Symantec Endpoint Encryption Full Disk



Similar documents
4cast Client Specification and Installation

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Symantec AntiVirus Corporate Edition Patch Update

Distributing SMS v2.0

DriveLock Quick Start Guide

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Both MS Windows 2000 Server and MS System Management Server (SMS) support this type of network installation.

PowerMapper/SortSite Desktop Deployment Guide v Introduction

NetWrix Password Manager. Quick Start Guide

Aspera Connect User Guide

Installation Manual (MSI Version)

Compatibility with Encryption Products

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Symantec Endpoint Encryption Full Disk

DeviceLock Management via Group Policy

DeviceLock Management via Group Policy

How to Configure a Secure Connection to Microsoft SQL Server

Symantec Endpoint Encryption Full Disk

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012

Sharpdesk V3.5. Push Installation Guide for system administrator Version

Symantec Endpoint Encryption Full Disk

Symantec Endpoint Encryption Full Disk

White Paper. Network Installation of ScanSoft PDF Create! 2

SafeGuard Easy upgrade guide. Product version: 7

Cloud Attached Storage

Symantec Endpoint Encryption Removable Storage

ACTIVE DIRECTORY DEPLOYMENT

Sophos Anti-Virus for NetApp Storage Systems startup guide

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # )

NSi Mobile Installation Guide. Version 6.2

Browser-based Support Console

Trusted Stackware series. Rev D.O.I-Net Co., Ltd. Document No.:TST E

Specops Command. Installation Guide

Step-by-Step Guide for Setting Up VPN-based Remote Access in a

Wavecrest Certificate

SafeGuard Easy startup guide. Product version: 7

Install the Production Treasury Root Certificate (Vista / Win 7)

Installing and Configuring vcenter Multi-Hypervisor Manager

Windows Server Update Services 3.0 SP2 Step By Step Guide

Symantec Endpoint Encryption Full Disk Release Notes

Symantec Endpoint Encryption Full Disk

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES

Administrator s Guide

Citrix EdgeSight for Load Testing Installation Guide. Citrix EdgeSight for Load Testing 3.8

Promap V4 ActiveX MSI File

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

SELF SERVICE RESET PASSWORD MANAGEMENT GPO DISTRIBUTION GUIDE

Kaseya Server Instal ation User Guide June 6, 2008

SafeGuard Enterprise upgrade guide. Product version: 6.1

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Sophos for Microsoft SharePoint startup guide

Active Directory Software Deployment

safend a w a v e s y s t e m s c o m p a n y

Foxit Reader Deployment and Configuration

DX8100 Series Symantec AntiVirus Corporate Edition Installation Instructions. Version

SafeGuard Enterprise upgrade guide. Product version: 7

HTTP Server Setup for McAfee Endpoint Encryption (Formerly SafeBoot) Table of Contents

Universal Management Service 2015

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

LifeSize Control Installation Guide

Web-Access Security Solution

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

ez Agent Administrator s Guide

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

Adobe Acrobat 9 Deployment on Microsoft Systems Management

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

EventTracker: Support to Non English Systems

Citrix EdgeSight for Load Testing Installation Guide. Citrix EdgeSight for Load Testing 3.5

Technical Reference: Deploying the SofTrack MSI Installer

Setting Up SSL on IIS6 for MEGA Advisor

vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3

How To Install An Archive Service On An Exchange Server (For A Free) With A Free Version Of Ios (For Free) On A Windows Xp Or Windows 7 (For Windows) (For An Ubuntu) (

Oracle Enterprise Single Sign-on Logon Manager. Installation and Setup Guide Release E

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

File and Printer Sharing with Microsoft Windows

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

Symantec Endpoint Encryption (SEE Client) Installation Instructions. Version 8.2

INSTALLING MICROSOFT SQL SERVER AND CONFIGURING REPORTING SERVICES

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

TECHNICAL DOCUMENTATION SPECOPS DEPLOY / APP 4.7 DOCUMENTATION

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

Check Point FDE integration with Digipass Key devices

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Full Disk Encryption Agent Reference

