Professional Documents
Culture Documents
Integration Component
Administrator Guide
Version 7.0
Information in this document is subject to change without notice. No part of this document may be reproduced or
transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written
permission of Symantec Corporation.
2009 Symantec Corporation. All rights reserved.
Authenti-Check is a registered trademark of GuardianEdge Technologies Inc. Microsoft, Active Directory, Windows,
and Windows XP are either registered trademarks or trademarks of Microsoft Corporation. Altiris is a registered
trademark of Symantec Corporation. Any other trademarks used herein are the property of their respective owners
and are hereby acknowledged. Other product and company names mentioned herein may be the trademarks of their
respective owners.
Printed in the United States of America.
Administrator Guide
Contents
Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Altiris Console Computer(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Client Computer(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Encrypted Database Communication Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Altiris Connector Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
SEE Framework Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
SEE Full Disk Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
SEE Removable Storage Integration Component. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Restart Internet Information Services (IIS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Restart Altiris Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Database Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Client Installation Package Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4. Client Installation Package Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Create a Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Assign the Program and Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Adjust Program Name and MSIEXEC Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Verify Package Source and Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
5. Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Altiris Notification Server Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
SEE Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Symantec Endpoint Encryption Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Restart Server and Resync Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
SEE Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Create a Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Assign the Program and Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Adjust Program Name and MSIEXEC Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
6. Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
SEE Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
iii
Administrator Guide
Contents
7. Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Full Disk Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Clients Without SEE Full Disk Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Disk Encryption Status - # of Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Disk Encryption Status - Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Installation Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Installed Software by OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Installed Software by SEE Full Disk Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Last Check-In Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Removable Storage Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Clients Without SEE Removable Storage Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Installation Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Installed Software by OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Installed Software by SEE Removable Storage Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Last Check-In Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Removable Storage Encryption Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Removable Storage Portability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Removable Storage Recovery Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Users and Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Client Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Registered Users - # of Registered Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Registered Users - Date of Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
8. Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Appendix A. Altiris Tables & Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
iv
Administrator Guide
Figures
Figures
Figure 2.1Restarting IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Figure 2.2Stop/Start/Restart Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Figure 2.3Shutting Down Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Figure 2.4Restarting the Altiris Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Figure 2.5Restart Other Services Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Figure 2.6Service Control Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Figure 2.7SEE Database Synchronization Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Figure 3.1Installation Package Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Figure 3.2Save Client Installation Package Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Figure 4.1SEE Framework Client Installer, Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Figure 4.2SEE Framework Client Installer Program, Programs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Figure 4.3SEE Framework Client Installer Package, Package Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Figure 5.1SEE Framework Client Installer Program, Programs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Figure 6.1Uninstalling Altiris Connector Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Figure 7.1Symantec Endpoint Encryption Integration Component Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Figure 8.1Full Disk Client Installer Package Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Administrator Guide
Introduction
1. Introduction
Overview
The Symantec Endpoint Encryption Integration Component extends the Altiris Asset Management Solution, allowing
administrators to use the Altiris Console to perform the following tasks:
Create Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage client
installation packages.
Deploy Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage client
installation packages.
Upgrade Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage
clients.
Uninstall Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage
clients.
Run reports.
In addition, detailed information about each client installation package created with the Altiris Console will be
available from the Altiris Log Viewer.
System Requirements
Basics
An Active Directory domain is required.
Edition(s)
Service Pack(s)
Additional Software
Altiris Notification Server 7.0.4739
SQL Server 2005 Standard or Enterprise Edition
Standard or Enterprise
SP1 or SP2
Edition(s)
Service Pack(s)
Additional Software
Windows XP*
Professional or Tablet
SP1, SP2, or
SP3
CAPICOM 2.1.0.2
Windows Vista*
Business, Ultimate, or
Enterprise
None, SP1, or
SP2
CAPICOM 2.1.0.2
Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
Administrator Guide
Introduction
Client Computer(s)
Operating System
Edition(s)
Service Pack(s)
Additional Software
Windows XP
Professional or Tablet
Windows Vista
Administrator Guide
Administrator Guide
4. The Ready to Install the Application page displays. Click Next. The Updating System screen displays progress
during installation. When installation has finished, the completion screen is displayed.
5. Click Finish to exit the Removable Storage Integration Component installer.
Administrator Guide
Administrator Guide
Database Configuration
Initial installations of the Symantec Endpoint Encryption Integration Component require a one-time configuration of
the database settings using the SEE Database Synchronization panel. You must input the same settings that were
specified when the SEE Management Server was installed.
Once the database settings have been configured, data reported by Client Computers to the SEE Management Server
will be periodically copied to the Altiris Notification Server, allowing Altiris Console reports to display Client
Computer status information.
