Installing Symantec Endpoint Protection 11.0.5 (RU5) for the first time

Article:TECH96203  |  Created: 2009-01-17  |  Updated: 2010-01-13  |  Article URL http://www.symantec.com/docs/TECH131651
Article Type
Technical Solution

Product(s)

Issue



This document describes the procedure for installing Symantec Endpoint Protection 11.0.5 (RU5) on a system that has no current Symantec Endpoint Protection software.


Solution




Installing and configuring Symantec Endpoint Protection Manager
Installing management software for the first time is divided into two parts. The first part installs the Symantec Endpoint Protection Manager. The second part installs and configures the Symantec Endpoint Protection Manager database. In the first, you can accept all defaults. In the second part, you must add at least one custom value, which is a password.


Notes:
  • Management software does not include Symantec Endpoint Protection or any other client software that is managed.
  • Internet Information Services (IIS) must be installed before installation of the Symantec Endpoint Protection Manager.


Pre-installation check
Download and run the Symantec Endpoint Protection Support Tool in order to ensure that the installation environment is configured correctly for installing the manager. This step is optional but recommended.

To download the tool, see the document The Symantec Endpoint Protection Support Tool.

To install Symantec Endpoint Protection Manager
  1. Do one of the following:
    • If you have the installation CD, insert the CD and run setup.exe.
    • If you downloaded the installation files, open the CD1 folder and run setup.exe.
  2. On the installation screen, click Install Symantec Endpoint Protection Manager.
  3. On the Welcome pane of the Installation Wizard, click Next.
  4. In the License Agreement panel, check I accept the terms in the license agreement, and then click Next.
  5. In the Destination Folder panel, accept or change the installation path, then click Next.
  6. On the Select Web site panel, do one of the following:
    • To configure the Symantec Endpoint Protection Manager as a custom web site within IIS (with a unique port and entry in IIS) check Create a custom Web site (recommended), verify or change the TCP port number to one that is not currently in-use, and then click Next. This option is recommended because it makes it less likely that the Endpoint Protection Manager web site will conflict with another web site.
    • To configure the Symantec Endpoint Protection Manager as a web page within the default web site (which will share the port in use by other pages within the default web site, port 80 by default) check Use the default Web Site. This option can be problematic because it increases the chance that the Endpoint Manager web site will conflict with another web site.
  7. In the Ready to Install the Program panel, click Install.
  8. When the installation finishes and the Install Wizard Complete panel appears, click Finish.
  9. Wait for the Management Server Configuration Wizard panel to appear, which can take up to 15 additional seconds.

Configuring Symantec Endpoint Protection Manager
This phase of the installation process installs and configures the Symantec Endpoint Protection Manager database. Before you can complete this phase, you must decide whether you will use the embedded database or Microsoft SQL. Installing with the embedded database is the easiest way to install Symantec Endpoint Protection Manager. The embedded database supports up to 5,000 clients.

To configure Symantec Endpoint Protection Manager
  1. In the Management Server Configuration Wizard panel, select either Simple or Advanced mode.
    • If you want to use Microsoft SQL for the database, you must choose Advanced mode. If you want to use the embedded database, you can choose either Simple or Advanced mode.
    • If you choose to configure the management server in Simple mode, the password that is specified for the Administrator account is also the encryption password. If you change the Administrator password later, the encryption password does not change.
  2. Click Next.

Simple install configuration
  1. The User Name is preset to admin.
  2. Provide and confirm a password of 6 or more characters.
    The password is the admin account password that you use to log on to the Symantec Endpoint Protection Manager console. The password is also used as the encryption password necessary for disaster recovery and for adding optional Enforcers. After installation, the encryption password does not change, even if the password for the admin account is changed.

    Document this password for when you install Symantec Endpoint Protection in your production environment.

    Note: Do not use special characters (%*&!?/) when creating your password, as special characters are not compatible with the database encryption process.
  3. Optionally, provide an administrator email address.
  4. Click Next.
  5. Review the Management Server Configuration details to verify install parameters.
  6. Click Next to begin the installation.
    It can take several minutes for the installation to create the database.
  7. In the Management Server Configuration Wizard Completed panel, do one of the following:
  8. To deploy client software with the Migration and Deployment Wizard, click Yes, and then click Finish.
  9. To log on to the Symantec Endpoint Protection Manager console first, and then deploy client software, click No, and then click Finish.

Advanced install configuration
  1. Choose the approximate size of your environment, and then click Next.
  2. In the Site Type panel, check Install my first Site, and then click Next.
  3. In the Server Information panel, accept or change the default values for the following boxes, and then click Next:
    • Server Name
    • Server Port
    • Web Console Port
    • Server Data Folder
  4. In the Site Name panel, in the Site name box, accept or change the default name, and then click Next.
  5. In the Encryption Password panel, provide and confirm a password of , and then click Next.
    The password is the admin account password that you use to log on to the Symantec Endpoint Protection Manager console. The password is also used as the encryption password necessary for disaster recovery and for adding optional Enforcers. After installation, the encryption password does not change, even if the password for the admin account is changed.

    Document this password for when you install Symantec Endpoint Protection in your production environment.

