Skip to main content

Install via Group Policy

Automate Level installation on Active Directory workstations using GPO scripts or manual Group Policy setup for efficient deployment.

Updated this week

The GPO deployment automation, is provided as a convenience for Level customers. We cannot guarantee this will work in all Active Directory environments and we recommend that you test it before deploying to your production environment.

Importing the Level auto-deploy GPO automation

  1. If your Level account does not already contain the Level installer GPO automation, then import it by clicking the following link: https://app.level.io/import/automation/Z2lkOi8vbGV2ZWwvQWxsb3dlZEltcG9ydC8yMDE

  2. Click on Import automation and the following automation will be added to your account.

  3. Find your API key (and if needed the group ID where you want to install new agents) for this group policy. This can be found when you select a group on the Devices page and then chose Install New Agent. Copy the API key (and the group ID if applicable).

  4. Go back to the imported automation and choose the Variables tab. Paste your Level API key (and optionally paste in the group ID).

  5. Lastly, add a single Domain Controller to the automation.

    The first step in the automation is an administrative approval step which is a safety mechanism to ensure that only one domain controller will have the script run on it. Press Approve if you are sure that you want the agent to run through the automation.

    The second step is a script that will create a new GPO object called "Install Level Agent" and it will link it to the root of the domain. The GPO will create a scheduled task on all Active Directory clients that will immediately run the Powershell installation script.


Manual setup of Group Policy

If a manual setup of group policy is preferred then this can be done via an immediate scheduled task.

  1. Create a new GPO and link it to the appropriate OU in Active Directory.

  2. Edit the policy and go to Computer Configuration | Preferences | Control Panel Settings | Scheduled Tasks | Right-click and select New->Immediate Task (At least Windows 7).

    Creating a new task in the Group Policy Management Editor

  3. On the general tab

    1. Enter name as Install Level Agent

    2. Click the Change user or Group button, search for SYSTEM, click OK

    3. Select Run whether user is logged on or not.

    4. Check Run with highest privileges.

    5. In the Configure for: select “Windows 7, Windows Server 2008R2

    Configure Level agent properties for Windows Server

  4. On the Actions Tab

    1. Click “ New

    2. In the Program/script field, enter:

      c:\windows\system32\windowspowershell\v1.0\powershell.exe
    3. In the Add argument field, enter the following. Replace "PUT_YOUR_LEVEL_KEY_HERE" with your Level installer key.

      -ExecutionPolicy Bypass; $env:LEVEL_API_KEY = 'PUT_YOUR_LEVEL_KEY_HERE'; Set-ExecutionPolicy RemoteSigned -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iwr -useb https://downloads.level.io/install_windows.ps1 | iex

      Click OK on the New Action window and click OK on the Properties window to close out the windows.

    Create a new action and add additional arguments

  5. The GPO is complete. On the next group policy refresh the agent will be installed on the domain-joined computers linked to the OU selected.

The automation earlier on this page will drop Windows Event Log messages on the client machines once the installer script has been called in order to aid in troubleshooting. This manual setup just covered will not provide event log messages.

Did this answer your question?