| Author | Messages | |
Freeplay
Posts:1
 | | 08/06/2010 4:10 PM |
|
good day, I read the faq section on software deployment and was pleased that I have tried adjusting the policy as described. Unfortunately I am still getting mixed results of some installs completing and others never seeming to start.
I have attached the html report (edited) from GPMC, I am not sure if there is any other info that might help.
IS Policy Test
Data collected on: 6/21/2010 10:08:46 AM
General
Details
Domain
MyDomain
Owner
MyParentDomain\adminacct
Created
4/13/2010 9:01:14 AM
Modified
5/17/2010 2:49:04 PM
User Revisions
1 (AD), 1 (sysvol)
Computer Revisions
61 (AD), 61 (sysvol)
Unique ID
{XXXXXXXXXXXXXXXXXXXXXXX}
GPO Status
Enabled
Links
Location
Enforced
Link Status
Path
IS policy test
Yes
Enabled
MyDomain/Domain Computers/Workstations/IS policy test
Desktop x86
Yes
Enabled
MyDomain /Domain Computers/Workstations/Symantec AV migration/Desktop x86
Laptop x86
Yes
Enabled
MyDomain /Domain Computers/Workstations/Symantec AV migration/Laptop x86
This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
MyDomain \Domain Computers
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name
None
Description
Not applicable
Delegation
These groups and users have the specified permission for this GPO
Name
Allowed Permissions
Inherited
MYPARENTDOMAIN\adminacct
Edit settings, delete, modify security
No
MYPARENTDOMAIN\Enterprise Admins
Edit settings, delete, modify security
No
MyDomain \Domain Admins
Edit settings, delete, modify security
No
MYDOMAIN\Domain Computers
Read (from Security Filtering)
No
NT AUTHORITY\Authenticated Users
Read (from Security Filtering)
No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Read
No
NT AUTHORITY\SYSTEM
Edit settings, delete, modify security
No
Computer Configuration (Enabled)
Software Settings
Assigned Applications
Symantec Endpoint Protection
Product Information
Name
Symantec Endpoint Protection
Version
11.0
Language
English (United States)
Platform
Intel
Support URL
http://www.symantec.com/enterprise/support
Deployment Information
General
Setting
Deployment type
Assigned
Deployment source
\\nvMyDomaindc02\NETLOGON\EPP Package\Symantec Antivirus.msi
Uninstall this application when it falls out of the scope of management
Disabled
Advanced Deployment Options
Setting
Ignore language when deploying this package
Disabled
Make this 32-bit X86 application available to Win64 machines
Disabled
Include OLE class and product information
Enabled
Diagnostic Information
Setting
Product code
{XXXXXXXXXXXXXXXXXXX}
Deployment Count
0
Security
Permissions
Type
Name
Permission
Inherited
Allow
MYDOMAIN\Domain Admins
Full control
No
Allow
NT AUTHORITY\SYSTEM
Full control
No
Allow
NT AUTHORITY\Authenticated Users
Read
No
Allow
MYDOMAIN\Domain Admins
Read, Write
Yes
Allow
MYPARENTDOMAIN\Enterprise Admins
Read, Write
Yes
Allow
MYPARENTDOMAIN\adminacct
Read, Write
Yes
Allow
CREATOR OWNER
Read, Write
Yes
Allow
NT AUTHORITY\SYSTEM
Read, Write
Yes
Allow
NT AUTHORITY\Authenticated Users
Read
Yes
Allow
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Read
Yes
Allow
MYDOMAIN\Domain Computers
Read
Yes
Allow inheritable permissions from the parent to propagate to this object and all child objects
Enabled
Advanced
Upgrades
Setting
Required upgrade for existing packages
Enabled
Packages that this package will upgrade
GPO
None
Packages in the current GPO that will upgrade this package
None
Categories
None
Transforms
None
Windows Settings
Security Settings
Software Restriction Policies
Enforcement
Policy
Setting
Apply software restriction policies to
All software files except libraries (such as DLLs)
Apply software restriction policies to the following users
All users
Designated File Types
File Extension
File Type
ADE
ADE File
ADP
ADP File
BAS
BAS File
BAT
Windows Batch File
CHM
Compiled HTML Help file
CMD
Windows Command Script
COM
Application
CPL
Control Panel extension
CRT
Security Certificate
EXE
Application
HLP
Help File
HTA
HTML Application
INF
Setup Information
INS
Internet Communication Settings
ISP
Internet Communication Settings
LNK
Shortcut
MDB
MDB File
MDE
MDE File
MSC
Microsoft Common Console Document
MSI
Windows Installer Package
MSP
Windows Installer Patch
MST
MST File
OCX
ActiveX Control
PCD
PCD File
PIF
Shortcut to Program
REG
Registration Entries
SCR
Screen Saver
