Symantec Endpoint Protection (SEP) 12.1.6 offers improved support for Windows Embedded. The following process provides steps to deploy the reduced-size client package to Windows Embedded using the Image Configuration Editor (ICE).
The Windows Embedded Standard toolkit includes the Image Configuration Editor. Before you begin, you must install the Image Configuration Editor.
Note: The process below uses Windows Embedded Standard (WES) 7, but can also apply to Windows Embedded Standard 8.
This process assumes familiarity with the Image Configuration Editor. For more information on using the Image Configuration Editor, consult the documentation provided by Microsoft.
In the Symantec Endpoint Protection Manager console, export a reduced-size client installation package. You can use the preconfigured Default Reduced Size Installation Settings which is an unattended installation, or you can configure another that also uses a Silent installation type. You can export it as a single .exe file, or as a collection of files in a folder.
Note: you can also use an unmanaged client installation package for Symantec Endpoint Protection, but you must configure it as an unattended installation. To do this, add
/q to the setup.ini file.
The Symantec Endpoint Protection setup can run in two phases: 4 Specialize and 7 OOBE system. The differences are as follows:
|4 Specialize phase||7 OOBE system phase|
|Symantec Endpoint Protection setup occurs after the system is installed and booted, but before any user configuration occurs.||Symantec Endpoint Protection setup occurs after the user configuration is complete and an administrative user logs on to the system for the first time.|
|Commands run by default using the System account.||Commands run only when an administrative user logs on for the first time.|
|Commands run during system installation, and are not visible to the end user. The system installation time may seem very long as a result.||Commands run after the administrative user clicks to log on. The desktop does not load until the commands run. The length of time until the desktop load may seem very long as a result.|
You can use any tool that creates an ISO image to complete this task. You can also use oscdimg.exe, which is included with the Windows Embedded System toolkit. In a command window, enter the following command:
C:\Program Files (x86)\Windows Embedded Standard 7\Tools\x86\oscdimg.exe -n -m -b\BOOT\ETFSBOOT.COM
For more information, see Oscdimg Command-Line Options.
This task is no different than when you install the embedded operating system without Symantec Endpoint Protection in place.
If the embedded operating system installation asks you to select Build an image with IBW or Deploy an image with answer file, select the latter. Browse to the root directory of the ISO image and select AutoUnattend.xml.
Once the embedded operating system and Symantec Endpoint Protection are installed, you must reboot one more time to complete the Symantec Endpoint Protection installation. If you do not perform the extra reboot and you log on to the system after the embedded operating system installation, the Symantec Endpoint Protection notification area icon displays a warning about needing a required reboot.