Recommended policies and settings for unmanaged client installation packages
Last Updated October 26, 2018
You need to create a Windows installation package for unmanaged Symantec Endpoint Protection (SEP) clients, with custom policies and settings. You may also want to prevent users from making changes to your configuration.
Follow these guidelines to create an unmanaged client installation package with customized policies and settings.
Note: While this process includes the custom settings and policies you want in a client installation package, you may be unable to edit or alter those settings and policies after client installation. Unmanaged clients are not meant to be managed, which is what these guidelines do with managed policies. Please test the package you create and ensure that this is the behavior you want before you deploy in a large scale environment.
Open each policy and settings to make the changes you want. Be sure to change both Location-independent Policies and Settings and Location-specific Policies and Settings. If you encounter a shared policy, click Copy to non-shared, and then make your changes. See Converting a shared policy to a non-shared policy.
You also can lock or unlock options to restrict or allow the user different levels of control over the SEP UI.
II. Allow user to run LiveUpdate, and add / modify schedules
Since the client is unmanaged, it doesn’t need to check into a management server, but it does need to check Symantec’s public LiveUpdate server.
For the LiveUpdate policy for your client group, use the following settings:
Server Settings: Uncheck Use the default management server (Windows computers only). Check Use a LiveUpdate server.
Schedule: Check Enable LiveUpdate Scheduling, and then create a schedule if you do not want the default of every four hours.
Advanced Settings: Check Allow the user to manually launch LiveUpdate and Allow the user to modify the LiveUpdate schedule.
III. Keep the policies under management server control
If you want to keep control over your policy changes and prevent the user from making changes, set the client to Server Control.
Click Location-specific Settings.
Next to Client User Interface Control Settings, click Tasks > Edit Settings.
Click Server Control, and then click OK.
Choosing Client Control may prevent any custom firewall policy from being applied.
IV. Create a set of custom client installation settings
These settings control how the user interacts with the installation package, how the computer restarts after installation, and so on. You may want to set the installation type to Interactive to allow user interaction during installation.
When you export the client installation package, you select the Client Install Settings and the Client Installation Feature Set that you created. Assign the package to your custom group by checking the box next to it, but also click Export an unmanaged client.
You can copy the folder that contains the setup.exe file to the computers to which you want to install it, either through a shared network folder, or by copying it to a USB drive. Once setup.exe is copied to the computer, double-click it to begin the installation. If you chose Interactive mode, follow the prompts.