Today I am going to share some experience and expertise during the DLP agent deployment.
There are basically 3 methods or you may have some other idea to deploy DLP agents on all machines.
Deploy DLP Endpoint Agent By Active Directory GPO
Installing the DLP Endpoint Agent with Altiris
Manual installation on each machine (if machines are less)
before following any of above method, you must modify your installation script with respective Endpoint Server and Uninstallation Password. This both parameter are very important during the installation. After agent installation all agents will point to specific endpoint server and communicate to report DLP incidents and Uninstallation password is used during removal /uninstallation of DLP agents whenever it required for any reason.
Steps to create Uninstallation Password for DLP agent installation
- Copy the Endpoint tools to c: drive or anywhere you wish to keep (c: is always recommended), you will find this tools in endpoint agent tools in fileconnect.
- Open the command prompt and go the drive where the endpoint tools are stored and run the command
- In above, UninstallPwdKeyGenarator.exe is tool which generates the hash value with the help of PGPsdk.dll this hash value must be added in installation Uninstallation parameter.If you directly copy/input any plaintext password in installation script except generating hash, the agent will install but during the Uninstallation ,it will not accept the your correct plaintext password and popup with caplock or wrong password error. So keep in mind that either keep hash generated password or without any unistallation password.
- Copy and paste hash value in install.bat file provided by Symantec and add Uninstallation password parameter into it. You should also insert Endpoint Server host/ip address as well as ARPSYSTEMCOMPONENT value 1 or 0. 0 value will show the agent installed in add/remove program of machine and 1 will hide it.
- Save the install.bat file with these values and copy to the folder where AgentInstall.msi file and Agent.ver is stored. Now you either install with manually or whatever tools and technique you want to use.
- If you are planning to install DLP agent with Altiris(Symantec Management console ) then you need to update the script with above parameter as shown below
7. Post installation, you will see the wdp and edpa two services are running in process manager as well as in services.msc. In program files folder ,
with name of Manufacturer and subfolder endpoint agent named installation folder you will see with folder size 83-84 MB
- Installation folder
- Running processes
- Running services WDP and EDPA in Sevices.msc
I made my hard effort to present and explain the best. I hope you all will like and appreciate.