SHS
Scrap object
URL
Internet Shortcut
VB
VB File
WSC
Windows Script Component
Trusted Publishers
Allow the following users to select trusted publishers
End users
Before trusting a publisher, check the following to determine if the certificate is revoked
None
Software Restriction Policies/Security Levels
Policy
Setting
Default Security Level
Unrestricted
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
Administrative Templates
System/Group Policy
Policy
Setting
Software Installation policy processing
Enabled
Allow processing across a slow network connection
Enabled
Process even if the Group Policy objects have not changed
Enabled
System/Logon
Policy
Setting
Always wait for the network at computer startup and logon
Enabled
Windows Components/Windows Installer
Policy
Setting
Always install with elevated privileges
Enabled
This setting must be set for the machine and the user to be enforced.
User Configuration (Enabled)
Administrative Templates
Windows Components/Windows Installer
Policy
Setting
Always install with elevated privileges
Enabled
This setting must be set for the machine and the user to be enforced.
Many thanks for your time and effort.
Scott Brooks, MCP
Personal and/or Confidential
If you have received this e-mail in error please reply to the sender and delete the original, The information contained in this message is of a personal and/or confidential nature unauthorized dissemination or disclosure is prohibited to the maximum extent of the law.
Scott Brooks, MCP
Personal and/or Confidential
If you have received this e-mail in error please reply to the sender and delete the original, The information contained in this message is of a personal and/or confidential nature unauthorized dissemination or disclosure is prohibited to the maximum extent of the law.
_________________________________________________________________
Hotmail is redefining busy with tools for the New Busy. Get more from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL N:WL:en-US:WM_HMP:042010_2
| | | |
| mdzikowski
Posts:71
| | 08/06/2010 4:12 PM |
| SEP usually creates a silent installer and you can grab the MSI...which it looks like you did...
Now, one thing stood out to me was this : "computer accounts to the permissions of the source share"
Check the permissions of your share. Did you put the installers in some place where all machines/users can see on the domain?
Mike D-
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of scott brooks
Sent: Monday, June 21, 2010 4:08 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] software deployment symantec EPP fails
Yes it is a quite insall until the end at requst for reboot, Thanks for the help I'll check out the tool right away.
Scott Brooks, MCP
Personal and/or Confidential
If you have received this e-mail in error please reply to the sender and delete the original, The information contained in this message is of a personal and/or confidential nature unauthorized dissemination or disclosure is prohibited to the maximum extent of the law.
________________________________
From: xxxxxxxxxxxxxxxx
To: xxxxxxxxxxxxxxxx
Date: Mon, 21 Jun 2010 11:32:55 -0700
Subject: RE: [gptalk] software deployment symantec EPP fails
Have you checked to make sure the MSI can install unattended (i.e. without throwing prompts?). Also, you can enable verbose Software Installation logging, which can help track down these kinds of unseen errors. Check out the logging ADM I have on the Free Tools part of gpoguy.com. It contains, among other things, the registry value to enable for verbose GPSI logging.
Darren
________________________________
From: xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On Behalf Of scott brooks [xxxxxxxxxxxxxxxx]
Sent: Monday, June 21, 2010 11:25 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] software deployment symantec EPP fails
The only meesage that we recieved was for the MSI not being available and that was when I added the computer accounts to the permissions of the source share.
Scott Brooks, MCP
Personal and/or Confidential
If you have received this e-mail in error please reply to the sender and delete the original, The information contained in this message is of a personal and/or confidential nature unauthorized dissemination or disclosure is prohibited to the maximum extent of the law.
