Hello -

It had been a really fun weekend troubleshooting why Windows Defender wasn't
installing to my WXPSP2 machines. What I found out was that, because my
users are not Local Administrators, they had never been able to install the
WGA ActiveX control. As a result, the Defender installation failed on every
one.

So basically, there is this great tool for centralized deployment of
Defender (AD GPO), and a great supporting application for centralized
deployment of the definitions USED by Defender (WSUS), but it's all MOOT in
the face of having to touch EACH MACHINE INDIVIDUALLY to install WGA first?

PLEASE PLEASE PLEASE give netadm's and sysadm's a tool to remotely deploy
WGA. This wasted a whole weekend for me, logging into tons of machines to do
this.

Thanks -

Eric McWhorter

When you deploy windows defender through AD GPO, can you setup a basic
configuration? (e.g. time for scanning and checking for updates?)

"loraXXarol" wrote:

> Hello -
>
> It had been a really fun weekend troubleshooting why Windows Defender wasn't
> installing to my WXPSP2 machines. What I found out was that, because my
> users are not Local Administrators, they had never been able to install the
> WGA ActiveX control. As a result, the Defender installation failed on every
> one.
>
> So basically, there is this great tool for centralized deployment of
> Defender (AD GPO), and a great supporting application for centralized
> deployment of the definitions USED by Defender (WSUS), but it's all MOOT in
> the face of having to touch EACH MACHINE INDIVIDUALLY to install WGA first?
>
> PLEASE PLEASE PLEASE give netadm's and sysadm's a tool to remotely deploy
> WGA. This wasted a whole weekend for me, logging into tons of machines to do
> this.
>
> Thanks -
>
> Eric McWhorter

Hello -

Not that I would say that Microsoft would support this, but I have found
that the registry key which stores the scan time/behavior is

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan

Mine looks like this:

=======================================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
"AutomaticallyCleanAfterScan"=dword:00000000
"CheckForSignaturesBeforeRunningScan"=dword:00000001
"LastScanType"=dword:00000002
"LastScanRun"=hex:af,52,2a,a6,92,38,c6,01
"ScanParameters"=dword:00000002
"ScheduleTime"=dword:000004ec
=======================================

*WARNING*

Now, I can't say whether modifying these values are safe or not, but I
wouldn't push out "LastScanType" or "LastScanRun."

What I would push out is something LIKE the following, which sets Defender to:

1. Not automatically clean after a scan
("AutomaticallyCleanAfterScan"=dword:00000000)
2. Checks for signatures before running a scan
("CheckForSignaturesBeforeRunningScan"=dword:00000001)
3. Does a Full System Scan ("ScanParameters"=dword:00000002)
4. Scans at 9 pm ("ScheduleTime"=dword:000004ec)

=======================================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
"AutomaticallyCleanAfterScan"=dword:00000000
"CheckForSignaturesBeforeRunningScan"=dword:00000001
"ScanParameters"=dword:00000002
"ScheduleTime"=dword:000004ec
=======================================

"AutomaticallyCleanAfterScan" value of 1 corresponds to the checkbox "Apply
actions on detected items after scanning" being checked.

"CheckForSignaturesBeforeRunningScan" value of 1 corresponds to the checkbox
"Check for updated definitions before scanning" being checked.

"ScanParameters" value of 1 corresponds to "Quick scan" being selected from
the "Type of scan" dropdown.

"ScheduleTime" value is the number of hours past midnight times 60 minutes,
and is in hexadecimal. For example, 3 am would be 3X60=180 or B4 in hex.

Hope this helps.

- Eric

"Clarence" wrote:

> When you deploy windows defender through AD GPO, can you setup a basic
> configuration? (e.g. time for scanning and checking for updates?)
>
> "loraXXarol" wrote:
>
> > Hello -
> >
> > It had been a really fun weekend troubleshooting why Windows Defender wasn't
> > installing to my WXPSP2 machines. What I found out was that, because my
> > users are not Local Administrators, they had never been able to install the
> > WGA ActiveX control. As a result, the Defender installation failed on every
> > one.
> >
> > So basically, there is this great tool for centralized deployment of
> > Defender (AD GPO), and a great supporting application for centralized
> > deployment of the definitions USED by Defender (WSUS), but it's all MOOT in
> > the face of having to touch EACH MACHINE INDIVIDUALLY to install WGA first?
> >
> > PLEASE PLEASE PLEASE give netadm's and sysadm's a tool to remotely deploy
> > WGA. This wasted a whole weekend for me, logging into tons of machines to do
> > this.
> >
> > Thanks -
> >
> > Eric McWhorter

Well, that doesn't seem to be working for me - the pushing of those registry
settings via AD GPO. I know those are where the settings get set for
Defender, but I guess you'd have to include the .reg file setting them in a
logon script or something.

- Eric

"loraXXarol" wrote:

> Hello -
>
> Not that I would say that Microsoft would support this, but I have found
> that the registry key which stores the scan time/behavior is
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan
>
> Mine looks like this:
>
> =======================================
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
> "AutomaticallyCleanAfterScan"=dword:00000000
> "CheckForSignaturesBeforeRunningScan"=dword:00000001
> "LastScanType"=dword:00000002
> "LastScanRun"=hex:af,52,2a,a6,92,38,c6,01
> "ScanParameters"=dword:00000002
> "ScheduleTime"=dword:000004ec
> =======================================
>
> *WARNING*
>
> Now, I can't say whether modifying these values are safe or not, but I
> wouldn't push out "LastScanType" or "LastScanRun."
>
> What I would push out is something LIKE the following, which sets Defender to:
>
> 1. Not automatically clean after a scan
> ("AutomaticallyCleanAfterScan"=dword:00000000)
> 2. Checks for signatures before running a scan
> ("CheckForSignaturesBeforeRunningScan"=dword:00000001)
> 3. Does a Full System Scan ("ScanParameters"=dword:00000002)
> 4. Scans at 9 pm ("ScheduleTime"=dword:000004ec)
>
> =======================================
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
> "AutomaticallyCleanAfterScan"=dword:00000000
> "CheckForSignaturesBeforeRunningScan"=dword:00000001
> "ScanParameters"=dword:00000002
> "ScheduleTime"=dword:000004ec
> =======================================
>
> "AutomaticallyCleanAfterScan" value of 1 corresponds to the checkbox "Apply
> actions on detected items after scanning" being checked.
>
> "CheckForSignaturesBeforeRunningScan" value of 1 corresponds to the checkbox
> "Check for updated definitions before scanning" being checked.
>
> "ScanParameters" value of 1 corresponds to "Quick scan" being selected from
> the "Type of scan" dropdown.
>
> "ScheduleTime" value is the number of hours past midnight times 60 minutes,
> and is in hexadecimal. For example, 3 am would be 3X60=180 or B4 in hex.
>
> Hope this helps.
>
> - Eric
>
> "Clarence" wrote:
>
> > When you deploy windows defender through AD GPO, can you setup a basic
> > configuration? (e.g. time for scanning and checking for updates?)
> >
> > "loraXXarol" wrote:
> >
> > > Hello -
> > >
> > > It had been a really fun weekend troubleshooting why Windows Defender wasn't
> > > installing to my WXPSP2 machines. What I found out was that, because my
> > > users are not Local Administrators, they had never been able to install the
> > > WGA ActiveX control. As a result, the Defender installation failed on every
> > > one.
> > >
> > > So basically, there is this great tool for centralized deployment of
> > > Defender (AD GPO), and a great supporting application for centralized
> > > deployment of the definitions USED by Defender (WSUS), but it's all MOOT in
> > > the face of having to touch EACH MACHINE INDIVIDUALLY to install WGA first?
> > >
> > > PLEASE PLEASE PLEASE give netadm's and sysadm's a tool to remotely deploy
> > > WGA. This wasted a whole weekend for me, logging into tons of machines to do
> > > this.
> > >
> > > Thanks -
> > >
> > > Eric McWhorter

Scanning on a standalone box involves a hidden scheduled task running
\program files\windows defender\mpcmdrun.exe with some simple arguments.

The scheduler, of all things, is surely eminently controllable across a
network using group policy? As you can see--I know very little of this--but
this one should be easy--

--

"loraXXarol" <(E-Mail Removed)> wrote in message
news:1390C730-E70B-421E-8135-(E-Mail Removed)...
> Hello -
>
> Not that I would say that Microsoft would support this, but I have found
> that the registry key which stores the scan time/behavior is
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan
>
> Mine looks like this:
>
> =======================================
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
> "AutomaticallyCleanAfterScan"=dword:00000000
> "CheckForSignaturesBeforeRunningScan"=dword:00000001
> "LastScanType"=dword:00000002
> "LastScanRun"=hex:af,52,2a,a6,92,38,c6,01
> "ScanParameters"=dword:00000002
> "ScheduleTime"=dword:000004ec
> =======================================
>
> *WARNING*
>
> Now, I can't say whether modifying these values are safe or not, but I
> wouldn't push out "LastScanType" or "LastScanRun."
>
> What I would push out is something LIKE the following, which sets Defender
> to:
>
> 1. Not automatically clean after a scan
> ("AutomaticallyCleanAfterScan"=dword:00000000)
> 2. Checks for signatures before running a scan
> ("CheckForSignaturesBeforeRunningScan"=dword:00000001)
> 3. Does a Full System Scan ("ScanParameters"=dword:00000002)
> 4. Scans at 9 pm ("ScheduleTime"=dword:000004ec)
>
> =======================================
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
> "AutomaticallyCleanAfterScan"=dword:00000000
> "CheckForSignaturesBeforeRunningScan"=dword:00000001
> "ScanParameters"=dword:00000002
> "ScheduleTime"=dword:000004ec
> =======================================
>
> "AutomaticallyCleanAfterScan" value of 1 corresponds to the checkbox
> "Apply
> actions on detected items after scanning" being checked.
>
> "CheckForSignaturesBeforeRunningScan" value of 1 corresponds to the
> checkbox
> "Check for updated definitions before scanning" being checked.
>
> "ScanParameters" value of 1 corresponds to "Quick scan" being selected
> from
> the "Type of scan" dropdown.
>
> "ScheduleTime" value is the number of hours past midnight times 60
> minutes,
> and is in hexadecimal. For example, 3 am would be 3X60=180 or B4 in hex.
>
> Hope this helps.
>
> - Eric
>
> "Clarence" wrote:
>
>> When you deploy windows defender through AD GPO, can you setup a basic
>> configuration? (e.g. time for scanning and checking for updates?)
>>
>> "loraXXarol" wrote:
>>
>> > Hello -
>> >
>> > It had been a really fun weekend troubleshooting why Windows Defender
>> > wasn't
>> > installing to my WXPSP2 machines. What I found out was that, because
>> > my
>> > users are not Local Administrators, they had never been able to install
>> > the
>> > WGA ActiveX control. As a result, the Defender installation failed on
>> > every
>> > one.
>> >
>> > So basically, there is this great tool for centralized deployment of
>> > Defender (AD GPO), and a great supporting application for centralized
>> > deployment of the definitions USED by Defender (WSUS), but it's all
>> > MOOT in
>> > the face of having to touch EACH MACHINE INDIVIDUALLY to install WGA
>> > first?
>> >
>> > PLEASE PLEASE PLEASE give netadm's and sysadm's a tool to remotely
>> > deploy
>> > WGA. This wasted a whole weekend for me, logging into tons of machines
>> > to do
>> > this.
>> >
>> > Thanks -
>> >
>> > Eric McWhorter

Wow. That's awesome. I was not aware that hidden tasks exist. I changed
the time in the gui and the scheduled time of the scan changed, but the
changes to the type of scan were not reflected. My cmdline option shows

"-ScanType config" - I am guessing that's to make it pull the values from
the registry for the scan type and such.

Thanks for the info! Learn something new every day!


"Bill Sanderson" wrote:

> Scanning on a standalone box involves a hidden scheduled task running
> \program files\windows defender\mpcmdrun.exe with some simple arguments.
>
> The scheduler, of all things, is surely eminently controllable across a
> network using group policy? As you can see--I know very little of this--but
> this one should be easy--
>
> --
>
> "loraXXarol" <(E-Mail Removed)> wrote in message
> news:1390C730-E70B-421E-8135-(E-Mail Removed)...
> > Hello -
> >
> > Not that I would say that Microsoft would support this, but I have found
> > that the registry key which stores the scan time/behavior is
> >
> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan
> >
> > Mine looks like this:
> >
> > =======================================
> > Windows Registry Editor Version 5.00
> >
> > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
> > "AutomaticallyCleanAfterScan"=dword:00000000
> > "CheckForSignaturesBeforeRunningScan"=dword:00000001
> > "LastScanType"=dword:00000002
> > "LastScanRun"=hex:af,52,2a,a6,92,38,c6,01
> > "ScanParameters"=dword:00000002
> > "ScheduleTime"=dword:000004ec
> > =======================================
> >
> > *WARNING*
> >
> > Now, I can't say whether modifying these values are safe or not, but I
> > wouldn't push out "LastScanType" or "LastScanRun."
> >
> > What I would push out is something LIKE the following, which sets Defender
> > to:
> >
> > 1. Not automatically clean after a scan
> > ("AutomaticallyCleanAfterScan"=dword:00000000)
> > 2. Checks for signatures before running a scan
> > ("CheckForSignaturesBeforeRunningScan"=dword:00000001)
> > 3. Does a Full System Scan ("ScanParameters"=dword:00000002)
> > 4. Scans at 9 pm ("ScheduleTime"=dword:000004ec)
> >
> > =======================================
> > Windows Registry Editor Version 5.00
> >
> > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
> > "AutomaticallyCleanAfterScan"=dword:00000000
> > "CheckForSignaturesBeforeRunningScan"=dword:00000001
> > "ScanParameters"=dword:00000002
> > "ScheduleTime"=dword:000004ec
> > =======================================
> >
> > "AutomaticallyCleanAfterScan" value of 1 corresponds to the checkbox
> > "Apply
> > actions on detected items after scanning" being checked.
> >
> > "CheckForSignaturesBeforeRunningScan" value of 1 corresponds to the
> > checkbox
> > "Check for updated definitions before scanning" being checked.
> >
> > "ScanParameters" value of 1 corresponds to "Quick scan" being selected
> > from
> > the "Type of scan" dropdown.
> >
> > "ScheduleTime" value is the number of hours past midnight times 60
> > minutes,
> > and is in hexadecimal. For example, 3 am would be 3X60=180 or B4 in hex.
> >
> > Hope this helps.
> >
> > - Eric
> >
> > "Clarence" wrote:
> >
> >> When you deploy windows defender through AD GPO, can you setup a basic
> >> configuration? (e.g. time for scanning and checking for updates?)
> >>
> >> "loraXXarol" wrote:
> >>
> >> > Hello -
> >> >
> >> > It had been a really fun weekend troubleshooting why Windows Defender
> >> > wasn't
> >> > installing to my WXPSP2 machines. What I found out was that, because
> >> > my
> >> > users are not Local Administrators, they had never been able to install
> >> > the
> >> > WGA ActiveX control. As a result, the Defender installation failed on
> >> > every
> >> > one.
> >> >
> >> > So basically, there is this great tool for centralized deployment of
> >> > Defender (AD GPO), and a great supporting application for centralized
> >> > deployment of the definitions USED by Defender (WSUS), but it's all
> >> > MOOT in
> >> > the face of having to touch EACH MACHINE INDIVIDUALLY to install WGA
> >> > first?
> >> >
> >> > PLEASE PLEASE PLEASE give netadm's and sysadm's a tool to remotely
> >> > deploy
> >> > WGA. This wasted a whole weekend for me, logging into tons of machines
> >> > to do
> >> > this.
> >> >
> >> > Thanks -
> >> >
> >> > Eric McWhorter
>
>
>

Hmm - I hadn't tried that experiment--that may explain why the command-line
help for the switches seems so cryptic--this may all be a relatively new
notation that will be standard for Vista.

I didn't spot this myself, as usual, some brainier more eagle eyed peer here
posted it--but I like the way it works. If you want do dig into it, you can
plan scans and updates exactly the way you want them, if not, the GUI is
simple enough for my mom.

