Deploy Symantec EndPoint Encryption 11.2.1 and Configure SEE to Encrypt Client Machines

最新推荐文章于 2024-07-02 17:23:38 发布

net sec

最新推荐文章于 2024-07-02 17:23:38 发布

阅读量247

点赞数

本文链接：https://blog.csdn.net/netsec51sec/article/details/99131895

版权

Last updated on August 9, 2019

symantec-endpoint-protection_f.jpg?resize=539%2C244

Symantec Endpoint Encryption protects sensitive information and ensures regulatory compliance. It encrypts all files on the hard drive, sector-by-sector, for maximum security. It supports Windows, Mac, tablets, self-encrypting drives, and removable media (USB drives, external hard drives, and DVDs).

I had a chance to install it in my lab environment for a testing. This post is kind of recording all steps including all mistakes I had made, especially in the YouTube video.

1. Pre-Installation System Requirements:

1.1 OS Requirements

Microsoft Windows Server 2016 Datacenter, with updates
Microsoft Windows Server 2016 Standard, with updates
Microsoft Windows Server 2012 R2 Datacenter, with updates
Microsoft Windows Server 2012 R2 Standard, with updates
Microsoft Windows Server 2008 R2 Enterprise SP1 (Deprecated in SEE 11.2.1 MP1)
Microsoft Windows Server 2008 R2 Standard SP1 (Deprecated in SEE 11.2.1 MP1)

1.2 .NET Requirements

Operating system	Required version of .NET Framework
Microsoft Windows Server 2008 R2	4.5.2 (Deprecated in SEE 11.2.1 MP1)
Microsoft Windows Server 2012 R2	4.5.2
Microsoft Windows Server 2016	4.6.2 (For Symantec Endpoint Encryption 11.1.3 and later)

1.3 DB Requirements

SQL Server Version	On the Symantec Endpoint Encryption Management Server
		SQL Server 2016 Enterprise (64-bit)	Yes
		SQL Server 2016 Standard (64-bit)	Yes
SQL Server 2014 Enterprise (64-bit)	Yes
SQL Server 2014 Standard (64-bit)	Yes
SQL Server 2014 Express with Advanced Services (64-bit) (deprecated in SEE 11.2.1 MP1)	Yes
SQL Server 2012 Enterprise, SP1 (64-bit) (deprecated in SEE 11.2.1 MP1)	Yes
SQL Server 2012 Standard, SP1 (64-bit) (deprecated in SEE 11.2.1 MP1)	Yes
SQL Server 2012 Express with Advanced Services, SP1 (64-bit) (deprecated in SEE 11.2.1 MP1)	Yes

1.4 Add prerequisites to the server
including Internet Information Services (IIS), the .NET framework, and other tools.See article HOWTO101921 for enabling the prerequisite server roles and features.

1.5 Download SEE Installation Software

Symantec-SEE-Download.png?resize=800%2C323&ssl=1

2. Installing Symantec Endpoint Encryption Server
Double-click the file “SEE Server Suite x64.msi” to run it.

You can find the Symantec Endpoint Encryption Installation Guide at https://support.symantec.com/en_US/article.DOC9134.html. Download 11.2.1 installation guide file – symcEE_11.2.1_InstallGuide_en.pdf.

Follow the guide, you should be able to get installation done if all prerequisites meet. My video at the end of this post will give you an idea how this installation looks like.

3. Configuring the Symantec Endpoint Encryption Management Server
After you run the Symantec Endpoint Encryption Management Server wizard, the configuration
wizard automatically launches. You use the wizard to set up your directory service synchronization and to configure the Web service. You can also manually start the wizard by running the configuration manager program on the Symantec Endpoint Encryption Management Server. You must complete the wizard before you can synchronize your directory services and create your client installation packages.

Symantec-SEE-Configuration-manager-1-DB-config.png?resize=800%2C666&ssl=1

Symantec-SEE-Configuration-manager-2-web-server.png?resize=800%2C664&ssl=1

4. Using the Symantec Endpoint Encryption Manager to Generate Windows Clients

SEE-Windows-Client-Package-Setup-1.png?resize=800%2C367&ssl=1

SEE-Windows-Client-Package-Setup-2.png?resize=704%2C453&ssl=1

SEE-Windows-Client-Package-Setup-3.png?resize=752%2C559&ssl=1

SEE-Windows-Client-Package-Setup-4.png?resize=762%2C759&ssl=1

5. Deploying Clients

Double click new generated SEE client software , either “SEE Client.exe” or “SEE Client_x64.exe”, to start installation. You will need admin privilege account to install this client.

After complete installation, based on your package settings, you might see following screen after you rebooted your machine.

SEE-Client-Machine-Reboot-Window.png?resize=648%2C483&ssl=1

SEE-Client-Machine-Reboot-Window-2.png?resize=648%2C480&ssl=1

Once you successfully SSO logged in client machine, you can check SEE Management Agent software to see check in status.

SEE-Client-Management.png?resize=660%2C504&ssl=1

6. Create SEE Policy at SEE Native Policy Manager

Create-SEE-Policy.png?resize=800%2C585&ssl=1

7. Create Groups at SEE Users and Computers – > SEE Managed Computers
You can create your own group based on your policy.

Create-SEE-Managed-Group.png?resize=800%2C274&ssl=1

8. Assign SEE policy created at step 6 to the Group created at step 7

Symantec Encryption Endpoint 11.2.1 Installation Guide can be downloaded from symcEE_11.2.1_InstallGuide_en.pdf (1.3 MB)

Symantec Encryption Endpoint 11.2.1 Policy Administrator Guide can be downloaded from symcEE_11.2.1_PolicyAdmin_en.pdf (2.7 MB)

Troubleshooting:

Issue 1 – Save failed for web server configuration due to invalid data

The web site actually creates during the initial Management Server installation. If you are at the section where the yellow/white boxes are asking for configuration data, the site should be saved already. If it is not, uninstall, verify IIS components are all installed as required in HOWTO101921, and try again.

If you are still in the installation piece of the Management Server, you most likely have missed part of the required IIS pieces. Exit the installation and verify everything in HOWTO101921 is set up correctly.

The most common missed pieces are the “IIS 6 Management Compatibility (check all four entries)” and the “IIS Management Scripts and Tools”. Both IIS 6 and 7 components are required.

YouTube – Deploy SEE Video:

References: