Académique Documents
Professionnel Documents
Culture Documents
Administrator Guide
Version 8.0.1
Copyright 2011 Symantec Corporation. All rights reserved. Symantec, Altiris, and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. GuardianEdge is a registered trademark of GuardianEdge Technologies Inc. (now part of Symantec). Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 Commercial Computer Software Restricted Rights and DFARS 227.7202, et seq. Commercial Computer Software and Commercial Computer Software Documentation, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com
Administrator Guide
Contents
Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Altiris Console Computer(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Client Computer(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Encrypted Database Communication Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Altiris Connector Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Symantec Endpoint Encryption Framework Integration Component. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Symantec Endpoint Encryption Full Disk Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Symantec Endpoint Encryption Removable Storage Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Restart Internet Information Services (IIS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Restart Altiris Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Database Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3. Client Installation Package Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 4. Client Installation Package Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Create a Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Assign the Program and Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Adjust Program Name and MSIEXEC Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Verify Package Source and Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 5. Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Symantec Endpoint Encryption Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Symantec Endpoint Encryption Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Restart Server and Resync Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Symantec Endpoint Encryption Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Create a Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Assign the Program and Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Adjust Program Name and MSIEXEC Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 6. Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Symantec Endpoint Encryption Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 7. Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
iii
Administrator Guide
Contents
Full Disk Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Clients without SEE Full Disk Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Disk Encryption Status - # of Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Disk Encryption Status - Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Installation Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Installed Software by SEE Full Disk Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Installed Software by OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Last Check-In Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Removable Storage Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Clients without SEE Removable Storage Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Installation Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Installed Software by SEE Removable Storage Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Installed Software by OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Last Check-In Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Removable Storage Encryption Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Removable Storage Portability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Removable Storage Recovery Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Users and Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Client Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Registered Users - # of Registered Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Registered Users - Date of Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 8. Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Appendix A. Altiris Tables & Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
iv
Administrator Guide
Figures
Figures
Figure 2.1Restarting IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Figure 2.2Stop/Start/Restart Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Figure 2.3Shutting Down Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Figure 2.4Restarting the Altiris Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Figure 2.5Restart Other Services Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Figure 2.6Service Control Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Figure 2.7Symantec Endpoint Encryption Database Synchronization Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Figure 3.1Installation Package Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Figure 3.2Save Client Installation Package Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Figure 4.1Framework Client Installer, Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Figure 4.2Framework Client Installer Program, Programs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Figure 4.3Framework Client Installer Package, Package Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Figure 5.1Framework Client Installer Program, Programs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Figure 6.1Uninstalling Altiris Connector Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Figure 7.1Symantec Endpoint Encryption Integration Component Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Figure 8.1Full Disk Client Installer Package Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Administrator Guide
Introduction
1. Introduction
Overview
The Symantec Endpoint Encryption Integration Component extends the Altiris Asset Management Solution, allowing administrators to use the Altiris Console to perform the following tasks:
Create Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage client
installation packages.
Deploy Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage client
installation packages.
Upgrade Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage
clients.
Uninstall Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage
clients.
Run reports.
In addition, detailed information about each client installation package created with the Altiris Console will be available from the Altiris Log Viewer.
System Requirements
Basics
An Active Directory domain is required. The SQL instance hosting the Symantec Endpoint Encryption Database must be configured for mixed-mode authentication. During the installation of the Symantec Endpoint Encryption Management Server, select SQL authentication on the Database Access page. Provide the SQL credentials of your Management Server Account when prompted.
Administrator Guide
Introduction
* Internet options must be configured to allow signed ActiveX controls to be downloaded. 64-bit Editions are not supported.
Client Computer(s)
Operating System Edition(s) Service Pack(s) Additional Software Altiris Agent 7.0.3350 Windows XP Professional, Professional x64, or Tablet SP1, SP2, or SP3 Microsoft .NET Framework 2.0 Microsoft Internet Explorer 6.0 with SP2, 7, or 8 Windows Vista Business, Business x64, Ultimate, Ultimate x64, Enterprise, or Enterprise x64 Professional, Professional x64, Ultimate, Ultimate x64, Enterprise, or Enterprise x64 None, SP1, or SP2 Altiris Agent 7.0.3350 Microsoft Internet Explorer 7 or 8 Microsoft Internet Explorer 8
Windows 7
None
Administrator Guide
Introduction
Issued to the FQDN of the server hosting the Altiris Notification Server. Installed in the local computer personal certificate store of the server hosting the Altiris Notification Server.
Administrator Guide
Administrator Guide
4. The Ready to Install the Application page displays. Click Next. The Updating System screen displays progress during installation. When installation has finished, the completion screen is displayed. 5. Click Finish to exit the Removable Storage Integration Component installer.
Figure 2.1Restarting IIS 3. In the left pane, right click the node representing the Altiris Notification Server, point to All Tasks, and click Restart IIS.
Figure 2.2Stop/Start/Restart Dialog 4. The Stop/Start/Restart dialog will display. Make sure that Restart Internet Services on servername is selected from the drop down list, where servername is the name of your Altiris Notification Server. 5. Click OK.
Administrator Guide
Figure 2.3Shutting Down Dialog 6. The Shutting Down dialog will be displayed, showing the progress of the operation. You can click End now for a more immediate result. 7. This window will close on its own and you will be returned to the Internet Information Services (IIS) Manager once the restart operation completes.
Figure 2.4Restarting the Altiris Service 2. In the right pane, right-click the service named Altiris Service and select Restart. The Restart Other Services dialog will display.
Administrator Guide
Figure 2.5Restart Other Services Dialog 3. Click Yes. The Service Control dialog will display the status of the restart operation.
Figure 2.6Service Control Dialog 4. Allow this dialog to close on its own. When it does, the restart process has completed. With the Symantec Endpoint Encryption Integration Component now installed, you must next configure the database settings.
Database Configuration
Initial installations of the Symantec Endpoint Encryption Integration Component require a one-time configuration of the database settings using the Symantec Endpoint Encryption Database Synchronization panel. You must input the same settings that were specified when the Symantec Endpoint Encryption Management Server was installed. Once the database settings have been configured, data reported by Client Computers to the Symantec Endpoint Encryption Management Server will be periodically copied to the Altiris Notification Server, allowing Altiris Console reports to display Client Computer status information. To configure the database settings, click Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The Altiris Console opens. Click Settings, then click
Administrator Guide
Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection and click on Symantec Endpoint Encryption Database Synchronization.
Figure 2.7Symantec Endpoint Encryption Database Synchronization Page The syntax used in the Database Server Name box is as follows: computer name\instance name,port number While the NetBIOS computer name of the machine hosting the Symantec Endpoint Encryption database will always be required, the instance name will only be needed if you are using a named instance, and the TCP port number will only be necessary if you are using a custom port. The custom port number would need to be preceded by a comma and the instance name by a backslash. Type the name of the Symantec Endpoint Encryption database, for example, SEEMSDb, in the Schema Name box.
Administrator Guide
Type the user name of the Management Server account in the User Name box. This Microsoft SQL Server account was created during the installation of the Symantec Endpoint Encryption Management Server. Type the password of the Management Server account in the Password box. Click Enable TLS/SSL to encrypt all communications between the Altiris Notification Server and the Symantec Endpoint Encryption database. Ensure that you are in compliance with the prerequisites (see Encrypted Database Communication Prerequisites on page 2). Once you have finished making your changes, click Apply. Edit the number in the Polling Interval box to adjust the interval between updates. For example, if you type 15, the Altiris Notification Server will synchronize with the Symantec Endpoint Encryption Management Server every 15 minutes. Values from 10 minutes to 10,080 minutes (one week) are accepted. Click Synchronize Now to effect an immediate update. The Symantec Endpoint Encryption Database Synchronization page will update with status information as the operation proceeds, and the date and time of last synchronization will be shown when the update has completed successfully. You can verify that successful synchronization has taken place by running a report from the Altiris Console. Existing Symantec Endpoint Encryption Client Computers with records in the Symantec Endpoint Encryption database will be displayed in the report. With the Symantec Endpoint Encryption Integration Component now installed and the database settings configured, you can now create and deploy client installation packages.
