This article provides instructions for deploying Zscaler Client Connector in an Active Directory (AD) environment. It also provides details on how to complete a silent installation on users' devices.

To deploy Zscaler Client Connector in an AD environment:

• 1. Prepare your AD environment.
  1. Log in to the AD environment (Domain Controller) as an admin user.
  2. Ensure that you have a well-defined organizational unit (OU) in the AD where you want to deploy the app. If you do not have an appropriate OU, create one by going to Server Manager > Active Directory Domain Services > [domain name] > New > Organizational Unit.
     See image.

     

     Close

  Alternatively, you can also apply Group Policy (GPO) to a group. If you do not have an appropriate group, create one by going to Server Manager > Active Directory Domain Services > [domain name] > New > Group.

  3. Ensure that the newly created OU has all the users and computer systems on which you want to deploy Zscaler Client Connector.
     See image.

     

     Close

  Close
• 2. Create a network share.

  You must ensure that Zscaler Client Connector installer is accessible to all relevant computers by creating a network share on the drive in the Domain Controller.

  1. Create a folder, then right-click Properties. Click Enable Sharing, and in the Security tab, provide the relevant domain Administrators and Authenticated Users with access permissions.
     See image.

     

     Close
  2. Copy Zscaler Client Connector installer to this folder.
  3. Map this folder as a network drive and make sure it is accessible by client computers across the relevant OU within the domain.
     See image.

     

     

     Close

  Close
• 3. Create a Group Policy (GPO) for Zscaler Client Connector installation.

  You must create a new GPO policy for your OU in order to install Zscaler Client Connector.

  1. Go to Run and enter gpmc.msc to open the Group Policy Management editor.
  2. Select your OU, then right-click and select Create a GPO in this domain, and Link it here.
     See image.

     

     Close
  3. Under Security Filtering, specify the users, groups, and computers to which the policy must apply.

  Close
• 4. Install Zscaler Client Connector on the OU's Windows systems.

  You must now edit the GPO policy for the OU in order to install Zscaler Client Connector on the OU's Windows systems. You can use either the MSI or EXE file, but Zscaler recommends using the MSI file because it integrates well with GPO.

  • Deploying the MSI file to install Zscaler Client Connector

    These steps provide details on how to complete a silent installation of the app on users' devices using an MSI file.

    If you want to customize the MSI file and add install options (for example, you want to require users to enroll with Zscaler Client Connector before accessing the Internet), you must create an MST file before completing the steps below. To learn more, see Customizing Zscaler Client Connector with Install Options (MSI).

    1. Right-click on the GPO Policy you created and select Edit.
    2. Go to User Configuration > Policies > Software Settings > Software installation.
    3. Right-click and select New > Package.
    4. Double-click the MSI Windows Installer Package.
    5. In the Deploy Software window, select Advanced for the deployment method.
    6. Click OK.
       See image.

       

       Close
    7. To install the app on in silent mode, do the following, in Zscaler Properties window, click the Deployment tab. Do the following:
       • For Deployment type, select Assigned.
       • For Deployment options, select Install this application at logon.
       • For Installation user interface option, select Basic.

    See image.

    

    Close

    8. Do one of the following:
       • If you did not create an MST, click OK.
       • If you created an MST:
         1. Go to the Modifications tab.
         2. Click Add....
         3. Select the MST file.
         4. Click OK.

    See image.

    

    Close

    Zscaler Client Connector is automatically deployed the next time users' log into to their computers.

    Close
  • Deploying the EXE file to install Zscaler Client Connector

    Below are instructions for defining a system start-up script to install Zscaler Client Connector on user devices with an EXE file.

    1. Select the GPO Policy and go to Computer Configuration > Policies > Windows Settings > Scripts > Startup.
    2. Double-click to open.
    3. Select Add to open a new wizard.
    4. In the Script Name field, specify the absolute path to the EXE file. For example, \\SERVER\\share\Zscaler-windows-1.1.0.000213-installer.exe.
    5. In the Script Parameters field, do one of the following:
       • If you want to deploy the EXE file without any install options, leave the Script Parameters field blank.
       • If you want to customize the EXE file and include install options (e.g., you want to require users to enroll with the app before they can access the Internet), add the options to the Script Parameters field as described in Running the EXE File with Command-Line Options.
    6. Click OK.
    7. Click Apply, then run the following command:

    gpupdate.exe /force

    8. Remotely reboot the OU computers on which you want to install the app using the following command:

    shutdown.exe –r –m \\<Remote Computer Name> –t 0
                    

    Close

  Close
• 5. Verify the installation of Zscaler Client Connector on the OU's Windows systems.
  1. Once the OU system is rebooted, log in to a remote system.
  2. Verify that the app is running in the desktop foreground and that the desktop shortcut is installed.

  

  Close