Video Screencast Help

EPP Client Installation via GPO Server 2003 vs Server 2008

Created: 26 Mar 2009 • Updated: 22 May 2010 | 3 comments

 - I am using Symantec 11 MR4 MP1a.
 - SEPM is running on Server 2003 Enterprise sp2
 - My client computers are Enterprise Server 2003 sp2 and Enterprise Server 2008 sp1.
 - GPO distribution with NO Symantec client push configured.

I have a custom configured feature set that includes (essentially) the Network Threat Protection (the Firewall)  and the Antivirus components.  The  IPS doesn't work (isn't supported) with server in any event and I was told multiple times by multilple Symantec techs that if possible I should not install it at all.

My issue is thus:
The Server 2003 installations work exactly as expected. That once the install and reboot(s) complete I have the client configured as I set up in the feature set when I exported the client install MSI.

However

The Server 2008 installations, which are EXACTLY the same client install MSI's fail to install the configured feature set. The 2008 Servers consistently install the full set of features.
Symantec Tech support initially recomended that I work around this issue by using the GPO install configuration in conjunction with the SEPM client install. Essentially that I deploy the client once via GPO and then when the client registers with the SEPM the SEPM will push down the correct package.

seriously.

What I have done (successfully) is an apparently unsupported procedure to force the GPO install to work as expected.  The essentials are documented in a couple of places on the forums:
https://www-secure.symantec.com/connect/forums/automate-deployment-sep-11
https://www-secure.symantec.com/connect/forums/deploy-sep-gpo-without-network-threat-protection
http://www.symantec.com/connect/forums/removing-sep-firewall

My questions are as follows:
1. Has any one else seen this issue consistently with Microsoft Server 2008?
2. Is this a known issue?  bug?
3. Is GPO EPP client installation for Server 2008 fully supported or not?
4. Is anyone seeing this with Server 2003 anymore (there was a good bit of chatter on it last year) or has Symantec fixed it for simple local area network GPO installs? 

thanks,
Jer

Comments 3 CommentsJump to latest comment

jeffwichman's picture

I am not sure if this was a bug with MR4 MP1a.  Have you tried this with MR4 MP2?  I don't have access to a 2008 server yet but we will be testing servers in the coming months.

Do the 2008 and 2003 servers drop into the same client goup under Symantec? 

Abhishek Pradhan's picture

@ Jerry: Are you assigning the package of Publishing it?

Abhishek Pradhan, PMP, MCT
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org