Administrator Guide
Figure 3.1Installation Package Creation A wizard will guide you through the process of creating a Framework, Full Disk, or Removable Storage client installation package. Click Framework, Full Disk, or Removable Storage to launch the relevant wizard. For information about the settings for each panel, refer to the Full Disk or Removable Storage Installation Guide. When creating Full Disk client installation packages from a computer other than the Notification Server and specifying a custom startup image, ensure that the specified file is located in a shared network location that the Notification Server computer can access. You can use the Browse dialog for this purpose or type the path in manually, e.g., \\CADC-01\Custom Images\custom image.bmp If your Internet options are configured to prompt you before downloading signed ActiveX controls, the first time that you open the Client Administrator or Master Certificate panel, Internet Explorer may display a Security Warning message, asking you to confirm that you wish to install the GEFRAltirisCert.cab file. Confirm that the Active X control is signed by Symantec and then click Install. Unlike Symantec Endpoint Encryption Full Disk, Integration Component cannot create Mac client installation packages. Once you have completed the wizard, you will be prompted to save the client package.
10
Administrator Guide
The following table lists the default MSI names generated by each wizard and the location to which they are saved. Table 3.1Wizard, MSI Name, and Destination
Wizard Default MSI name Symantec Endpoint Encryption Framework Client.msi Symantec Endpoint Encryption Framework Client_x64.msi Symantec Endpoint Encryption Full Disk Edition Client.msi Symantec Endpoint Encryption Full Disk Edition Client_x64.msi Symantec Endpoint Encryption - Removable Storage Edition Client.msi Symantec Endpoint Encryption - Removable Storage Edition Client_x64.msi Destination
Framework
Full Disk
Removable Storage
Symantec recommends saving each client installation package with a unique and descriptive name. Saving a client installation package with a unique name automatically creates a new program whose name is based on the client installation package name. For example, a Framework client installation package saved as GEFR Client Installer for laptops (mm-dd-yy).msi will be displayed with the same name in the drop-down menu at the top of the Programs tab of the Framework client installation package (see Upgrades on page 16) as well as in the Program name drop-downs of any software delivery tasks that are part of the Framework client installation package, such as the Install Framework Clients task and the Upgrade Framework Clients task. Establishing a unique name for a particular client installation package makes it more readily identifiable later on when selecting from among several program names within a software delivery task.
11
Administrator Guide
Sequencing
The clients must be deployed to install Framework first. Full Disk and/or Removable Storagecan only be installed after Framework. If youre deploying multiple sets of Symantec Endpoint Encryption client installer MSIs filtered to different groups of computers, create a new software delivery task for each set and name it according to the specific combination of client installer MSI and filter. This will allow you to maintain a traceable workflow detailing which client installer MSIs have been deployed, and where.
12
Administrator Guide
Click Apply to, then click Quick apply. In the Quick apply dialog, type the name of a group, filter, or target you want to apply the program to, or select one from the drop-down list. For example, you may have previously created a filter named All Laptops that includes all laptop computers and excludes all desktop computers. Click Apply.
Figure 4.1Framework Client Installer, Software Delivery Task Choose the desired scheduling options, if any, then click Save changes.
13
Administrator Guide
In the right pane, click on the Programs tab. From the drop-down list at the top of the tab, choose the program with the same name as the MSI package you created earlier, for example, SEE-FR Client Installer for laptops (08-0509).msi.
Figure 4.2Framework Client Installer Program, Programs Tab The Command line box will contain a default MSI command appropriate for installing the program you selected. If necessary, make any changes to the command line parameters or other values on this tab. See the Full Disk or Removable Storage Installation Guide for a discussion of the suggested MSI commands for each client installation package, as well as the list of supported MSIEXEC parameters.
14
Administrator Guide
Figure 4.3Framework Client Installer Package, Package Tab Do not change the Package source option or the Package location option. The Package source option must be Access package from a local directory on the NS computer. Ensure that the Package location option remains at the defaults identified in Table 3.1 on page 11. Click Save changes when finished. Begin deployment of the client installer MSI to the selected filter of client computers by enabling the software delivery task. In the left pane, right-click the software delivery task named Install SEE-FR Client to all Laptops, then click Enable. Repeat this process for the Full Disk and/or Removable Storage client installer package(s).
15
Administrator Guide
Upgrades
5. Upgrades
Overview
Upgrades from Symantec Endpoint Encryption Integration Component 7.0.3 or later are supported. Upgrades from Symantec Endpoint Encryption Integration Component 7.0.3 or later must be performed in the following sequence: 1. Upgrade the Symantec Endpoint Encryption Manager. 2. Upgrade all Symantec Endpoint Encryption Integration Component components. 3. Restart IIS and initiate a database synchronization operation. 4. Upgrade existing Client Computers.
16
Administrator Guide
Upgrades
2. Create a new software delivery task for the upgrade. 3. Assign the upgrade program (i.e., the upgrade MSI) to the new software delivery task. 4. Select the upgrade program and set the MSIEXEC parameters for the upgrade in the software delivery package. 5. Enable the software delivery upgrade task.
Sequencing
The clients must be deployed to execute Symantec Endpoint Encryption Framework Client.msi first. The Symantec Endpoint Encryption Full Disk Edition Client.msi and/or Symantec Endpoint Encryption - Removable Storage Edition Client.msi upgrade packages must be executed following the successful completion of the Symantec Endpoint Encryption Framework Client.msi package.
17
Administrator Guide
Upgrades
In the right pane, click on the Programs tab. From the drop-down list at the top of the tab, choose the program with the same name as the MSI package you created earlier, for example, SEE-FR Framework Client [Upgrade].msi.
Figure 5.1Framework Client Installer Program, Programs Tab The Command line box will contain a default MSI command with the name of the MSI package you selected. You will need to modify this command line with MSIEXEC parameters appropriate for an upgrade.
See the Upgrades chapter of the Full Disk or Removable Storage Installation Guide for a discussion of the suggested MSI commands for upgrading each client installation package, as well as the list of supported MSIEXEC parameters. Once you have made the necessary modifications to the MSIEXEC parameters, click Save changes. Begin deployment of the client installer MSI to the selected filter of client computers by enabling the software delivery task. In the left pane, right-click the software delivery task named Install SEE-FR Client [Upgrade], then click Enable. Repeat this process for the Full Disk and/or Removable Storage client installer upgrade package(s).
18
Administrator Guide
Uninstallation
6. Uninstallation
Overview
This section describes how to uninstall the Symantec Endpoint Encryption Integration Component components and the Symantec Endpoint Encryption client software.
Figure 6.1Uninstalling Altiris Connector Components Uninstallation of the Symantec Endpoint Encryption Integration Component components will not delete any Symantec Endpoint Encryption client installer packages created using the Installation Package Creation wizards.
19
Administrator Guide
Reporting
7. Reporting
Overview
Symantec Endpoint Encryption Integration Component complements Altiris Notification Consoles native reporting capability by providing a number of reports that help you keep track of Full Disk and Removable Storage clients on your network. The reports query the Altiris Notification Server database, which is synchronized with the Symantec Endpoint Encryption database according to the polling interval defined during installation (Database Configuration on page 7). You can click Synchronize Now in the Symantec Endpoint Encryption Database Synchronization panel to ensure that you have the latest data. The Symantec Endpoint Encryption Integration Component Reports are divided into three categories:
Full Disk Encryption, Removable Storage Encryption, and Users and Administrators.
To access the Symantec Endpoint Encryption Integration Component Reports, open the Altiris Console and click on Reports, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection, expand one of the three report categories, and click on one of the reports.
Figure 7.1Symantec Endpoint Encryption Integration Component Reports The right pane will show the standard page for running the report.
20
Administrator Guide
Reporting
has not checked in. These computers may or may not have Full Disk installed. Only the computer name and directory service location of these computers will be available. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.1Full Disk: Clients without SEE Full Disk Installed Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter OS Name Hyperlink [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Retrieved Data The report will return the following information about the computers that fall within the query parameters:
Computer Name; Domain; and OS name.
21
Administrator Guide
Reporting
number
Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple Operating System entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Retrieved Data The report will return a list of computers showing the following data:
Computer Name; Encrypted Volumes; Encrypting Volumes; Decrypted Volumes; Decrypting Volumes;
22
Administrator Guide
Reporting
Retrieved Data The report will return a list of computers showing the following data:
Computer Name;
23
Administrator Guide
Reporting
Encrypted Volumes; Encrypting Volumes; Decrypted Volumes; Decrypting Volumes; Domain; and OS name.
Installation Status
Basics The Installation Status report will retrieve the records of Full Diskprotected computers that have reported in to the Symantec Endpoint Encryption Management Server. These results can be filtered according to when Full Disk was installed. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.4Full Disk: Installation Status Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter OS Name hyperlink [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it. Retrieve clients with a Full Disk install date that is the same as or later than that date and time specified.
yyyy-mm-dd
24
Administrator Guide
Reporting
Table 7.4Full Disk: Installation Status Query Parameters (Continued) Parameter Install End Date-Time Computer Name Value yyyy-mm-dd partial computer name% Explanation Retrieve clients with a Full Disk install date that is the same as or no later than that date and time specified. Use the % wildcard character in conjunction with computer name portions to retrieve the records of computers with specific characters in their computer names. For example, "D%" will retrieve all computers that have names starting with "D".
Retrieved Data The report will return a list of computers showing the following data:
Computer Name; Version; Install Date-Time; Encrypted Volumes; Encrypting Volumes; Decrypted Volumes; Decrypting Volumes; Domain; and OS name.
25
Administrator Guide
Reporting
Retrieved Data The report will return a list of computers showing the following data:
Version; Domain; and Full Disk Client Count.
Installed Software by OS
Basics The Installed Software by OS report will identify how many clients of a given operating system that have reported in to the Symantec Endpoint Encryption Management Server are protected by Full Disk. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.6Full Disk: Installed Software by OS Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter hyperlink Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved.
The percentage installed result will reflect the number of discovered endpoints divided by the number of endpoints with Full Disk.
Management Server; or
26
Administrator Guide
Reporting
Clients that reside on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management
Server and have not checked in with the Symantec Endpoint Encryption Management Server. Only the computer name and directory service location of these computers will be available. If the client has checked in, you will be able to filter the results according to when it did so. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.7Full Disk: Last Check-In Status Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter Have/have not checked in hyperlink Have Have Not Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Select to retrieve only the records of clients that have checked in with the Symantec Endpoint Encryption Management Server. Select to retrieve the records of clients that reside on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and have not checked in with the Symantec Endpoint Encryption Management Server. Enter the number that corresponds to your specified time unit. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, type 20. Select the unit of time that corresponds to your specified date range. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, select Day. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Since
number
Units
Hour|Day|Week| Month|Quarter| Year [All] [Empty] [Null] Unknown Windows operating system
OS Name
Data Retrieved The report will return a list of computers showing the following data:
Computer Name; Last Check-In;
27
Administrator Guide
Reporting
has not checked in. These computers may or may not have Removable Storage installed. Only the computer name and directory service location of these computers will be available. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.8Removable Storage: Clients Without SEE Removable Storage Installed Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter OS Name hyperlink [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Data Retrieved The report will return a list of computers showing the following data:
Computer Name; Domain; and
28
Administrator Guide
Reporting
OS name.
Installation Status
Basics The Installation Status report will retrieve the records of Removable Storageprotected computers that have reported in to the Symantec Endpoint Encryption Management Server. These results can be filtered according to when Removable Storage was installed. Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.9Removable Storage: Installation Status Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter OS Name hyperlink [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it. Retrieve clients with a Removable Storage install date that is the same as or later than that date and time specified. Retrieve clients with a Removable Storage install date that is the same as or no later than that date and time specified. Use the % wildcard character in conjunction with computer name portions to retrieve the records of computers with specific characters in their computer names. For example, "D%" will retrieve all computers that have names starting with "D".
yyyy-mm-dd
Retrieved Data The report will return a list of computers showing the following data:
Computer Name; Version;
29
Administrator Guide
Reporting
Retrieved Data The report will return a list of computers showing the following data:
Version; Domain; and Removable Storage Client Count.
Installed Software by OS
Basics The Installed Software by OS report will identify how many clients of a given operating system that have reported in to the Symantec Endpoint Encryption Management Server are protected by Removable Storage.
30
Administrator Guide
Reporting
Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.11Removable Storage: Installed Software by Operating System Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter hyperlink Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved.
The percentage installed result will reflect the number of discovered endpoints divided by the number of endpoints with Removable Storage.