Rogue Wave HostAccess 7.40J Installation Guide... 1

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Version 5.0. SurfControl Web Filter for Citrix Installation Guide for Service Pack 2

Copyright

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Issue Tracking Anywhere Installation Guide

Foxit Reader Deployment and Configuration

How to deploy Arkeia Network Backup v10 on Windows Server 2008 and later with a domain

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Administrator s Guide

Transcription:

Symantec Endpoint Encryption Full Disk Autologon Utility & Reboot Utility Guide Version 6.1

Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Symantec Corporation. 2008 Symantec Corporation. All rights reserved. Encryption Anywhere is a trademark of GuardianEdge Technologies Inc. Microsoft, Active Directory, Windows, and Windows XP are either registered trademarks or trademarks of Microsoft Corporation. Any other trademarks used herein are the property of their respective owners and are hereby acknowledged. Other product and company names mentioned herein may be the trademarks of their respective owners. Printed in the United States of America.

Contents Contents 1. Introduction................................................................................ 3 Basics................................................................................... 3 About the Autologon Utility.............................................................. 3 About the Reboot Utility................................................................ 3 2. Autologon Utility........................................................................... 4 Installation............................................................................... 4 Install Snap-in......................................................................... 4 Adding the Autologon Utility Snap-in to the SEE Manager..................................... 6 Use of the Autologon Utility................................................................. 7 Upgrades................................................................................. 9 Client Operation.......................................................................... 10 Installation Return Codes............................................................... 10 Autologon Order of Precedence.......................................................... 10 Uninstalling an Autologon MSI Deployed Using a GPO....................................... 11 Limiting Access to the Autologon Utility Snap-in............................................ 11 3. Reboot Utility............................................................................. 12 Symantec Endpoint Encryption Full Disk iii

Figures Figures Figure 1 Autologon Utility Installer, Welcome..................................................... 4 Figure 2 Autologon Utility Installer, Destination Folder.............................................. 5 Figure 3 Autologon Utility Installer, Ready to Install................................................ 5 Figure 4 Autologon Utility Installer, Installation Completed.......................................... 6 Figure 5 Add Standalone Snap-in............................................................... 6 Figure 6 Management Password Page............................................................ 7 Figure 7 Management Password Page, ADAM Authentication........................................ 8 Figure 8 Autologon Utility Settings.............................................................. 8 Figure 9 Save the MSI package................................................................. 9 Symantec Endpoint Encryption Full Disk iv

1. Introduction Basics The SEE Full Disk Autologon feature provides administrators with the ability to bypass the normal pre-windows SEE Full Disk client authentication process. The Autologon feature can be controlled either by using a Group Policy Object (GPO) or by using the Autologon Utility described in this document. Both methods can be used at the same time, with the client behavior defined according to a strict hierarchy of precedence. About the Autologon Utility The Autologon Utility is an MMC snap-in intended for use by administrators lacking the necessary rights to create or apply an Autologon GPO. As with the GPO version of Autologon, the Autologon Utility is used by administrators to set the number of reboots and active period of time during which the normal pre-windows SEE Full Disk authentication screen is suppressed on the client. After the administrator chooses the settings, the Autologon Utility produces an MSI package that can then be installed on the Client Computers using any standard MSI deployment method. These versions of the Autologon and Reboot Utilities are compatible with Symantec Endpoint Encryption Full Disk 6.0.0 and 6.1.0 About the Reboot Utility A related command-line utility, SEEReboot.exe, is included with the distribution of the Autologon Utility. This utility is used by an administrator to restart a Client Computer remotely. Symantec Endpoint Encryption Full Disk 3

