Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Data Loss Prevention endpoint agent unattended installation

Created: 07 Dec 2012 • Updated: 10 Jun 2013 | 14 comments
V-Kind's picture
This issue has been solved. See solution.

Could you please share your experience on Data Loss Prevention endpoint agents unattended installation.

I'm now trying to setup agents, using Windows Server group policies, but these require .msi files to be preconfigured first.

Maybe you know how to do this. Or how to use Symantec Management Platform (I don'd have one) for smooth deployment? 

Comments 14 CommentsJump to latest comment

pete_4u2002's picture

yes, use the .msi , replace XXX with the correct server IPand key for uninstall

msiexec /i \\DLP\64\AgentInstall64.msi /q INSTALLDIR="C:\Program Files\Manufacturer\Endpoint Agent\" ENDPOINTSERVER="X.X.X.X" KEY="" UNINSTALLPASSWORDKEY="XXXXXX" SERVICENAME="EDPA" WATCHDOGNAME="WDP" ARPSYSTEMCOMPONENT="1"

V-Kind's picture

Pete, thank you for reply. I know that endpoint agent could be installed that way in elevated command prompt mode. This is the only way I can do this now. The only way that works. But this way is manual. I want agents to be installed in automated mode.

What I am doing now is trying to use Windows Server group policies (GPO) to install agents from network location. But the problem is that .msi files that require parameters during installation should be accompanied with correct .mst file. Don't know how to generate one with the correct settings for enpoint server IP, port etc that is in the .bat file. Any thoughts?

Artem's picture

Hello,

yang_zhang created a detailed description for deploy DLP endpoint agent by active directory GPO. Please, see here: https://www-secure.symantec.com/connect/articles/deploy-dlp-endpoint-agent-active-directory-gpo

SOLUTION
kishorilal1986's picture

After 8 and 9 ver, I think there is no requirement of .msi package. I think using Altiris it will be more easy to deploy the agents on machines.

You can refer below useful links which will surely give u some idea

https://www-secure.symantec.com/connect/articles/i...

https://www-secure.symantec.com/connect/blogs/depl...

 https://www-secure.symantec.com/connect/articles/deploy-dlp-endpoint-agent-active-directory-gpo

UFO's picture

Using Altiris is very promising. I have tried to install the Management Platform - not that easy. Nice idea anyway (I mean - using native Symantec product ot deploy).

STS: DLP

stumunro's picture

UFO,

do you neeed the info to setup the integrated componet for Altiris? if so let me know i have the instructions.

UFO's picture

Hi

thanks. it seems that this guide was written very quickly. Why do we need to look for such kind of guides here on Connect or elsewhere? Why this is not included in DLP manual? Questions are not to you, of course. thanks for the link again.

STS: DLP

TSPARR's picture

I'm trying to do an unattended installation, but I can't seem to get it to take on multiple endpoint servers as a parameter. Just an example of what I'm doing:

msiexec /i AgentInstall64v2.msi
INSTALLDIR="%SYSTEMDRIVE%\Program Files\Manufacturer\Endpoint Agent\"
ENDPOINTSERVER="XXX.XXX.XXX.XXX;XXX.XXX.XXX.XXX" 
KEY="" 
UNINSTALLPASSWORDKEY=""
SERVICENAME="EDPA"
WATCHDOGNAME="WDP"
ARPSYSTEMCOMPONENT="1"
 
And then what I get when I go through and verify settings: http://i.imgur.com/X82y8.png
 
 
Anyone have any ideas how to make this work?
pete_4u2002's picture

seems to be right, has the install been done? specify port number with columnn unless default port is other than 8000 10.67.20.36:8002

ex: ENDPOINTSERVER="epserver.company.com;10.67.20.36"

TSPARR's picture

Well therein lies the issue. It does seem to be right and for all intents and purposes it should work, but if you look at the image link I posted, the parameters aren't being entered correctly into the program. We did go through with the install, but the computer never communicates with the server because of this. 

pete_4u2002's picture

i saw the image, keep the 1 enpoint server in 1 text field the other has to be in next text field. check if this works, if it does not then there could be a firewall thats blocking the communication.

UFO's picture

You should be right. Separate fields for separate servers. And what about endpoints? This approach works as endpoint agent configuration for one enpoint that will be communicating with several servers. How to populate this scenario to all endpoints in company?

STS: DLP

UFO's picture

Who can do this unattended installation - please share your experience.

STS: DLP