Installing Defender using Group Policy

I have been trying to install Windows Defender using Group Policy since it
was released.

I will go thru my steps.

I created a domain GP called InstallWindowsDefender. Within my Group Policy
Manager, it is linked to our domain and the security filtering is calling out
a global security group consisiting of computers within the domain, this is
being called TestOU right now.
For the policy, I chose Computer Configuration, software settings, software
installation. i created a package by navigating out to the msi file i just
downloaded and opened it. Within the deploy software dialog box, i left it
default at Assigned. If I look at the settings for this policy, it looks
right. I have exported the policy to a html file, if you would like to see
it, email me offline and i'll send it to you for review.
For delegation, I have Domain Admins, Enterprise Admins and SYSTEM having
edit, delete and modify security. Domain Computers have read as does my
TestOU (the global security group of computers)

What else am I missing, this deployement has been kicking my behind. This
is my first attempt to deploy software this way and I would like to use it on
other software but until I can get this to work, I am stuck.

Any help would be greatly appreciated!!!

Kelli

I haven't done this. I can't recall whether I've read success stories or
not. I am clear that Microsoft does not recommend deploying to production
equipment, and that there are predictable problesms--like the VNC one you
mention--that will result.

Microsoft has announced that at release time, there will be an ADM group
policy template file available. (However, they haven't announced when it
will be released!)

I'd recommend treading carefully until it is clear how it can be controlled.
I've seen some discussion of pre-setting some settings within the app via
..REG files--you can look at that--but I'm not at all sure that will be
sufficient for the VNC question. I've got VNC set as an "allow always" on
my system--so I'll do a little exploring and see whether I can see anything
in the registry the reflects/controls that.

--

"Kelli" <Kelli@discussions.microsoft.com> wrote in message
news:CC17CC18-ABE3-415C-B757-5710E88466D7@microsoft.com...
>I have been trying to install Windows Defender using Group Policy since it
> was released.
>
> I will go thru my steps.
>
> I created a domain GP called InstallWindowsDefender. Within my Group
> Policy
> Manager, it is linked to our domain and the security filtering is calling
> out
> a global security group consisiting of computers within the domain, this
> is
> being called TestOU right now.
> For the policy, I chose Computer Configuration, software settings,
> software
> installation. i created a package by navigating out to the msi file i
> just
> downloaded and opened it. Within the deploy software dialog box, i left
> it
> default at Assigned. If I look at the settings for this policy, it looks
> right. I have exported the policy to a html file, if you would like to
> see
> it, email me offline and i'll send it to you for review.
> For delegation, I have Domain Admins, Enterprise Admins and SYSTEM having
> edit, delete and modify security. Domain Computers have read as does my
> TestOU (the global security group of computers)
>
> What else am I missing, this deployement has been kicking my behind. This
> is my first attempt to deploy software this way and I would like to use it
> on
> other software but until I can get this to work, I am stuck.
>
> Any help would be greatly appreciated!!!
>
> Kelli

I did dig through regedit looking for VNC strings, and didn't spot anything
that was clearly Windows Defender related. I did find "VNC" as a part of
some clearly encoded strings that I couldn't spot just what they were
related to--I think I decided they were accidental, but maybe not..

At any rate, I think this won't be as simple as plugging a short .REG file
in on each machine--don't know what would be needed.

--

"Bill Sanderson MVP" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:O1kAaGCYGHA.4868@TK2MSFTNGSA03.privatenews.microsoft.com...
>I haven't done this. I can't recall whether I've read success stories or
>not. I am clear that Microsoft does not recommend deploying to production
>equipment, and that there are predictable problesms--like the VNC one you
>mention--that will result.
>
> Microsoft has announced that at release time, there will be an ADM group
> policy template file available. (However, they haven't announced when it
> will be released!)
>
> I'd recommend treading carefully until it is clear how it can be
> controlled. I've seen some discussion of pre-setting some settings within
> the app via .REG files--you can look at that--but I'm not at all sure that
> will be sufficient for the VNC question. I've got VNC set as an "allow
> always" on my system--so I'll do a little exploring and see whether I can
> see anything in the registry the reflects/controls that.
>
> --
>
> "Kelli" <Kelli@discussions.microsoft.com> wrote in message
> news:CC17CC18-ABE3-415C-B757-5710E88466D7@microsoft.com...
>>I have been trying to install Windows Defender using Group Policy since it
>> was released.
>>
>> I will go thru my steps.
>>
>> I created a domain GP called InstallWindowsDefender. Within my Group
>> Policy
>> Manager, it is linked to our domain and the security filtering is calling
>> out
>> a global security group consisiting of computers within the domain, this
>> is
>> being called TestOU right now.
>> For the policy, I chose Computer Configuration, software settings,
>> software
>> installation. i created a package by navigating out to the msi file i
>> just
>> downloaded and opened it. Within the deploy software dialog box, i left
>> it
>> default at Assigned. If I look at the settings for this policy, it looks
>> right. I have exported the policy to a html file, if you would like to
>> see
>> it, email me offline and i'll send it to you for review.
>> For delegation, I have Domain Admins, Enterprise Admins and SYSTEM having
>> edit, delete and modify security. Domain Computers have read as does my
>> TestOU (the global security group of computers)
>>
>> What else am I missing, this deployement has been kicking my behind.
>> This
>> is my first attempt to deploy software this way and I would like to use
>> it on
>> other software but until I can get this to work, I am stuck.
>>
>> Any help would be greatly appreciated!!!
>>
>> Kelli
>
>

I know there are people that have done it. If only I could find those
people...

Here is a gpresult from a users computer ... Under computer settings, the gp
WSUS is working just fine. Something in the InstallWindowsDefender must be
amiss.


C:\Documents and Settings\kzomberg>gpresult

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 4/18/2006 at 10:19:36 AM


RSOP results for DOMIAN\kzomberg on KZOMBERG : Logging Mode
----------------------------------------------------------------

OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\kzomberg
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
CN=KZOMBERG,OU=WindowsXP,OU=Desktops,DC=XXX,DC=com
Last time Group Policy was applied: 4/18/2006 at 9:33:14 AM
Group Policy was applied from: dpprojects.XXX.com
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
RemoteDesktop Group Policy Object
InstallWindowsDefender
WSUS
Local Group Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
DP Domain Policy
Filtering: Not Applied (Empty)

MapDrives - Domain Users
Filtering: Disabled (GPO)

The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
KZOMBERG$
Domain Computers (read rights)
TestOU - This is the Group created for the Defender install. It's
the security filter group ... (read rights)


USER SETTINGS
--------------
CN=Kristi Zomberg,OU=Central Services,DC=XXX,DC=com
Last time Group Policy was applied: 4/18/2006 at 9:06:27 AM
Group Policy was applied from: dpprojects.XXX.com
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
DP Domain Policy
Filtering: Not Applied (Empty)

WSUS
Filtering: Disabled (GPO)

Local Group Policy
Filtering: Not Applied (Empty)

MapDrives - Domain Users
Filtering: Disabled (GPO)

The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Employees
Printer Color
Test Printers
Revit Users
Printer Printshop
FTP Users
Viz Farm
PublicFolderOwners
South
Print Shop
Standards Group
Standards
HelpNET Browsers

Here is the Settings from the GP...

Windows Defenderhide
Product Informationhide
Name Windows Defender
Version 1.1
Language English (United States)
Platform Intel
Support URL http://go.microsoft.com/fwlink/?LinkId=55273

Deployment Informationhide
General Setting
Deployment type Assigned
Deployment source \\dpprojects\Setup\Software\AntiVirus AntiSpyware
Scanners\MicrosoftWindowsDefender\WindowsDefender1347.msi
Uninstall this application when it falls out of the scope of management
Disabled

Advanced Deployment Options Setting
Ignore language when deploying this package Disabled
Make this 32-bit X86 application available to Win64 machines Enabled
Include OLE class and product information Enabled

Diagnostic Information Setting
Product code {b2d7ce29-614a-4acc-8bfe-009eb3a244c9}
Deployment Count 0

Securityhide
PermissionsType Name Permission Inherited
Allow DESIGNPLUS\Domain Admins Full control No
Allow NT AUTHORITY\SYSTEM Full control No
Allow NT AUTHORITY\Authenticated Users Read No
Allow DESIGNPLUS\Domain Admins Read, Write Yes
Allow DESIGNPLUS\Enterprise Admins Read, Write Yes
Allow CREATOR OWNER Read, Write Yes
Allow NT AUTHORITY\SYSTEM Read, Write Yes
Allow DESIGNPLUS\TestOU Read Yes
Allow DESIGNPLUS\Domain Computers Read Yes
Allow inheritable permissions from the parent to propagate to this object
and all child objects Enabled

Advancedhide
Upgrades Setting
Required upgrade for existing packages Enabled
Packages that this package will upgrade GPO
None

Packages in the current GPO that will upgrade this package None

Categories
None

Transforms
None

"Bill Sanderson MVP" wrote:

