SEE-IC 8.0.1 Administrator Guide

Symantec Endpoint Encryption Integration Component
Administrator Guide
Version 8.0.1
Copyright 2011 Symantec Corporation. All rights reserved. Symantec, Altiris, and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. GuardianEdge is a registered trademark of GuardianEdge Technologies Inc. (now part of Symantec). Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 Commercial Computer Software Restricted Rights and DFARS 227.7202, et seq. Commercial Computer Software and Commercial Computer Software Documentation, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com
Administrator Guide
Contents
Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Altiris Console Computer(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Client Computer(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Encrypted Database Communication Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Altiris Connector Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Symantec Endpoint Encryption Framework Integration Component. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Symantec Endpoint Encryption Full Disk Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Symantec Endpoint Encryption Removable Storage Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Restart Internet Information Services (IIS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Restart Altiris Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Database Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3. Client Installation Package Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 4. Client Installation Package Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Create a Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Assign the Program and Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Adjust Program Name and MSIEXEC Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Verify Package Source and Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 5. Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Symantec Endpoint Encryption Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Symantec Endpoint Encryption Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Restart Server and Resync Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Symantec Endpoint Encryption Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Create a Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Assign the Program and Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Adjust Program Name and MSIEXEC Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 6. Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Symantec Endpoint Encryption Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 7. Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
iii
Administrator Guide
Contents
Full Disk Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Clients without SEE Full Disk Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Disk Encryption Status - # of Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Disk Encryption Status - Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Installation Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Installed Software by SEE Full Disk Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Installed Software by OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Last Check-In Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Removable Storage Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Clients without SEE Removable Storage Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Installation Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Installed Software by SEE Removable Storage Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Installed Software by OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Last Check-In Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Removable Storage Encryption Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Removable Storage Portability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Removable Storage Recovery Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Users and Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Client Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Registered Users - # of Registered Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Registered Users - Date of Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 8. Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Appendix A. Altiris Tables & Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
iv
Administrator Guide
Figures
Figures
Figure 2.1Restarting IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Figure 2.2Stop/Start/Restart Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Figure 2.3Shutting Down Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Figure 2.4Restarting the Altiris Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Figure 2.5Restart Other Services Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Figure 2.6Service Control Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Figure 2.7Symantec Endpoint Encryption Database Synchronization Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Figure 3.1Installation Package Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Figure 3.2Save Client Installation Package Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Figure 4.1Framework Client Installer, Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Figure 4.2Framework Client Installer Program, Programs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Figure 4.3Framework Client Installer Package, Package Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Figure 5.1Framework Client Installer Program, Programs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Figure 6.1Uninstalling Altiris Connector Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Figure 7.1Symantec Endpoint Encryption Integration Component Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Figure 8.1Full Disk Client Installer Package Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Administrator Guide
Introduction
1. Introduction
Overview
The Symantec Endpoint Encryption Integration Component extends the Altiris Asset Management Solution, allowing administrators to use the Altiris Console to perform the following tasks:
Create Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage client
installation packages.
Deploy Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage client
installation packages.
Upgrade Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage
clients.
Uninstall Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage
clients.
Run reports.
In addition, detailed information about each client installation package created with the Altiris Console will be available from the Altiris Log Viewer.
System Requirements
Basics
An Active Directory domain is required. The SQL instance hosting the Symantec Endpoint Encryption Database must be configured for mixed-mode authentication. During the installation of the Symantec Endpoint Encryption Management Server, select SQL authentication on the Database Access page. Provide the SQL credentials of your Management Server Account when prompted.
Administrator Guide
Introduction
Altiris Notification Server

Operating System Edition(s) Service Pack(s) Additional Software Altiris Notification Server 7.0.4739 SQL Server 2005 Standard or Enterprise Edition Windows Server 2003* Standard or Enterprise SP1 or SP2 Internet Information Services (IIS) 6.0 Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) Framework 7.0.6** Full Disk 7.0.6 and/or Removable Storage 7.0.6 * Internet options must be configured to allow signed ActiveX controls to be downloaded. 64-bit Editions are not supported. ** Serverless mode is not supported.
Altiris Console Computer(s)

Operating System Windows XP* Windows Vista* Edition(s) Professional or Tablet Business, Ultimate, or Enterprise Service Pack(s) SP1, SP2, or SP3 None, SP1, or SP2 Additional Software CAPICOM 2.1.0.2 CAPICOM 2.1.0.2 Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
* Internet options must be configured to allow signed ActiveX controls to be downloaded. 64-bit Editions are not supported.
Client Computer(s)
Operating System Edition(s) Service Pack(s) Additional Software Altiris Agent 7.0.3350 Windows XP Professional, Professional x64, or Tablet SP1, SP2, or SP3 Microsoft .NET Framework 2.0 Microsoft Internet Explorer 6.0 with SP2, 7, or 8 Windows Vista Business, Business x64, Ultimate, Ultimate x64, Enterprise, or Enterprise x64 Professional, Professional x64, Ultimate, Ultimate x64, Enterprise, or Enterprise x64 None, SP1, or SP2 Altiris Agent 7.0.3350 Microsoft Internet Explorer 7 or 8 Microsoft Internet Explorer 8
Windows 7
None
Encrypted Database Communication Prerequisites

If you plan to use optional TLS/SSL for encrypted database traffic between the Altiris Notification Server and the Symantec Endpoint Encryption database, you must install server-side TLS/SSL certificates on both the Altiris Notification Server and the Symantec Endpoint Encryption database. See the Symantec Endpoint Encryption Management Server chapter of the Installation Guide for details on configuring the Symantec Endpoint Encryption database for encrypted database communications. This server-side TLS/SSL certificate you install on the Altiris Notification Server must possess the following characteristics:
Valid during the period in which it will be used. Enabled for server authentication. Contain the private key.
Administrator Guide
Introduction
Issued to the FQDN of the server hosting the Altiris Notification Server. Installed in the local computer personal certificate store of the server hosting the Altiris Notification Server.
Administrator Guide
Altiris Connector Installation
2. Altiris Connector Installation

