Using AD With OSCE8 0

A Trend Micro TrendEdge Solution
Advanced Technologies and Techniques to Enhance Your Product
Using Microsoft Active Directory to

Prepare Windows Clients for
OfficeScan 8.0 Deployment
Jagala “Gee” Brown

Solution Architect
Trend Micro, Inc.
August 2008
Trend Micro, Inc.

10101 N. De Anza Blvd.
Cupertino, CA 95014
T 800.288.5651 / 408.257.1500
F 408.257.2003
www.trendmicro.com
Using Microsoft Active Directory to Prepare Windows Clients for OfficeScan 8.0 Deployment
Contents
Introduction ........................................................................................................................................1
About OfficeScan Domains..............................................................................................................1
Target Audience .................................................................................................................................3
Requirements .....................................................................................................................................3
Software ........................................................................................................................................3
Permissions ...................................................................................................................................3
Creating Group Policy Objects (GPOs) ................................................................................................4
Creating the Templates ...................................................................................................................4
Creating a New Group Policy Object ................................................................................................8
Adding a Template to the Group Policy Object .................................................................................9
Configuring a GPO ........................................................................................................................... 13
Configuring the OSCE Domain Name ............................................................................................ 13
Configuring the OSCE Server Name .............................................................................................. 15
Configuring the OSCE Server Port ................................................................................................ 17
Configuring the Clients’ Windows Firewall ..................................................................................... 19
Enabling the Remote Registry Service ...........................................................................................21
Linking a GPO .................................................................................................................................. 23
Create a Link................................................................................................................................ 23
Activate Link Settings ................................................................................................................... 25
Summary.......................................................................................................................................... 27
About the Author .............................................................................................................................. 28
Jagala “Gee” Brown ...................................................................................................................... 28
About Trend Micro Incorporated ........................................................................................................ 29
Contacting TrendEdge Publications ................................................................................................... 30
Trend Micro, the Trend Micro t-ball logo, and OfficeScan are trademarks or registered trademarks of Trend Micro,
Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.
Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein
without notice, and the information contained in this document is provided “as-is”. This document is for
informational purposes only, and is not supported by Trend Micro or its partners.
TREND MICRO MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
Copyright© 2008 Trend Micro Incorporated. All rights reserved.
Document Part No. TE07OSCE80_080814US
A Trend Micro TrendEdge Solution i

Introduction
This document describes how to leverage Microsoft™ Active Directory™ to prepare a computer running
Microsoft™ Windows Vista™ for Trend Micro™ OfficeScan™ Client/Server Edition 8.0 (OSCE) client
deployment. It includes the information needed to configure the OSCE domain that is to be used to
manage OSCE clients from within the OSCE management console and to help satisfy the prerequisites
for the Windows operating system.
The steps in this document were outlined using tools in Microsoft Windows Vista, but are
Note: valid for any version of Windows supported by OSCE 8.0: Windows 2000, Windows XP,
Windows Server 2003, Windows Vista, and Windows Server 2008.
There are multiple ways to install OSCE. This document seeks to provide settings that are related
directly to the Remote Install method while using a centrally administered directory service. The
configuration settings in this document work for several other OSCE installation methods, including:
• MSI install via Group Policy
• EXE install via third-party utility

• Login script install
• Manual Web page based deployment
For general information, refer to the Trend Micro OfficeScan Client/Server Edition 8.0 Administrator’s
Guide.
Trend Micro provides this document “as-is" as a courtesy to interested parties. The accuracy
Note: of the information is solely the author’s responsibility. Neither Trend Micro nor its partners
support this document.
About OfficeScan Domains

From the OfficeScan Installation Guide:
“A domain in OfficeScan is a group of clients that share the same configuration and run the
same tasks. By grouping your clients into domains, you can simultaneously configure,
manage, and apply the same configuration to all domain members.
An OfficeScan domain is different from a Windows domain. There can be several OfficeScan
domains in one Windows domain.
For ease of management, plan how many OfficeScan domains to create. You can group
client computers based on the departments they belong to or the functions they perform.
Alternatively, group clients that may be at a greater risk of infection and apply a more secure
configuration to all of them.”
OfficeScan automatically identifies and groups newly installed clients into one of three possible domains
based on system information:
1. A NetBIOS domain
2. An Active Directory domain
3. A DNS domain
A Trend Micro TrendEdge Solution 1

The OSCE domain is a powerful and useful tool for managing OSCE clients. Once you have created the
domain(s) in the OSCE console, you can change the structure. In a large scale deployment, the process
of manually grouping the clients can be a time-consuming process. By automating the assignment of
OSCE domains you can place the OSCE clients into a management structure that is familiar to your
administrators at the time of client install.
You may wish to create several granular OfficeScan domains. Administrators often find that these more
granular domains simplify administration and work well with the methods they use to manage endpoints
on the network. Additionally, you can create the domains within the OSCE console prior to deployment.
These domains enable your administrators to set the level of protection desired within the OSCE
management console before an OSCE client is installed and allow the client to immediately take full
advantage of the protection OSCE provides.
.

Target Audience
The document is for use by customers, resellers, and implementers responsible for the deployment of
OfficeScan Client/Server Edition 8.0 (OSCE).
The following professionals benefit most from this document:
• Systems Engineers
• Systems Administrators
It is recommended that you have:
• Working knowledge of Active Directory Group Policies

• Experience creating and editing Group Policy Objects
Requirements
Software
• Trend Micro OfficeScan Client / Server Edition 8.0 with Service Pack 1 (SP1):
o http://www.trendmicro.com/download/product.asp?productid=5
• Microsoft™ Windows™ Server 2003 or later with an Active Directory managed domain:
o http://technet.microsoft.com/en-us/windowsserver/2003/bb229701.aspx
• Microsoft Vista Service Pack 1 member client:
o http://www.microsoft.com/downloads/details.aspx?FamilyID=f559842a-9c9b-4579-b64a-
09146a0ba746
• Group Policy Management tools for Vista:
o http://www.microsoft.com/downloads/details.aspx?FamilyID=9ff6e897-23ce-4a36-b7fc-
d52065de9960&DisplayLang=en
Permissions
• A domain user account
• The permissions necessary to create, link, and edit Group Policy Objects

Creating Group Policy Objects (GPOs)

Creating the Templates
This document provides the steps necessary to create two Windows Group Policy templates (.ADM files),
one for each processor type (32-bit and 64-bit). These files are called OSCE-32.ADM and OSCE-
64.ADM.
Note: For general information about using administrative templates with a registry-based
Group Policy, refer to the document entitled “REGPOLICY.DOC” at
http://www.microsoft.com/downloads/details.aspx?familyid=e7d72fa1-62fe-4358-8360-
8774ea8db847&displaylang=en.
You must save the templates files as UNICODE text with an extension of .ADM. As appears in Figure 1,
make sure that the Save As window shows Save as type: “All Files”, and Encoding: “UNICODE”.
Figure 1 Example Save As Window
To create the OSCE-32.ADM and OSCE-64.ADM templates, copy the text in Figure 2 for 64-bit clients
and Figure 3 for 32-bit clients into Windows Notepad and save the files in a location accessible by the
Vista SP1 member client running Windows’ Group Policy Management tools.
Figure 2 OSCE-64.ADM Template Code
;OSCE-64.ADM:
CLASS MACHINE
CATEGORY "64-bit OfficeScan Client pre-install"
KEYNAME "SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorpOnce\
CurrentVersion"
#if VERSION >= 3
EXPLAIN "!!64bitExplainText"
#endif
POLICY "Domain Name"

#if version >= 4
SUPPORTED !!SUPPORTED_Text
#endif
#if VERSION >= 3

EXPLAIN "!!DomainNameExplainText"
#endif

PART "Domain Name" EDITTEXT

VALUENAME "Domain"
DEFAULT "New Installs"
MAXLEN 60
REQUIRED
END PART
PART "Enter the name of the Domain/Group that the client(s) will be a
member" TEXT
END PART
PART "of once connected to the OfficeScan Server." TEXT

END PART
END POLICY ; Domain Name
POLICY "Server Name"
#if version >= 4

#endif
#if VERSION >= 3

EXPLAIN "!!ServerNameExplainText"
#endif
PART "Server Name" EDITTEXT

VALUENAME "Server"
MAXLEN 60
REQUIRED
END PART
PART "Enter the name or IP of the OfficeScan Server that will manage
the client(s)." TEXT
END PART
END POLICY ; Server Name
POLICY "Server Port"
#if version >= 4

