Preparing Windows and Mac computers for remote deployment

Article:HOWTO81300  |  Created: 2012-10-25  |  Updated: 2014-09-21  |  Article URL http://www.symantec.com/docs/HOWTO81300
Article Type
How To


Subject


Preparing Windows and Mac computers for remote deployment

Table: Windows remote deployment preparation tasks lists the tasks that you must do on Windows operating systems to successfully install the client remotely. See your Windows documentation for more information on any tasks you do not know how to perform.

Table: Mac remote deployment preparation tasks lists the tasks that you must do on Mac operating systems to successfully install the Symantec Endpoint Protection client remotely. See your Mac documentation for more information on any tasks you do not know how to perform.

Table: Windows remote deployment preparation tasks

Operating system

Tasks

Prepare Windows XP computers and Windows Server 2003 servers that are installed in workgroups

Windows XP computers and Windows Server 2003 servers that are installed in workgroups do not accept remote deployment by default. To permit remote deployment, disable Simple File Sharing.

Note:

This limitation does not apply to computers that are part of an Active Directory domain.

You may also need to perform the following tasks:

  • Ensure that the Administrator account does not have a blank password.

  • Disable the Windows Firewall, or allow the required ports for communication between the client and Symantec Endpoint Protection Manager.

Prepare Windows Vista, Windows 7, or Windows Server 2008 / 2008 R2 computers

Windows User Account Control blocks local administrative accounts from remotely accessing remote administrative shares such as C$ and Admin$. You do not need to fully disable User Account Control on the client computers during the remote deployment if you disable the registry key LocalAccountTokenFilterPolicy.

To disable UAC remote restrictions, see:

http://support.microsoft.com/kb/951016

If the Windows client computer is part of an Active Directory domain, you should use domain administrator account credentials for a remote push installation.

Perform the following tasks:

  • Disable the Windows Firewall, or configure the firewall to allow the required traffic.

  • Disable the Sharing Wizard.

  • Enable network discovery by using the Network and Sharing Center.

  • Enable the built-in administrator account and assign a password to the account.

  • Verify that the account has administrator privileges.

  • Disable or remove Windows Defender.

Prepare Windows 8 / 8.1 / 8.1 Update 1 or Windows Server 2012 / 2012 R2 / 2012 R2 Update 1 computers

Before you deploy, perform the following tasks:

  • Disable the Windows Firewall, or configure the firewall to allow the required traffic.

  • Disable the registry key LocalAccountTokenFilterPolicy.

    To disable UAC remote restrictions, see:

    http://support.microsoft.com/kb/951016

  • Enable and start the Remote Registry service.

  • Disable or remove Windows Defender.

Table: Mac remote deployment preparation tasks

Operating system

Tasks

Prepare the Mac computers on any supported operating system

Before you deploy, perform the following tasks on the Mac computers:

  • Click System Preferences > Sharing > Remote Login and either allow access for all users, or only for specific users, such as Administrators.

  • If you use the Mac firewall, disable stealth mode. With stealth mode enabled, the remote push installation cannot discover the client through Search Network.

    To disable stealth mode on the Mac, see the following Apple knowledge base article that applies to your version of the Mac operating system.

    OS X Mountain Lion: Prevent others from discovering your computer (10.8)

    OS X Mavericks: Prevent others from discovering your Mac (10.9)

  • Ensure that the firewall does not block the port that Secure Shell (SSH) uses, which is by default TCP port 22. This port allows the required communication for remote login.

  • Uninstall any third-party virus protection software suites. See the documentation for the third-party software.

If the Mac client computer is part of an Active Directory domain, you should use domain administrator account credentials for a remote push installation. Otherwise, have the administrator credentials available for each Mac to which you deploy.

See About the communication ports that Symantec Endpoint Protection Small Business Edition uses.

See Installing clients with Remote Push.

See Preparing for client installation.


Legacy ID



v16742999_v81626097


Article URL http://www.symantec.com/docs/HOWTO81300


Terms of use for this information are found in Legal Notices