Overview
The Symantec Endpoint Encryption Integration Component is installed on the Altiris Notification Server. In order to install the Symantec Endpoint Encryption Integration Component, you will need to log on with a Windows account with software installation privileges. Before beginning, ensure that the target machine meets the system requirements (System Requirements on page 1) and that all of the required additional software has been installed. You will need the following files:
SEEFrameworkIntegrationComponent.msi SEEFullDiskIntegrationComponent.msi SEERemovableStorageIntegrationComponent.msi
Symantec Endpoint Encryption Framework Integration Component

The Symantec Endpoint Encryption Framework Integration Component must be installed before Symantec Endpoint Encryption Full Disk Integration Component or Symantec Endpoint Encryption Removable Storage Integration Component will function. Therefore, you should begin your installation with this MSI. 1. Double-click the file SEEFrameworkIntegrationComponent.msi. The first page of the Symantec Endpoint Encryption Framework Integration Component Installation Wizard displays. Click Next. 2. The License Agreement page displays. Click I accept the license agreement, then click Next. 3. The Ready to Install the Application page displays. Click Next. The Updating System screen displays progress during installation. When installation has finished, the completion screen is displayed. 4. Click Finish to exit the Framework Integration Component installer.
Symantec Endpoint Encryption Full Disk Integration Component

1. If you are installing the Symantec Endpoint Encryption Full Disk Integration Component, double-click the file named SEEFullDiskIntegrationComponent.msi. 2. The first page of the Full Disk Integration Component Installation Wizard displays. Click Next. 3. The License Agreement page displays. Click I accept the license agreement, then click Next. 4. The Ready to Install the Application page displays. Click Next. The Updating System screen displays progress during installation. When installation has finished, the completion screen is displayed. 5. Click Finish to exit the Full Disk Integration Component installer.
Symantec Endpoint Encryption Removable Storage Integration Component

1. If you are installing the Symantec Endpoint Encryption Removable Storage Integration Component, double-click the file named SEERemovableStorageIntegrationComponent.msi. 2. The first page of the Removable Storage Integration Component Installation Wizard displays. Click Next. 3. The License Agreement page displays. Click I accept the license agreement, then click Next.
Administrator Guide
4. The Ready to Install the Application page displays. Click Next. The Updating System screen displays progress during installation. When installation has finished, the completion screen is displayed. 5. Click Finish to exit the Removable Storage Integration Component installer.
Restart Internet Information Services (IIS)

After all Symantec Endpoint Encryption Integration Component components have been installed, you must restart IIS. 1. Click Start, click Control Panel, then double-click Administrative Tools. 2. Double-click Internet Information Services (IIS) Manager.
Figure 2.1Restarting IIS 3. In the left pane, right click the node representing the Altiris Notification Server, point to All Tasks, and click Restart IIS.
Figure 2.2Stop/Start/Restart Dialog 4. The Stop/Start/Restart dialog will display. Make sure that Restart Internet Services on servername is selected from the drop down list, where servername is the name of your Altiris Notification Server. 5. Click OK.
Administrator Guide
Figure 2.3Shutting Down Dialog 6. The Shutting Down dialog will be displayed, showing the progress of the operation. You can click End now for a more immediate result. 7. This window will close on its own and you will be returned to the Internet Information Services (IIS) Manager once the restart operation completes.
Restart Altiris Service

If the Symantec Endpoint Encryption Integration Component does not appear to be functioning correctly after installation, you may need to restart the Altiris Service. To restart the Altiris Service, perform the following steps: 1. Click Start, click Run, type services.msc, and click OK. The Services snap-in opens.
Figure 2.4Restarting the Altiris Service 2. In the right pane, right-click the service named Altiris Service and select Restart. The Restart Other Services dialog will display.
Administrator Guide
Figure 2.5Restart Other Services Dialog 3. Click Yes. The Service Control dialog will display the status of the restart operation.
Figure 2.6Service Control Dialog 4. Allow this dialog to close on its own. When it does, the restart process has completed. With the Symantec Endpoint Encryption Integration Component now installed, you must next configure the database settings.
Database Configuration
Initial installations of the Symantec Endpoint Encryption Integration Component require a one-time configuration of the database settings using the Symantec Endpoint Encryption Database Synchronization panel. You must input the same settings that were specified when the Symantec Endpoint Encryption Management Server was installed. Once the database settings have been configured, data reported by Client Computers to the Symantec Endpoint Encryption Management Server will be periodically copied to the Altiris Notification Server, allowing Altiris Console reports to display Client Computer status information. To configure the database settings, click Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The Altiris Console opens. Click Settings, then click
Administrator Guide
Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection and click on Symantec Endpoint Encryption Database Synchronization.
Figure 2.7Symantec Endpoint Encryption Database Synchronization Page The syntax used in the Database Server Name box is as follows: computer name\instance name,port number While the NetBIOS computer name of the machine hosting the Symantec Endpoint Encryption database will always be required, the instance name will only be needed if you are using a named instance, and the TCP port number will only be necessary if you are using a custom port. The custom port number would need to be preceded by a comma and the instance name by a backslash. Type the name of the Symantec Endpoint Encryption database, for example, SEEMSDb, in the Schema Name box.
Administrator Guide
Type the user name of the Management Server account in the User Name box. This Microsoft SQL Server account was created during the installation of the Symantec Endpoint Encryption Management Server. Type the password of the Management Server account in the Password box. Click Enable TLS/SSL to encrypt all communications between the Altiris Notification Server and the Symantec Endpoint Encryption database. Ensure that you are in compliance with the prerequisites (see Encrypted Database Communication Prerequisites on page 2). Once you have finished making your changes, click Apply. Edit the number in the Polling Interval box to adjust the interval between updates. For example, if you type 15, the Altiris Notification Server will synchronize with the Symantec Endpoint Encryption Management Server every 15 minutes. Values from 10 minutes to 10,080 minutes (one week) are accepted. Click Synchronize Now to effect an immediate update. The Symantec Endpoint Encryption Database Synchronization page will update with status information as the operation proceeds, and the date and time of last synchronization will be shown when the update has completed successfully. You can verify that successful synchronization has taken place by running a report from the Altiris Console. Existing Symantec Endpoint Encryption Client Computers with records in the Symantec Endpoint Encryption database will be displayed in the report. With the Symantec Endpoint Encryption Integration Component now installed and the database settings configured, you can now create and deploy client installation packages.
Administrator Guide
Client Installation Package Creation
3. Client Installation Package Creation

