How can I deploy a desktop SoftToken with Active Directory software distribution policies?

For organizations that use Group Policy to manage software distribution, you can deploy the AuthAnvil Desktop SoftToken using Active Directory.

Note: To successfully use this installation method, the target system must have a minimum of .NET 3.5 Framework installed beforehand.


Preparing for Deployment

To successfully deploy the Desktop SoftToken, you will need to: 

  1. Set up a network share available to all domain based computers 
  2. Set up a Group Policy Object for the deployment


Setup the network share

 To deploy using Active Directory, member workstations and servers need to be able to access a share as the machine’s system account. The best way to do this is to create a new share and assign Domain Computers to the share, and also assign it NTFS ReadRead and Execute, and List Folder Contents permissions for the shared folder. Once this is done, download the SoftToken MSI package from the SoftToken Portal and copy it to the share.

Note: Make sure that all files in the share inherit this permission, or you will not be able to remotely deploy the MSI.


Set up the Group Policy Object

Once you have selected the OU that you want to deploy to, you need to create and link a GPO to it.

To do this in Windows Server 2003 based systems, right click the OU and select “Properties”. Select the Group Policy tab and press the New button to create a new GPO, and give it a name. Then press the Edit button to start the Group Policy Object Editor tool.

On Windows Server 2008 based systems, open the Group Policy Management tool directly from Administrative Tools and do the following:

  1. Right click the OU and select the menu option to “Create and Link a GPO Here…“. Name the policy something easy for you to remember, like “AuthAnvil SoftToken Deployment Policy“.
  2. Right click on this new policy and select “Edit” from the popup menu.

Once the Group Policy Object Editor launches, expand Computer Configuration->Software Settings (Computer Configuration->Policies->Software Settings on Windows Server 2008), then right click on Software installation and select to create a new Package.


Browse to the network share where the MSI package is located and select it. Click Open.


Select to Deploy Software using the Assigned method.


At this point the MSI will now be tied to the GPO and computers added to the OU this is assigned to will have the AuthAnvil Desktop SoftToken deployed to them the next time they are rebooted.


It is recommended that you run gpupdate /force and reboot the computer twice when you want to accomplish this. If you wish to do this remotely, use psexec from the SysInternals PSTools package to do this on a machine basis.

ie: psexec ComputerName gpupdate /target:computer /force /boot


Uninstalling a Distributed Package

If you need to uninstall the agent, you can do this by editing the GPO and selecting to Remove the package.


Once prompted, select to “Immediately uninstall the software from users and computers“.

Once you press OK, the next time policy is updated for the target systems and they are rebooted, the Desktop SoftToken will be uninstalled.



If you have any questions or need some help, we would be happy to assist. Open a case at or send an email to

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section