Symantec Endpoint Protection 12.1: Installing the Manager for the first time and deploying clients

Article:TECH163580  |  Created: 2011-06-29  |  Updated: 2013-11-08  |  Article URL
Article Type
Technical Solution


How to install the Symantec Endpoint Protection Manager for the first time and deploy clients.


These instructions are limited to a fairly basic first-time installation. They apply to both the Enterprise and Small Business Editions, except for differences noted in configuration and licensing. Some optional steps are left out. For further information at any point, please consult the product help or the implementation guides:

Symantec Endpoint Protection Implementation Guide
Symantec Endpoint Protection Small Business Edition Implementation Guide

Installing the Symantec Endpoint Protection Manager and deploying clients involves the following steps:

  • Install and configure Symantec Endpoint Protection Manager
  • Manage product licenses
  • Install the Symantec Endpoint Protection clients


Install and configure the management server and the console

  1. Review Symantec Endpoint Protection 12.1 System Requirements.
  2. <CD drive>:\Setup.exe
    Choose "Install Symantec Endpoint Protection", then "Install Symantec Endpoint Protection Manager"
  3. Click Next. Accept the license agreement, and Next again.
  4. Assuming default program files location, click Next and Install.
  5. The manager installation will next stop at "Configure the management server". Click Next.
  6. The Management Server Configuration Wizard starts. This wizard may be re-run later if necessary to change any of the configuration settings after the Manager has been installed and running. Choose the configuration type, Default or Custom; a recovery file is specified only for re-configurations or re-installations. NOTE: in Small Business Edition, there is no option for a recovery file and setup proceeds automatically to the Default configuration; that is the only choice in that version. The wizard otherwise provides some information about each configuration type.

    The default configuration is used when you plan to manage less than 100 Endpoint Protection clients. It will automatically install a local embedded database and use default values for most other choices.

    The custom configuration is for management of more than 100 clients. It allows you to use the local embedded database or a local/remote Microsoft SQL database, and you can customize most other choices (such as communications ports and encryption password used in client communications).

    Click Next.
  7. Default configuration:
    Choose company name, password, and email address. The password will be used with the preset user name ("admin") when logging onto the Endpoint Protection Manager console. The email address is for the "admin" user. Other users may be added to the Endpoint Protection Manager console afterwards. Next. You may configure and test email server information used when sending Endpoint Protection Manager alerts, or leave blank and configure later. Next, Next, make note of the final summary of configuration settings, and Next to finish.

    Custom configuration: (not available in Small Business Edition)
    Choose how many computers you will manage--less than 100, 100 to 500, 500 to 1000, or more than 1000. Click Next. Choose "Install my first site". Other choices are for more advanced installations, and may be revisited later. Next. Default choices are provided for site and server name, server port, web console port, client communications port, web services port, server control port, reporting port, and server data folder. You may customize these choices if you wish. Next. Choose default embedded database or Microsoft SQL server--you are responsible for the Microsoft SQL installation. Next. If you chose Microsoft SQL, you will next choose "create new database" or "use existing", and provide SQL authentication details in subsequent dialog. Next. Provide company name, password, and email address, as in the default configuration above. Next. You must choose a random client communications password, or define your own. Next. You may configure and test email server information used when sending Endpoint Protection Manager alerts, or leave blank and configure later. Next, Next, and finish.

    NOTE: there is no final summary of configuration settings when going through a custom configuration, so be sure to record any settings you wish to recall later. Also, a "disaster recovery file" is automatically generated which includes all these settings (and more), and can be used later if necessary to re-install the Manager with its original settings.
  8. Log onto the Symantec Endpoint Protection Manager console: Start menu->Programs->Symantec Endpoint Protection Manager->Symantec Endpoint Protection Manager and log on using "admin" and the password you chose during the Manager configuration.


Manage product licenses

Symantec Endpoint Protection is licensed according to the number of Symantec Endpoint Protection clients that are needed to protect the endpoints at your site. Once the Symantec Endpoint Protection Manager is installed, you may immediately deploy clients; you have 60 days to purchase and activate a license that covers all of your deployed clients (30 days in Small Business Edition).

  1. In the Symantec Endpoint Protection Manager console, click Admin, and then click Licenses.

  2. Under Tasks, click Activate license.

  3. Follow the instructions in the License Activation Wizard to complete the activation process.


Install the Symantec Endpoint Protection clients

  1. Prepare for client deployment: Configure firewalls and communication ports on your servers and workstations, and otherwise prepare operating systems for remote deployment and management of Endpoint Protection clients. See Steps to prepare computers to install Symantec Endpoint Protection 12.1 client.

    You may deploy clients via a weblink and email, remote push, or save a package for later local installation or deployment using third-party tools. Only the remote push is described here, in the following steps:

  2. In the Symantec Endpoint Protection Manager console, click the Home tab at left.

  3. On the Home page, in the Common Tasks menu at upper-right, select Install protection client to computers. The Client Deployment wizard starts.

  4. In the Welcome to the Client Deployment Wizard pane, choose "New Package Deployment" and click Next.

  5. Select the client version, the feature set, the client group and content options, and then click Next.

  6. Click Remote Push, and then click Next.

  7. Locate the computers to receive the client software, and then click >> to add the computers to the list. To browse the network for computers, click Browse Network. To find computers by IP address or computer name, click Search Network, and then click Find Computers. Authenticate with the domain or workgroup if prompted. Note: You can set a timeout value to constrain the amount of time the server applies to a search. Click Next.

  8. Click Send to push the client software to the selected computers. Wait while the client software is pushed to the selected computers.

  9. Click Finish. This means that the Manager's work is done, but the installation has started on the client and is most likely still running on the client computers. The installation takes several minutes to complete. Depending on the client restart settings of the deployed client, you or the computer users may need to restart the client computers.

  10. Confirm the status of the deployed clients in the Clients page of the Manager console.


Article URL

Terms of use for this information are found in Legal Notices