I decided to create a "how to" document for creating the .exe file in the SEPM for use with the KACE 1000 for the installation of the SEP 12.1.1101.401 client. Here is how to create the .exe file in the SEPM.
-- IT Monkey Boy
HOW TO CREATE AN .EXE FILE IN THE SYMANTEC ENDPOINT PROTECTION MANAGER FOR USE FOR KACE 1000 DEPLOYMENT.
1. In the SEPM go to Admin/Install Packages
2. Click “Client Install Settings”
a. Under “Tasks” click “Add Client Install Settings”
b. Fill out a name and description in the fields provided
c. For “Select an installation type” choose “Silent”.
d. Under upgrade settings choose “Remove all previous logs and policies, and reset the client-server communications settings”
e. Click on the tab “Schedule Reboot” and choose “Custom restart” and make the selection “No restart”, click “OK”.
3. If you need to use an install feature set that is different from the Symantec Default, click on “Client Install Feature Set”. If you are okay using the defaults, skip this step.
a. Under “Tasks” click “Add Client Install Feature Set”.
b. Fill out a name and description in the fields provided.
c. Be sure that 12.1.x is selected in the “Feature set version” box.
d. Choose the features you want by checking the boxes next to the choices provided.
e. Click “OK”.
4. Click “Clients”
a. Click on the specific group you want the client to be automatically assigned to upon installation. If you do not want do define a specific group, click the “Default Group”. After the install of the client you can move the client manually to a group of your choice after the client appears in the “Default Group” in the SEPM.
b. Under “Tasks” click “Add a client”
c. Select “New Package Deployment” and click “Next”
d. For “Install Packages”, make sure “Windows – Symantec Endpoint Protection 12.1.1101.401” is selected.
e. For “Group” make sure what is listed there is what you want. To change it, click “Browse” and select a different group.
f. For “Install Feature Sets” choose either “Full Protection for Clients” or the Install Feature set you created in step 3.
g. For “Install Settings” choose using the drop down arrow the Client Install Setting you created in step 2.
h. Under “Content Options”, choose “Basic content”. The advantage is that the installation file created with this choice will be about 45 MB. If you choose instead “All Content”, the install file will be about 160 MB. This will take longer to deploy using the KACE 1000 since it is larger. In either choice Live Update runs automatically after installation, so I prefer using the smaller 45 MB file.
i. For “Preferred Mode”, leave the default “Computer Mode” unless you have set up your SEPM for User Mode.
j. Click “Next”
k. Choose “Save Package” and click “Next”.
l. Click “Browse” and browse to a network location that the KACE 1000 can access and upload the file from.
m. Choose “Single .exe file” and click “Next”.
n. Review the list of features shown, and the file path shown and click “Next”.
o. Wait for the file to be created.
p. Click “Finish”
q. Go to the network location you saved the file.
r. You will see two folders with long names ending with WIN32BIT and WIN64BIT. Inside that folder is another folder titled “Symantec Endpoint Protection version 12.1.1101.401. Inside that folder is a file “setup.exe”. The file in each path is a 32-bit install file or a 64-bit install file according to its folder path name. This needs to match the OS Architecture type on the prospective client computer.
s. Copy that file to a computer you want it installed on and double click the file to install it. It should install completely silently. Wait several minutes and check if the program is installed. Open the program on the computer and it will inform you a reboot is needed. Reboot the computer.
t. Open the program, click “Help” and “Troubleshooting”. Check if the Group shown for this client’s membership is what you expected. Click “Connection Status” and click “Connect now”. Wait for a successful connection which you will see when the “Last Attempted Connection” changes to the time you clicked on “Connect”. Double check in the SEPM that this client appears as a client and has no errors in the SEPM logs.
u. Inventory that computer in KACE. Now the Symantec program is in software inventory in KACE.
v. You are ready to configure a Managed Installation of SEP 12.1.1101.401 client using the KACE 1000
This script will replace the Sylink.xml file in the Symantec Endpoint Protection client. This is used to repoint clients to a new SEP management server after a disaster recovery of the SEPM.
SylinkDrop.exe can be found on the SEP installation media at "Tools\SylinkDrop\".
Sylink.xml must be created from the SEP Manager. "Clients"-->Right-click client group name-->"Export Communication Settings"
*The path specified in "Verify" exists in both 32 and 64 bit versions of Windows.
HOW TO DEPLOY SYMANTEC ENDPOINT PROTECTION CLIENT 12.1.1101.401 FROM THE KACE 1000
Create a single .exe file from the Symantec Endpoint Protection Manager, created with silent install parameters. To do that see my posted instruction on ITNinja.com called "HOW TO CREATE AN .EXE FILE IN THE SYMANTEC ENDPOINT PROTECTION MANAGER FOR USE FOR KACE 1000 DEPLOYMENT."
After that has been completed, follow the steps below:
Even though Symantec does not support a command line install of the Symantec Endpoint Protection 12.1 client, using the default Symantec installation files, there is a way around that limitation if you want to deploy the SEP 12.1.1101.401 (ru1 mp1) client with KACE 1000. I did this with my KACE 1000 and it worked very well.
