Microsoft Security Group Policy Exclusions

Applies to: Agent version10.0.47390.40

The Veriato Agent uses fixed file names to assist with excluding its agent files from Microsoft Windows Security. We have created a Group Policy Object (GPO) that can be imported into a Windows Server 2016 or greater Domain Controller. 

Follow the instructions in this article.

Requirements:

  • Windows Server 2016 or greater Domain Controller 
  • Group Policy Management Console (GPMC) 
  • Access to the primary Domain Controller machine and GPMC

Download and import the Provided GPO

Use your Group Policy Management Console (GPMC) to restore the GPO object(s) that contain our program files. 

  1. Download MS-Windows-Security-GPO.zip.
    Download the GPO .zip file created by Veriato.
    CLICK HERE
  2. Save and extract the file.
    Save and extract the file to the desktop on your primary Domain Controller machine. You will browse to and import the GPO in the folder using the Group Policy Manager Console.
  3. Start Group Policy Management Console (GPMC).
    Do one of the following:
  • In Windows Search, type Run.
    In the Run entry field type gpmc.msc and then click OK or press Enter.
  • OR from Windows Start, select All Programs > Accessories and click Run.
    In the Run entry field type gpmc.msc and then click OK or press Enter.

Import the Group Policy provided by Veriato

In Group Policy Management, follow these steps:

  1. In the console tree, find Group Policy Objects that apply to your endpoints. 
    Where?
    • Forest name
    • Domains
    • Domain name
    • Group Policy Objects
  2. In the appropriate domain, double-click Group Policy Objects.
    You will create a Group Policy object (GPO) and import the downloaded settings.
  3. Create a new GPO.
    Right-click Group Policy Objects and select New
    Give the GPO a name, such as "MS Windows Security (Exclusions)," and then click OK.
  4. Import the downloaded settings.
    Right-click the GPO and select Import Settings
  5. Follow the instructions in the Import Settings Wizard.
    When you are prompted to select GPO settings to import, navigate to the desktop where you extracted the downloaded file.
  6. Select MS Windows Security GPO.
    Click Next and Finish.

Notes

  • Edit permissions:
    You must have Edit permissions on the GPO into which you want to import settings to complete this procedure.
  • When importing settings from a backed-up GPO in another domain or forest:
    If the GPO settings contain references to UNC paths or security principals, you may need to update these references to new values in the destination GPO. You can specify a migration table during the import operation to update the references to security principals and UNC paths in the destination GPO.

Link the GPO to an Organizational Unit (OU)

Open Group Policy Management.

  1. Browse to the OU that contains the computers on which you will be deploying the Veriato Windows Agent.
  2. Select Link an Existing GPO…
  3. Select MS Windows Security (Exclusions).
  4. Press OK.

Force the policy to replicate immediately

Make sure the GPO policy goes into effect before you begin installing agents.

  1. Start the Command Prompt (depends on your Windows OS version):
  • In Windows Search, type Run and, in the "Open" panel entry, type CMD and press Enter.  
  • Or, access the Windows Start menu, type CMD and press Enter.
  1. Execute the policy update via the command prompt: 
    In the CMD window, enter this command.
    Gpupdate /force /logoff
  2. Press Enter to execute the command.
    You should see:
    Updating Policy... 
    When the command has executed, you will see: 
    User Policy update has completed successfully.
  3. You can execute the same command on the client machines.
    To force an immediate update at an endpoint device, use the same command.
    Otherwise, the policy usually updates automatically in about 90 minutes, or when the computer is restarted.

Updated: 07/25/2024