#endif
#if VERSION >= 3

EXPLAIN "!!ServerPortExplainText"
#endif
PART "Server Port" NUMERIC

VALUENAME "ServerPort"
REQUIRED
DEFAULT "8080"
MAX 65535
MIN 0
SPIN 0
END PART
PART "Enter the port number that the OfficeScan server uses to listen
for clients." TEXT
END PART

END POLICY ; Server Port
END CATEGORY ; 64-bit OfficeScan Client pre-install
[STRINGS]
DomainNameExplainText ="This setting will determine which domain/group the
client(s) will be a member of once conected to an OfficeScan server."
ServerNameExplainText ="This setting will determine which server will manage the
client(s) once connected."
ServerPortExplainText ="This setting will determine the port used for client to
server communication."
64bitExplainText ="Use this category for 64-bit versions of XP, Vista, and
Windows Server."
SUPPORTED_Text ="At Least Windows XP clients or Windows Server 2003 servers."
Figure 3 OSCE-32.ADM Template Code
;OSCE-32.ADM:
CLASS MACHINE
CATEGORY "32-bit OfficeScan Client pre-install"
KEYNAME "SOFTWARE\TrendMicro\PC-cillinNTCorpOnce\CurrentVersion"
#if VERSION >= 3
EXPLAIN "!!32bitExplainText"
#endif
POLICY "Domain Name"
#if version >= 4

#endif
#if VERSION >= 3

EXPLAIN "!!DomainNameExplainText"
#endif
PART "Domain Name" EDITTEXT

VALUENAME "Domain"
DEFAULT "New Installs"
MAXLEN 60
REQUIRED
END PART
PART "Enter the name of the Domain/Group that the client(s) will be a
member" TEXT
END PART
PART "of once connected to the OfficeScan Server." TEXT

END PART
END POLICY ; Domain Name

POLICY "Server Name"

#if version >= 4
#endif
#if VERSION >= 3

EXPLAIN "!!ServerNameExplainText"
#endif
PART "Server Name" EDITTEXT
VALUENAME "Server"
MAXLEN 60
REQUIRED
END PART
PART "Enter the name or IP of the OfficeScan Server that will manage
the client(s)." TEXT
END PART
END POLICY ; Server Name
POLICY "Server Port"
#if version >= 4

#endif
#if VERSION >= 3

EXPLAIN "!!ServerPortExplainText"
#endif
PART "Server Port" NUMERIC

VALUENAME "ServerPort"
REQUIRED
DEFAULT "8080"
MAX 65535
MIN 0
SPIN 0
END PART
PART "Enter the port number that the OfficeScan server uses to listen
for clients." TEXT
END PART
END POLICY ; Server Port
END CATEGORY ; 32-bit OfficeScan Client pre-install
[STRINGS]
DomainNameExplainText ="This setting will determine which domain/group the
client(s) will be a member of once connected to an OfficeScan server."
ServerNameExplainText ="This setting will determine which server will manage the
client(s) once connected."
ServerPortExplainText ="This setting will determine the port used for client to
server communication."
32bitExplainText ="Use this category for 32-bit versions of XP, Vista, and
Windows Server."
SUPPORTED_Text ="At Least Windows XP clients or Windows Server 2003 servers."

Creating a New Group Policy Object
Note: See the software requirements to find a link to the instructions for installing and
configuring the Group Policy Management tool.
It is recommended that you create and link a new GPO rather than modifying an existing GPO. To create
and link a new GPO within Active Directory on the Vista SP1 member client:
1. Logon with a domain user account that has administrative permissions within Active Directory.
2. Launch Group Policy Management:

a. Choose Start Æ All Programs Æ Administrative Tools ÆGroup Policy Management.
3. Expand the Group Policy Objects node:
a. Expand the Forest: {Your Forest Name} Æ Domains Æ {Your Domain Name} Æ Group
Policy Objects.
4. Create a new GPO:
a. Right-click Group Policy Objects.
b. Choose New.
5. Give the New GPO a name:
a. Suggestion: include the OSCE domain name in the name of the GPO to aid in the linking
process.
i. Example: “Pre-Configure OfficeScan Client: Laptops”.
Figure 4 Example of a Newly Configured GPO

Adding a Template to the Group Policy Object

Adding a template to a GPO allows an administrator to add and modify the registry settings necessary to
control the OSCE client settings.
Note: The settings configured via the procedure below will persist in the registry even after
the GPO has been deleted. The OSCE client will use the settings at install only;
therefore the settings that persist are benign. For general information about using
administrative template files with a registry-based Group Policy, see the document
entitled “REGPOLICY.DOC” at http://www.microsoft.com/downloads/details.aspx?
familyid=e7d72fa1-62fe-4358-8360-8774ea8db847&displaylang=en.
To add a template to a GPO:

1. Open the GPO for editing:
a. Right-click the GPO.
b. Choose Edit.
2. Expand the Computer Configuration Administrative Templates:
a. Under Computer Configuration, expand Policies.
b. Select Administrative Templates.

