Installing Symantec Agent on a client device without automatically enrolling it


Article ID: 210834


Updated On:


Endpoint Security Endpoint Security Complete


This article describes how you can install Symantec Agent on a client device without automatically enrolling it. You can then create an image of such device and use this image to deploy your other client devices. The devices that you create from this image will be enrolled after you power them on for the first time.


Windows client devices


Prepare a client device that has Symantec Agent installed but not enrolled:

  1. In the cloud console, go to Settings > Installation Package.
  2. On the Installation Package page, select required Operating System and Symantec Agent Features.
  3. Download the installation package creator file and run it to prepare a distributable package.
  4. Move the prepared package to a client device and run the following command with elevated privileges (i.e. "Run as Administrator"):
    Symantec_Agent_install.exe /IMAGE
    This command installs the agent without client identifiers and keeps the agent services stopped.
    If you already have the agent installed and enrolled, this command removes the enrollment information from the client.
    NOTE: The /IMAGE command does not remove enrollment information if the agent includes Secure Connection feature. 
  5. On the client device, in Task Scheduler, create an enrollment task with the following recommended configuration:
    Tab Suggested Configuration

    1. Name: Enroll_Symantec_Agent

    2. Under Security options, configure the settings as follows:

    • When running the task, use the following user account: SYSTEM
    • Run with highest privileges is checked


    1. Begin the task: On a schedule

    2. Under Settings:

    • Select One time trigger
    • Start: time in the future (to avoid immediate execution)

    3. Under Advanced settings:

    • Set Delay task for up to 3 minutes.


    Set Start a program to:

    • <installation_path>\Symantec_Agent_install.exe


    Check the following options:

    • Allow task to be run on demand
    • Run task as soon as possible after a schedule start is missed

  6. Shut down the device.

After you have prepared the device, you can create an image of it and use this image to deploy your other client devices.

When you power on the deployed devices for the first time, the Task Scheduler will automatically trigger the enrollment of these devices.