Bascially the easiest way to install the Agent is to deploy it from ePO.
If you need to do the install manually then use the agent installer generated by ePO (Add new system -> create and download agent installion package) as that will have all the management config wrapped into the installer.
UPDATE: Forgot to mention....I usually install the managed agent first via ePO or manaul install and then install VSE but it really doesn't matter which way you do it.
That's no good because you have to do that every time a system is setup. I prefer the installation of antivirus to be automatic and be there from day 1.
I'm not looking for the easiest way, I'm looking for the best way to ensure all systems are covered.
With kaspersky the agent is configured so when it's installed it joins the appropriate server management application automatically.
ePO is really the best tool for the job.
I have multiple install groups in my ePO system tree with different tasks permenently assign to them. Install VSE, Install DLP, Update to Patch 1, Full system scan ....etc. When ever i want to add a new machine or upgrade an existing one i just drop it in the relevant groups.
Step 1. Add system to ePO. This installs an agent in managed mode
Step 2. Move computer in ePO to a group with the VSE install task assigned to it
Step 3. Sit back and relax as ePO does the rest.
If you really want to use group policy then you'll need to look into building a custom install package for VSE, that contains the framepkg.exe generated by ePO, the agent that comes with the downloaded VSE installer will always be in a generic unmanaged mode.
Another option in the non-ePO route is to look at 'local update publisher' http://localupdatepubl.sourceforge.net/ which allows you to use WSUS to distribute anything you want.
That's sub-optimal. At the moment the only steps required for me to depoy a workstation, (be it one or the entire network) is to press deploy next to the appropriate workstation. Anything that would require further intervention would mean that I have to wait till that whole process completes, which is about an hour for a single workstation, and then complete further steps. I don't want any additional steps to that process as it only creates a potential area for errors. A deployment process that requires administrators to carry out multiple steps is not what I want under any circumstances.
As I said I've already made the installer package for VSE, and I've made a package for the agent. All that's required to convert the agent to managed mode is (from the manual) to run either Framepkg.exe or "C:\Program File\McAfee\Common Framework\frmins.exe /Install=agent /siteinfo=<full path\SiteList.xml." Running both these is relatively trivial, if I wanted I could modify the MFEagent.msi package I have already produced to do this, however, this seems like it could potentially create problems. I would expect given that this is so trivial that the installer was designed with this functionality already and if it isn't then why isn't it?
As i've tried to explain. If you use the FramePkg.exe agent installer created by ePO it will install in managed mode.
I'm 99% sure that the instructions you quoted from the manual are if your using the generic installer downloaded from the McAfee website.
In order to deploy the agent via group policy I require the installer to be in the windows installer package (.msi) format. I could write a script that runs FramePkg.exe however this again seems sub-optimal as you often lose the error handling and logging associated with msi packages.
I can extract FramePkg.exe to produce the files contained within in it ie MFEagent.msi, Sitelist.xml etc which is how I've created the agent installer package already however the files extracted from FramePkg.exe still install the client in unmanaged mode.
Moved this to our ePO product space for housekeeping.
Why not use a computer startup script? even a simple batch file or something to check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\EPOAGENT3000- version for your required version and if its not the same then run the install?
Copy the framepkg.exe from here on your ePO server: c:\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3000\Install\0409 and install using the framepkg.exe /install=agent /silent
this file has the embedded info from the ePO server.
And the framepkg.exe creates the frminst* log and also an msi log on the local machine.
There's also this article in the KB which could also help:
As I say, I don't like using scripts because they lack the logging and error handling of windows installer packages. From experience it's quite easy for a the application to prompt because of an error at which point the startup process hangs and never gets resolved.
That KB article however is pretty much exactly what I want. However it states "McAfee Agent 4.6 simplifies the process of creating a deployment package to use with the Group Policy Object. For more informatoin, see PD23185 - McAfee Agent 4.6 Product Guide." and PD23185 has no information in it.
And while I could probably achieve what I wanted as the article says "
- MFEAgent.msi contains many options and components required to ensure a successful Agent installation. Do not modify this file except as instructed below.
So I'd rather not poke arround in the windows installer without specific instructions.