DISCLAIMER: These instructions are only for the purpose of guidance when installing the Smoothwall Unified Desktop Client and attending Cloud Filter browser extensions with a Windows Group Policy Object. Please consult Microsoft documentation on the exact procedure and best practice when setting up Domain policies.
In order to fully deploy Smoothwall Cloud Filter on a domain-joined Windows 10 device, a number of steps need to be taken to ensure the Cloud Filter client is licensed correctly and pushed to the browsers. The short-hand deployment path is:
- Create and push registry keys for the license and tenant code where required.
- Push the Unified Desktop Client software for installation to the devices.
- Push the Cloud Filter extension to Chrome and/or Chromium Edge and lock down those browsers.
NOTE: Cloud Filter and the Unified Desktop Client does not support 32-bit machines.
- C:\Program Files\Smoothwall
- C:\Program Files\Smoothwall\Unified Desktop Client\SWEngine.exe
- C:\Program Files\Smoothwall\Unified Desktop Client\bin\SWBrowserBridge.exe
NOTE: Please follow these steps in the order given.
1. Create a group policy object to deploy the required registry keys:
- On your, Domain Controller open the Group Policy Management Console and create a new GPO named 'Unified Client Provisioning' or similar in the relevant OU - you may wish to only target specific machines for this change so steps should be taken to segregate them within the domain and apply the policy only to them.
- Edit the GPO and expand the tree under Computer (or User) Configuration -> Preferences -> Windows Settings -> Registry. Right-click Registry and select New > Registry Item.
- Create the following registry keys:
- PATH: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Smoothwall\UnifiedClient\
- KEY1 - NAME: SerialId TYPE: REG_SZ VALUE: [Your UNCL provided in onboarding email]
- KEY2 - NAME: TenantId TYPE: REG_SZ VALUE: [The Tenant GUID found in the On-Prem Smoothwall Filter & Firewall]
NOTE: KEY1 is mandatory, KEY2 may be left blank in non-multi-tenant setups. Please contact Smoothwall Support if you require verification on this point.
2. Create a group policy object to install the Unified Desktop Client:
- Go to https://software.smoothwall.com/ and download the Unified Desktop Client file Windows x64 and save the file in the network shared folder, for example, \\MACHINE_NAME\Shared_Folder. This is so that the targeted device can access the file.
- Create a custom group policy object with the following name, see the Microsoft help topic, Create a custom Group Policy Object.
- Name: Unified Desktop Client
- Attach the installation file that you downloaded to the group policy object, see the Microsoft help topic, Open Group Policy Software Installation.
- Assign the application.
- Set permissions for the Group Policy Software Installation:
- Authenticated users:
- Special permissions
- Authenticated users:
NOTE: Ensure that the Provisioning policy is above the Installation policy. The Cloud Filter will not function if the relevant registry keys are not deployed.
For a multitenant organization, you can repeat these steps for each tenant/domain.
3. Force the Cloud Filter Extension in Chrome and/or ChromiumEdge:
- Acquire the Chrome and Edge ADMX templates from the following hotlinks and import them to your Domain. Please see Microsoft documentation on achieving this.
- Configure the Chrome and Edge GPOs as follows:
Google Chrome Path Name Status Details Google / Google Chrome Incognito mode availability Disabled Disallow the use of the incognito mode. Google / Google Chrome Control where Developer Tools can be used Disabled Disallow the use of the development mode for the force-installed extensions. Google / Google Chrome Browser sign in settings Disabled Prevent users to login to Chrome using an unmanaged domain. Google / Google Chrome / Deprecated policies Enable Incognito mode Disable Deprecated policies also need to be set. Google / Google Chrome / Deprecated policies Disable Developer Tools Enabled Deprecated policies also need to be set. Google / Google Chrome / Deprecated policies Allow sign in to Google Chrome Disabled Deprecated policies also need to be set. Google / Google Chrome / Native Messaging Configure native messaging whitelist Enabled com.smoothwall.chrome.bridge Google / Google Chrome / Extensions Configure the list of force-installed apps and extensions Enabled
Microsoft Edge Path Name Status Value Microsoft Edge Enable guest mode Disabled Disallow the use of the incognito /guest mode. Microsoft Edge Control where Developer Tools can be used Disabled Disallow the use of the development mode for the force-installed extensions. Microsoft Edge Browser sign in settings Disabled Prevent users to login to Chrome using an unmanaged domain. Microsoft Edge / Native Messaging Control which native messaging hosts users can use Enabled com.smoothwall.chrome.bridge Microsoft Edge / Extensions Control which extensions are installed silently Enabled
Post Deployment Checks.
On a device with the Unified Desktop Client installed, click the Windows Start Menu, scroll to and click the Windows Administrative Tool, and then click Services. Check that the services are running
- Ensure that the "Smoothwall Unified Desktop Client" is listed and has the Status of "Running" with a Startup Type of "Automatic".
- Also, ensure that the Smoothwall logo icon shows in the top right-hand side of the browser, which shows that the extension has been installed.
- For Cloud Filter, you should then try a website that you know that should be blocked by your policies. However, it takes a couple of minutes for the policies to update and 15 minutes from when you add a new policy to update. Therefore, you should test an existing policy.