SEE-IC 8.0.1 Administrator Guide[1]

Symantec Endpoint Encryption

Integration Component

Administrator Guide

Version 8.0.1

Copyright © 2011 Symantec Corporation. All rights reserved. Symantec, Altiris, and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. GuardianEdge is a registered trademark of GuardianEdge Technologies Inc. (now part of Symantec). Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 “Commercial Computer Software - Restricted Rights” and DFARS 227.7202, et seq. “Commercial Computer Software and Commercial Computer Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation350 Ellis StreetMountain View, CA 94043http://www.symantec.com

Administrator Guide Contents

Symantec Endpoint Encryption Integration Component iii

Contents1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Altiris Console Computer(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Client Computer(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Encrypted Database Communication Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2. Altiris Connector Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Symantec Endpoint Encryption Framework Integration Component. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Symantec Endpoint Encryption Full Disk Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Symantec Endpoint Encryption Removable Storage Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Restart Internet Information Services (IIS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Restart Altiris Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Database Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3. Client Installation Package Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

4. Client Installation Package Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Create a Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Assign the Program and Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Adjust Program Name and MSIEXEC Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Verify Package Source and Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

5. Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Symantec Endpoint Encryption Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Symantec Endpoint Encryption Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Restart Server and Resync Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Symantec Endpoint Encryption Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Create a Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Assign the Program and Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Adjust Program Name and MSIEXEC Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

6. Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Symantec Endpoint Encryption Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

7. Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Administrator Guide Contents

Symantec Endpoint Encryption Integration Component iv

Full Disk Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Clients without SEE Full Disk Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Disk Encryption Status - # of Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Disk Encryption Status - Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Installation Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Installed Software by SEE Full Disk Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Installed Software by OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Last Check-In Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Removable Storage Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Clients without SEE Removable Storage Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Installation Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Installed Software by SEE Removable Storage Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Installed Software by OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Last Check-In Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Removable Storage Encryption Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Removable Storage Portability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Removable Storage Recovery Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Users and Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Client Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Registered Users - # of Registered Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Registered Users - Date of Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

8. Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Appendix A. Altiris Tables & Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Administrator Guide Figures

Symantec Endpoint Encryption Integration Component v

FiguresFigure 2.1—Restarting IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Figure 2.2—Stop/Start/Restart Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Figure 2.3—Shutting Down Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Figure 2.4—Restarting the Altiris Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Figure 2.5—Restart Other Services Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Figure 2.6—Service Control Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Figure 2.7—Symantec Endpoint Encryption Database Synchronization Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Figure 3.1—Installation Package Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Figure 3.2—Save Client Installation Package Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Figure 4.1—Framework Client Installer, Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Figure 4.2—Framework Client Installer Program, Programs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Figure 4.3—Framework Client Installer Package, Package Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Figure 5.1—Framework Client Installer Program, Programs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Figure 6.1—Uninstalling Altiris Connector Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Figure 7.1—Symantec Endpoint Encryption Integration Component Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Figure 8.1—Full Disk Client Installer Package Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Symantec Endpoint Encryption Integration Component 1

Administrator Guide Introduction

1. Introduction

OverviewThe Symantec Endpoint Encryption Integration Component extends the Altiris Asset Management Solution, allowing administrators to use the Altiris Console to perform the following tasks:

Create Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage client installation packages.

Deploy Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage client installation packages.

Upgrade Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage clients.

Uninstall Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage clients.

Run reports.

In addition, detailed information about each client installation package created with the Altiris Console will be available from the Altiris Log Viewer.

System Requirements

BasicsAn Active Directory domain is required.

The SQL instance hosting the Symantec Endpoint Encryption Database must be configured for mixed-mode authentication. During the installation of the Symantec Endpoint Encryption Management Server, select SQL authentication on the Database Access page. Provide the SQL credentials of your Management Server Account when prompted.



Altiris Notification Server

Altiris Console Computer(s)

Client Computer(s)

Encrypted Database Communication PrerequisitesIf you plan to use optional TLS/SSL for encrypted database traffic between the Altiris Notification Server and the Symantec Endpoint Encryption database, you must install server-side TLS/SSL certificates on both the Altiris Notification Server and the Symantec Endpoint Encryption database. See the Symantec Endpoint Encryption Management Server chapter of the Installation Guide for details on configuring the Symantec Endpoint Encryption database for encrypted database communications.

This server-side TLS/SSL certificate you install on the Altiris Notification Server must possess the following characteristics:

Valid during the period in which it will be used.

Enabled for server authentication.

Contain the private key.

Operating System Edition(s) Service Pack(s) Additional Software

Windows Server 2003* Standard or Enterprise† SP1 or SP2

Altiris Notification Server 7.0.4739

SQL Server 2005 Standard or Enterprise Edition

Internet Information Services (IIS) 6.0

Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)

Framework 7.0.6**

Full Disk 7.0.6 and/or Removable Storage 7.0.6

* Internet options must be configured to allow signed ActiveX controls to be downloaded.

† 64-bit Editions are not supported.

** Serverless mode is not supported.


Windows XP* Professional or TabletSP1, SP2, or SP3

CAPICOM 2.1.0.2

Windows Vista*Business, Ultimate, or Enterprise†

None, SP1, or SP2

CAPICOM 2.1.0.2

Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)

* Internet options must be configured to allow signed ActiveX controls to be downloaded.

† 64-bit Editions are not supported.


Windows XP Professional, Professional x64, or Tablet SP1, SP2, or SP3

Altiris Agent 7.0.3350

Microsoft .NET Framework 2.0

Microsoft Internet Explorer 6.0 with SP2, 7, or 8

Windows VistaBusiness, Business x64, Ultimate, Ultimate x64, Enterprise, or Enterprise x64

None, SP1, or SP2Altiris Agent 7.0.3350

Microsoft Internet Explorer 7 or 8

Windows 7Professional, Professional x64, Ultimate, Ultimate x64, Enterprise, or Enterprise x64

None Microsoft Internet Explorer 8



Issued to the FQDN of the server hosting the Altiris Notification Server.

