Agent Install Guide. Lumension Endpoint Management and Security Suite 7.3

(1)

(2)

(3)

Version Information

Lumension Endpoint Management and Security Suite Agent Install Guide - Lumension Endpoint Management and Security Suite Version 7.3 - Published: May 2013

Document Number: 02_017_7.3_131261142

Copyright Information Lumension

8660 East Hartford Drive, Suite 300 Scottsdale, AZ 85255

Phone: +1 888.725.7828 Fax: +1 480.970.6323 E-mail: [email protected]

Copyright©_{1999-2013; Lumension Security, Inc.; all rights reserved. Covered by one or more of U.S. Patent} Nos. 6,990,660, 7,278,158, 7,487,495, 7,823,147, 7,870,606, and/or 7,894,514; other patents pending. This manual, as well as the software described in it, is furnished under license. No part of this manual may be reproduced, stored in a retrieval system, or transmitted in any form – electronic, mechanical, recording, or otherwise – except as permitted by such license.

LIMITATION OF LIABILITY/DISCLAIMER OF WARRANTY: LUMENSION SECURITY, INC. (LUMENSION) MAKES NO REPRESENTATIONS OR WARRANTIES WITH REGARD TO THE ACCURACY OR COMPLETENESS OF THE INFORMATION PROVIDED IN THIS MANUAL. LUMENSION RESERVES THE RIGHT TO MAKE CHANGES TO THE INFORMATION DESCRIBED IN THIS MANUAL AT ANY TIME WITHOUT NOTICE AND WITHOUT OBLIGATION TO NOTIFY ANY PERSON OF SUCH CHANGES. THE INFORMATION PROVIDED IN THIS MANUAL IS PROVIDED “AS IS” AND WITHOUT WARRANTY OF ANY KIND, INCLUDING WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE INFORMATION PROVIDED IN THIS MANUAL IS NOT GUARANTEED OR WARRANTED TO PRODUCE ANY PARTICULAR RESULT, AND THE ADVICE AND STRATEGIES CONTAINED MAY NOT BE SUITABLE FOR EVERY ORGANIZATION. NO WARRANTY MAY BE CREATED OR EXTENDED WITH RESPECT TO THIS MANUAL BY SALES REPRESENTATIVES OR WRITTEN SALES MATERIALS. LUMENSION SHALL NOT BE LIABLE TO ANY PERSON WHATSOEVER FOR ANY LOSS OF PROFIT OR DATA OR ANY OTHER DAMAGES ARISING FROM THE USE OF THIS MANUAL, INCLUDING BUT NOT LIMITED TO DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES.

(4)

Trademark Information

Lumension®, Lumension® Endpoint Management and Security Suite, Lumension® Endpoint Management Platform, Lumension® Patch and Remediation, Lumension® Enterprise Reporting, Lumension® Security Configuration Management, Lumension® Content Wizard, Lumension® Risk Manager, Lumension® AntiVirus, Lumension® Wake on LAN, Lumension® Power Management, Lumension® Remote Management, Lumension® Scan™, Lumension® Security Configuration Management, Lumension® Application Control, Lumension® Device Control, Lumension® Endpoint Security, Lumension® Intelligent Whitelisting, PatchLink®, PatchLink® Update™, their associated logos, and all other Lumension trademarks and trade names used here are the property of Lumension Security, Inc. or its affiliates in the U.S. and other countries.

RSA Secured® is a registered trademark of RSA Security Inc. Apache is a trademark of the Apache Software Foundation.

In addition, any other companies' names, trade names, trademarks, and products mentioned in this document may be either registered trademarks or trademarks of their respective owners.

Feedback

Your feedback lets us know if we are meeting your documentation needs. E-mail the Lumension Technical Publications department at [email protected] to tell us what you like best, what you like least, and to report any inaccuracies.

(5)

About This Document

This Agent Install Guide is a resource written for all users of Lumension Endpoint Management and Security Suite 7.3. This document defines the concepts and procedures for installing, configuring, implementing, and using Lumension Endpoint Management and Security Suite 7.3.

Tip: Lumension documentation is updated on a regular basis. To acquire the latest version of this or any other published document, please refer to the Lumension Customer Portal (http://portal.lumension.com/).

Typographical Conventions

The following conventions are used throughout this documentation to help you identify various information types.

Table 1: Typographical Conventions

Convention Usage

bold Buttons, menu items, window and screen objects.

bold italics Wizard names, window names, and page names. italics New terms, options, and variables.

MONOSPACE UPPERCASE Keyboard keys.

BOLD UPPERCASE SQL Commands.

monospace File names, path names, programs, executables, command syntax, and property names.

(8)

Contacting Lumension

Arizona

8660 East Hartford Drive Suite 300

Scottsdale, AZ 85255 United States of America Phone: +1 888 725 7828 Phone: +1 480 970 1025 Fax: +1 480 970 6323

Ireland

Lumension Security Ireland Ltd. Lyrr Building, Second Floor Mervue Business & Technology Park Mervue, Galway Ireland Phone: +353 91 44 8980 Fax: +353 91 76 6722 Luxembourg Lumension Security SA Atrium Business Park Z.A Bourmicht

23, rue du Puits Romain L-8070 Bertrange Luxembourg Phone: +352 265 364 11 Fax: +352 265 364 12 Lumension Support phone: +1 480 970 1025 (USA)

+1 877 713 8600 (USA - legacy Sanctuary products) +353 9142 2999 (EMEA) +44 800 012 1869 (UK) +61 (02) 8223 9810 (Australia) +852 3071 4690 (Hong Kong) +65 6622 1078 (Singapore) submit a ticket:

Registered users can open a support ticket via the customer portal (http://support.lumension.com/).

Lumension customers without a support account should contact our support team ([email protected]) to have an account created.

Note: For additional contact information, please visit the Contact Lumension page at http:// www.lumension.com/contact-us.aspx.

(9)

1

Agent Requirements

In this chapter:

•Supported Endpoint Operating Systems

•Agent Supported Locales

•Agent Supported Languages

•Requirements

The agent is supported on a variety of operating systems and platforms. Before installing the agent on endpoint, make sure the endpoint meets the recommended hardware and software requirements.