2. Autologon Utility Installation Install Snap-in To install the Autologon Utility snap-in on a Manager Computer, perform the following steps. The SEE Framework must be installed before the Autologon Utility can be installed. 1. Locate and launch the installation file SEE Autologon.msi. The Welcome page of the installer wizard appears. Figure 1 Autologon Utility Installer, Welcome 2. Click Next. The License Agreement screen appears. Click I accept the terms in the license agreement. Click Next. The Destination Folder page appears. Symantec Endpoint Encryption Full Disk 4

Figure 2 Autologon Utility Installer, Destination Folder 3. Click Change to select an installation location other than the default. Click Next. The Ready to Install the Program page appears. Figure 3 Autologon Utility Installer, Ready to Install 4. Click Install. When the installation process has finished, the completion screen appears. Symantec Endpoint Encryption Full Disk 5

Figure 4 Autologon Utility Installer, Installation Completed 5. Click Finish. The Autologon Utility Snap-in is now ready to be added to the SEE Manager or to a custom MMC. Adding the Autologon Utility Snap-in to the SEE Manager 1. Launch the SEE Manager. From the File menu, click Add/Remove Snap-in. If you are adding the Autologon Utility snap-in to an existing SEE Manager console, the SEE Manager console must have been installed in author mode. 2. The Add/Remove Snap-in window appears. Click File, then click Add/Remove Snap-in. 3. The Add/Remove Snap-in window opens. Click Add. The Add Standalone Snap-in window opens (Figure 5). Figure 5 Add Standalone Snap-in Symantec Endpoint Encryption Full Disk 6

4. Select Autologon Utility. 5. Click Add, then click Close. 6. From the Add/Remove Snap-in window, click OK. SEE Autologon Utility appears in the SEE Manager. The Autologon Utility is now installed and ready for use. Use of the Autologon Utility 1. Open the SEE Manager. 2. In the left pane, click on SEE Autologon Utility. The Management Password page appears in the right pane (Figure 6). Figure 6 Management Password Page 3. Type the Management Password and click Next. If you are not logged on to Windows using an account with ADAM administrator rights, you will be prompted to authenticate to the SEE Server. Symantec Endpoint Encryption Full Disk 7

Figure 7 Management Password Page, ADAM Authentication 4. Type the credentials of the ADAM administrator and click OK. The Autologon Settings page appears. Because the Autologon Utility authenticates to the SEE Server, you must be connected to your network when using the utility. Figure 8 Autologon Utility Settings Symantec Endpoint Encryption Full Disk 8

5. Type the number of reboots, select the start month/day/year/time, and select the end month/day/year/time. Click Finish. In the dialog box that appears, select a destination location to save the Autologon MSI. Figure 9 Save the MSI package 6. Click Save. Consider saving the MSI with a descriptive name, such as [start_date]+[end+date]. However, if you plan to upgrade the Autologon MSI later on, the MSI package you upgrade it with must have the same name as the original Autologon MSI package. This is a characteristic of the MSI format. The Autologon MSI is now ready to be installed on Client Computers using any of the standard MSI deployment methods. Note that Client Computers must have both SEE Framework and SEE Full Disk installed. Upgrades You can upgrade from an existing version of the Autologon Utility either by using a software installation GPO or by invoking the Windows Installer. If the Autologon Utility is upgraded as part of a software installation GPO, the Client Computer will restart one time after the upgrade. This mandatory restart will consume one of the remaining grace restarts on the client. On Client Computers where all grace restarts have been exhausted, users are forced to register for a SEE account before being allowed access to Windows. If the Autologon Utility is upgraded manually, you can defer the restart by invoking the Windows Installer with the following command line parameters: MSIEXEC /i "[path]\encryption Anywhere Autologon.msi" REINSTALL="ALL" REINSTALLMODE="vomus" REBOOT=ReallySuppress If you prefer to not defer the restart following the upgrade, use the following command line: Symantec Endpoint Encryption Full Disk 9