> I haven't done this. I can't recall whether I've read success stories or
> not. I am clear that Microsoft does not recommend deploying to production
> equipment, and that there are predictable problesms--like the VNC one you
> mention--that will result.
>
> Microsoft has announced that at release time, there will be an ADM group
> policy template file available. (However, they haven't announced when it
> will be released!)
>
> I'd recommend treading carefully until it is clear how it can be controlled.
> I've seen some discussion of pre-setting some settings within the app via
> ..REG files--you can look at that--but I'm not at all sure that will be
> sufficient for the VNC question. I've got VNC set as an "allow always" on
> my system--so I'll do a little exploring and see whether I can see anything
> in the registry the reflects/controls that.
>
> --
>
> "Kelli" <Kelli@discussions.microsoft.com> wrote in message
> news:CC17CC18-ABE3-415C-B757-5710E88466D7@microsoft.com...
> >I have been trying to install Windows Defender using Group Policy since it
> > was released.
> >
> > I will go thru my steps.
> >
> > I created a domain GP called InstallWindowsDefender. Within my Group
> > Policy
> > Manager, it is linked to our domain and the security filtering is calling
> > out
> > a global security group consisiting of computers within the domain, this
> > is
> > being called TestOU right now.
> > For the policy, I chose Computer Configuration, software settings,
> > software
> > installation. i created a package by navigating out to the msi file i
> > just
> > downloaded and opened it. Within the deploy software dialog box, i left
> > it
> > default at Assigned. If I look at the settings for this policy, it looks
> > right. I have exported the policy to a html file, if you would like to
> > see
> > it, email me offline and i'll send it to you for review.
> > For delegation, I have Domain Admins, Enterprise Admins and SYSTEM having
> > edit, delete and modify security. Domain Computers have read as does my
> > TestOU (the global security group of computers)
> >
> > What else am I missing, this deployement has been kicking my behind. This
> > is my first attempt to deploy software this way and I would like to use it
> > on
> > other software but until I can get this to work, I am stuck.
> >
> > Any help would be greatly appreciated!!!
> >
> > Kelli
>
>
>

How about trying the public WSUS support group?

Let me see if I can find a link for an HTML view of it:

http://www.microsoft.com/technet/co...update_services

should do it.