Click Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The Altiris Console opens. Click Settings, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection, then expand Installation Package Creation.
Figure 3.1Installation Package Creation A wizard will guide you through the process of creating a Framework, Full Disk, or Removable Storage client installation package. Click Framework, Full Disk, or Removable Storage to launch the relevant wizard. For information about the settings for each panel, refer to the Full Disk or Removable Storage Installation Guide. When creating Full Disk client installation packages from a computer other than the Notification Server and specifying a custom startup image, ensure that the specified file is located in a shared network location that the Notification Server computer can access. You can use the Browse dialog for this purpose or type the path in manually, e.g., \\CADC-01\Custom Images\custom image.bmp If your Internet options are configured to prompt you before downloading signed ActiveX controls, the first time that you open the Client Administrator or Master Certificate panel, Internet Explorer may display a Security Warning message, asking you to confirm that you wish to install the GEFRAltirisCert.cab file. Confirm that the Active X control is signed by Symantec and then click Install. Unlike Symantec Endpoint Encryption Full Disk, Integration Component cannot create Mac client installation packages. Once you have completed the wizard, you will be prompted to save the client package.
Figure 3.2Save Client Installation Package Prompt
10
Administrator Guide
Client Installation Package Creation
The following table lists the default MSI names generated by each wizard and the location to which they are saved. Table 3.1Wizard, MSI Name, and Destination
Wizard Default MSI name Symantec Endpoint Encryption Framework Client.msi Symantec Endpoint Encryption Framework Client_x64.msi Symantec Endpoint Encryption Full Disk Edition Client.msi Symantec Endpoint Encryption Full Disk Edition Client_x64.msi Symantec Endpoint Encryption - Removable Storage Edition Client.msi Symantec Endpoint Encryption - Removable Storage Edition Client_x64.msi Destination
Framework
C:\Program Files\Altiris\SEE-ICFramework\Client Packages
Full Disk
C:\Program Files\Altiris\SEE-IC-HD\Client Packages
Removable Storage
C:\Program Files\Altiris\SEE-IC-RS\Client Packages
Symantec recommends saving each client installation package with a unique and descriptive name. Saving a client installation package with a unique name automatically creates a new program whose name is based on the client installation package name. For example, a Framework client installation package saved as GEFR Client Installer for laptops (mm-dd-yy).msi will be displayed with the same name in the drop-down menu at the top of the Programs tab of the Framework client installation package (see Upgrades on page 16) as well as in the Program name drop-downs of any software delivery tasks that are part of the Framework client installation package, such as the Install Framework Clients task and the Upgrade Framework Clients task. Establishing a unique name for a particular client installation package makes it more readily identifiable later on when selecting from among several program names within a software delivery task.
11
Administrator Guide
Client Installation Package Deployment
4. Client Installation Package Deployment

Overview
Use the Software Installation section in the Symantec Endpoint Encryption Data Protection settings of the Altiris Console to deploy Framework, Full Disk, and Removable Storage client installation packages.
Sequencing
The clients must be deployed to install Framework first. Full Disk and/or Removable Storagecan only be installed after Framework. If youre deploying multiple sets of Symantec Endpoint Encryption client installer MSIs filtered to different groups of computers, create a new software delivery task for each set and name it according to the specific combination of client installer MSI and filter. This will allow you to maintain a traceable workflow detailing which client installer MSIs have been deployed, and where.
Create a Software Delivery Task

Click Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The Altiris Console opens. Click Settings, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection, expand Software Installation, and expand Framework. Right-click Install Framework Clients and choose Clone. The Clone Item dialog appears. Type the name of the new software delivery task, for example, Install SEE-FR Client to all Laptops (08-05-09), then click OK.
Assign the Program and Filter

From the Program name drop-down list in the right pane, choose the program corresponding to the Framework client installer package you created earlier.
12
Administrator Guide
Click Apply to, then click Quick apply. In the Quick apply dialog, type the name of a group, filter, or target you want to apply the program to, or select one from the drop-down list. For example, you may have previously created a filter named All Laptops that includes all laptop computers and excludes all desktop computers. Click Apply.
Figure 4.1Framework Client Installer, Software Delivery Task Choose the desired scheduling options, if any, then click Save changes.
Adjust Program Name and MSIEXEC Parameters

To make adjustments to the program you selected in the software delivery task, do the following: in the left pane, expand Symantec Endpoint Encryption Data Protection, expand Software Installation, expand Framework, and click on the Framework Client Installer software delivery package.
13
Administrator Guide
In the right pane, click on the Programs tab. From the drop-down list at the top of the tab, choose the program with the same name as the MSI package you created earlier, for example, SEE-FR Client Installer for laptops (08-0509).msi.
Figure 4.2Framework Client Installer Program, Programs Tab The Command line box will contain a default MSI command appropriate for installing the program you selected. If necessary, make any changes to the command line parameters or other values on this tab. See the Full Disk or Removable Storage Installation Guide for a discussion of the suggested MSI commands for each client installation package, as well as the list of supported MSIEXEC parameters.
14
Administrator Guide
Verify Package Source and Location

