Quick Guide to Installing Symantec Endpoint Encryption 7.x in an Active Directory environment.

Article:TECH131424  |  Created: 2010-01-01  |  Updated: 2011-04-01  |  Article URL http://www.symantec.com/docs/TECH131424
Article Type
Technical Solution


Issue



**PLEASE NOTE** This document is a simplified version of the Installation instructions contained in Chapters 6 and 2 of the SEE-FD Installation Guide (provided with the software) along with a few tips. The information provided outlines only one way of performing the installation in order to simplify the process as much as possible. This is not the definitive guide. Please consult the SEE Installation guide for more the complete and official installation process.**


Solution



Symantec Endpoint Encryption Management Server (SEEMS) 7.x should be installed on a dedicated server running Windows 2003.

**Note: The Symantec Endpoint Encryption Management Server will be referred to as SEEMS in this document.

If you are upgrading from 6.x to 7.x can please consult the following document:
http://service1.symantec.com/support/ent-security.nsf/docid/2010040116263548

Minimum Pre-requisites:

In order to use Active Directory Synchronization, the SEEMS server must be a member of a domain, and the following accounts (which are required for the installation procedure) must be created in that domain:

  1. A Normal Active Directory User account for SEE clients to connect to IIS - e.g. "seeiis" (no special permissions or group memberships required).
  2. A Domain Administrator*** account for synchronization of data between Active Directory and SEEMS - e.g."seeadsync" (only required if Active Directory synchronization is to be enabled).
  3. An Active Directory Account with at least local administrator privileges on the SEEMS server for the installation of SEEMS. A more limited "Policy Administrator" level account should be considered for increased security. See the Installation Guide for more information on this.


***This account must have domain administrator privileges in the same site and/or domain that the SEE Management Server has been joined to. Note that if your corporate security policy prohibits the use of an administrator account, a non-administrator account can be used, provided that it has been granted read permissions to the Active Directory deleted objects container. See “Extending Domain User Rights with DSACLS” on page 80 of the SEE Installation manual.

MS-SQL Accounts (you will be prompted to create these during the installation of SQL or SQL Express):

  1. Mixed-mode superadmin "sa" account.
  2. SEE db access account -e.g. "seedb", created in the database during installation.


SEEMS server pre-installation requirements. The following components need to be installed in Windows 2003:

  1. IIS
  2. Asp.net
  3. .NET 2.0
  4. MMC 3.0


Procedure:

  1. Create AD accounts as outlined above. Use complex passwords to avoid password complexity issues.
  2. If using Windows 2003, install asp.net, .NET 2.0 & IIS on the SEEMS server.
  3. Install SQL 2005 Express SP3 (or SQL 7) with Advanced Services (this includes the Management Studio" option):
    • Add "Management Studio" option (recommended).
    • Select mixed-mode, define "sa" password, then click through.
  4. Run "SQL Surface Area Connections" from SQL menu.
    • Go to "Remote Connections" > "Local and Remote Connections".
    • Select "Using both TCP/IP and named pipes.
  5. Ensure that the SQL Service Logon is set to Local System account
    • Start > Run > Services.msc.
    • Right-click on SQL Service, click on properties.
    • Click on Logon tab.
    • Ensure Local System Account is selected or select it if it is not.
  6. Install SEE Management Server MSI
    • Enter "sa" account details.
    • Enter details for SEE db access account.
    • Choose to Sync with AD and enter the AD Sync account details.
    • Enter SEE IIS account details.
    • Enter IIS http port.
  7. Install Symantec Endpoint Encryption Framework Server installer Package.
    • Select SQL server instance.
    • Enter a SEE Management Password. This is a 16-character password internal to SEEMS that must be retained safely.
  8. Install Group Policy Management Console snap-in ("gpmc.msi" available from Microsoft) to allow policy administration from the SEEMS console.
  9. Install SEE Full Disk Server installer package (if using).
  10. Install SEE Removable Storage installer package (if using).



References
SEE Installation Manual. Chapter 2.

 



Legacy ID



2010040113270648


Article URL http://www.symantec.com/docs/TECH131424


Terms of use for this information are found in Legal Notices