DISCLAIMER: These instructions are only for the purpose of guidance when installing the Smoothwall Unified Client and attending Cloud Filter browser extensions with a Windows Group Policy Object. Please consult Microsoft documentation on the exact procedure and best practice when setting up Domain policies.
In order to fully deploy Smoothwall Cloud Filter on a domain-joined Windows 10 device, a number of steps need to be taken to ensure the Cloud Filter client is licensed correctly and pushed to the browsers. The short-hand deployment path is:
- Push the Unified Client software for installation to the devices alongside its provisioning information (Serial and Tenant ID where required)
- Push the Cloud Filter extension to Chrome and/or Chromium Edge and lock down those browsers.
NOTE: Cloud Filter and the Unified Desktop Client does not support 32-bit machines.
- C:\Program Files\Smoothwall
- C:\Program Files\Smoothwall\Unified Client\bin\sw-uc-desktop-client.exe
- C:\Program Files\Smoothwall\Unified Client\bin\sw-uc-browser-bridge.exe
NOTE: Please follow these steps in the order given.
1. Create a Group Policy Object (GPO) to install and provision the Unified Client:
- Go to https://software.smoothwall.com/ and download the Unified Client file Windows x64
- Extract the zip file
- Copy the MSI file in a network shared folder, for example, \\MACHINE_NAME\Shared_Folder. This is so that the targeted device can access the file.
- On your, Domain Controller open the Group Policy Management Console and create a new GPO named 'Smoothwall Unified Client' or similar in the relevant OU - you may wish to only target specific machines for this change so steps should be taken to segregate them within the domain and apply the policy only to them. See the Microsoft help topic, Create a custom Group Policy Object.
- Attach the MSI file that you downloaded to the group policy object, see the Microsoft help topic, Open Group Policy Software Installation.
- Assign the MSI application.
- Set permissions for the Group Policy Software Installation:
- Authenticated users:
- Special permissions
- Authenticated users:
- In the same GPO, expand the tree under Computer (or User) Configuration -> Preferences -> Windows Settings -> Registry. Right-click Registry and select New > Registry Item.
- Create the following registry keys:
- PATH: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Smoothwall\UnifiedClient\
- KEY1 - NAME: SerialId TYPE: REG_SZ VALUE: [Your UNCL provided in onboarding email]
- KEY2 - NAME: TenantId TYPE: REG_SZ VALUE: [The Tenant GUID found in the On-Prem Smoothwall Filter & Firewall]
NOTE 1: KEY1 is mandatory, KEY2 may be left blank in non-multi-tenant setups. Please contact Smoothwall Support if you require verification on this point.
NOTE 2: For a multitenant organization, you can repeat these steps for each tenant/domain.
2. Force the Cloud Filter Extension in Chrome and/or ChromiumEdge:
- Acquire the Chrome and Edge ADMX templates from the following hotlinks and import them to your Domain. Please see Microsoft documentation on achieving this.
- Configure the Chrome and Edge GPOs as follows:
Google Chrome Path Name Status Details Google / Google Chrome Incognito mode availability Disabled Disallow the use of the incognito mode. Google / Google Chrome Control where Developer Tools can be used Disabled Disallow the use of the development mode for the force-installed extensions. Google / Google Chrome Browser sign in settings Disabled Prevent users to login to Chrome using an unmanaged domain. Google / Google Chrome / Deprecated policies Enable Incognito mode Disable Deprecated policies also need to be set. Google / Google Chrome / Deprecated policies Disable Developer Tools Enabled Deprecated policies also need to be set. Google / Google Chrome / Deprecated policies Allow sign in to Google Chrome Disabled Deprecated policies also need to be set. Google / Google Chrome / Native Messaging Configure native messaging whitelist Enabled com.smoothwall.chrome.bridge Google / Google Chrome / Extensions Configure the list of force-installed apps and extensions Enabled
Microsoft Edge Path Name Status Value Microsoft Edge Enable guest mode Disabled Disallow the use of the incognito /guest mode. Microsoft Edge Control where Developer Tools can be used Disabled Disallow the use of the development mode for the force-installed extensions. Microsoft Edge Browser sign in settings Disabled Prevent users to login to Edge using an unmanaged domain. Microsoft Edge / Native Messaging Control which native messaging hosts users can use Enabled com.smoothwall.chrome.bridge Microsoft Edge / Extensions Control which extensions are installed silently Enabled
Post Deployment Checks.
On a device with the Unified Desktop Client installed, click the Windows Start Menu, scroll to and click the Windows Administrative Tool, and then click Services. Check that the services are running
- Ensure that the "Smoothwall Unified Desktop Client" is listed and has the Status of "Running" with a Startup Type of "Automatic".
- Also, ensure that the Smoothwall logo icon shows in the top right-hand side of the browser, which shows that the extension has been installed.
- For Cloud Filter, you should then try a website that you know that should be blocked by your policies. However, it takes a couple of minutes for the policies to update and 15 minutes from when you add a new policy to update. Therefore, you should test an existing policy.