Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 61
  • Last Modified:

Symantec enterprise client

Can I push client through the GPO. If yes, how. Whats the best way. We are planning for endpoint security and will have 200 endpoints including mac and windows servers.
0
abcd ab01
Asked:
abcd ab01
  • 3
  • 2
1 Solution
 
MacleanSystem EngineerCommented:
Yes you can. There highly likely is an article available for this on Symantec.com, but here is what I did.

-Create a share with read access for users.
-Drop your endpoint installer's (1 for 64 bit, 1 for 32 bit) into the share post exporting it from the management console.
I suggest either renaming the exported Setup.exe to setup32.exe & setup64.exe respectively, unless you prefer to create a subfolder for 32 & 64 bit installer, which is what I will do in this example. (Make sure you update installers from time to time, as the console is upgraded in future releases)
-Create a new text file, and add the below info to it

@echo off
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection"
if %errorlevel%==1 (goto Install) else (goto End)
REM If errorlevel returns a value of 1, it means the key is not present, thus the program is not installed.  So install it.

:Install
ECHO - Install Required
EventCreate /l Application /so SYMANTECPUSH /t Information /id 1000 /d "Symantec Push script is starting installation"
REM Check OS edition
IF defined ProgramFiles(x86) (
   ECHO - 64bit OS Detected
   "\\servername\sharename\64Bit\setup.exe"
) ELSE (
   ECHO - 32bit OS Detected
   "\\servername\sharename\32Bit\setup.exe"
)

:End
ECHO - Finished
EventCreate /l Application /so SYMANTECPUSH /t Information /id 1000 /d "Symantec Push script has completed"

Open in new window


-Save the textfile as "SymantecPush.cmd" (Note, you need to rename the \\servername\sharename\ to your servers name, and the share where you stored the installers)
-Go to group policy manager, and create a GPO named for example "Symantec Endpoint Push"
In the GPO go to

Computer Configuration>>Policies>>Windows Settings>>Scripts>>Startup

-Under Startup, point to the SymantecPush.cmd file which is located on your installer share or other preferred location where you saved it (Use UNC paths) and finish configuring the GPO.
-Now apply the GPO to the computers OU for the client, and Bob's your uncle.
0
 
abcd ab01Author Commented:
wow!! amazing!! you are the best!!
0
 
abcd ab01Author Commented:
very detailed and good instructions
0
 
MacleanSystem EngineerCommented:
Happy to help.
Might be an idea to drop it to a test OU first with a single PC in it, make sure AD replicated settings, then reboot that PC and grab a coffee.

By the time you are back, the AV should be there unless it bumped into issues or it is an antique PC, proving it is ok to deploy company wide. (I am pretty sure it is fine as is, but never take a strangers word for it, take precautions)
If you need to remove alternative AV first, I might have a script for that too depending on vendor.
Also do note, this did not cover pushing it to a Mac. This is covered here

Good luck.
0
 
abcd ab01Author Commented:
great, I will contact you again if I need your help!! fantastic!!
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now