KBI 311320 How To Deploy Argent for Security USB Monitoring Agent Through Active Directory Group Policy


Argent for Security all versions


Thursday, 3 December 2015


Argent for Security is using an Agent for USB monitoring on remote machines

In order for the ease of deployment Argent provides this agent in a MSI package which can be easily deployed by setting a Group Policy in the Active Directory

This document explains the step by step instructions to deploy Argent for Security USB Monitoring Agent



Technical Background

Deployment Of Argent for Security USB Monitoring Agent On A Windows 2008 Server

Step 1 – Single Click To Create Argent for Security USB Agent MSI Package

The USB agent must be provided with Argent for Security Main Engine name for its functioning

When the Agent is deployed as an MSI package through Active Directory Group Policy, an unattended installation – without the user key in the Argent Main Engine name – is preferred

To accomplish this, the MSI package is created on the fly with a single click command file

Following are the steps to make the MSI Package on the fly

  1. Please copy ‘ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER.ZIP’ file to the folder “C:\Temp”
  2. Extract the zip file using ‘Extract Here’
  3. This will create a folder “C:\Temp\ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER” as shown below


    Replace the string “###MAIN_ENGINE_NAME###” with the Argent for Security Main Engine name

    Note: Please change only the text marked in red as shown above

    There is one more such string in the script which is used for validation purpose

    Please do not change it

  4. Execute the script ‘ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER.CMD’ using the option ‘Run As Administrator’ as shown below

  5. Multiple console windows appear as shown below
  6. When the CMDs exit, ‘ARGSOFT_USB_AGENT.msi’ will be created in the same folder as shown below

    Use this MSI package for deployment

Step 2 – Create A Distribution Point

Follow the succeeding steps to create a distribution point which is a shared folder in the domain server

  • Log on to the server as an Administrator
  • Create a folder called ‘Argsoft_USB_Agent’
  • Share the folder
  • Set permissions on the share to allow access to the distribution package
  • Copy the MSI package to the distribution point

Step 3 – Open Group Policy Management Console

Start -> Administrative Tools -> Group Policy Management

Step 4 – Add New Group Policy

  • Select Group Policy Object
  • Right Click and Select ‘New’ from the popup menu

Step 5 – Name The New Group Policy Object

  • Name new group policy object as ‘Argsoft_USB_Agent’ and Click OK

Step 6 – Configure New Group Policy Object

  • Select Argsoft_USB_Agent under Group Policy Objects
  • Right Click and Select Edit from the popup menu

Step 7 – Configure Using Group Policy Management Editor

  • Select Software Installation under Computer Configuration – >Software Settings

Step 8 – Add Package

  • Right Click and Select ‘New – > Package’ from popup menu

Step 9 – Set The Path Of The Distribution Point

Please note that you must specify the UNC path of the shared installer package that you want

For example, \\Server\Argsoft_USB_Agent\ARGSOFT_USB_AGENT.MSI

Step 10 – Select ‘Advanced’ In Deploy Software

Step 11 – Configure Deployment Screen

  • Select ‘Assigned’ in Deployment Type
  • Check ‘Uninstall the application when it fails out of the scope of management’
  • Click OK button

Step 12 – Configure Newly Created Group Policy Object

  • Activate Group Policy Management Console

Step 13 – Link Newly Created Group Policy Object

  • Select domain under domains
  • Right Click and Select ‘Link an Existing GPO’

Step 14 – Select GPO

  • Select Argsoft_USB_Agent
  • Click OK button

Step 15 – Linked GPO Will Be Shown Under The Domain Name

Step 16 – Select Newly Linked GPO Under The Domain Name

Now a group policy to install Argent for Security USB Monitoring Agent has been successfully created

Agent will be automatically installed on all machines in the domain upon restart

Please refer the following URL for redeployment and removal of the package: