Installing Defender using Group Policy

Discussion in 'Anti-Spyware Installation' started by Guest, Apr 14, 2006.

  1. Guest

    Guest Guest

    I have been trying to install Windows Defender using Group Policy since it
    was released.

    I will go thru my steps.

    I created a domain GP called InstallWindowsDefender. Within my Group Policy
    Manager, it is linked to our domain and the security filtering is calling out
    a global security group consisiting of computers within the domain, this is
    being called TestOU right now.
    For the policy, I chose Computer Configuration, software settings, software
    installation. i created a package by navigating out to the msi file i just
    downloaded and opened it. Within the deploy software dialog box, i left it
    default at Assigned. If I look at the settings for this policy, it looks
    right. I have exported the policy to a html file, if you would like to see
    it, email me offline and i'll send it to you for review.
    For delegation, I have Domain Admins, Enterprise Admins and SYSTEM having
    edit, delete and modify security. Domain Computers have read as does my
    TestOU (the global security group of computers)

    What else am I missing, this deployement has been kicking my behind. This
    is my first attempt to deploy software this way and I would like to use it on
    other software but until I can get this to work, I am stuck.

    Any help would be greatly appreciated!!!

    Kelli
     
    Guest, Apr 14, 2006
    #1
    1. Advertisements

  2. I haven't done this. I can't recall whether I've read success stories or
    not. I am clear that Microsoft does not recommend deploying to production
    equipment, and that there are predictable problesms--like the VNC one you
    mention--that will result.

    Microsoft has announced that at release time, there will be an ADM group
    policy template file available. (However, they haven't announced when it
    will be released!)

    I'd recommend treading carefully until it is clear how it can be controlled.
    I've seen some discussion of pre-setting some settings within the app via
    ..REG files--you can look at that--but I'm not at all sure that will be
    sufficient for the VNC question. I've got VNC set as an "allow always" on
    my system--so I'll do a little exploring and see whether I can see anything
    in the registry the reflects/controls that.

    --

    "Kelli" <> wrote in message
    news:...
    >I have been trying to install Windows Defender using Group Policy since it
    > was released.
    >
    > I will go thru my steps.
    >
    > I created a domain GP called InstallWindowsDefender. Within my Group
    > Policy
    > Manager, it is linked to our domain and the security filtering is calling
    > out
    > a global security group consisiting of computers within the domain, this
    > is
    > being called TestOU right now.
    > For the policy, I chose Computer Configuration, software settings,
    > software
    > installation. i created a package by navigating out to the msi file i
    > just
    > downloaded and opened it. Within the deploy software dialog box, i left
    > it
    > default at Assigned. If I look at the settings for this policy, it looks
    > right. I have exported the policy to a html file, if you would like to
    > see
    > it, email me offline and i'll send it to you for review.
    > For delegation, I have Domain Admins, Enterprise Admins and SYSTEM having
    > edit, delete and modify security. Domain Computers have read as does my
    > TestOU (the global security group of computers)
    >
    > What else am I missing, this deployement has been kicking my behind. This
    > is my first attempt to deploy software this way and I would like to use it
    > on
    > other software but until I can get this to work, I am stuck.
    >
    > Any help would be greatly appreciated!!!
    >
    > Kelli
     
    Bill Sanderson MVP, Apr 15, 2006
    #2
    1. Advertisements

  3. I did dig through regedit looking for VNC strings, and didn't spot anything
    that was clearly Windows Defender related. I did find "VNC" as a part of
    some clearly encoded strings that I couldn't spot just what they were
    related to--I think I decided they were accidental, but maybe not..

    At any rate, I think this won't be as simple as plugging a short .REG file
    in on each machine--don't know what would be needed.

    --

    "Bill Sanderson MVP" <> wrote in message
    news:...
    >I haven't done this. I can't recall whether I've read success stories or
    >not. I am clear that Microsoft does not recommend deploying to production
    >equipment, and that there are predictable problesms--like the VNC one you
    >mention--that will result.
    >
    > Microsoft has announced that at release time, there will be an ADM group
    > policy template file available. (However, they haven't announced when it
    > will be released!)
    >
    > I'd recommend treading carefully until it is clear how it can be
    > controlled. I've seen some discussion of pre-setting some settings within
    > the app via .REG files--you can look at that--but I'm not at all sure that
    > will be sufficient for the VNC question. I've got VNC set as an "allow
    > always" on my system--so I'll do a little exploring and see whether I can
    > see anything in the registry the reflects/controls that.
    >
    > --
    >
    > "Kelli" <> wrote in message
    > news:...
    >>I have been trying to install Windows Defender using Group Policy since it
    >> was released.
    >>
    >> I will go thru my steps.
    >>
    >> I created a domain GP called InstallWindowsDefender. Within my Group
    >> Policy
    >> Manager, it is linked to our domain and the security filtering is calling
    >> out
    >> a global security group consisiting of computers within the domain, this
    >> is
    >> being called TestOU right now.
    >> For the policy, I chose Computer Configuration, software settings,
    >> software
    >> installation. i created a package by navigating out to the msi file i
    >> just
    >> downloaded and opened it. Within the deploy software dialog box, i left
    >> it
    >> default at Assigned. If I look at the settings for this policy, it looks
    >> right. I have exported the policy to a html file, if you would like to
    >> see
    >> it, email me offline and i'll send it to you for review.
    >> For delegation, I have Domain Admins, Enterprise Admins and SYSTEM having
    >> edit, delete and modify security. Domain Computers have read as does my
    >> TestOU (the global security group of computers)
    >>
    >> What else am I missing, this deployement has been kicking my behind.
    >> This
    >> is my first attempt to deploy software this way and I would like to use
    >> it on
    >> other software but until I can get this to work, I am stuck.
    >>
    >> Any help would be greatly appreciated!!!
    >>
    >> Kelli

    >
    >
     
    Bill Sanderson MVP, Apr 15, 2006
    #3
  4. Guest

    Guest Guest

    I know there are people that have done it. If only I could find those
    people...

