Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Deploying Symantec Endpoint Protection Small Business Edition with Active Directory - Windows Server 2008

Created: 07 Feb 2014 • Updated: 10 Jun 2014
mt5937's picture
0 0 Votes
Login to vote
Symantec single video player.

This video describes the basic steps of deploying Symantec Endpoint Protection Small Business Edition with Active Directory on Windows Server 2008.

*******************************************************************************************************************************************

SCRIPT:

Welcome to this video on "Deploying Symantec Endpoint Protection Small Business Edition with Active Directory."

This video demonstrates the basic steps necessary for a successful Active Directory deployment from a Windows 2008 Domain Controller. You should tailor these steps to suit the requirements of your organization.

The Active Directory deployment of Cloud Endpoint Protection Agents has only a few steps:

·        Download a properly-configured, redistributable package

·        Create a Distribution Point on your Domain Controller

·        Create a Group Policy Object for software deployment that is linked to your domain

·        Verify the successful deployment

The first step is to download a properly-configured redistributable package for your active directory deployment.

To get started:

 Log into your domain controller as Administrator

…and then…

Log into your Symantec.cloud account

Once you log in to the Symantec.cloud management console, use the Quick Tasks option to add a computer.

From the Add new computers or services page, select Endpoint Protection.

Download the redistributable package.

In the Chrome browser, the download is automatically saved.

When using other browsers, click Save in the download dialog.

When the download is complete, run the package. 

Browse and create a destination for the package.

This location can become your network share for the Active Directory Group Policy Object.

Specific operating systems may be selected for the package. However, accepting all operating systems is recommended.

If a proxy is used on the network targeted for Active Directory Deployment, enter the proxy information.

Configuring the redistributable with proxy settings builds a package specific to that one network location.

Activating the check box for Active Directory creates three files needed for deployment.

 In this step you saw how to…

·        Download the redistributable package

·        Select a destination folder for the package

·        Configure proxy settings for the package if necessary

·        …and how to create a package for Active Directory deployment.

The next step is to Create a Distribution Point on your Domain Controller.

This is accomplished by creating a network share containing the Active Directory redistributable package files for your deployment. This enables your computers to get the software.

For this demonstration, we make the share available to Everyone. On your network, follow the rights assignment policies of your organization.

This is the network share created for your Active Directory deployment.

But you must edit the Security Properties for Everyone to the shared folder to ensure the share works correctly.

Checking "Replace all existing inheritable permissions on all descendants with inheritable permissions from this object" effectively resets the permissions on the shared folder. This ensures that Everyone gets Read and Execute permissions on all of the files in the folder. 

In this step you saw how to create a network share that becomes your Active Directory deployment distribution point on the Domain Controller.

In this step we Create a Group Policy Object for software deployment that is linked to your domain. 

In this step, you'll see how to:

·        Locate and open the Active Directory Users and Computers console

·        Create and name a new Group Policy Object for deployment

·        Edit the Group Policy Object to provide the location of the package MSI file

·        Assign the package MSI to be deployed at logon in the Group Policy Deployment Properties

·        ... and identify the MST file to be used for Modifications

To create your Group Policy Object you must open the Group Policy Management console to begin. 

Right click on the Group Policy Objects container and give your new Group Policy Object a recognizable name.

The new Group Policy Object is added to the list and is available for use.

Next, edit your new Group Policy Object to configure the redistributable software package for use in the Active Directory deployment.

You need to browse to the network share that you created for the Active Directory deployment. The share contains the software package.

Select and open the MSI file for deployment.

In the Group Policy Management Editor, select the Advanced option to configure the software deployment.

In the Group Policy Deployment Properties, select the Deployment tab.

You want the "Install this application at logon" option and need to make it selectable.

Even though "the Assigned" Deployment type is selected by default, you must click it to make the option available.

When you do that, you can activate the "Install this application at logon" option.

On the Modifications tab, you select the .mst file to customize the redistributable package.

The final step is to link your Group Policy Object to your domain.

Right click your domain, or other organizational unit, then select "Link an Existing GPO."

You select your Group Policy Object from the list of objects in your domain to make the link.

When finished, your Group Policy Object appears in the Linked Group Policy Objects tab for the domain…

…and your Software installation settings show a Deployment state of Assigned.

In this step, you saw how to: 

·        Locate and open the Active Directory Users and Computers console

·        Create and name a new Group Policy Object for deployment

·        Edit the Group Policy Object to provide the location of the package MSI file

·        Assign the package MSI to be deployed at logon in the Group Policy Deployment Properties

·        ... and identify the MST file to be used for Modifications

After configuring your Active Directory deployment, all that remains is verifying that your configuration works correctly.

 Log into an endpoint computer as administrator, then force an immediate update of the Group Policy and restart the computer...

Group Policy updates run automatically based on the domain configuration. These updates ensure that a software package can be installed when a Group Policy is updated. In this example, the policy specifies the software be installed when users logon.

During the computer restart, the Windows splash screen displays installation information.

When you look at the Processes in Windows Task Manager, you that see the redistributable package and other Symantec.cloud components are running. 

If you encounter any difficulties with your Active Directory deployment, navigate to the log files and take a look.

These are also the files that Support will request if you cannot solve the issue yourself.

The actual location of your log files depends on the Active Directory deployment method that you used.

In this step you saw how to:

·        Force a group policy update for testing your deployment configuration

·        Check the indicators of a successful deployment

·        And to locate the log files needed for troubleshooting….

This concludes the video, "Deploying Symantec Endpoint Protection Small Business Edition with Active Directory."  

In this program you saw the basic steps of how to:

·        Download a properly-configured, redistributable package

·        Create a Distribution Point on your Domain Controller

·        Create a Group Policy Object for software deployment that is linked to your domain

·        Verify the successful deployment

Thanks for watching.