Category Archives: software deployment

Group Policy Software Deployment OpenVPN

You will require:

OpenVPN Code signing certificate:
OpenVPN MSI – instructions here:

Create the deployent share, and set permissions as appropriate:

Place the OpenVPN MSI into the deployment share.


Expand the domain, and expand Group Policy Objects.  Right click and select New

Give the software deployment a name, and click OK

Right click the GPO and select Edit…

Expand Computer Configuration –> Policies –> Software Settings  Right click on
Software Installation and select New –> Package…

Navigate to the deployment share via UNC, select the MSI, and click Open.

Select Assigned and click OK.

The application is now assigned for install.

Navigate to Computer Configuration –> Windows Settings –> Security Settings –> 
Public Key Policies.  Right click Trusted Publisher and select Import…

Click Next

Click Browse

Navigate to the OpenVPN certificate and click Open

Click Next

Click Next

Click Finish

Click OK

The certificate is now ready to be pushed out via Group Policy.

Drag the Group Policy Object (EG: Install Open VPN Client) and release on the OU you wish to
deploy the software to.  (EG: Corp Computers).

The software will now be deployed to computer objects in that OU.

Group policy Software deployment permisisons

When deploying software deployment via group policy permissons must be set so that the computer account has read permission to the install files.

To check this, open Computer Management and open Shared Folders.

Right click the deployment share and select Properties

Domain computers at a minimum should have read.  In this example, I have Everyone as read.

Open Windows Explorer and navigate to the deployment folder.  Right click the deployment folder
and select Properties

On the Security tab, you can see i have added Domain Computers as Read & execute, list
folder contents, and Read.

This will allow the computer accounts to access the softwaredeployment share.