Installing a single-tier server on Windows
Symantec recommends that you disable any antivirus, pop-up blocker, and registry-protection software before you begin the
Symantec Data Loss Prevention
installation process.
Create the Enforce Reinstallation Resources file before starting the installation process. This file contains the unique
CryptoMasterKey.properties
file and keystore files for your Symantec Data Loss Prevention
deployment that you can use if you need to uninstall your deployment.The following instructions assume that the
SingleTierServer.msi
file, license file, and solution pack file have been copied into the c:\temp
directory on the Enforce Server. The installation process automatically generates log information saved to a file
MSI
(*
.log*
is replaced with random characters) in the %TEMP%
folder. You can change log file name and location by starting the installation from the command line by running the /L*v
option. See the example bellow:msiexec /i EnforceServer.msi /L*v c:\temp\enforce_install.log
. After you complete the Single Tier installation, you can find the installation log file at
c:\temp\
.You can complete the installation silently from the command line. Enter values with information specific to your installation for the following:
Command | Description |
|---|---|
INSTALLATION_DIRECTORY | Specifies where the Enforce Server is installed. The default location is C:\Program Files\Symantec\DataLossPrevention . |
DATA_DIRECTORY | Defines where Symantec Data Loss Prevention stores files that are updated while the Enforce Server is running (for example, logs and licenses). The default location is C:\ProgramData\Symantec\DataLossPrevention .If you do not use the default location, you must indicate a folder name for the data directory. If you set the data directory to the drive root (for example c:\ or e:\ ) you cannot successfully uninstall the program. |
JRE_DIRECTORY | Specifies where the JRE resides. |
FIPS_OPTION | Defines whether to disable ( Disabled ) or enable (Enabled ) FIPS encryption.The default is disabled. |
SERVICE_USER_USERNAME | Defines a name for the account that is used to manage Symantec Data Loss Prevention services. The default user name is “SymantecDLP.”Enter the user name you used in the previous Symantec Data Loss Prevention version. Leave this parameter blank if you used the default user name in the previous Symantec Data Loss Prevention version. The name you enter should match the user name you used when you installed Symantec Data Loss Prevention . If the user name does not match, add the new user name log on credentials to the DLP services after you complete the migration process. |
SERVICE_USER_PASSWORD | Defines the password for the account that is used to manage Symantec Data Loss Prevention services. |
ORACLE_HOME | Defines the Oracle Home Directory. For example, use c:\oracle\product\19.3.0.0\db_1 to define the home directory if you use the Oracle 19c database. |
ORACLE_HOST | Defines the IP address of the Oracle server computer. If you are running the Oracle database in a RAC environment, use the Scan Host IP address for Oracle Host, not the database IP address. |
ORACLE_PORT | Defines the Oracle listener port (typically 1521). |
ORACLE_USERNAME | Defines the Symantec Data Loss Prevention database user name. |
ORACLE_PASSWORD | Defines the Symantec Data Loss Prevention database password. |
ORACLE_SERVICE_NAME | Defines the database service name (typically “protect”). |
ADDITIONAL_LOCALE | Defines an additional locale for use by individual users. |
ENFORCE_ADMINISTRATOR_PASSWORD |
This parameter is required during the migration. |
The following is an example of what the completed command might look like. The command you use differs based on your implementation requirements. Using the following command as-is may cause the installation to fail.
msiexec /i SingleTierServer.msi /qn /norestart INSTALLATION_DIRECTORY="C:\Program Files\Symantec\DataLossPrevention" DATA_DIRECTORY="C:\ProgramData\Symantec\DataLossPrevention" JRE_DIRECTORY="C:\Program Files\AdoptOpenJRE\jdk8u322-b06-jre" FIPS_OPTION=Disabled SERVICE_USER_USERNAME=SymantecDLP SERVICE_USER_PASSWORD=Password ORACLE_HOME="C:\oracle\product\19.3.0.0\db_1" ORACLE_HOST=[IP or host name]ORACLE_USERNAME=protect ORACLE_PASSWORD=PasswordORACLE_SERVICE_NAME=protect
- Log on (or remote logon) as Administrator to the computer that is intended for theSymantec Data Loss Preventionsingle-tier installation.
- Copy theSymantec Data Loss Preventioninstaller (SingleTierServer.msi) fromto a local directory on the computer where you plan to install the single-tier system.DLPDownloadHome
- ClickStart > Run > Browseto navigate to the folder where you copied theSingleTierServer.msifile.
- Double-clickSingleTierServer.msito launch the installation wizard.A welcome notice appears.
- ClickNext.
- In theEnd-User License Agreementpanel, selectI accept the terms in the License Agreement, and clickNext.
- In theDestination Folderpanel, accept theSymantec Data Loss Preventiondefault destination directory and clickNext.Symantec recommends that you use the default destination directory. However, you can clickBrowseto navigate to a different installation location instead.Directory names, account names, passwords, IP addresses, and port numbers created or specified during the installation process must be entered in standard 7-bit ASCII characters only. Extended (hi-ASCII) and double-byte characters are not supported.
- In theData Directorypanel, accept the default data directory, or enter an alternate directory, and clickNext. The default data directory is:c:\ProgramData\Symantec\DataLossPrevention\
- In theJRE Directorypanel, clickBrowseand locate the JRE, and clickNext.
- In theFIPS Cryptography Modepanel, select whether to disable or enable FIPS encryption.
- In theService Userpanel, select an existing local or domain user account.
- ClickNext.
- In theUpdate Userpanel, confirm the account name and password.This account is used to manage updates sent to the detection server.
- In theOracle Database Server Informationpanel, enter theOracle Database Serverhost name or IP address and theOracle Listener Port.If you are running the Oracle database in a RAC environment, use the scan host IP address for the host, not the database IP address. Confirm that the scan host IP for RAC is accessible and that all of the nodes associated with it are running during the installation process.You also enter information in the following fields:Service NameEnter the database service name (typically “protect”).UsernameEnter theSymantec Data Loss Preventiondatabase user name.PasswordEnter theSymantec Data Loss Preventiondatabase password.Default values should already be present for these fields. Since this is a single-tier installation with the Oracle database on this same system, 127.0.0.1 is the correct value for Oracle Database Server Information and 1521 is the correct value for the Oracle Listener Port.
- ClickNext.
- In theAdditional Localepanel, select an alternate locale, or accept the default of None, and clickNext.Locale controls the format of numbers and dates, and how lists and reports are alphabetically sorted. If you accept the default choice of None, English is the locale for thisSymantec Data Loss Preventioninstallation. If you choose an alternate locale, that locale becomes the default for this installation, but individual users can select English as a locale for their use.See the .
- In theServer Bindingspanel, enter the following settings:
- Host. Enter the host name or IP address of the detection server.
- Port. Accept the default port number (8100) on which the detection server should accept connections from the Enforce Server. If you cannot use the default port, you can change it to any port higher than port 1024, in the range of 1024–65535.
- ClickInstallto begin the installation process.TheInstallingpanel appears, and displays a progress bar. After a successful installation, theCompletingpanel displays.
- If you have not done so already, run the Upgrade Readiness tool to confirm that the Oracle database is ready to be migrated to the new instance. If you have already run the Upgrade Readiness tool, skip this step.