Wednesday, October 6, 2010

Installing and configuring Symantec Endpoint Protection 11.0.4000.2295 (MR4).

Installing and configuring Symantec Endpoint Protection 11.0.4000.2295 (MR4):





Product(s)
    • Microsoft -> Windows XP -> Home 5.1
    • Microsoft -> Windows Vista -> Enterprise 6.0.6000
    • Microsoft -> Windows Server 2008 -> Web Edition (x86)
    • Microsoft -> Windows Server 2008 -> Web Edition (x64)
    • Microsoft -> Windows Server 2008 -> Standard (x86-32bit)
    • Microsoft -> Windows Server 2008 -> Standard (x64-64bit)
    • Microsoft -> Windows Server 2008 -> Enterprise (x86-32bit)
    • Microsoft -> Windows Server 2008 -> Enterprise (x64-64bit)
    • Microsoft -> Windows Server 2008 -> DataCenter (x86-32bit)
    • Microsoft -> Windows Server 2008 -> DataCenter (x64-64bit)
    • Microsoft -> Windows 2000 -> Professional

    Installing and configuring Symantec Endpoint Protection Manager
    Installing management software for the first time is divided into two parts. The first part installs the Symantec Endpoint Protection Manager. The second part installs and configures the Symantec Endpoint Protection Manager database. In the first, you can accept all defaults. In the second part, you must add at least one custom value, which is a password.

    Note: Management software does not include Symantec Endpoint Protection or any other client software that is managed.
    Note: Internet Information Services (IIS) must be installed before installation of the Symantec Endpoint Protection Manager.

    Windows Server 2008 compatibility:
    To install required components for a SEPM installation on Server 2008.
    1. Go to Administrative Tools > Server Manager > highlight Roles. NOTE: If you have not installed IIS, click Add Roles and install Web Server (IIS).
    2. Once IIS is installed, under Web Server (IIS), go down to Role Services and choose Add Role Services.
    3. Check ASP.NET, CGI, and IIS 6 Management Compatibility with all sub-categories.


    To install Symantec Endpoint Protection Manager (SEPM)
    1. Insert the installation CD or open the downloaded CD1 folder and start the installation by clicking setup.exe.
    2. In the installation panel, click Install Symantec Endpoint Protection Manager.
    3. In the Welcome panel, click Next.
    4. In the License Agreement panel, check I accept the terms in the license agreement, and then click Next.
    5. In the Destination Folder panel, accept or change the installation path, then click Next.
    6. In the Select Web Site panel, do one of the following:
      • To configure the Symantec Endpoint Protection Manager IIS (Internet Information Service) as the only Web server on this computer, check Create a custom Web site (recommended), verify or change the TCP port number, and then click Next. NOTE: If this option is selected, a second panel will be displayed requesting permission to stop the default Web site. Click Yes.
      • To let the Symantec Endpoint Protection Manager IIS Web server run with other Web servers on this computer, check Use the default Web site, and then click Next.
    7. In the Ready to Install panel, click Install.
    8. When the installation finishes and the Install Wizard Complete panel appears, click Finish. Wait for the Management Server Configuration Wizard panel to appear, which can take up to 15 additional seconds.

    To configure Symantec Endpoint Protection Manager
    1. In the Management Server Configuration Wizard panel, select a configuration type.
        • Note: If you choose the Simple configuration type, the password that is specified for the SEPM Administrator account is also the encryption password. If the Administrator password is reset post-installation, the encryption password does not change.
    2. Click Next.

    Simple install configuration
    1. User Name is preset to "admin".
    2. Enter and confirm the password. NOTE: Do not use special characters when creating your password (%*&!?/) as special characters are not compatible with the database encryption process.
    3. Enter your preferred admin email address.
    4. Click Next.
    5. In the next panel, review the Management Server Configuration details to verify install parameters.
    6. Click next to begin the installation.

    Advanced install configuration
    1. Choose the approximate size of your environment, and then click Next.
    2. In the Site Type panel, check Install my first Site, and then click Next.
    3. In the Server Information panel, accept or change the default values for the following boxes, and then click Next:
      • Server Name
      • Server Port
      • Web Console Port
      • Server Data Folder
    4. In the Site Name panel, in the Site name box, enter your site name, and then click Next.
    5. In the Encryption Password panel, type a value in both boxes, and then click Next.
      Document this password when you install Symantec Endpoint Protection in your production environment. You need it for disaster recovery purposes, and for adding optional Enforcer hardware. NOTE: Do not use special characters when creating your password (%*&!?/) as special characters are not compatible with the database encryption process.
    6. In the Database Server Choice panel, check Embedded Database, or Microsoft SQL server, and then click Next.
    7. In the Set User panel, in the Password boxes, type a password to use with the user name Admin to log on to the console.
    8. Enter your preferred admin email address, then click Next.

    When the installation finishes, you have the option of deploying client software with the
    Migration and Deployment Wizard. Log on to the console with the user name and password that you entered here.

    Configuring and deploying client software
    The Migration and Deployment Wizard lets you configure a client software package. The Push Deployment Wizard then optionally appears to let you deploy the client software package. If you do not use the Push Deployment Wizard at that time, you can start it manually by using ClientRemote.exe from the \tomcat\bin folder.


    Note: This procedure assumes that you deploy client software to 32-bit computers and not to 64-bit computers. This procedure also has you select a folder in which to place installation files. You may want to create this folder before you start this procedure. Also, you need to authenticate with administrative credentials to the Windows Domain or Workgroup that contain the computers.


    Deploying client software to computers that run firewalls, and that run Windows XP or Windows Vista, has special requirements. Firewalls must permit remote deployment over TCP port 139. Computers that are in workgroups and that run Windows XP must disable simple file sharing. To prepare the computers that run Windows Vista, read
    Preparing computers that run Windows Vista for remote client deployment.

    To configure client software
    1. In the Management Server Configuration Wizard Finished panel, check Yes, and then click Finish.
    2. In the Welcome to the Migration and Deployment Wizard panel, click Next.
    3. In the What would you like to do panel, check Deploy the client, and then click Next.
    4. In the next panel, check Specify the name of a new group that you wish to deploy clients to, type a group name in the box, and then click Next.
    5. In the next panel, uncheck any client software that you do not want to install, and then click Next.
    6. In the next panel, check the options that you want for packages, files, and user interaction.
    7. Click Browse, locate and select a folder in which to place the installation files, and then click Open.
    8. Click Next.
    9. In the next panel, check Yes, and then click Finish.
    Do not check Launch Administrator Console. It can take up to 5 minutes to create and export the installation package for your group before the Push Deployment Wizard appears.

    To deploy the client software with the Push Deployment Wizard
    1. In the Push Deployment Wizard panel, under Available Computers, expand the trees and select the computers on which to install the client software, and then click Add.
      If you distribute the client to the same computer you work on and Windows Firewall has not been configured to handle Java, it may block this function and pop up a window that asks you to configure it. This window may appear underneath the Push Deployment Wizard, so you may not be able to see it. If the Push Deployment Wizard appears to stop responding, move it to the side to see whether a Windows Firewall window is hidden beneath it.
    2. In the Remote Client Authentication dialog box, type a user name and password that can authenticate to the Windows Domain or Workgroup that contains the computers, and then click OK.
    3. When you have selected all of the computers and they appear in the right pane, click Finish.
    4. When installation completes, click Done.


    Logging on to and locating your group in the console
    Your first activity is to log on to the console and locate your group.

    Logging on to the management console
    The management console lets you manage clients.

    To log on to the management console
    1. Click Start> Programs> Symantec Endpoint Protection Manager> Symantec Endpoint Protection Manager Console.
    2. In the Symantec Endpoint Protection Manager log-on prompt, in the User Name box, type admin.
    3. In the Password box, type the admin password that you created during installation, and then click Log on.

    About locating your group in the console
    After you log on, you should locate the group that you created during installation. Then verify that the client computers to which you deployed software appear in that group.


    Enabling Symantec Network Access Control
    If you purchased Symantec Endpoint Protection with Symantec Network Access Control, follow these additional steps to enable Symantec Network Access Control.

    To enable Symantec Network Access Control
    1. If Symantec Endpoint Protection Manager Console is open, close it.
    2. Insert the Symantec Network Access Control CD or open the downloaded CD3 folder.
    3. In the installation panel, click Install Symantec Network Access Control.
    4. Click Install Symantec Endpoint Protection Manager.
    5. On the Management Server Upgrade dialog, click Next.
    6. Click Continue.
    7. When the Server Upgrade Status log shows Upgrade Succeeded, click Next.
    8. Click Finish.
    9. Log on to the Symantec Endpoint Protection Manager console.
    10. On the Policies tab, click Host Integrity.
    11. In the right pane, click Host Integrity Policy.
    12. Under Tasks, click Assign the Policy.
    13. In the Assign Host Integrity Policy window, check the group to which you want to assign the policy.
    14. Click Assign, and then click Yes to confirm the change.

    Symantec Network Access Control is now enabled in Symantec Endpoint Protection Manager and on the clients in the group that you created.

No comments:

Post a Comment