Install Endpoint Protection Manager 12.1 and deploy clients

Article:TECH163580  |  Created: 2011-06-29  |  Updated: 2014-11-24  |  Article URL http://www.symantec.com/docs/TECH163580
Article Type
Technical Solution


Issue



This article describes how to install Symantec Endpoint Protection Manager (SEPM), and then deploy, or install, Symantec Endpoint Protection (SEP) clients.


Solution



These instructions are limited to a fairly basic first-time installation. They apply to both the Enterprise and Small Business Editions, except for differences noted in configuration and licensing. Some optional steps are left out.

For further information at any point, please consult the product help or the implementation guides:

Installing the SEPM and deploying clients involves the following steps:

  • Install and configure SEPM 
  • Manage product licenses
  • Install the SEP clients

 

Install and configure the management server and the console

  1. Review the system requirements for Symantec Endpoint Protection 12.1.
  2. Run <CD drive>:\Setup.exe
  3. Choose Install Symantec Endpoint Protection, then Install Symantec Endpoint Protection Manager.
  4. Click Next.
  5. Accept the license agreement, and click Next.
  6. Assuming default program files location, click Next.
  7. Click Install. The manager installation will next stop at "Configure the management server".
  8. Click Next. The Management Server Configuration Wizard starts.

    Note: This wizard may be re-run later if necessary to change any of the configuration settings after SEPM has been installed and running.
     
  9. Choose the configuration type, Default or Custom; a recovery file is specified only for re-configurations or re-installations.

    • The default configuration is used when you plan to manage less than 100 SEP clients. It will automatically install a local embedded database and use default values for most other choices.
    • The custom configuration is for management of more than 100 clients. It allows you to use the local embedded database or a local/remote Microsoft SQL database, and you can customize most other choices (such as communications ports and encryption password used in client communications).

      Note: In SEP Small Business Edition, there is no option for a recovery file and setup proceeds automatically to the Default configuration; that is the only choice in that version. The wizard otherwise provides some information about each configuration type.
       
  10. Click Next
  11. Configure the options based on the configuration you selected:

    • Default configuration:

      1. Choose company name, password, and email address. The password will be used with the preset user name ("admin") when logging onto the SEPM console. The email address is for the "admin" user.

        Note: Other users may be added to the SEPM console afterwards.

      2. Click Next. You may configure and test email server information used when sending SEPM alerts, or leave blank and configure this later.
      3. Click Next.
      4. Click Next again, and make note of the final summary of configuration settings
      5. Click Next to finish.
         
    • Custom configuration (not available in SEP Small Business Edition):

      1. Choose how many computers you will manage. Less than 100, 100 to 500, 500 to 1000, or more than 1000.
      2. Click Next.
      3. Choose Install my first site. Other choices are for more advanced installations, and may be revisited later.
      4. Click Next.
      5. Default choices are provided for site and server name, server port, web console port, client communications port, web services port, server control port, reporting port, and server data folder. You may customize these choices if you wish.
      6. Click Next.
      7. Choose default embedded database or Microsoft SQL server. Please note that you are responsible for the Microsoft SQL installation.
      8. Click Next. If you chose Microsoft SQL in the previous step, you will next choose "create new database" or "use existing", and then provide SQL authentication details in subsequent dialog.
      9. Click Next.
      10. Choose company name, password, and email address. The password will be used with the preset user name ("admin") when logging onto the SEPM console. The email address is for the "admin" user.

        Note: Other users may be added to the SEPM console afterwards.
         
      11. Click Next.
      12. Choose a random client communications password, or define your own.
      13. Click Next.
      14. Configure and test email server information used when sending SEPM alerts, or leave blank and configure later.
      15. Click Next, Next again, and finish.

        Note: There is no final summary of configuration settings when going through a custom configuration, so be sure to record any settings you wish to recall later. Also, a "disaster recovery file" is automatically generated which includes all these settings (and more), and can be used later if necessary to re-install SEPM with its original settings.
         
  12. Log onto the SEPM console using "admin" and the password you chose during the SEPM configuration: Click Start Programs Symantec Endpoint Protection Manager > Symantec Endpoint Protection Manager.

 

Manage SEP product licenses

SEP is licensed according to the number of SEP clients that are needed to protect the endpoints at your site. Once SEPM is installed, you may immediately deploy clients; you have 60 days to purchase and activate a license that covers all of your deployed clients (30 days in SEP Small Business Edition).

  1. In the SEPM console, click Admin, and then click Licenses.
  2. Under Tasks, click Activate license.
  3. Follow the instructions in the License Activation Wizard to complete the activation process.

 

Install SEP clients

Prepare computers for installing the SEP client deployment by configuring firewalls and communication ports on your servers and workstations, and otherwise prepare operating systems for remote deployment and management of SEP clients.

You may deploy clients via a weblink and email, remote push, or save a package for later local installation or deployment using third-party tools. Only the remote push is described in this section.

  1. In the SEPM console, click the Home tab at left.
  2. On the Home page, in the Common Tasks menu at upper-right, select Install protection client to computers. The Client Deployment wizard starts.
  3. In the Welcome to the Client Deployment Wizard pane, choose "New Package Deployment" and click Next.
  4. Select the client version, the feature set, the client group and content options, and then click Next.
  5. Click Remote Push, and then click Next.
  6. Locate the computers to receive the client software, and then click >> to add the computers to the list.
    • To browse the network for computers, click Browse Network.
    • To find computers by IP address or computer name, click Search Network, and then click Find Computers.
  7. Authenticate with the domain or workgroup if prompted.

    Note: You can set a timeout value to constrain the amount of time the server applies to a search.
     
  8. Click Next.
  9. Click Send to push the client software to the selected computers. Wait while the client software is pushed to the selected computers.
  10. Click Finish. This means that the Manager's work is done, but the installation has started on the client and is most likely still running on the client computers.

    Note: The installation takes several minutes to complete. Depending on the client restart settings of the deployed client, you or the computer users may need to restart the client computers.
     
  11. Confirm the status of the deployed clients in the Clients page of the SEPM console.

 




Article URL http://www.symantec.com/docs/TECH163580


Terms of use for this information are found in Legal Notices