Rolling out Windows Defender in a Domain enviroment

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I want to roll out windows defender in my domain but I am not sure if it fits
the following requirements.
1. Must be silent to end users; No user interaction required, and
preferably no notification that it is doing anything.
2. Update automatically, and again, silent. Possibly/preferably via WSUS
Regularly scheduled scans, with automatic clean/removal action. SILENT.
3. Ongoing, constant protection. Systray icon is fine.

Has anyone sucessfully rolled this out in their enviroment? I have WD
running on my machine and a few others, but would like to roll it out to 100+
workstations. Are their any licencing concerns?
 
I've attampted to do just this and have encountered several problems.

I've added the windowsdefender.adm under Computer Configuration,
Administrative templates and configured what little settings that has to
offer.

Then under Computer Configuration I created a Group policy Software Install.
Under Administrative Templates, Windows Installer, enable always install
with elevated privileges.

Once the policy is saved to the GPMC, apply it to an OU. On a computer
attached to that OU type "gpupdate /foce and reboot the PC. The software is
installed before the user is allowed to log in.

Problems and Issues:

Problem:
I am getting the error message "Thre Program can't check for definition
updates" Error found: code 0x80004002.

This is on a fully patched system.
Supposedly It's been resolved in the past by going to Windows Update and
performing an Express Scan repeatedly until no more updates are offered. I
haven tried this yet as our patches are pushed from our network operations
center and users are not allowed to apply updates or patches. This is
enforced by Group policy.

Problem:
I can't find where Defender stores it's configuartion settings? I would like
to change the default scan times and other settings. Like allowing VNC to run
without a warning.

So far this really isn't ready for my organization as I need to access 600
plus desktops remotely and not being able to fully customize the install
really prohibits me from rolling out what should be a simple install.

Come on Microsoft, get it together and offer us something that we can deploy!
 
Back
Top