Installing Symantec Agent on a client device without automatically enrolling it
search cancel

Installing Symantec Agent on a client device without automatically enrolling it

book

Article ID: 210834

calendar_today

Updated On:

Products

Endpoint Security Endpoint Security Complete

Issue/Introduction

This article describes how you can install Symantec Agent on a client device without automatically enrolling it. You can then create an image of such device and use this image to deploy your other client devices. The devices that you create from this image will be enrolled after you power them on for the first time.

Environment

Windows client devices

Resolution

Prepare a client device that has Symantec Agent installed but not enrolled:

  1. In the cloud console, go to Settings > Installation Package.
  2. On the Installation Package page, select required Operating System and Symantec Agent Features.
  3. Download the installation package creator file and run it to prepare a distributable package.
  4. Move the prepared package to a client device and run the following command with elevated privileges (i.e. "Run as Administrator"): 
    Symantec_Agent_install.exe /IMAGE
    This command installs the agent without client identifiers and keeps the agent services stopped.

    If you already have the agent installed and enrolled, you will need to run "smc -image" which unenrolls the Symantec Agent (Symantec Endpoint Security client) and keeps it unenrolled.  When you have a password set in the System Policy.  The command needs to include -p password "smc -p password -image"

    NOTE: The /IMAGE command does not remove enrollment information if the agent includes Secure Connection feature. 

  5. On the client device, in Task Scheduler, create an enrollment task with the following recommended configuration:
    Tab Suggested Configuration
    General

    1. Name: Enroll_Symantec_Agent

    2. Under Security options, configure the settings as follows:

    • When running the task, use the following user account: SYSTEM
    • Run with highest privileges is checked
    Triggers

    1. Begin the task: On a schedule

    2. Under Settings:

    • Select One time trigger
    • Start: time in the future (to avoid immediate execution)

    3. Under Advanced settings:

    • Set Delay task for up to 3 minutes.
    Actions

    Set Start a program to:

    • <installation_path>\Symantec_Agent_install.exe
    Settings

    Check the following options:

    • Allow task to be run on demand
    • Run task as soon as possible after a schedule start is missed
  6. Shut down the device.

After you have prepared the device, you can create an image of it and use this image to deploy your other client devices.

When you power on the deployed devices for the first time, the Task Scheduler will automatically trigger the enrollment of these devices.

Powered by Wolken Software