The purpose of this document is to assist network administrators in deploying the HYID Desktop Credential Provider to workstations using a batch file and Windows Group Policy. This procedure is intended for administrators familiar with software deployment through Group Policies within an Active Directory environment.
This deployment script also includes self-healing capabilities for corrupted HYID agents. Specifically, it checks whether the installed HYID agent is running properly. If the agent is found to be corrupted, the script will automatically reinstall it, restoring its full functionality.
Find the Script/bat file and the required msi file (HyID_Client_1.1.12.12) as tested on Accops Internal Lab Setup.
Download Link: HyID
Instructions to Deploy HyID agent through GPO
Step 1: Download Required Script
- Download the ZIP file: HyID.zip from the above shared folder, Extract the contents to access the Hyid.bat file.
Step 2: Edit the HyID.bat script
- Right-click on Hyid.bat and select Edit.
- Locate the following commands inside the batch file:
set "msiPath=\AIT_INT_HOL_AD\HyID_Installer\HyIDSetup_MSI.msi" |
start /wait msiexec.exe /i "%msiPath%" /qn /l*v "%logFile%" WRAPPED_ARGUMENTS="/S /securelogin=yes /server1=xx.xx.xx.xx /server2=xx.xx.xx.xx /domainid=1" |
Replace the placeholders as follows:
- msiPath → Enter your actual UNC path to the MSI file.
- /server1=xx.xx.xx.xx → Replace with the FQDN/IP of HySecure Gateway Active node
(e.g., workspace.accops.com)
- /server2=xx.xx.xx.xx → Replace with the IP of HySecure Gateway Standby node.
- /domainid=1 → Use your actual domain ID if applicable.
- Save the file without changing its name.
Step 3: Place the msi file in a folder of shared drive.
- Copy the downloaded msi file into the folder of shared drive with following permission.
Step 4: Create an OU and GPO.
- Create one OU in your AD for the particular set of systems for which you want to deploy the HyID agent.
- Add those systems in the OU for deployment.
- Create on GPO for HyID deployment and attached it to the referring GPO.
Step 5: Attaching the script to the GPO.
- In the Startup Properties window of the GPO, click on "Show Files". This opens the folder: C:\Windows\System32\GroupPolicy\Machine\Scripts\Startup
- Copy and paste the edited Hyid.bat file into this folder.
- Return to the Startup Properties window and click "Add".
- Browse and select Hyid.bat from the above folder.
- Leave the script parameters field empty.
Step 6: Verifying the deployment.
- Once done take a reboot of the system for which you have added for the OU.
- Post the reboot open appwiz.cpl and check if the HyID agent is properly deployed.
Find attached below the SOP to follow for silent HyID installation through GPO.