• Supported Endpoint Operating Systems on page 9 • Agent Supported Locales on page 12

• Agent Supported Languages on page 13 • Requirements on page 14

Supported Endpoint Operating Systems

The Lumension EMSS Agent and all available endpoint modules can be installed on multiple operating systems. The following table lists the Windows platforms on which the Lumension EMSS Agent 7.3 is supported. Table 2: Supported Windows Operating Systems

Operating System

Version Edition Data

Width Proc. Family Software Prerequisites Agent Version Microsoft Windows 8(1) 6.2 Windows 8 Professional Enterprise(2)

32/64 bit Intel Microsoft .NET Framework 4.0+ Lumension EMSS 7.3 Agent Microsoft Windows Server 2012(3) 6.2 Standard(2)(4) Datacenter(2)(4) Foundation Essentials

64 bit Intel Microsoft .NET Framework 4.0+ Lumension EMSS 7.3 Agent Microsoft Windows Storage Server 2012 6.2 Standard Workgroup

64 bit Intel Microsoft .NET Framework 4.0+

Lumension EMSS 7.3 Agent

(10)

Width Proc. Family Software Prerequisites Agent Version Microsoft Windows 7 6.1 Professional Enterprise Ultimate

32/64 bit Intel Microsoft .NET Framework 3.0+ Lumension EMSS 7.3 Agent Microsoft Windows Server 2008 R2 6.1 Standard Enterprise Web

64 bit Intel Microsoft .NET Framework 3.0+ Lumension EMSS 7.3 Agent Microsoft Windows Vista(5) 6.0 Business Enterprise Ultimate

32/64 bit Intel Microsoft .NET Framework 3.0+ Lumension EMSS 7.3 Agent Microsoft Windows Server 2008(6) 6.0 Web Standard Enterprise

32/64 bit Intel Microsoft .NET Framework 3.0+ Lumension EMSS 7.3 Agent Microsoft Windows 2003 SP1+ 5.2 Web Standard Enterprise R2

32/64 bit Intel Microsoft .NET Framework 2.0+ Lumension EMSS 7.3 Agent Microsoft Windows XP SP2+(7)

5.1 Professional 32/64 bit Intel Microsoft .NET Framework 2.0+

Lumension EMSS 7.3 Agent (1) The N editions of this family are supported. However, the RT edition of this family is not supported. (2) The evaluation version of this edition is supported.

(3) The Hyper-V edition of this family is not supported. (4) Server Core mode for this edition is supported. (5) The Home edition of this family is not supported.

(6) The Datacenter and Core editions of this OS family are not supported. (7) Home, Media Center, and Tablet PC editions are not supported.

Note: The Software Prerequisites column applies only to Patch and Remediation and Security

Configuration Management endpoints. Agents without these modules do not require the software prerequisites. Microsoft .NET Framework 4.0 is installed on Windows 8 and Server 2012 by default.

(11)

The following table lists the Linux, UNIX, and Apple platforms on which the agent is supported. This version of the agent can only be installed in environments that have Patch and Remediation installed.

Table 3: Supported Linux, UNIX, and Apple Operating Systems

Width Proc. Family Software Prerequisites Agent Version Apple Mac OS X 10.5 10.4 10.3

All 32/64 bit PowerPC Sun Java

JRE 1.5.0+ Patch 7.0 Agent Apple Mac OS X 10.8(1) 10.7(1) 10.6 10.5 10.4

All 32/64 bit Intel Sun Java

JRE 1.5.0+ Patch 7.0303 Agent HP-UX 11.31 11.23 11.11

All 64 bit PA-RISC Sun Java

JRE 1.5.0+

Patch 7.0 Agent

HP-UX 11.31 All 64 bit Itanium Sun Java

JRE 1.5.0+

Patch 7.0303 Agent

IBM AIX 7.1

6.1

JRE 1.5.0+ Patch 7.0303 Agent Novell SUSE Linux 11 10 Server Desktop

32/64 bit Intel Sun Java JRE 1.5.0+ or IcedTea/ OpenJDK Patch 7.0303 Agent Red Hat Enterprise Linux 6(1) 5 Server Desktop

32/64 bit Intel Sun Java JRE 1.5.0+ or IcedTea/ OpenJDK Patch 7.0303 Agent Oracle Solaris 11 10

All 32/64 bit SPARC/

Intel Sun Java JRE 1.5.0+ Patch 7.0303 Agent Oracle Linux 6 5

Server 32/64 bit Intel Sun Java

JRE 1.5.0+ or IcedTea/ OpenJDK

Patch 7.0303 Agent

(12)

Width Proc. Family Software Prerequisites Agent Version CentOS Linux 6 5

Patch 7.0303 Agent

(1) This version of Apple Mac OS X is compatible with either Sun Java JRE 1.5.0+ or IcedTea/OpenJDK.

Agent Supported Locales

The Lumension Endpoint Management and Security Suite Agent is only supported on operating systems that use certain locales. Ensure the endpoint you are installing an agent on uses one of the listed locales.

• da-DA: Danish (Denmark) • en-AU: English (Australia) • en-BZ: English (Belize) • en-CA: English (Canada) • en-IN: English (India) • en-IE: English (Ireland) • en-JM: English (Jamaica) • en-NZ: English (New Zealand) • en-PH: English (Philippines) • en-SG: English (Singapore) • en-ZA: English (South Africa) • en-GB: English (United Kingdom) • en-US: English (United States) • es-ES: Spanish (Spain) • fi-FI: Finnish (Finland) • fr-FR: French (France) • de-DE: German (Germany) • it-IT: Italian (Italy) • ja-JP: Japanese (Japan) • ko-KR: Korean (Korea) • nl-NL: Dutch (Netherlands)

• no-NO: Norwegian - Nynorsk (Norway) • pt-BR: Portuguese (Brazil)

• ru-RU: Russian (Russia) • sv-SE: Swedish (Sweden)

• zh-CN / zh-CHS: Chinese (China [Simplified]) • zh-TW / zh-CHT: Chinese (Taiwan [Traditional])

(13)

Agent Supported Languages

The Lumension Endpoint Management and Security Suite Agent is only supported in certain languages. Ensure the endpoint you are installing an agent on uses one of the listed languages.

Table 4: Agent Supported Languages

Description Language Code LCID string Decimal Hexadecimal

English - United States en en-us 1033 0409 English - United Kingdom en en-gb 0809 041d English - South Africa en en-za 7177 1c09 Chinese - China (Simplified) zh zh-cn / za-chs 2052 0804 Chinese - Taiwan (Traditional) zh zh-tw / zh-cht 1028 0404 Danish da da 0406 1030 Dutch - Netherlands nl nl-nl 1043 0413 Finnish - Finland fi fi 1035 040b French - France fr fr-fr 1036 040c

German - Germany de de-de 1031 0407

Italian-Italy it it-it 1040 0410 Japanese ja ja 1041 0411 Korean - Korea ko ko 1042 0412 Norwegian -Nynorsk no no-no 1044 0414 Portuguese - Brazil pt pt-br 1046 0416 Russian ru ru 1049 0419 Spanish - Spain (Modern Sort) es es-es 3082 0c0a

(14)

Requirements

Endpoints that host the agent must meet defined hardware and software requirements.