Administrator Guide
To configure the database settings, click Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The
Altiris Console opens. Click Settings, then click Symantec Endpoint Encryption Data Protection. In the left pane,
expand Symantec Endpoint Encryption Data Protection and click on SEE Database Synchronization.
Administrator Guide
Type the name of the SEE database, for example, SEEMSDb, in the Schema Name box.
Type the user name of the database communication account in the User Name box. This Microsoft SQL Server
account was created during the installation of the SEE Management Server.
Type the password of the database communication account in the Password box.
Click Enable TLS/SSL to encrypt all communications between the Altiris Notification Server and the SEE database.
Ensure that you are in compliance with the prerequisites (see Encrypted Database Communication Prerequisites on
page 2).
Once you have finished making your changes, click Apply.
Edit the number in the Polling Interval box to adjust the interval between updates. For example, if you type 15, the
Altiris Notification Server will synchronize with the SEE Management Server every 15 minutes. Values from 10
minutes to 10,080 minutes (one week) are accepted.
Click Synchronize Now to effect an immediate update. The SEE Database Synchronization page will update with
status information as the operation proceeds, and the date and time of last synchronization will be shown when the
update has completed successfully.
You can verify that successful synchronization has taken place by running a report from the Altiris Console.
Existing SEE Client Computers with records in the SEE database will be displayed in the report.
With the Symantec Endpoint Encryption Integration Component now installed and the database settings configured,
you can now create and deploy client installation packages.
Administrator Guide
Administrator Guide
The following table lists the default MSI names generated by each wizard and the location to which they are saved.
Table 3.1Wizard, MSI Name, and Destination
Wizard
Destination
SEE Framework
SEE Removable
Storage
Symantec recommends saving each client installation package with a unique and descriptive name. Saving a
client installation package with a unique name automatically creates a new program whose name is based on
the client installation package name. For example, an SEE Framework client installation package saved as
SEE-FR Client Installer for laptops (mm-dd-yy).msi will be displayed with the same name in the drop-down
menu at the top of the Programs tab of the SEE Framework client installation package (see Upgrades on
page 15) as well as in the Program name drop-downs of any software delivery tasks that are part of the SEE
Framework client installation package, such as the Install SEE Framework Clients task and the Upgrade SEE
Framework Clients task. Establishing a unique name for a particular client installation package makes it more
readily identifiable later on when selecting from among several program names within a software delivery
task.
10
Administrator Guide
Sequencing
The clients must be deployed to install Symantec Endpoint Encryption Framework Client.msi first.
The Symantec Endpoint Encryption Full Disk Edition Client.msi and/or Symantec Endpoint Encryption - Removable
Storage Edition Client.msi packages must be executed following the successful completion of the Symantec Endpoint
Encryption Framework Client.msi package.
If youre deploying multiple sets of SEE client installer MSIs filtered to different groups of computers, create a new
software delivery task for each set and name it according to the specific combination of client installer MSI and filter.
This will allow you to maintain a traceable workflow detailing which client installer MSIs have been deployed, and
where.
11
Administrator Guide
Click Apply to, then click Quick apply. In the Quick apply dialog, type the name of a group, filter, or target you
want to apply the program to, or select one from the drop-down list. For example, you may have previously created a
filter named All Laptops that includes all laptop computers and excludes all desktop computers. Click Apply.
12
Administrator Guide
In the right pane, click on the Programs tab. From the drop-down list at the top of the tab, choose the program with
the same name as the MSI package you created earlier, for example, SEE-FR Client Installer for laptops (mm-ddyy).msi.
13
Administrator Guide
14
Administrator Guide
Upgrades
5. Upgrades
Overview
Upgrades from Symantec Endpoint Encryption Integration Component 7.0.2 are supported.
Upgrades from Symantec Endpoint Encryption Integration Component 7.0.2 to Symantec Endpoint Encryption
Integration Component 7.0.3 must be performed in the following sequence:
1. Upgrade Altiris Notification Server 6.0 or 6.5 to Altiris Notification Server 7.0.
2. Upgrade the SEE Manager.
3. Upgrade all Symantec Endpoint Encryption Integration Component components.
4. Restart IIS and initiate a database synchronization operation.
5. Upgrade existing SEE Framework 7.0.0 or later, SEE Full Disk 7.0.0 or later, and SEE Removable Storage Client
7.0.0 or later Client Computers.
SEE Manager
See the SEE Full Disk or SEE Removable Storage Installation Guide for instructions on how to upgrade the SEE
Manager.
