Deploying SEP 12.1 via Startup Script
We are about to undetake updating all of our client computers to SEP 12.1 from SEP 11.x. In deploying SEP 11.x, we utilized the software deployment GPO feature of AD. This worked OK, but we ended up going down the road of MSI transforms, which proved to be an exercise in frustration. We are also looking for something a bit more flexible in terms of the deployment source (for example, we want the deployment to be delivered from the closest source to minimize traffic over the WAN), so we are seriously considering scripting it this go around.
I've already got a VB script that does something very similar for another application we use, but that deployment is much simpler (no installer, it's just simply copying files). I'm fairly confident I can modify it to suit our needs for SEP, but I'm envisioning two big problems/unknowns that I'm wondering if anyone could assist with:
1.) Share permissions - I can envision permissions being an issue. We want to run this as a startup script, before there is any user even logged in. I'm honestly not sure how we would go about making sure that the script has the necessary elevated permissions to access the shares. Any thoughts on how this might be accomplished?
2.) Context of installation/Where it runs - This one might be a bit tricky to explain. The VB scipt would do some logic to see where the user is located, then point them to a deployment share based on their location. This would then simply kick of a batch file that would run the Symantec isntaller from the command line wiht the desired settings and options. The script is then done at that point, but we'd then have a command window running the Symantec installer floating around somewhere (I'm honestly not sure where, since there wouldn't be a user logged in at this point).
a.) Is there a way to delay user login until the batch file finishes running the install?
b.) If not, what does this look like to the user? Are they going to see a command prompt windo appear when the login?
These are the two big points that concern me a bit. If anyone has any experience doing anything similar, I'd love to hear your thoughts or hear how you accomplished something similar.