--

"Kelli" <Kelli@discussions.microsoft.com> wrote in message
news:23875C0C-7F80-4186-B7B0-FAEE1007504C@microsoft.com...
>I know there are people that have done it. If only I could find those
> people...
>
> Here is a gpresult from a users computer ... Under computer settings, the
> gp
> WSUS is working just fine. Something in the InstallWindowsDefender must
> be
> amiss.
>
>
> C:\Documents and Settings\kzomberg>gpresult
>
> Microsoft (R) Windows (R) XP Operating System Group Policy Result tool
> v2.0
> Copyright (C) Microsoft Corp. 1981-2001
>
> Created On 4/18/2006 at 10:19:36 AM
>
>
> RSOP results for DOMIAN\kzomberg on KZOMBERG : Logging Mode
> ----------------------------------------------------------------
>
> OS Type: Microsoft Windows XP Professional
> OS Configuration: Member Workstation
> OS Version: 5.1.2600
> Domain Name: DOMAIN
> Domain Type: Windows 2000
> Site Name: Default-First-Site-Name
> Roaming Profile:
> Local Profile: C:\Documents and Settings\kzomberg
> Connected over a slow link?: No
>
>
> COMPUTER SETTINGS
> ------------------
> CN=KZOMBERG,OU=WindowsXP,OU=Desktops,DC=XXX,DC=com
> Last time Group Policy was applied: 4/18/2006 at 9:33:14 AM
> Group Policy was applied from: dpprojects.XXX.com
> Group Policy slow link threshold: 500 kbps
>
> Applied Group Policy Objects
> -----------------------------
> RemoteDesktop Group Policy Object
> InstallWindowsDefender
> WSUS
> Local Group Policy
>
> The following GPOs were not applied because they were filtered out
> -------------------------------------------------------------------
> DP Domain Policy
> Filtering: Not Applied (Empty)
>
> MapDrives - Domain Users
> Filtering: Disabled (GPO)
>
> The computer is a part of the following security groups:
> --------------------------------------------------------
> BUILTIN\Administrators
> Everyone
> BUILTIN\Users
> NT AUTHORITY\NETWORK
> NT AUTHORITY\Authenticated Users
> KZOMBERG$
> Domain Computers (read rights)
> TestOU - This is the Group created for the Defender install. It's
> the security filter group ... (read rights)
>
>
> USER SETTINGS
> --------------
> CN=Kristi Zomberg,OU=Central Services,DC=XXX,DC=com
> Last time Group Policy was applied: 4/18/2006 at 9:06:27 AM
> Group Policy was applied from: dpprojects.XXX.com
> Group Policy slow link threshold: 500 kbps
>
> Applied Group Policy Objects
> -----------------------------
> Default Domain Policy
>
> The following GPOs were not applied because they were filtered out
> -------------------------------------------------------------------
> DP Domain Policy
> Filtering: Not Applied (Empty)
>
> WSUS
> Filtering: Disabled (GPO)
>
> Local Group Policy
> Filtering: Not Applied (Empty)
>
> MapDrives - Domain Users
> Filtering: Disabled (GPO)
>
> The user is a part of the following security groups:
> ----------------------------------------------------
> Domain Users
> Everyone
> BUILTIN\Administrators
> BUILTIN\Users
> NT AUTHORITY\INTERACTIVE
> NT AUTHORITY\Authenticated Users
> LOCAL
> Employees
> Printer Color
> Test Printers
> Revit Users
> Printer Printshop
> FTP Users
> Viz Farm
> PublicFolderOwners
> South
> Print Shop
> Standards Group
> Standards
> HelpNET Browsers
>
> Here is the Settings from the GP...
>
> Windows Defenderhide
> Product Informationhide
> Name Windows Defender
> Version 1.1
> Language English (United States)
> Platform Intel
> Support URL http://go.microsoft.com/fwlink/?LinkId=55273
>
> Deployment Informationhide
> General Setting
> Deployment type Assigned
> Deployment source \\dpprojects\Setup\Software\AntiVirus AntiSpyware
> Scanners\MicrosoftWindowsDefender\WindowsDefender1347.msi
> Uninstall this application when it falls out of the scope of management
> Disabled
>
> Advanced Deployment Options Setting
> Ignore language when deploying this package Disabled
> Make this 32-bit X86 application available to Win64 machines Enabled
> Include OLE class and product information Enabled
>
> Diagnostic Information Setting
> Product code {b2d7ce29-614a-4acc-8bfe-009eb3a244c9}
> Deployment Count 0
>
> Securityhide
> PermissionsType Name Permission Inherited
> Allow DESIGNPLUS\Domain Admins Full control No
> Allow NT AUTHORITY\SYSTEM Full control No
> Allow NT AUTHORITY\Authenticated Users Read No
> Allow DESIGNPLUS\Domain Admins Read, Write Yes
> Allow DESIGNPLUS\Enterprise Admins Read, Write Yes
> Allow CREATOR OWNER Read, Write Yes
> Allow NT AUTHORITY\SYSTEM Read, Write Yes
> Allow DESIGNPLUS\TestOU Read Yes
> Allow DESIGNPLUS\Domain Computers Read Yes
> Allow inheritable permissions from the parent to propagate to this object
> and all child objects Enabled
>
> Advancedhide
> Upgrades Setting
> Required upgrade for existing packages Enabled
> Packages that this package will upgrade GPO
> None
>
> Packages in the current GPO that will upgrade this package None
>
> Categories
> None
>
> Transforms
> None
>
> "Bill Sanderson MVP" wrote:
>
>> I haven't done this. I can't recall whether I've read success stories or
>> not. I am clear that Microsoft does not recommend deploying to
>> production
>> equipment, and that there are predictable problesms--like the VNC one you
>> mention--that will result.
>>
>> Microsoft has announced that at release time, there will be an ADM group
>> policy template file available. (However, they haven't announced when it
>> will be released!)
>>
>> I'd recommend treading carefully until it is clear how it can be
>> controlled.
>> I've seen some discussion of pre-setting some settings within the app via
>> ..REG files--you can look at that--but I'm not at all sure that will be
>> sufficient for the VNC question. I've got VNC set as an "allow always"
>> on
>> my system--so I'll do a little exploring and see whether I can see
>> anything
>> in the registry the reflects/controls that.
>>
>> --
>>
>> "Kelli" <Kelli@discussions.microsoft.com> wrote in message
>> news:CC17CC18-ABE3-415C-B757-5710E88466D7@microsoft.com...
>> >I have been trying to install Windows Defender using Group Policy since
>> >it
>> > was released.
>> >
>> > I will go thru my steps.
>> >
>> > I created a domain GP called InstallWindowsDefender. Within my Group
>> > Policy
>> > Manager, it is linked to our domain and the security filtering is
>> > calling
>> > out
>> > a global security group consisiting of computers within the domain,
>> > this
>> > is
>> > being called TestOU right now.
>> > For the policy, I chose Computer Configuration, software settings,
>> > software
>> > installation. i created a package by navigating out to the msi file i
>> > just
>> > downloaded and opened it. Within the deploy software dialog box, i
>> > left
>> > it
>> > default at Assigned. If I look at the settings for this policy, it
>> > looks
>> > right. I have exported the policy to a html file, if you would like to
>> > see
>> > it, email me offline and i'll send it to you for review.
>> > For delegation, I have Domain Admins, Enterprise Admins and SYSTEM
>> > having
>> > edit, delete and modify security. Domain Computers have read as does
>> > my
>> > TestOU (the global security group of computers)
>> >
>> > What else am I missing, this deployement has been kicking my behind.
>> > This
>> > is my first attempt to deploy software this way and I would like to use
>> > it
>> > on
>> > other software but until I can get this to work, I am stuck.
>> >
>> > Any help would be greatly appreciated!!!
>> >
>> > Kelli
>>
>>
>>

I will do that. Thanks!