Next, verify the correct parameters for the source and location of the software delivery package. Click on the Package tab of the Framework Client Installer software delivery package.
Figure 4.3Framework Client Installer Package, Package Tab Do not change the Package source option or the Package location option. The Package source option must be Access package from a local directory on the NS computer. Ensure that the Package location option remains at the defaults identified in Table 3.1 on page 11. Click Save changes when finished. Begin deployment of the client installer MSI to the selected filter of client computers by enabling the software delivery task. In the left pane, right-click the software delivery task named Install SEE-FR Client to all Laptops, then click Enable. Repeat this process for the Full Disk and/or Removable Storage client installer package(s).
15
Administrator Guide
Upgrades
5. Upgrades
Overview
Upgrades from Symantec Endpoint Encryption Integration Component 7.0.3 or later are supported. Upgrades from Symantec Endpoint Encryption Integration Component 7.0.3 or later must be performed in the following sequence: 1. Upgrade the Symantec Endpoint Encryption Manager. 2. Upgrade all Symantec Endpoint Encryption Integration Component components. 3. Restart IIS and initiate a database synchronization operation. 4. Upgrade existing Client Computers.

Basics
In order to perform the upgrade, you will need to log on to the Altiris Notification Server using a Windows account that has software installation privileges.
Symantec Endpoint Encryption Manager

See the Full Disk or Removable Storage Installation Guide for instructions on how to upgrade the Symantec Endpoint Encryption Manager.

To upgrade an existing installation of the Symantec Endpoint Encryption Integration Component, double click the installer package for each Symantec Endpoint Encryption Integration Component component in sequence and follow the installation wizard. Symantec Endpoint Encryption Framework Integration Component (SEEFrameworkIntegrationComponent.msi) must be upgraded first.
Restart Server and Resync Database

Once you have performed the previous steps, restart IIS (see Restart Internet Information Services (IIS) on page 5). Next, launch the Altiris Console, locate the Database Synchronization page (see Database Configuration on page 7) and click Synchronize Now to perform an immediate resynchronization. Once the Symantec Endpoint Encryption Database Synchronization page status information indicates successful completion of the operation, you are ready to create the client installation upgrade packages.
Symantec Endpoint Encryption Client Computers

Basics
Use the Software Installation section of the Symantec Endpoint Encryption Data Protection option in the Settings menu of the Altiris Console to upgrade Framework, Full Disk, and/or Removable Storage client installation packages. To upgrade existing Symantec Endpoint Encryption Client Computers, you will need to log on to an Altiris Console Computer and perform the following steps: 1. Create a new set of client upgrade packages. See Chapter 3 Client Installation Package Creation on page 10.
16
Administrator Guide
Upgrades
2. Create a new software delivery task for the upgrade. 3. Assign the upgrade program (i.e., the upgrade MSI) to the new software delivery task. 4. Select the upgrade program and set the MSIEXEC parameters for the upgrade in the software delivery package. 5. Enable the software delivery upgrade task.
Sequencing
The clients must be deployed to execute Symantec Endpoint Encryption Framework Client.msi first. The Symantec Endpoint Encryption Full Disk Edition Client.msi and/or Symantec Endpoint Encryption - Removable Storage Edition Client.msi upgrade packages must be executed following the successful completion of the Symantec Endpoint Encryption Framework Client.msi package.
Create a Software Delivery Task

Click Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The Altiris Console opens. Click Settings, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection, expand Software Installation, and expand Framework. Right-click Install Framework Clients and choose Clone. The Clone Item dialog appears. Type the name of the new software delivery task, for example, Install SEE-FR Client [Upgrade], then click OK.
Assign the Program and Filter

From the Program name drop-down list in the right pane, choose the program corresponding to the Framework client installer upgrade MSI you created earlier. Click Apply to, then click Quick apply. In the Quick apply dialog, type the name of a Group, Filter, or Target you want to apply the program to, or select one from the drop-down list. For example, you may have previously created a filter named All Laptops that includes all laptop computers and excludes all desktop computers. Click Apply. Choose the desired scheduling options, if any, then click Save changes.
Adjust Program Name and MSIEXEC Parameters

To make adjustments to the program you selected in the software delivery task, do the following: in the left pane, expand Symantec Endpoint Encryption Data Protection, expand Software Installation, expand Framework, and click on the Framework Client Installer software delivery package.
17
Administrator Guide
Upgrades
In the right pane, click on the Programs tab. From the drop-down list at the top of the tab, choose the program with the same name as the MSI package you created earlier, for example, SEE-FR Framework Client [Upgrade].msi.
Figure 5.1Framework Client Installer Program, Programs Tab The Command line box will contain a default MSI command with the name of the MSI package you selected. You will need to modify this command line with MSIEXEC parameters appropriate for an upgrade.
See the Upgrades chapter of the Full Disk or Removable Storage Installation Guide for a discussion of the suggested MSI commands for upgrading each client installation package, as well as the list of supported MSIEXEC parameters. Once you have made the necessary modifications to the MSIEXEC parameters, click Save changes. Begin deployment of the client installer MSI to the selected filter of client computers by enabling the software delivery task. In the left pane, right-click the software delivery task named Install SEE-FR Client [Upgrade], then click Enable. Repeat this process for the Full Disk and/or Removable Storage client installer upgrade package(s).
18
Administrator Guide
Uninstallation
6. Uninstallation
Overview
This section describes how to uninstall the Symantec Endpoint Encryption Integration Component components and the Symantec Endpoint Encryption client software.

