Title: 'When installing SEP clients using GPO the clients get all features installed instead of only the features set in the installation package'
Document ID: 2008062706342848
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008062706342848?Open&seg=ent
When deploying via GPO, the installation does not query the "setaid.ini" file which specifies what components to install/enable.
Assign a custom package to the client group within Symantec Endpoint Protection Manager
Log in to the Symantec Endpoint Protection Manager
Click on Admin on the left
Click on Install Packages on the bottom left
Click onClient Install Feature Sets at the top left
Click Add Client Install Feature Set under Tasks
Enter a name for the feature set
Check and uncheck the desired features to meet the needs of the clients in the environment
Click OK
If there are different groups of clients that need to have different features installed, add as many additional custom feature sets as are required
Click on the Clients tab on the left
Select a group to configure
Click the Install Packages tab at the top right
Click Add Client Install Package under Tasks
Select a package from the drop down list at the top of the window
The clients in this group will conform to the version number of the package that is selected here.
Note that the 32 and 64 bit packages are separate. If there are both 32 and 64 bit clients in the same client group, one package will need to be added for each
Under the Client Features section uncheck the box for Maintain existing client features when updating
This will force the clients to conform to the feature set that is selected from the drop down list below
Select the appropriate custom client feature set that was created in steps 5 through 9 in the Select the features you want to use drop down
Click OK
Deploy the Symantec Endpoint Protection installation via GPO (This installation may require a reboot)
At time of installation, the client will implement all of the features, including those that should be disabled
When client registers with the Manager and is assigned to the correct client group, the "correct" package will be pushed down to it
The client will then reinstall the package, implement the correct features and settings, effectively disabling the unwanted components. (This re-installation may require a second reboot).