Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Pushing Symantec Endpoint Protection 11 via AD

Posted on 2010-11-08
7
Medium Priority
?
1,251 Views
Last Modified: 2013-12-09
Hi!

I know about deploying it via the console and via Migration and deployment wizard.
I need to use Active Directory instead to deploy it, as not all the clients show up in those 2 methods.

I was thinking of something like Login Script. I have the client as one .exe file that is shared, and everybody has access rights to it.

Clients are both XP and Win7 , they have Symantic AV 10 or 11 (for those I succeeded to install with Wizard or Console).

Thanks in advance


0
Comment
Question by:IT-Gang
  • 4
  • 2
7 Comments
 

Author Comment

by:IT-Gang
ID: 34084755
AD is 2003
0
 
LVL 23

Accepted Solution

by:
Stelian Stan earned 1600 total points
ID: 34085571
Here is a quick guide:

1. Create Client Install Settings
         Go to Admin - Install Packages.
         Create a new Client Install Setting.
         Set it to Silent Install.
2. If you do not have one create a distribution share or a folder in your existing share for Symantec Endpoint Protection.
3. Export Install Package
         From Admin - Install Packages export Client Install.
         Set Export folder to you distribution share.
         Select your Client Install Setting and Feature Settings.
         Uncheck Create Single EXE to get MSI. Also Set the correct Group.
         Click OK.
   4. Create GPO (remember to create it on a test OU first and then move it)
         Create a new GPO
         Go to Computer Configuration - Software Settings - Software Installation.
         Create New Package.
         Browse to the MSI and click open.
         Select Assigned and click OK.
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 34085676
To create the Group Policy to deploy Symantec EndPoint Workstation install.  
a.      In the Group Policy Object Editor window, in the console tree, display and enable the following settings:
¦ Computer Configuration > Administrative Templates > System > Logon > Always wait for the network at computer startup and logon
¦ Computer Configuration > Administrative Templates > System > Group Policy > Software Installation policy processing
¦ User Configuration > Administrative Templates > Windows Components > Windows Installer > Always Install with elevated privileges
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 400 total points
ID: 34089073
0
 

Author Comment

by:IT-Gang
ID: 34119989
Thanks for your answers.

I'm trying Clonyxlro suggestion, but then I ran into the problem mentioned here, looks like a risky solution they are suggesting there, but I will consider it. ( http://www.experts-exchange.com/OS/Miscellaneous/Q_21998415.html

Then I checked SSharma login script, it looks great, but I have some issue here. the users have the old Sav 10 installed, would this affect anything when checking if it is installed already?

Thanks
0
 

Author Closing Comment

by:IT-Gang
ID: 34171054
Great answers
0
 

Author Comment

by:IT-Gang
ID: 34171071
Thanks for the answers.
Group policy was the best way to use. I have some corrupted group policy , but in other domains it went so smooth.

Script is great too, the only issue I faced was that computers auto-restart after installation without a warning, hope we can add some line to prevent that.
Another line should be added to check in C:\Program Files (x86)   folder for those who have x64 systems, and used the 32 bit version.

Thanks guys
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question