Steps to prepare computers to install Symantec Endpoint Protection 12.1 client
|Article:TECH163112|||||Created: 2011-06-23|||||Updated: 2013-11-01|||||Article URL http://www.symantec.com/docs/TECH163112|
You must prepare your computers for installation before you install Symantec Endpoint Protection 12.1 client.
These instructions apply to both the Enterprise and Small Business Editions of Symantec Endpoint Protection 12.1 client. For more specific details at any point, please consult the product help or the implementation guides: Symantec Endpoint Protection Implementation Guide or Symantec Endpoint Protection Small Business Edition Implementation Guide
The following steps should be taken on all computers on which you install the client:
- Uninstall currently installed virus protection software
- Set administrative rights to your client computers
- Prepare computers for remote deployment and management
- Push deployment ports, used on management servers and clients: TCP 139 and 445, UDP 137 and 138, and TCP ephemeral ports.
- For legacy communications, open UDP port 2967 on all computers.
- General communication: TCP 8014 (HTTP)/TCP 443 (HTTPS) for management servers. These are the default ports, and may be customized. See Symantec Endpoint Protection 12.1: How to Change the ports used for communication between the Manager and clients.
- Disable the File Sharing Wizard.
- Enable network discovery by using the Network and Sharing Center.
- Enable the built-in administrator account and assign a password to the account.
- Verify that the account has administrator privileges.
- Configure a server that runs Windows Server 2003 to allow remote control.
- Connect to the server from a remote computer by using a remote console session, or shadow the console session.
Uninstall any third-party virus protection software. In general, you can use the Windows Add or Remove Programs tool to uninstall programs. However, some programs have special uninstallation routines. See the documentation for the third-party software.
Uninstall any legacy Symantec virus protection software if you do not plan to migrate the settings.
To install the client software, you need administrative rights to the computer or to the Windows domain. If you do not want to provide users with administrative rights to their computers, use Remote Push Installation to remotely install the client software. Remote Push Installation requires you to have local administrative rights to the computers.
Modify firewall settings to allow communication between Symantec Endpoint Protection Small Business Edition components:
Prepare Windows XP computers that are installed in workgroups: Windows XP computers that are installed in workgroups do not accept remote deployment. To permit remote deployment, disable Simple File Sharing. Note: This limitation does not apply to computers that are part of a Windows domain. Detailed instructions are provided in the following document: http://www.symantec.com/business/support/index?page=content&id=TECH102867
Prepare Windows Vista, Windows Server 2008, or Windows 7 computers: Windows User Access Control blocks local administrative accounts from remotely accessing remote administrative shares such as C$ and Admin$. Perform the following tasks:
Prepare Windows Server 2003 computers for installation using a remote desktop connection: The Symantec Endpoint Protection Manager requires access to the system registry for installation and normal operation. To prepare a computer to install Symantec Endpoint Protection Manager using a remote desktop connection, perform the following tasks:
Article URL http://www.symantec.com/docs/TECH163112