Installed in the local computer personal certificate store of the server hosting the Altiris Notification Server.


Administrator Guide Altiris Connector Installation

2. Altiris Connector Installation

OverviewThe Symantec Endpoint Encryption Integration Component is installed on the Altiris Notification Server. In order to install the Symantec Endpoint Encryption Integration Component, you will need to log on with a Windows account with software installation privileges. Before beginning, ensure that the target machine meets the system requirements (“System Requirements” on page 1) and that all of the required additional software has been installed.

You will need the following files:

SEEFrameworkIntegrationComponent.msi

SEEFullDiskIntegrationComponent.msi

SEERemovableStorageIntegrationComponent.msi

Symantec Endpoint Encryption Framework Integration ComponentThe Symantec Endpoint Encryption Framework Integration Component must be installed before Symantec Endpoint Encryption Full Disk Integration Component or Symantec Endpoint Encryption Removable Storage Integration Component will function. Therefore, you should begin your installation with this MSI.

1. Double-click the file SEEFrameworkIntegrationComponent.msi. The first page of the Symantec Endpoint Encryption Framework Integration Component Installation Wizard displays. Click Next.

2. The License Agreement page displays. Click I accept the license agreement, then click Next.

3. The Ready to Install the Application page displays. Click Next. The Updating System screen displays progress during installation. When installation has finished, the completion screen is displayed.

4. Click Finish to exit the Framework Integration Component installer.

Symantec Endpoint Encryption Full Disk Integration Component1. If you are installing the Symantec Endpoint Encryption Full Disk Integration Component, double-click the file

named SEEFullDiskIntegrationComponent.msi.

2. The first page of the Full Disk Integration Component Installation Wizard displays. Click Next.



5. Click Finish to exit the Full Disk Integration Component installer.

Symantec Endpoint Encryption Removable Storage Integration Component1. If you are installing the Symantec Endpoint Encryption Removable Storage Integration Component, double-click

the file named SEERemovableStorageIntegrationComponent.msi.

2. The first page of the Removable Storage Integration Component Installation Wizard displays. Click Next.





5. Click Finish to exit the Removable Storage Integration Component installer.

Restart Internet Information Services (IIS)After all Symantec Endpoint Encryption Integration Component components have been installed, you must restart IIS.

1. Click Start, click Control Panel, then double-click Administrative Tools.

2. Double-click Internet Information Services (IIS) Manager.

Figure 2.1—Restarting IIS

3. In the left pane, right click the node representing the Altiris Notification Server, point to All Tasks, and click Restart IIS.

Figure 2.2—Stop/Start/Restart Dialog

4. The Stop/Start/Restart dialog will display. Make sure that Restart Internet Services on servername is selected from the drop down list, where servername is the name of your Altiris Notification Server.

5. Click OK.



Figure 2.3—Shutting Down Dialog

6. The Shutting Down dialog will be displayed, showing the progress of the operation. You can click End now for a more immediate result.

7. This window will close on its own and you will be returned to the Internet Information Services (IIS) Manager once the restart operation completes.

Restart Altiris ServiceIf the Symantec Endpoint Encryption Integration Component does not appear to be functioning correctly after installation, you may need to restart the Altiris Service.

To restart the Altiris Service, perform the following steps:

1. Click Start, click Run, type services.msc, and click OK. The Services snap-in opens.

Figure 2.4—Restarting the Altiris Service

2. In the right pane, right-click the service named Altiris Service and select Restart. The Restart Other Services dialog will display.



Figure 2.5—Restart Other Services Dialog

3. Click Yes. The Service Control dialog will display the status of the restart operation.

Figure 2.6—Service Control Dialog

4. Allow this dialog to close on its own. When it does, the restart process has completed.

With the Symantec Endpoint Encryption Integration Component now installed, you must next configure the database settings.

Database ConfigurationInitial installations of the Symantec Endpoint Encryption Integration Component require a one-time configuration of the database settings using the Symantec Endpoint Encryption Database Synchronization panel. You must input the same settings that were specified when the Symantec Endpoint Encryption Management Server was installed.

Once the database settings have been configured, data reported by Client Computers to the Symantec Endpoint Encryption Management Server will be periodically copied to the Altiris Notification Server, allowing Altiris Console reports to display Client Computer status information. To configure the database settings, click Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The Altiris Console opens. Click Settings, then click



Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection and click on Symantec Endpoint Encryption Database Synchronization.

Figure 2.7—Symantec Endpoint Encryption Database Synchronization Page

The syntax used in the Database Server Name box is as follows:

computer name\instance name,port number

While the NetBIOS computer name of the machine hosting the Symantec Endpoint Encryption database will always be required, the instance name will only be needed if you are using a named instance, and the TCP port number will only be necessary if you are using a custom port. The custom port number would need to be preceded by a comma and the instance name by a backslash.

Type the name of the Symantec Endpoint Encryption database, for example, SEEMSDb, in the Schema Name box.



Type the user name of the Management Server account in the User Name box. This Microsoft SQL Server account was created during the installation of the Symantec Endpoint Encryption Management Server.

Type the password of the Management Server account in the Password box.

Click Enable TLS/SSL to encrypt all communications between the Altiris Notification Server and the Symantec Endpoint Encryption database. Ensure that you are in compliance with the prerequisites (see “Encrypted Database Communication Prerequisites” on page 2).

Once you have finished making your changes, click Apply.

Edit the number in the Polling Interval box to adjust the interval between updates. For example, if you type 15, the Altiris Notification Server will synchronize with the Symantec Endpoint Encryption Management Server every 15 minutes. Values from 10 minutes to 10,080 minutes (one week) are accepted.

Click Synchronize Now to effect an immediate update. The Symantec Endpoint Encryption Database Synchronization page will update with status information as the operation proceeds, and the date and time of last synchronization will be shown when the update has completed successfully.

With the Symantec Endpoint Encryption Integration Component now installed and the database settings configured, you can now create and deploy client installation packages.

You can verify that successful synchronization has taken place by running a report from the Altiris Console. Existing Symantec Endpoint Encryption Client Computers with records in the Symantec Endpoint Encryption database will be displayed in the report.


Administrator Guide Client Installation Package Creation

3. Client Installation Package CreationClick Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The Altiris Console opens. Click Settings, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection, then expand Installation Package Creation.

Figure 3.1—Installation Package Creation

A wizard will guide you through the process of creating a Framework, Full Disk, or Removable Storage client installation package. Click Framework, Full Disk, or Removable Storage to launch the relevant wizard. For information about the settings for each panel, refer to the Full Disk or Removable Storage Installation Guide.

Once you have completed the wizard, you will be prompted to save the client package.

Figure 3.2—Save Client Installation Package Prompt

When creating Full Disk client installation packages from a computer other than the Notification Server and specifying a custom startup image, ensure that the specified file is located in a shared network location that the Notification Server computer can access. You can use the Browse dialog for this purpose or type the path in manually, e.g., \\CADC-01\Custom Images\custom image.bmp

If your Internet options are configured to prompt you before downloading signed ActiveX controls, the first time that you open the Client Administrator or Master Certificate panel, Internet Explorer may display a Security Warning message, asking you to confirm that you wish to install the GEFRAltirisCert.cab file. Confirm that the Active X control is signed by Symantec and then click Install.

Unlike Symantec Endpoint Encryption Full Disk, Integration Component cannot create Mac client installation packages.


Administrator Guide Client Installation Package Creation

The following table lists the default MSI names generated by each wizard and the location to which they are saved.

Table 3.1—Wizard, MSI Name, and Destination

Wizard Default MSI name Destination

Framework

Symantec Endpoint Encryption Framework Client.msi

Symantec Endpoint Encryption Framework Client_x64.msi

C:\Program Files\Altiris\SEE-ICFramework\Client Packages

Full Disk

Symantec Endpoint Encryption Full Disk Edition Client.msi

Symantec Endpoint Encryption Full Disk Edition Client_x64.msi

C:\Program Files\Altiris\SEE-IC-HD\Client Packages

Removable Storage

Symantec Endpoint Encryption - Removable Storage Edition Client.msi

Symantec Endpoint Encryption - Removable Storage Edition Client_x64.msi

C:\Program Files\Altiris\SEE-IC-RS\Client Packages

Symantec recommends saving each client installation package with a unique and descriptive name. Saving a client installation package with a unique name automatically creates a new program whose name is based on the client installation package name. For example, a Framework client installation package saved as GEFR Client Installer for laptops (mm-dd-yy).msi will be displayed with the same name in the drop-down menu at the top of the Programs tab of the Framework client installation package (see “Upgrades” on page 16) as well as in the Program name drop-downs of any software delivery tasks that are part of the Framework client installation package, such as the Install Framework Clients task and the Upgrade Framework Clients task. Establishing a unique name for a particular client installation package makes it more readily identifiable later on when selecting from among several program names within a software delivery task.


Administrator Guide Client Installation Package Deployment

4. Client Installation Package Deployment

OverviewUse the Software Installation section in the Symantec Endpoint Encryption Data Protection settings of the Altiris Console to deploy Framework, Full Disk, and Removable Storage client installation packages.

SequencingThe clients must be deployed to install Framework first.

Full Disk and/or Removable Storagecan only be installed after Framework.

If you’re deploying multiple sets of Symantec Endpoint Encryption client installer MSIs filtered to different groups of computers, create a new software delivery task for each set and name it according to the specific combination of client installer MSI and filter. This will allow you to maintain a traceable workflow detailing which client installer MSIs have been deployed, and where.

Create a Software Delivery TaskClick Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The Altiris Console opens. Click Settings, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection, expand Software Installation, and expand Framework.

Right-click Install Framework Clients and choose Clone.

The Clone Item dialog appears. Type the name of the new software delivery task, for example, Install SEE-FR Client to all Laptops (08-05-09), then click OK.

Assign the Program and FilterFrom the Program name drop-down list in the right pane, choose the program corresponding to the Framework client installer package you created earlier.



Click Apply to, then click Quick apply. In the Quick apply dialog, type the name of a group, filter, or target you want to apply the program to, or select one from the drop-down list. For example, you may have previously created a filter named All Laptops that includes all laptop computers and excludes all desktop computers. Click Apply.

Figure 4.1—Framework Client Installer, Software Delivery Task

Choose the desired scheduling options, if any, then click Save changes.

Adjust Program Name and MSIEXEC ParametersTo make adjustments to the program you selected in the software delivery task, do the following: in the left pane, expand Symantec Endpoint Encryption Data Protection, expand Software Installation, expand Framework, and click on the Framework Client Installer software delivery package.



In the right pane, click on the Programs tab. From the drop-down list at the top of the tab, choose the program with the same name as the MSI package you created earlier, for example, SEE-FR Client Installer for laptops (08-05-09).msi.

Figure 4.2—Framework Client Installer Program, Programs Tab

The Command line box will contain a default MSI command appropriate for installing the program you selected. If necessary, make any changes to the command line parameters or other values on this tab.

See the Full Disk or Removable Storage Installation Guide for a discussion of the suggested MSI commands for each client installation package, as well as the list of supported MSIEXEC parameters.