________________________________
From: xxxxxxxxxxxxxxxx
To: xxxxxxxxxxxxxxxx
Date: Mon, 21 Jun 2010 11:12:54 -0700
Subject: RE: [gptalk] software deployment symantec EPP fails
Scott-
Have you seen any messages/errors in the application event log of source "Application Management" that might give a clue to the problem?
Darren
________________________________
From: xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On Behalf Of scott brooks [xxxxxxxxxxxxxxxx]
Sent: Monday, June 21, 2010 10:28 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] software deployment symantec EPP fails
good day, I read the faq section on software deployment and was pleased that I have tried adjusting the policy as described. Unfortunately I am still getting mixed results of some installs completing and others never seeming to start.
I have attached the html report (edited) from GPMC, I am not sure if there is any other info that might help.
IS Policy Test
Data collected on: 6/21/2010 10:08:46 AM
General
Details
Domain
MyDomain
Owner
MyParentDomain\adminacct
Created
4/13/2010 9:01:14 AM
Modified
5/17/2010 2:49:04 PM
User Revisions
1 (AD), 1 (sysvol)
Computer Revisions
61 (AD), 61 (sysvol)
Unique ID
{XXXXXXXXXXXXXXXXXXXXXXX}
GPO Status
Enabled
Links
Location
Enforced
Link Status
Path
IS policy test
Yes
Enabled
MyDomain/Domain Computers/Workstations/IS policy test
Desktop x86
Yes
Enabled
MyDomain /Domain Computers/Workstations/Symantec AV migration/Desktop x86
Laptop x86
Yes
Enabled
MyDomain /Domain Computers/Workstations/Symantec AV migration/Laptop x86
This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
MyDomain \Domain Computers
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name
None
Description
Not applicable
Delegation
These groups and users have the specified permission for this GPO
Name
Allowed Permissions
Inherited
MYPARENTDOMAIN\adminacct
Edit settings, delete, modify security
No
MYPARENTDOMAIN\Enterprise Admins
Edit settings, delete, modify security
No
MyDomain \Domain Admins
Edit settings, delete, modify security
No
MYDOMAIN\Domain Computers
Read (from Security Filtering)
No
NT AUTHORITY\Authenticated Users
Read (from Security Filtering)
No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Read
No
NT AUTHORITY\SYSTEM
Edit settings, delete, modify security
No
Computer Configuration (Enabled)
Software Settings
Assigned Applications
Symantec Endpoint Protection
Product Information
Name
Symantec Endpoint Protection
Version
11.0
Language
English (United States)
Platform
Intel
Support URL
http://www.symantec.com/enterprise/support
Deployment Information
General
Setting
Deployment type
Assigned
Deployment source
\\nvMyDomaindc02\NETLOGON\EPP Package\Symantec Antivirus.msi
Uninstall this application when it falls out of the scope of management
Disabled
Advanced Deployment Options
Setting
Ignore language when deploying this package
Disabled
Make this 32-bit X86 application available to Win64 machines
Disabled
Include OLE class and product information
Enabled
Diagnostic Information
Setting
Product code
{XXXXXXXXXXXXXXXXXXX}
Deployment Count
0
Security
Permissions
Type
Name
Permission
Inherited
Allow
MYDOMAIN\Domain Admins
Full control
No
Allow
NT AUTHORITY\SYSTEM
Full control
No
Allow
NT AUTHORITY\Authenticated Users
Read
No
Allow
MYDOMAIN\Domain Admins
Read, Write
Yes
Allow
MYPARENTDOMAIN\Enterprise Admins
Read, Write
Yes
Allow
MYPARENTDOMAIN\adminacct
Read, Write
Yes
Allow
CREATOR OWNER
Read, Write
Yes
Allow
NT AUTHORITY\SYSTEM
Read, Write
Yes
Allow
NT AUTHORITY\Authenticated Users
Read
Yes
Allow
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Read
Yes
Allow
MYDOMAIN\Domain Computers
Read
Yes
Allow inheritable permissions from the parent to propagate to this object and all child objects
Enabled
Advanced
Upgrades
Setting
Required upgrade for existing packages
Enabled
Packages that this package will upgrade
GPO
None
Packages in the current GPO that will upgrade this package
None
Categories
None
Transforms
None
Windows Settings
Security Settings
Software Restriction Policies
Enforcement
Policy
Setting
Apply software restriction policies to
All software files except libraries (such as DLLs)
Apply software restriction policies to the following users
All users
Designated File Types
File Extension
File Type
