Endpoint Protection

 View Only

  • 1.  GPO deployment without Network Threat Protection

    Posted Sep 16, 2010 09:41 PM

    I'm trying to deploy the latest client 11.0.6 but without Network Threat Protection. I exported an antivirus/antispyware only client from the console and setup the GPO to use that MSI, but upon client reboots the full SEP is loaded.



  • 2.  RE: GPO deployment without Network Threat Protection
    Best Answer

    Posted Sep 16, 2010 10:45 PM


    Title: 'When installing SEP clients using GPO the clients get all features installed instead of only the features set in the installation package'
    Document ID: 2008062706342848
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008062706342848?Open&seg=ent
     

    When deploying via GPO, the installation does not query the "setaid.ini" file which specifies what components to install/enable.

    Assign a custom package to the client group within Symantec Endpoint Protection Manager

    Log in to the Symantec Endpoint Protection Manager

    Click on Admin on the left

    Click on Install Packages on the bottom left

    Click onClient Install Feature Sets at the top left

    Click Add Client Install Feature Set under Tasks

    Enter a name for the feature set

    Check and uncheck the desired features to meet the needs of the clients in the environment

    Click OK

     

    If there are different groups of clients that need to have different features installed, add as many additional custom feature sets as are required

     

    Click on the Clients tab on the left

    Select a group to configure

    Click the Install Packages tab at the top right

    Click Add Client Install Package under Tasks

    Select a package from the drop down list at the top of the window

    The clients in this group will conform to the version number of the package that is selected here. 

    Note that the 32 and 64 bit packages are separate.  If there are both 32 and 64 bit clients in the same client group, one package will need to be added for each

    Under the Client Features section uncheck the box for Maintain existing client features when updating

    This will force the clients to conform to the feature set that is selected from the drop down list below

    Select the appropriate custom client feature set that was created in steps 5 through 9 in the Select the features you want to use drop down

    Click OK

     

    Deploy the Symantec Endpoint Protection installation via GPO (This installation may require a reboot)

    At time of installation, the client will implement all of the features, including those that should be disabled

    When client registers with the Manager and is assigned to the correct client group, the "correct" package will be pushed down to it

    The client will then reinstall the package, implement the correct features and settings, effectively disabling the unwanted components. (This re-installation may require a second reboot).