Note: You must disable any virus-scanning software prior to the installation of the Lumension Agent for Windows. Failure to do so may result in an unsuccessful agent installation.

Agent for Windows

The following minimum requirements must be met in order to install the agent on endpoints running the Microsoft Windows operating system.

• 500 MHz processor or higher. • RAM requirements:

• 256 MB RAM for Windows XP and Windows Server 2003. • 1 GB RAM for Windows Vista and later.

• 1 GB of free disk space.

• A single 10 Mbps network connection (with access to the Lumension Endpoint Management and Security Suite server).

• Port requirements:

• Port 80 must be open for module download purposes.

• Port 443 must be open for policy download and general communication.

• Ephemeral ports must be open to listen for Notification Manager connection requests (Patch and Remediation only).

• For pre-Windows Vista releases, open ports 1024-4999.

• For Windows Vista and Windows releases after Windows Vista, open ports 49152-65535.

Note: After the listener is established, you can discover the port number used for listening at the following location in the endpoint registry: HKLM\SOFTWARE\Patchlink.com\Gravitix\PDDMPort with a name of PDDMPort.

Do not edit the registry entry. Irreversible damage might occur if you edit this registry key incorrectly. For added protection, Microsoft recommends backing up a Windows registry. Then, if a problem does occur, you may restore the Windows registry by using the backup.

• Windows Installer 2.0 or higher.

• One of the following: Microsoft Internet Explorer 8, Microsoft Internet Explorer 9, or Mozilla Firefox 17.x Extended Support Release (ESR) version.

Note: Due to the accelerated release cycle of the Mozilla Firefox RapidRelease version, support for for Mozilla Firefox RapidRelease cannot be guaranteed.

(15)

The following table lists the supported platforms on which the agent is supported. Table 5: Supported Windows Operating Systems

32/64 bit Intel Microsoft .NET Framework 4.0+ Lumension EMSS 7.3 Agent Microsoft Windows Server 2012(3) 6.2 Standard(2)(4) Datacenter(2)(4) Foundation Essentials

64 bit Intel Microsoft .NET Framework 4.0+ Lumension EMSS 7.3 Agent Microsoft Windows 7 6.1 Professional Enterprise Ultimate

(16)

Width Proc. Family Software Prerequisites Agent Version

(1) The N editions of this family are supported. However, the RT edition of this family is not supported. (2) The evaluation version of this edition is supported.

(3) The Hyper-V edition of this family is not supported. (4) Server Core mode for this edition is supported. (5) The Home edition of this family is not supported.

(6) The Datacenter and Core editions of this OS family are not supported. (7) Home, Media Center, and Tablet PC editions are not supported.

Note: The Software Prerequisites column applies only to Patch and Remediation and Security

Configuration Management endpoints. Agents without these modules do not require the software prerequisites. Microsoft .NET Framework 4.0 is installed on Windows 8 and Server 2012 by default.

Agent for Linux, UNIX, and Mac

The following minimum requirements must be met in order to install the agent on endpoints running the Linux, UNIX, or Mac operating systems.

• Presence of /tmp directory (/var/tmp directory on Solaris) for temporary file storage and processing. • 105 MB of free disk space for the agent installation. It is recommended that there be 100 MB of free disk

space in /temp (/var/tmp for Solaris) and a separate 50 MB of free disk space in the agent installation directory.

• 500 MHz or greater processor. • 256 MB RAM.

• 10 Mbps network connection (with access to the Lumension Endpoint Management and Security Suite server).

• Sufficient free disk space to download and install patches.

• Network connectivity to your Lumension Endpoint Management and Security Suite server.

• Lumension recommends opening ports 49152-65535 on Linux, UNIX, and Mac endpoints. The agent randomly opens one of these ports to listen for check now commands, which are server-sent requests that the agent check for tasks. Closing these ports delays agent tasks until they check in themselves.

(17)

The following table lists the supported platforms on which the agent is supported. Table 6: Supported Linux, UNIX, and Apple Operating Systems

Width Proc. Family Software Prerequisites Agent Version Apple Mac OS X 10.5 10.4 10.3

JRE 1.5.0+ Patch 7.0 Agent Apple Mac OS X 10.8(1) 10.7(1) 10.6 10.5 10.4

All 32/64 bit Intel Sun Java

JRE 1.5.0+ Patch 7.0303 Agent HP-UX 11.31 11.23 11.11

All 64 bit PA-RISC Sun Java

JRE 1.5.0+

Patch 7.0 Agent

HP-UX 11.31 All 64 bit Itanium Sun Java

JRE 1.5.0+

Patch 7.0303 Agent

IBM AIX 7.1

6.1

JRE 1.5.0+ Patch 7.0303 Agent Novell SUSE Linux 11 10 Server Desktop

32/64 bit Intel Sun Java JRE 1.5.0+ or IcedTea/ OpenJDK Patch 7.0303 Agent Red Hat Enterprise Linux 6(1) 5 Server Desktop

32/64 bit Intel Sun Java JRE 1.5.0+ or IcedTea/ OpenJDK Patch 7.0303 Agent Oracle Solaris 11 10

All 32/64 bit SPARC/

Intel Sun Java JRE 1.5.0+ Patch 7.0303 Agent Oracle Linux 6 5

Patch 7.0303 Agent

(18)

Width Proc. Family Software Prerequisites Agent Version CentOS Linux 6 5

Patch 7.0303 Agent

(19)

2

Introduction and Installation Methods

•About the Lumension EMSS Agent

•Selecting an Agent Installation Method

•Additional Installation Methods

The Lumension EMSS agent is installed on network endpoints to manage their behavior through instructions from the Lumension Endpoint Management and Security Suite server. You can install the agent on your network endpoints using a variety of methods.

About the Lumension EMSS Agent

Lumension Endpoint Management and Security Suite uses a server/client relationship to manage network endpoints. Endpoints communicate with the Lumension Endpoint Management and Security Suite server using the Lumension EMSS Agent.

After installing the Lumension Endpoint Management and Security Suite server, you can begin installation of Lumension EMSS Agent, which should be installed on any network endpoints you want to manage using the Lumension Endpoint Management and Security Suite Web console. The agent can be installed on network endpoints a variety of ways, all of which are documented in this guide.