Figure 5 Example Administrative Templates Node
3. Add the template:

a. Right-click Administrative Templates.
b. Click Add/Remove Templates.
c. Click Add.
d. Navigate to and select the OSCE-32.ADM (or OSCE-64.ADM) template.
e. Click Open.
f. Once the template you selected appears in the list, click Close.

Figure 6 The Add/Remove Template Window
4. Display the preference settings:

a. Expand Classic Administrative Templates.
b. Right-click Classic Administrative Templates.
c. Clear the check mark next to the option labeled “Filter On”.
Figure 7 The Filter Setting Window

5. When you highlight “32-bit OfficeScan Client pre-install” you should be able to see and configure
the 32 or 64 bit settings for:
a. Domain Name
b. Server Name
c. Server Port

Configuring a GPO
Note: For more information about pre-configuring OfficeScan clients to report to a specific
server and join a specific domain, refer to the Trend Micro Solution ID 1035431 at
http://esupport.trendmicro.com/support/enterprise/search.do?cmd=displayKC&docType=
kc&externalId=PUB-en-1035431&sliceId=&dialogID=92792603&stateId=1 0 92768901.
Configuring the OSCE Domain Name

In the OfficeScan Management Console, the domain (group) is a unit of administration. To replicate an
existing management structure within your organization, you can pre-configure the domain and the client
will become a member of that domain at install.
To configure the OSCE Domain name.
1. Edit the GPO. (If the GPO is currently open for editing, proceed to step 3):
a. Right-click the GPO.
b. Choose Edit.
2. Expand the OfficeScan Client Pre-Install policy:
a. Expand Computer Configuration ÆPolicies ÆAdministrative Templates Æ Classic
Administrative Templates Æ 32-bit OfficeScan Client pre-install.
3. Configure the OfficeScan Domain name:
a. Double-click the Domain Name.
b. Click the radio button next to Enable.
c. In the Domain Name window, type the desired domain name for the client(s).
d. Click OK.

Figure 8 The Domain Name Properties Window
4. If your edits are complete, close the Group Policy Management Editor.

Configuring the OSCE Server Name

This setting enables the client to contact an OfficeScan management console. It overrides any settings
included with any created MSI or EXE packages and allows a single installation package to be used
regardless of its source.
Note: This setting MUST be used in conjunction with the OSCE Server Port setting.
To configure the OSCE Server name:

1. Edit the GPO. (If the GPO is currently open for editing proceed to step 3).

a. Expand Computer Configuration Æ Policies Æ Administrative Templates Æ Classic
3. Configure the OfficeScan Server name:
a. Double-click Server Name.
c. In the Server Name window, type the name (or IP address) of the server that will manage
the client(s).
d. Click OK.

Figure 9 The Server Name Properties Window

Configuring the OSCE Server Port

This setting dictates which port the client uses to contact the OfficeScan management server. It must be
identical to the port on which the server is listening.
Note: This setting MUST be used in conjunction with the OSCE Server Name setting.
To configure the OSCE Server Port:

1. Edit the GPO. (If the GPO is currently open for editing proceed to step 3).

a. Expand Computer Configuration Æ Policies Æ Administrative Templates Æ Classic
3. Configure the OfficeScan Server Port:
a. Double-click the Server Port.
c. In the Server Port window, type the port number the client(s) will use to contact the
OfficeScan Server.
d. Click OK.
Figure 10 The Server Port Properties Window


