Video Screencast Help

Automatically install Symantec Endpoint Protection if is not installed already?

Created: 24 Sep 2012 | 5 comments

Hi all,

I would like to know if there any chance to automate the procidure above,

There is any script to check Symantec existence and if not to push the software... ?

 

Thanks, Moses.

 

Comments 5 CommentsJump to latest comment

Ashish-Sharma's picture

Hi,

Any script not available you can use GPO method for installinf SEP client automatic

Which Method of Deployment is Supported?

http://www.symantec.com/docs/TECH91330

About installing clients with Active Directory Group Policy Object

http://www.symantec.com/docs/HOWTO26773

Creating a GPO software distribution

http://www.symantec.com/docs/HOWTO55429

How to Deploy Symantec Endpoint Protection to your client computers using the Migration and Deployment Wizard.

http://www.symantec.com/business/support/index?page=content&id=TECH102907

 

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

About installing clients with Active Directory Group Policy Object

You can install client software by using a Windows 2000/2003 Active Directory Group Policy Object. The procedures for installing client software with Active Directory Group Policy Object assume that you have installed this software and use Windows 2003 Active Directory.

The installation software requires that client computers contain and can run Windows Installer 3.1 or later. Computers meet this requirement if they run Windows XP with Service Pack 2 and higher, Windows Server 2003 with Service Pack 1 and higher, and Windows Vista. If client computers do not meet this requirement, all other installation methods automatically install Windows Installer 3.1 by bootstrapping it from the installation files.

For security reasons, Windows Group Policy Object does not permit bootstrapping to the executable file WindowsInstaller*.exe from the installation files. Therefore, before you install Symantec client software, you must run this file on the computers that do not contain and run Windows Installer 3.1. You can run this file with a computer startup script. If you use a GPO as an installation method, you must decide how to update the client computers that do not run Windows Installer 3.1.

The Symantec client installation uses standard Windows Installer .msi files. As a result, you can customize the client installation with .msi properties.

See About customizing installations by using .msi options.

Finally, confirm that your DNS server is set up correctly. The correct setup is required because Active Directory relies on your DNS server for computer communication. To test the setup, you can ping the Windows Active Directory computer, and then ping in the opposite direction. Use the fully qualified domain name. The use of the computer name alone does not call for a new DNS lookup. Use the following format:

ping computername.fullyqualifieddomainname.com

Table: Steps for installing the client software by using Active Directory Group Policy Object

Step

Action

Step 1

Create the administrative install image.

See Creating the administrative installation image.

Step 2

Copy Sylink.xml to the installation files.

See Copying a Sylink.xml file to the installation files.

Step 3

Stage the administrative install image.

See Staging the installation files.

Step 4

Create a GPO software distribution.

You should also test GPO installation with a small number of computers before the production deployment. If DNS is not configured properly, GPO installations can take an hour or more.

See Creating a GPO software distribution.

Step 5

Create a Windows Installer 3.1 startup script.

See Creating a Windows Installer 3.1 Startup script.

Step 6

Add computers to the organizational unit.

See Adding computers to an organizational unit and installation software.

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Creating a GPO software distribution

The procedure assumes that you have installed Microsoft's Group Policy Management Console with Service Pack 1 or later. The procedure also assumes that you have computers in the Computers group or some other group to which you want to install client software. You can drag these computers into a new group that you create.

Note:

If User Account Control (UAC) is enabled, you must enable Always install with elevated privileges for Computer Configuration and User Configuration to install Symantec client software with a GPO. You set these options to allow all Windows users to install Symantec client software.

See Installing clients with Active Directory Group Policy Object.

To create a GPO package

  1. On the Windows Taskbar, click Start > Programs > Administrative Tools > Group Policy Management.

  2. In the Active Directory Users and Computers window, in the console tree, right-click the domain, and then click Active Directory Users and Computers.

  3. In the Active Directory Users and Computers window, right-click the Domain, and then click New > Organizational Unit.

  4. In the New Object dialog box, in the Name box, type a name for your organizational unit, and then click OK.

  5. In the Active Directory Users and Computers window, click File > Exit.

  6. In the Group Policy Management window, in the console tree, right-click the organizational unit that you created, and then click Create and Link a GPO Here.

    You may need to refresh the domain to see your new organizational unit.

  7. In the New GPO dialog box, in the Name box, type a name for your GPO, and then click OK.

  8. In the right pane, right-click that GPO that you created, and then click Edit.

  9. In the Group Policy Object Editor window, in the left pane, under the Computer Configuration, expand Software Settings.

  10. Right-click Software installation, and then click New > Package.

  11. In the Open dialog box, type the Universal Naming Convention (UNC) path that points to and contains the MSI package.

    Use the format as shown in the following example:

    \\server name\SharedDir\Symantec AntiVirus.msi

  12. Click Open.

  13. In the Deploy Software dialog box, click Assigned, and then click OK.

    The package appears in the right pane of the Group Policy Object Editor window if you select Software Installation.

To configure templates for the package

  1. In the Group Policy Object Editor window, in the console tree, display and enable the following settings:

    • Computer Configuration > Administrative Templates > System > Logon > Always wait for the network at computer startup and logon

    • Computer Configuration > Administrative Templates > System > Group Policy > Software Installation policy processing

    • User Configuration > Administrative Templates > Windows Components > Windows Installer > Always Install with elevated privileges

  2. Close the Group Policy Object Editor window.

  3. In the Group Policy Management window, in the left pane, right-click the GPO that you edited, and then click Enforced.

  4. In the right pane, under Security Filtering, click Add.

  5. In the dialog box, under Enter the object name to select, type Domain Computers, and then click OK.

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

 How can I make sure that the newly joined domain computer gets SEP client ?

https://www-secure.symantec.com/connect/forums/how-can-i-make-sure-newly-joined-domain-computer-gets-sep-client

You need to find them using unmanaged detector and install it. Or use the image with SEP client and make sure you have followed these steps before applyingthe image on new systems

http://www.symantec.com/business/support/index?page=content&id=HOWTO54706

Thanks In Advance

Ashish Sharma

 

 

Rafeeq's picture

If no SEP is installed, it will be reported as unmanaged

you can configure a unmanaged client report and install on them,

however SEPM console will not monitor for any non SEP client and install automatically on them.