    Here is a gpresult from a users computer ... Under computer settings, the gp
    WSUS is working just fine. Something in the InstallWindowsDefender must be
    amiss.


    C:\Documents and Settings\kzomberg>gpresult

    Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
    Copyright (C) Microsoft Corp. 1981-2001

    Created On 4/18/2006 at 10:19:36 AM


    RSOP results for DOMIAN\kzomberg on KZOMBERG : Logging Mode
    ----------------------------------------------------------------

    OS Type: Microsoft Windows XP Professional
    OS Configuration: Member Workstation
    OS Version: 5.1.2600
    Domain Name: DOMAIN
    Domain Type: Windows 2000
    Site Name: Default-First-Site-Name
    Roaming Profile:
    Local Profile: C:\Documents and Settings\kzomberg
    Connected over a slow link?: No


    COMPUTER SETTINGS
    ------------------
    CN=KZOMBERG,OU=WindowsXP,OU=Desktops,DC=XXX,DC=com
    Last time Group Policy was applied: 4/18/2006 at 9:33:14 AM
    Group Policy was applied from: dpprojects.XXX.com
    Group Policy slow link threshold: 500 kbps

    Applied Group Policy Objects
    -----------------------------
    RemoteDesktop Group Policy Object
    InstallWindowsDefender
    WSUS
    Local Group Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    DP Domain Policy
    Filtering: Not Applied (Empty)

    MapDrives - Domain Users
    Filtering: Disabled (GPO)

    The computer is a part of the following security groups:
    --------------------------------------------------------
    BUILTIN\Administrators
    Everyone
    BUILTIN\Users
    NT AUTHORITY\NETWORK
    NT AUTHORITY\Authenticated Users
    KZOMBERG$
    Domain Computers (read rights)
    TestOU - This is the Group created for the Defender install. It's
    the security filter group ... (read rights)


    USER SETTINGS
    --------------
    CN=Kristi Zomberg,OU=Central Services,DC=XXX,DC=com
    Last time Group Policy was applied: 4/18/2006 at 9:06:27 AM
    Group Policy was applied from: dpprojects.XXX.com
    Group Policy slow link threshold: 500 kbps

    Applied Group Policy Objects
    -----------------------------
    Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    DP Domain Policy
    Filtering: Not Applied (Empty)

    WSUS
    Filtering: Disabled (GPO)

    Local Group Policy
    Filtering: Not Applied (Empty)

    MapDrives - Domain Users
    Filtering: Disabled (GPO)

    The user is a part of the following security groups:
    ----------------------------------------------------
    Domain Users
    Everyone
    BUILTIN\Administrators
    BUILTIN\Users
    NT AUTHORITY\INTERACTIVE
    NT AUTHORITY\Authenticated Users
    LOCAL
    Employees
    Printer Color
    Test Printers
    Revit Users
    Printer Printshop
    FTP Users
    Viz Farm
    PublicFolderOwners
    South
    Print Shop
    Standards Group
    Standards
    HelpNET Browsers

    Here is the Settings from the GP...

    Windows Defenderhide
    Product Informationhide
    Name Windows Defender
    Version 1.1
    Language English (United States)
    Platform Intel
    Support URL http://go.microsoft.com/fwlink/?LinkId=55273

    Deployment Informationhide
    General Setting
    Deployment type Assigned
    Deployment source \\dpprojects\Setup\Software\AntiVirus AntiSpyware
    Scanners\MicrosoftWindowsDefender\WindowsDefender1347.msi
    Uninstall this application when it falls out of the scope of management
    Disabled

    Advanced Deployment Options Setting
    Ignore language when deploying this package Disabled
    Make this 32-bit X86 application available to Win64 machines Enabled
    Include OLE class and product information Enabled

    Diagnostic Information Setting
    Product code {b2d7ce29-614a-4acc-8bfe-009eb3a244c9}
    Deployment Count 0

    Securityhide
    PermissionsType Name Permission Inherited
    Allow DESIGNPLUS\Domain Admins Full control No
    Allow NT AUTHORITY\SYSTEM Full control No
    Allow NT AUTHORITY\Authenticated Users Read No
    Allow DESIGNPLUS\Domain Admins Read, Write Yes
    Allow DESIGNPLUS\Enterprise Admins Read, Write Yes
    Allow CREATOR OWNER Read, Write Yes
    Allow NT AUTHORITY\SYSTEM Read, Write Yes
    Allow DESIGNPLUS\TestOU Read Yes
    Allow DESIGNPLUS\Domain Computers Read Yes
    Allow inheritable permissions from the parent to propagate to this object
    and all child objects Enabled

    Advancedhide
    Upgrades Setting
    Required upgrade for existing packages Enabled
    Packages that this package will upgrade GPO
    None

    Packages in the current GPO that will upgrade this package None

    Categories
    None

    Transforms
    None

    "Bill Sanderson MVP" wrote:

