Hi,

I've just downloaded Windows Defender (Beta2), and would like to deploy it
to some of our clients via GPO. I have created a Test GPO, and added the
package, after rebooting the test machine the install works. However, I was
wondering if it would be possible to configure Defender via the GPO, i.e.
scan time, type of scan, allowed programs etc. If not, I could write my own
admin template to add to the GPO, but not sure if this would be 100%
reliable, it's always been a bit fiddly in the past.
Is it possible to 'slipstream' the latest definitions into the install MSI,
before it gets installed on the client workstations? It would be nice to be
able to roll out an updated package, so users do not have to immediately
update it after it's installed.
Also we have a WSUS server on our network, I have added the new Defender
category, and approved the latest definitions for install, however when I
set Defender to check for updates, it says it couldn't find any new
definitions or scan engines. Is it not communicating with the WSUS server?
Or is something else wrong?

Cheers

Ben

There are other messages in this group, or perhaps in .networking, which
address some of your questions. Microsoft states that an ADM document
allowing group policy management will be available by release time. No time
for that has been set that I've seen.

The internal update mechanism of Windows Defender should user autoupdate,
which should be reaching your WSUS server--I'd double check things there.
You can trigger a check for updates via Help, about, check for updates.

--

"Ben [MCSE]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> I've just downloaded Windows Defender (Beta2), and would like to deploy it
> to some of our clients via GPO. I have created a Test GPO, and added the
> package, after rebooting the test machine the install works. However, I
> was wondering if it would be possible to configure Defender via the GPO,
> i.e. scan time, type of scan, allowed programs etc. If not, I could write
> my own admin template to add to the GPO, but not sure if this would be
> 100% reliable, it's always been a bit fiddly in the past.
> Is it possible to 'slipstream' the latest definitions into the install
> MSI, before it gets installed on the client workstations? It would be nice
> to be able to roll out an updated package, so users do not have to
> immediately update it after it's installed.
> Also we have a WSUS server on our network, I have added the new Defender
> category, and approved the latest definitions for install, however when I
> set Defender to check for updates, it says it couldn't find any new
> definitions or scan engines. Is it not communicating with the WSUS server?
> Or is something else wrong?
>
> Cheers
>
> Ben
>

Hi Bill,

Thanks for the reply.

Just found that out after looking into writing my own ADM templates:

"It is not possible to configure Windows Defender (Beta 2) through Group
Policy settings. The final version of Windows Defender will include
administrator (.adm) files so that you can configure Windows Defender
through Group Policy."

Damn! Hope MS release this as a proper version soon, it feels like it's been
in beta for years!

After rebooting my laptop, the update seemed to work properly, connecting to
our WSUS server, and downloading the new definitions.

Ben

"Bill Sanderson" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> There are other messages in this group, or perhaps in .networking, which
> address some of your questions. Microsoft states that an ADM document
> allowing group policy management will be available by release time. No
> time for that has been set that I've seen.
>
> The internal update mechanism of Windows Defender should user autoupdate,
> which should be reaching your WSUS server--I'd double check things there.
> You can trigger a check for updates via Help, about, check for updates.
>
> --
>
> "Ben [MCSE]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi,
>>
>> I've just downloaded Windows Defender (Beta2), and would like to deploy
>> it to some of our clients via GPO. I have created a Test GPO, and added
>> the package, after rebooting the test machine the install works. However,
>> I was wondering if it would be possible to configure Defender via the
>> GPO, i.e. scan time, type of scan, allowed programs etc. If not, I could
>> write my own admin template to add to the GPO, but not sure if this would
>> be 100% reliable, it's always been a bit fiddly in the past.
>> Is it possible to 'slipstream' the latest definitions into the install
>> MSI, before it gets installed on the client workstations? It would be
>> nice to be able to roll out an updated package, so users do not have to
>> immediately update it after it's installed.
>> Also we have a WSUS server on our network, I have added the new Defender
>> category, and approved the latest definitions for install, however when I
>> set Defender to check for updates, it says it couldn't find any new
>> definitions or scan engines. Is it not communicating with the WSUS
>> server? Or is something else wrong?
>>
>> Cheers
>>
>> Ben
>>
>
>

Glad to hear that the update corrected itself. There are some posts here or
install about some registry options--for example, if you turn off all the
real-time protection agents and save that choice, and then turn them back on,
you can see keys that control their use--and could selectively disable one
that was causing problems in your environment, for example.

"Ben [MCSE]" wrote:

> Hi Bill,
>
> Thanks for the reply.
>
> Just found that out after looking into writing my own ADM templates:
>
> "It is not possible to configure Windows Defender (Beta 2) through Group
> Policy settings. The final version of Windows Defender will include
> administrator (.adm) files so that you can configure Windows Defender
> through Group Policy."
>
> Damn! Hope MS release this as a proper version soon, it feels like it's been
> in beta for years!
>
> After rebooting my laptop, the update seemed to work properly, connecting to
> our WSUS server, and downloading the new definitions.
>
> Ben
>
> "Bill Sanderson" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > There are other messages in this group, or perhaps in .networking, which
> > address some of your questions. Microsoft states that an ADM document
> > allowing group policy management will be available by release time. No
> > time for that has been set that I've seen.
> >
> > The internal update mechanism of Windows Defender should user autoupdate,
> > which should be reaching your WSUS server--I'd double check things there.
> > You can trigger a check for updates via Help, about, check for updates.
> >
> > --
> >
> > "Ben [MCSE]" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Hi,
> >>
> >> I've just downloaded Windows Defender (Beta2), and would like to deploy
> >> it to some of our clients via GPO. I have created a Test GPO, and added
> >> the package, after rebooting the test machine the install works. However,
> >> I was wondering if it would be possible to configure Defender via the
> >> GPO, i.e. scan time, type of scan, allowed programs etc. If not, I could
> >> write my own admin template to add to the GPO, but not sure if this would
> >> be 100% reliable, it's always been a bit fiddly in the past.
> >> Is it possible to 'slipstream' the latest definitions into the install
> >> MSI, before it gets installed on the client workstations? It would be
> >> nice to be able to roll out an updated package, so users do not have to
> >> immediately update it after it's installed.
> >> Also we have a WSUS server on our network, I have added the new Defender
> >> category, and approved the latest definitions for install, however when I
> >> set Defender to check for updates, it says it couldn't find any new
> >> definitions or scan engines. Is it not communicating with the WSUS
> >> server? Or is something else wrong?
> >>
> >> Cheers
> >>
> >> Ben
> >>
> >
> >
>
>
>