15
Administrator Guide
Upgrades
page status information indicates successful completion of the operation, you are ready to create the client installation
upgrade packages.
Sequencing
The clients must be deployed to execute Symantec Endpoint Encryption Framework Client.msi first.
The Symantec Endpoint Encryption Full Disk Edition Client.msi and/or Symantec Endpoint Encryption - Removable
Storage Edition Client.msi upgrade packages must be executed following the successful completion of the Symantec
Endpoint Encryption Framework Client.msi package.
16
Administrator Guide
Upgrades
In the right pane, click on the Programs tab. From the drop-down list at the top of the tab, choose the program with
the same name as the MSI package you created earlier, for example, SEE-FR Client Upgrade for laptops (mm-ddyy).msi.
See the Upgrades chapter of the SEE Full Disk or SEE Removable Storage Installation Guide for a discussion of the
suggested MSI commands for upgrading each client installation package, as well as the list of supported MSIEXEC
parameters.
Once you have made the necessary modifications to the MSIEXEC parameters, click Save changes.
Begin deployment of the client installer MSI to the selected filter of client computers by enabling the software
delivery task. In the left pane, right-click the software delivery task named Upgrade SEE-FR Client on all Laptops,
then click Enable.
Repeat this process for the SEE Full Disk and/or SEE Removable Storage client installer upgrade package(s).
17
Administrator Guide
Uninstallation
6. Uninstallation
Overview
This section describes how to uninstall the Symantec Endpoint Encryption Integration Component components and
the SEE client software.
Uninstallation of the Symantec Endpoint Encryption Integration Component components will not delete any
SEE client installer packages created using the Installation Package Creation wizards.
18
Administrator Guide
Reporting
7. Reporting
Overview
Symantec Endpoint Encryption Integration Component complements Altiris Notification Consoles native reporting
capability by providing a number of reports that help you keep track of SEE Full Disk and SEE Removable Storage
clients on your network.
The reports query the Altiris Notification Server database, which is synchronized with the SEE database according to
the polling interval defined during installation (Database Configuration on page 6). You can click Synchronize
Now in the SEE Database Synchronization panel to ensure that you have the latest data.
The Symantec Endpoint Encryption Integration Component Reports are divided into three categories:
Full Disk Encryption,
Removable Storage Encryption, and
Users and Administrators.
To access the Symantec Endpoint Encryption Integration Component Reports, open the Altiris Console and click on
Reports, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint
Encryption Data Protection, expand one of the three report categories, and click on one of the reports.
19
Administrator Guide
Reporting
computers may or may not have SEE Full Disk installed. Only the computer name and directory service location
of these computers will be available.
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.1Full Disk: Clients Without SEE Full Disk Installed Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
Hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this filter
will be retrieved.
OS Name
[All]
[Empty]
Retrieve the records of clients that report their operating system as an empty
string.
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for each
discovered domain. Select one of the domains to obtain only the records of
clients that are members of it.
Retrieved Data
The report will return the following information about the computers that fall within the query parameters:
Computer Name;
Domain; and
OS name.
20
Administrator Guide
Reporting
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
Hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Minimum
Number of
Partitions
number
Maximum
Number of
Partitions
number
OS Name
[All]
[Empty]
Retrieve the records of clients that report their operating system as an empty
string.
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple Operating System entries, one for
each discovered domain. Select one of the domains to obtain only the records
of clients that are members of it.
Retrieved Data
The report will return a list of computers showing the following data:
Computer Name;
Encrypted Volumes;
Encrypting Volumes;
Decrypted Volumes;
Decrypting Volumes;
Domain; and
21
Administrator Guide
Reporting
OS name.
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Encryption
Status
All
Encrypted
Encrypting
Retrieve the records of clients with one or more partitions in the process of
being encrypted.
Decrypted
Decrypting
Retrieve the records of clients with one or more partitions in the process of
being decrypted
[All]
[Empty]
Retrieve the records of clients that report their operating system as an empty
string.
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for each
discovered domain. Select one of the domains to obtain only the records of
clients that are members of it.
OS Name
Retrieved Data
The report will return a list of computers showing the following data:
Computer Name;
Encrypted Volumes;
22
Administrator Guide
Reporting
Encrypting Volumes;
Decrypted Volumes;
Decrypting Volumes;
Domain; and
OS name.
Installation Status
Basics
The Installation Status report will retrieve the records of SEE Full Diskprotected computers that have reported in to
the SEE Management Server. These results can be filtered according to when SEE Full Disk was installed.
