Skip to content

Installing the SSO Tool with a Group Policy

About this Document

In this document we explain how to install the AXS Guard SSO tool via a Group Policy. Information about the procedure described in this paper is also available on the official Microsoft support website.

This document was written for version 2.15 and was last updated on 09/28/2018.

Creating a new Group Policy

The following steps are optional; you can also edit an existing group policy.

  1. Go to Group Policy Management.

  2. Expand the tree Forest: xxx -> Domains -> <customer domain name>.

  3. Right-click on <customer domain name> -> Create a GPO in this domain, and Link it here.

  4. Provide a name, e.g. deploy AXSGUARDSSOv2; source (none).

Group Policy Management Editor - Adding a New Policy

Configure the SSO msi Installer

Use the included msi configuration tool for the SSO installer. It allows you to automatically create an adapted msi file for your environment based on the configured settings.

  1. Run configureMSI.hta.

  2. Enter the gateway hostname and make sure to check Install for all users.

  3. Click on Configure Installer.

  4. Copy the resulting installer, aXsGUARDSSOv2_<gateway_ip>.msi, to a network share which can be accessed by all users, e.g. \\<your_local_fileserver>\software.


Modify the Group Policy to Deploy the Software

  1. In the Group Policy Management console, right-click on the policy that you created previously. (deploy AXSGUARDSSOv2)

  2. Go to Computer configuration -> Policies -> Software Settings -> Software Installation.

  3. Right-click and select new -> Package.

  4. Go to the network share containing the SSO Tool msi installer and select it.

  5. Select Assigned as the deployment method.

  6. Close the Group Policy Management Editor.

    Group Policy Management Editor

Configure the System Logon Setting in the GPO

You must enable the system logon setting in the GPO:

  1. Start the Group Policy Management editor and select the GPO you created for the SSO Tool.

  2. Go to Computer Configuration → Policies → Administrative templates → System → Logon

  3. Enable Always wait for the network at computer startup and logon.

Enabling this option forces Windows clients to wait until the network is fully operational.

Group Policy Management Console - System Logon Setting

Create a WMI Filter for the GPO

Create a WMI filter to install the SSO Tool on clients only.

  1. In the Group Policy Management console, got to WMI Filters and create a new filter.

  2. Enter a name for the new WMI filter.

  3. Add the following query:

select * from Win32_OperatingSystem where ProductType="1"


  • "1" = client

  • "2" = domain controller

  • "3" = server (other than the domain controller)

Group Policy Management Console - Creating a WMI Filter

  1. In the Group Policy Management console, select the GPO policy you have created for the SSO Tool installation.

  2. Link the WMI filter to the GPO as shown below.

    Group Policy Management Console - Linking a WMI Filter

Verify the Group Policy and Install

  1. In the Group Poliy Manager Console, select the deploy AXSGUARDSSOv2 policy.

  2. Select the Settings tab.

  3. Verify that the package is there.

    Group Policy Management Console - Package Verification

The policy is now active. The client will automatically sync with the server (typically after a few hours). The software will be automatically installed on the clients after a reboot.

You can force a group policy update on clients as follows:

  1. Log in to a client machine.

  2. Open a command prompt.

  3. Run gpupdate /force /boot

  4. Reboot the client machine to install the software.