Following initial installation, the agent registers with the Lumension Endpoint Management and Security Suite server, and the two components begin communication.

The agent downloads the following data from the Lumension Endpoint Management and Security Suite server: • Agent policies, which contain information about how the agent should behave.

• Agent packages, which contain files to modify the agent.

The agent uploads the following messages to the Lumension Endpoint Management and Security Suite server: • Host endpoint operating system information.

• Heartbearts, which are notification messages the agent sends to the server. This message is used continually notify the server that the agent is available within the network.

Additionally, if you are licensed for additional Lumension Endpoint Management and Security Suite modules, you can install these modules on the Lumension EMSS agent, which expands its functions.

For more information on modules and module installation, refer to Lumension Endpoint Management and Security Suite User Guide (http://portal.lumension.com).

(20)

Selecting an Agent Installation Method

You can install the Lumension EMSS Agent or Patch Agent on your network using a variety of methods. Because each company has a unique network environment, network administrators should carefully consider which method to use when installing the agent. The following list describes each installation method. Table 7: Installation Methods

Installation Method Description

Agent Management Jobs Agent Management Jobs are Lumension Endpoint Management and Security Suite's onboard method for agent installation across multiple network endpoints. These jobs search for endpoints in your network and then install the agent. You can complete Agent Management Jobs within the Lumension Endpoint Management and Security Suite Web console using an easy-to-complete Wizard.

You can use this install method to install the agent on Windows operating systems. For additional information about this installation method, refer to Installing Agents by Agent Management Jobs on page 23.

Command Line You can use the command prompt call the Lumension Endpoint Management and Security Suite Agent and Patch Agent installer and define installation parameters. Using this method, you can install a single agent on a local or remote endpoint. You can use this install method to install the agent on the following operating systems:

• Windows • Linux • UNIX • Mac

For additional information about this installation method, refer to Installing Agents by Command Line on page 67.

(21)

Install Wizard The Lumension EMSS Agent and Patch Agent for Mac can be installed with a simple-to-use install wizard, which can be downloaded from the Lumension Endpoint Management and Security Suite console. After downloading the installer, complete the agent install wizard to complete agent installation.

You can use this install method to install the agent on the following operating systems:

• Windows • Mac

For additional information about this installation method, refer to Installing Agents by Installer on page 85.

Note: Supported Operating Systems listed in topic are generalized for each operating systems. Before installing the agent on an endpoint, ensure its operting system is supported by consulting Supported Endpoint Operating Systems on page 9.

Additional Installation Methods

Advanced network administrators with a high understanding of network administration may prefer to install the Lumension EMSS agent using other installation methods not documented in this guide.

The following table lists alternative installation methods. Table 8: Additional Installation Methods

Third Party Software In some environments, customers may prefer to use third-party software, such as PsExec, to install the agent.

Golden Image In networks making substantial use of golden images, which are compressed operating system archives that are entirely installed and configured according to an organization's specifications, network administrators may benefit from adding the Lumension EMSS Agent to their image.

Attention: These installation methods are not documented in this guide. For additional information on these installation methods, contact Lumension Support ([email protected]).

(22)

(23)

3

Installing Agents by Agent Management Jobs

•About Agent Management Jobs

•Preparing for Agent Installation by Agent Management Jobs

•Port and ICMP Requirements for Agent Management Jobs

•Configuring the Lumension EMSS Server for Discovery Scanning

•Configuring Windows XP and Windows Server 2003 Endpoints for Agent Management Jobs

•Configuring Vista or Later Endpoints for Agent Management Jobs

•Installing Agents by Agent Management Job

Lumension Endpoint Management and Security Suite includes an agent installation method that you can perform from the Lumension Endpoint Management and Security Suite Web console: Agent Management Jobs. After completing a step-by-step wizard, these jobs discover Windows endpoints within your network and then install the agent.

About Agent Management Jobs

Agent Management jobs let you install Lumension Endpoint Management and Security Suite agents remotely on multiple Windows endpoints within your network. Use of agent management jobs eases the task of agent installation by letting network administrator install agents from within the Lumension Endpoint Management and Security Suite console.

These jobs are configured in the Agent Management Job Wizard, which is accessible from the Lumension Endpoint Management and Security Suite Web console. During job configuration, you must define the information the job uses to find endpoints in your network and then install agents on them.

The initial portion of an agent management job detects endpoints and their operating systems in your network using pings and endpoint scanning.

Agent management jobs then begin their next function: agent installation. Based on the operating system information found during scanning, agent management jobs determine which type of agent to install on applicable endpoints. To access the endpoint, the agent management job provides the endpoint with applicable

(24)

credentials. These credentials are entered during job configuration. After the endpoint authenticates the credentials, the agent management job begins agent installation. Installation occurs silently in an endpoint's background; endpoint users are unaware of the installation.

Preparing for Agent Installation by Agent Management Jobs

To complete agent installation using agent management jobs, you must first configure your Lumension Endpoint Management and Security Suite server and target endpoints for agent management jobs.

To complete agent installation by agent management job, complete the following tasks:

1. Verify that your target endpoints are all supported Windows endpoints. You cannot complete agent management jobs on Linux, UNIX, or Mac endpoints.

2. Gather the credentials for target endpoints that have administrative access. Successful job outcome is contingent upon authenticated credentials.

3. Configure the Lumension Endpoint Management and Security Suite server for discovery scanning. For additional information, refer to Configuring the Lumension EMSS Server for Discovery Scanning on page 26.

4. Configure your target endpoints to accept agent management jobs. Target endpoints must be configured to allow agent management jobs access to the endpoint.

• To configure Windows XP or Windows 2003 endpoints for agent management jobs, complete Configuring Windows XP and Windows Server 2003 Endpoints for Agent Management Jobs on page 27.

• To configure Windows Vista and later endpoints for agent management jobs, complete Configuring Vista or Later Endpoints for Agent Management Jobs on page 37

While configuring Windows Vista or later endpoints, ensure network discovery and file sharing are turned on.

5. Complete the Agent Management Job. For additional information, refer to Installing Agents by Agent Management Job on page 49.

You can only use agent management jobs to install agents on Windows endpoints. The following table lists each operating system you can install to using agent management jobs. For a more through list of OS requirements, refer to Agent Requirements on page 9.