To uninstall the Symantec Endpoint Encryption Integration Component components, you will log on to the Altiris Notification Server and uninstall each component using Add or Remove Programs.
Figure 6.1Uninstalling Altiris Connector Components Uninstallation of the Symantec Endpoint Encryption Integration Component components will not delete any Symantec Endpoint Encryption client installer packages created using the Installation Package Creation wizards.
Symantec Endpoint Encryption Client Computers

Framework must be uninstalled last. First, uninstall Full Disk and/or Removable Storage. Then uninstall Framework. Before Full Disk can be uninstalled, all encrypted partitions must be decrypted, and any installation or upgrade tasks must be disabled. Refer to the Full Disk Installation Guide for more information.
19
Administrator Guide
Reporting
7. Reporting
Overview
Symantec Endpoint Encryption Integration Component complements Altiris Notification Consoles native reporting capability by providing a number of reports that help you keep track of Full Disk and Removable Storage clients on your network. The reports query the Altiris Notification Server database, which is synchronized with the Symantec Endpoint Encryption database according to the polling interval defined during installation (Database Configuration on page 7). You can click Synchronize Now in the Symantec Endpoint Encryption Database Synchronization panel to ensure that you have the latest data. The Symantec Endpoint Encryption Integration Component Reports are divided into three categories:
Full Disk Encryption, Removable Storage Encryption, and Users and Administrators.
To access the Symantec Endpoint Encryption Integration Component Reports, open the Altiris Console and click on Reports, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection, expand one of the three report categories, and click on one of the reports.
Figure 7.1Symantec Endpoint Encryption Integration Component Reports The right pane will show the standard page for running the report.
20
Administrator Guide
Reporting
Full Disk Encryption

Clients without SEE Full Disk Installed
Basics The Clients without SEE Full Disk Installed report will retrieve the records of the following computers on your network:
Did not have Full Disk installed as of the time of last check-in. Resides on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and
has not checked in. These computers may or may not have Full Disk installed. Only the computer name and directory service location of these computers will be available. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.1Full Disk: Clients without SEE Full Disk Installed Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter OS Name Hyperlink [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Retrieved Data The report will return the following information about the computers that fall within the query parameters:
Computer Name; Domain; and OS name.
21
Administrator Guide
Reporting
Disk Encryption Status - # of Partitions

Basics The Disk Encryption Status - # of Partitions report will retrieve the records of Full Diskprotected computers that have reported in to the Symantec Endpoint Encryption Management Server according to how many partitions they have. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.2Full Disk: Disk Encryption Status - # of Partitions Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter Minimum Number of Partitions Maximum Number of Partitions OS Name Hyperlink number Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Retrieve clients with at least the specified number of partitions.
number
Retrieve clients with no more than the specified number of partitions.
[All] [Empty] [Null] Unknown Windows operating system
Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple Operating System entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Retrieved Data The report will return a list of computers showing the following data:
Computer Name; Encrypted Volumes; Encrypting Volumes; Decrypted Volumes; Decrypting Volumes;
22
Administrator Guide
Reporting
Domain; and OS name.
Disk Encryption Status - Encryption

Basics The Disk Encryption Status - Encryption report will retrieve the records of Full Diskprotected computers that have reported in to the Symantec Endpoint Encryption Management Server according to their encryption status. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.3Full Disk: Disk Encryption Status - Encryption Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter Encryption Status hyperlink All Encrypted Encrypting Decrypted Decrypting OS Name [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to operating system. Retrieve the records of clients with one or more partitions in an encrypted state. Retrieve the records of clients with one or more partitions in the process of being encrypted. Retrieve the records of clients with one or more partitions in a decrypted state. Retrieve the records of clients with one or more partitions in the process of being decrypted Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Computer Name;
23
Administrator Guide
Reporting
Encrypted Volumes; Encrypting Volumes; Decrypted Volumes; Decrypting Volumes; Domain; and OS name.
Installation Status
Basics The Installation Status report will retrieve the records of Full Diskprotected computers that have reported in to the Symantec Endpoint Encryption Management Server. These results can be filtered according to when Full Disk was installed. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.4Full Disk: Installation Status Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter OS Name hyperlink [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it. Retrieve clients with a Full Disk install date that is the same as or later than that date and time specified.
Install Start DateTime
yyyy-mm-dd
24
Administrator Guide
Reporting
Table 7.4Full Disk: Installation Status Query Parameters (Continued) Parameter Install End Date-Time Computer Name Value yyyy-mm-dd partial computer name% Explanation Retrieve clients with a Full Disk install date that is the same as or no later than that date and time specified. Use the % wildcard character in conjunction with computer name portions to retrieve the records of computers with specific characters in their computer names. For example, "D%" will retrieve all computers that have names starting with "D".
Computer Name; Version; Install Date-Time; Encrypted Volumes; Encrypting Volumes; Decrypted Volumes; Decrypting Volumes; Domain; and OS name.
Installed Software by SEE Full Disk Version

Basics The Installed Software by SEE Full Disk Version report will provide you with the total number of Full Disk protected computers that have reported in to the Symantec Endpoint Encryption Management Server on a given domain. These results will be sorted according to the version number of Full Disk that is installed. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.5Full Disk: Installed Software by SEE Full Disk Version Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter hyperlink Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved.
25
Administrator Guide
Reporting
Version; Domain; and Full Disk Client Count.
Installed Software by OS
Basics The Installed Software by OS report will identify how many clients of a given operating system that have reported in to the Symantec Endpoint Encryption Management Server are protected by Full Disk. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.6Full Disk: Installed Software by OS Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter hyperlink Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved.
Retrieved Data The report will show the following data:

OS Name; Domain; Number of Discovered Endpoints; Number of Endpoints with Full Disk Encryption; and Percentage installed.
The percentage installed result will reflect the number of discovered endpoints divided by the number of endpoints with Full Disk.
Last Check-In Status

Basics The Last Check-In Status report will retrieve the records of:
Full Diskprotected computers on your network that have checked in with the Symantec Endpoint Encryption
Management Server; or
26
Administrator Guide
Reporting
Clients that reside on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management
Server and have not checked in with the Symantec Endpoint Encryption Management Server. Only the computer name and directory service location of these computers will be available. If the client has checked in, you will be able to filter the results according to when it did so. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.7Full Disk: Last Check-In Status Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter Have/have not checked in hyperlink Have Have Not Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Select to retrieve only the records of clients that have checked in with the Symantec Endpoint Encryption Management Server. Select to retrieve the records of clients that reside on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and have not checked in with the Symantec Endpoint Encryption Management Server. Enter the number that corresponds to your specified time unit. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, type 20. Select the unit of time that corresponds to your specified date range. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, select Day. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Since
number
Units
Hour|Day|Week| Month|Quarter| Year [All] [Empty] [Null] Unknown Windows operating system
OS Name
Data Retrieved The report will return a list of computers showing the following data:
Computer Name; Last Check-In;
27
Administrator Guide
Reporting
Registered Users; Domain; and OS name.
Removable Storage Encryption

Clients without SEE Removable Storage Installed
Basics The Clients without Removable Storage Installed report will retrieve the records of the following computers on your network:
Did not have Removable Storage installed as of the time of last check-in. Resides on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and
has not checked in. These computers may or may not have Removable Storage installed. Only the computer name and directory service location of these computers will be available. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.8Removable Storage: Clients Without SEE Removable Storage Installed Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter OS Name hyperlink [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Computer Name; Domain; and
28
Administrator Guide
Reporting
OS name.
Installation Status
Basics The Installation Status report will retrieve the records of Removable Storageprotected computers that have reported in to the Symantec Endpoint Encryption Management Server. These results can be filtered according to when Removable Storage was installed. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.9Removable Storage: Installation Status Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter OS Name hyperlink [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it. Retrieve clients with a Removable Storage install date that is the same as or later than that date and time specified. Retrieve clients with a Removable Storage install date that is the same as or no later than that date and time specified. Use the % wildcard character in conjunction with computer name portions to retrieve the records of computers with specific characters in their computer names. For example, "D%" will retrieve all computers that have names starting with "D".
Install Start DateTime Install End Date-Time Computer Name
yyyy-mm-dd
yyyy-mm-dd partial computer name%
Computer Name; Version;
29
Administrator Guide
Reporting
Install Date-Time; Domain; and OS name.
Installed Software by SEE Removable Storage Version

Basics The Installed Software by SEE Removable Storage Version report will provide you with the total number of Removable Storageprotected computers that have reported in to the Symantec Endpoint Encryption Management Server on a given domain. These results will be sorted according to the version number of Removable Storage that is installed. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.10Full Disk: Installed Software by SEE Removable Storage Version Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter hyperlink Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved.
Version; Domain; and Removable Storage Client Count.
Installed Software by OS
Basics The Installed Software by OS report will identify how many clients of a given operating system that have reported in to the Symantec Endpoint Encryption Management Server are protected by Removable Storage.
30
Administrator Guide
Reporting
Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.11Removable Storage: Installed Software by Operating System Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter hyperlink Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved.
Retrieved Data The report will show the following data:

OS Name; Domain; Number of Discovered Endpoints; Number of Endpoints with Removable Storage Encryption; and Percentage installed.
The percentage installed result will reflect the number of discovered endpoints divided by the number of endpoints with Removable Storage.
Last Check-In Status

Basics The Last Check-In Status report will retrieve the records of:
Removable Storageprotected computers on your network that have checked in with the Symantec Endpoint
Encryption Management Server; or

Clients that reside on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management
Server and have not checked in with the Symantec Endpoint Encryption Management Server. Only the computer name and directory service location of these clients will be available. If the client has checked in, you will be able to filter the results according to when it did so.
31
Administrator Guide
Reporting
Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.12Removable Storage: Last Check-In Status Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter Have/have not checked in hyperlink Have Have Not Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Select to retrieve only the records of clients that have checked in with the Symantec Endpoint Encryption Management Server. Select to retrieve the records of clients that reside on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and have not checked in with the Symantec Endpoint Encryption Management Server. Enter the number that corresponds to your specified time unit. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, type 20. Select the unit of time that corresponds to your specified date range. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, select Day. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Since
number
Units
OS Name
Computer Name; Last Check-In; Registered Users; Domain; and OS name.
32
Administrator Guide
Reporting
Removable Storage Encryption Policy

Basics The Removable Storage Encryption Policy report will retrieve the records of Removable Storageprotected computers on your network that have checked in with the Symantec Endpoint Encryption Management Server. These results will display and can be filtered according to the access and encryption policies that they are enforcing and the encryption methods that they allow. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.13Removable Storage: Removable Storage Encryption Policy Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter Encryption Policy hyperlink [All] Write unencrypted Encrypt new files Encrypt all files Read only No access Encryption Method [All] No encryption Password Certificate Any Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to encryption policy. Retrieve the records of clients that are allowing both read and write access and are not encrypting files. Retrieve the records of clients that are allowing both read and write access and are encrypting new files written to removable media. Retrieve the records of clients that are allowing both read and write access and are encrypting all files. Retrieve the records of clients that are enforcing a read-only access policy. Retrieve the records of clients that are enforcing a no access policy. Do not filter the results according to encryption method. Retrieve the records of clients that are not encrypting files. Retrieve the records of clients that allow users to encrypt with passwords. Retrieve the records of clients that allow users to encrypt with certificates. Retrieve the records of clients that allow users to encrypt using a certificate, password, or both.
33
Administrator Guide
Reporting
Table 7.13Removable Storage: Removable Storage Encryption Policy Query Parameters (Continued) Parameter OS Name Value [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Computer Name; Encryption Policy; Encryption Method; Domain; and OS Name.
Removable Storage Portability

Basics The Removable Storage Encryption Policy report will retrieve the records of the Removable Storageprotected computers on your network that have checked in with the Symantec Endpoint Encryption Management Server. These results will include and can be filtered by the portability policy in effect. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.14Removable Storage: Removable Storage Portability Query Parameters (Continued) Parameter Domain Value [All] [Empty] [Null] domain Filter hyperlink Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved.
34
Administrator Guide
Reporting
Table 7.14Removable Storage: Removable Storage Portability Query Parameters (Continued) Parameter Copy Access Utility Value Any Yes No Executables Any Yes No Explanation Do not filter the results according to whether or not the Removable Storage Access Utility is being written to removable media. Retrieve the records of clients that are automatically writing the Removable Storage Access Utility to removable media. Retrieve the records of clients that are not automatically writing the Removable Storage Access Utility to removable media. Do not filter the results according to whether or not the clients are allowing users to create self-extracting executables. Retrieve the records of clients that allow users to create self-extracting executables. Retrieve the records of clients that do not allow users to create selfextracting executables.
Computer Name; User Name; Copy Access Utility; Executables; Encryption Policy; Encryption Method; Domain; and OS Name.
Removable Storage Recovery Certificate

Basics The Removable Storage Encryption Policy report will retrieve the records of the Removable Storageprotected computers on your network that have checked in with the Symantec Endpoint Encryption Management Server. These results will include and can be filtered by whether or not a recovery certificate is being used for encryption.
35
Administrator Guide
Reporting
Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.15Removable Storage: Removable Storage Recovery Certificate Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter Recovery Certificate Enabled hyperlink Any Yes No Encryption Method All No encryption Password Certificate Any OS Name [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to whether or not a recovery certificate is in use. Retrieve the records of clients that are using a recovery certificate. Retrieve the records of clients that are using a recovery certificate. Do not filter the results according to encryption method. Retrieve the records of clients that are using no encryption. Retrieve the records of clients that are using password encryption. Retrieve the records of clients that are using certificate encryption. Retrieve the records of clients that are using any encryption method. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Computer Name; Recovery Certificate Serial Number; Encryption Policy; Encryption Method; Domain; and OS Name.
36
Administrator Guide
Reporting
Users and Administrators

Client Administrators
Basics The Client Administrators report will retrieve information about the Client Administrators on the computers on your network that have checked in with the Symantec Endpoint Encryption Management Server. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.16Client Administrators Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter Authentication Method hyperlink Any Password Token Unauthenticated OS Name [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to the authentication method used by its Client Administrators. Retrieve the records of clients with Client Administrators that authenticate using a password. Retrieve the records of clients with Client Administrators that authenticate using a token. Retrieve the records of clients enforcing an automatic authentication policy. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Computer Name; Client Admin Name; Authentication;
37
Administrator Guide
Reporting
Domain; and OS Name.
Registered Users - # of Registered Users

Basics The Registered Users - # of Registered Users report will retrieve information about the registered users on the computers on your network that have checked in with the Symantec Endpoint Encryption Management Server. The results can be filtered by the number of users that have registered on the computer. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.17Registered Users - Number of Registered Users Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter Authentication Method Hyperlink Any Password Token Unauthenticated Minimum Number of Registered Users Maximum Number of Registered Users number Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to the authentication method used by its Client Administrators. Retrieve the records of clients with users that authenticate using a password. Retrieve the records of clients with users that authenticate using a token. Retrieve the records of clients enforcing an automatic authentication policy. Retrieve clients with at least the specified number of registered users.
number
Retrieve clients with no more than the specified number of registered users.
38
Administrator Guide
Reporting
Table 7.17Registered Users - Number of Registered Users Query Parameters (Continued) Parameter OS Name Value [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Computer Name; User Name; User Type; Authentication; Registration Time; Domain; and OS Name.
Registered Users - Date of Registration

Basics The Registered Users - Date of Registration report will retrieve information about the registered users on the computers on your network that have checked in with the Symantec Endpoint Encryption Management Server. The results will include and can be filtered by the date of registration. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.18Registered Users - Date of Registration Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter hyperlink Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved.
39
Administrator Guide
Reporting
Table 7.18Registered Users - Date of Registration Query Parameters (Continued) Parameter Authentication Method Value Any Password Token Unauthenticated Registered Since Units number Explanation Do not filter the results according to the authentication method used by its Client Administrators. Retrieve the records of clients with users that authenticate using a password. Retrieve the records of clients with users that authenticate using a token. Retrieve the records of clients enforcing an automatic authentication policy. Enter the number that corresponds to your specified time unit. For example, if you wish to retrieve the records of client computers with users that have registered within the last 20 days, type 20. Select the unit of time that corresponds to your specified date range. For example, if you wish to retrieve the records of client computers with users that have registered within the last 20 days, select Day. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
OS Name
Computer Name; User Name; User Type; Authentication; Registration Time; Domain; and OS Name.
40
Administrator Guide
Logging
8. Logging
The settings selected in the client installation packages will be logged and available for viewing within the Altiris Log Viewer. To access these, click to open the Windows Start menu. Point to Programs, point to Altiris, point to Diagnostics, and select Altiris Log Viewer.
Figure 8.1Full Disk Client Installer Package Log Each time that the Symantec Endpoint Encryption Integration Component is used to create a client installation package, one of the following three entries will be added to the Altiris Log Viewer, as appropriate to the client installation package:
Full Disk Client Installer created. Framework Client Installer created. Removable Storage Client Installer created.
Highlight the event that is of interest in order to view the specific installation settings that were selected in this package.
41
Administrator Guide
Altiris Tables & Methods
Appendix A. Altiris Tables & Methods

Overview
This appendix provides the tables, elements, and methods of the Symantec Endpoint Encryption Integration Component data. It can be used for the purpose of creating custom reports.
Tables
The following table lists the database tables and elements of the Symantec Endpoint Encryption Integration Component data. Table A.1Database Tables, Elements, and Description
Table Name Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Table Element [_ResourceGuid] [EndPointGUID] [FR_Version] [FR_InstallationTime] [FD_Version] [FD_InstallationTime] [RS_Version] [RS_InstallationTime] [LastCheckIn] [EncryptedVolumes] [EncryptingVolumes] [DecryptedVolumes] [DecryptingVolumes] [RSEncryptPolicyID] [RSEncryptMethodID] [MasterCert_Enabled] [MasterCertIificateID] [AccessUtilityEnabled] [IsDeleted] [RSExecutablesEnabled] [RSEncryptMethod] [RSEncryptPolicy] [_ResourceGuid] [UserName] [DnsDomainName] [UserTypeID] [AuthenticationID] [LastLogonTime] [RegistrationTime] [IsDeleted] Description Link the data to Altris Resource GUID Symantec Endpoint Encryption GUID for the client installed Framework version Framework install time Full Disk version Full Disk install time Removable Storage version Removable Storage install time Last check-in time Volumes in an encrypted state Volumes being encrypted Volumes in a decrypted state Volumes being decrypted Encryption policy (link to RSEncryptionPolicy table) Encryption Method (link to RSEncryptionMethod table) Master Certificate enabled/disabled Master Certificate (link to RSMasterCertificate Table) Removable Storage Access Utilty allowed/not allowed Flag indicating soft deletion of endpoint Removable Storage Executables allowed/not allowed Removable Storage Encryption Method (text as displayed in the UI) Removable Storage Encryption Policy (text as displayed in the UI) Link the data to Altris Resource GUID Name of the Registered User DNS domain name of the Registered User Type of user (link to GEUserType Table) Authentication method (link to GEUserAuthenticationMethod Table) User Log On Time User Registration Time Flag indicating soft deletion of user
42
Administrator Guide
Altiris Tables & Methods
Table A.1Database Tables, Elements, and Description (Continued)

Table Name Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users RSMasterCertificate RSMasterCertificate RSMasterCertificate Table Element [UserType] [AuthenticationMethod] [CertificateID] [SerialNumber] [Issuer] Description User Type (text as displayed in the UI) Authentication Method (text as displayed in the UI) ID of the certificate Serial number of the certificate Issuer of the certificate
Methods
The following table lists the database methods of the Symantec Endpoint Encryption Integration Component schema. Table A.2Database Schema, Methods
Method Name GEUserAuthenticationMethod GEUserAuthenticationMethod GEUserAuthenticationMethod GEUserType GEUserType RSEncryptionMethod RSEncryptionMethod RSEncryptionMethod RSEncryptionMethod RSEncryptionPolicy RSEncryptionPolicy RSEncryptionPolicy RSEncryptionPolicy RSEncryptionPolicy Value 0 1 2 0 1 0 1 2 3 1 2 3 4 5 Description Unauthenticated Password Token Registered User Client Administrator No encryption Password Certificate Any Write unencrypted Encrypt new files Encrypt all files Read only No access
43

SEE-IC 8.0.1 Administrator Guide

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

SEE-IC 8.0.1 Administrator Guide

Transféré par

Droits d'auteur :

Formats disponibles

Symantec Endpoint Encryption Integration Component

Symantec Endpoint Encryption Integration Component

Symantec Endpoint Encryption Integration Component

Symantec Endpoint Encryption Integration Component

Symantec Endpoint Encryption Integration Component

Altiris Notification Server

Altiris Console Computer(s)

Encrypted Database Communication Prerequisites

Symantec Endpoint Encryption Integration Component

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

2. Altiris Connector Installation

Symantec Endpoint Encryption Framework Integration Component

Symantec Endpoint Encryption Full Disk Integration Component

Symantec Endpoint Encryption Removable Storage Integration Component

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

Restart Internet Information Services (IIS)

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

Restart Altiris Service

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

Symantec Endpoint Encryption Integration Component

Client Installation Package Creation

3. Client Installation Package Creation

Figure 3.2Save Client Installation Package Prompt

Symantec Endpoint Encryption Integration Component

Client Installation Package Creation

C:\Program Files\Altiris\SEE-ICFramework\Client Packages

C:\Program Files\Altiris\SEE-IC-HD\Client Packages

C:\Program Files\Altiris\SEE-IC-RS\Client Packages

Symantec Endpoint Encryption Integration Component

Client Installation Package Deployment

4. Client Installation Package Deployment

Create a Software Delivery Task

Assign the Program and Filter

Symantec Endpoint Encryption Integration Component

Client Installation Package Deployment

Adjust Program Name and MSIEXEC Parameters

Symantec Endpoint Encryption Integration Component

Client Installation Package Deployment

Symantec Endpoint Encryption Integration Component

Client Installation Package Deployment

Verify Package Source and Location

Symantec Endpoint Encryption Integration Component

Altiris Notification Server

Symantec Endpoint Encryption Manager

Symantec Endpoint Encryption Integration Component

Restart Server and Resync Database

Symantec Endpoint Encryption Client Computers

Symantec Endpoint Encryption Integration Component

Create a Software Delivery Task

Assign the Program and Filter

Adjust Program Name and MSIEXEC Parameters

Symantec Endpoint Encryption Integration Component

Symantec Endpoint Encryption Integration Component

Altiris Notification Server