Token-Based Mass Deployment for Windows Assets

You can mass deploy the Insight Agent to your Windows assets using the token-based installer by configuring an existing GPO package in Microsoft Group Policy. This article guides you through the batch file configuration and how to add the file as a startup script to your package.

This article covers the following topics:

Before You Begin

Make sure you generate a token and download the token-based installer for Windows if you have not done so already.

Create the Batch File

This mass deployment procedure uses a batch file as a startup script that you attach to your GPO package.

To configure the batch file:

  1. Copy the following lines into a text editor.
  2. In the command, specify this information where indicated:
  • <installerType> - Specify x86-64 for most Windows architectures, or arm64 for Windows ARM64.
  • <fully-generated-token> - Substitute this with your organizational token that you generated from the agent download panel in Agent Management. If you elect to use the CUSTOMCONFIGPATH option, replace <path-to-msi-location> with the proper value.
 
1
\\server\software\r7agent-token\agentInstaller-<installerType>.msi /l*v
2
\\server\software\r7agent-token\debug.log CUSTOMCONFIGPATH=<path-to-msi-location>
3
CUSTOMTOKEN=<fully_generated_token> /quiet /qn

TIP

The \\server\software\r7agent-token path shown in the following example represents a hypothetical network share for your packaging software to use. Substitute this portion with the appropriate path where your .msi will reside.

The following table explains some of the options included in this batch file example:

MSI Installer Option

Description

/l*v

This optional parameter creates a diagnostic log file located in the specified path.

CUSTOMCONFIGPATH

The token installation method downloads several required configuration files from the Rapid7 Insight platform. When used with the token-based installer, this parameter places these configuration files into the path specified, which is usually the same folder where the .msi is located.

Note that if you choose to designate a network share with this parameter, your Domain Computers must have write permissions to the share in order to place the files.

If no CUSTOMCONFIGPATH is specified, the installer assumes that the value is the same folder where the .msi is located.

CUSTOMTOKEN

The agent installation token that was generated earlier.

This parameter is required.

/quiet /qn

These parameters make the installation silent.

  1. Save the file with the .bat extension. This ensures that Windows recognizes it as a batch file.

Add the Batch File to Your GPO Package

With your configured batch file in place, you can now attach it to your GPO package.

To attach your batch file as a Startup Script in Microsoft Group Policy:

  1. Navigate to Computer Configuration > Policies > Windows Settings > Scripts to edit your GPO package.
  2. Edit the Startup Script and add the batch file you created earlier.
  3. Reboot your target Windows assets to install the agent automatically.