    > I haven't done this. I can't recall whether I've read success stories or
    > not. I am clear that Microsoft does not recommend deploying to production
    > equipment, and that there are predictable problesms--like the VNC one you
    > mention--that will result.
    >
    > Microsoft has announced that at release time, there will be an ADM group
    > policy template file available. (However, they haven't announced when it
    > will be released!)
    >
    > I'd recommend treading carefully until it is clear how it can be controlled.
    > I've seen some discussion of pre-setting some settings within the app via
    > ..REG files--you can look at that--but I'm not at all sure that will be
    > sufficient for the VNC question. I've got VNC set as an "allow always" on
    > my system--so I'll do a little exploring and see whether I can see anything
    > in the registry the reflects/controls that.
    >
    > --
    >
    > "Kelli" <> wrote in message
    > news:...
    > >I have been trying to install Windows Defender using Group Policy since it
    > > was released.
    > >
    > > I will go thru my steps.
    > >
    > > I created a domain GP called InstallWindowsDefender. Within my Group
    > > Policy
    > > Manager, it is linked to our domain and the security filtering is calling
    > > out
    > > a global security group consisiting of computers within the domain, this
    > > is
    > > being called TestOU right now.
    > > For the policy, I chose Computer Configuration, software settings,
    > > software
    > > installation. i created a package by navigating out to the msi file i
    > > just
    > > downloaded and opened it. Within the deploy software dialog box, i left
    > > it
    > > default at Assigned. If I look at the settings for this policy, it looks
    > > right. I have exported the policy to a html file, if you would like to
    > > see
    > > it, email me offline and i'll send it to you for review.
    > > For delegation, I have Domain Admins, Enterprise Admins and SYSTEM having
    > > edit, delete and modify security. Domain Computers have read as does my
    > > TestOU (the global security group of computers)
    > >
    > > What else am I missing, this deployement has been kicking my behind. This
    > > is my first attempt to deploy software this way and I would like to use it
    > > on
    > > other software but until I can get this to work, I am stuck.
    > >
    > > Any help would be greatly appreciated!!!
    > >
    > > Kelli

    >
    >
    >
     
    Guest, Apr 18, 2006
    #4
  5. How about trying the public WSUS support group?

    Let me see if I can find a link for an HTML view of it:

    http://www.microsoft.com/technet/co...crosoft.public.windows.server.update_services

    should do it.

