Deploying the Zscaler App for Windows with Active Directory


Deploying the Zscaler App for Windows with Active Directory

This article provides instructions for deploying the Zscaler App in an Active Directory (AD) environment. It also provides details on how to complete a silent installation on users' devices.

A. Prepare Your AD Environment

  1. Log in to the AD environment (Domain Controller) as an admin user.
  2. Ensure that you have a well-defined organizational unit (OU) in the AD where you want to deploy the app. If you do not have an appropriate OU, create one by going to Server Manager > Active Directory Domain Services > [domain name] > New > Organizational Unit. See image.
  3. Ensure that the newly created OU has all the users and computer systems on which you want to deploy the Zscaler App. See image.

B. Create a Network Share 

You must ensure that the Zscaler App installer is accessible to all relevant computers by creating a network share on the drive in the Domain Controller.

  1. Create a folder, then right-click Properties. Click Enable Sharing, and in the Security tab, provide the relevant domain Administrators and Authenticated Users with access permissions. See image.
  2. Copy the Zscaler App installer to this folder.
  3. Map this folder as a network drive and make sure it is accessible by client computers across the relevant OU within the domain. See image.

C. Create a Group Policy (GPO) for Zscaler App Installation

You must create a new GPO policy for your OU to in order to install the Zscaler App.

  1. Go to Run and enter gpmc.msc to open the Group Policy Management editor.
  2. Select your OU, then right-click and select Create a GPO in this domain, and Link it hereSee image.
  3. Under Security Filtering, specify the users, groups, and computers to which the policy must apply.

D. Install the Zscaler App on the OU's Windows Systems

You must now edit the GPO policy for the OU in order to install the Zscaler App on the OU's Windows systems. You can use either the MSI or EXE file, but Zscaler recommends using the MSI file because it integrates well with GPO.

These steps provide details on how to complete a silent installation of the app on users' devices using an MSI file.

If you want to customize the MSI file and add install options (for example, you want to require users to enroll with the Zscaler App before accessing the Internet), you must create an MST file before completing the steps below. To learn more, see Customizing Zscaler App with Install Options (MSI).

  1. Right-click on the GPO Policy you created and select Edit.
  2. Go to User Configuration > Policies > Software Settings > Software installation.
  3. Right-click and select New > Package.
  4. Double-click the MSI Windows Installer Package.
  5. In the Deploy Software window, select Advanced for the deployment method.
  6. Click OK. See image.
  7. To install the app on in silent mode, do the following, in the Zscaler Properties window, click the Deployment tab. Do the the following:
    • For Deployment type, select Assigned.
    • For Deployment options, select Install this application at logon.
    • For Installation user interface option, select Basic.

See image.

  1. Do one of the following:
    • If you did not create an MST, click OK.
    • If you created an MST:
      1. Go to the Modifications tab.
      2. Click Add....
      3. Select the MST file.
      4. Click OK.

See image.

The Zscaler App is automatically deployed the next time users' log into to their computers.

Screenshot of the Deploy Software window 

Screenshot of the Deployment tab of the Zscaler Properties window

Screenshot of the Modifications tab of the Zscaler Properties window

Below are instructions for defining a system start-up script to install the Zscaler App on user devices with an EXE file.

  1. Select the GPO Policy and go to Computer Configuration > Policies > Windows Settings > Scripts > Startup.
  2. Double-click to open.
  3. Select Add to open a new wizard.
  4. In the Script Name field, specify the absolute path to the EXE file. For example, \\SERVER\\share\Zscaler-windows-1.1.0.000213-installer.exe.
  5. In the Script Parameters field, do one of the following:
    • If you want to deploy the EXE file without any install options, leave the Script Parameters field blank.
    • If you want to customize the EXE file and include install options (e.g., you want to require users to enroll with the app before they can access the Internet), add the options to the Script Parameters field as described in Running the EXE File with Command-Line Options.
  6. Click OK.
  7. Click Apply, then run the following command:
gpupdate.exe /force
  1. Remotely reboot the OU computers on which you want to install the app using the following command:
shutdown.exe –r –m \\<Remote Computer Name> –t 0

E. Verify the Installation of the Zscaler App on the OU's Windows Systems

  1. Once the OU system is rebooted, log in to a remote system.
  2. Verify that the app is running in the desktop foreground and that the desktop shortcut is installed.

Screenshot of the Zscaler App and the desktop shortcut

Screenshot of creating a new organizational unit

Screenshot of the users and computer systems in the organizational unit

Screenshot of providing access permissions in the Security tab

Screenshot of mapping the folder as a network drive

Screenshot of a folder that is mapped as a network drive

Screenshot of creating a new GPO policy for the OU to install the Zscaler App