You can install the ESM agent by using the Agent Installer on Windows computers that meet the system requirements.
See“System requirements for Windows computers”on page 32. The installation process is as follows:
Installing Symantec ESM managers and agents on Windows
Installing the Symantec ESM agent by using the Agent Installer
■ Start the Symantec ESM Agent Installer. ■ Perform the agent installation.
You can install the ESM 9.0.1 agents on a computer that has ESM 6.0 or later agents installed. It is not mandatory to have ESM 9.0 agents installed on the computer before you install ESM 9.0.1 agents.
Note:You can register up to 4000 agents to one ESM manager during or after installation. You can register one agent to as many managers as you want. To install the agent
1
Log on to the computer on which you want to install the Symantec ESM as an administrator. Alternatively, use a role that is equivalent to anadministrator.
2
Insert the product disc into the drive.3
Go to ESMInstaller\ESMAgentInstall and run the setup.exe.4
In the Welcome panel, click Next.5
In the License Agreement panel, click I accept the terms in the licenseagreement, and then click Next.
6
The Destination Folder panel displays the default location of the ESM agent on your computer.If you do not want to install the ESM agent in the default location, click
Change. You can browse to the location where you want to install the agent.
7
Click OK to close the Change Current Destination Folder panel, and then in the Destination Folder panel, click Next.8
In the Register Agent panel, do one of the following:■ If you do not want to register the agent to a manager, uncheck Register
agent to a manager, and then click Next.
If you choose not to register the agent now, the LiveUpdate Registration panel displays.
See“To select a LiveUpdate option”on page 52.
■ If you want to register the agent to a manager, do not uncheck Register
agent to a manager, and then click Next.
To register the ESM agent
1
In the Manager Information area of the Agent Registration panel, do the following for each Symantec ESM manager to which you want to register the agent:51 Installing Symantec ESM managers and agents on Windows
■ Type the name of the Symantec ESM manager to which you want to register the agent.
■ The port number for the ESM manager is auto-populated. If you want, you can change the port number.
■ Type the name of a Symantec ESM user account with privileges on the manager to register the agent.
■ Type the password for the Symantec ESM user account that you specify.
2
In the Agent Name area of the Agent Registration panel, click the appropriate option for the agent name. The Fully Qualified Domain Name option is selected by default.3
Click Add. The manager that you add is displayed in the list box.4
Repeat steps1to3if you want to add multiple managers.5
Click Next.To select a LiveUpdate option
◆ In the LiveUpdate Options panel, select a LiveUpdate option, and then click
Next.
To complete the installation
1
In the Ready to Install the Program, click Install.2
In the Setup Wizard Completed panel, click Finish.Silently installing and registering an ESM agent
When you install Symantec ESM, the installer prompts for necessary information such as the type of installation or the name of a directory. If you use the same settings to install Symantec ESM on a large number of computers, you can avoid the prompts by performing silent installations. The silent installation feature lets you install Symantec ESM agents and register Symantec ESM agents to managers. If the silent installation fails for any reason, check the
SymantecESMAgentInstall.log file at the Temp folder for the error logs. If the silent registration fails for any reason, check the SymantecESMAgentReg.log file at the following location for the error logs:
#Symantec\Enterprise Security Manager\ESM\system\<name of the computer where you have installed the agent>
See“Error codes for silent installation or registration failure of an ESM agent” on page 55.
Installing Symantec ESM managers and agents on Windows
Installing the Symantec ESM agent by using the Agent Installer
Note:The GPGV.exe, which is a third-party application licensed by GNU GPL, is installed when you perform a silent or an interactive installation of Symantec ESM. The GPGV.exe installs in the same location where you install Symantec ESM. Symantec ESM internally uses the GPGV.exe for security verification.
To silently install an agent
1
Log on as administrator to the computer on which you want to install the Symantec ESM agent. Alternatively, use a role that is equivalent to an administrator.2
Copy the ESMAgentInstall folder from the product disc to a network installation folder or to a local folder.3
Copy the AgentSilentInstallSample.bat file from theESMAgentInstall\Examples folder in the product disc. Save the
AgentSilentInstallSample.bat file in the local folder where you have copied the ESMAgentInstall folder.
4
Right-click the AgentSilentInstallSample.bat file, and select Edit.5
Specify the parameters of <COMMANDLINE>. SeeTable 3-10on page 54.To silently register an agent
1
Log on as administrator to the computer on which you want to install the Symantec ESM agent. Alternatively, use a role that is equivalent to an administrator.2
Copy the ESMAgentInstall folder from the product disc to a network installation folder or to a local folder.3
Copy the AgentRegSilentInstallSample.bat file from the ESMAgentInstall\Examples folder in the product disc. Save theAgentRegSilentInstallSample.bat file in the local folder that contains the setup.exe file.
4
Right-click the AgentRegSilentInstallSample.bat file, and then click Edit.5
Specify the parameters of <COMMANDLINE>.Table 3-10contains the information on the silent installation options and their descriptions.
53 Installing Symantec ESM managers and agents on Windows
Table 3-10 Command-line options
Description Option
Use a verbose log and write the output to the specified log file. Log on to www.microsoft.com for more log options.
/l*v<LOGFILE>
Specify the directory where you need to install the agent INSTALLDIR=<DIRECTORY>
Specify if you want to register the agent or for LiveUpdate. Use a 1 to register the agent and a 2 to register for LiveUpdate. SELECTION
Specify the attributes of managers to whom the agent needs to be registered.
Each manager specification includes the following information:
■ Manager name
■ Logon password
■ Agent name type
■ Agent name
■ Port number for the manager to listen on To use encrypted passwords, do the following:
■ Generate the encrypted password from the plain text password using the Encryption tool. The Encryption tool resides in the \ESMInstaller\ESMAgentInstall\util directory.
■ Enclose the encrypted password in angle brackets while specifying the password at the command line.
■ Make sure that the password is URL Encoded. A URL- encoded password contains a % mark at several places. See“Using the Encryption tool”on page 58.
The agent name type can be a 1 (long), a 2 (short), or a 3 (user-defined).
The agent name is ignored during installation unless you specify the agent name type as a 3.
REGAGENTLIST is ignored if you specify the SELECTION as a 2.
REGAGENTLIST
Installing Symantec ESM managers and agents on Windows
Installing the Symantec ESM agent by using the Agent Installer
Table 3-10 Command-line options (continued)
Description Option
■ Specify the type of LiveUpdate.
■ Select a 1 to disable LiveUpdate.
■ Select a 2 to enable LiveUpdate for all managers.
■ Select a 3 to enable LiveUpdate for all selected managers. LURADIOGROUP is ignored if you specify the SELECTION as a 2.
LURADIOGROUP
Specify a list of the managers on which LiveUpdate is allowed. LUALLOWEDMGRS is ignored unless you specify
LURADIOGROUP as a 3. LUALLOWEDMGRS