- I am using Symantec 11 MR4 MP1a.
- SEPM is running on Server 2003 Enterprise sp2
- My client computers are Enterprise Server 2003 sp2 and Enterprise Server 2008 sp1.
- GPO distribution with NO Symantec client push configured.
I have a custom configured feature set that includes (essentially) the Network Threat Protection (the Firewall) and the Antivirus components. The IPS doesn't work (isn't supported) with server in any event and I was told multiple times by multilple Symantec techs that if possible I should not install it at all.
My issue is thus:
The Server 2003 installations work exactly as expected. That once the install and reboot(s) complete I have the client configured as I set up in the feature set when I exported the client install MSI.
However
The Server 2008 installations, which are EXACTLY the same client install MSI's fail to install the configured feature set. The 2008 Servers consistently install the full set of features.
Symantec Tech support initially recomended that I work around this issue by using the GPO install configuration in conjunction with the SEPM client install. Essentially that I deploy the client once via GPO and then when the client registers with the SEPM the SEPM will push down the correct package.
seriously.
What I have done (successfully) is an apparently unsupported procedure to force the GPO install to work as expected. The essentials are documented in a couple of places on the forums:
https://www-secure.symantec.com/connect/forums/automate-deployment-sep-11
https://www-secure.symantec.com/connect/forums/deploy-sep-gpo-without-network-threat-protection
http://www.symantec.com/connect/forums/removing-sep-firewall
My questions are as follows:
1. Has any one else seen this issue consistently with Microsoft Server 2008?
2. Is this a known issue? bug?
3. Is GPO EPP client installation for Server 2008 fully supported or not?
4. Is anyone seeing this with Server 2003 anymore (there was a good bit of chatter on it last year) or has Symantec fixed it for simple local area network GPO installs?
thanks,
Jer