Verify Package Source and LocationNext, verify the correct parameters for the source and location of the software delivery package. Click on the Package tab of the Framework Client Installer software delivery package.

Figure 4.3—Framework Client Installer Package, Package Tab

Do not change the Package source option or the Package location option. The Package source option must be Access package from a local directory on the NS computer.

Ensure that the Package location option remains at the defaults identified in Table 3.1 on page 11.

Click Save changes when finished.

Begin deployment of the client installer MSI to the selected filter of client computers by enabling the software delivery task. In the left pane, right-click the software delivery task named Install SEE-FR Client to all Laptops, then click Enable.

Repeat this process for the Full Disk and/or Removable Storage client installer package(s).


Administrator Guide Upgrades

5. Upgrades

OverviewUpgrades from Symantec Endpoint Encryption Integration Component 7.0.3 or later are supported.

Upgrades from Symantec Endpoint Encryption Integration Component 7.0.3 or later must be performed in the following sequence:

1. Upgrade the Symantec Endpoint Encryption Manager.

2. Upgrade all Symantec Endpoint Encryption Integration Component components.

3. Restart IIS and initiate a database synchronization operation.

4. Upgrade existing Client Computers.

Altiris Notification Server

BasicsIn order to perform the upgrade, you will need to log on to the Altiris Notification Server using a Windows account that has software installation privileges.

Symantec Endpoint Encryption ManagerSee the Full Disk or Removable Storage Installation Guide for instructions on how to upgrade the Symantec Endpoint Encryption Manager.

Symantec Endpoint Encryption Integration ComponentTo upgrade an existing installation of the Symantec Endpoint Encryption Integration Component, double click the installer package for each Symantec Endpoint Encryption Integration Component component in sequence and follow the installation wizard.

Symantec Endpoint Encryption Framework Integration Component (SEEFrameworkIntegrationComponent.msi) must be upgraded first.

Restart Server and Resync DatabaseOnce you have performed the previous steps, restart IIS (see “Restart Internet Information Services (IIS)” on page 5).

Next, launch the Altiris Console, locate the Database Synchronization page (see “Database Configuration” on page 7) and click Synchronize Now to perform an immediate resynchronization. Once the Symantec Endpoint Encryption Database Synchronization page status information indicates successful completion of the operation, you are ready to create the client installation upgrade packages.

Symantec Endpoint Encryption Client Computers

BasicsUse the Software Installation section of the Symantec Endpoint Encryption Data Protection option in the Settings menu of the Altiris Console to upgrade Framework, Full Disk, and/or Removable Storage client installation packages.

To upgrade existing Symantec Endpoint Encryption Client Computers, you will need to log on to an Altiris Console Computer and perform the following steps:

1. Create a new set of client upgrade packages. See Chapter 3 “Client Installation Package Creation” on page 10.



2. Create a new software delivery task for the upgrade.

3. Assign the upgrade program (i.e., the upgrade MSI) to the new software delivery task.

4. Select the upgrade program and set the MSIEXEC parameters for the upgrade in the software delivery package.

5. Enable the software delivery upgrade task.

SequencingThe clients must be deployed to execute Symantec Endpoint Encryption Framework Client.msi first.

The Symantec Endpoint Encryption Full Disk Edition Client.msi and/or Symantec Endpoint Encryption - Removable Storage Edition Client.msi upgrade packages must be executed following the successful completion of the Symantec Endpoint Encryption Framework Client.msi package.

Create a Software Delivery TaskClick Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The Altiris Console opens. Click Settings, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection, expand Software Installation, and expand Framework.

Right-click Install Framework Clients and choose Clone.

The Clone Item dialog appears. Type the name of the new software delivery task, for example, Install SEE-FR Client [Upgrade], then click OK.

Assign the Program and FilterFrom the Program name drop-down list in the right pane, choose the program corresponding to the Framework client installer upgrade MSI you created earlier.

Click Apply to, then click Quick apply. In the Quick apply dialog, type the name of a Group, Filter, or Target you want to apply the program to, or select one from the drop-down list. For example, you may have previously created a filter named All Laptops that includes all laptop computers and excludes all desktop computers. Click Apply.

Choose the desired scheduling options, if any, then click Save changes.

Adjust Program Name and MSIEXEC ParametersTo make adjustments to the program you selected in the software delivery task, do the following: in the left pane, expand Symantec Endpoint Encryption Data Protection, expand Software Installation, expand Framework, and click on the Framework Client Installer software delivery package.



In the right pane, click on the Programs tab. From the drop-down list at the top of the tab, choose the program with the same name as the MSI package you created earlier, for example, SEE-FR Framework Client [Upgrade].msi.

Figure 5.1—Framework Client Installer Program, Programs Tab

See the Upgrades chapter of the Full Disk or Removable Storage Installation Guide for a discussion of the suggested MSI commands for upgrading each client installation package, as well as the list of supported MSIEXEC parameters.

Once you have made the necessary modifications to the MSIEXEC parameters, click Save changes.

Begin deployment of the client installer MSI to the selected filter of client computers by enabling the software delivery task. In the left pane, right-click the software delivery task named Install SEE-FR Client [Upgrade], then click Enable.

Repeat this process for the Full Disk and/or Removable Storage client installer upgrade package(s).

The Command line box will contain a default MSI command with the name of the MSI package you selected. You will need to modify this command line with MSIEXEC parameters appropriate for an upgrade.


Administrator Guide Uninstallation

6. Uninstallation

OverviewThis section describes how to uninstall the Symantec Endpoint Encryption Integration Component components and the Symantec Endpoint Encryption client software.

Altiris Notification ServerTo uninstall the Symantec Endpoint Encryption Integration Component components, you will log on to the Altiris Notification Server and uninstall each component using Add or Remove Programs.

