Deploy FortiClient using Microsoft Active Directory servers
There are multiple ways to deploy FortiClient to endpoint devices including using Microsoft Active Directory (AD).
Deploy using EMS
The following instructions are based from Microsoft Windows Server 2008. If you are using a different version of Microsoft Server, your MMC or snap-in locations may be different.
Using Microsoft AD to deploy FortiClient:
- On your domain controller, create a distribution point.
- Log on to the server computer as an administrator.
- Create a shared network folder where the FortiClient MSI installer file will be distributed from.
- Set file permissions on the share to allow access to the distribution package. Copy the FortiClient MSI installer package into this share folder.
- Select Start > Administrative Tools > Active Directory Users and Computers.
- After selecting your domain, right-click to select a new Organizational Unit (OU).
- Move all the computers you wish to distribute the FortiClient software to into the newly-created OU.
- Select Start > Administrative Tools > Group Policy Management The Group Policy Management MMC Snap-in will open. Select the OU you just created. Right-click it, Select Create a GPO in this domain, and Link it here. Give the new GPO a name then select OK.
- Expand the Group Policy Object container and find the GPO you just created. Right-click the GPO and select Edit. The Group Policy Management Editor MMC Snap-in will open.
- Expand ComputerConfiguration > Policies > Software Settings. Right-click Software Settings and select New > Package.
- Select the path of your distribution point and FortiClient installer file and then select Open. Select Assigned and select OK. The package will then be generated.
- If you wish to expedite the installation process, on both the server and client computers, force a GPO update.
- The software will be installed on the client computer’s next reboot. You can also wait for the client computer to poll the domain controller for GPO changes and install the software then.
Uninstall FortiClient using Microsoft Active Directory server:
- On your domain controller, select Start > Administrative Tools > Group Policy Management. The Group Policy Management MMC Snap-in will open. Expand the Group Policy Objects container and right-click the Group Policy Object you created to install FortiClient and select Edit. The Group Policy Management Editor will open.
- Select ComputerConfiguration > Policy > Software Settings > Software Installation. You will now be able to see the package that was used to install FortiClient.
- Right-click the package, select All Tasks > Remove. Choose Immediately uninstall the software from users and computers, or Allow users to continue to use the software but prevent new installations. Select OK. The package will delete.
- If you wish to expedite the uninstall process, on both the server and client computers, force a GPO update as shown in the previous section. The software will be uninstalled on the client computer’s next reboot. You can also wait for the client computer to poll the domain controller for GPO changes and uninstall the software then.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos