→ Celebrate SysAdmin Day 2024 with Lansweeper Enter our Giveaway here

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ryanb898
Engaged Sweeper
So we are running an enterprise network using laptops, desktop and kiosks monitored by lansweeper.. i have successfully used lansweeper to deploy ie11 updates on all devices.. now we are noticing quite a few of our machines have windows updates turned off and antivirus uninstalled.. these are all win 7 machines...
I have looked into wsus and gp to deploy updates and settings but my network admin says we are upgrading devices to win 10 eventually there is no point to deploy wsus.

A few questions:
Is there a deployment package to turn on automatic updates, and force install on win 7 machines?

Is there a package I can use to deploy security essentials to unprotected machines not running any anti-virus?

Is it possible to deploy malwarbytes to target machines and run an automated scan and removal?

I know this is a lot to ask, from my research it always comes back to wsus and gp.. anyone use wsus offline installer package from lansweepers help section for this kind of thing?
3 REPLIES 3
JacobH
Champion Sweeper III
my two cents, if I were the admin there, I would insist on WSUS just like everything else. Having one-off methods of doing things due to no real reason other than they don't want to do it (not you, but the "admin") would be a sure-fire way to be shown the door and out I go...

doing a group policy for WSUS is pretty easy... that's what I'd recommend. I have then used lansweeper in the past to verify the WSUS registry settings for the machines (if you key off of the registry keys)

you can use group policy or registry keys to tell the machines to go right out to Microsoft, bypass WSUS, and just patch and reboot/etc, but I just can't bring myself to link the steps 🙂

CyberCitizen
Honored Sweeper
First off Windows 7 Machines not running an Antivirus is a big concern for me, I would be getting some type of AV deployed to those machines, are you sure they don't have AV already but LS is just reporting it incorrectly?

If not get that done first.

Updates I would suggest looking at something like BatchPatch if you guys aren't going to do WSUS.

Regarding Malwarebytes, if you are wanting to do something like that look at https://forums.malwarebytes.com/topic/108436-mbamexe-switchescommand-linesilent-options/

You could create a package that would do all that, but it does go against their EULA so it's up to you.

Regarding Security Essentials that looks fairly easy to create a package and run etc. Check out.
https://social.technet.microsoft.com/Forums/en-US/26156ca9-71e3-4621-836d-a076cb3a56fb/silent-instalation-microsoft-security-essentials?forum=mdt

Also not sure if it has changed with age but someone called out the below: Also keep in mind that Security Essentials is not free for organizations having more than 25 systems/user so you may need to re-evaluate your use it.
KrisNelson
Champion Sweeper
WSUS and GPO's are the best way to deploy windows updates (unless you want to spend money on third party software - even then they likely require a WSUS setup). Even with Windows 10, so I question your network admin's dismissal of WSUS.

I can see an argument of dismissing a antivirus solution since you are moving to Windows 10 since Windows Defender is pretty decent.

The only time I've used Windows Offline installers was for a few cases where the updates botched the Windows Update Service (I believe this was in early 1603 version). Occasionally I'll use the offline installers in a 1 off scenario for hot-fixes, but those are very rarely needed.

As for Malwarebytes, unless you have a corporate license you'll be violating the EULA. If you do have one, there is a management console for creating the installer and controlling it.

-Kris