Server and have not checked in with the Symantec Endpoint Encryption Management Server. Only the computer name and directory service location of these clients will be available. If the client has checked in, you will be able to filter the results according to when it did so.
31
Administrator Guide
Reporting
Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.12Removable Storage: Last Check-In Status Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter Have/have not checked in hyperlink Have Have Not Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Select to retrieve only the records of clients that have checked in with the Symantec Endpoint Encryption Management Server. Select to retrieve the records of clients that reside on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and have not checked in with the Symantec Endpoint Encryption Management Server. Enter the number that corresponds to your specified time unit. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, type 20. Select the unit of time that corresponds to your specified date range. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, select Day. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Since
number
Units
Hour|Day|Week| Month|Quarter| Year [All] [Empty] [Null] Unknown Windows operating system
OS Name
Data Retrieved The report will return a list of computers showing the following data:
Computer Name; Last Check-In; Registered Users; Domain; and OS name.
32
Administrator Guide
Reporting
33
Administrator Guide
Reporting
Table 7.13Removable Storage: Removable Storage Encryption Policy Query Parameters (Continued) Parameter OS Name Value [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Data Retrieved The report will return a list of computers showing the following data:
Computer Name; Encryption Policy; Encryption Method; Domain; and OS Name.
34
Administrator Guide
Reporting
Table 7.14Removable Storage: Removable Storage Portability Query Parameters (Continued) Parameter Copy Access Utility Value Any Yes No Executables Any Yes No Explanation Do not filter the results according to whether or not the Removable Storage Access Utility is being written to removable media. Retrieve the records of clients that are automatically writing the Removable Storage Access Utility to removable media. Retrieve the records of clients that are not automatically writing the Removable Storage Access Utility to removable media. Do not filter the results according to whether or not the clients are allowing users to create self-extracting executables. Retrieve the records of clients that allow users to create self-extracting executables. Retrieve the records of clients that do not allow users to create selfextracting executables.
Data Retrieved The report will return a list of computers showing the following data:
Computer Name; User Name; Copy Access Utility; Executables; Encryption Policy; Encryption Method; Domain; and OS Name.
35
Administrator Guide
Reporting
Query Parameters You can further limit the records retrieved by this report by setting one of the following parameters. Table 7.15Removable Storage: Removable Storage Recovery Certificate Query Parameters Parameter Domain Value [All] [Empty] [Null] domain Filter Recovery Certificate Enabled hyperlink Any Yes No Encryption Method All No encryption Password Certificate Any OS Name [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to domain. Retrieve the records of clients that report their domain membership as an empty string. Retrieve the records of clients that do not report membership in a domain. Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it. Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved. Do not filter the results according to whether or not a recovery certificate is in use. Retrieve the records of clients that are using a recovery certificate. Retrieve the records of clients that are using a recovery certificate. Do not filter the results according to encryption method. Retrieve the records of clients that are using no encryption. Retrieve the records of clients that are using password encryption. Retrieve the records of clients that are using certificate encryption. Retrieve the records of clients that are using any encryption method. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Data Retrieved The report will return a list of computers showing the following data:
Computer Name; Recovery Certificate Serial Number; Encryption Policy; Encryption Method; Domain; and OS Name.
36
Administrator Guide
Reporting
Data Retrieved The report will return a list of computers showing the following data:
Computer Name; Client Admin Name; Authentication;
37
Administrator Guide
Reporting
number
Retrieve clients with no more than the specified number of registered users.
38
Administrator Guide
Reporting
Table 7.17Registered Users - Number of Registered Users Query Parameters (Continued) Parameter OS Name Value [All] [Empty] [Null] Unknown Windows operating system Explanation Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Data Retrieved The report will return a list of computers showing the following data:
Computer Name; User Name; User Type; Authentication; Registration Time; Domain; and OS Name.
39
Administrator Guide
Reporting
Table 7.18Registered Users - Date of Registration Query Parameters (Continued) Parameter Authentication Method Value Any Password Token Unauthenticated Registered Since Units number Explanation Do not filter the results according to the authentication method used by its Client Administrators. Retrieve the records of clients with users that authenticate using a password. Retrieve the records of clients with users that authenticate using a token. Retrieve the records of clients enforcing an automatic authentication policy. Enter the number that corresponds to your specified time unit. For example, if you wish to retrieve the records of client computers with users that have registered within the last 20 days, type 20. Select the unit of time that corresponds to your specified date range. For example, if you wish to retrieve the records of client computers with users that have registered within the last 20 days, select Day. Do not filter the results according to operating system. Retrieve the records of clients that report their operating system as an empty string. Retrieve the records of clients that do not report an operating system. Select clients reporting an installed Windows operating system that is unknown. This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.
Hour|Day|Week| Month|Quarter| Year [All] [Empty] [Null] Unknown Windows operating system
OS Name
Data Retrieved The report will return a list of computers showing the following data:
Computer Name; User Name; User Type; Authentication; Registration Time; Domain; and OS Name.
40
Administrator Guide
Logging
8. Logging
The settings selected in the client installation packages will be logged and available for viewing within the Altiris Log Viewer. To access these, click to open the Windows Start menu. Point to Programs, point to Altiris, point to Diagnostics, and select Altiris Log Viewer.
Figure 8.1Full Disk Client Installer Package Log Each time that the Symantec Endpoint Encryption Integration Component is used to create a client installation package, one of the following three entries will be added to the Altiris Log Viewer, as appropriate to the client installation package:
Full Disk Client Installer created. Framework Client Installer created. Removable Storage Client Installer created.
Highlight the event that is of interest in order to view the specific installation settings that were selected in this package.
41
Administrator Guide
Tables
The following table lists the database tables and elements of the Symantec Endpoint Encryption Integration Component data. Table A.1Database Tables, Elements, and Description
Table Name Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Inv_EndPoint_Encryption Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Evt_EndPoint_Encryption_Users Table Element [_ResourceGuid] [EndPointGUID] [FR_Version] [FR_InstallationTime] [FD_Version] [FD_InstallationTime] [RS_Version] [RS_InstallationTime] [LastCheckIn] [EncryptedVolumes] [EncryptingVolumes] [DecryptedVolumes] [DecryptingVolumes] [RSEncryptPolicyID] [RSEncryptMethodID] [MasterCert_Enabled] [MasterCertIificateID] [AccessUtilityEnabled] [IsDeleted] [RSExecutablesEnabled] [RSEncryptMethod] [RSEncryptPolicy] [_ResourceGuid] [UserName] [DnsDomainName] [UserTypeID] [AuthenticationID] [LastLogonTime] [RegistrationTime] [IsDeleted] Description Link the data to Altris Resource GUID Symantec Endpoint Encryption GUID for the client installed Framework version Framework install time Full Disk version Full Disk install time Removable Storage version Removable Storage install time Last check-in time Volumes in an encrypted state Volumes being encrypted Volumes in a decrypted state Volumes being decrypted Encryption policy (link to RSEncryptionPolicy table) Encryption Method (link to RSEncryptionMethod table) Master Certificate enabled/disabled Master Certificate (link to RSMasterCertificate Table) Removable Storage Access Utilty allowed/not allowed Flag indicating soft deletion of endpoint Removable Storage Executables allowed/not allowed Removable Storage Encryption Method (text as displayed in the UI) Removable Storage Encryption Policy (text as displayed in the UI) Link the data to Altris Resource GUID Name of the Registered User DNS domain name of the Registered User Type of user (link to GEUserType Table) Authentication method (link to GEUserAuthenticationMethod Table) User Log On Time User Registration Time Flag indicating soft deletion of user
42
Administrator Guide
Methods
The following table lists the database methods of the Symantec Endpoint Encryption Integration Component schema. Table A.2Database Schema, Methods
Method Name GEUserAuthenticationMethod GEUserAuthenticationMethod GEUserAuthenticationMethod GEUserType GEUserType RSEncryptionMethod RSEncryptionMethod RSEncryptionMethod RSEncryptionMethod RSEncryptionPolicy RSEncryptionPolicy RSEncryptionPolicy RSEncryptionPolicy RSEncryptionPolicy Value 0 1 2 0 1 0 1 2 3 1 2 3 4 5 Description Unauthenticated Password Token Registered User Client Administrator No encryption Password Certificate Any Write unencrypted Encrypt new files Encrypt all files Read only No access
43