"Bill Sanderson MVP" wrote:

> How about trying the public WSUS support group?
>
> Let me see if I can find a link for an HTML view of it:
>
> http://www.microsoft.com/technet/co...update_services
>
> should do it.
>
> --
>
> "Kelli" <Kelli@discussions.microsoft.com> wrote in message
> news:23875C0C-7F80-4186-B7B0-FAEE1007504C@microsoft.com...
> >I know there are people that have done it. If only I could find those
> > people...
> >
> > Here is a gpresult from a users computer ... Under computer settings, the
> > gp
> > WSUS is working just fine. Something in the InstallWindowsDefender must
> > be
> > amiss.
> >
> >
> > C:\Documents and Settings\kzomberg>gpresult
> >
> > Microsoft (R) Windows (R) XP Operating System Group Policy Result tool
> > v2.0
> > Copyright (C) Microsoft Corp. 1981-2001
> >
> > Created On 4/18/2006 at 10:19:36 AM
> >
> >
> > RSOP results for DOMIAN\kzomberg on KZOMBERG : Logging Mode
> > ----------------------------------------------------------------
> >
> > OS Type: Microsoft Windows XP Professional
> > OS Configuration: Member Workstation
> > OS Version: 5.1.2600
> > Domain Name: DOMAIN
> > Domain Type: Windows 2000
> > Site Name: Default-First-Site-Name
> > Roaming Profile:
> > Local Profile: C:\Documents and Settings\kzomberg
> > Connected over a slow link?: No
> >
> >
> > COMPUTER SETTINGS
> > ------------------
> > CN=KZOMBERG,OU=WindowsXP,OU=Desktops,DC=XXX,DC=com
> > Last time Group Policy was applied: 4/18/2006 at 9:33:14 AM
> > Group Policy was applied from: dpprojects.XXX.com
> > Group Policy slow link threshold: 500 kbps
> >
> > Applied Group Policy Objects
> > -----------------------------
> > RemoteDesktop Group Policy Object
> > InstallWindowsDefender
> > WSUS
> > Local Group Policy
> >
> > The following GPOs were not applied because they were filtered out
> > -------------------------------------------------------------------
> > DP Domain Policy
> > Filtering: Not Applied (Empty)
> >
> > MapDrives - Domain Users
> > Filtering: Disabled (GPO)
> >
> > The computer is a part of the following security groups:
> > --------------------------------------------------------
> > BUILTIN\Administrators
> > Everyone
> > BUILTIN\Users
> > NT AUTHORITY\NETWORK
> > NT AUTHORITY\Authenticated Users
> > KZOMBERG$
> > Domain Computers (read rights)
> > TestOU - This is the Group created for the Defender install. It's
> > the security filter group ... (read rights)
> >
> >
> > USER SETTINGS
> > --------------
> > CN=Kristi Zomberg,OU=Central Services,DC=XXX,DC=com
> > Last time Group Policy was applied: 4/18/2006 at 9:06:27 AM
> > Group Policy was applied from: dpprojects.XXX.com
> > Group Policy slow link threshold: 500 kbps
> >
> > Applied Group Policy Objects
> > -----------------------------
> > Default Domain Policy
> >
> > The following GPOs were not applied because they were filtered out
> > -------------------------------------------------------------------
> > DP Domain Policy
> > Filtering: Not Applied (Empty)
> >
> > WSUS
> > Filtering: Disabled (GPO)
> >
> > Local Group Policy
> > Filtering: Not Applied (Empty)
> >
> > MapDrives - Domain Users
> > Filtering: Disabled (GPO)
> >
> > The user is a part of the following security groups:
> > ----------------------------------------------------
> > Domain Users
> > Everyone
> > BUILTIN\Administrators
> > BUILTIN\Users
> > NT AUTHORITY\INTERACTIVE
> > NT AUTHORITY\Authenticated Users
> > LOCAL
> > Employees
> > Printer Color
> > Test Printers
> > Revit Users
> > Printer Printshop
> > FTP Users
> > Viz Farm
> > PublicFolderOwners
> > South
> > Print Shop
> > Standards Group
> > Standards
> > HelpNET Browsers
> >
> > Here is the Settings from the GP...
> >
> > Windows Defenderhide
> > Product Informationhide
> > Name Windows Defender
> > Version 1.1
> > Language English (United States)
> > Platform Intel
> > Support URL http://go.microsoft.com/fwlink/?LinkId=55273
> >
> > Deployment Informationhide
> > General Setting
> > Deployment type Assigned
> > Deployment source \\dpprojects\Setup\Software\AntiVirus AntiSpyware
