Deploying saved connections through a script in a group policy (GPO)

This section explains how to deploy saved connections through a script in a group policy (GPO). You can configure this GPO together with the Stormshield SSL VPN client deployment GPO to deploy them in succession.

For this GPO, Stormshield provides a sample script. You can customize it to suit your requirements, or write your own script.

Operating principle of the script ImportAddressBook-GPO.ps1 and downloading it

The script ImportAddressBook-GPO.ps1 provided by Stormshield is a sample.

Through a GPO, this script makes it possible to deploy a .book file that contains saved connections on a pool of Windows workstations. Saved connections are deployed in exactly the same manner on each workstation. This deployment overwrites and replaces the user's saved connections with those that have been deployed.

If necessary, you can customize this script so that it can perform other actions, or you can write your own script.

To download the script ImportAddressBook-GPO.ps1:

  1. In your MyStormshield area, go to Downloads > Downloads > Stormshield Network Security > SSL VPN.

  2. Click on the name of script ImportAddressBook-GPO.ps1 to download it.

Creating and copying the .book to be deployed

To configure the GPO, you will need the .book file containing the saved connections that you wish to deploy.

  1. Open the Stormshield SSL VPN client on one of your workstations.

  2. In the Saved connections menu, add the saved connections that you wish to deploy. For more information on fields, refer to the section Adding, changing or deleting a saved connection in the Stormshield SSL VPN client user and configuration guide.

  3. Export the saved connections:

    1. Click on the Button to access additional operations on saved connections, representing three vertical dots button at the top right, then click on Export.
    2. Select the location to save the .book file, give it a name, and then click on Save.
    3. In the Protect file window, leave the Password field empty. Protected files cannot be deployed with the script ImportAddressBook-GPO.ps1.

  4. Copy the .book file into a shared folder that can be accessed from your domain controller, and by the workstations in your organization to which the GPO applies.

Configuring the GPO

  1. Copy the script that you wish to use for the GPO on your domain controller.

  2. Run the server manager.

  3. In the upper menu bar, click on Tools > Group Policy Management.

  4. In the list on the left, right-click on the Microsoft Active Directory domain name and select Create a GPO in this domain, and link it here...

  5. Name the GPO and click on OK.

  6. Right-click on the name of the GPO that you have just created, and select Edit.

  7. In the window to edit the GPO, expand the menu on the left User configuration > Policies > Windows settings, and click on Scripts (opening/closing session).

  8. Double-click on Opening sessions.

  9. In the properties window, go to the PowerShell scripts tab, and click on Add....

  10. In the window to add the script:

    1. In the Script name field, select the script to be used for the GPO.

    2. In the Script settings field, enter the full path to access the .book file to be deployed. If the path contains spaces, it must be placed between quotation marks.

    3. Click on OK to confirm adding the script.

  11. Click on OK to confirm changes to the properties.

The deployment will automatically run when a user opens a session while being connected to the corporate network. When saved connections have been deployed, they will be available in the Saved connections menu on the Stormshield SSL VPN client.