    --

    "Kelli" <> wrote in message
    news:...
    >I know there are people that have done it. If only I could find those
    > people...
    >
    > Here is a gpresult from a users computer ... Under computer settings, the
    > gp
    > WSUS is working just fine. Something in the InstallWindowsDefender must
    > be
    > amiss.
    >
    >
    > C:\Documents and Settings\kzomberg>gpresult
    >
    > Microsoft (R) Windows (R) XP Operating System Group Policy Result tool
    > v2.0
    > Copyright (C) Microsoft Corp. 1981-2001
    >
    > Created On 4/18/2006 at 10:19:36 AM
    >
    >
    > RSOP results for DOMIAN\kzomberg on KZOMBERG : Logging Mode
    > ----------------------------------------------------------------
    >
    > OS Type: Microsoft Windows XP Professional
    > OS Configuration: Member Workstation
    > OS Version: 5.1.2600
    > Domain Name: DOMAIN
    > Domain Type: Windows 2000
    > Site Name: Default-First-Site-Name
    > Roaming Profile:
    > Local Profile: C:\Documents and Settings\kzomberg
    > Connected over a slow link?: No
    >
    >
    > COMPUTER SETTINGS
    > ------------------
    > CN=KZOMBERG,OU=WindowsXP,OU=Desktops,DC=XXX,DC=com
    > Last time Group Policy was applied: 4/18/2006 at 9:33:14 AM
    > Group Policy was applied from: dpprojects.XXX.com
    > Group Policy slow link threshold: 500 kbps
    >
    > Applied Group Policy Objects
    > -----------------------------
    > RemoteDesktop Group Policy Object
    > InstallWindowsDefender
    > WSUS
    > Local Group Policy
    >
    > The following GPOs were not applied because they were filtered out
    > -------------------------------------------------------------------
    > DP Domain Policy
    > Filtering: Not Applied (Empty)
    >
    > MapDrives - Domain Users
    > Filtering: Disabled (GPO)
    >
    > The computer is a part of the following security groups:
    > --------------------------------------------------------
    > BUILTIN\Administrators
    > Everyone
    > BUILTIN\Users
    > NT AUTHORITY\NETWORK
    > NT AUTHORITY\Authenticated Users
    > KZOMBERG$
    > Domain Computers (read rights)
    > TestOU - This is the Group created for the Defender install. It's
    > the security filter group ... (read rights)
    >
    >
    > USER SETTINGS
    > --------------
    > CN=Kristi Zomberg,OU=Central Services,DC=XXX,DC=com
    > Last time Group Policy was applied: 4/18/2006 at 9:06:27 AM
    > Group Policy was applied from: dpprojects.XXX.com
    > Group Policy slow link threshold: 500 kbps
    >
    > Applied Group Policy Objects
    > -----------------------------
    > Default Domain Policy
    >
    > The following GPOs were not applied because they were filtered out
    > -------------------------------------------------------------------
    > DP Domain Policy
    > Filtering: Not Applied (Empty)
    >
    > WSUS
    > Filtering: Disabled (GPO)
    >
    > Local Group Policy
    > Filtering: Not Applied (Empty)
    >
    > MapDrives - Domain Users
    > Filtering: Disabled (GPO)
    >
    > The user is a part of the following security groups:
    > ----------------------------------------------------
    > Domain Users
    > Everyone
    > BUILTIN\Administrators
    > BUILTIN\Users
    > NT AUTHORITY\INTERACTIVE
    > NT AUTHORITY\Authenticated Users
    > LOCAL
    > Employees
    > Printer Color
    > Test Printers
    > Revit Users
    > Printer Printshop
    > FTP Users
    > Viz Farm
    > PublicFolderOwners
    > South
    > Print Shop
    > Standards Group
    > Standards
    > HelpNET Browsers
    >
    > Here is the Settings from the GP...
    >
    > Windows Defenderhide
    > Product Informationhide
    > Name Windows Defender
    > Version 1.1
    > Language English (United States)
    > Platform Intel
    > Support URL http://go.microsoft.com/fwlink/?LinkId=55273
    >
    > Deployment Informationhide
    > General Setting
    > Deployment type Assigned
    > Deployment source \\dpprojects\Setup\Software\AntiVirus AntiSpyware
    > Scanners\MicrosoftWindowsDefender\WindowsDefender1347.msi
    > Uninstall this application when it falls out of the scope of management
    > Disabled
    >
    > Advanced Deployment Options Setting
    > Ignore language when deploying this package Disabled
    > Make this 32-bit X86 application available to Win64 machines Enabled
    > Include OLE class and product information Enabled
    >
    > Diagnostic Information Setting
    > Product code {b2d7ce29-614a-4acc-8bfe-009eb3a244c9}
    > Deployment Count 0
    >
    > Securityhide
    > PermissionsType Name Permission Inherited
    > Allow DESIGNPLUS\Domain Admins Full control No
    > Allow NT AUTHORITY\SYSTEM Full control No
    > Allow NT AUTHORITY\Authenticated Users Read No
    > Allow DESIGNPLUS\Domain Admins Read, Write Yes
    > Allow DESIGNPLUS\Enterprise Admins Read, Write Yes
    > Allow CREATOR OWNER Read, Write Yes
    > Allow NT AUTHORITY\SYSTEM Read, Write Yes
    > Allow DESIGNPLUS\TestOU Read Yes
    > Allow DESIGNPLUS\Domain Computers Read Yes
    > Allow inheritable permissions from the parent to propagate to this object
    > and all child objects Enabled
    >
    > Advancedhide
    > Upgrades Setting
    > Required upgrade for existing packages Enabled
    > Packages that this package will upgrade GPO
    > None
    >
    > Packages in the current GPO that will upgrade this package None
    >
    > Categories
    > None
    >
    > Transforms
    > None
    >
    > "Bill Sanderson MVP" wrote:
    >
    >> I haven't done this. I can't recall whether I've read success stories or
    >> not. I am clear that Microsoft does not recommend deploying to
    >> production
    >> equipment, and that there are predictable problesms--like the VNC one you
    >> mention--that will result.
    >>
    >> Microsoft has announced that at release time, there will be an ADM group
    >> policy template file available. (However, they haven't announced when it
    >> will be released!)
    >>
    >> I'd recommend treading carefully until it is clear how it can be
    >> controlled.
    >> I've seen some discussion of pre-setting some settings within the app via
    >> ..REG files--you can look at that--but I'm not at all sure that will be
    >> sufficient for the VNC question. I've got VNC set as an "allow always"
    >> on
    >> my system--so I'll do a little exploring and see whether I can see
    >> anything
    >> in the registry the reflects/controls that.
    >>
    >> --
    >>
    >> "Kelli" <> wrote in message
    >> news:...
    >> >I have been trying to install Windows Defender using Group Policy since
    >> >it
    >> > was released.
    >> >
    >> > I will go thru my steps.
    >> >
    >> > I created a domain GP called InstallWindowsDefender. Within my Group
    >> > Policy
    >> > Manager, it is linked to our domain and the security filtering is
    >> > calling
    >> > out
    >> > a global security group consisiting of computers within the domain,
    >> > this
    >> > is
    >> > being called TestOU right now.
    >> > For the policy, I chose Computer Configuration, software settings,
    >> > software
    >> > installation. i created a package by navigating out to the msi file i
    >> > just
    >> > downloaded and opened it. Within the deploy software dialog box, i
    >> > left
    >> > it
    >> > default at Assigned. If I look at the settings for this policy, it
    >> > looks
    >> > right. I have exported the policy to a html file, if you would like to
    >> > see
    >> > it, email me offline and i'll send it to you for review.
    >> > For delegation, I have Domain Admins, Enterprise Admins and SYSTEM
    >> > having
    >> > edit, delete and modify security. Domain Computers have read as does
    >> > my
    >> > TestOU (the global security group of computers)
    >> >
    >> > What else am I missing, this deployement has been kicking my behind.
    >> > This
    >> > is my first attempt to deploy software this way and I would like to use
    >> > it
    >> > on
    >> > other software but until I can get this to work, I am stuck.
    >> >
    >> > Any help would be greatly appreciated!!!
    >> >
    >> > Kelli

    >>
    >>
    >>
     
    Bill Sanderson MVP, Apr 19, 2006
    #5
  6. Guest

    Guest Guest

    I will do that. Thanks!