ADE
ADE File
ADP
ADP File
BAS
BAS File
BAT
Windows Batch File
CHM
Compiled HTML Help file
CMD
Windows Command Script
COM
Application
CPL
Control Panel extension
CRT
Security Certificate
EXE
Application
HLP
Help File
HTA
HTML Application
INF
Setup Information
INS
Internet Communication Settings
ISP
Internet Communication Settings
LNK
Shortcut
MDB
MDB File
MDE
MDE File
MSC
Microsoft Common Console Document
MSI
Windows Installer Package
MSP
Windows Installer Patch
MST
MST File
OCX
ActiveX Control
PCD
PCD File
PIF
Shortcut to Program
REG
Registration Entries
SCR
Screen Saver
SHS
Scrap object
URL
Internet Shortcut
VB
VB File
WSC
Windows Script Component
Trusted Publishers
Allow the following users to select trusted publishers
End users
Before trusting a publisher, check the following to determine if the certificate is revoked
None
Software Restriction Policies/Security Levels
Policy
Setting
Default Security Level
Unrestricted
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
Administrative Templates
System/Group Policy
Policy
Setting
Software Installation policy processing
Enabled
Allow processing across a slow network connection
Enabled
Process even if the Group Policy objects have not changed
Enabled
System/Logon
Policy
Setting
Always wait for the network at computer startup and logon
Enabled
Windows Components/Windows Installer
Policy
Setting
Always install with elevated privileges
Enabled
This setting must be set for the machine and the user to be enforced.
User Configuration (Enabled)
Administrative Templates
Windows Components/Windows Installer
Policy
Setting
Always install with elevated privileges
Enabled
This setting must be set for the machine and the user to be enforced.
Many thanks for your time and effort.
Scott Brooks, MCP
Personal and/or Confidential
If you have received this e-mail in error please reply to the sender and delete the original, The information contained in this message is of a personal and/or confidential nature unauthorized dissemination or disclosure is prohibited to the maximum extent of the law.
Scott Brooks, MCP
Personal and/or Confidential
If you have received this e-mail in error please reply to the sender and delete the original, The information contained in this message is of a personal and/or confidential nature unauthorized dissemination or disclosure is prohibited to the maximum extent of the law.
________________________________
Hotmail is redefining busy with tools for the New Busy. Get more from your inbox. See how.<http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGLN:WL:en-US:WM_HMP:042010_2>
________________________________
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. Learn more.<http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGLN:WL:en-US:WM_HMP:042010_1>
________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. Get busy.<http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGLN:WL:en-US:WM_HMP:042010_5>
==============================================================================
CONFIDENTIALITY NOTICE: This email contains information from the sender that
may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected
from disclosure. This email is intended for use only by the person or entity
to whom it is addressed. If you are not the intended recipient, any use,
disclosure, copying, distribution, printing, or any action taken in reliance
on the contents of this email, is strictly prohibited. If you received this
email in error, please contact the sending party by reply email, delete the
email from your computer system and shred any paper copies.
Note to Patients: There are a number of risks you should consider before using
e-mail to communicate with us. See our Privacy Policy and Henry Ford My Health
at www.henryford.com for more detailed information. If you do not believe that
our policy gives you the privacy and security protection you need, do not send
e-mail or Internet communications to us.
==============================================================================
| | | |
| TomMarantz
Posts:13
| | 08/06/2010 4:12 PM |
| I would concur that deploying SEP via the console was ideal for my
company of 500+ workstations, multiple offices.
There is plenty of information online at Symantec's website on how to do
this.
