HOW TO: Install Symantec Endpoint Encryption Management Server and the Manager on Standard Windows Operating System

book

Article ID: 179347

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

Symantec Endpoint Encryption provides a robust solution to Drive Encryption (AKA Full Disk Encryption) for laptops and desktop and as well as Removable Media Encryption needs, such as USB drives, Bluray and similar media.

Symantec Encryption Management Server runs on a Standard Windows Server Operating system.

Resolution

In order to install Symantec Endpoint Encryption for the first time, you will need the Sysadmin and public permissions to create a new database. Once the database is installed and created, you will not longer need to be Sysadmin.

The database user to be used for the Symantec Endpoint Encryption day-to-day operations, you need only the following permissions:

• db_datareader
• db_datawriter
• public

 

For future upgrades of Symantec Endpoint Encryption, you can be db_owner and perform the installation without the need to be Sysadmin.

 

The SQL Server requires the two following downloads:
• The Microsoft SQL Server Feature Pack
• The MSOLEDBSQL driver

For the Feature Pack, download the following software from the specified URL:
• Microsoft System CLR Types for SQL Server 2012 (32-bit)
• Microsoft SQL Server 2012 (32-bit) Management Objects

NOTE: You require these pre-requisites only when you upgrade the Management Console on a Windows Server computer.
https://www.microsoft.com/en-us/download/details.aspx?id=56041

For the MSOLEDBSQL driver, download the driver from this URL:
https://docs.microsoft.com/en-us/sql/connect/oledb/download-oledb-driver-for-sql-server?view=sql-server-ver15

 

Prerequisite Roles Server 2019:

On Microsoft Windows Server 2019

To enable the Web service (IIS) role on a Microsoft Windows 2019 Server
1. Go to Start > Programs > Administrative Tools > Server Manager.
2. In the Dashboard, click Add roles and features.
3. In the Add Roles and Features Wizard, click Next.
4. In the Installation Type page, click Role-based or feature-based installation and then click Next.
5. In the Server Selection page, make the selection that matches your environment and then choose your server and
click Next.
6. In the Server Roles page, select Web Server (IIS).
7. In the Add Roles and Features Wizard window, click Include management tools and then click Add Features.
8. Click Next.
9. In the Features page, expand .NET Framework 4.7 Features and check .NET Framework 4.7 and ASP.NET 4.7.
10. In the Features page, check Group Policy Management.
11. In the Features page, expand Remote Server Administration Tools > Role Administration Tools and check AD
DS and AD LDS Tools.
12. Click Next.
13. In the Web Server Role (IIS) page, click Next.
14. In the Role Services page, expand Web Server > Security and select Basic Authentication and Windows
Authentication.
15. In the Role Services page, expand Web Server > Application Development and check the following:
• .NET Extensibility 4.7
• ASP .NET 4.7
• ISAPI Extensions
• ISAPI Filters
16. In the Role Services page, expand Management Tools and check the following:
• IIS Management Console
• IIS 6 Management Compatibility (check all four entries)
• IIS Management Scripts and Tools
17. Click Next.
18. In the Confirmation page, click Install.
19. In the Results page, click Close.

IMPORTANT TIP!  If the above seems like a lot of stuff to install, we have an excellent tool that will both check if the features are enabled and tell you what is missing, and then **install them for you** (When run as administrator).  If you would like this tool, please contact our Symantec Encryption Support team and we will be happy to provide the tool for you.  This tool makes it extremely easy to get all these features installed and enabled.  The name of this tool is called "CheckRolesFor_11_3_1_Plus.exe".

 

 

 

You will also need to install the IIS role on the server in order to be able to use the Web Service for communications as well as some additional roles.

For a comprehensive list of all these items needed for the installation, see our help page and Installation/Admin Guide.


If you need any assistance installing the Symantec Endpoint Encryption Server, please feel free to reach out to our Encryption Support team and we are happy to assist.

 

 

 

 

Symantec Encryption Manager on standard Windows Operating Systems, such as Windows 10.

Some situations may necessitate installing the Symantec Endpoint Encryption Management Server (SEEMS) Console on a computer other than the server it was originally installed on. 

This is useful if you want administrators to run reports, create SEE Clients, or manage Helpdesk recovery without allowing access to the actual Symantec Endpoint Encryption Management Server.

Prerequisites: Additional database configuration is required to allow access for each user and must be done on the SQL Server by a database administrator.  See article TECH254548 for more information.  The steps in the preceding article should be completed before following this tutorial.

 

In order to install the SEEMS console on a non-server operating system (OS), perform the following steps:

  1. Log into Windows as one of the users granted database permissions, following the article above.
  2. Download the Symantec Endpoint Encryption package.  Be sure to use the same version currently being used in production for SEEMS.
    • In this example, the SEEMS has 11.2.1 HF1 installed, thus we will install 11.2.1 HF1 on our Windows 10 computer.
    • This package is the exact same package used to install the software on a Windows Server. It can be copied over from the server's downloads folder, or downloaded from the MySymantec product portal.
  3. Once downloaded, unzip the folder.
  4. Double click on SEE Server suite x64 if you are using a 64-bit OS, or SEE Server Suite if you are using a 32-bit OS.


     
  5. Once the program opens, click Next.
  6. Read the information on this screen and click Next again.
  7. Read the End User License Agreement, click the button next to I accept the terms in the license agreement, and click Next.
  8. Click Complete or Custom depending on what type of installation you would like.
    • Most situations will want to click Complete.
  9. Select the type of authentication you would like to use.
    • None (password authentication only) means a password will be used for authentication upon SEE client package creation.
    • Personal Identity Verification (PIV) means a card/token can be used for authentication upon SEE client package creation.
      Note: This feature is not for PIV authentication for SEEMS.
  10. Ensure the Use SEE Server box is checked if you would like the SEEMS console to communicate with an existing SEE database.


     
  11. Type in the database name in the Database Instance field, or click Browse to search for the database instance.
  12. Once the Database Instance has been selected, ensure the proper Database Name is inserted in the next field.
    • SEEMSDb is the default SEE database name.
  13. Enable TLS/SSL communication as directed by your SEEMS administrator.
    Note: This may require additional configuration, which will not be covered in this tutorial.
  14. Enter the correct port as directed by your SEEMS Administrator which the SEEMS console and the database will use for communication. The default port is 1433.
    Note: This may require additional configuration, which will not be covered in this tutorial.
  15. As the user account currently being used to login to windows was provisioned for SEEMS database access, keep the authentication method as Windows Authentication and click Next.
  16. If this step did not work, see KB article TECH254548  to ensure all prerequisites have been completed successfully.
  17. Enter the SEE Management Password as directed by your SEEMS administrator and click Next.
  18. Click Install.
  19. After the installation is complete, click Finish.

 

Validating Access with Your Account

Now that the installation process has now completed, confirm the SEEMS console is working properly with the following steps:

  1. Open the Start Menu and open Symantec Endpoint Encryption Manager in the programs list:


     
  2. Expand the various snap-ins and ensure they work as expected.
  3. To ensure the database communication is working as expected, expand the Symantec Endpoint Encryption Reports snap-in and run a report
    • The following screen shot shows the Computer Status Report being successfully run (the % is a wildcard, showing all computers):

 

Additional Information

ISFR-1692, EPG-22805

Attachments