Endpoint Protection

 View Only
  • 1.  Easy Upgrade Path Question

    Posted Aug 19, 2009 09:34 AM
    Hello - new user here.  I do a little IT consulting work on the side for a local company with a small number (32) of XP and W2K workstations.  They purchased EP v11.0.  During the sales call, apparently the sales rep told the IT Mgr that upgrading was as easy as "going to the 'net and updating" or words to that effect.  The IT Mgr (who wears many hats in this small company) assumed that meant that when EP's new core applications got updated, (ex:  moving from MR2 to MR4) things would get done automatically.  We're finding out too late now, that isn't so.  And so, in this unmanaged environment, we're forced into dowloading the suite, burning CDs and crawling all over the building updating the core apps manually by overlaying the unmanaged client installs.

    Of course, in retrospect we can see now the value of a managed environment but with a small company like this the expense is prohibitive.  The sales rep might have spent a few more sentences asking additional questions of the customer too.  The business doesn't have the resources to go out and purchase server gear, hire an IT guy to run it, etc.  It almost seems like EP was an "over-buy".  But, on the other hand, the good news is:  it's top-notch software protection.  The bad news:  It's time consuming to update.

    Has anyone developed an easier way to migrate from minor version to minor version on EP on an unmanaged platform?   Would Hamachi (or similar product) be a viable approach for such a small company?

    Thanks for any advice.

    H


  • 2.  RE: Easy Upgrade Path Question

    Posted Aug 19, 2009 09:47 AM
     Hi,

       For starters, 32 machines is not so small anymore, I would not say EP was an overbuy but the new SEP 12.0 SBE might have been a better match (still needs a server though).

    I can not imagine a company with 30+ computers does not have a domain and probably an exchange server (might be one and only SBS server), it migjht be just as easy as installing the manager on that same server (might need an extra stick of RAM, not expensive these days.

    If it comes to it, it is possible to install the SEP manager on an XP machine (provided it has enough RAM, I would recommend 2GB). although this does require some tweaking in IIS and the SEPM console to workaround Windows XP limitations ( mainly limited of concurrent network connections)

    Once you have a Management server installed, it is not too much work to link your currently unmanaged clients to it.

    There is no quick and easy way to upgrade unmanaged computers, You might be able to use some third party deployment tools but that as well would require some work to set up the install packages and config options.




  • 3.  RE: Easy Upgrade Path Question

    Posted Aug 19, 2009 09:54 AM
    You can install SEPM on XP.Please follow the Best Practicse

    Best practices guide for installing the Symantec Endpoint Protection Manager (SEPM) on a Windows XP operating system.
     

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009010714075548

    No comimg to easy upgrade of unmanged client

    Created  a new packge follow the below kb and share the  setup.exe amomg the user and ask them to run locally

     

    How to restore/retain client-server communication using custom installation settings without having to use the sylink drop tool.
     

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008052008163148

    In the SEPM, click on Admin.

    Click on Install Packages.

    Click on Client Install Settings.

    Click on Add Client Install Settings...

    In the Client Install Settings window, at the bottom you will see Upgrade settings, Choose the "Remove all previous logs and policies, and reset the communication settings" option and click OK.

    To create custom installation settings to restore client-server communication, please follow the steps outlined below:

    Export a new Client Install Package and apply this new custom install setting to that package, then re-deploy to the client machines using setup.exe



  • 4.  RE: Easy Upgrade Path Question

    Trusted Advisor
    Posted Aug 19, 2009 10:57 AM

    Here's an Easy answer...

    As JL-S stated that SEP 12 would have been a better option for such a network... I completely agree with him...

    However, since its purchased... the Best thing to do is go though the KB articles and work on DO IT  Yourself ... or Call Tech support

    ( Please contact Symantec on your local support phone number found in the URL below. 
    http://www.symantec.com/enterprise/support/contact_techsupp_static.jsp
    )

    If I am not mistaken you have a WorkGroup environment, isnt it???

    If Yes,

    Best Practices for Central Deployment and Management of Symantec Endpoint Protection (SEP) in a Workgroup environment

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ffc28ff652de8ee965257536005ef92c?OpenDocument

    How to install Symantec Endpoint Protection in a workgroup environment

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/3bcb9bb4967c335e882574aa0019cce4?OpenDocument


    If No, then its a Domain environment...

    Check the KB Articles belo which would help you better....


    1) Migrating to Symantec Endpoint Protection 11.0 MR4

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/2bec0308fcd83d2f882575220071b968?OpenDocument

    2) Migrating to Symantec Endpoint Protection 11.0.4202 (MR4 MP2)

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/42ba1f162fe0652f882575bb0047cea4?OpenDocument

    3) Creating client installation packages

    http://seer.entsupport.symantec.com/docs/305173.htm

    4) Creating new Client Installation packages in the Symantec Endpoint Protection Manager Console

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/50aa9c0639f6edc08825731e0081a6ae?OpenDocument

    5) Creating custom Client Installation packages in the Symantec Endpoint Protection Manager Console

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/c741ec26fa674b1e8825738a0076abf3?OpenDocument

    6) How to Deploy Symantec Endpoint Protection to your client computers using the Migration and Deployment Wizard.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111409432848



    Once again there is a better way  to upgrade all the Clients whether they are on Domain or Workgroup Environment...Here is the Auto Upgrade Feature.......in the SEPM....

    To migrate client software

    1. Log-on to the newly migrated Symantec Endpoint Protection Manager Console if you are not logged on.
    2. Click Admin > Install Packages.
    3. In the lower-left pane, under Tasks, click Upgrade Groups with Package.
    4. In the Welcome to the Upgrade Groups Wizard panel, click Next.
    5. In the Select Client Install Package panel, all existing client packages are listed in the drop down box. Select one of the following:
      • Symantec Endpoint Protection <appropriate version>.
      • Symantec Network Access Control <appropriate version>.
    6. Click Next.
    7. In the Specify Groups panel, check one or more groups that contain the client computers to be migrated, then click Next.
    8. In the Package Upgrade Settings panel, check Download client from the management server.
    9. Click Upgrade Settings.
    10. In the Add Client Install Package dialog box, on the General tab, specify whether or not to keep existing client features or specify new ones, then configure a schedule for when to migrate the client computers. Under the Notification tab, if desired, specify a message to display to users during the migration.
      • If the clients in the group run a version of Symantec Endpoint Protection previous to MR3, turn off scheduling. Scheduling is on by default when a new client install package is added to a group. If scheduling is turned on, the upgrade fails. To turn off scheduling, in the Add Client Install Package dialog box, uncheck Upgrade Schedule.
    11. For details about settings on these tabs, click Help.
    12. Click OK.
    13. In the Upgrade Groups Wizard dialog box, click Next.
    14. In the Upgrade Groups Wizard Complete panel, click Finish.

    I hope that answers your Question to the Point...

    And please dont be afraid of Symantec Endpoint Protection... its far more easier Software than you think..its just a mind set which you have when you are facing a new Software...as soon as you have a hand on on Symantec Endpoint Protection you would find it easier... :)





  • 5.  RE: Easy Upgrade Path Question

    Posted Aug 19, 2009 05:10 PM

    Well!!!

    You folks have given me plenty (!) of material to ponder here.  Fabulous.
    Anyway, I've got some required reading to do.  An XP server machine might be an easy way to at least distribute.  But there are so many issues and questions to be answered in this, I've got to try to take it all in.

    I'll keep checking back to these forums as they're a cornucopia of good stuff.

    Thanks to you all...




  • 6.  RE: Easy Upgrade Path Question

    Posted Aug 19, 2009 05:50 PM
    We'll have to establish a workgroup for each machine.  As I write this, I don't know if a Workgroup that gathers all machines into one container is establshed.  I don't want to use "Workgroup" - I need to use another name which I'll think of then go to each machine and estab it as in that new Workgroup.  There is a domain for this office (car dealership) but it's under the brand name of the vehicles.  There is no exchange server or file server at the site.  These workstations are "stand alone" meaning that, for instance, e-mail to staff is delivered not by Exchange but through the company HQ portal using a custom app that does about 15 business processes including e-mail.  Company HQ is in Germany - we're in the US.  So, I think workgroup is our only option and the way to go. 

    Rather than waste everyone's time here, it's time for me to get on the horn to a live tech so I can get familiar with this.  Then we'll need an XP machine to configure up which are getting hard to find now that Vista and soon Windows 7 are in sight.  I assume I can configure and use IIS as the raw server platform.  (As you can probably tell, I've never done anything like this before).

    But again, I thank you all for steering and showing me that it indeed is possible to do this.  It may be a long struggle and a long time until we get some results.  Anything's got to be better than "sneaker-net"...

    H