Table 9: Agent Management Supported Operating Systems

32/64 bit Intel Microsoft .NET Framework 4.0+

(25)

Width Proc. Family Software Prerequisites Agent Version Microsoft Windows Server 2012(3) 6.2 Standard(2)(4) Datacenter(2)(4) Foundation Essentials

64 bit Intel Microsoft .NET Framework 4.0+ Lumension EMSS 7.3 Agent Microsoft Windows 7 6.1 Professional Enterprise Ultimate

Port and ICMP Requirements for Agent Management Jobs

In environments that use third-party firewalls to protect endpoints, you must first create firewall exceptions for successfull completion of agent management jobs. These exceptions will also allow discovery scan jobs to return more detailed information about endpoints.

(26)

Within your firewall application, open the ports listed in the following table. Table 10: Required Ports

Required Ports Description • 445/TCP

• 139/UDP • 135/UDP • 137/UDP

Lumension EMSS uses these ports to access the endpoint during the installation process of the agent management job. Discovery scan jobs also use this ports to discovery information about the endpoint. After the agent management job completes, you can reclose these ports.

• 443/TCP • 80/TCP

Following agent installation, the Lumension EMSS Agent uses these ports to register and communicate with the Lumension EMSS Server. After the agent management job completes, you should leave these ports open.

Additionally, both discovery scan jobs and agent managements jobs require the endpoint to accept pings from the Lumension EMSSserver. Therefore, you should also create an exception for inbound ICMP echo requests within your third-party firewall.

Configuring the Lumension EMSS Server for Discovery Scanning

The Lumension Endpoint Management and Security Suite server must be configured in the following manner so that you can run agent management jobs on your managed endpoints.

1. Click Start > Run.

2. Enter regedit in the Open field. 3. Click OK.

Step Result: The registry editor displays.

(27)

5. Verify that the value for the lmcompatibilitylevel registry key is set to 3.

Note: Under most network conditions, a setting of 3 is sufficient. However, in some networks, this key may require a different value. To determine which value to use, refer to How to Enable NTLM 2 Authentication (http://support.microsoft.com/kb/239869).

Result: The Lumension Endpoint Management and Security Suite Server is configured for discovery scanning. After Completing This Task:

If you are configuring the Lumension Endpoint Management and Security Suite server for scanning in preparation for agent management jobs, continue to endpoint configuration. For additional information about endpoint configuration for agent management jobs, refer to one of the following topics:

• Configuring Windows XP and Windows Server 2003 Endpoints for Agent Management Jobs on page 27 • Configuring Vista or Later Endpoints for Agent Management Jobs on page 37

Configuring Windows XP and Windows Server 2003 Endpoints for

Agent Management Jobs

Before you can remotely install agents on your Windows XP and Windows Server 2003 endpoints, you must first configure your endpoints for agent management jobs. Endpoint configuration for agent management includes starting the required services; enabling file and print sharing; creating firewall exceptions, configuring your NTLM settings, and enabling network shares.

Complete these instructions from the Windows 2003 or Windows XP endpoint you want to configure for agent management.

Note: If your organization uses a third-party firewall:

• Do not complete the steps in this procedure for creating Windows Firewall exceptions. Your third-party firewall makes them unnecessary.

• You must create exceptions for Lumension EMSS within you third-party firewall. For additional information, refer to Port and ICMP Requirements for Agent Management Jobs on page 25.

First, ensure that the services necessary for successful agent management are started. 1. Select Start > Control Panel.

(28)

2. Double-click Administrative Tools.

Step Result: The Administrative Tools dialog opens.

Figure 1: Administrative Tools Dialog

3. Double-click Services.

Step Result: The Services dialog opens.

(29)

4. Ensure the necessary services are started.

The following list itemizes the services that must be started for job completion.

Note: In environments that use a third-party firewall, ensure the Windows Firewall/Internet Connection Sharing service is instead disabled.

• DCOM Server Process Launcher • Remote Procedure Call (RPC) • Server

• Windows Firewall/Internet Connection Sharing (ICS) • Windows Management Instrumentation

If all of the listed services required for your configuration purposes have a Server status of Started, continue to the next step. If any of the listed services for your configuration purposes are not started, complete the following substeps to start them.

a) Right-click the applicable service and select Properties. Step Result: The properties dialog for the service opens.

b) Ensure the Startup type list is set to Automatic. If edits are necessary, click Apply after selecting Automatic from the list.

c) Click Start.

Step Result: The service starts. d) Click OK

Step Result: The properties dialog for the service closes. e) If necessary, repeat the substeps for each unstarted service. 5. Close the Services dialog and the Administrative Tools dialog.

Next, ensure Simple File Sharing is disabled on the endpoint. You must have this setting disabled so that the Lumension EMSS can access the neccessary files during agent installation; Simple File Sharing can prevent this process.

6. Select Start > My Computer.

Step Result: The My Computer dialog opens. 7. From the dialog toobar, select Tools > Folder Options.

Step Result: The Folder Options dialog opens. 8. Select the View tab.

Step Result: The View tab opens.

9. Ensure the Use simple file sharing (Recommended) check box is clear. You may have to scroll to find this setting.

(30)

10. Click OK.

11. Close the My Computer dialog.

Next, ensure File and Printer sharing is enabled. To install an agent on you endpoint, Lumension EMSS needs access to certain endpoint folders. Enabling File and Printer sharing grants this access.

12. Select Start > Control Panel. Step Result: Control Panel opens.

13. Double-click Network Connections.

Step Result: The Network Connections dialog opens. 14. Right-click your local area connection and select Properties.

Step Result: The Local Area Connection Properties dialog opens.

Figure 3: Local Area Connection Properties Dialog

15. Ensure the File and Printer Sharing for Microsoft Networks check box is selected. 16. Click OK.

Step Result: The Local Areaa Connection Properties dialog closes.

(31)

Next, ensure Windows Firewall is configured to allow exceptions for agent management jobs. A Windows Firewall that does not allow exceptions will block pings and other agent management processes. Ensure that firewall exceptions are in place for successfull agent management.

Create the firewall exceptions using the Local Group Policy Editor. Create exceptions for both the standard and domain profiles.

Note: In environments using a third-party firewall, do not complete the steps to create Windows Firewall exceptions. Instead, complete create exceptions in your third-party firewall. For additional information, refer to Port and ICMP Requirements for Agent Management Jobs on page 25.

18. Select Start > Run.

Step Result: The Run prompt opens.

19. Type gpedit.msc in the Open field and press ENTER. Step Result: The Group Policy dialog opens.

Figure 4: Group Policy Dialog

Next, ensure firewall exceptions are created for the domain profile. These settings allow the Lumension EMSS to access the endpoint through the firewall.