--

"loraXXarol" <(E-Mail Removed)> wrote in message
news:0FCC5CDE-744B-4DAC-A021-(E-Mail Removed)...
> Wow. That's awesome. I was not aware that hidden tasks exist. I changed
> the time in the gui and the scheduled time of the scan changed, but the
> changes to the type of scan were not reflected. My cmdline option shows
>
> "-ScanType config" - I am guessing that's to make it pull the values from
> the registry for the scan type and such.
>
> Thanks for the info! Learn something new every day!
>
>
> "Bill Sanderson" wrote:
>
>> Scanning on a standalone box involves a hidden scheduled task running
>> \program files\windows defender\mpcmdrun.exe with some simple arguments.
>>
>> The scheduler, of all things, is surely eminently controllable across a
>> network using group policy? As you can see--I know very little of
>> this--but
>> this one should be easy--
>>
>> --
>>
>> "loraXXarol" <(E-Mail Removed)> wrote in message
>> news:1390C730-E70B-421E-8135-(E-Mail Removed)...
>> > Hello -
>> >
>> > Not that I would say that Microsoft would support this, but I have
>> > found
>> > that the registry key which stores the scan time/behavior is
>> >
>> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan
>> >
>> > Mine looks like this:
>> >
>> > =======================================
>> > Windows Registry Editor Version 5.00
>> >
>> > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
>> > "AutomaticallyCleanAfterScan"=dword:00000000
>> > "CheckForSignaturesBeforeRunningScan"=dword:00000001
>> > "LastScanType"=dword:00000002
>> > "LastScanRun"=hex:af,52,2a,a6,92,38,c6,01
>> > "ScanParameters"=dword:00000002
>> > "ScheduleTime"=dword:000004ec
>> > =======================================
>> >
>> > *WARNING*
>> >
>> > Now, I can't say whether modifying these values are safe or not, but I
>> > wouldn't push out "LastScanType" or "LastScanRun."
>> >
>> > What I would push out is something LIKE the following, which sets
>> > Defender
>> > to:
>> >
>> > 1. Not automatically clean after a scan
>> > ("AutomaticallyCleanAfterScan"=dword:00000000)
>> > 2. Checks for signatures before running a scan
>> > ("CheckForSignaturesBeforeRunningScan"=dword:00000001)
>> > 3. Does a Full System Scan ("ScanParameters"=dword:00000002)
>> > 4. Scans at 9 pm ("ScheduleTime"=dword:000004ec)
>> >
>> > =======================================
>> > Windows Registry Editor Version 5.00
>> >
>> > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
>> > "AutomaticallyCleanAfterScan"=dword:00000000
>> > "CheckForSignaturesBeforeRunningScan"=dword:00000001
>> > "ScanParameters"=dword:00000002
>> > "ScheduleTime"=dword:000004ec
>> > =======================================
>> >
>> > "AutomaticallyCleanAfterScan" value of 1 corresponds to the checkbox
>> > "Apply
>> > actions on detected items after scanning" being checked.
>> >
>> > "CheckForSignaturesBeforeRunningScan" value of 1 corresponds to the
>> > checkbox
>> > "Check for updated definitions before scanning" being checked.
>> >
>> > "ScanParameters" value of 1 corresponds to "Quick scan" being selected
>> > from
>> > the "Type of scan" dropdown.
>> >
>> > "ScheduleTime" value is the number of hours past midnight times 60
>> > minutes,
>> > and is in hexadecimal. For example, 3 am would be 3X60=180 or B4 in
>> > hex.
>> >
>> > Hope this helps.
>> >
>> > - Eric
>> >
>> > "Clarence" wrote:
>> >
>> >> When you deploy windows defender through AD GPO, can you setup a basic
>> >> configuration? (e.g. time for scanning and checking for updates?)
>> >>
>> >> "loraXXarol" wrote:
>> >>
>> >> > Hello -
>> >> >
>> >> > It had been a really fun weekend troubleshooting why Windows
>> >> > Defender
>> >> > wasn't
>> >> > installing to my WXPSP2 machines. What I found out was that,
>> >> > because
>> >> > my
>> >> > users are not Local Administrators, they had never been able to
>> >> > install
>> >> > the
>> >> > WGA ActiveX control. As a result, the Defender installation failed
>> >> > on
>> >> > every
>> >> > one.
>> >> >
>> >> > So basically, there is this great tool for centralized deployment of
>> >> > Defender (AD GPO), and a great supporting application for
>> >> > centralized
>> >> > deployment of the definitions USED by Defender (WSUS), but it's all
>> >> > MOOT in
>> >> > the face of having to touch EACH MACHINE INDIVIDUALLY to install WGA
>> >> > first?
>> >> >
>> >> > PLEASE PLEASE PLEASE give netadm's and sysadm's a tool to remotely
>> >> > deploy
>> >> > WGA. This wasted a whole weekend for me, logging into tons of
>> >> > machines
>> >> > to do
>> >> > this.
>> >> >
>> >> > Thanks -
>> >> >
>> >> > Eric McWhorter
>>
>>
>>

Did you find a solution to the WGA problem? I have the same issue. I
installed Defender using a GPO and it worked fine on test machines. But
network deployment failed due to WGA. Is there a way to deploy WGA on all
network machines first?

