Deploy DLP Endpoint Agent By Active Directory GPO
To deploy DLP Endpoint Agent on an enterprise environment that already has Active Directory, you can create a mst file and use Group Policy Objects (GPO) to deploy the agent.
You need to the tool named ORCA to create the MST file.
Here are the steps:
1. Right click the AgentInstall.msi, select 'Edit with Orca'.
2. Choose 'Transform' menu, select 'New Transform':
3. Select 'Property' under the 'Tables' list:
4. Choose 'Tables' menu, select 'Add Row':
5. For the value of 'Property', type 'ENDPOINTSERVER', for the value of 'Value', type the hostname or IP address of the endpoint server:
6. Click 'OK' to add this row to the 'Property' table, so, the 'Property' table should look like this:
7. Choose 'Transform' menu, select 'Generate Transform':
An .mst file will be saved.
8. Create a bat file to use the msiexec command and use the mst file:
the command of the bat file looks like this:
msiexec /i \\dc\dlp\AgentInstall.msi TRANSFORMS=\\dc\dlp\AgentInstall.mst /q
9. Edit the Group Policy of the AD, select the bat script created on step 8 for the startup script:
Then, during the startup of the client machine, the DLP Endpoint Agent will be installed by the startup script:
Comments 10 Comments • Jump to latest comment
good
BUt yang , Will it install DLp Agents on all machines. Please explian.And due to start up script will it installation precess every time when user loging.
Good question.
The Startup Script is a part of the GPO, that's mean, this script will be deploy to the OU. So, all the machine under this OU will run this script to install the DLP agent.
And, here I just write a very simple script, you can add some if-then-else in the begining of the script to determine whether the DLP agent had been installed on this endpoint.
So does this install only once via GPO or does it check every time you start up?
ORCA - is that the utility from Microsoft Windows SDK?
STS: DLP and Storage Foundation for Windows
If this post was helpful please vote +1
If this post was useless or just for points please vote -1
check this link
http://msdn.microsoft.com/en-us/library/windows/desktop/aa370557(v=vs.85).aspx
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
good job. should put inside DLP document.
Is there some way to add the uninstall password to the transform file?
How can we deploy this and also configure the uninstall password?
Really nice and helpful Article.
Thanks.
Can you please tell me how to create the transform file to include the encryption key? Should I just add a row and use the Property of "encryption key" with a value of "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" ?
Also can you write out the batch file that will check for an installed instance and then ignore installation if present?
I apologize as I am a noob to these Transform files.
Thanks!
Would you like to reply?
Login or Register to post your comment.