Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Installing Security Agents (SA) via Group Policy Object (GPO)

    • Updated:
    • 17 Mar 2016
    • Product/Version:
    • Worry-Free Business Security Services 5.7
    • Worry-Free Business Security Standard/Advanced 8.0
    • Platform:
    • Windows 2008 Enterprise
    • Windows 2008 Essential Business Server
    • Windows 2008 Server R2
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2011 Small Business Server Essentials
    • Windows 2011 Small Business Server Standard
    • Windows 2012 Enterprise
    • Windows 2012 Server Essentials
Summary

You want to deploy the Security Agent (SA) in multiple workstations on a certain domain using the GPO feature.

Details
Public

Step 1: Create an MSI package

  1. On the Security Server, go to ..\PCCSRV\Admin\Utility\ClientPackager.
  2. Double-click ClnPack.exe and the Client Packager console opens.
     
    You must run the program from the Security Server only.
  3. Select the type of package you want to create.
    Package TypeDescription
    SetupSelect Setup to create the package as an MSI file. The package installs the SA program with the components currently available in the Security Server.

    If the target has an earlier SA version installed and you want to upgrade, create the MSI from the Security Server that manages the agent. Otherwise, the agent will not be upgraded.
    UpdateSelect Update to create a package that contains the components currently available on the Security Server. The package will be created as an executable file. Use this package if there are issues updating components on the client where the SA is installed.
  4. On the Windows operating system type dropdown, select the operating system of the target clients. Take note of the architecture whether it is x86 or x64 bit.
  5. Select the Scan Method.
    • Conventional Scan: A local scan engine on the client scans the client computer. Conventional Scan uses the traditional virus pattern file.
    • Smart Scan: A Scan Server helps scan the client. A Scan Server is automatically installed with the Security Server. You can choose the scan method on the Security Settings screen. Scan modes use different pattern files.
  6. Under the Options section, choose an installation method:
    • Silent Mode: Creates a package that installs on the client in the background, unnoticeable to the user. The installation status window will not appear.
    • Disable Prescan (only for fresh-install): Disables the normal file scanning that WFBS performs before starting the setup. Do this if you are certain that the client is threat-free.

      If prescan is enabled, the setup scans for virus/malware in the most vulnerable areas of the computer that includes the following:

      • Boot area and boot directory (for boot viruses)
      • Windows folder
      • Program files folder
  7. In the Source file field, ensure that the location of the ofcscan.ini file is correct. To modify the path, click () to browse for the ofcscan.ini file. By default, this file is located in the ..\PCCSRV folder of the Security Server.
  8. In the Output file field, click () to specify the filename and the location to create the package.
  9. Click Create.

    The message "Package created successfully" appears after the package is created. Verify that the package is in the directory that you specified in Step 8.

Step 2: Install the software using the Active Directory's group policy

  1. Go to the Group Policy management console.
  2. Look for the package that you created and share the folder with the following settings:

    Sharing: Everyone
    Permission Level: Reader

  3. Create a new GPO.

    An example of a Group Policy name is "Security Agent Installer".

  4. Right-click the GPO that you created and click Edit.
  5. Go to User Configuration > Policies > Software Settings.
  6. Right-click Software Installation and select New > Package.
  7. On File Name field, find the shared folder where the client packager is.

    For example: \\<ServerName>\Programs\<Shared.

  8. Double-click the client packager MSI file and under Deploy Software: Select Deployment Method, choose Advanced.
  9. On the Advanced screen, click Deployment. Make sure that the Deployment type is "Assigned".
  10. Under Deployment Options, tick the Install this application at logon option.
  11. Click OK.
     
    If you see an error message, just click OK.
  12. Right-click Domain and click Link an Existing GPO.
  13. Select the GPO that you created in Step 3.
  14. Under Security Filtering, remove "Authenticated Users".
  15. Click Add to add a group. This could be a group for the Sales Department, Audit Department, etc.
  16. Peform a "GPUPDATE" on a machine that is under the organizational unit (OU). Open a command prompt and type the command "gpupdate /force /boot /logoff".

    This will launch the SA installation during login.

Premium
Internal
Rating:
Category:
Install
Solution Id:
1102395
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.