    "Bill Sanderson MVP" wrote:

    > How about trying the public WSUS support group?
    >
    > Let me see if I can find a link for an HTML view of it:
    >
    > http://www.microsoft.com/technet/co...crosoft.public.windows.server.update_services
    >
    > should do it.
    >
    > --
    >
    > "Kelli" <> wrote in message
    > news:...
    > >I know there are people that have done it. If only I could find those
    > > people...
    > >
    > > Here is a gpresult from a users computer ... Under computer settings, the
    > > gp
    > > WSUS is working just fine. Something in the InstallWindowsDefender must
    > > be
    > > amiss.
    > >
    > >
    > > C:\Documents and Settings\kzomberg>gpresult
    > >
    > > Microsoft (R) Windows (R) XP Operating System Group Policy Result tool
    > > v2.0
    > > Copyright (C) Microsoft Corp. 1981-2001
    > >
    > > Created On 4/18/2006 at 10:19:36 AM
    > >
    > >
    > > RSOP results for DOMIAN\kzomberg on KZOMBERG : Logging Mode
    > > ----------------------------------------------------------------
    > >
    > > OS Type: Microsoft Windows XP Professional
    > > OS Configuration: Member Workstation
    > > OS Version: 5.1.2600
    > > Domain Name: DOMAIN
    > > Domain Type: Windows 2000
    > > Site Name: Default-First-Site-Name
    > > Roaming Profile:
    > > Local Profile: C:\Documents and Settings\kzomberg
    > > Connected over a slow link?: No
    > >
    > >
    > > COMPUTER SETTINGS
    > > ------------------
    > > CN=KZOMBERG,OU=WindowsXP,OU=Desktops,DC=XXX,DC=com
    > > Last time Group Policy was applied: 4/18/2006 at 9:33:14 AM
    > > Group Policy was applied from: dpprojects.XXX.com
    > > Group Policy slow link threshold: 500 kbps
    > >
    > > Applied Group Policy Objects
    > > -----------------------------
    > > RemoteDesktop Group Policy Object
    > > InstallWindowsDefender
    > > WSUS
    > > Local Group Policy
    > >
    > > The following GPOs were not applied because they were filtered out
    > > -------------------------------------------------------------------
    > > DP Domain Policy
    > > Filtering: Not Applied (Empty)
    > >
    > > MapDrives - Domain Users
    > > Filtering: Disabled (GPO)
    > >
    > > The computer is a part of the following security groups:
    > > --------------------------------------------------------
    > > BUILTIN\Administrators
    > > Everyone
    > > BUILTIN\Users
    > > NT AUTHORITY\NETWORK
    > > NT AUTHORITY\Authenticated Users
    > > KZOMBERG$
    > > Domain Computers (read rights)
    > > TestOU - This is the Group created for the Defender install. It's
    > > the security filter group ... (read rights)
    > >
    > >
    > > USER SETTINGS
    > > --------------
    > > CN=Kristi Zomberg,OU=Central Services,DC=XXX,DC=com
    > > Last time Group Policy was applied: 4/18/2006 at 9:06:27 AM
    > > Group Policy was applied from: dpprojects.XXX.com
    > > Group Policy slow link threshold: 500 kbps
    > >
    > > Applied Group Policy Objects
    > > -----------------------------
    > > Default Domain Policy
    > >
    > > The following GPOs were not applied because they were filtered out
    > > -------------------------------------------------------------------
    > > DP Domain Policy
    > > Filtering: Not Applied (Empty)
    > >
    > > WSUS
    > > Filtering: Disabled (GPO)
    > >
    > > Local Group Policy
    > > Filtering: Not Applied (Empty)
    > >
    > > MapDrives - Domain Users
    > > Filtering: Disabled (GPO)
    > >
    > > The user is a part of the following security groups:
    > > ----------------------------------------------------
    > > Domain Users
    > > Everyone
    > > BUILTIN\Administrators
    > > BUILTIN\Users
    > > NT AUTHORITY\INTERACTIVE
    > > NT AUTHORITY\Authenticated Users
    > > LOCAL
    > > Employees
    > > Printer Color
    > > Test Printers
    > > Revit Users
    > > Printer Printshop
    > > FTP Users
    > > Viz Farm
    > > PublicFolderOwners
    > > South
    > > Print Shop
    > > Standards Group
    > > Standards
    > > HelpNET Browsers
    > >
    > > Here is the Settings from the GP...
    > >
    > > Windows Defenderhide
    > > Product Informationhide
    > > Name Windows Defender
    > > Version 1.1
    > > Language English (United States)
    > > Platform Intel
    > > Support URL http://go.microsoft.com/fwlink/?LinkId=55273
    > >
    > > Deployment Informationhide
    > > General Setting
    > > Deployment type Assigned
    > > Deployment source \\dpprojects\Setup\Software\AntiVirus AntiSpyware
    > > Scanners\MicrosoftWindowsDefender\WindowsDefender1347.msi
    > > Uninstall this application when it falls out of the scope of management
    > > Disabled
    > >
    > > Advanced Deployment Options Setting
    > > Ignore language when deploying this package Disabled
    > > Make this 32-bit X86 application available to Win64 machines Enabled
    > > Include OLE class and product information Enabled
    > >
    > > Diagnostic Information Setting
    > > Product code {b2d7ce29-614a-4acc-8bfe-009eb3a244c9}
    > > Deployment Count 0
    > >
    > > Securityhide
    > > PermissionsType Name Permission Inherited
    > > Allow DESIGNPLUS\Domain Admins Full control No
    > > Allow NT AUTHORITY\SYSTEM Full control No
    > > Allow NT AUTHORITY\Authenticated Users Read No
    > > Allow DESIGNPLUS\Domain Admins Read, Write Yes
    > > Allow DESIGNPLUS\Enterprise Admins Read, Write Yes
    > > Allow CREATOR OWNER Read, Write Yes
    > > Allow NT AUTHORITY\SYSTEM Read, Write Yes
    > > Allow DESIGNPLUS\TestOU Read Yes
    > > Allow DESIGNPLUS\Domain Computers Read Yes
    > > Allow inheritable permissions from the parent to propagate to this object
    > > and all child objects Enabled
    > >
    > > Advancedhide
    > > Upgrades Setting
    > > Required upgrade for existing packages Enabled
    > > Packages that this package will upgrade GPO
    > > None
    > >
    > > Packages in the current GPO that will upgrade this package None
    > >
    > > Categories
    > > None
    > >
    > > Transforms
    > > None
    > >
    > > "Bill Sanderson MVP" wrote:
    > >
    > >> I haven't done this. I can't recall whether I've read success stories or
    > >> not. I am clear that Microsoft does not recommend deploying to
    > >> production
    > >> equipment, and that there are predictable problesms--like the VNC one you
    > >> mention--that will result.
    > >>
    > >> Microsoft has announced that at release time, there will be an ADM group
    > >> policy template file available. (However, they haven't announced when it
    > >> will be released!)
    > >>
    > >> I'd recommend treading carefully until it is clear how it can be
    > >> controlled.
    > >> I've seen some discussion of pre-setting some settings within the app via
    > >> ..REG files--you can look at that--but I'm not at all sure that will be
    > >> sufficient for the VNC question. I've got VNC set as an "allow always"
    > >> on
    > >> my system--so I'll do a little exploring and see whether I can see
    > >> anything
    > >> in the registry the reflects/controls that.
    > >>
    > >> --
    > >>
    > >> "Kelli" <> wrote in message
    > >> news:...
    > >> >I have been trying to install Windows Defender using Group Policy since
    > >> >it
    > >> > was released.
    > >> >
    > >> > I will go thru my steps.
    > >> >
    > >> > I created a domain GP called InstallWindowsDefender. Within my Group
    > >> > Policy
    > >> > Manager, it is linked to our domain and the security filtering is
    > >> > calling
    > >> > out
    > >> > a global security group consisiting of computers within the domain,
    > >> > this
    > >> > is
    > >> > being called TestOU right now.
    > >> > For the policy, I chose Computer Configuration, software settings,
    > >> > software
    > >> > installation. i created a package by navigating out to the msi file i
    > >> > just
    > >> > downloaded and opened it. Within the deploy software dialog box, i
    > >> > left
    > >> > it
    > >> > default at Assigned. If I look at the settings for this policy, it
    > >> > looks
    > >> > right. I have exported the policy to a html file, if you would like to
    > >> > see
    > >> > it, email me offline and i'll send it to you for review.
    > >> > For delegation, I have Domain Admins, Enterprise Admins and SYSTEM
    > >> > having
    > >> > edit, delete and modify security. Domain Computers have read as does
    > >> > my
    > >> > TestOU (the global security group of computers)
    > >> >
    > >> > What else am I missing, this deployement has been kicking my behind.
    > >> > This
    > >> > is my first attempt to deploy software this way and I would like to use
    > >> > it
    > >> > on
    > >> > other software but until I can get this to work, I am stuck.
    > >> >
    > >> > Any help would be greatly appreciated!!!
    > >> >
    > >> > Kelli
    > >>
    > >>
    > >>

