Tuesday, January 22, 2013 3:59 PM
Hi. I run into some anti-virus software installation issues in an MDT task sequence, which raise a few concerns.
At first I included it in the base image, so the base image contains an outdated virus definition or program version because my image is not updated frequently, not updated at all actually. After the OS is deployed, the anti-virus just updates itself whatsoever, if it is a version upgrade, it breaks the network connection, or conflicts with the undergoing MSI-based application installation. That is bad.
Then I tried to package it as an application and put it at the end of the task sequence. It sounds good, however there is another application, Microsoft System Management Server 2003 client, I would like to install as well. Another managed agent that updates itself whenever it feels like to!
I don't have the latest installation packages for those software and for some reason I'm not getting it. I’m stuck here. To make sure I have both software installed and working I take one of them out of MDT TS and install it manually as a temporary method. I wonder how other people are doing it because I’m definitely missing something here.
Tuesday, January 22, 2013 4:39 PM
What you are missing is that if it is a problem that the applications are autoupdating itself then you need to turn that function off, easy as that :)
Its really not a MDT question but maybe you could tell me what anti-virus application it is and maybe i can help you.
ITNinja.com is a great resource aswell!
Tuesday, January 22, 2013 9:27 PMWhat Anti-Virus are you running? I'm just finishing up with automating the Symantec Endpoint Protection install and 'prep' for deployment.
Wednesday, January 23, 2013 7:56 AM
The anti-virus software I'm using is Symantec Endpoint Protection 11.0. The following command is used to install it silently.
msiexec /i "Symantec Antivirus.msi" /qb /l*v "%TEMP%\SEP_INST.LOG" REBOOT=ReallySuppress
The installation is fine. The problem is that it then detects a new version and upgrade without notice.
As for the Microsoft System Management Server client agent, the installation folder is first copied to the local computer then started by a .bat file:
xcopy SMSClient c:\windows\temp\SMSClient\ /e /s /c /y
cd /d c:\windows\temp\SMSClient
Once ccmsetup is fired up, that is when the TS losts control with ccmsetup and moves on. I need that installation process to be handled by MDT all the way.
Wednesday, January 23, 2013 9:32 AM
SEP v11 client is prepared at the SEP server side so it really is what that package contains and that depends on the whole SEP configuration.
We used to have v11 before we moved to v12 (v11 caused us so many problems - mainly in performace - that we decided to upgrade. And v11 doesn't support win8 anyway).
What we do with SEP is that once we install it we then run the Symantec Rapid Release packages. These can be downloaded from the Symantec ftp server. So our TS contains an Application Bundle which installs SEP to start with and then runs the SRR package. For V12 I have added to reboot after the SEP install but that is not required with V11 if you can bear the annoying pop up box.
Wednesday, January 23, 2013 8:36 PM
We also are using v12 and I have no such problems. When you generate your install package it should be up to date... make sure you are also running the client side prep tool from Symantec if your using a sysprepped image.
From what I am reading you are trying to install using the MSI provided by Symantec is that correct? Are you using a SEPM management console?
I guess the basic question is are you using managed or unmanaged clients?
For unmanged clients, from this page:
You should be able to use the following installation switch to suppress the initial liveupdate
RUNLIVEUPDATE= (1 = run LiveUpdate after install, 0 = do not run LiveUpdate after install, default = 1 run LiveUpdate after install)
So try the installation switch:
Give that a shot. It should suppress the initial live update, only on the normal heartbeat setting will it get the updates.
Sunday, January 27, 2013 10:09 AMThat works, thanks!
I use managed clients actually. I extract the setup.exe installation package and install with msiexec command. I suppose I can run that command with “RUNLIVEUPDATE=0” and start a LUALL.exe (Live Update) at the end of the TS instead.
That leaves the question: how to start and keep track of the installation of SMS/SCCM client agent in a TS? I was worried with ccmsetup.exe and LUALL.exe running in the background there might be some conflicts.
Monday, January 28, 2013 8:39 AM
Hmmm glad it works but if your using managed clients with SEPM you can just use the management console to generate an install setup.exe which you can apply a policy to which has any settings you like - silent, delayed restart, suppress updates, what groups the client ends up in and what policies etc.
Head over to the SEP forums for some more info though.