Solved

how to disable windows defender via logon script

Posted on 2014-03-10
19
2,016 Views
Last Modified: 2014-03-16
Since we are running 2003 Forest/Domain there are no GPO options to disable Windows Defender (that I am aware of).

Is there a method via logon script to disable Windows Defender in Win 7 ?
0
Comment
Question by:jtd1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +4
19 Comments
 
LVL 35

Expert Comment

by:Kimputer
ID: 39919310
Instead of disabling it, here's how to stop it:

add a batch file for the computer startup script:

net stop WinDefend
0
 
LVL 24

Expert Comment

by:DMTechGrooup
ID: 39919327
Create a GPO for logon to apply a registry setting.. then disable it from there.. just a GPO work around.


http://support.microsoft.com/kb/927367

https://blogs.technet.com/b/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx
0
 
LVL 8

Expert Comment

by:N-W
ID: 39919328
There's no point it only stopping the service, it will turn itself back on automatically.

You need to stop and disable the service:
sc config WinDefend start= disabled
net stop WinDefend

Open in new window

0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 39919402
Are you using a 3rd party anti0virus? you can always uninstall windows defender. I can't see a reason for having it installed if you don't want to use it.
0
 

Author Comment

by:jtd1
ID: 39919459
I thought there was a secondary service that also had to be stopped at the same time ?
0
 
LVL 7

Expert Comment

by:Sivaraj E
ID: 39919492
It can be done in the software itself, Open the defender and click tools and then option and the administrator and un-tick the use this program and save it.

Then disable the service through services.msc.

http://www.howtogeek.com/howto/15788/how-to-uninstall-disable-and-remove-windows-defender.-also-how-turn-it-off/

Regards, Shiva
0
 
LVL 8

Expert Comment

by:N-W
ID: 39919509
For Windows 7, there is only one service "Windows Defender" (WinDefend).
0
 

Author Comment

by:jtd1
ID: 39919526
I have added the following to the login script and will see how it goes:

sc config WinDefend start= disabled
net stop WinDefend

Thanks everyone for your feedback
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39919740
The logon script cannot be used to change system wide settings. The startup script needs to be used instead. But what's better: install RSAT on your administrative workstation to manage the GPOs from remote, then you will have access to all the windows defender policies.
0
 

Author Comment

by:jtd1
ID: 39920944
There are no DEFENDER GPO attributes in a 2003 FOREST/DOMAIN so using GPO settings directly is not possible.  

Adding

sc config WinDefend start= disabled
net stop WinDefend

to the logon script does not work since it requires elevated privileges.

When you say startup script, are you referring to GPO startup scripts ?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39921504
You don't understand... please install RSAT on your administrative workstation. RSAT enables even 2003 server to set GPOs for defender.

GPO startup script, yes.
0
 

Author Comment

by:jtd1
ID: 39921751
RSAT is installed, how do I go about getting access to Defender attributes for the domain ?
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 39924205
You start GPMC on the RSAT machine, connect to your DC and open a new Policy. The policy will now Display windows defender sections.
0
 

Author Comment

by:jtd1
ID: 39924521
So I am just setting the one option TURN OFF WINDOWS DEFENDER (set to ENABLE) in the following:

COMPUTER CONFIGURATION\POLICIES\ADMINISTRATIVE TEMPLATES\WINDOWS COMPONENTS\WINDOWS DEFENDER

Then applying that policy to the OU of my choice and that's it ???
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39924529
Right, that's it. The OU with computer objects in it will stop using windows defender after the next GPO client refresh (try at the client side with gpupdate /force or a restart to speed it up).
0
 

Author Comment

by:jtd1
ID: 39924623
Will do.  One last note:

When I did the above, if I go into one of the DC's and look at GROUP POLICY's from that 2003 server, I see the applied policy but it does not show the DEFENDER policy options.  It did show it when I created it from a WIN 7 RSAT machine but not when viewing on the 2003 server.  Normal and expected behavior ?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39924631
Yes, normal and expected. The server has no templates to interpret the syntax of the policy files. But your RSAT client has, that's how he could set those settings.
And the domain clients don't care if the DC does not "understand" the policies it hosts :)
0
 

Author Comment

by:jtd1
ID: 39924657
So the policies are in place but the 2003 DC's have no real way to see/edit them ?

Basically you are saying the newer client OS's can still benefit from newer policies even though the older 2003 DC's can't read or edit them ?

I have implemented and will test tomorrow.  Thanks for the help !
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39924681
True.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question