Creating a GPO software distribution
If you use Microsoft Active Directory in your environment, you can use a GPO to deploy the
Symantec Endpoint Protectionclient package to Windows computers. You create a software distribution then configure a GPO administrative template for the software packages.
This process assumes that you have installed Microsoft's Group Policy Management Console with Service Pack 1 or later. The Windows interface may be slightly different depending on the version of Windows you use.
This process also assumes that you have computers in the Computers group or some other group to which you want to install client software. Optionally, you can drag these computers into a new group that you create.
- To create a GPO software distribution, on the Windows Taskbar, clickStart > All Programs > Administrative Tools > Group Policy Management.
- In theActive Directory Users and Computerswindow, in the console tree, right-click the domain, and then clickActive Directory Users and Computers.
- In theActive Directory Users and Computerswindow, select a target organizational unit (OU) under the appropriate domain.You can also create a new OU for testing or other purposes. See Active Directory documentation by Microsoft for more information on how to create a new OU.
- In theGroup Policy Managementwindow, in the console tree, right-click the organizational unit that you chose or created, and then clickCreate and Link a GPO Here.You may need to refresh the domain to see a new OU.
- In theNew GPOdialog box, in the Name box, type a name for your GPO, and then clickOK.
- In the right pane, right-click the GPO that you created, and then clickEdit.
- In theGroup Policy Object Editorwindow, in the left pane, underComputer Configuration, expandSoftware Settings.
- Right-clickSoftware installation, and then clickNew > Package.
- In theOpendialog box, type the Universal Naming Convention (UNC) path that points to and contains the MSI package.Use the format as shown in the following example:\\server name\SharedDir\Sep.msi
- In theDeploy Softwaredialog box, clickAssigned, and then clickOK.The package appears in the right pane of the Group Policy Object Editor window if you select Software Installation.
- To configure administrative templates for the software package, in theGroup Policy Object Editorwindow, in the console tree, display and enable the following settings:
- Computer Configuration > Administrative Templates > System > Logon > Always wait for the network at computer startup and logon
- Computer Configuration > Administrative Templates > System > Group Policy > Software Installation policy processing
- User Configuration > Administrative Templates > Windows Components > Windows Installer > Always install with elevated privilegesIf you enabled User Account Control (UAC) on the client computers, you must also enableComputer Configuration > Administrative Templates > Windows Components > Windows Installer > Always install with elevated privilegesto install Symantec client software with a GPO. You set these options to allow all Windows users to install Symantec client software.
- Close the Group Policy Object Editor window.
- In theGroup Policy Managementwindow, in the left pane, right-click the GPO that you edited, and then clickEnforced.
- In the right pane, underSecurity Filtering, clickAdd.
- In the dialog box, underEnter the object name to select, typeDomain Computers, and then clickOK.