Deploying CyberFOX DNS Filtering Using Group Policy (GPO)

Learn how to effectively deploy the CyberFOX DNS Filtering using Group Policy (GPO)

Updated at February 27th, 2026

+ More

Table of Contents

Overview Deployment Method Summary Prerequisites Step 1: Prepare the PowerShell Script Step 2: Copy the Script to SYSVOL Step 3: Create or Edit a GPO Step 4: Configure the Startup Script Script Configuration Step 5: (Optional) Enable Synchronous Startup Step 6: Apply and Test the Policy Force Policy Update (Optional) Reboot the Device Verifying Successful Installation ✅ Service Check ✅ Installer Log ✅ GPO Processing Script Behavior in GPO Context Common Troubleshooting Script Did Not Run Installer Download Failed Service Not Running Best Practices Summary

Overview

This article explains how to deploy the CyberFOX DNS Filtering PowerShell installation script to Windows domain‑joined computers using Group Policy (GPO).

Using GPO allows you to:

Automatically install CyberFOX DNS Filtering on all or selected domain computers
Perform the install silently at startup
Ensure consistent deployment without user interaction

This method is ideal for environments that:

Use on‑prem Active Directory
Want installation to occur before user login
Prefer computer‑based deployment rather than per‑user installs

Deployment Method Summary

The recommended GPO deployment method is:

Computer Startup Script
Executed as Local System
Runs once per device (or re‑runs safely if already installed)

Prerequisites

Before deploying, ensure the following:

✅ Active Directory domain environment
✅ Group Policy Management Console (GPMC)
✅ Windows PowerShell 5.1 or later on target machines
✅ A valid CyberFOX Company ID
✅ Network access to:
```
https://cdn.passwordboss.com
```

Step 1: Prepare the PowerShell Script

Open the CyberFOX DNS Filtering PowerShell script in a text editor.
Set your Company ID:

PowerShell

$CompanyID = "YOUR_COMPANY_ID_HERE"

(Optional) Leave debugging enabled during initial rollout:

PowerShell

$DebugPrintEnabled = 1

Save the script as:

DNS_Deploy.ps1

Step 2: Copy the Script to SYSVOL

On a domain controller, open:

```
\\<DOMAIN>\SYSVOL\<DOMAIN>\scripts
```

Copy DNS_Deploy.ps1 into this directory.

✅ Storing the script in SYSVOL ensures all domain computers can access it.

Step 3: Create or Edit a GPO

Open Group Policy Management.
Right‑click the OU containing the computer accounts you want to target.

Select:

Create a GPO in this domain, and Link it here…

Name the GPO:
```
CyberFOX DNS Filtering Deployment
```

Step 4: Configure the Startup Script

Right‑click the new GPO and select Edit.

Navigate to:

Computer Configuration
  └ Policies
    └ Windows Settings
      └ Scripts (Startup/Shutdown)
        └ Startup

Click Startup, then Add.

Script Configuration

Script Name:

```
powershell.exe
```

Script Parameters:

-ExecutionPolicy Bypass -NoProfile -File "\\<DOMAIN>\SYSVOL\<DOMAIN>\scripts\DNS_Deploy.ps1"

✅ This ensures PowerShell runs even if execution policy is restricted.

Step 5: (Optional) Enable Synchronous Startup

To ensure reliable execution, enable synchronous startup:

In the same GPO, go to:

Computer Configuration
  └ Policies
    └ Administrative Templates
      └ System
        └ Scripts

Enable:

```
Run startup scripts synchronously
```

✅ This ensures the script completes before Windows finishes booting.

Step 6: Apply and Test the Policy

Force Policy Update (Optional)

On a test machine:

BAT

gpupdate /force

Reboot the Device

The script runs at startup, so a reboot is required.

Verifying Successful Installation

After reboot, confirm installation using one or more of the following:

✅ Service Check

Verify the service exists and is running:

CyberFOX DNS over HTTPS Service

✅ Installer Log

Check the Windows TEMP directory:

C:\{USERDIR}\Temp\DNSFilterInstall.log_<timestamp>.txt

✅ GPO Processing

Run:

BAT

gpresult /r

Confirm the CyberFOX DNS Filtering Deployment GPO was applied.

Script Behavior in GPO Context

Runs as Local System
Installs silently (no prompts or reboots)
Verifies the service reaches a Running state
Automatically cleans up temporary installer files
Safe to re‑run if the GPO reapplies

Common Troubleshooting

Script Did Not Run

Ensure the GPO is linked to the correct OU containing computer objects
Confirm the machine rebooted after policy application
Verify the script path in SYSVOL is correct

Installer Download Failed

Confirm the device can reach the CyberFOX CDN
Check proxy or firewall rules
Review the installer log file

Service Not Running

Allow additional startup time on slow systems
Confirm endpoint protection software is not blocking the service

Best Practices

✅ Test on a small OU before full rollout
✅ Leave debug logging enabled during initial deployment
✅ Use separate GPOs for staging vs production
✅ Combine with security filtering if needed

Summary

Deploying CyberFOX DNS Filtering via Group Policy provides a reliable, automated, and scalable installation method for domain‑joined Windows devices. The provided PowerShell script is designed to run safely in a GPO startup context and includes verification, logging, and cleanup.

dns gpo cyberfox dns filter cyberfox dns deployment cyberfox dns gpo dns filter group policy dns filter powershell script cyberfox dns installation gpo startup script powershell gpo deployment windows dns filtering active directory dns deployment sysvol powershell script silent dns filter install automated dns security endpoint dns protection cyberfox dns over https service windows startup powershell enterprise dns filtering msp dns deployment domain computer startup script powershell executionpolicy bypass windows security filtering gpo software deployment dns filter service verification installer log troubleshooting zero‑touch dns deployment

Contact Us