Installing Symantec through Active Directory Group Policy

Thanks Binayak Really I needed this.

We shal test this. Give you feedback after. Thanks.

I would like to try something like this on KIX, or find a way you can check if the OS is not a server. I was logged on and only applied this script to a group I put myself into.

I tested on a computer that did not have SEP and it worked fine. During the time I was testing this, I got a phone call to check an issue, I logged on to a server, remotely, and even though SEP is installed (on the D drive) it launched the installation I setup for the C drive on that server.

I guess I could have added an extra line to check for this location too:

IF EXIST "D:\Program Files\Symantec\Symantec Endpoint Protection" GOTO END

All our servers get the Programs installedo on the D Drive, so that needs to change from
IF EXIST "C:\Program Files\Symantec\Symantec Endpoint Protection" GOTO END

Since the IF-THEN-ELSE statement is only looking for the default path of SEP (for clean installs only), another statement needs to be added to check for SEP on a location that the good old Symantec Antivirus was installed too. This is because if you performed an upgrade from (let's say SAV 10.x.x.x), then the path would be like:

IF EXIST "C:\Program Files\Symantec Antivirus" GOTO END 

Wouldn't it be better to check for a registry value, running process, or a combination of both? If checking for a registry value and the installation started but did not complete you might have the key there and it would be skipped. 

Any thoughts??
 

I have an environment where help desk personnel are lacking a check list and not installing the security software after they re-image a computer or bring a new one online.

Any help will be greatly appreciated.
 

you can use "SMS" server;

you can deploy packages through advertisements and even get reports for all completed workstation

deployment can be scheduled at any time;

moreover SMS is integrated with AD.