Configuring the Clients’ Windows Firewall

To copy the installation files to the endpoint during a Remote Install, the client firewall must allow the
actions. This setting ensures that the firewall included with the Windows operating system will allow the
transaction during the client install. This setting assumes the most secure posture by allowing only the
OfficeScan server to communicate with the endpoint. If you currently allow communication, use the
settings below as a guideline for adding the OSCE server to the list of permitted computers.
If you currently have a third-party firewall installed and enabled on your target endpoints, it must also be
configured to allow the File and Printer sharing services and ports to allow communication.
To configure the Windows firewall via GPO:
1. Edit the GPO.
2. Expand the Windows Firewall, Domain Profile:

a. Expand Computer Configuration Æ Policies Æ Administrative Templates Æ Network Æ
Network Connections Æ Windows Firewall Æ Domain Profile.
Figure 11 GPMC Domain Profile
3. Enable Allow inbound file and printer sharing exception:

a. Double-click Windows Firewall: Allow inbound file and printer sharing exception.
b. Select the radio button next to Enable.
c. In the Allow unsolicited incoming messages from these IP addresses: window, type the
IP address of the OfficeScan Server.
d. Click OK.

Figure 12 The Windows Firewall, File and Print Services Window

Enabling the Remote Registry Service

To successfully complete a Remote Install from the OfficeScan server, the Remote Registry service must
be enabled on Windows Vista and Windows Server 2008. Once the OfficeScan Client is installed, the
service can be reset to its previous value.
Note: For more information about installing OfficeScan 8.0 clients on Windows Vista, refer to
the Trend Micro Solution ID 1034985 at http://esupport.trendmicro.com/support/
enterprise/search.do?cmd=displayKC&docType=kc&externalId=PUB-en-
1034985&sliceId=&dialogID=92786825&stateId=1 0 92768748.
To enable the Remote Registry Service:

1. Edit the GPO.
2. Expand System Services:

a. Expand Computer Configuration Æ Policies Æ Windows Settings Æ Security Settings
Æ System Services.
Figure 13 Example Group Policy Management Center Security Services
3. Configure the Remote registry service to start automatically:

a. Double-click Remote Registry.
b. Mark the checkbox next to “Define this policy setting”.
c. Select the radio button next to “Automatic”.
d. Click OK.

Figure 14 The Remote Registry Properties Window

Linking a GPO
Before a GPO can apply a change to any system, it must be linked to an object within Active Directory.
Linking the GPO in the correct location will ensure that only the systems that need the changes receive
them. The changes applied via the template above are persistent and will become benign after the install
of the OSCE client.
Note: For more information about installing OfficeScan 8.0 clients on Windows Vista, refer to
the Trend Micro Solution ID 1034985 at http://esupport.trendmicro.com/support/
enterprise/search.do?cmd=displayKC&docType=kc&externalId=PUB-en-
1034985&sliceId=&dialogID=92786825&stateId=1 0 92768748.
Create a Link
To link a GPO:
1. Logon with a domain user account that has administrative permissions within Active Directory.
2. Launch Group Policy Management:

a. Choose Start Æ All Programs Æ Administrative Tools Æ Group Policy Management.
3. Expand the Group Policy Objects node:
a. Expand Forest: {Your Forest Name} Æ Domains Æ {Your Domain Name}.
b. Choose an Organization Unit (OU) that contains the correct client.
4. Link the GPO to the chosen OU:
a. Right-click the chosen OU.
b. Choose Link an Existing GPO…

Figure 15 The Group Policy Manager Link Menu
c. Select the GPO created above.

Figure 16 The Select GPO Window
5. Close Group Policy Management.

Activate Link Settings

Group Policy settings are automatically enabled at scheduled times and at client reboot only. To see the
results of the changes you made, you will need to wait for the refresh to expire (1 to 2 hours, by default),
reboot the endpoints, or manually refresh the policies.
To manually refresh Group Policy:
1. Open a Command window:
a. Use the key sequence Windows Key-R.
b. In the Open field, select or type cmd. The Command window appears.
Figure 17 Run Window
2. Use GPUPDATE:
a. At the Command prompt “>”, type gpupdate /force.
b. Press the Enter key.
Figure 18 GPUPDATE Results

3. Close the Command prompt:

a. Type exit.
b. Press the Enter key.

