Netskope Help

Deploy Netskope Client with Microsoft GPO

Supported Environment
  • Microsoft Windows Platforms (Windows 7 or higher).

    Supported under special consideration. For more information, refer to Windows 7 EOL.

  • AD Infrastructure for Identities Management

  • Microsoft Group Policy Objects

Prerequisites
  • Install and configure Directory Importer to fetch email addresses and usernames from Active Directory. Use Directory Importer version 2.24 or above for importing AD users to Netskope system. This has the capability to capture the user’s principal name (UPN) along with the user's email ID. For details about installing and configuring Netskope Adapters, go to Netskope Adapters.About Netskope Adapters

  • Download the Netskope Client installer file from the email invite and save it as NSClient.msi.

  • Obtain your Organization ID from the Netskope Admin console.

    • Go to Settings > Security Cloud Platform > MDM Distribution.

    • Under Create VPN Configuration, copy the Organization ID.

  • Obtain the Add-on Manager Host.

Install the Client for GPO

To install the Netskope client:

  1. Create a source distribution folder and copy the standard Netskope client installer, NSClient.msi into it.

    Note

    For the latest version of the client, visit the Downloads page in Netskope Support.

  2. Verify the source distribution folder is shared and is accessible from all domain computers.

  3. Create a batch file(.bat) in the source distribution folder and add following lines of command.

    @echo off
    SetLocal
        set newver=<version number of msi to be installed in x.x.x.x format>
        set newVernum=%newver:.=%
    
    
    for /f "tokens=2 delims==" %%f in ('wmic product where "Name like 'Netskope Client'" 
    get Version /value ^| find "="') do set "instVer=%%f"
    
    IF NOT DEFINED instVer (
        msiexec /I "<UNC path of source distribution folder>\<msi name with extension>" 
    host=<host> token=<org_id> mode=peruserconfig fail-close=[no-npa|all] /l*v %PUBLIC%\nscinstall.log
    ) ELSE (
        set instVerNum=%instVer:.=%
        IF newVernum LSS instVerNum  (
            msiexec /I "<UNC path of source distribution folder>\<msi name with extension>" 
    host=<host> token=<org_id> mode=peruserconfig fail-close=[no-npa|all] /l*v %PUBLIC%\nscinstall.log
        )     
    )
    EndLocal
    
    

    Note

    When running the above script in the command line mode, then ensure that you remove the additional % (percentage) in all occurances of %%f.

  4. Create a GPO to install the Netskope client.

  5. Edit the GPO.

    1. Go to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown).

    2. Add the batch file as a Startup Script.

    3. Refresh and update the GPO policies.

Notes
  1. For a complete list of installer parameters and their meaning please refer  Netskope Command Reference.

  2.  Create a GPO to install Netskope client.

  3. Edit the GPO, go to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown).

  4. Add the above mentioned batch file as a startup script.

  5. Refresh and update the GPO policies.

Enforcing Installation

Admin must create and schedule a GPO task to reboot all the domain computers to apply the startup script that is created in above section. If a user manually uninstalls the Netskope client, the same will be reinstalled through Group Policy during next restart of their computer.

Uninstalling the Client

Uninstalling can be done through GPO using a batch script similar to installation. The uninstallation script is:

wmic product where name="Netskope Client" call uninstall