Steps to prepare computers to install Symantec Endpoint Protection 12.1.x client

Article:TECH163112  |  Created: 2011-06-23  |  Updated: 2014-05-28  |  Article URL http://www.symantec.com/docs/TECH163112
Article Type
Technical Solution


Issue



You must prepare your computers for installation before you install Symantec Endpoint Protection 12.1.x client.


Solution



These instructions apply to both the enterprise version and the Small Business Editions of Symantec Endpoint Protection 12.1.x client. For more specific details at any point, please consult the in-product help or the documentation specific to your version of Symantec Endpoint Protection:

 

You should take the following steps on all computers onto which you install the client:

  • Uninstall currently installed third-party security software or legacy Symantec virus protection software
  • Uninstall any third-party security software. Symantec Endpoint Protection version 12.1.1.1 (12.1. RU1 MP1) and later includes a tool to help automatically uninstall select third-party security software programs. See Related Articles for more details.

    Otherwise, for older builds or in general, you can use the Windows Control Panel to uninstall programs. Some programs, however, have special uninstallation routines. See the documentation for the third-party software.

    Uninstall any legacy Symantec virus protection software, such as Symantec AntiVirus, if migration is not supported or if you do not plan to migrate the settings.
     

  • Set administrative rights to your client computers

  • To install the client software, you need administrative rights to the computer or to the Windows domain. If you do not want to provide users with administrative rights to their computers, use Remote Push to remotely install the client software. Remote Push requires you to have local administrative rights to the computers. Remote Push is an option available through the Client Deployment Wizard, which can be found by clicking Home > Common Tasks > Install protection client to computers.
     

  • Prepare computers for remote deployment and management
  • Modify firewall settings to allow communication between Symantec Endpoint Protection components:

    • Push deployment ports, used on management servers and clients: TCP 139 and 445, UDP 137 and 138, and TCP ephemeral ports.
    • For legacy communications, open UDP port 2967 on all computers.
    • General communication: TCP 8014 (HTTP)/TCP 443 (HTTPS) are the default ports for communication between the management server and the client. These ports may be customized.
    • See Related Articles for more information on communication ports.

    Prepare Windows XP or Windows Server 2003 computers that are installed in workgroups: Windows XP or Windows Server 2003 computers that are installed in workgroups do not accept remote deployment by default. To permit remote deployment, disable Simple File Sharing. For more information see the following Microsoft Knowledge Base article: http://support.microsoft.com/kb/307874

    Note: This limitation does not apply to computers that are part of a Windows domain. 

    You may also need to perform the following tasks:

    • Ensure that the Administrator account does not have a blank password.
    • Disable the Windows Firewall, or allow the required ports for communication between Symantec Endpoint Protection and Symantec Endpoint Protection Manager.
    • See Related Articles.

    Prepare Windows Vista, Windows 7, or Windows Server 2008 / 2008 R2 computers: Windows User Access Control blocks local administrative accounts from remotely accessing remote administrative shares such as C$ and Admin$. You do not need to fully disable User Account Control on the client computers during the remote deployment if you disable the registry key LocalAccountTokenFilterPolicy. For more information, see the following Microsoft Knowledge Base article: http://support.microsoft.com/kb/951016

    If the Windows client computer is part of an Active Directory domain, you should use domain administrator account credentials for Remote Push.

    In addition, perform the following tasks:

    • Disable the Windows Firewall, or configure the firewall to allow the required traffic.
    • Disable the Sharing Wizard.
    • Enable network discovery by using the Network and Sharing Center.
    • Enable the built-in administrator account and assign a password to the account.
    • Verify that the account has administrator privileges.
    • Disable or remove Windows Defender.
       

    Prepare Windows 8 or Windows Server 2012 computers*, Windows 8.1 or Windows Server 2012 R2 computers**, or Windows 8.1 Update 1 or Windows Server 2012 R2 Update 1***: Before you deploy, perform the following tasks:

    • Disable the Windows Firewall, or configure the firewall to allow the required traffic.
    • To allow the correct access for User Access Control, create the registry key LocalAccountTokenFilterPolicy as described above.
    • Enable and start the Remote Registry service.
    • Disable or remove Windows Defender.

    * = Supported by Symantec Endpoint Protection 12.1.2 (12.1 RU2) or later
    ** = Supported by Symantec Endpoint Protection 12.1.4 (12.1 RU4) or later
    *** = Supported by Symantec Endpoint Protection 12.1.4.1 (12.1 RU4 MP1)
     

    Prepare Windows Server 2003 computers for installation using a remote desktop connection: The Symantec Endpoint Protection Manager requires access to the system registry for installation and normal operation. To prepare a Windows Server 2003 computer on which you plan to use a remote desktop connection to install Symantec Endpoint Protection Manager, perform the following tasks:

    • Configure the Windows Server 2003 computer to allow remote control.  
      See the following Microsoft Knowledge Base article: http://support.microsoft.com/kb/814590
    • Connect to the Windows Server 2003 computer from a remote computer by using a remote console session, or by shadowing the console session.
      See the following Microsoft Knowledge Base article: http://support.microsoft.com/kb/278845




Article URL http://www.symantec.com/docs/TECH163112


Terms of use for this information are found in Legal Notices