Installing DLP Agents for Windows silently
You can use a silent installation process by using systems management software (SMS) to install DLP Agents to endpoints. You must always install the agent installation package from a local directory. If you do not install from a local directory, some functions of the DLP Agent are disabled.
These steps assume that you have generated the agent installation package. Generate the agent installation packages
Do not rename the
InstallAgent.bat
file for any reason. If you rename this file, your systems management software cannot recognize the file and the installation fails.- Specify theInstallAgent.batfile in your systems management software package.
- Specify theInstallAgent.batinstallation properties. The installation properties in theInstallAgent.batfile are based on entries and selections made during the agent installation packaging process. Symantec recommends that you do not update the installation properties.When you install the Symantec DLP Agent, your systems management software issues a command to the specified endpoints. The following table summarizes important commands:msiexecThe Windows command for executing MSI packages./iSpecifies the name of the package./qSpecifies a silent install.You can remove this command to install an agent using the wizard. You might install using this method if you want to test the installation package when preparing to run a silent installation.ARPSYSTEMCOMPONENTOptional properties tomsiexec.ENDPOINTSERVERThe Endpoint Server to which agents will connect.This value is defined during the agent installation packaging process.SERVICENAMEThe agent service name. The default value isEDPA.INSTALLDIRThe location where the agent is installed on the endpoint:C:\Program Files\Manufacturer\Symantec DLP Agent\.This value is defined during the agent installation packaging process.UNINSTALLPASSWORDKEYThe password the administrator uses when uninstalling agents.This value is defined during the agent installation packaging process.WATCHDOGNAMEThe watchdog service name:WDP.TOOLS_KEYThe password associated with the agent tools.This value is defined during the agent installation packaging process.ENDPOINT_CERTIFICATEThe endpoint self-signed certificate file name:endpoint_cert.pem.This file is created during the agent installation packaging process.ENDPOINT_PRIVATEKEYThe endpoint private key file name:endpoint_priv.pem.This file is created during the agent installation packaging process.ENDPOINT_TRUSTSTOREThe endpoint trust store file to trust the server certificate (server public key):endpoint_truststore.pem.This file is created during the agent installation packaging process.ENDPOINT_PRIVATEKEY_PASSWORDThe password associated with the agent certificates.The password is located in theendpoint_priv.pemfile, which is created during the agent installation packaging process.The following is an example of what the completed command might look like:msiexec /i AgentInstall-x64_15_8.msi /q INSTALLDIR="C:\Program Files\Manufacturer\Symantec DLP Agent\" ARPSYSTEMCOMPONENT="1" ENDPOINTSERVER="epserver:8001" SERVICENAME="ENDPOINT" WATCHDOGNAME="WATCHDOG" UNINSTALLPASSWORDKEY="password" TOOLS_KEY="<tools key password>" ENDPOINT_CERTIFICATE="endpoint_cert.pem" ENDPOINT_PRIVATEKEY="endpoint_priv.pem" ENDPOINT_TRUSTSTORE="endpoint_truststore.pem" ENDPOINT_PRIVATEKEY_PASSWORD="<generated endpoint private key password>" VERIFY_SERVER_HOSTNAME="No" STARTSERVICE="Yes" ENABLEWATCHDOG="YES" LOGDETAILS="Yes" /log C:\installAgent.log
- Specify any optional properties for themsiexecutility.