Tom
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Dzikowski, Michael
Sent: Tuesday, June 22, 2010 1:49 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] software deployment symantec EPP fails
Okay, one suggestion is to maybe just script that uninstall/install -
that might yield better results. Or talk to Symantec, they might have a
migration tool. Also, you know you can deploy SEP via the console???
The best option is to use something like SMS (if you have it)....
Mike D-
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of scott brooks
Sent: Tuesday, June 22, 2010 4:46 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] software deployment symantec EPP fails
Yep the install package is hosted in the one share that every domain
object will have access to. I also made sure to specify that the domain
computers had appropriate permissions to run the GPO. I think that part
of the issue is the uninstall of the legacy client software is cauing an
issue, but I cannot confirm this, I did download the logging ADM file
from Darren and it is added to the gpo. Over the next couple days we're
going to try pushing the install again to see what we get in the logs.
Scott Brooks, MCP
Personal and/or Confidential
If you have received this e-mail in error please reply to the sender and
delete the original, The information contained in this message is of a
personal and/or confidential nature unauthorized dissemination or
disclosure is prohibited to the maximum extent of the law.
________________________________
From: xxxxxxxxxxxxxxxx
To: xxxxxxxxxxxxxxxx
Date: Tue, 22 Jun 2010 16:26:00 -0400
Subject: RE: [gptalk] software deployment symantec EPP fails
SEP usually creates a silent installer and you can grab the MSI...which
it looks like you did...
Now, one thing stood out to me was this : "computer accounts to the
permissions of the source share"
Check the permissions of your share. Did you put the installers in some
place where all machines/users can see on the domain?
Mike D-
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of scott brooks
Sent: Monday, June 21, 2010 4:08 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] software deployment symantec EPP fails
Yes it is a quite insall until the end at requst for reboot, Thanks for
the help I'll check out the tool right away.
Scott Brooks, MCP
Personal and/or Confidential
If you have received this e-mail in error please reply to the sender and
delete the original, The information contained in this message is of a
personal and/or confidential nature unauthorized dissemination or
disclosure is prohibited to the maximum extent of the law.
________________________________
From: xxxxxxxxxxxxxxxx
To: xxxxxxxxxxxxxxxx
Date: Mon, 21 Jun 2010 11:32:55 -0700
Subject: RE: [gptalk] software deployment symantec EPP fails
Have you checked to make sure the MSI can install unattended (i.e.
without throwing prompts?). Also, you can enable verbose Software
Installation logging, which can help track down these kinds of unseen
errors. Check out the logging ADM I have on the Free Tools part of
gpoguy.com. It contains, among other things, the registry value to
enable for verbose GPSI logging.
Darren
________________________________
From: xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On
Behalf Of scott brooks [xxxxxxxxxxxxxxxx]
Sent: Monday, June 21, 2010 11:25 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] software deployment symantec EPP fails
The only meesage that we recieved was for the MSI not being available
and that was when I added the computer accounts to the permissions of
the source share.
Scott Brooks, MCP
Personal and/or Confidential
If you have received this e-mail in error please reply to the sender and
delete the original, The information contained in this message is of a
personal and/or confidential nature unauthorized dissemination or
disclosure is prohibited to the maximum extent of the law.
________________________________
From: xxxxxxxxxxxxxxxx
To: xxxxxxxxxxxxxxxx
Date: Mon, 21 Jun 2010 11:12:54 -0700
Subject: RE: [gptalk] software deployment symantec EPP fails
Scott-
Have you seen any messages/errors in the application event log of source
"Application Management" that might give a clue to the problem?
Darren
________________________________
From: xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On
Behalf Of scott brooks [xxxxxxxxxxxxxxxx]
Sent: Monday, June 21, 2010 10:28 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] software deployment symantec EPP fails
good day, I read the faq section on software deployment and was pleased
that I have tried adjusting the policy as described. Unfortunately I am
still getting mixed results of some installs completing and others never
seeming to start.
I have attached the html report (edited) from GPMC, I am not sure if
there is any other info that might help.