> > Scanners\MicrosoftWindowsDefender\WindowsDefender1347.msi
> > Uninstall this application when it falls out of the scope of management
> > Disabled
> >
> > Advanced Deployment Options Setting
> > Ignore language when deploying this package Disabled
> > Make this 32-bit X86 application available to Win64 machines Enabled
> > Include OLE class and product information Enabled
> >
> > Diagnostic Information Setting
> > Product code {b2d7ce29-614a-4acc-8bfe-009eb3a244c9}
> > Deployment Count 0
> >
> > Securityhide
> > PermissionsType Name Permission Inherited
> > Allow DESIGNPLUS\Domain Admins Full control No
> > Allow NT AUTHORITY\SYSTEM Full control No
> > Allow NT AUTHORITY\Authenticated Users Read No
> > Allow DESIGNPLUS\Domain Admins Read, Write Yes
> > Allow DESIGNPLUS\Enterprise Admins Read, Write Yes
> > Allow CREATOR OWNER Read, Write Yes
> > Allow NT AUTHORITY\SYSTEM Read, Write Yes
> > Allow DESIGNPLUS\TestOU Read Yes
> > Allow DESIGNPLUS\Domain Computers Read Yes
> > Allow inheritable permissions from the parent to propagate to this object
> > and all child objects Enabled
> >
> > Advancedhide
> > Upgrades Setting
> > Required upgrade for existing packages Enabled
> > Packages that this package will upgrade GPO
> > None
> >
> > Packages in the current GPO that will upgrade this package None
> >
> > Categories
> > None
> >
> > Transforms
> > None
> >
> > "Bill Sanderson MVP" wrote:
> >
> >> I haven't done this. I can't recall whether I've read success stories or
> >> not. I am clear that Microsoft does not recommend deploying to
> >> production
> >> equipment, and that there are predictable problesms--like the VNC one you
> >> mention--that will result.
> >>
> >> Microsoft has announced that at release time, there will be an ADM group
> >> policy template file available. (However, they haven't announced when it
> >> will be released!)
> >>
> >> I'd recommend treading carefully until it is clear how it can be
> >> controlled.
> >> I've seen some discussion of pre-setting some settings within the app via
> >> ..REG files--you can look at that--but I'm not at all sure that will be
> >> sufficient for the VNC question. I've got VNC set as an "allow always"
> >> on
> >> my system--so I'll do a little exploring and see whether I can see
> >> anything
> >> in the registry the reflects/controls that.
> >>
> >> --
> >>
> >> "Kelli" <Kelli@discussions.microsoft.com> wrote in message
> >> news:CC17CC18-ABE3-415C-B757-5710E88466D7@microsoft.com...
> >> >I have been trying to install Windows Defender using Group Policy since
> >> >it
> >> > was released.
> >> >
> >> > I will go thru my steps.
> >> >
> >> > I created a domain GP called InstallWindowsDefender. Within my Group
> >> > Policy
> >> > Manager, it is linked to our domain and the security filtering is
> >> > calling
> >> > out
> >> > a global security group consisiting of computers within the domain,
> >> > this
> >> > is
> >> > being called TestOU right now.
> >> > For the policy, I chose Computer Configuration, software settings,
> >> > software
> >> > installation. i created a package by navigating out to the msi file i
> >> > just
> >> > downloaded and opened it. Within the deploy software dialog box, i
> >> > left
> >> > it
> >> > default at Assigned. If I look at the settings for this policy, it
> >> > looks
> >> > right. I have exported the policy to a html file, if you would like to
> >> > see
> >> > it, email me offline and i'll send it to you for review.
> >> > For delegation, I have Domain Admins, Enterprise Admins and SYSTEM
> >> > having
> >> > edit, delete and modify security. Domain Computers have read as does
> >> > my
> >> > TestOU (the global security group of computers)
> >> >
> >> > What else am I missing, this deployement has been kicking my behind.
> >> > This
> >> > is my first attempt to deploy software this way and I would like to use
> >> > it
> >> > on
> >> > other software but until I can get this to work, I am stuck.
> >> >
> >> > Any help would be greatly appreciated!!!
> >> >
> >> > Kelli
> >>
> >>
> >>
>
>
>