Figure 6.1—Uninstalling Altiris Connector Components

Symantec Endpoint Encryption Client ComputersFramework must be uninstalled last.

First, uninstall Full Disk and/or Removable Storage. Then uninstall Framework.

Uninstallation of the Symantec Endpoint Encryption Integration Component components will not delete any Symantec Endpoint Encryption client installer packages created using the Installation Package Creation wizards.

Before Full Disk can be uninstalled, all encrypted partitions must be decrypted, and any installation or upgrade tasks must be disabled. Refer to the Full Disk Installation Guide for more information.


Administrator Guide Reporting

7. Reporting

OverviewSymantec Endpoint Encryption Integration Component complements Altiris Notification Console’s native reporting capability by providing a number of reports that help you keep track of Full Disk and Removable Storage clients on your network.

The reports query the Altiris Notification Server database, which is synchronized with the Symantec Endpoint Encryption database according to the polling interval defined during installation (“Database Configuration” on page 7). You can click Synchronize Now in the Symantec Endpoint Encryption Database Synchronization panel to ensure that you have the latest data.

The Symantec Endpoint Encryption Integration Component Reports are divided into three categories:

Full Disk Encryption,

Removable Storage Encryption, and

Users and Administrators.

To access the Symantec Endpoint Encryption Integration Component Reports, open the Altiris Console and click on Reports, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint Encryption Data Protection, expand one of the three report categories, and click on one of the reports.

Figure 7.1—Symantec Endpoint Encryption Integration Component Reports

The right pane will show the standard page for running the report.



Full Disk Encryption

Clients without SEE Full Disk Installed

Basics

The Clients without SEE Full Disk Installed report will retrieve the records of the following computers on your network:

Did not have Full Disk installed as of the time of last check-in.

Resides on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and has not checked in. These computers may or may not have Full Disk installed. Only the computer name and directory service location of these computers will be available.

Query Parameters

You can further limit the records retrieved by this report by setting one of the following parameters.

Retrieved Data

The report will return the following information about the computers that fall within the query parameters:

Computer Name;

Domain; and

OS name.

Table 7.1—Full Disk: Clients without SEE Full Disk Installed Query Parameters

Parameter Value Explanation

Domain [All] Do not filter the results according to domain.

[Empty] Retrieve the records of clients that report their domain membership as an empty string.

[Null] Retrieve the records of clients that do not report membership in a domain.

domain Each discovered domain will be listed. Select one of the domains to obtain only the records of clients that are members of it.

Filter Hyperlink Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved.

OS Name [All] Do not filter the results according to operating system.

[Empty] Retrieve the records of clients that report their operating system as an empty string.

[Null] Retrieve the records of clients that do not report an operating system.

Unknown Windows

Select clients reporting an installed Windows operating system that is unknown.

operating system This list will prepopulate with multiple operating system entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.



Disk Encryption Status - # of Partitions

Basics

The Disk Encryption Status - # of Partitions report will retrieve the records of Full Disk–protected computers that have reported in to the Symantec Endpoint Encryption Management Server according to how many partitions they have.

Query Parameters


Retrieved Data

The report will return a list of computers showing the following data:

Computer Name;

Encrypted Volumes;

Encrypting Volumes;

Decrypted Volumes;

Decrypting Volumes;

Table 7.2—Full Disk: Disk Encryption Status - # of Partitions Query Parameters







Minimum Number of Partitions

number Retrieve clients with at least the specified number of partitions.

Maximum Number of Partitions

number Retrieve clients with no more than the specified number of partitions.




Unknown Windows


operating system This list will prepopulate with multiple Operating System entries, one for each discovered domain. Select one of the domains to obtain only the records of clients that are members of it.



Domain; and

OS name.

Disk Encryption Status - Encryption

Basics

The Disk Encryption Status - Encryption report will retrieve the records of Full Disk–protected computers that have reported in to the Symantec Endpoint Encryption Management Server according to their encryption status.

Query Parameters


Retrieved Data


Computer Name;

Table 7.3—Full Disk: Disk Encryption Status - Encryption Query Parameters






Filter hyperlink Click the hyperlink to select a filter. Only the records of the clients in this filter will be retrieved.

Encryption Status

All Do not filter the results according to operating system.

Encrypted Retrieve the records of clients with one or more partitions in an encrypted state.

Encrypting Retrieve the records of clients with one or more partitions in the process of being encrypted.

Decrypted Retrieve the records of clients with one or more partitions in a decrypted state.

Decrypting Retrieve the records of clients with one or more partitions in the process of being decrypted




Unknown Windows





Encrypted Volumes;

Encrypting Volumes;

Decrypted Volumes;

Decrypting Volumes;

Domain; and

OS name.

Installation Status

Basics

The Installation Status report will retrieve the records of Full Disk–protected computers that have reported in to the Symantec Endpoint Encryption Management Server. These results can be filtered according to when Full Disk was installed.

Query Parameters


Table 7.4—Full Disk: Installation Status Query Parameters










Unknown Windows



Install Start Date-Time

yyyy-mm-dd Retrieve clients with a Full Disk install date that is the same as or later than that date and time specified.



Retrieved Data


Computer Name;

Version;

Install Date-Time;

Encrypted Volumes;

Encrypting Volumes;

Decrypted Volumes;

Decrypting Volumes;

Domain; and

OS name.

Installed Software by SEE Full Disk Version

Basics

The Installed Software by SEE Full Disk Version report will provide you with the total number of Full Disk–protected computers that have reported in to the Symantec Endpoint Encryption Management Server on a given domain. These results will be sorted according to the version number of Full Disk that is installed.

Query Parameters


Install End Date-Time

yyyy-mm-dd Retrieve clients with a Full Disk install date that is the same as or no later than that date and time specified.