    >
    >
    >
     
    Guest, Apr 19, 2006
    #6
  7. It's easier to use via NNTP, but the link was easier to find that way.

    I believe I have seen this discussed before--you might also check the
    ..networking group here--I can't recall whether the discussion was there or
    in the WSUS related groups. I've had great trouble making the search
    function work in the HTML groups, unfortunately.

    --

    "Kelli" <> wrote in message
    news:...
    >I will do that. Thanks!
    >
    > "Bill Sanderson MVP" wrote:
    >
    >> How about trying the public WSUS support group?
    >>
    >> Let me see if I can find a link for an HTML view of it:
    >>
    >> http://www.microsoft.com/technet/co...crosoft.public.windows.server.update_services
    >>
    >> should do it.
    >>
    >> --
    >>
    >> "Kelli" <> wrote in message
    >> news:...
    >> >I know there are people that have done it. If only I could find those
    >> > people...
    >> >
    >> > Here is a gpresult from a users computer ... Under computer settings,
    >> > the
    >> > gp
    >> > WSUS is working just fine. Something in the InstallWindowsDefender
    >> > must
    >> > be
    >> > amiss.
    >> >
    >> >
    >> > C:\Documents and Settings\kzomberg>gpresult
    >> >
    >> > Microsoft (R) Windows (R) XP Operating System Group Policy Result tool
    >> > v2.0
    >> > Copyright (C) Microsoft Corp. 1981-2001
    >> >
    >> > Created On 4/18/2006 at 10:19:36 AM
    >> >
    >> >
    >> > RSOP results for DOMIAN\kzomberg on KZOMBERG : Logging Mode
    >> > ----------------------------------------------------------------
    >> >
    >> > OS Type: Microsoft Windows XP Professional
    >> > OS Configuration: Member Workstation
    >> > OS Version: 5.1.2600
    >> > Domain Name: DOMAIN
    >> > Domain Type: Windows 2000
    >> > Site Name: Default-First-Site-Name
    >> > Roaming Profile:
    >> > Local Profile: C:\Documents and Settings\kzomberg
    >> > Connected over a slow link?: No
    >> >
    >> >
    >> > COMPUTER SETTINGS
    >> > ------------------
    >> > CN=KZOMBERG,OU=WindowsXP,OU=Desktops,DC=XXX,DC=com
    >> > Last time Group Policy was applied: 4/18/2006 at 9:33:14 AM
    >> > Group Policy was applied from: dpprojects.XXX.com
    >> > Group Policy slow link threshold: 500 kbps
    >> >
    >> > Applied Group Policy Objects
    >> > -----------------------------
    >> > RemoteDesktop Group Policy Object
    >> > InstallWindowsDefender
    >> > WSUS
    >> > Local Group Policy
    >> >
    >> > The following GPOs were not applied because they were filtered out
    >> > -------------------------------------------------------------------
    >> > DP Domain Policy
    >> > Filtering: Not Applied (Empty)
    >> >
    >> > MapDrives - Domain Users
    >> > Filtering: Disabled (GPO)
    >> >
    >> > The computer is a part of the following security groups:
    >> > --------------------------------------------------------
    >> > BUILTIN\Administrators
    >> > Everyone
    >> > BUILTIN\Users
    >> > NT AUTHORITY\NETWORK
    >> > NT AUTHORITY\Authenticated Users
    >> > KZOMBERG$
    >> > Domain Computers (read rights)
    >> > TestOU - This is the Group created for the Defender install.
    >> > It's
    >> > the security filter group ... (read rights)
    >> >
    >> >
    >> > USER SETTINGS
    >> > --------------
    >> > CN=Kristi Zomberg,OU=Central Services,DC=XXX,DC=com
    >> > Last time Group Policy was applied: 4/18/2006 at 9:06:27 AM
    >> > Group Policy was applied from: dpprojects.XXX.com
    >> > Group Policy slow link threshold: 500 kbps
    >> >
    >> > Applied Group Policy Objects
    >> > -----------------------------
    >> > Default Domain Policy
    >> >
    >> > The following GPOs were not applied because they were filtered out
    >> > -------------------------------------------------------------------
    >> > DP Domain Policy
    >> > Filtering: Not Applied (Empty)
    >> >
    >> > WSUS
    >> > Filtering: Disabled (GPO)
    >> >
    >> > Local Group Policy
    >> > Filtering: Not Applied (Empty)
    >> >
    >> > MapDrives - Domain Users
    >> > Filtering: Disabled (GPO)
    >> >
    >> > The user is a part of the following security groups:
    >> > ----------------------------------------------------
    >> > Domain Users
    >> > Everyone
    >> > BUILTIN\Administrators
    >> > BUILTIN\Users
    >> > NT AUTHORITY\INTERACTIVE
    >> > NT AUTHORITY\Authenticated Users
    >> > LOCAL
    >> > Employees
    >> > Printer Color
    >> > Test Printers
    >> > Revit Users
    >> > Printer Printshop
    >> > FTP Users
    >> > Viz Farm
    >> > PublicFolderOwners
    >> > South
    >> > Print Shop
    >> > Standards Group
    >> > Standards
    >> > HelpNET Browsers
    >> >
    >> > Here is the Settings from the GP...
    >> >
    >> > Windows Defenderhide
    >> > Product Informationhide
    >> > Name Windows Defender
    >> > Version 1.1
    >> > Language English (United States)
    >> > Platform Intel
