Sample startup script for upgrading Microsoft Windows clients to Symantec Endpoint Encryption 11.1.0 or later.


Article ID: 178765


Updated On:


Endpoint Encryption




This knowledge article provides a sample startup script that you can use to upgrade Symantec Endpoint Encryption clients (version 11.1 or later) using Group policy Objects (GPOs). The script utilizes variables that you must configure before deployment.

When you enforce the GPO, the script downloads the client installation package (.MSI file) from a network-accessible location to all of the subscribed client computers. The client software is updated upon rebooting the client computers.

For information about using a startup script to upgrade Symantec Endpoint Encryption clients through a GPO, refer to the Symantec Endpoint Encryption Management Server Online Help or the Symantec Endpoint Encryption Upgrade Guide.

Note: If the currently installed version of the Symantec Endpoint Encryption client software was deployed using a GPO, update the GPO to remove the original MSI file before you reconfigure it to deploy the startup script. When you remove the original MSI file from the GPO, make sure that you do not uninstall the client software.


REM *********************************************************************

REM Environment customization begins here. Modify variables below.

REM *********************************************************************

REM Set DeployServer to a network-accessible location containing the source (msi) files.

set DeployServer=\\NetworkPath\MSIFilePath

REM Set LogLocation to a central directory to collect log files.

set LogLocation=\\NetworkPath\LogFilePath

REM change the msi name if you are not using the default name

set MsiName=MSIFileName

REM change reboot to 0 if you don’t want to reboot the system

set RebootSystem=1

REM *********************************************************************

REM Deployment code begins here. Do not modify anything below this line.

REM *********************************************************************

REM ProductCode of current installer 

set ProductName={F0C57B8D-16EB-4FD4-959E-F868BF96E867}

REM Check if product is already installed

reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%

if %errorlevel%==1 (goto DeployClient) else (goto End)

REM If 1 returned, the product was not found. Run msi here.


start /wait msiexec /i "%DeployServer%\%MsiName%" /norestart CONDITION_NOUI=1 /l*v %LogLocation%\%computername%.MsiInstall.log

echo %date% %time% installation ended with error code %errorlevel%. >> %LogLocation%\%computername%.txt

REM reboot the system once done

if %errorlevel%==0 if %RebootSystem%==1 shutdown -r -t 0

REM If 0 or other was returned, the product was found or another error occurred. Do nothing.