    Note: Do not use special characters (%*&!?/) when creating your password, as special characters are not compatible with the database encryption process.
  6. In the Database Server Choice panel, check either Embedded Database or Microsoft SQL Server, and then click Next.
    If you choose Microsoft SQL Server, there are specific configuration requirements for SQL Server. For more information, see "About SQL Server configuration settings" on page 65 of the Installation Guide, and the installation and configuration instructions beginning on page 70.
  7. In the system administrator account panel, provide and confirm a password of 6 or more characters. Optionally, provide an administrator email address.
  8. Click Next.
  9. Use the user name and password that you set here to log on to the console for the first time.
    Wait while the installation creates the database, which can take several minutes.
  10. In the Management Server Configuration Wizard Completed panel, do one of the following:
    • To deploy client software with the Migration and Deployment Wizard, click Yes, and then click Finish.
    • To log on to the Symantec Endpoint Protection Manager console first, and then deploy client software, click No, and then click Finish.



Configuring and deploying client software
The Migration and Deployment Wizard lets you configure a client software package. The Push Deployment Wizard then optionally appears to let you deploy the client software package. If you do not use the Push Deployment Wizard at that time, you can start it manually by using ClientRemote.exe from the \tomcat\bin folder.


Note: This procedure assumes that you deploy client software to 32-bit computers and not to 64-bit computers. This procedure also has you select a folder in which to place installation files. You may want to create this folder before you start this procedure. Also, you need to authenticate with administrative credentials to the Windows Domain or Workgroup that contain the computers.


Deploying client software to computers that run firewalls, and that run Windows XP or Windows Vista, has special requirements. Firewalls must permit remote deployment over TCP port 139. Computers that are in workgroups and that run Windows XP must disable simple file sharing. To prepare the computers that run Windows Vista, read Preparing computers that run Windows Vista for remote client deployment.

Pre-installation check
You can run the Symantec Endpoint Protection Support Tool on clients in order to ensure that the installation environment is configured correctly for a successful installation. This step is optional but recommended. In larger environments, it may be more feasible to use the tool only in the case of failed installations.

To download the tool, see the document The Symantec Endpoint Protection Support Tool.


To configure client software
  1. Start the Migration and Deployment Wizard by doing one of the following:
    • On the Windows Start menu, click Start > Programs > Symantec Endpoint Protection Manager > Migration and Deployment Wizard.
    • In the Management Server Configuration Wizard Finished panel, check Yes, and then click Finish.
  2. In the Welcome to the Migration and Deployment Wizard panel, click Next.
  3. In the What would you like to do panel, check Deploy the client, and then click Next.
  4. In the next panel, check Specify the name of a new group that you wish to deploy clients to, type a group name in the box, and then click Next.
  5. In the next panel, uncheck any types of protection that you do not want to install, and then click Next.
  6. In the next panel, check the options that you want for packages, files, and user interaction.
  7. Click Browse, locate and select a folder in which to place the installation files, and then click Open.
  8. Click Next.
  9. In the next panel, check Yes, and then click Finish.
Do not check Launch Administrator Console. It can take up to 5 minutes to create and export the installation package for your group before the Push Deployment Wizard appears.

To deploy the client software with the Push Deployment Wizard
  1. In the Push Deployment Wizard panel, under Available Computers, expand the trees and select the computers on which to install the client software, and then click Add.
    If you distribute the client to the same computer you work on and Windows Firewall has not been configured to handle Java, it may block this function and pop up a window that asks you to configure it. This window may appear underneath the Push Deployment Wizard, so you may not be able to see it. If the Push Deployment Wizard appears to stop responding, move it to the side to see whether a Windows Firewall window is hidden beneath it.
  2. In the Remote Client Authentication dialog box, type a user name and password that can authenticate to the Windows Domain or Workgroup that contains the computers, and then click OK.
  3. When you have selected all of the computers and they appear in the right pane, click Finish.
  4. When installation completes, click Done.


Logging on to and locating your group in the console
Your first activity is to log on to the console and locate your group.

To log on to the management console
  1. Click Start> Programs> Symantec Endpoint Protection Manager> Symantec Endpoint Protection Manager Console.
  2. In the Symantec Endpoint Protection Manager log-on prompt, in the User Name box, type admin.
  3. In the Password box, type the admin password that you created during installation, and then click Log on.

About locating your group in the console
After you log on, you should locate the group that you created during installation. Then verify that the client computers to which you deployed software appear in that group.


Enabling Symantec Network Access Control
If you purchased Symantec Endpoint Protection with Symantec Network Access Control, follow these additional steps to enable Symantec Network Access Control.

To enable Symantec Network Access Control
  1. If Symantec Endpoint Protection Manager Console is open, close it.
  2. Insert the Symantec Network Access Control CD or open the downloaded CD3 folder.
  3. In the installation panel, click Install Symantec Network Access Control.
  4. Click Install Symantec Endpoint Protection Manager.
  5. On the Management Server Upgrade dialog, click Next.
  6. Click Continue.
  7. When the Server Upgrade Status log shows Upgrade Succeeded, click Next.
  8. Click Finish.
  9. Log on to the Symantec Endpoint Protection Manager console.
  10. On the Policies tab, click Host Integrity.
  11. In the right pane, click Host Integrity Policy.
  12. Under Tasks, click Assign the Policy.
  13. In the Assign Host Integrity Policy window, check the group to which you want to assign the policy.
  14. Click Assign, and then click Yes to confirm the change.

Symantec Network Access Control is now enabled in Symantec Endpoint Protection Manager and on the clients in the group that you created.







Legacy ID



2009091711210648


Article URL http://www.symantec.com/docs/TECH131651


Terms of use for this information are found in Legal Notices