    >> > Support URL http://go.microsoft.com/fwlink/?LinkId=55273
    >> >
    >> > Deployment Informationhide
    >> > General Setting
    >> > Deployment type Assigned
    >> > Deployment source \\dpprojects\Setup\Software\AntiVirus AntiSpyware
    >> > Scanners\MicrosoftWindowsDefender\WindowsDefender1347.msi
    >> > Uninstall this application when it falls out of the scope of management
    >> > Disabled
    >> >
    >> > Advanced Deployment Options Setting
    >> > Ignore language when deploying this package Disabled
    >> > Make this 32-bit X86 application available to Win64 machines Enabled
    >> > Include OLE class and product information Enabled
    >> >
    >> > Diagnostic Information Setting
    >> > Product code {b2d7ce29-614a-4acc-8bfe-009eb3a244c9}
    >> > Deployment Count 0
    >> >
    >> > Securityhide
    >> > PermissionsType Name Permission Inherited
    >> > Allow DESIGNPLUS\Domain Admins Full control No
    >> > Allow NT AUTHORITY\SYSTEM Full control No
    >> > Allow NT AUTHORITY\Authenticated Users Read No
    >> > Allow DESIGNPLUS\Domain Admins Read, Write Yes
    >> > Allow DESIGNPLUS\Enterprise Admins Read, Write Yes
    >> > Allow CREATOR OWNER Read, Write Yes
    >> > Allow NT AUTHORITY\SYSTEM Read, Write Yes
    >> > Allow DESIGNPLUS\TestOU Read Yes
    >> > Allow DESIGNPLUS\Domain Computers Read Yes
    >> > Allow inheritable permissions from the parent to propagate to this
    >> > object
    >> > and all child objects Enabled
    >> >
    >> > Advancedhide
    >> > Upgrades Setting
    >> > Required upgrade for existing packages Enabled
    >> > Packages that this package will upgrade GPO
    >> > None
    >> >
    >> > Packages in the current GPO that will upgrade this package None
    >> >
    >> > Categories
    >> > None
    >> >
    >> > Transforms
    >> > None
    >> >
    >> > "Bill Sanderson MVP" wrote:
    >> >
    >> >> I haven't done this. I can't recall whether I've read success stories
    >> >> or
    >> >> not. I am clear that Microsoft does not recommend deploying to
    >> >> production
    >> >> equipment, and that there are predictable problesms--like the VNC one
    >> >> you
    >> >> mention--that will result.
    >> >>
    >> >> Microsoft has announced that at release time, there will be an ADM
    >> >> group
    >> >> policy template file available. (However, they haven't announced when
    >> >> it
    >> >> will be released!)
    >> >>
    >> >> I'd recommend treading carefully until it is clear how it can be
    >> >> controlled.
    >> >> I've seen some discussion of pre-setting some settings within the app
    >> >> via
    >> >> ..REG files--you can look at that--but I'm not at all sure that will
    >> >> be
    >> >> sufficient for the VNC question. I've got VNC set as an "allow
    >> >> always"
    >> >> on
    >> >> my system--so I'll do a little exploring and see whether I can see
    >> >> anything
    >> >> in the registry the reflects/controls that.
    >> >>
    >> >> --
    >> >>
    >> >> "Kelli" <> wrote in message
    >> >> news:...
    >> >> >I have been trying to install Windows Defender using Group Policy
    >> >> >since
    >> >> >it
    >> >> > was released.
    >> >> >
    >> >> > I will go thru my steps.
    >> >> >
    >> >> > I created a domain GP called InstallWindowsDefender. Within my
    >> >> > Group
    >> >> > Policy
    >> >> > Manager, it is linked to our domain and the security filtering is
    >> >> > calling
    >> >> > out
    >> >> > a global security group consisiting of computers within the domain,
    >> >> > this
    >> >> > is
    >> >> > being called TestOU right now.
    >> >> > For the policy, I chose Computer Configuration, software settings,
    >> >> > software
    >> >> > installation. i created a package by navigating out to the msi file
    >> >> > i
    >> >> > just
    >> >> > downloaded and opened it. Within the deploy software dialog box, i
    >> >> > left
    >> >> > it
    >> >> > default at Assigned. If I look at the settings for this policy, it
    >> >> > looks
    >> >> > right. I have exported the policy to a html file, if you would like
    >> >> > to
    >> >> > see
    >> >> > it, email me offline and i'll send it to you for review.
    >> >> > For delegation, I have Domain Admins, Enterprise Admins and SYSTEM
    >> >> > having
    >> >> > edit, delete and modify security. Domain Computers have read as
    >> >> > does
    >> >> > my
    >> >> > TestOU (the global security group of computers)
    >> >> >
    >> >> > What else am I missing, this deployement has been kicking my behind.
    >> >> > This
    >> >> > is my first attempt to deploy software this way and I would like to
    >> >> > use
    >> >> > it
    >> >> > on
    >> >> > other software but until I can get this to work, I am stuck.
    >> >> >
    >> >> > Any help would be greatly appreciated!!!
    >> >> >
    >> >> > Kelli
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Bill Sanderson MVP, Apr 20, 2006
    #7
  8. Guest