Summary
The use of domains (groups) in the OSCE management console greatly enhances the ability of
administrators to manage OfficeScan clients. The OSCE management console assigns domains
automatically based on client information. The OSCE management console allows an administrator to
manually arrange clients into domains within the console via drag and drop. Additionally, it is possible to
search for clients within the console based on specific criteria, then drag and drop those clients into
manually created domains to make administration easier. The ability to manually create domains is also
useful when an administrator has to duplicate an existing structure in the OSCE management console.
After completing the steps outlined in the Creating, Configuring, and Linking a GPO sections of this
document, the OSCE management console automatically creates and populates the domains. Further,
the settings in this document also can be used to automate the creation and population of pre-defined
OSCE domain names.
Once these steps in this document have been completed, and the GPO settings applied to the client
endpoints, administrators can proceed with any of the deployment methods outlined in the Trend Micro
OfficeScan Client/Server Edition 8.0 Administrator’s Guide or the Trend Micro OfficeScan Client/Server
Edition 8.0 Installation and Deployment Guide.

About the Author

Jagala “Gee” Brown
Jagala “Gee” Brown has been with Trend Micro for over 3 years and is currently a Solution Architect on
the Pre-Sales SE team. Prior to Trend Micro, Gee served as Senior Technical Trainer of Microsoft
products at ExecuTrain, worked in a Pre-Sales SE role at IBM, and has over 12 years of experience
managing and securing networks and network-based systems.

About Trend Micro Incorporated

Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange
of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is
advancing integrated threat management technology to protect operational continuity, personal
information, and property from malware, spam, data leaks and the newest Web threats. Its flexible
solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the
globe. Founded in 1988, Trend Micro provides individuals and organizations of all sizes with award-
winning security software, hardware, and services. With headquarters in Tokyo and operations in more
than 30 countries, Trend Micro solutions are sold through corporate and value-added resellers and
service providers worldwide. For additional information and evaluation copies of Trend Micro products
and services, visit our Web site at http://www.trendmicro.com/

Contacting TrendEdge Publications

The Trend Micro TrendEdge team is always seeking to provide better solutions. Have a question or
comment about this document? We would like to hear from you. Contact us at:
sav@trendmicro.com

Using AD With OSCE8 0

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Using AD With OSCE8 0

Încărcat de

Drepturi de autor:

Formate disponibile

A Trend Micro TrendEdge Solution

Advanced Technologies and Techniques to Enhance Your Product

Using Microsoft Active Directory to

Jagala “Gee” Brown

Trend Micro, Inc.

TREND MICRO MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

Copyright© 2008 Trend Micro Incorporated. All rights reserved.

Document Part No. TE07OSCE80_080814US

A Trend Micro TrendEdge Solution i

• EXE install via third-party utility

About OfficeScan Domains

2. An Active Directory domain

A Trend Micro TrendEdge Solution 1

A Trend Micro TrendEdge Solution 2

• Working knowledge of Active Directory Group Policies

A Trend Micro TrendEdge Solution 3

Creating Group Policy Objects (GPOs)

Figure 1 Example Save As Window

Figure 2 OSCE-64.ADM Template Code

POLICY "Domain Name"

#if VERSION >= 3

A Trend Micro TrendEdge Solution 4

PART "Domain Name" EDITTEXT

PART "of once connected to the OfficeScan Server." TEXT

END POLICY ; Domain Name

POLICY "Server Name"

#if version >= 4

#if VERSION >= 3

PART "Server Name" EDITTEXT

END POLICY ; Server Name

POLICY "Server Port"

#if version >= 4

#if VERSION >= 3

PART "Server Port" NUMERIC

A Trend Micro TrendEdge Solution 5

END POLICY ; Server Port

END CATEGORY ; 64-bit OfficeScan Client pre-install

Figure 3 OSCE-32.ADM Template Code

POLICY "Domain Name"

#if version >= 4

#if VERSION >= 3

PART "Domain Name" EDITTEXT

PART "of once connected to the OfficeScan Server." TEXT

END POLICY ; Domain Name

A Trend Micro TrendEdge Solution 6

POLICY "Server Name"

#if VERSION >= 3

END POLICY ; Server Name

POLICY "Server Port"

#if version >= 4

#if VERSION >= 3

PART "Server Port" NUMERIC

END POLICY ; Server Port

END CATEGORY ; 32-bit OfficeScan Client pre-install

A Trend Micro TrendEdge Solution 7

Creating a New Group Policy Object

2. Launch Group Policy Management:

Figure 4 Example of a Newly Configured GPO

A Trend Micro TrendEdge Solution 8

Adding a Template to the Group Policy Object

To add a template to a GPO:

A Trend Micro TrendEdge Solution 9

Figure 5 Example Administrative Templates Node

3. Add the template: