Installing DLP Agents for Windows silently

You can use a silent installation process by using systems management software (SMS) to install DLP Agents to endpoints. You must always install the agent installation package from a local directory. If you do not install from a local directory, some functions of the DLP Agent are disabled.
These steps assume that you have generated the agent installation package. Generate the agent installation packages
Do not rename the
InstallAgent.bat
file for any reason. If you rename this file, your systems management software cannot recognize the file and the installation fails.
  1. Specify the
    InstallAgent.bat
    file in your systems management software package.
  2. Specify the
    InstallAgent.bat
    installation properties. The installation properties in the
    InstallAgent.bat
    file are based on entries and selections made during the agent installation packaging process. Symantec recommends that you do not update the installation properties.
    When you install the Symantec DLP Agent, your systems management software issues a command to the specified endpoints. The following table summarizes important commands:
    msiexec
    The Windows command for executing MSI packages.
    /i
    Specifies the name of the package.
    /q
    Specifies a silent install.
    You can remove this command to install an agent using the wizard. You might install using this method if you want to test the installation package when preparing to run a silent installation.
    ARPSYSTEMCOMPONENT
    Optional properties to
    msiexec
    .
    ENDPOINTSERVER
    The Endpoint Server to which agents will connect.
    This value is defined during the agent installation packaging process.
    SERVICENAME
    The agent service name. The default value is
    EDPA
    .
    INSTALLDIR
    The location where the agent is installed on the endpoint:
    C:\Program Files\Manufacturer\Symantec DLP Agent\
    .
    This value is defined during the agent installation packaging process.
    UNINSTALLPASSWORDKEY
    The password the administrator uses when uninstalling agents.
    This value is defined during the agent installation packaging process.
    WATCHDOGNAME
    The watchdog service name:
    WDP
    .
    TOOLS_KEY
    The password associated with the agent tools.
    This value is defined during the agent installation packaging process.
    ENDPOINT_CERTIFICATE
    The endpoint self-signed certificate file name:
    endpoint_cert.pem
    .
    This file is created during the agent installation packaging process.
    ENDPOINT_PRIVATEKEY
    The endpoint private key file name:
    endpoint_priv.pem
    .
    This file is created during the agent installation packaging process.
    ENDPOINT_TRUSTSTORE
    The endpoint trust store file to trust the server certificate (server public key):
    endpoint_truststore.pem
    .
    This file is created during the agent installation packaging process.
    ENDPOINT_PRIVATEKEY_PASSWORD
    The password associated with the agent certificates.
    The password is located in the
    endpoint_priv.pem
    file, which is created during the agent installation packaging process.
    The following is an example of what the completed command might look like:
    msiexec /i AgentInstall-x64_15_8.msi /q INSTALLDIR="C:\Program Files\Manufacturer\Symantec DLP Agent\" ARPSYSTEMCOMPONENT="1" ENDPOINTSERVER="epserver:8001" SERVICENAME="ENDPOINT" WATCHDOGNAME="WATCHDOG" UNINSTALLPASSWORDKEY="password" TOOLS_KEY="<tools key password>" ENDPOINT_CERTIFICATE="endpoint_cert.pem" ENDPOINT_PRIVATEKEY="endpoint_priv.pem" ENDPOINT_TRUSTSTORE="endpoint_truststore.pem" ENDPOINT_PRIVATEKEY_PASSWORD="<generated endpoint private key password>" VERIFY_SERVER_HOSTNAME="No" STARTSERVICE="Yes" ENABLEWATCHDOG="YES" LOGDETAILS="Yes" /log C:\installAgent.log
  3. Specify any optional properties for the
    msiexec
    utility.