Computer Name

partial computer name%

Use the % wildcard character in conjunction with computer name portions to retrieve the records of computers with specific characters in their computer names. For example, "D%" will retrieve all computers that have names starting with "D".

Table 7.5—Full Disk: Installed Software by SEE Full Disk Version Query Parameters







Table 7.4—Full Disk: Installation Status Query Parameters (Continued)




Retrieved Data


Version;

Domain; and

Full Disk Client Count.

Installed Software by OS

Basics

The Installed Software by OS report will identify how many clients of a given operating system that have reported in to the Symantec Endpoint Encryption Management Server are protected by Full Disk.

Query Parameters


Retrieved Data

The report will show the following data:

OS Name;

Domain;

Number of Discovered Endpoints;

Number of Endpoints with Full Disk Encryption; and

Percentage installed.

The percentage installed result will reflect the number of discovered endpoints divided by the number of endpoints with Full Disk.

Last Check-In Status

Basics

The Last Check-In Status report will retrieve the records of:

Full Disk–protected computers on your network that have checked in with the Symantec Endpoint Encryption Management Server; or

Table 7.6—Full Disk: Installed Software by OS Query Parameters









Clients that reside on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and have not checked in with the Symantec Endpoint Encryption Management Server. Only the computer name and directory service location of these computers will be available.

If the client has checked in, you will be able to filter the results according to when it did so.

Query Parameters


Data Retrieved


Computer Name;

Last Check-In;

Table 7.7—Full Disk: Last Check-In Status Query Parameters







Have/have not checked in

Have Select to retrieve only the records of clients that have checked in with the Symantec Endpoint Encryption Management Server.

Have Not Select to retrieve the records of clients that reside on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and have not checked in with the Symantec Endpoint Encryption Management Server.

Since number Enter the number that corresponds to your specified time unit. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, type 20.

Units Hour|Day|Week|Month|Quarter|Year

Select the unit of time that corresponds to your specified date range. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, select Day.




Unknown Windows





Registered Users;

Domain; and

OS name.

Removable Storage Encryption

Clients without SEE Removable Storage Installed

Basics

The Clients without Removable Storage Installed report will retrieve the records of the following computers on your network:

Did not have Removable Storage installed as of the time of last check-in.

Resides on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and has not checked in. These computers may or may not have Removable Storage installed. Only the computer name and directory service location of these computers will be available.

Query Parameters


Data Retrieved


Computer Name;

Domain; and

Table 7.8—Removable Storage: Clients Without SEE Removable Storage Installed Query Parameters










Unknown Windows





OS name.

Installation Status

Basics

The Installation Status report will retrieve the records of Removable Storage–protected computers that have reported in to the Symantec Endpoint Encryption Management Server. These results can be filtered according to when Removable Storage was installed.

Query Parameters


Retrieved Data


Computer Name;

Version;

Table 7.9—Removable Storage: Installation Status Query Parameters










Unknown Windows



Install Start Date-Time

yyyy-mm-dd Retrieve clients with a Removable Storage install date that is the same as or later than that date and time specified.

Install End Date-Time

yyyy-mm-dd Retrieve clients with a Removable Storage install date that is the same as or no later than that date and time specified.

Computer Name

partial computer name%

Use the % wildcard character in conjunction with computer name portions to retrieve the records of computers with specific characters in their computer names. For example, "D%" will retrieve all computers that have names starting with "D".



Install Date-Time;

Domain; and

OS name.

Installed Software by SEE Removable Storage Version

Basics

The Installed Software by SEE Removable Storage Version report will provide you with the total number of Removable Storage–protected computers that have reported in to the Symantec Endpoint Encryption Management Server on a given domain. These results will be sorted according to the version number of Removable Storage that is installed.

Query Parameters


Retrieved Data


Version;

Domain; and

Removable Storage Client Count.

Installed Software by OS

Basics

The Installed Software by OS report will identify how many clients of a given operating system that have reported in to the Symantec Endpoint Encryption Management Server are protected by Removable Storage.

Table 7.10—Full Disk: Installed Software by SEE Removable Storage Version Query Parameters









Query Parameters


Retrieved Data

The report will show the following data:

OS Name;

Domain;

Number of Discovered Endpoints;

Number of Endpoints with Removable Storage Encryption; and

Percentage installed.

The percentage installed result will reflect the number of discovered endpoints divided by the number of endpoints with Removable Storage.

Last Check-In Status

Basics

The Last Check-In Status report will retrieve the records of:

Removable Storage–protected computers on your network that have checked in with the Symantec Endpoint Encryption Management Server; or

Clients that reside on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and have not checked in with the Symantec Endpoint Encryption Management Server. Only the computer name and directory service location of these clients will be available.

If the client has checked in, you will be able to filter the results according to when it did so.

Table 7.11—Removable Storage: Installed Software by Operating System Query Parameters









Query Parameters


Data Retrieved


Computer Name;

Last Check-In;

Registered Users;

Domain; and

OS name.

Table 7.12—Removable Storage: Last Check-In Status Query Parameters







Have/have not checked in

Have Select to retrieve only the records of clients that have checked in with the Symantec Endpoint Encryption Management Server.

Have Not Select to retrieve the records of clients that reside on a forest or tree that is synchronized with the Symantec Endpoint Encryption Management Server and have not checked in with the Symantec Endpoint Encryption Management Server.

Since number Enter the number that corresponds to your specified time unit. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, type 20.


Select the unit of time that corresponds to your specified date range. For example, if you wish to retrieve the records of clients that have checked in within the last 20 days, select Day.




Unknown Windows





Removable Storage Encryption Policy

Basics

The Removable Storage Encryption Policy report will retrieve the records of Removable Storage–protected computers on your network that have checked in with the Symantec Endpoint Encryption Management Server. These results will display and can be filtered according to the access and encryption policies that they are enforcing and the encryption methods that they allow.