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.4Full Disk: Installation Status Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
OS Name
[All]
[Empty]
Retrieve the records of clients that report their operating system as an empty
string.
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for each
discovered domain. Select one of the domains to obtain only the records of
clients that are members of it.
Install
Start DateTime
yyyy-mm-dd
Retrieve clients with a SEE Full Disk install date that is the same as or later
than that date and time specified.
Install End
Date-Time
yyyy-mm-dd
Retrieve clients with a SEE Full Disk install date that is the same as or no
later than that date and time specified.
Computer
Name
partial computer
name%
23
Administrator Guide
Reporting
Retrieved Data
The report will return a list of computers showing the following data:
Computer Name;
Version;
Install Date-Time;
Encrypted Volumes;
Encrypting Volumes;
Decrypted Volumes;
Decrypting Volumes;
Domain; and
OS name.
Installed Software by OS
Basics
The Installed Software by OS report will identify how many clients of a given operating system that have reported in
to the SEE Management Server are protected by SEE Full Disk.
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.5Full Disk: Installed Software by OS Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Filter
Retrieved Data
The report will show the following data:
OS Name;
Domain;
Number of Discovered Endpoints;
Number of Endpoints with Full Disk Encryption; and
Percentage installed.
The percentage installed result will reflect the number of discovered endpoints divided by the number of endpoints
with SEE Full Disk.
24
Administrator Guide
Reporting
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Filter
Retrieved Data
The report will return a list of computers showing the following data:
Version;
Domain; and
Full Disk Client Count.
in with the SEE Management Server. Only the computer name and directory service location of these computers
will be available.
If the client has checked in, you will be able to filter the results according to when it did so.
25
Administrator Guide
Reporting
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.7Full Disk: Last Check-In Status Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Have/have not
checked in
Have
Select to retrieve only the records of clients that have checked in with the
SEE Management Server.
Have Not
Select to retrieve the records of clients that reside on a forest or tree that is
synchronized with the SEE Management Server and have not checked in
with the SEE Management Server.
Since
number
Enter the number that corresponds to your specified time unit. For
example, if you wish to retrieve the records of clients that have checked in
within the last 20 days, type 20.
Units
Hour|Day|Week|
Month|Quarter|
Year
Select the unit of time that corresponds to your specified date range. For
example, if you wish to retrieve the records of clients that have checked in
within the last 20 days, select Day.
OS Name
[All]
[Empty]
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for
each discovered domain. Select one of the domains to obtain only the
records of clients that are members of it.
Data Retrieved
The report will return a list of computers showing the following data:
Computer Name;
Last Check-In;
Registered Users;
Domain; and
OS name.
26
Administrator Guide
Reporting
computers may or may not have SEE Removable Storage installed. Only the computer name and directory service
location of these computers will be available.
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.8Removable Storage: Clients Without SEE Removable Storage Installed Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this filter
will be retrieved.
OS Name
[All]
[Empty]
Retrieve the records of clients that report their operating system as an empty
string.
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for each
discovered domain. Select one of the domains to obtain only the records of
clients that are members of it.
Data Retrieved
The report will return a list of computers showing the following data:
Computer Name;
Domain; and
OS name.
27
Administrator Guide
Reporting
Installation Status
Basics
The Installation Status report will retrieve the records of SEE Removable Storageprotected computers that have
reported in to the SEE Management Server. These results can be filtered according to when SEE Removable Storage
was installed.
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.9Removable Storage: Installation Status Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
OS Name
[All]
[Empty]
Retrieve the records of clients that report their operating system as an empty
string.
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for each
discovered domain. Select one of the domains to obtain only the records of
clients that are members of it.
Install
Start DateTime
yyyy-mm-dd
Retrieve clients with a SEE Removable Storage install date that is the same as
or later than that date and time specified.
Install End
Date-Time
yyyy-mm-dd
Retrieve clients with a SEE Removable Storage install date that is the same as
or no later than that date and time specified.
Computer
Name
partial computer
name%
Retrieved Data
The report will return a list of computers showing the following data:
Computer Name;
Version;
Install Date-Time;
28
Administrator Guide
Reporting
Domain; and
OS name.
Installed Software by OS
Basics
The Installed Software by OS report will identify how many clients of a given operating system that have reported in
to the SEE Management Server are protected by SEE Removable Storage.
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.10Removable Storage: Installed Software by Operating System Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Filter
Retrieved Data
The report will show the following data:
OS Name;
Domain;
Number of Discovered Endpoints;
Number of Endpoints with Removable Storage Encryption; and
Percentage installed.