There is one limitation: you can use KACE 1000 to deploy either a 32-bit OR a 64-bit installation package at any one time, but cannot deploy both concurrently. This limitation is due to limitations with both the Symantec product and the Dell KACE product. Symantec's limitation is that a Windows 32-bit SEP install file cannot be installed on a Windows 64-bit OS. The Windows 64-bit OS must have a Windows 64-bit SEP install file. Dell KACE’s limitation is that the software inventory is unable to distinguish between a 32-bit and a 64-bit version of the exact same software title and version. Even so, there is a way around the KACE limitation that I will explain in the last step.
Here is the process for a Windows OS:
1. From the Symantec Endpoint Protection Manager (SEPM), use the Client Deployment Wizard to create an installation package that you save to a network location that can be accessed by the KACE 1000. Create that package as a single ".exe" file. Consult the Symantec Administrator Manual or do an online search for how to do this.
a. In my environment, I created an install package in which the “client install settings” was set to “Show Progress Bar”, because I wanted the Symantec installation routine to be visible at its beginning on my KACE client computers while it was installing. If you want a totally silent install for KACE deployment, you need to define that during the process of creating this install file in the SEPM. That is done in “Admin/Install Packages/Client Install Settings” in the SEPM, prior to creating your .exe installation package in the SEPM Client Deployment Wizard.
b. Be aware the Symantec Client Deployment Wizard creates one 32-bit install file and one 64-bit install file. Test the file you create here by installing it manually on a client computer to make sure your “silent” install, if you chose that, works to be silent. Be aware that the size of each .exe file will be approximately 45MB.
c. Once this file works the way you want when manually run, it is very simple to have KACE deploy it. (Okay… it is “simple” if you know how to set up managed installations J, so I have for your benefit detailed instructions below and they should be followed in the order given for best results.)
2. If you do not already have this version of Symantec client (12.1.1101.401) in the KACE software inventory, choose the 32-bit or 64-bit install file and manually install it on a client computer, by simply clicking on the setup.exe file so that it installs on the computer. After that completes logon to the KACE 1000 admin console and run an inventory on that client computer. This puts that program into the KACE software inventory.
3. Go to "Distribution/Managed Installations". From "Choose Action" click the drop down arrow select "Add New Item". Check the box "Also show software without an Associated File", type "Symantec Endpoint Protection" in the box next to "Filter". Click the drop down arrow to the right of "Software" and choose "Symantec Endpoint Protection (12.1.1101.401). Click “Save” at the bottom of the page. We will return to this Managed installation setup later.
4. Go to “Inventory/Software”. In the search box type “Symantec Endpoint Protection” then click “Search”. Click on the Symantec Endpoint Protection item found, after confirming the version column shows “12.1.1101.401”. In the address bar of your browser is the path to this software item in KACE. The path will look something like : http://kbox1000.yourcompany.com/adminui/software.php?ID=9871. The important thing to note is the number at the end of this line. In the case above “9871” is going to be the name of the folder created on the KACE client when the managed install is pushed out to that client. Write down the number you see in your specific path. You will need that number in defining the “Run Parameters” path, later in step 7 below.
5. Open the Managed installation you created in step 3. Click the “Browse” button next to “Upload & Associate New File”. Browse to either the 32-bit or 64-bit install file you created in step 1.
6. For “Installation Command” choose “Configure Manually”.
7. For “Run Parameters” type in the path that will exist on the client computer after KACE pushes this install file out to it. For Windows 7 type this, including the quotation marks: “C:\Programdata\Dell\KACE\downloads\9871\setup.exe”. Change the 9871 to the number you wrote down at the end of step 4. So, for example if your number is 376, the whole path you will type, including quotation marks will be “C:\Programdata\Dell\KACE\downloads\376\setup.exe”. For Windows XP deployment the path will be “C:\Documents and Settings\all users\dell\kace\downloads\376\setup.exe”. Disclaimer: these paths work only if you have not changed the default path on your client computers that a Managed Installation deploys to.
8. Check the box “Don’t Prepend msiexec.exe”
9. Choose a managed action that fits your needs. I used “Execute while user logged on”, and did not test any other Managed Action.
10. Make a choice in “Limit Deployment to Labels” that fits your needs. I left the defaults for “Deploy Order” (10), “Max Attempts” (3), and “Deployment Window” “0” and “24”. I did not test any other choices.
11. If needed, choose and define Snooze, Custom Pre-Install Message and Custom Post-Install Message. I used a Post-Install User Message and did not test any other type.
12. Click “Save”. You will be prompted to allow the upload of the file to the KBOX. Be sure to allow that. Wait until the file is uploaded.
13. It will deploy according to the “Managed Action” selection.
14. If you need a 32-bit and a 64-bit installation of the SEP 12.1.1101.401 client you can deploy them one at a time. Go back to your Managed Installation and upload the 32-bit install file to the KBOX according to the direction in step 5 above. Also change the Deployment to machines section to be 32-bit OS clients. Click “Save”. That will run according to the parameters chosen in “Managed Action”. After that deploys, and now you find you need a 64-bit installation of the SEP client 12.1.1101.401, go back to your Managed installation and upload the 64-bit install file, and also change the Deployment to Machines section to be 64-bit clients, and click “Save”. That also will deploy according to the parameter chosen in “Managed Action”.
View inventory records anonymously contributed by opt-in users of the K1000 Systems Management Appliance.