Query Parameters


Table 7.13—Removable Storage: Removable Storage Encryption Policy Query Parameters







Encryption Policy

[All] Do not filter the results according to encryption policy.

Write unencrypted

Retrieve the records of clients that are allowing both read and write access and are not encrypting files.

Encrypt new files

Retrieve the records of clients that are allowing both read and write access and are encrypting new files written to removable media.

Encrypt all files Retrieve the records of clients that are allowing both read and write access and are encrypting all files.

Read only Retrieve the records of clients that are enforcing a read-only access policy.

No access Retrieve the records of clients that are enforcing a no access policy.

Encryption Method

[All] Do not filter the results according to encryption method.

No encryption Retrieve the records of clients that are not encrypting files.

Password Retrieve the records of clients that allow users to encrypt with passwords.

Certificate Retrieve the records of clients that allow users to encrypt with certificates.

Any Retrieve the records of clients that allow users to encrypt using a certificate, password, or both.



Data Retrieved


Computer Name;

Encryption Policy;

Encryption Method;

Domain; and

OS Name.

Removable Storage Portability

Basics

The Removable Storage Encryption Policy report will retrieve the records of the Removable Storage–protected computers on your network that have checked in with the Symantec Endpoint Encryption Management Server. These results will include and can be filtered by the portability policy in effect.

Query Parameters





Unknown Windows



Table 7.14—Removable Storage: Removable Storage Portability Query Parameters (Continued)







Table 7.13—Removable Storage: Removable Storage Encryption Policy Query Parameters (Continued)




Data Retrieved


Computer Name;

User Name;

Copy Access Utility;

Executables;

Encryption Policy;

Encryption Method;

Domain; and

OS Name.

Removable Storage Recovery Certificate

Basics

The Removable Storage Encryption Policy report will retrieve the records of the Removable Storage–protected computers on your network that have checked in with the Symantec Endpoint Encryption Management Server. These results will include and can be filtered by whether or not a recovery certificate is being used for encryption.

Copy Access Utility

Any Do not filter the results according to whether or not the Removable Storage Access Utility is being written to removable media.

Yes Retrieve the records of clients that are automatically writing the Removable Storage Access Utility to removable media.

No Retrieve the records of clients that are not automatically writing the Removable Storage Access Utility to removable media.

Executables Any Do not filter the results according to whether or not the clients are allowing users to create self-extracting executables.

Yes Retrieve the records of clients that allow users to create self-extracting executables.

No Retrieve the records of clients that do not allow users to create self-extracting executables.

Table 7.14—Removable Storage: Removable Storage Portability Query Parameters (Continued)




Query Parameters


Data Retrieved


Computer Name;

Recovery Certificate Serial Number;

Encryption Policy;

Encryption Method;

Domain; and

OS Name.

Table 7.15—Removable Storage: Removable Storage Recovery Certificate Query Parameters







Recovery Certificate Enabled

Any Do not filter the results according to whether or not a recovery certificate is in use.

Yes Retrieve the records of clients that are using a recovery certificate.

No Retrieve the records of clients that are using a recovery certificate.

Encryption Method

All Do not filter the results according to encryption method.

No encryption Retrieve the records of clients that are using no encryption.

Password Retrieve the records of clients that are using password encryption.

Certificate Retrieve the records of clients that are using certificate encryption.

Any Retrieve the records of clients that are using any encryption method.




Unknown Windows





Users and Administrators

Client Administrators

Basics

The Client Administrators report will retrieve information about the Client Administrators on the computers on your network that have checked in with the Symantec Endpoint Encryption Management Server.

Query Parameters


Data Retrieved


Computer Name;

Client Admin Name;

Authentication;

Table 7.16—Client Administrators Query Parameters







Authentication Method

Any Do not filter the results according to the authentication method used by its Client Administrators.

Password Retrieve the records of clients with Client Administrators that authenticate using a password.

Token Retrieve the records of clients with Client Administrators that authenticate using a token.

Unauthenticated Retrieve the records of clients enforcing an automatic authentication policy.




Unknown Windows





Domain; and

OS Name.

Registered Users - # of Registered Users

Basics

The Registered Users - # of Registered Users report will retrieve information about the registered users on the computers on your network that have checked in with the Symantec Endpoint Encryption Management Server. The results can be filtered by the number of users that have registered on the computer.

Query Parameters


Table 7.17—Registered Users - Number of Registered Users Query Parameters









Password Retrieve the records of clients with users that authenticate using a password.

Token Retrieve the records of clients with users that authenticate using a token.


Minimum Number of Registered Users

number Retrieve clients with at least the specified number of registered users.

Maximum Number of Registered Users

number Retrieve clients with no more than the specified number of registered users.



Data Retrieved


Computer Name;

User Name;

User Type;

Authentication;

Registration Time;

Domain; and

OS Name.

Registered Users - Date of Registration

Basics

The Registered Users - Date of Registration report will retrieve information about the registered users on the computers on your network that have checked in with the Symantec Endpoint Encryption Management Server. The results will include and can be filtered by the date of registration.

Query Parameters





Unknown Windows



Table 7.18—Registered Users - Date of Registration Query Parameters







Table 7.17—Registered Users - Number of Registered Users Query Parameters (Continued)




Data Retrieved


Computer Name;

User Name;

User Type;

Authentication;

Registration Time;

Domain; and

OS Name.



Password Retrieve the records of clients with users that authenticate using a password.

Token Retrieve the records of clients with users that authenticate using a token.


Registered Since

number Enter the number that corresponds to your specified time unit. For example, if you wish to retrieve the records of client computers with users that have registered within the last 20 days, type 20.


