FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
ck_FTNT
Staff
Staff
Article Id 197756
Description
This article explains how to use Group Policy to install FortiClient.

Scope
This article makes use of .MSI and .MST files.

Generic .MSI and .MST FortiClient files can be found on support.fortinet.com > Download > Firmware Images > FortiClient > Download > /Windows/v6.00/6.0/6.0.4/FortiClientSetup_6.0.4.0182_x64.zip or FortiClientSetup_6.0.4.0182.zip. Adjust version as desired.

Customized .MSI and .MST files must be generated through the FortiClient Configurator tool. More information on how to access use the configurator tool is detailed here: https://docs.fortinet.com/document/forticlient/6.0.2/configurator-tool

Solution
  1. Open the group policy object editor. 
  2. Expand Computer Configuration > Software Settings. 
  3. From the Right-Click menu, select Software Installation > New > Package... 
  4. Point to the FortiClient.msi file. 
    • Note: It is very important that the path to both the FortiClient MSI and MST file not be local or through a network drive. Rather, the path should be through a network share accessible from everywhere in your network and to which everyone has at least Read permissions on. 
  5. Under Deployment Method, choose Advanced. If you choose another option, you won't be able to apply the MST file you created. 
  6. Add a name for the package for easy identification (e.g. FortiClient 64bit). 
  7. For 32 bit MSI only: In the Deployment tab, click Advanced, uncheck the option “Make this 32-bit x86 application available to Win64 machines”, and click OK.
    • This prevents the 32 bit MSI from being installed on 64 bit machines.
  8.  Switch to the Modifications tab and click Add. 
  9. Point to the correlating MST file. It is very important to use a UNC to the file (to the network share), rather than a local/network drive path.

Contributors