While in this dialog, ensure the settings (and their subsettings) are configured for agent management jobs: • Windows Firewall: Do not allow exceptions

• Windows Firewall: Allow remote administration exceptions • Windows Firewall: Allow file and printer sharing exceptions • Windows Firewall: Allow ICMP exceptions

Configure the following settings (and their subsettings) for agent management purposes:

20. Expand the local computer policy tree to Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profiles. Ensure the Domain Profiles folder is selected.

(32)

21. Disable the Windows Firewall: Do not allow exceptions setting.

a) From the main pane, right-click Windows Firewall: Do not all exceptions and select Properties. Step Result: The exception dialog opens.

b) Ensure the Disabled option is selected. c) Click OK.

Step Result: The Windows Firewall: Do not allow exceptions setting is configured. 22. Configure the Windows Firewall: Allow remote administration exceptions setting.

a) From the main pane, right-click Windows Firewall: Allow remote administration exceptions and select Properties.

Step Result: The setting dialog opens. b) Ensure the Enabled option is selected.

c) [Optional] Define an IP range in the Allow unsolicited incoming messages from field. Lumension recommends defining this field using your Lumension EMSS Server IP address.

To define a range, you may use the following syntax. This input is not validated. • * (any IP address)

• 10.3.2.0/24 (specific Class C subnet)

• localsubnet (for local subnetwork access only) d) Click OK.

Step Result: The Windows Firewall: Allow remote administration exceptions setting is configured for agent management.

23. Configure the Windows Firewall: Allow file and printer sharing exceptions setting.

a) From the main pane, right-click Windows Firewall: Allow file and printer sharing exceptions and select Properties.

Step Result: The Windows Firewall: Allow file and printer sharing exceptions setting is configured for agent management.

(33)

24. Configure the Windows Firewall: Allow ICMP exception setting.

a) From the main pane, right-click Windows Firewall: Allow ICMP exceptions setting and select Properties.

c) Ensure the Allow inbound echo request check box is selected. d) Ensure all other check boxes are cleared.

e) Click OK.

Step Result: The Windows Firewall: Allow ICMP exceptions setting is configured.

After configuring firewall exceptions for the domain profile, you must also complete identical steps to configure firewall exceptions for your standard profile.

Configure the following settings (and their subsettings) for agent management purposes: • Windows Firewall: Do not allow exceptions

• Windows Firewall: Allow remote administration exception • Windows Firewall: Allow file and printer sharing exception • Windows Firewall: Allow ICMP exceptions

The following steps fully explain how to configure each setting.

25. Expand the local computer policy tree to Computer Configuration > Administrative Templates >

Network > Network Connections > Windows Firewall > Standard Profiles. Ensure the Standard Profiles folder is selected.

a) From the main pane, right-click Windows Firewall: Do not all exceptions and select Properties. Step Result: The exception dialog opens.

b) Ensure the Disabled option is selected. c) Click OK.

Step Result: The Windows Firewall: Do not allow exceptions setting is configured. 27. Configure the Windows Firewall: Allow remote administration exceptions setting.

a) From the main pane, right-click Windows Firewall: Allow remote administration exceptions and select Properties.

(34)

Step Result: The Windows Firewall: Allow remote administration exceptions setting is configured for agent management.

28. Configure the Windows Firewall: Allow file and printer sharing exceptions setting.

a) From the main pane, right-click Windows Firewall: Allow file and printer sharing exceptions and select Properties.

Step Result: The Windows Firewall: Allow file and printer sharing exceptions setting is configured for agent management.

a) From the main pane, right-click Windows Firewall: Allow ICMP exceptions setting and select Properties.

c) Ensure the Allow inbound echo request check box is selected. d) Ensure all other check boxes are cleared.

e) Click OK.

(35)

30. Close the Group Policy dialog. Step Result:

Note: The creation of Windows Firewall exceptions opens the following ports, which are required for job completion:

• 445/TCP • 139/UDP • 135/UDP • 137/UDP

Next, ensure your endpoint has an NTLM setting that is compatible with the Lumension EMSS server. You can define this setting for your endpoint within the Registry Editor.

32. In the Open field, type regedit and press ENTER. Step Result: The Registry Editor opens.

Figure 5: Registry Editor

33. In the tree panel, expand the registry to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control \Lsa. Ensure the Lsa folder is selected.

Step Result: The Lsa folder keys open in the main panel. 34. In the main panel, double-click lmcompatibilitylevel.

(36)

35. Ensure that the Value data field is set to one of the following values: • 3

• 5

If the field is not set correctly, complete the following substeps.

Note: Under most network conditions, a setting of 3 or 5 is sufficient. However, in some networks, this key may require a different value. To determine which value to use, refer to How to enable NTLM 2 authentication (http://support.microsoft.com/kb/239869).

a) In the Value data field, type 3 or 5 (unless another value is required). b) Click OK.

36. Close the Registry Editor.

Next, complete configuration of your endpoint by ensuring that the C$ and ADMIN$ network shares are enabled. These shares are required for agent management job completion.

Step Result: The Run prompt opens. 38. In the Open field, type cmd and press ENTER.

Step Result: The Command Prompt opens.

39. From the Command Prompt, type net share and press ENTER. Step Result: The endpoint network shares are listed.

40. Ensure that the following shares are listed in the Share name column. • C$

• ADMIN$

If they are already listed, proceed to the next step. If these shares are not listed, complete the following substeps to enable them. If one of the necessary shares is enabled but not the other, only enable the share that needs to be enabled.

a) From the Command Prompt, type the necessary command(s) to enable any required network shares. • To enable the C$ share, type NET SHARE C$=C and press ENTER.

• To enable the ADMIN$ share, type NET SHARE ADMIN$ and press ENTER.

Step Result: You have enabled the required share(s). All enabled shares remain active until the system reboots.

41. Close the Command Prompt.

(37)

For Windows Server 2003 and Windows XP 64-bit endpoints, ensure WMI Windows Installer Provider is installed. This Management and Monitoring Tool is used to complete agent management uninstall jobs. The tool is not installed by default on these operating systems. Windows XP 32-bit endpoints come with this tool installed by default.

Note: These steps apply only to Windows Server 2003 and Windows XP 64-bit endpoints. You do not have to complete these steps for Windows XP 32-bit endpoints.

42. Select Start > Control Panel. Step Result: Control Panel opens.

43. Double-click Add or Remove Programs.

Step Result: The Add or Remove Programs dialog opens. 44. Click Add/Remove Windows Components.