    Guest Guest

    I set this up using a gpo as well, however I used the startup script area to
    implement. Have you tried this?

    "Kelli" wrote:

    > I have been trying to install Windows Defender using Group Policy since it
    > was released.
    >
    > I will go thru my steps.
    >
    > I created a domain GP called InstallWindowsDefender. Within my Group Policy
    > Manager, it is linked to our domain and the security filtering is calling out
    > a global security group consisiting of computers within the domain, this is
    > being called TestOU right now.
    > For the policy, I chose Computer Configuration, software settings, software
    > installation. i created a package by navigating out to the msi file i just
    > downloaded and opened it. Within the deploy software dialog box, i left it
    > default at Assigned. If I look at the settings for this policy, it looks
    > right. I have exported the policy to a html file, if you would like to see
    > it, email me offline and i'll send it to you for review.
    > For delegation, I have Domain Admins, Enterprise Admins and SYSTEM having
    > edit, delete and modify security. Domain Computers have read as does my
    > TestOU (the global security group of computers)
    >
    > What else am I missing, this deployement has been kicking my behind. This
    > is my first attempt to deploy software this way and I would like to use it on
    > other software but until I can get this to work, I am stuck.
    >
    > Any help would be greatly appreciated!!!
    >
    > Kelli
     
    Guest, Jun 19, 2006
    #8
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Wall

    error 103 when installing via group policy

    Michael Wall, Sep 20, 2005, in forum: Anti-Spyware Installation
    Replies:
    3
    Views:
    378
    Bill Sanderson
    Sep 21, 2005
  2. Guest

    Installing using Group Policy

    Guest, Feb 15, 2006, in forum: Anti-Spyware Installation
    Replies:
    10
    Views:
    320
    Bill Sanderson
    Feb 21, 2006
  3. Hank Yu

    Can Windows Defender be deployed to clients by group policy?

    Hank Yu, Mar 5, 2006, in forum: Anti-Spyware Installation
    Replies:
    4
    Views:
    348
    Hank Yu
    Mar 6, 2006
  4. Guest

    Error 2203Install Windows Defender Using Group Policy

    Guest, Dec 16, 2006, in forum: Anti-Spyware Installation
    Replies:
    1
    Views:
    1,288
    Bill Sanderson MVP
    Dec 16, 2006
  5. Guest

    Problem installing Windows Defnder using Group Policy

    Guest, Jul 26, 2007, in forum: Anti-Spyware Installation
    Replies:
    4
    Views:
    1,636
    Bill Sanderson MVP
    Jul 30, 2007
Loading...

Share This Page