IS Policy Test
Data collected on: 6/21/2010 10:08:46 AM
General
Details
Domain
MyDomain
Owner
MyParentDomain\adminacct
Created
4/13/2010 9:01:14 AM
Modified
5/17/2010 2:49:04 PM
User Revisions
1 (AD), 1 (sysvol)
Computer Revisions
61 (AD), 61 (sysvol)
Unique ID
{XXXXXXXXXXXXXXXXXXXXXXX}
GPO Status
Enabled
Links
Location
Enforced
Link Status
Path
IS policy test
Yes
Enabled
MyDomain/Domain Computers/Workstations/IS policy test
Desktop x86
Yes
Enabled
MyDomain /Domain Computers/Workstations/Symantec AV migration/Desktop
x86
Laptop x86
Yes
Enabled
MyDomain /Domain Computers/Workstations/Symantec AV migration/Laptop x86
This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users,
and computers:
Name
MyDomain \Domain Computers
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name
None
Description
Not applicable
Delegation
These groups and users have the specified permission for this GPO
Name
Allowed Permissions
Inherited
MYPARENTDOMAIN\adminacct
Edit settings, delete, modify security
No
MYPARENTDOMAIN\Enterprise Admins
Edit settings, delete, modify security
No
MyDomain \Domain Admins
Edit settings, delete, modify security
No
MYDOMAIN\Domain Computers
Read (from Security Filtering)
No
NT AUTHORITY\Authenticated Users
Read (from Security Filtering)
No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Read
No
NT AUTHORITY\SYSTEM
Edit settings, delete, modify security
No
Computer Configuration (Enabled)
Software Settings
Assigned Applications
Symantec Endpoint Protection
Product Information
Name
Symantec Endpoint Protection
Version
11.0
Language
English (United States)
Platform
Intel
Support URL
http://www.symantec.com/enterprise/support
Deployment Information
General
Setting
Deployment type
Assigned
Deployment source
\\nvMyDomaindc02\NETLOGON\EPP <file:///\\nvMyDomaindc02\NETLOGON\EPP>
Package\Symantec Antivirus.msi
Uninstall this application when it falls out of the scope of management
Disabled
Advanced Deployment Options
Setting
Ignore language when deploying this package
Disabled
Make this 32-bit X86 application available to Win64 machines
Disabled
Include OLE class and product information
Enabled
Diagnostic Information
Setting
Product code
{XXXXXXXXXXXXXXXXXXX}
Deployment Count
0
Security
Permissions
Type
Name
Permission
Inherited
Allow
MYDOMAIN\Domain Admins
Full control
No
Allow
NT AUTHORITY\SYSTEM
Full control
No
Allow
NT AUTHORITY\Authenticated Users
Read
No
Allow
MYDOMAIN\Domain Admins
Read, Write
Yes
Allow
MYPARENTDOMAIN\Enterprise Admins
Read, Write
Yes
Allow
MYPARENTDOMAIN\adminacct
Read, Write
Yes
Allow
CREATOR OWNER
Read, Write
Yes
Allow
NT AUTHORITY\SYSTEM
Read, Write
Yes
Allow
NT AUTHORITY\Authenticated Users
Read
Yes
Allow
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Read
Yes
Allow
MYDOMAIN\Domain Computers
Read
Yes
Allow inheritable permissions from the parent to propagate to this
object and all child objects
Enabled
Advanced
Upgrades
Setting
Required upgrade for existing packages
Enabled
Packages that this package will upgrade
GPO
None
Packages in the current GPO that will upgrade this package
None
Categories
None
Transforms
None
Windows Settings
Security Settings
Software Restriction Policies
Enforcement
Policy
Setting
Apply software restriction policies to
All software files except libraries (such as DLLs)
Apply software restriction policies to the following users
All users
Designated File Types
File Extension
File Type
ADE
ADE File
ADP
ADP File
BAS
BAS File
BAT
Windows Batch File
CHM
Compiled HTML Help file
CMD
Windows Command Script
COM
Application
CPL
Control Panel extension
CRT
Security Certificate
EXE
Application
HLP
Help File
HTA
HTML Application
INF
Setup Information
INS
Internet Communication Settings
ISP
Internet Communication Settings
LNK
Shortcut
MDB
MDB File
MDE
MDE File
MSC
Microsoft Common Console Document
MSI
Windows Installer Package
MSP
Windows Installer Patch
MST
MST File
OCX
ActiveX Control
PCD
PCD File
PIF
Shortcut to Program
REG
Registration Entries
SCR
Screen Saver
SHS
Scrap object
URL
Internet Shortcut
VB
VB File
WSC
Windows Script Component
Trusted Publishers
Allow the following users to select trusted publishers
End users
Before trusting a publisher, check the following to determine if the
certificate is revoked
None
Software Restriction Policies/Security Levels
Policy
Setting
Default Security Level
Unrestricted
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%*.exe
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRoot%System32\*.exe
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFil
esDir%
Security Level
Unrestricted
Description
Date last modified
4/15/2010 12:19:08 PM
Administrative Templates
System/Group Policy
Policy
Setting
Software Installation policy processing
Enabled
Allow processing across a slow network connection
Enabled
Process even if the Group Policy objects have not changed
Enabled
System/Logon
Policy
Setting
Always wait for the network at computer startup and logon
Enabled
Windows Components/Windows Installer
Policy
Setting
Always install with elevated privileges
Enabled
This setting must be set for the machine and the user to be enforced.
