You want to create an installation package for an unmanaged SEP client for Windows with custom policies and settings, and you want to know how best to configure those options that are not configurable in the client user interface (UI). You also do not want the user to make changes to your configuration.
Follow these guidelines to create an unmanaged client installation package with customized policies and settings.
NOTE: Be aware that while this process includes the custom settings and policies you want in a client installation package, you may be unable to edit or alter those settings and policies after the client installation. Unmanaged clients are not meant to be managed, which is what these guidelines do with managed policies. Please test and ensure this is the behavior you want before you deploy in a large scale environment the package you create.
Even though the clients you want to export are unmanaged and do not check in with SEPM, create a custom client group to configure a specific set of policies that apply only to unmanaged clients.
- Create a new top level group, or create a child to an existing group.
See Adding a group.
- Disable policy inheritance for the group.
See Disabling a group's inheritance.
- Open each policy and settings to make the changes you want. Be sure to change both Location-independent Policies and Settings and Location-specific Policies and Settings.
If you encounter a shared policy, click Copy to non-shared, and then make your changes.
See Converting a shared policy to a non-shared policy.
You also can lock or unlock options to restrict or allow the user different levels of control over the SEP UI.
Since the client is unmanaged, it doesn’t need to check into a management server, but it does need to check Symantec’s public LiveUpdate server.
For the LiveUpdate policy for your client group, use the following settings:
- Server Settings: Uncheck Use the default management server (Windows computers only). Check Use a LiveUpdate server.
- Schedule: Check Enable LiveUpdate Scheduling, and then create a schedule if you do not want the default of every four hours.
- Advanced Settings: Check Allow the user to manually launch LiveUpdate and Allow the user to modify the LiveUpdate schedule.
If you want to keep control over your policy changes and prevent the user from making changes, set the client to Server Control.
- Click Location-specific Settings.
- Next to Client User Interface Control Settings, click Tasks > Edit Settings.
- Click Server Control, and then click OK.
Choosing Client Control may prevent any custom firewall policy from being applied.
These settings control how the user interacts with the installation package, how the computer restarts after installation, and so on. You may want to set the installation type to Interactive to allow user interaction during installation.
Feature sets determine which protection technologies are installed.
When you export the client installation package, you select the Client Install Settings and the Client Installation Feature Set that you created. Assign the package to your custom group by checking the box next to it, but also click Export an unmanaged client.
You should export it as a single .exe file.
You can copy the folder that contains the setup.exe file to the computers to which you want to install it, either through a shared network folder, or by copying it to a USB drive. Once setup.exe is copied to the computer, double-click it to begin the installation. If you chose Interactive mode, follow the prompts.
If the computer is on the network, you can also deploy the package through Remote Push.
Imported Document Id