Step Result: The Windows Components Wizard opens.

45. Select Management and Monitoring Tools and ensure the check box is selected. 46. Click Details.

Step Result: The Management and Monitoring Tools dialog opens.

47. Ensure the WMI Windows Installer Provider check box is selected and click OK.

Tip: If Management and Monitoring Tools and WMI Windows Installer Provider are already installed, you do not need to complete the remaining steps. Continue to the end of the procedure.

48. Click Next.

Step Result: Installation of WMI Windows Installer Provider begins.

49. When prompted, insert your Windows installation disc and continue the install. Repeat this step as needed. Step Result: Installation continues.

50. Click Finish and restart the endpoint.

Result: The endpoint is configured for agent management.

Configuring Vista or Later Endpoints for Agent Management Jobs

Before you can remotely install agents on your Windows Vista or later endpoints, you must first configure your endpoints for agent management jobs. Endpoint configuration for agent management includes starting the

(38)

required services; editing your sharing and discovery settings; creating firewall exceptions; and enabling network shares.

Note: If your organization uses a third-party firewall:

• Do not complete the steps in this procedure for creating Windows Firewall exceptions. Your third-party firewall makes them unnecessary.

• You must create exceptions for Lumension EMSS within you third-party firewall. For additional information, refer to Port and ICMP Requirements for Agent Management Jobs on page 25.

You can perform these steps on endpoints with the following operating systems: • Windows Vista

• Windows 7 • Windows 8

• Windows Server 2008 • Windows Server 2012

First, ensure that the services necessary for successful agent management are started. 1. Open Control Panel.

Operating System Steps

Windows Vista, Windows 7, or Windows Server 2008

Select Start > Control Panel. Windows 8 or Windows Server

2012 1. Press the Windows Logo key._{2. Type}_{Control Panel and press ENTER.}

Step Result: Control Panel opens.

2. Ensure Control Panel is set to the Control Panel Home or Category view.

If Control Panel is already in this view, procede to the next step. If it is not set to this view, complete the step applicable to your operating system.

Operating System Step

Windows Vista or Windows Server 2008

Click Control Panel Home. Windows 7, Windows 8, or

Windows Server 2012

(39)

3. Open your system settings.

Operating System Step

Windows Vista or Windows Server 2008

Click System and Maintenance. Windows 7, Windows 8, or

Windows Server 2012

Click System and Security.

Step Result: Control Panel opens to the system options.

4. Click Administrative Tools.

Step Result: The Administrative Tools dialog opens. 5. Double-click Services.

Step Result: The Services dialog opens.

(40)

6. Ensure the necessary services are started.

The following list itemizes the services that must be started for job completion.

Note: In environments that use a third-party firewall, ensure the Windows Firewall service is instead disabled.

• DCOM Server Process Launcher • Remote Procedure Call (RPC) • Server

• Windows Firewall

• Windows Management Instrumentation

If all of the listed services required for your configuration purposes have a Server status of Started, continue to the next step. If any of the listed services for your configuration purposes are not started, complete the following substeps to start them.

a) Right-click the applicable service and select Properties. Step Result: The properties dialog for the service opens.

b) Ensure the Startup type list is set to Automatic. If edits are necessary, click Apply after selecting Automatic from the list.

c) Click Start.

Step Result: The service starts. d) Click OK

Step Result: The properties dialog for the service closes. e) If necessary, repeat the substeps for each unstarted service. 7. Close the Services dialog and the Administrative Tools dialog.

Tip: Leave Control Panel open.

Next, ensure your Sharing and Discovery settings are configured to allow network discovery and file sharing. The discovery setting allows the endpoint to be seen by the Lumension EMSS server, while the file sharing setting allows the Lumension EMSS server access to install the agent during agent management.

8. From Control Panel, click Network and Internet.

Step Result: Control Panel opens to the Network and Internet options.

9. Click Network and Sharing Center.

(41)

10. Ensure Network discovery is enabled. Enabling this setting makes the endpoint publically known within network. Lumension EMSS uses the information shared by this setting to return more detailed information about the endpoint during discovery scanning.

Based on the endpoint operating system, complete the applicable substeps that follow.

Operating System Substep

Windows Vista or Windows

Server 2008: 1. Click the arrow icon adjacent to Network discovery._{2. Ensure the Turn on network discovery option is selected.} 3. If necessary, click Apply.

Windows 7: _{1. Click Change advanced sharing settings.} 2. Expand one of the following sections:

• Home or Work • Public

• Domain

3. Scroll to Network discovery.

4. Ensure the Turn on network discovery option is selected. 5. If necessary, click Save Changes.

6. Repeat these substeps for each profile section. Windows 8 or Windows Server

2012: 1. Click Change advanced sharing settings._{2. Expand one of the following sections:} • Private

• Guest or Public • Domain

3. Scroll to Network discovery.

4. Ensure the Turn on network discovery option is selected. 5. Ensure the Turn on automatic setup of network connected

devices option is cleared.

6. If necessary, click Save Changes.

(42)

11. Ensure File sharing is enabled.

Based on the endpoint operating system, complete the applicable substeps that follow.

Windows Vista and Windows

Server 2008: 1. Click the arrow icon adjacent to File Sharing._{2. Ensure the Turn on file sharing option is selected.} 3. If necessary, click Apply.

Windows 7: _{1. Ensure you have clicked Advanced sharing settings.} 2. Expand one of the following sections:

• Home or Work • Public

• Domain

3. Scroll to File and printer sharing.

4. Ensure the Turn on file and printer sharing option is selected. 5. If necessary, click Save Changes.

6. Repeat these substeps for each profile section. Windows 8 or Windows Server

2012: 1. Click Change advanced sharing settings._{2. Expand one of the following sections:} • Private

• Guest or Public • Domain

3. Scroll to File and printer.

4. Ensure the Turn on file and printer sharing option is selected. 5. If necessary, click Save Changes.

6. Repeat these substeps for each profile section.

12. Close Network and Sharing Center.

Step Result: Network and Sharing Center closes.

Next, ensure Windows Firewall is configured to allow exceptions for agent management jobs. A Windows Firewall that does not allow exceptions will block pings and other agent management processes. Ensure that firewall exceptions are in place for successfull agent management.

(43)

Create the firewall exceptions using the Local Group Policy Editor. Create exceptions for both the standard and domain profiles.

