I am trying to nail down the best strategy to make sure all of our PCs joined to our domain have SEP loaded.
Given our limited resources, I think the best way is to create a a software installation GPO and assign it to the OU containing our PCs.
However, after browsing through the forums, I am still a little confused as to the best way to do this.
The intallation guide recommends creating an administrative install point from the CD media.
Other posts have said to export the package from SEPM and assign the MSI.
Both work, but which is better? I will want to use the SEPM features to upgrade our groups after the initial GPO install to future releases (in other words, I do not want to keep using the GPO to upgrading clients to the latest MR/RU)
Also, when using the MSI exported from SEPM, I am not able to restrict the install to just AV and Spyware. It always installs all of the features, even if I choose otherwise in the export options.
Is using GPO the best option here? If so, what can I do to address the problems mentioned above?