Announcement

Collapse
No announcement yet.

Software Deployment Issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Software Deployment Issues

    Hi,

    I'm trying to deploy Symantec Endpoint Protection (SEP) via group policy. We currently have SEP installed in our environment and I wanted to automate the installation so new computers on the network will automatically get antivirus.
    Unfortunately when I tested the group policy SEP started installing on any computers that were rebooted.

    What I would like to do is have the GP check to see if SEP is installed and then install if it isn't. I can't just apply the GP and let all the computers install SEP as it takes about 10 minutes to install.

    Anyone got any ideas?.

    Thanks

    Liam

  • #2
    Re: Software Deployment Issues

    Did you create a custom MSI from SEP?

    Normally, that's how it works. It checks if the MSI is installed already and won't install it again if it is....unless there is a problem with the package or the installation process..
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

    Comment


    • #3
      Re: Software Deployment Issues

      Hi Gepeto,

      Yes I created a custom MSI through SEP and have done this for all sites specifying the management server for each site in their sylink.xml and to have silent installs.

      What I am seeing is that GP looks in the registry to see if it has an entry for SEP (under group policies), if not it installs. But as I rolled out SEP via the SEP Manager GP doesn't have a key for it and assumes it isn't installed. This is a major flaw in this software Symantec haven't provided anyway to automatically install SEP, it needs to be manually installed either locally or through the SEP Manager.

      Comment


      • #4
        Re: Software Deployment Issues

        When you rolled it out using the Symantec console, was that using the same MSI?

        It shouldn't matter where the MSI is installed from as long as it's the same - Group policy processing doesn't keep a database other than what Windows normally keeps..
        VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

        Comment


        • #5
          Re: Software Deployment Issues

          I concur with the previous responses. If you have deployed the same exact MSI created by SEP, it will not reinstall the client SEP again. Even if you have an updated version of SEP (11.4 vs 11.2) it will be the same MSI installed then updated through the SEP manager at the next synchronization interval.

          Comment


          • #6
            Re: Software Deployment Issues

            I use GPO to manage software, including SEP. Basically, as previously alluded to, group policy s/w management isn't always 'smart enough' to know when certain products are installed already. If you roll out a new GPO policy for a particular piece of software, if that software is already installed (on some machines), it will often try and install it again. From that point, it depends on the particular piece of software and how well it reacts to getting reinstalled. Some products aren't affected much or at all, and other products loose all settings and can act funny.

            As a general rule, try to install/manage as much as you can through GPO, because then you have a single, reliable source for software installation. Base workstation images should only have the absolute bare minimums.

            That being said, there also isn't quick and dirty way of telling GPO to install software on 'new computers' only. I have long searched for a good WMI filter to do this, but such a thing does not appear to exist. You basically have to use redircmp to redirect new computers to a new OU, as per this thread where I was trying to solve this very same issue. This is what I've done, and it's worked well, as I can 'start fresh' for new computers, since when I started at my current position things were messy and all over the place. Now, when I join a computer to the domain, I can be satisfied that it will get the newest software that I designate via GPO.

            Comment


            • #7
              Re: Software Deployment Issues

              My rule of thumb is: Never push software by GPO, other than the agent of whatever other tool you are using to push software
              VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

              Comment


              • #8
                Re: Software Deployment Issues

                Originally posted by gepeto View Post
                My rule of thumb is: Never push software by GPO, other than the agent of whatever other tool you are using to push software
                Ha ha, true. But for basic software deployment I think GPO does fine. But I used to work for a much bigger company that had to push and deploy boatloads more... For that, we used Novell's Zen 7, which worked really well.

                Comment

                Working...
                X