For ePO 4.x, if you have an AD sync working fine with McAfee Agent deployed automatically, you just need to create a VirusScan 8.8 deployment task at "My Organization" level if you want to deploy it over every machine. Once each computer connects to ePO they will see the task and will download and install VSE only if not already installed
The VSE part wouldn't be done at the time the AD sync happens, but you can create a Client Task (within the System Tree) to deploy other products. If it is as simple as "Every Windows system gets VSE" then you don't need anything fancy. Just set the schedule type to "Once" and you should be golden.
If you need to accomodate systems that should not get the deployment task, I would recommend the following...
- Creating a query that identifies your intended targets based on properties the Agent collects. Be sure to not include targets that have successfully installed the product.
- After you have a good query, create a clean-up query that returns ALL systems regardless of their condition.
- Then, create a Tag called something memorable like "Install_VSE".
- Setup a Server Task to run every hour or so, that has two steps.
- First, run the clean-up query, use the results of the query to REMOVE the tag from all systems.
- Then, run the query that targets your install victims, and use those results to APPLY the tag.
- Create a Client Task to deploy the software, but this time limit the task to only systems that have the "Install_VSE" tag. Schedule to taste, and let cool for 20 minutes before eating.