Endpoint Protection

 View Only

Installing Symantec through Active Directory Group Policy 

Apr 21, 2009 12:07 AM

Copy the contents of the following folder

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\<your own group id here>\full

to a network share ex. \\someserver\sep that every user has read/execute access to

Then create a Group Policy Object to run the following script (.bat file) at login/startup (this can also be used with landesk and psexec):


  1. IF EXIST "c:\Program Files\Symantec\Symantec Endpoint Protection" GOTO END
  2. NET USE Z: \\someserver\sep /PERSISTENT:NO
  3. z:\setup.exe /s /v"/qn"
  4. NET USE Z: /DELETE
  5. :END
     

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Oct 28, 2013 01:26 AM

I like this script. I'll test whenever i can. Thanks

May 28, 2009 06:44 AM

have you tested it; awaiting your reply and observation

May 21, 2009 10:57 AM

you can use "SMS" server;

you can deploy packages through advertisements and even get reports for all completed workstation

deployment can be scheduled at any time;

moreover SMS is integrated with AD.

May 20, 2009 11:02 PM

I would like to try something like this on KIX, or find a way you can check if the OS is not a server. I was logged on and only applied this script to a group I put myself into.

I tested on a computer that did not have SEP and it worked fine. During the time I was testing this, I got a phone call to check an issue, I logged on to a server, remotely, and even though SEP is installed (on the D drive) it launched the installation I setup for the C drive on that server.

I guess I could have added an extra line to check for this location too:

IF EXIST "D:\Program Files\Symantec\Symantec Endpoint Protection" GOTO END

All our servers get the Programs installedo on the D Drive, so that needs to change from
IF EXIST "C:\Program Files\Symantec\Symantec Endpoint Protection" GOTO END

Since the IF-THEN-ELSE statement is only looking for the default path of SEP (for clean installs only), another statement needs to be added to check for SEP on a location that the good old Symantec Antivirus was installed too. This is because if you performed an upgrade from (let's say SAV 10.x.x.x), then the path would be like:

IF EXIST "C:\Program Files\Symantec Antivirus" GOTO END 



Wouldn't it be better to check for a registry value, running process, or a combination of both? If checking for a registry value and the installation started but did not complete you might have the key there and it would be skipped. 

Any thoughts??
 

I have an environment where help desk personnel are lacking a check list and not installing the security software after they re-image a computer or bring a new one online.

Any help will be greatly appreciated.
 

Apr 24, 2009 09:42 PM

We shal test this. Give you feedback after. Thanks.

Apr 23, 2009 05:53 AM

Thanks Binayak Really I needed this.

Related Entries and Links

No Related Resource entered.