It's easier to use via NNTP, but the link was easier to find that way.

I believe I have seen this discussed before--you might also check the
..networking group here--I can't recall whether the discussion was there or
in the WSUS related groups. I've had great trouble making the search
function work in the HTML groups, unfortunately.

--

"Kelli" <Kelli@discussions.microsoft.com> wrote in message
news:9B1C9F99-C5A1-4E5C-8FBE-900AD7939DB3@microsoft.com...
>I will do that. Thanks!
>
> "Bill Sanderson MVP" wrote:
>
>> How about trying the public WSUS support group?
>>
>> Let me see if I can find a link for an HTML view of it:
>>
>> http://www.microsoft.com/technet/co...update_services
>>
>> should do it.
>>
>> --
>>
>> "Kelli" <Kelli@discussions.microsoft.com> wrote in message
>> news:23875C0C-7F80-4186-B7B0-FAEE1007504C@microsoft.com...
>> >I know there are people that have done it. If only I could find those
>> > people...
>> >
>> > Here is a gpresult from a users computer ... Under computer settings,
>> > the
>> > gp
>> > WSUS is working just fine. Something in the InstallWindowsDefender
>> > must
>> > be
>> > amiss.
>> >
>> >
>> > C:\Documents and Settings\kzomberg>gpresult
>> >
>> > Microsoft (R) Windows (R) XP Operating System Group Policy Result tool
>> > v2.0
>> > Copyright (C) Microsoft Corp. 1981-2001
>> >
>> > Created On 4/18/2006 at 10:19:36 AM
>> >
>> >
>> > RSOP results for DOMIAN\kzomberg on KZOMBERG : Logging Mode
>> > ----------------------------------------------------------------
>> >
>> > OS Type: Microsoft Windows XP Professional
>> > OS Configuration: Member Workstation
>> > OS Version: 5.1.2600
>> > Domain Name: DOMAIN
>> > Domain Type: Windows 2000
>> > Site Name: Default-First-Site-Name
>> > Roaming Profile:
>> > Local Profile: C:\Documents and Settings\kzomberg
>> > Connected over a slow link?: No
>> >
>> >
>> > COMPUTER SETTINGS
>> > ------------------
>> > CN=KZOMBERG,OU=WindowsXP,OU=Desktops,DC=XXX,DC=com
>> > Last time Group Policy was applied: 4/18/2006 at 9:33:14 AM
>> > Group Policy was applied from: dpprojects.XXX.com
>> > Group Policy slow link threshold: 500 kbps
>> >
>> > Applied Group Policy Objects
>> > -----------------------------
>> > RemoteDesktop Group Policy Object
>> > InstallWindowsDefender
>> > WSUS
>> > Local Group Policy
>> >
>> > The following GPOs were not applied because they were filtered out
>> > -------------------------------------------------------------------
>> > DP Domain Policy
>> > Filtering: Not Applied (Empty)
>> >
>> > MapDrives - Domain Users
>> > Filtering: Disabled (GPO)
>> >
>> > The computer is a part of the following security groups:
>> > --------------------------------------------------------
>> > BUILTIN\Administrators
>> > Everyone
>> > BUILTIN\Users
>> > NT AUTHORITY\NETWORK
>> > NT AUTHORITY\Authenticated Users
>> > KZOMBERG$
>> > Domain Computers (read rights)
>> > TestOU - This is the Group created for the Defender install.
>> > It's
>> > the security filter group ... (read rights)
>> >
>> >
>> > USER SETTINGS
>> > --------------
>> > CN=Kristi Zomberg,OU=Central Services,DC=XXX,DC=com
>> > Last time Group Policy was applied: 4/18/2006 at 9:06:27 AM
>> > Group Policy was applied from: dpprojects.XXX.com
>> > Group Policy slow link threshold: 500 kbps
>> >
>> > Applied Group Policy Objects
>> > -----------------------------
>> > Default Domain Policy
>> >
>> > The following GPOs were not applied because they were filtered out
>> > -------------------------------------------------------------------
>> > DP Domain Policy
>> > Filtering: Not Applied (Empty)
>> >
>> > WSUS
>> > Filtering: Disabled (GPO)
>> >
>> > Local Group Policy
>> > Filtering: Not Applied (Empty)
>> >
>> > MapDrives - Domain Users
>> > Filtering: Disabled (GPO)
>> >
>> > The user is a part of the following security groups:
>> > ----------------------------------------------------
>> > Domain Users
>> > Everyone
>> > BUILTIN\Administrators
>> > BUILTIN\Users
>> > NT AUTHORITY\INTERACTIVE
>> > NT AUTHORITY\Authenticated Users
>> > LOCAL
>> > Employees
>> > Printer Color
>> > Test Printers
>> > Revit Users
>> > Printer Printshop
>> > FTP Users
>> > Viz Farm
>> > PublicFolderOwners
>> > South
>> > Print Shop
>> > Standards Group
>> > Standards
>> > HelpNET Browsers
>> >
>> > Here is the Settings from the GP...
>> >
>> > Windows Defenderhide
>> > Product Informationhide
>> > Name Windows Defender
>> > Version 1.1
>> > Language English (United States)
>> > Platform Intel
>> > Support URL http://go.microsoft.com/fwlink/?LinkId=55273
>> >
>> > Deployment Informationhide
>> > General Setting
>> > Deployment type Assigned
>> > Deployment source \\dpprojects\Setup\Software\AntiVirus AntiSpyware
>> > Scanners\MicrosoftWindowsDefender\WindowsDefender1347.msi
>> > Uninstall this application when it falls out of the scope of management
>> > Disabled
>> >
>> > Advanced Deployment Options Setting
>> > Ignore language when deploying this package Disabled
>> > Make this 32-bit X86 application available to Win64 machines Enabled
>> > Include OLE class and product information Enabled
>> >
>> > Diagnostic Information Setting
>> > Product code {b2d7ce29-614a-4acc-8bfe-009eb3a244c9}
>> > Deployment Count 0
