Creating a GPO software distribution

If you use Microsoft Active Directory in your environment, you can use a GPO to deploy the
Symantec Endpoint Protection
client package to Windows computers. You create a software distribution then configure a GPO administrative template for the software packages.
This process assumes that you have installed Microsoft's Group Policy Management Console with Service Pack 1 or later. The Windows interface may be slightly different depending on the version of Windows you use.
This process also assumes that you have computers in the Computers group or some other group to which you want to install client software. Optionally, you can drag these computers into a new group that you create.
  1. To create a GPO software distribution, on the Windows Taskbar, click
    Start > All Programs > Administrative Tools > Group Policy Management
    .
  2. In the
    Active Directory Users and Computers
    window, in the console tree, right-click the domain, and then click
    Active Directory Users and Computers
    .
  3. In the
    Active Directory Users and Computers
    window, select a target organizational unit (OU) under the appropriate domain.
    You can also create a new OU for testing or other purposes. See Active Directory documentation by Microsoft for more information on how to create a new OU.
  4. In the
    Group Policy Management
    window, in the console tree, right-click the organizational unit that you chose or created, and then click
    Create and Link a GPO Here
    .
    You may need to refresh the domain to see a new OU.
  5. In the
    New GPO
    dialog box, in the Name box, type a name for your GPO, and then click
    OK
    .
  6. In the right pane, right-click the GPO that you created, and then click
    Edit
    .
  7. In the
    Group Policy Object Editor
    window, in the left pane, under
    Computer Configuration
    , expand
    Software Settings
    .
  8. Right-click
    Software installation
    , and then click
    New > Package
    .
  9. In the
    Open
    dialog box, type the Universal Naming Convention (UNC) path that points to and contains the MSI package.
    Use the format as shown in the following example:
    \\
    server name
    \
    SharedDir
    \Sep.msi
  10. Click
    Open
    .
  11. In the
    Deploy Software
    dialog box, click
    Assigned
    , and then click
    OK
    .
    The package appears in the right pane of the Group Policy Object Editor window if you select Software Installation.
  12. To configure administrative templates for the software package, in the
    Group Policy Object Editor
    window, in the console tree, display and enable the following settings:
    • Computer Configuration > Administrative Templates > System > Logon > Always wait for the network at computer startup and logon
    • Computer Configuration > Administrative Templates > System > Group Policy > Software Installation policy processing
    • User Configuration > Administrative Templates > Windows Components > Windows Installer > Always install with elevated privileges
      If you enabled User Account Control (UAC) on the client computers, you must also enable
      Computer Configuration > Administrative Templates > Windows Components > Windows Installer > Always install with elevated privileges
      to install Symantec client software with a GPO. You set these options to allow all Windows users to install Symantec client software.
  13. Close the Group Policy Object Editor window.
  14. In the
    Group Policy Management
    window, in the left pane, right-click the GPO that you edited, and then click
    Enforced
    .
  15. In the right pane, under
    Security Filtering
    , click
    Add
    .
  16. In the dialog box, under
    Enter the object name to select
    , type
    Domain Computers
    , and then click
    OK
    .