• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 359
  • Last Modified:

Install Windows Defender via Active Directory

Hello.


My question today would be help with installing Windows Defender by way of Active Directory from a Windows 2003 server.  What is the best way to do this? The correct answer will have instructions please.


Thank You.
0
a1doors1
Asked:
a1doors1
  • 8
  • 5
1 Solution
 
PberSolutions ArchitectCommented:
You have to do it via GPO.

First place the MSI on a share somewhere that everyone has access to.
Create a GPO and apply it to the OU that contains the computers you want to install it to.  You can apply the GPO at the root of your domain, but all machines including servers can be subject to this GPO.  so you should probably only apply it to your workstation OU if you have one.

Edit the GPO and navigate to here:
Computer configuration\Software Settings\Software Installation
Right click Software installation and select new\Package
In the file name text box, enter the share you placed WindowsDefender.msi  This is important how this is done.  i.e. \\myserver\myshare
Click open and pick WindowsDefender.msi  
The GPO is now created.  Ensure that a UNc path is listed in the source field (i.e. \\myserver\myshare\WindowsDefender.msi)

You'll have to do a reboot on all the machines for the software to install.  GPupdate /force will not do it.

Good luck.

You'll have to reboot the target

Select Assigned and clock OK

0
 
PberSolutions ArchitectCommented:
Sorry I was missing one step

Edit the GPO and navigate to here:
Computer configuration\Software Settings\Software Installation
Right click Software installation and select new\Package
In the file name text box, enter the share you placed WindowsDefender.msi  This is important how this is done.  i.e. \\myserver\myshare
Click open and pick WindowsDefender.msi  
Select Assigned for the Deployment method and click ok.
The GPO is now created.  Ensure that a UNc path is listed in the source field (i.e. \\myserver\myshare\WindowsDefender.msi)
0
 
a1doors1Author Commented:
Thanks for the suggestion.  I'll try this and test it on my machine and get back to you.  

Thank you.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
a1doors1Author Commented:
I followed the instructions twice and placed my computer in a test OU and linked the GPO to the test OU.  When I restart my machine nothing happens.  I have the file on a share I have full access to in \\NTSERVER\SHARE\WindowsDefender.msi.  I have restarted more than a few times.  Why isn't this working? I have tried running this wih and w/o the enforce option checked.

Thanks again!
0
 
PberSolutions ArchitectCommented:
on the machine you are trying to deploy it on do a gpresult from the command window.

You will be looking for something like this:

COMPUTER SETTINGS
------------------

    Last time Group Policy was applied: 7/22/2006 at 9:15:40 PM
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Local Group Policy
        Your software gpo   <--- this





0
 
PberSolutions ArchitectCommented:
Had you had a chance to run the gpresults on the target desktop?  If so, post the results.
0
 
a1doors1Author Commented:
Pber.....here you go.  the policy was set in System Restore.  One thing I noticed is that the DC wasserv.a1door.com isn't our main server and I didn't expect to recieve policy update from it.  Is this normal, that any DC can send out GP's?



Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

D:\Documents and Settings\Chrismr>gpresult

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 7/24/2006 at 10:06:22 AM


RSOP results for A1DOOR\Chrismr on MIS7 : Logging Mode
-------------------------------------------------------

OS Type:                     Microsoft Windows XP Professional
OS Configuration:            Member Workstation
OS Version:                  5.1.2600
Domain Name:                 A1DOOR
Domain Type:                 Windows 2000
Site Name:                   Main-Office
Roaming Profile:
Local Profile:               D:\Documents and Settings\Chrismr
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=MIS7,OU=Test,DC=a1door,DC=com
    Last time Group Policy was applied: 7/24/2006 at 9:22:34 AM
    Group Policy was applied from:      wasserv.a1door.com
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        System Restore
        Default Domain Policy
        Local Group Policy

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        Debugger Users
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        MIS7$
        Domain Computers


USER SETTINGS
--------------
    CN=Chrismr,CN=Users,DC=a1door,DC=com
    Last time Group Policy was applied: 7/24/2006 at 9:06:15 AM
    Group Policy was applied from:      wasserv.a1door.com
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Admins
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
        Windows
        Commercial
        IT ADMINS
        Domain Users

D:\Documents and Settings\Chrismr>

0
 
PberSolutions ArchitectCommented:
It looks like the computer is getting the policy.  As the System Restore shows up in the Computer Applied Group Policy Objects section.

When you look at the Software Installation section of the GPO, does the source field show a UNC path to the MSI file?  

Are you using the GPMC to create the GPO?  If so what is your security filtering set to?
0
 
a1doors1Author Commented:
The UNC path is there like is should be.  I am using the GPMC to create the  GPO.  How do I check the security filtering?


0
 
PberSolutions ArchitectCommented:
Load the GPMC an select your System Restore GPO.  On the right hand side, make sure the Scope TAB is selected.  Security filtering shows up below the links section.  By default Authenticated Users should be in there.  A computer account would be classified as an authenticated user, but you can add Domain Computers.

Do you have any Event log entries in the target PC.  They probably will show up in the Application event log as Application Management.  You should see a description of something like:  "The assignement of the application Windows Defender from policy System Restore suceeded."

0
 
PberSolutions ArchitectCommented:
Also it's good to have one GPO/software install.

So try creating a new GPO with only the Computer software install and assign to the OU containing the computers.  This allows troubleshooting to be easier...
0
 
a1doors1Author Commented:
P,

Hey, I tried another users machine and it worked the first time on that one.  This PC belongs to a regular user.  The first test machine belonged to me, which still didn't work.  Maybe it was because I had Windows Defender installed initially and then uninstalled it and then tired it? How are the isntalled affected when the users already has the software and or has had it on at one point then uninstalls it.  How does it work in these cases?



Thanks for the help.  You get kudos and points!
0
 
PberSolutions ArchitectCommented:
Glad to see you got it going.  Normally if it encounters the software already installed it should ignore it.  
There might have been something corrupted.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 8
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now