Note: In environments using a third-party firewall, do not complete the steps to create Windows Firewall exceptions. Instead, complete create exceptions in your third-party firewall. For additional information, refer to Port and ICMP Requirements for Agent Management Jobs on page 25.

13. Open a run prompt.

Windows Vista, Windows 7,

and Windows Server 2008: 1. Select the Start menu._{2. Type}_{run in the Search field and press ENTER.} Windows 8 or Windows Server

2012: 1. Press the Windows Logo key._{2. Type}_run_{and press ENTER.}

14. Type gpedit.msc in the Open field and press ENTER. Step Result: The Local Group Policy Editor opens.

Note: In Windows Vista, this dialog is called the Group Policy Object Editor.

Figure 7: Local Group Policy Editor

Next, ensure firewall exceptions are created for the domain profile. These settings allow the Lumension EMSS server to access the endpoint through the firewall.

(44)

Ensure the following settings (and their subsettings) are configured for agent management jobs: • Windows Firewall: Do not allow exceptions

• Windows Firewall: Allow inbound file and printer sharing exception • Windows Firewall: Allow ICMP exceptions

• Windows Firewall: Allow inbound remote administration exception

Configure the following settings (and their subsettings) for agent management purposes:

15. Expand the local computer policy tree to Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profiles. Ensure the Domain Profiles folder is selected.

a) From the main pane, right-click Windows Firewall: Do not all exceptions and select Edit (or Properties).

Step Result: The setting dialog opens. b) Ensure the Disabled option is selected. c) Click OK.

Step Result: The Windows Firewall: Do not allow exceptions setting is configured for agent management.

17. Configure the Windows Firewall: Allow inbound file and printer sharing exceptions setting.

a) From the main pane, right-click Windows Firewall: Allow inbound file and printer sharing exceptions and select Edit (or Properties).

Step Result: The Windows Firewall: Allow inbound file and printer sharing exceptions setting is configured for agent management.

(45)

a) From the main pane, right-click Windows Firewall: Allow ICMP exceptions setting and select Edit (or Properties).

c) Within Options, ensure the Allow inbound echo request check box is selected. d) Within Options, ensure all other check boxes are cleared.

e) Click OK.

Step Result: The Windows Firewall: Allow ICMP exceptions setting is configured for agent management.

19. Configure the Windows Firewall: Allow inbound remote administration exceptions setting.

a) From the main pane, right-click Windows Firewall: Allow inbound remote administration exceptions and select Edit (or Properties).

Step Result: The Windows Firewall: Allow inbound remote administration exceptions setting is configured for agent management.

As with the domain profile Window Firewall settings, you must enable or disable identical settings (and subsettings) within the standard profile.

Configure the following settings (and their subsettings) for agent management jobs: • Windows Firewall: Do not allow exceptions

• Windows Firewall: Allow inbound file and printer sharing exception • Windows Firewall: Allow ICMP exceptions

• Windows Firewall: Allow inbound remote administration exception The following steps fully explain how to configure each setting.

20. Expand the local computer policy tree to Computer Configuration > Administrative Templates >

Network > Network Connections > Windows Firewall > Standard Profiles. Ensure the Standard Profiles folder is selected.

(46)

a) From the main pane, right-click Windows Firewall: Do not all exceptions and select Edit (or Properties).

Step Result: The setting dialog opens. b) Ensure the Disabled option is selected. c) Click OK.

Step Result: The Windows Firewall: Do not allow exceptions setting is configured for agent management.

22. Configure the Windows Firewall: Allow inbound file and printer sharing exceptions setting.

a) From the main pane, right-click Windows Firewall: Allow inbound file and printer sharing exceptions and select Edit (or Properties).

Step Result: The Windows Firewall: Allow inbound file and printer sharing exceptions setting is configured for agent management.

a) From the main pane, right-click Windows Firewall: Allow ICMP exceptions setting and select Edit (or Properties).

c) Within Options, ensure the Allow inbound echo request check box is selected. d) Within Options, ensure all other check boxes are cleared.

e) Click OK.

Step Result: The Windows Firewall: Allow ICMP exceptions setting is configured for agent management.

(47)

24. Configure the Windows Firewall: Allow inbound remote administration exceptions setting.

a) From the main pane, right-click Windows Firewall: Allow inbound remote administration exceptions and select Edit (or Properties).

Step Result: The Windows Firewall: Allow inbound remote administration exceptions setting is configured for agent management.

25. Close the Local Group Policy Editior (or the Group Policy Object Editor). Step Result:

Note: The creation of Windows Firewall exceptions opens the following ports, which are required for job completion:

• 445/TCP • 139/UDP • 135/UDP • 137/UDP

Finally, complete configuration of your endpoint for agent management by verifying that the C$ and ADMIN$ network shares are enabled. These shares are required for agent management job completion.

26. Open the Command Prompt.

Windows Vista, Windows 7,

and Windows Server 2008: 1. Select the Start menu._{2. Type}_{cmd in the Search field and press ENTER.} Windows 8 or Windows Server

(48)

27. From the Command Prompt, type net share and press ENTER. Step Result: The endpoint network shares are listed.

28. Ensure that the following shares are listed in the Share name column. • C$

• ADMIN$

If they are already listed, proceed to the next step. If these shares are not listed, complete the following substeps to enable them. If one of the necessary shares is enabled but not the other, only enable the share that needs to be enabled.

a) From the Command Prompt, type the necessary command(s) to enable any required network shares. • To enable the C$ share, type NET SHARE C$=C and press ENTER.

• To enable the ADMIN$ share, type NET SHARE ADMIN$ and press ENTER.

Step Result: You have enabled the required share(s). All enabled shares remain active until the system reboots.

29. Close the Command Prompt.

Step Result: The Command Prompt closes.

Agent Install Guide. Lumension Endpoint Management and Security Suite 7.3

Table of Contents

About This Document

Typographical Conventions

Contacting Lumension

1

Agent Requirements

Supported Endpoint Operating Systems

Agent Supported Locales

Agent Supported Languages

Requirements

Agent for Windows

Agent for Linux, UNIX, and Mac

2

Introduction and Installation Methods

About the Lumension EMSS Agent

Selecting an Agent Installation Method

Additional Installation Methods

3

Installing Agents by Agent Management Jobs

About Agent Management Jobs

Preparing for Agent Installation by Agent Management Jobs

Port and ICMP Requirements for Agent Management Jobs

Configuring the Lumension EMSS Server for Discovery Scanning

Configuring Windows XP and Windows Server 2003 Endpoints for

Agent Management Jobs

Configuring Vista or Later Endpoints for Agent Management Jobs