User Configuration (Enabled)
Administrative Templates
Windows Components/Windows Installer
Policy
Setting
Always install with elevated privileges
Enabled
This setting must be set for the machine and the user to be enforced.
Many thanks for your time and effort.
Scott Brooks, MCP
Personal and/or Confidential
If you have received this e-mail in error please reply to the sender and
delete the original, The information contained in this message is of a
personal and/or confidential nature unauthorized dissemination or
disclosure is prohibited to the maximum extent of the law.
Scott Brooks, MCP
Personal and/or Confidential
If you have received this e-mail in error please reply to the sender and
delete the original, The information contained in this message is of a
personal and/or confidential nature unauthorized dissemination or
disclosure is prohibited to the maximum extent of the law.
________________________________
Hotmail is redefining busy with tools for the New Busy. Get more from
your inbox. See how.
<http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL
N:WL:en-US:WM_HMP:042010_2>
________________________________
Hotmail has tools for the New Busy. Search, chat and e-mail from your
inbox. Learn more.
<http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL
N:WL:en-US:WM_HMP:042010_1>
________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars
with Hotmail. Get busy.
<http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=
PID28326::T:WLMTAGLN:WL:en-US:WM_HMP:042010_5>
========================================================================
======
CONFIDENTIALITY NOTICE: This email contains information from the sender
that
may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise
protected
from disclosure. This email is intended for use only by the person or
entity
to whom it is addressed. If you are not the intended recipient, any use,
disclosure, copying, distribution, printing, or any action taken in
reliance
on the contents of this email, is strictly prohibited. If you received
this
email in error, please contact the sending party by reply email, delete
the
email from your computer system and shred any paper copies.
Note to Patients: There are a number of risks you should consider before
using
e-mail to communicate with us. See our Privacy Policy and Henry Ford My
Health
at www.henryford.com for more detailed information. If you do not
believe that
our policy gives you the privacy and security protection you need, do
not send
e-mail or Internet communications to us.
========================================================================
======
________________________________
Hotmail is redefining busy with tools for the New Busy. Get more from
your inbox. See how.
<http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL
N:WL:en-US:WM_HMP:042010_2>
========================================================================
======
CONFIDENTIALITY NOTICE: This email contains information from the sender
that
may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise
protected
from disclosure. This email is intended for use only by the person or
entity
to whom it is addressed. If you are not the intended recipient, any use,
disclosure, copying, distribution, printing, or any action taken in
reliance
on the contents of this email, is strictly prohibited. If you received
this
email in error, please contact the sending party by reply email, delete
the
email from your computer system and shred any paper copies.
Note to Patients: There are a number of risks you should consider before
using
e-mail to communicate with us. See our Privacy Policy and Henry Ford My
Health
at www.henryford.com for more detailed information. If you do not
believe that
our policy gives you the privacy and security protection you need, do
not send
e-mail or Internet communications to us.
========================================================================
======
| | | |
|
|