Solved

Install Windows Defender via Active Directory

Posted on 2006-07-21
13
334 Views
Last Modified: 2007-12-19
Hello.


My question today would be help with installing Windows Defender by way of Active Directory from a Windows 2003 server.  What is the best way to do this? The correct answer will have instructions please.


Thank You.
0
Comment
Question by:a1doors1
  • 8
  • 5
13 Comments
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
ID: 17155605
You have to do it via GPO.

First place the MSI on a share somewhere that everyone has access to.
Create a GPO and apply it to the OU that contains the computers you want to install it to.  You can apply the GPO at the root of your domain, but all machines including servers can be subject to this GPO.  so you should probably only apply it to your workstation OU if you have one.

Edit the GPO and navigate to here:
Computer configuration\Software Settings\Software Installation
Right click Software installation and select new\Package
In the file name text box, enter the share you placed WindowsDefender.msi  This is important how this is done.  i.e. \\myserver\myshare
Click open and pick WindowsDefender.msi  
The GPO is now created.  Ensure that a UNc path is listed in the source field (i.e. \\myserver\myshare\WindowsDefender.msi)

You'll have to do a reboot on all the machines for the software to install.  GPupdate /force will not do it.

Good luck.

You'll have to reboot the target

Select Assigned and clock OK

0
 
LVL 26

Expert Comment

by:Pber
ID: 17155621
Sorry I was missing one step

Edit the GPO and navigate to here:
Computer configuration\Software Settings\Software Installation
Right click Software installation and select new\Package
In the file name text box, enter the share you placed WindowsDefender.msi  This is important how this is done.  i.e. \\myserver\myshare
Click open and pick WindowsDefender.msi  
Select Assigned for the Deployment method and click ok.
The GPO is now created.  Ensure that a UNc path is listed in the source field (i.e. \\myserver\myshare\WindowsDefender.msi)
0
 

Author Comment

by:a1doors1
ID: 17155972
Thanks for the suggestion.  I'll try this and test it on my machine and get back to you.  

Thank you.
0
 

Author Comment

by:a1doors1
ID: 17157428
I followed the instructions twice and placed my computer in a test OU and linked the GPO to the test OU.  When I restart my machine nothing happens.  I have the file on a share I have full access to in \\NTSERVER\SHARE\WindowsDefender.msi.  I have restarted more than a few times.  Why isn't this working? I have tried running this wih and w/o the enforce option checked.

Thanks again!
0
 
LVL 26

Expert Comment

by:Pber
ID: 17161936
on the machine you are trying to deploy it on do a gpresult from the command window.

You will be looking for something like this:

COMPUTER SETTINGS
------------------

    Last time Group Policy was applied: 7/22/2006 at 9:15:40 PM
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Local Group Policy
        Your software gpo   <--- this





0
 
LVL 26

Expert Comment

by:Pber
ID: 17167070
Had you had a chance to run the gpresults on the target desktop?  If so, post the results.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 

Author Comment

by:a1doors1
ID: 17169735
Pber.....here you go.  the policy was set in System Restore.  One thing I noticed is that the DC wasserv.a1door.com isn't our main server and I didn't expect to recieve policy update from it.  Is this normal, that any DC can send out GP's?



Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

D:\Documents and Settings\Chrismr>gpresult

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 7/24/2006 at 10:06:22 AM


RSOP results for A1DOOR\Chrismr on MIS7 : Logging Mode
-------------------------------------------------------

OS Type:                     Microsoft Windows XP Professional
OS Configuration:            Member Workstation
OS Version:                  5.1.2600
Domain Name:                 A1DOOR
Domain Type:                 Windows 2000
Site Name:                   Main-Office
Roaming Profile:
Local Profile:               D:\Documents and Settings\Chrismr
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=MIS7,OU=Test,DC=a1door,DC=com
    Last time Group Policy was applied: 7/24/2006 at 9:22:34 AM
    Group Policy was applied from:      wasserv.a1door.com
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        System Restore
        Default Domain Policy
        Local Group Policy

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        Debugger Users
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        MIS7$
        Domain Computers


USER SETTINGS
--------------
    CN=Chrismr,CN=Users,DC=a1door,DC=com
    Last time Group Policy was applied: 7/24/2006 at 9:06:15 AM
    Group Policy was applied from:      wasserv.a1door.com
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Admins
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
        Windows
        Commercial
        IT ADMINS
        Domain Users

D:\Documents and Settings\Chrismr>

0
 
LVL 26

Expert Comment

by:Pber
ID: 17169804
It looks like the computer is getting the policy.  As the System Restore shows up in the Computer Applied Group Policy Objects section.

When you look at the Software Installation section of the GPO, does the source field show a UNC path to the MSI file?  

Are you using the GPMC to create the GPO?  If so what is your security filtering set to?
0
 

Author Comment

by:a1doors1
ID: 17170178
The UNC path is there like is should be.  I am using the GPMC to create the  GPO.  How do I check the security filtering?


0
 
LVL 26

Expert Comment

by:Pber
ID: 17170396
Load the GPMC an select your System Restore GPO.  On the right hand side, make sure the Scope TAB is selected.  Security filtering shows up below the links section.  By default Authenticated Users should be in there.  A computer account would be classified as an authenticated user, but you can add Domain Computers.

Do you have any Event log entries in the target PC.  They probably will show up in the Application event log as Application Management.  You should see a description of something like:  "The assignement of the application Windows Defender from policy System Restore suceeded."

0
 
LVL 26

Expert Comment

by:Pber
ID: 17170407
Also it's good to have one GPO/software install.

So try creating a new GPO with only the Computer software install and assign to the OU containing the computers.  This allows troubleshooting to be easier...
0
 

Author Comment

by:a1doors1
ID: 17170532
P,

Hey, I tried another users machine and it worked the first time on that one.  This PC belongs to a regular user.  The first test machine belonged to me, which still didn't work.  Maybe it was because I had Windows Defender installed initially and then uninstalled it and then tired it? How are the isntalled affected when the users already has the software and or has had it on at one point then uninstalls it.  How does it work in these cases?



Thanks for the help.  You get kudos and points!
0
 
LVL 26

Expert Comment

by:Pber
ID: 17171076
Glad to see you got it going.  Normally if it encounters the software already installed it should ignore it.  
There might have been something corrupted.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now