Windows Defender and my network...

[multiband8303]

so...WSUS is installed and is managing my windows updates - I went into the admin utility - and also added windows defender to my list of products to update...however - in order for it to work it is my understanding that an existing client of windows defender must exist on the computer (or computer group) before it actually installs after the approval....

What is the best way of me rolling out windows defender without me having to stop by each and ever computer (or rdping) and installing it? Some kind of MSI I can host out there and will auto run down to each of the computers via a scheduled task? or what? Sorry I've been kind of thrown into the position here...so I am learning..

 

[GMtheBest]

Download the windows defender msi file from microsoft. But it on a network share that everyone has read access to. Create a group policy (on the computers OU) to push out the software to PCs.

Read up on software deployment via group policy.

PS: Are you sure you want to deploy windows defender ? It is still in BETA at the moment.

 

[multiband8303]

...Not my authority here.... I do what I'm told.... Is the GPO under computer configuration - administrative templates - windows update - would I find that there? Or what is the specific I need to push out the software on the PC's (I already have a GP for the WSUS itself, I will just add it to that)

 

[GMtheBest]

It is computer configuration, software settings, software installation

Right click it, new package and go from there.

I like creating an new policy for every app I deploy. I then create a group and assign the appropriate permissions to read the policy. I then add the computers I want to install the software on to the group. Makes it easier to manage in the long run.

 

[multiband8303]

How scared should I be now of this? LOL

 

[multiband8303]

Also - I did that - left it assigned, how will this roll out for my users - I check marked @ log in - thinking that this then will prompt my users once they log in to install. Is this the case or am I misinformed here?

 

[Rilex]

Are the powers that be aware that this may block legitimate management functions in Active Directory/scripting? There is no central management of Windows Defender, so this sounds like a really Bad Idea.

Did you assign it as a Computer or User policy?

 

[multiband8303]

...computer policy - I created its own group policy as stated before - and delegation/read is only to the group of computers.

 

[GMtheBest]

It will not prompt thatm at all. When XP is starting up, it will show installing managed software (before you get to the login promt i beleive)