R. Singley, MCP

"loraXXarol" wrote:

> Hello -
>
> It had been a really fun weekend troubleshooting why Windows Defender wasn't
> installing to my WXPSP2 machines. What I found out was that, because my
> users are not Local Administrators, they had never been able to install the
> WGA ActiveX control. As a result, the Defender installation failed on every
> one.
>
> So basically, there is this great tool for centralized deployment of
> Defender (AD GPO), and a great supporting application for centralized
> deployment of the definitions USED by Defender (WSUS), but it's all MOOT in
> the face of having to touch EACH MACHINE INDIVIDUALLY to install WGA first?
>
> PLEASE PLEASE PLEASE give netadm's and sysadm's a tool to remotely deploy
> WGA. This wasted a whole weekend for me, logging into tons of machines to do
> this.
>
> Thanks -
>
> Eric McWhorter

I have this observation which I'll contribute--I'm not at all sure that it
will be useful:

WGA was rev'ed today. If you go to MicrosoftUpdate, you'll be offered a new
download to do WGA. This is the executable involved, extracted from the
WindowsUpdate log:

http://www.download.windowsupdate.co...82dcea49a0.exe

You can pull this down to a location where you can look at it or try it on a
machine which hasn't visited WindowsUpdate, and see what it does. I suspect
that it may help, but won't be the whole story.

--

"Robert S." <(E-Mail Removed)> wrote in message
news:B44E14F5-6C72-4692-BD54-(E-Mail Removed)...
> Did you find a solution to the WGA problem? I have the same issue. I
> installed Defender using a GPO and it worked fine on test machines. But
> network deployment failed due to WGA. Is there a way to deploy WGA on all
> network machines first?
>
> R. Singley, MCP
>
> "loraXXarol" wrote:
>
>> Hello -
>>
>> It had been a really fun weekend troubleshooting why Windows Defender
>> wasn't
>> installing to my WXPSP2 machines. What I found out was that, because my
>> users are not Local Administrators, they had never been able to install
>> the
>> WGA ActiveX control. As a result, the Defender installation failed on
>> every
>> one.
>>
>> So basically, there is this great tool for centralized deployment of
>> Defender (AD GPO), and a great supporting application for centralized
>> deployment of the definitions USED by Defender (WSUS), but it's all MOOT
>> in
>> the face of having to touch EACH MACHINE INDIVIDUALLY to install WGA
>> first?
>>
>> PLEASE PLEASE PLEASE give netadm's and sysadm's a tool to remotely deploy
>> WGA. This wasted a whole weekend for me, logging into tons of machines
>> to do
>> this.
>>
>> Thanks -
>>
>> Eric McWhorter

Cool!
I wonder if this can be deployed in a GPO.

"Bill Sanderson" wrote:

> I have this observation which I'll contribute--I'm not at all sure that it
> will be useful:
>
> WGA was rev'ed today. If you go to MicrosoftUpdate, you'll be offered a new
> download to do WGA. This is the executable involved, extracted from the
> WindowsUpdate log:
>
> http://www.download.windowsupdate.co...82dcea49a0.exe
>
> You can pull this down to a location where you can look at it or try it on a
> machine which hasn't visited WindowsUpdate, and see what it does. I suspect
> that it may help, but won't be the whole story.
>
> --
>
> "Robert S." <(E-Mail Removed)> wrote in message
> news:B44E14F5-6C72-4692-BD54-(E-Mail Removed)...
> > Did you find a solution to the WGA problem? I have the same issue. I
> > installed Defender using a GPO and it worked fine on test machines. But
> > network deployment failed due to WGA. Is there a way to deploy WGA on all
> > network machines first?
> >
> > R. Singley, MCP
> >
> > "loraXXarol" wrote:
> >
> >> Hello -
> >>
> >> It had been a really fun weekend troubleshooting why Windows Defender
> >> wasn't
> >> installing to my WXPSP2 machines. What I found out was that, because my
> >> users are not Local Administrators, they had never been able to install
> >> the
> >> WGA ActiveX control. As a result, the Defender installation failed on
> >> every
> >> one.
> >>
> >> So basically, there is this great tool for centralized deployment of
> >> Defender (AD GPO), and a great supporting application for centralized
> >> deployment of the definitions USED by Defender (WSUS), but it's all MOOT
> >> in
> >> the face of having to touch EACH MACHINE INDIVIDUALLY to install WGA
> >> first?
> >>
> >> PLEASE PLEASE PLEASE give netadm's and sysadm's a tool to remotely deploy
> >> WGA. This wasted a whole weekend for me, logging into tons of machines
> >> to do
> >> this.
> >>
> >> Thanks -
> >>
> >> Eric McWhorter
>
>
>