Installing and configuring Symantec Endpoint Protection 11.0 for the first time

Article:TECH102397  |  Created: 2007-01-29  |  Updated: 2011-03-31  |  Article URL http://www.symantec.com/docs/TECH102397
Article Type
Technical Solution


Environment

Issue



This document describes the procedures for installing Symantec Endpoint Protection 11.0 on a network that has no current Symantec AntiVirus software.


Solution



About installing Symantec Endpoint Protection 11.0
Installing Symantec Endpoint Protection 11.0 includes the installation of three main components: the Symantec Endpoint Protection Manager, a dedicated database, and the Symantec Endpoint Protection clients. Installation begins with the installation and configuration of the Manager and database. Client installation occurs after the manager and database are installed and configured.

Installing and configuring Symantec Endpoint Protection Manager
This is a two-part procedure that installs the Symantec Endpoint Protection Manager (part 1), and configures the Symantec Endpoint Protection Manager and its database (part 2), You can accept all of the default settings for the manager installation. To configure the Symantec Endpoint Protection Manager database you must add at least one custom value, which is a password.


Notes:

  • The Symantec Endpoint Protection client installation instructions follow this section.
  • Internet Information Services (IIS) must be installed before installation of the Symantec Endpoint Protection Manager.

To install Symantec Endpoint Protection Manager (SEPM)

  1. Insert the installation CD and start the installation.
  2. In the installation panel, click Install Symantec Endpoint Protection Manager.
  3. In the Welcome panel, click Next.
  4. In the License Agreement panel, check I accept the terms in the license agreement, and then click Next.
  5. In the Destination Folder panel, accept or change the installation folder.
  6. Do one of the following:
    • To configure the Symantec Endpoint Protection Manager IIS (Internet Information Service) Web as the only Web server on this computer, check Create a custom Web site, and then click Next.
    • To let the Symantec Endpoint Protection Manager IIS Web server run with other Web servers on this computer, check Use the default Web site, and then click Next.
  7. In the Ready to Install panel, click Install.
  8. When the installation finishes and the Install Wizard Complete panel appears, click Finish. Wait for the Management Server Configuration Wizard panel to appear, which can take up to 15 additional seconds.


To configure Symantec Endpoint Protection Manager

  1. In the Management Server Configuration Wizard panel, select a configuration type.
      • Note: If you choose the Simple configuration type, the password that is specified for the SEPM Administrator account is also the encryption password. If the Administrator password is reset post-installation, the encryption password does not change.
  2. Click Next.
  3. In the Site Type panel, check Install my first Site, and then click Next.
  4. In the Server Information panel, accept or change the default values for the following boxes, and then click Next:
    • Server Name
    • Server Port
    • Server Data Folder
  5. In the Site Name panel, in the Site name box, enter your site name, and then click Next.
  6. In the Encryption Password panel, type a value in both boxes, and then click Next.
    Document this password when you install Symantec Endpoint Protection in your production environment. You need it for disaster recovery purposes, and for adding optional Enforcer hardware.
  7. In the Database Server Choice panel, check Embedded Database, and then click Next.
  8. In the Set User panel, in the Password boxes, type a password to use with the user name Admin to log on to the console, and then click Next.


NOTE: In MR3 and higher, the password box will not accept special characters. Previous versions would accept those characters but would not pass them, causing a 'failed to connect to database' error upon completion.

When the installation finishes, you have the option of deploying client software with the Migration and Deployment Wizard. Log on to the console with the user name and password that you entered here.

Configuring and deploying client software
The Migration and Deployment Wizard lets you configure a client software package. The Push Deployment Wizard then optionally appears to let you deploy the client software package. If you do not use the Push Deployment Wizard at that time, you can start it manually by using ClientRemote.exe from the \tomcat\bin folder.


Note: This procedure assumes that you deploy client software to 32-bit computers and not to 64-bit computers. This procedure also has you select a folder in which to place installation files. You may want to create this folder before you start this procedure. Also, you need to authenticate with administrative credentials to the Windows Domain or Workgroup that contain the computers.




Deploying client software to computers that run firewalls, and that run Windows XP or Windows Vista, has special requirements. Firewalls must permit remote deployment over TCP port 139. Computers that are in workgroups and that run Windows XP must disable simple file sharing. To prepare the computers that run Windows Vista, read Preparing computers that run Windows Vista for remote client deployment.

To configure client software

  1. In the Management Server Configuration Wizard Finished panel, check Yes, and then click Finish.
  2. In the Welcome to the Migration and Deployment Wizard panel, click Next.
  3. In the What would you like to do panel, check Deploy the client, and then click Next.
  4. In the next unnamed panel, check Specify the name of a new group that you wish to deploy clients to, type a group name in the box, and then click Next.
  5. In the next panel, uncheck any client software that you do not want to install, and then click Next.
  6. In the next panel, check the options that you want for packages, files, and user interaction.
  7. Click Browse, locate and select a folder in which to place the installation files, and then click Open.
  8. Click Next.
  9. In the next unnamed panel, check Yes, and then click Finish.

Do not check Launch Administrator Console. It can take up to 5 minutes to create and export the installation package for your group before the Push Deployment Wizard appears.

To deploy the client software with the Push Deployment Wizard

  1. In the Push Deployment Wizard panel, under Available Computers, expand the trees and select the computers on which to install the client software, and then click Add.
    If you distribute the client to the same computer you work on and Windows Firewall has not been configured to handle Java, it may block this function and pop up a window that asks you to configure it. This window may appear underneath the Push Deployment Wizard, so you may not be able to see it. If the Push Deployment Wizard appears to stop responding, move it to the side to see whether a Windows Firewall window is hidden beneath it.
  2. In the Remote Client Authentication dialog box, type a user name and password that can authenticate to the Windows Domain or Workgroup that contains the computers, and then click OK.
  3. When you have selected all of the computers and they appear in the right pane, click Finish.
  4. When installation completes, click Done.


Logging on to and locating your group in the console
Your first activity is to log on to the console and locate your group.

Logging on to the management console
The management console lets you manage clients.

To log on to the management console

  1. Click Start> Programs> Symantec Endpoint Protection Manager> Symantec Endpoint Protection Manager Console.
  2. In the Symantec Endpoint Protection Manager logon prompt, in the User Name box, type admin.
  3. In the Password box, type the admin password that you created during installation, and then click Log on.


About locating your group in the console
After you log on, you should locate the group that you created during installation. Then verify that the client computers to which you deployed software appear in that group.


Enabling Symantec Network Access Control
If you purchased Symantec Endpoint Protection with Symantec Network Access Control, follow these additional steps to enable Symantec Network Access Control.

To enable Symantec Network Access Control

  1. If Symantec Endpoint Protection Manager Console is open, close it.
  2. Insert the Symantec Network Access Control CD.
  3. In the installation panel, click Install Symantec Network Access Control.
  4. Click Install Symantec Endpoint Protection Manager.
  5. On the Management Server Upgrade dialog, click Next.
  6. Click Continue.
  7. When the Server Upgrade Status log shows Upgrade Succeeded, click Next.
  8. Click Finish.
  9. Log on to the Symantec Endpoint Protection Manager console.
  10. On the Policies tab, click Host Integrity.
  11. In the right pane, click Host Integrity Policy.
  12. Under Tasks, click Assign the Policy.
  13. In the Assign Host Integrity Policy window, check the group to which you want to assign the policy.
  14. Click Assign, and then click Yes to confirm the change.


Symantec Network Access Control is now enabled in Symantec Endpoint Protection Manager and on the clients in the group that you created.

References
"Preparing computers that run Windows Vista for remote client deployment" at:

http://www.symantec.com/business/support/index?page=content&id=TECH102442&locale=en_US

This document is available in the following languages:



Legacy ID



2007082915561148


Article URL http://www.symantec.com/docs/TECH102397


Terms of use for this information are found in Legal Notices