How to deploy the Symantec Endpoint Protection client for Macintosh using Apple Remote Desktop 3.x

Article:TECH160427  |  Created: 2011-05-19  |  Updated: 2014-09-29  |  Article URL http://www.symantec.com/docs/TECH160427
Article Type
Technical Solution


Environment

Issue



The Symantec Endpoint Protection Manager (SEPM) cannot distribute the Symantec Endpoint Protection for Macintosh (SEP for Mac) client to Macintosh workstations via the Client Deployment Wizard (SEPM 12.1.x) or the Find Unmanaged Computers task (SEPM 11.x). A SEPM administrator has Macintosh clients that must have the SEP for Mac client software installed, and has access to the  third-party software distribution program Apple Remote Desktop (ARD).


Solution



NOTE: These steps are provided for convenience only and are not supported by Symantec.  For SEP 12.1 RU5 and above, see Installing clients with Remote Push

Using ARD for Symantec Endpoint Protection versions 12.1 through 12.1.3

The initial deploy of the SEP for Mac client will be the unmanaged installer package located in the SEP_MAC folder. On a Macintosh, open this folder and double click the Symantec Endpoint Protection.dmg file to mount the disk image to the desktop. Copy the .pkg file on the disk image to the desktop to be used with ARD.

ARD can either directly distribute the package, or a Task Server can be used to distribute the package when clients come online for package distribution. To distribute directly with ARD:

  1. Launch ARD.
  2. Select a group of computers in the Remote Desktop window.
  3. Choose the target systems within the group selected that will have the SEP for Mac client installed to it.
  4. Click Interact > Lock Screen and then click Lock Screen to prevent the SEP for Mac install GUI from appearing on screen.
  5. Click Manage > Install Packages and select the SEP for Mac .pkg installer file.
  6. SEP for Mac requires a logout of the client system after installation. This is not an option available in ARD. Choose to restart the client systems after installation. Optionally, choose the option available to attempt the restart and to allow the Users to save documents, etc.
  7. Choose the option to run the task from This Application.
  8. Click Install.

To distribute with a Task Server:

  1. Ensure the Task Server is configured properly according to the ARD Administrator's Guide.
  2. Launch ARD.
  3. Select a group of computers in the Remote Desktop window.
  4. Choose the target systems within the group selected that will have the SEP for Mac client installed to it.
  5. Click Manage > Install Packages and select the SEP for Mac .pkg installer file.
  6. Select the Task Server to run the install from that is set up in the ARD preferences.
  7. Click Install.

This will install an unmanaged SEP for Mac client to the remote clients. Once this is done, the sylink.xml file for the appropriate group that the client will become a member of can be distributed. First, the sylink.xml will need to be exported from the SEPM:

  1. Log into the SEPM.
  2. Click the Clients tab.
  3. Right-click on the group from which you wish to export the sylink.xml file and then click Export Communication Settings....
  4. Browse to the desktop, or to the folder to which you wish to save the sylink.xml file and then save the file. Note that by default the SEPM will save the file prefixed with the path to the group that the sylink.xml file is generated from. Please ensure that the file itself when being sent to the Macintosh clients is simply "sylink.xml" (without quotes).

Next, the sylink.xml file will need to be copied remotely via ARD to the Macintosh clients:

Copy the sylink.xml file to the Macintosh, or insure that it is accessible from the Macintosh that is running ARD.

  1. Launch ARD.
  2. Select a group of computers in the Remote Desktop window.
  3. Click Manage > Copy Items.
  4. You can now drag and drop the sylink.xml file or click Add to select the sylink.xml file.
  5. In the pop-up menu for "Place items in:" select Specify full path and enter this pathinto which to copy the file: /Library/Application Support/Symantec/SMC/
  6. If you wish, you may now opt to schedule the copy of the file to the designated clients with Schedule... in the lower left corner.
  7. Once the settings are confirmed, click Copy to begin the process.

After the copy is complete, upon the next reboot of the Mac client, the sylink.xml file will be processed and the client will become managed, connect to the SEPM and download any appropriate policies.
 

Using ARD for Symantec Endpoint Protection version 11.x

To use ARD to deploy the SEP for Mac client, the client software will first need to be exported from the SEPM:

  1. Log onto the SEPM.
  2. Click the Admin tab and then click Install Packages.
  3. Right-click on the SEP for Mac install package and click Export.
  4. Select the group in which the SEP for Mac clients will be a member. Browse and select the location to which the exported file will be saved.
    NOTE: If accessing the SEPM via the web console, you will not be able to click the Browse button, but you will be prompted to save the package as it is downloaded to your system.
  5. Click OK to save the exported package/download the exported package.

Once the SEP for Mac package is exported from the SEPM it can be distributed to the Macintosh client systems with ARD. To prepare the package:

  1. Copy the exported SEP for Mac client package to the Macintosh system running ARD.
  2. Double-click the package to unzip the file into the .mpkg file used for distribution and installation.

ARD can either directly distribute the package, or a Task Server can be used to distribute the package when clients come online for package distribution. To distribute directly with ARD:

  1. Launch ARD.
  2. Select a group of computers in the Remote Desktop window.
  3. Choose the target systems within the group selected that will have the SEP for Mac client installed to it.
  4. Click Interact > Lock Screen and then click Lock Screen to prevent the SEP for Mac install GUI from appearing on screen.
  5. Click Manage > Install Packages and select the unzipped SEP for Mac .mpkg installer file.
  6. SEP for Mac requires a logout of the client system after installation. This is not an option available in ARD. Choose to restart the client systems after installation. Optionally, choose the option available to attempt the restart and to allow the Users to save documents, etc.
  7. Choose the option to run the task from This Application.
  8. Click Install.

To distribute with a Task Server:

  1. Ensure the Task Server is configured properly according to the ARD Administrator's Guide.
  2. Launch ARD.
  3. Select a group of computers in the Remote Desktop window.
  4. Choose the target systems within the group selected that will have the SEP for Mac client installed to it.
  5. Click Manage > Install Packages and select the unzipped SEP for Mac .mpkg installer file.
  6. Select the Task Server from which to run the install that you have established the ARD preferences.
  7. Click Install.

 





Article URL http://www.symantec.com/docs/TECH160427


Terms of use for this information are found in Legal Notices