Shared folder from which EPPatch.msi should be deployed.
ORCA tool installed in order to create a Windows Installer Transform (*.MST) file. ORCA tool is part of the Windows SDK Components for Windows Installer Developers (Install the “MSI Tools” from the SDK).
Creating MST installer file
Open ORCA tool.
Pull the ‘EPPatcher.msi’ file to the ORCA tool.
Select New Transform from the Transform menu.
In Tables column, select Property.
On the right panel, populate UNINST_PASSWORD property value with the Endpoint uninstall password of your organization.
After applying the change, select Generate Transform from the Transform menu. You will then be required to save the change as an .MST file.
Deploying EPPatch.msi via GPO
Copy both ‘EPPatch.msi’ & .MST files to the same location on the shared folder.
On the Domain Controller, open Group Policy Management.
Create a GPO for the desired group.
Right-click on the newly created GPO and select Edit…
In the new window, under Computer Configuration, expand Policies → Software Settings.
Right-click on Software installation → New → Package…
In the opened browser windows, select the EPPatch.msi file from the shared folder, then Open. NOTE: It is essential that you use the UNC path of the shared folder.
In Deploy Software window, select Advanced, then Ok.
In EPPatch Properties window, select the Modifications tab.
Select the MST file, then click Open.
The GPO is ready. For the GPO to take effect, client machines should be rebooted.
How to make sure that EPPatch.msi was successfully installed
In “C:\Windows\System32\drivers” you should see two files:
epklib.bad - This is the old epklib file that was replaced by EPPatch.
epklib.sys - This is the new file. If you right-click on it, then select Properties → Details tab. File version should be 126.96.36.19953.
In “C:\Windows\Internet Logs\EP_CDTDll.log” you should see this line, indicating a successful patch installation: “File 'C:\Windows\System32\drivers\epklib.sys' dumped successfully”