This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Deployment of Updates/Anti Virus
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-22-2019 04:33 PM
So we are running an enterprise network using laptops, desktop and kiosks monitored by lansweeper.. i have successfully used lansweeper to deploy ie11 updates on all devices.. now we are noticing quite a few of our machines have windows updates turned off and antivirus uninstalled.. these are all win 7 machines...
I have looked into wsus and gp to deploy updates and settings but my network admin says we are upgrading devices to win 10 eventually there is no point to deploy wsus.
A few questions:
Is there a deployment package to turn on automatic updates, and force install on win 7 machines?
Is there a package I can use to deploy security essentials to unprotected machines not running any anti-virus?
Is it possible to deploy malwarbytes to target machines and run an automated scan and removal?
I know this is a lot to ask, from my research it always comes back to wsus and gp.. anyone use wsus offline installer package from lansweepers help section for this kind of thing?
I have looked into wsus and gp to deploy updates and settings but my network admin says we are upgrading devices to win 10 eventually there is no point to deploy wsus.
A few questions:
Is there a deployment package to turn on automatic updates, and force install on win 7 machines?
Is there a package I can use to deploy security essentials to unprotected machines not running any anti-virus?
Is it possible to deploy malwarbytes to target machines and run an automated scan and removal?
I know this is a lot to ask, from my research it always comes back to wsus and gp.. anyone use wsus offline installer package from lansweepers help section for this kind of thing?
Labels:
- Labels:
-
General Discussion
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-05-2019 01:53 AM
my two cents, if I were the admin there, I would insist on WSUS just like everything else. Having one-off methods of doing things due to no real reason other than they don't want to do it (not you, but the "admin") would be a sure-fire way to be shown the door and out I go...
doing a group policy for WSUS is pretty easy... that's what I'd recommend. I have then used lansweeper in the past to verify the WSUS registry settings for the machines (if you key off of the registry keys)
you can use group policy or registry keys to tell the machines to go right out to Microsoft, bypass WSUS, and just patch and reboot/etc, but I just can't bring myself to link the steps 🙂
doing a group policy for WSUS is pretty easy... that's what I'd recommend. I have then used lansweeper in the past to verify the WSUS registry settings for the machines (if you key off of the registry keys)
you can use group policy or registry keys to tell the machines to go right out to Microsoft, bypass WSUS, and just patch and reboot/etc, but I just can't bring myself to link the steps 🙂
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-05-2019 01:38 AM
First off Windows 7 Machines not running an Antivirus is a big concern for me, I would be getting some type of AV deployed to those machines, are you sure they don't have AV already but LS is just reporting it incorrectly?
If not get that done first.
Updates I would suggest looking at something like BatchPatch if you guys aren't going to do WSUS.
Regarding Malwarebytes, if you are wanting to do something like that look at https://forums.malwarebytes.com/topic/108436-mbamexe-switchescommand-linesilent-options/
You could create a package that would do all that, but it does go against their EULA so it's up to you.
Regarding Security Essentials that looks fairly easy to create a package and run etc. Check out.
https://social.technet.microsoft.com/Forums/en-US/26156ca9-71e3-4621-836d-a076cb3a56fb/silent-instalation-microsoft-security-essentials?forum=mdt
Also not sure if it has changed with age but someone called out the below: Also keep in mind that Security Essentials is not free for organizations having more than 25 systems/user so you may need to re-evaluate your use it.
If not get that done first.
Updates I would suggest looking at something like BatchPatch if you guys aren't going to do WSUS.
Regarding Malwarebytes, if you are wanting to do something like that look at https://forums.malwarebytes.com/topic/108436-mbamexe-switchescommand-linesilent-options/
You could create a package that would do all that, but it does go against their EULA so it's up to you.
Regarding Security Essentials that looks fairly easy to create a package and run etc. Check out.
https://social.technet.microsoft.com/Forums/en-US/26156ca9-71e3-4621-836d-a076cb3a56fb/silent-instalation-microsoft-security-essentials?forum=mdt
Also not sure if it has changed with age but someone called out the below: Also keep in mind that Security Essentials is not free for organizations having more than 25 systems/user so you may need to re-evaluate your use it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-22-2019 10:09 PM
WSUS and GPO's are the best way to deploy windows updates (unless you want to spend money on third party software - even then they likely require a WSUS setup). Even with Windows 10, so I question your network admin's dismissal of WSUS.
I can see an argument of dismissing a antivirus solution since you are moving to Windows 10 since Windows Defender is pretty decent.
The only time I've used Windows Offline installers was for a few cases where the updates botched the Windows Update Service (I believe this was in early 1603 version). Occasionally I'll use the offline installers in a 1 off scenario for hot-fixes, but those are very rarely needed.
As for Malwarebytes, unless you have a corporate license you'll be violating the EULA. If you do have one, there is a management console for creating the installer and controlling it.
-Kris
I can see an argument of dismissing a antivirus solution since you are moving to Windows 10 since Windows Defender is pretty decent.
The only time I've used Windows Offline installers was for a few cases where the updates botched the Windows Update Service (I believe this was in early 1603 version). Occasionally I'll use the offline installers in a 1 off scenario for hot-fixes, but those are very rarely needed.
As for Malwarebytes, unless you have a corporate license you'll be violating the EULA. If you do have one, there is a management console for creating the installer and controlling it.
-Kris
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Installing MSIX packages via PS1 file. in Deployment Packages
- Scanning WMI.. The RPC server is unavailable. in General Discussions
- New Integration Alert! Lansweeper and ThreatAware Team Up to Strengthen Your Cybersecurity Posture in General Discussions
- Enabling lansweeper to trigger windows 2016 update. in Deployment Packages
- Value does not fall within the expected range in Deployment Packages