MSIEXEC /i "[path]\encryption Anywhere Autologon.msi" REINSTALL="ALL" REINSTALLMODE="vomus" Client Operation Use of the Autologon MSI requires that SEE Full Disk is fully installed on the Client Computer. SEE Full Disk is fully installed only after the Client Computer has restarted following the installation of the SEE Framework and Full Disk Client packages. The Client Computer must make and maintain contact with the SEE Server in order for the Autologon MSI to remain operational. Use the Client Monitor Watchlist to verify that successful client-server communication is taking place. The client checks connectivity every 5 minutes. When the Autologon MSI is operational, the Autologon process will be deactivated if the Client Computer loses connectivity with the SEE Server. Once the Client Computer has restarted into Windows and re-establishes contact with the SEE Server, the Autologon process will resume. If the Client Computer remains shut down for more than ten minutes, the Autologon feature terminates. Installation Return Codes If MsiExec.exe or InstMsi.exe are used to install the Autologon MSI package, the return codes shown in the following table will be written to the Windows system event log on the client to indicate a successful installation. Table 1 Installation Error Codes Error Code Value Description ERROR_SUCCESS 0 The action completed successfully ERROR_SUCCESS_REBOOT_INITIATED 1641 ERROR_SUCCESS_REBOOT_REQUIRED 3010 Autologon Order of Precedence Both an Autologon GPO as well as an Autologon MSI can be active on the Client Computer at the same time. However, the client will honor each according to the hierarchy shown in Table 2. Table 2 Autologon Order of Precedence The installer has initiated a restart. This message is indicative of a success. A restart is required to complete the install. This message is indicative of a success. This does not include installs where the ForceReboot action is run. Order of Precedence Pre-Boot Authentication Suppression Feature (1) Highest Autologon GPO, Indefinite mode Notes When using an Autologon GPO in Indefinite mode. (2) High Autologon MSI End date is in the future (even if the start date has not been reached) and the maximum number of reboots has not been reached. (3) Low Autologon GPO, normal mode When not using Indefinite Autologon mode. (4) Lowest Grace restarts User has not yet registered. When an MSI or GPO-based Autologon expires or is removed, Grace restarts resume with the remaining value. Symantec Endpoint Encryption Full Disk 10

Uninstalling an Autologon MSI Deployed Using a GPO As is true of any software deployed using a software installation GPO, the Autologon MSI should never be uninstalled manually at the client. Packages deployed using a software installation GPO should only be uninstalled by removing or changing the scope of the software installation GPO. Attempting to remove GPO-deployed client packages by manually uninstalling the packages using the Add or Remove Programs control panel on the client while the software installation GPO is still in effect will result in the packages being reinstalled at the next restart. Further attempts to uninstall the client packages will result in an error. As a Policy Administrator, you should set the appropriate Windows policies to prevent users from manually removing the client packages. Limiting Access to the Autologon Utility Snap-in Access to the Autologon Utility snap-in can be restricted by policy. Doing so requires that the supplied administrative template (ADM) file "Autologon Utility.adm" be loaded using the Group Policy Object Editor (GPOE). Symantec Endpoint Encryption Full Disk 11

3. Reboot Utility The Reboot Utility is used by an administrator to restart a Client Computer remotely. This utility should only be used on Client Computers on which the Autologon Utility has already been installed. GEReboot.exe uses the following parameters: SEEReboot.exe /n <username> /d <domain> /p <password> or SEEReboot.exe -n <username> -d <domain> -p <password> The Reboot Utility accepts the credentials of either an SEE registered user or a Client Administrator. When using the credentials of a Client Administrator, the /d and -d parameters are not applicable and should be omitted. The Reboot Utility will not accept a password containing special characters unless the password is delimited by quote marks. The list of special characters: < > ( ) + = ^ ~ and <space> For example, the user password pass+word should be delimited by quote marks as shown: SEEReboot.exe -n esmith -d your-org.com -p pass+word Symantec Endpoint Encryption Full Disk 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information