the portal, and added it to a new GPO while disabling the old GPO. What happens now is that the installer wants to uninstall the previous version (which is actually the same version as in the new msi). This uninstallation leaves some traces behind, causing the new install to fail, leaving the client unprotected. This can be fixed by running the FsUninstallationTool, but I cannot do this to 300 clients of course.

What is the best practice to handle new MSI files in combination with GPO's? I know of the following options:
- you can create new gpo and remove the old one
- you can add the new msi to the existing gpo as an update of the previous msi
- you can add the new msi to the existing gpo but not as an update of the previous msi
I tried a lot of these combinations, but the result is mostly the same.

Answers

  • Sethu Laks
    Sethu Laks Staff, Moderator Posts: 285 W/ Moderator
    edited June 2023

    Hi @bmaster

    Thank you for reaching our WithSecure Community,

    In your scenario, we would recommend this following best practices:

    • Remove an old GPO.
    • Select this following option to keep the Agent installed.
    MicrosoftTeams-image.png
    • Activate new GPO.

    We are happy to assist you if you still have any questions.

    Thanks

    Sethu

  • bmaster
    bmaster Posts: 12 Security Scout

    I'll keep an eye on it, but during my tests, this method caused the new msi to uninstall the software first, even though it was the same version. I'll do some more experiments, and get back to you when I run into problems. Thanks.

This discussion has been closed.

Categories