Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Deployment to Imported Active Directory Accounts

Created: 13 Jul 2010 | 4 comments
diggisaur's picture

So I can successfully import my Active Directory OUs and computer accounts into SEPM - great.

Does this help anywhere in deployment?

I see I can assign Install Packages to imported groups. I haven't tried it but I assume this is how to easily get SEP onto imported AD computer accounts? Although I don't see a way to modify the install type if this is the case? If this is the case I assume the only install type is the Default set which is "Unattended".

I don't see anything in Find Unmanaged Computers.

I was hoping that when I opened Find Unmanaged Computers it would list all the AD computers I just imported into SEPM - guess not. I was hoping that the AD import would work in a similiar way as the Deployment Wizard outside of SEPM where you can import text lists of computers or browse AD to push SEP to. Is this functionality not in the manager or am I just missing it.

Which further begs the question why is so much of the deployment capabilities outside the actually SEPM that can only be found in the apparent standalone Deploy Wizard?

Comments 4 CommentsJump to latest comment

Mudit Kumar's picture

Importing AD has nothing to do with the deployment. You will have to push the package to the Client computers.

Below are 2 articles

Title: 'Creating custom client installation packages in the Symantec Endpoint Protection Manager console'

Title: 'How to Deploy Symantec Endpoint Protection to your client computers using the Migration and Deployment Wizard.'
Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007111409432848?Open&seg=ent

Thanks & Regards,
Mudit Kumar
 

diggisaur's picture

Thanks but I think you misread my question. I know how to deploy clients and create custom installation packages. I am trying to understand the benefit of importing AD OUs. I really see little benefit if it does not in some way help with deployment.

For example, I have 1-2 domain computers in each subnet. Scanning an entire Class B subnet would takes weeks through the Symantec Management Console. Completely impractical. And it doesnt look like I can add more than one computer name at a time through Find Unmanaged Computers. So this really rules out the Find Unmanaged screen as an efficient method of deployment.

The only other fast way I see deployment is exporting my AD computers to a TXT file and using that text file in the Client Deployment Wizard. outside of SEPM.

I think for AD import to be of any use, after you import AD computers you really need the ability to see those PCs in either Find Unmanaged Computers (because SEPM should know about them if it imported computer accounts rather than SEP client) or with the Client Install Packages at the SEP Group level be able to perform all forms of install included Unattended install which is not an option either though I have created it as a Client Install Package. It is not a choice.

Just me 2 cents moreso on features needed I guess.

Vikram Kumar-SAV to SEP's picture

AD Integration with SEPM only helps to retain your AD structure so that you can apply policies accordingly.OU import has nothing to do with deployment.

 

However once you have imported OU's and deploy SEP using Group Policy Software Deployment..all the client will go to their respective containers in SEPM. 

Find Unmanaged Computers--You can scan a whole range of IP address..which will find your computers..no need to specify any name leave that blank..You can deploy as many clients you want.

Migration and Deployment wiz--Click ok Domain click Add--Supply Domain admin credentials--s,-Skip the offline client it will add all your machines ( except the ones which cannot be contacted ) then you can start the deployment on all of them at once.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Vikram Kumar-SAV to SEP's picture

 

Organizational Units from Active Directory in Symantec Endpoint Protection 11.0

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092721431648

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.