>> >
>> > Securityhide
>> > PermissionsType Name Permission Inherited
>> > Allow DESIGNPLUS\Domain Admins Full control No
>> > Allow NT AUTHORITY\SYSTEM Full control No
>> > Allow NT AUTHORITY\Authenticated Users Read No
>> > Allow DESIGNPLUS\Domain Admins Read, Write Yes
>> > Allow DESIGNPLUS\Enterprise Admins Read, Write Yes
>> > Allow CREATOR OWNER Read, Write Yes
>> > Allow NT AUTHORITY\SYSTEM Read, Write Yes
>> > Allow DESIGNPLUS\TestOU Read Yes
>> > Allow DESIGNPLUS\Domain Computers Read Yes
>> > Allow inheritable permissions from the parent to propagate to this
>> > object
>> > and all child objects Enabled
>> >
>> > Advancedhide
>> > Upgrades Setting
>> > Required upgrade for existing packages Enabled
>> > Packages that this package will upgrade GPO
>> > None
>> >
>> > Packages in the current GPO that will upgrade this package None
>> >
>> > Categories
>> > None
>> >
>> > Transforms
>> > None
>> >
>> > "Bill Sanderson MVP" wrote:
>> >
>> >> I haven't done this. I can't recall whether I've read success stories
>> >> or
>> >> not. I am clear that Microsoft does not recommend deploying to
>> >> production
>> >> equipment, and that there are predictable problesms--like the VNC one
>> >> you
>> >> mention--that will result.
>> >>
>> >> Microsoft has announced that at release time, there will be an ADM
>> >> group
>> >> policy template file available. (However, they haven't announced when
>> >> it
>> >> will be released!)
>> >>
>> >> I'd recommend treading carefully until it is clear how it can be
>> >> controlled.
>> >> I've seen some discussion of pre-setting some settings within the app
>> >> via
>> >> ..REG files--you can look at that--but I'm not at all sure that will
>> >> be
>> >> sufficient for the VNC question. I've got VNC set as an "allow
>> >> always"
>> >> on
>> >> my system--so I'll do a little exploring and see whether I can see
>> >> anything
>> >> in the registry the reflects/controls that.
>> >>
>> >> --
>> >>
>> >> "Kelli" <Kelli@discussions.microsoft.com> wrote in message
>> >> news:CC17CC18-ABE3-415C-B757-5710E88466D7@microsoft.com...
>> >> >I have been trying to install Windows Defender using Group Policy
>> >> >since
>> >> >it
>> >> > was released.
>> >> >
>> >> > I will go thru my steps.
>> >> >
>> >> > I created a domain GP called InstallWindowsDefender. Within my
>> >> > Group
>> >> > Policy
>> >> > Manager, it is linked to our domain and the security filtering is
>> >> > calling
>> >> > out
>> >> > a global security group consisiting of computers within the domain,
>> >> > this
>> >> > is
>> >> > being called TestOU right now.
>> >> > For the policy, I chose Computer Configuration, software settings,
>> >> > software
>> >> > installation. i created a package by navigating out to the msi file
>> >> > i
>> >> > just
>> >> > downloaded and opened it. Within the deploy software dialog box, i
>> >> > left
>> >> > it
>> >> > default at Assigned. If I look at the settings for this policy, it
>> >> > looks
>> >> > right. I have exported the policy to a html file, if you would like
>> >> > to
>> >> > see
>> >> > it, email me offline and i'll send it to you for review.
>> >> > For delegation, I have Domain Admins, Enterprise Admins and SYSTEM
>> >> > having
>> >> > edit, delete and modify security. Domain Computers have read as
>> >> > does
>> >> > my
>> >> > TestOU (the global security group of computers)
>> >> >
>> >> > What else am I missing, this deployement has been kicking my behind.
>> >> > This
>> >> > is my first attempt to deploy software this way and I would like to
>> >> > use
>> >> > it
>> >> > on
>> >> > other software but until I can get this to work, I am stuck.
>> >> >
>> >> > Any help would be greatly appreciated!!!
>> >> >
>> >> > Kelli
>> >>
>> >>
>> >>
>>
>>
>>

I set this up using a gpo as well, however I used the startup script area to
implement. Have you tried this?

"Kelli" wrote:

> I have been trying to install Windows Defender using Group Policy since it
> was released.
>
> I will go thru my steps.
>
> I created a domain GP called InstallWindowsDefender. Within my Group Policy
> Manager, it is linked to our domain and the security filtering is calling out
> a global security group consisiting of computers within the domain, this is
> being called TestOU right now.
> For the policy, I chose Computer Configuration, software settings, software
> installation. i created a package by navigating out to the msi file i just
> downloaded and opened it. Within the deploy software dialog box, i left it
> default at Assigned. If I look at the settings for this policy, it looks
> right. I have exported the policy to a html file, if you would like to see
> it, email me offline and i'll send it to you for review.
> For delegation, I have Domain Admins, Enterprise Admins and SYSTEM having
> edit, delete and modify security. Domain Computers have read as does my
> TestOU (the global security group of computers)
>
> What else am I missing, this deployement has been kicking my behind. This
> is my first attempt to deploy software this way and I would like to use it on
> other software but until I can get this to work, I am stuck.
>
> Any help would be greatly appreciated!!!
>
> Kelli