Symantec Endpoint Encryption provides a robust solution to Drive Encryption (AKA Full Disk Encryption) for laptops and desktop and as well as Removable Media Encryption needs, such as USB drives, Bluray and similar media.
Symantec Encryption Management Server runs on a Standard Windows Server Operating system.
In order to install Symantec Endpoint Encryption for the first time, you will need the Sysadmin and public permissions to create a new database. Once the database is installed and created, you will not longer need to be Sysadmin.
The database user to be used for the Symantec Endpoint Encryption day-to-day operations, you need only the following permissions:
For future upgrades of Symantec Endpoint Encryption, you can be db_owner and perform the installation without the need to be Sysadmin.
The SQL Server requires the two following downloads:
• The Microsoft SQL Server Feature Pack
• The MSOLEDBSQL driver
For the Feature Pack, download the following software from the specified URL:
• Microsoft System CLR Types for SQL Server 2012 (32-bit)
• Microsoft SQL Server 2012 (32-bit) Management Objects
NOTE: You require these pre-requisites only when you upgrade the Management Console on a Windows Server computer.
For the MSOLEDBSQL driver, download the driver from this URL:
Prerequisite Roles Server 2019:
On Microsoft Windows Server 2019
To enable the Web service (IIS) role on a Microsoft Windows 2019 Server
1. Go to Start > Programs > Administrative Tools > Server Manager.
2. In the Dashboard, click Add roles and features.
3. In the Add Roles and Features Wizard, click Next.
4. In the Installation Type page, click Role-based or feature-based installation and then click Next.
5. In the Server Selection page, make the selection that matches your environment and then choose your server and
6. In the Server Roles page, select Web Server (IIS).
7. In the Add Roles and Features Wizard window, click Include management tools and then click Add Features.
8. Click Next.
9. In the Features page, expand .NET Framework 4.7 Features and check .NET Framework 4.7 and ASP.NET 4.7.
10. In the Features page, check Group Policy Management.
11. In the Features page, expand Remote Server Administration Tools > Role Administration Tools and check AD
DS and AD LDS Tools.
12. Click Next.
13. In the Web Server Role (IIS) page, click Next.
14. In the Role Services page, expand Web Server > Security and select Basic Authentication and Windows
15. In the Role Services page, expand Web Server > Application Development and check the following:
• .NET Extensibility 4.7
• ASP .NET 4.7
• ISAPI Extensions
• ISAPI Filters
16. In the Role Services page, expand Management Tools and check the following:
• IIS Management Console
• IIS 6 Management Compatibility (check all four entries)
• IIS Management Scripts and Tools
17. Click Next.
18. In the Confirmation page, click Install.
19. In the Results page, click Close.
IMPORTANT TIP! If the above seems like a lot of stuff to install, we have an excellent tool that will both check if the features are enabled and tell you what is missing, and then **install them for you** (When run as administrator). If you would like this tool, please contact our Symantec Encryption Support team and we will be happy to provide the tool for you. This tool makes it extremely easy to get all these features installed and enabled. The name of this tool is called "CheckRolesFor_11_3_1_Plus.exe".
You will also need to install the IIS role on the server in order to be able to use the Web Service for communications as well as some additional roles.
For a comprehensive list of all these items needed for the installation, see our help page and Installation/Admin Guide.
If you need any assistance installing the Symantec Endpoint Encryption Server, please feel free to reach out to our Encryption Support team and we are happy to assist.
Symantec Encryption Manager on standard Windows Operating Systems, such as Windows 10.
Some situations may necessitate installing the Symantec Endpoint Encryption Management Server (SEEMS) Console on a computer other than the server it was originally installed on.
This is useful if you want administrators to run reports, create SEE Clients, or manage Helpdesk recovery without allowing access to the actual Symantec Endpoint Encryption Management Server.
Prerequisites: Additional database configuration is required to allow access for each user and must be done on the SQL Server by a database administrator. See article TECH254548 for more information. The steps in the preceding article should be completed before following this tutorial.
In order to install the SEEMS console on a non-server operating system (OS), perform the following steps:
Validating Access with Your Account
Now that the installation process has now completed, confirm the SEEMS console is working properly with the following steps:
If you are unable to open the SEE Configuration Manager properly, or Symantec Encryption Management Server, see the following article:
220948 - Symantec Endpoint Encryption Management Server OR Symantec Endpoint Encryption Configuration Manager does not open properly