Video Screencast Help

AD Sync'ing and Client Deployment

Created: 09 Mar 2012 • Updated: 30 Apr 2012 | 8 comments
This issue has been solved. See solution.

Hi,

We are currently migrating from McAfee EPO to SEP. So far I have it installed in a test area and working(ish). My biggest query is about deploying the packages. Basically the is a few hundred clients on our site, so I'm looking ofr the easiest way to deploy to these once we have removed McAfee. As far as I can tell there are no RSD's like McAfee, so its more of a mnual based depoyment. If I sync an OU in SEP, it pulls in the computers fine, what I'm wanting to know is this, is there a way to deploy the software to these sync'ed machines without using the Deployment and Migration Wizard, or without using GPO MSI installs? In McAfee you could set it up to automatically deploy the software once the OU is sync'ed, is this possible with SEP? If so, how?

I'm assuming once sync'ed I can use the find unmanaged machines option and deploy that way, but would much prefer an automated way if possible...

 

Thanks in advance

 

Andrew

Comments 8 CommentsJump to latest comment

Ajit Jha's picture

 

You can sync with Ad but to install you need to go for Symantec Remote Deployement Wizard, or Use Group Policy to install Symantec Client MSI.

I can assure you there will not be a problem as i have deployed it for more than 15000 clients network.

 Install the Symantec Endpoint Protection clients

  1. Prepare for client deployment: Configure firewalls and communication ports on your servers and workstations, and otherwise prepare operating systems for remote deployment and management of Endpoint Protection clients.

    You may deploy clients via a weblink and email, remote push, or save a package for later local installation or deployment using third-party tools. Only the remote push is described here, in the following steps:
     

  2. In the Symantec Endpoint Protection Manager console, click the Home tab at left.
     
  3. On the Home page, in the Common Tasks menu at upper-right, select Install protection client to computers. The Client Deployment wizard starts.
     
  4. In the Welcome to the Client Deployment Wizard pane, choose "New Package Deployment" and click Next.
     
  5. Select the client version, the feature set, the client group and content options, and then click Next.
     
  6. Click Remote Push, and then click Next.
     
  7. Locate the computers to receive the client software, and then click >> to add the computers to the list. To browse the network for computers, click Browse Network. To find computers by IP address or computer name, click Search Network, and then clickFind Computers. Authenticate with the domain or workgroup if prompted. Note: You can set a timeout value to constrain the amount of time the server applies to a search. Click Next.
     
  8. Click Send to push the client software to the selected computers. Wait while the client software is pushed to the selected computers.
     
  9. Click Finish. This means that the Manager's work is done, but the installation has started on the client and is most likely still running on the client computers. The installation takes several minutes to complete. Depending on the client restart settings of the deployed client, you or the computer users may need to restart the client computers.
     
  10. Confirm the status of the deployed clients in the Clients page of the Manager console.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

pete_4u2002's picture

it pulls in the computers fine, what I'm wanting to know is this, is there a way to deploy the software to these sync'ed machines without using the Deployment and Migration Wizard, or without using GPO MSI installs? 

i do not think of option. you can use altiris deployment tool for installing SEP

Mithun Sanghavi's picture

Hello,

Here are few Articles which may help you with Installation - 

Installing client software using third-party tools

http://www.symantec.com/docs/HOWTO55338

About installing clients with Microsoft SMS 2003

http://www.symantec.com/docs/HOWTO26774

Installing clients with Microsoft SMS 2003

http://www.symantec.com/docs/HOWTO55425

A Thread with a Similar Issue. 

https://www-secure.symantec.com/connect/forums/installing-endpoint-protection-microsoft-sms-2003

 

In addition to this - 

When Installing Symantec Endpoint Protection 11 by Active Directory Group Policy Object, Which Method of Deployment is Supported?

http://www.symantec.com/docs/TECH91330

About installing clients with Active Directory Group Policy Object

http://www.symantec.com/docs/HOWTO26773

Creating a GPO software distribution

http://www.symantec.com/docs/HOWTO55429

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

andrewparkes's picture

Hi,

 

I click the home page, i do not see a common tasks option! What am i doing wrong?

Mithun Sanghavi's picture

Hello,

It seems steps provided by Ajit are for SEP 12.1

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

andrewparkes's picture

Ahhh that explains it then, anything similar for SEP v11?

Mithun Sanghavi's picture

Hello,

Check these Article which may help you  - 

Top 10 Symantec Best Practices - Deploying Symantec Endpoint Protection Architecture

http://www.symantec.com/docs/TECH92051

Installing client software using third-party tools

http://www.symantec.com/docs/HOWTO55338

Using the Push Deployment Wizard

http://www.symantec.com/docs/TECH123547

Installing and deploying SEP software with Altiris

http://www.symantec.com/docs/TECH91079

 

Hope these helps!!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
SMLatCST's picture

Mithun's last post in particular.

As it stands, if you don't want to use the SEPM's Deployment and Migration Wizard, nor the GPO method, then you're probably looking at using Altiris and the SEP Integration Component.

http://www.symantec.com/business/support/index?page=landing&key=56176

This will allow you to automatically discover and install SEP to computers on your network and/or domain.  In additiona to this, the SEP Integration Component is also able to auto-magically remove McAfee before installing SEP as part of the same process, minimising the time your endpoints sit there without AV.

The only downside is that you need to setup a (temporary) Altiris server to do this.  It's not a native part of the SEPM install.  Then there's the fun in going learning to use it, which can be take a little while.  It also uses its own separate agent to manage the SEP installation on your endpoints.

The tool itself is great for ensuring automated coverage across your managed devices, just make sure you have the time to get your head around Altiris first if you're not already familiar with it.