Skip to end of metadata
Go to start of metadata

It is possible to deploy multiple Verba Desktop Agents with Group Policy using pre-created registry and certificate files.

Stage 1:

Install and configure a Verba Desktop Agent the regular way, using the Configuring the Verba Desktop Agent article.

Stage 2:

Step 1 - Log into the desktop where the Desktop Agent is installed.

Step 2 - Open the Start menu, type "regedit" and press Enter. The Registry Editor opens. Go to the HKEY_LOCAL_MACHINE\SOFTWARE\Verba node. Right-click on the Verba key, then select Export.

Step 3 - Save the registry to a file.

Stage 3:

Step 1 - Log into the desktop where the Desktop Agent is installed.

Step 2 - Go to the Start menu. Type "mmc.exe", then press enter.

Step 3 - Go to the File / Add/Remove Snap-in... menu.

Step 4 - From the list on the left side select Certificates and click on the Add button.

Step 5 - Select Computer Account then click Next. On the next page, select Local Computer then click Finish. In the MMC windows press OK.

Step 6 - Go to the Personal \ Certificates folder, and export both Verba certificates (Verba Server Certificate and Verba CA Certificate). The server certificate must be exported with the private key!

Stege 4:

Step 1 - Create a new network share which is accessible to everyone, and put all the files there (.cer, .pfx, .reg), and the VerbaDesktop.msi installer.

Step 2 - Create a .bat file using the template below:

certutil -addstore -enterprise Root \\share\Verba-CA.cer
certutil -f -p Certificate_Password -importpfx \\share\verba_desktopagent.pfx
msiexec /i \\share\VerbaDesktop.msi /quiet
reg import \\share\desktop.reg
sc restart verbaagent
sc restart verbasysmon
sc restart verbastorage
sc restart VerbaScreenController

Step 3 - Change the filenames and the paths in the first four lines of the .bat file. Replace the Certificate_Password with the actual password provided at the end of Stage3.

Step 4 - Create a new Group Policy for running the .bat file on startup, based on the following guide:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770556(v=ws.11)

Alternatively, the .bat file can be executed manually.

  • No labels