This knowledge article provides a sample startup script that you can use to upgrade Symantec Endpoint Encryption clients (version 11.1 or later) using Group policy Objects (GPOs). The script utilizes variables that you must configure before deployment.
When you enforce the GPO, the script downloads the client installation package (.MSI file) from a network-accessible location to all of the subscribed client computers. The client software is updated upon rebooting the client computers.
For information about using a startup script to upgrade Symantec Endpoint Encryption clients through a GPO, refer to the Symantec Endpoint Encryption Management Server Online Help or the Symantec Endpoint Encryption Upgrade Guide.
Note: If the currently installed version of the Symantec Endpoint Encryption client software was deployed using a GPO, update the GPO to remove the original MSI file before you reconfigure it to deploy the startup script. When you remove the original MSI file from the GPO, make sure that you do not uninstall the client software.
setlocal REM ********************************************************************* REM Environment customization begins here. Modify variables below. REM ********************************************************************* REM Set DeployServer to a network-accessible location containing the source (msi) files. set DeployServer=\\NetworkPath\MSIFilePath REM Set LogLocation to a central directory to collect log files. set LogLocation=\\NetworkPath\LogFilePath REM change the msi name if you are not using the default name set MsiName=MSIFileName REM change reboot to 0 if you don’t want to reboot the system set RebootSystem=1 REM ********************************************************************* REM Deployment code begins here. Do not modify anything below this line. REM ********************************************************************* REM ProductCode of current installer set ProductName={F0C57B8D-16EB-4FD4-959E-F868BF96E867} REM Check if product is already installed reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName% if %errorlevel%==1 (goto DeployClient) else (goto End) REM If 1 returned, the product was not found. Run msi here. :DeployClient start /wait msiexec /i "%DeployServer%\%MsiName%" /norestart CONDITION_NOUI=1 /l*v %LogLocation%\%computername%.MsiInstall.log echo %date% %time% installation ended with error code %errorlevel%. >> %LogLocation%\%computername%.txt REM reboot the system once done if %errorlevel%==0 if %RebootSystem%==1 shutdown -r -t 0 REM If 0 or other was returned, the product was found or another error occurred. Do nothing. :End Endlocal |