Select the unit of time that corresponds to your specified date range. For example, if you wish to retrieve the records of client computers with users that have registered within the last 20 days, select Day.




Unknown Windows



Table 7.18—Registered Users - Date of Registration Query Parameters (Continued)



Administrator Guide Logging

8. LoggingThe settings selected in the client installation packages will be logged and available for viewing within the Altiris Log Viewer. To access these, click to open the Windows Start menu. Point to Programs, point to Altiris, point to Diagnostics, and select Altiris Log Viewer.

Figure 8.1—Full Disk Client Installer Package Log

Each time that the Symantec Endpoint Encryption Integration Component is used to create a client installation package, one of the following three entries will be added to the Altiris Log Viewer, as appropriate to the client installation package:

Full Disk Client Installer created.

Framework Client Installer created.

Removable Storage Client Installer created.

Highlight the event that is of interest in order to view the specific installation settings that were selected in this package.


Administrator Guide Altiris Tables & Methods

Appendix A. Altiris Tables & Methods

OverviewThis appendix provides the tables, elements, and methods of the Symantec Endpoint Encryption Integration Component data. It can be used for the purpose of creating custom reports.

TablesThe following table lists the database tables and elements of the Symantec Endpoint Encryption Integration Component data.

Table A.1—Database Tables, Elements, and Description

Table Name Table Element Description

Inv_EndPoint_Encryption [_ResourceGuid] Link the data to Altris Resource GUID

Inv_EndPoint_Encryption [EndPointGUID] Symantec Endpoint Encryption GUID for the client installed

Inv_EndPoint_Encryption [FR_Version] Framework version

Inv_EndPoint_Encryption [FR_InstallationTime] Framework install time

Inv_EndPoint_Encryption [FD_Version] Full Disk version

Inv_EndPoint_Encryption [FD_InstallationTime] Full Disk install time

Inv_EndPoint_Encryption [RS_Version] Removable Storage version

Inv_EndPoint_Encryption [RS_InstallationTime] Removable Storage install time

Inv_EndPoint_Encryption [LastCheckIn] Last check-in time

Inv_EndPoint_Encryption [EncryptedVolumes] Volumes in an encrypted state

Inv_EndPoint_Encryption [EncryptingVolumes] Volumes being encrypted

Inv_EndPoint_Encryption [DecryptedVolumes] Volumes in a decrypted state

Inv_EndPoint_Encryption [DecryptingVolumes] Volumes being decrypted

Inv_EndPoint_Encryption [RSEncryptPolicyID] Encryption policy (link to RSEncryptionPolicy table)

Inv_EndPoint_Encryption [RSEncryptMethodID] Encryption Method (link to RSEncryptionMethod table)

Inv_EndPoint_Encryption [MasterCert_Enabled] Master Certificate enabled/disabled

Inv_EndPoint_Encryption [MasterCertIificateID] Master Certificate (link to RSMasterCertificate Table)

Inv_EndPoint_Encryption [AccessUtilityEnabled] Removable Storage Access Utilty allowed/not allowed

Inv_EndPoint_Encryption [IsDeleted] Flag indicating soft deletion of endpoint

Inv_EndPoint_Encryption [RSExecutablesEnabled] Removable Storage Executables allowed/not allowed

Inv_EndPoint_Encryption [RSEncryptMethod] Removable Storage Encryption Method (text as displayed in the UI)

Inv_EndPoint_Encryption [RSEncryptPolicy] Removable Storage Encryption Policy (text as displayed in the UI)

Evt_EndPoint_Encryption_Users [_ResourceGuid] Link the data to Altris Resource GUID

Evt_EndPoint_Encryption_Users [UserName] Name of the Registered User

Evt_EndPoint_Encryption_Users [DnsDomainName] DNS domain name of the Registered User

Evt_EndPoint_Encryption_Users [UserTypeID] Type of user (link to GEUserType Table)

Evt_EndPoint_Encryption_Users [AuthenticationID] Authentication method (link to GEUserAuthenticationMethod Table)

Evt_EndPoint_Encryption_Users [LastLogonTime] User Log On Time

Evt_EndPoint_Encryption_Users [RegistrationTime] User Registration Time

Evt_EndPoint_Encryption_Users [IsDeleted] Flag indicating soft deletion of user


Administrator Guide Altiris Tables & Methods

MethodsThe following table lists the database methods of the Symantec Endpoint Encryption Integration Component schema.

Evt_EndPoint_Encryption_Users [UserType] User Type (text as displayed in the UI)

Evt_EndPoint_Encryption_Users [AuthenticationMethod] Authentication Method (text as displayed in the UI)

RSMasterCertificate [CertificateID] ID of the certificate

RSMasterCertificate [SerialNumber] Serial number of the certificate

RSMasterCertificate [Issuer] Issuer of the certificate

Table A.2—Database Schema, Methods

Method Name Value Description

GEUserAuthenticationMethod 0 Unauthenticated

GEUserAuthenticationMethod 1 Password

GEUserAuthenticationMethod 2 Token

GEUserType 0 Registered User

GEUserType 1 Client Administrator

RSEncryptionMethod 0 No encryption

RSEncryptionMethod 1 Password

RSEncryptionMethod 2 Certificate

RSEncryptionMethod 3 Any

RSEncryptionPolicy 1 Write unencrypted

RSEncryptionPolicy 2 Encrypt new files

RSEncryptionPolicy 3 Encrypt all files

RSEncryptionPolicy 4 Read only

RSEncryptionPolicy 5 No access

Table A.1—Database Tables, Elements, and Description (Continued)

Table Name Table Element Description

Date post:	20-Apr-2015
Category:	Documents
Upload:	bill-brouse
View:	23 times
Download:	0 times

SEE-IC 8.0.1 Administrator Guide[1]

Documents