I recently was "tasked" with fixing some issues with our Endpoint Protection Manager. It runs on a Server 2008 R2 VM located on a NetApp SANS. We have around 1000 workstations, mainly XP . The servers are either Windows Server 2003 or 2008.
We are an Active Directory network, yet the directory server(s) aren't set up in SEPM. As I understand it, I can sync SEPM with AD and assign packages to OUs and users. If user A has a package assigned to him/her , and logs in at workstation XX that doesn't have any Endpoint Protection will it automatically install based on Active Directory sync ? Does the install package "follow" that person around ? I'm trying to understand the full benefits of using the AD sync feature, doesn't seem like setting up at least the directory server name/login would hurt anything.
I've noticed on some domain computers we'll push an install package out with no problem, however it won't show up in the managed client list. I think I've solved that issue by doing a complete uninstall and using CCleaner to remove orphan registries and files. I created an install package with the option to remove old policy, log files, settings . It seems like Endpoint Protection isn't a big fan of having new versions installed over it without as much as it can of the old version. I've just had better luck with new installs than upgrades I suppose
Thanks for any help or advice