The GPO deployment automation, is provided as a convenience for Level customers. We cannot guarantee this will work in all Active Directory environments and we recommend that you test it before deploying to your production environment.
Importing the Level auto-deploy GPO automation
If your Level account does not already contain the Level installer GPO automation, then import it by clicking the following link: https://app.level.io/import/automation/Z2lkOi8vbGV2ZWwvQWxsb3dlZEltcG9ydC8yMDE
Click on Import automation and the following automation will be added to your account.
Find your API key (and if needed the group ID where you want to install new agents) for this group policy. This can be found when you select a group on the Devices page and then chose Install New Agent. Copy the API key (and the group ID if applicable).
Go back to the imported automation and choose the Variables tab. Paste your Level API key (and optionally paste in the group ID).
Lastly, add a single Domain Controller to the automation.
The first step in the automation is an administrative approval step which is a safety mechanism to ensure that only one domain controller will have the script run on it. Press Approve if you are sure that you want the agent to run through the automation.
The second step is a script that will create a new GPO object called "Install Level Agent" and it will link it to the root of the domain. The GPO will create a scheduled task on all Active Directory clients that will immediately run the Powershell installation script.
Manual setup of Group Policy
If a manual setup of group policy is preferred then this can be done via an immediate scheduled task.
Create a new GPO and link it to the appropriate OU in Active Directory.
Edit the policy and go to Computer Configuration | Preferences | Control Panel Settings | Scheduled Tasks | Right-click and select New->Immediate Task (At least Windows 7).
Creating a new task in the Group Policy Management Editor
On the general tab
Enter name as Install Level Agent
Click the Change user or Group button, search for SYSTEM, click OK
Select Run whether user is logged on or not.
Check Run with highest privileges.
In the Configure for: select “Windows 7, Windows Server 2008R2”
Configure Level agent properties for Windows Server
On the Actions Tab
Click “ New”
In the Program/script field, enter:
c:\windows\system32\windowspowershell\v1.0\powershell.exe
In the Add argument field, enter the following. Replace "PUT_YOUR_LEVEL_KEY_HERE" with your Level installer key.
-ExecutionPolicy Bypass; $env:LEVEL_API_KEY = 'PUT_YOUR_LEVEL_KEY_HERE'; Set-ExecutionPolicy RemoteSigned -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iwr -useb https://downloads.level.io/install_windows.ps1 | iex
Click OK on the New Action window and click OK on the Properties window to close out the windows.
Create a new action and add additional arguments
The GPO is complete. On the next group policy refresh the agent will be installed on the domain-joined computers linked to the OU selected.
The automation earlier on this page will drop Windows Event Log messages on the client machines once the installer script has been called in order to aid in troubleshooting. This manual setup just covered will not provide event log messages.