The percentage installed result will reflect the number of discovered endpoints divided by the number of endpoints
with SEE Removable Storage.
29
Administrator Guide
Reporting
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.11Full Disk: Installed Software by SEE Removable Storage Version Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Filter
Retrieved Data
The report will return a list of computers showing the following data:
Version;
Domain; and
Removable Storage Client Count.
Server; or
Clients that reside on a forest or tree that is synchronized with the SEE Management Server and have not checked
in with the SEE Management Server. Only the computer name and directory service location of these clients will
be available.
If the client has checked in, you will be able to filter the results according to when it did so.
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.12Removable Storage: Last Check-In Status Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Filter
30
Administrator Guide
Reporting
Value
Explanation
Have/have not
checked in
Have
Select to retrieve only the records of clients that have checked in with the
SEE Management Server.
Have Not
Select to retrieve the records of clients that reside on a forest or tree that is
synchronized with the SEE Management Server and have not checked in
with the SEE Management Server.
Since
number
Enter the number that corresponds to your specified time unit. For
example, if you wish to retrieve the records of clients that have checked in
within the last 20 days, type 20.
Units
Hour|Day|Week|
Month|Quarter|
Year
Select the unit of time that corresponds to your specified date range. For
example, if you wish to retrieve the records of clients that have checked in
within the last 20 days, select Day.
OS Name
[All]
[Empty]
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for
each discovered domain. Select one of the domains to obtain only the
records of clients that are members of it.
Data Retrieved
The report will return a list of computers showing the following data:
Computer Name;
Last Check-In;
Registered Users;
Domain; and
OS name.
31
Administrator Guide
Reporting
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.13Removable Storage: Removable Storage Encryption Policy Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Encryption
Policy
[All]
Write
unencrypted
Retrieve the records of clients that are allowing both read and write access
and are not encrypting files.
Encrypt new
files
Retrieve the records of clients that are allowing both read and write access
and are encrypting new files written to removable media.
Retrieve the records of clients that are allowing both read and write access
and are encrypting all files.
Read only
Retrieve the records of clients that are enforcing a read-only access policy.
No access
[All]
No encryption
Password
Retrieve the records of clients that allow users to encrypt with passwords.
Certificate
Retrieve the records of clients that allow users to encrypt with certificates.
Any
[All]
[Empty]
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for
each discovered domain. Select one of the domains to obtain only the
records of clients that are members of it.
Encryption
Method
OS Name
Data Retrieved
The report will return a list of computers showing the following data:
Computer Name;
Encryption Policy;
32
Administrator Guide
Reporting
Encryption Method;
Domain; and
OS Name.
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Copy Access
Utility
Any
Do not filter the results according to whether or not the Removable Storage
Access Utility is being written to removable media.
Yes
No
Retrieve the records of clients that are not automatically writing the
Removable Storage Access Utility to removable media.
Any
Do not filter the results according to whether or not the clients are allowing
users to create self-extracting executables.
Yes
No
Retrieve the records of clients that do not allow users to create selfextracting executables.
Executables
Data Retrieved
The report will return a list of computers showing the following data:
Computer Name;
User Name;
Copy Access Utility;
Executables;
Encryption Policy;
33
Administrator Guide
Reporting
Encryption Method;
Domain; and
OS Name.
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Recovery
Certificate
Enabled
Any
Yes
No
All
No encryption
Password
Certificate
Any
Retrieve the records of clients that are using any encryption method.
[All]
[Empty]
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for
each discovered domain. Select one of the domains to obtain only the
records of clients that are members of it.
Encryption
Method
OS Name
34
Administrator Guide
Reporting
Data Retrieved
The report will return a list of computers showing the following data:
Computer Name;
Recovery Certificate Serial Number;
Encryption Policy;
Encryption Method;
Domain; and
OS Name.
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Authentication
Method
Any
Do not filter the results according to the authentication method used by its
Client Administrators.
Password
Token
Unauthenticated
35
Administrator Guide
Reporting
Value
Explanation
OS Name
[All]
[Empty]
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for
each discovered domain. Select one of the domains to obtain only the
records of clients that are members of it.
Data Retrieved
The report will return a list of computers showing the following data:
Computer Name;
Client Admin Name;
Authentication;
Domain; and
OS Name.
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Filter
36
Administrator Guide
Reporting
Value
Explanation
Authentication
Method
Any
Password
Token
Retrieve the records of clients with users that authenticate using a token.
Unauthenticated
Minimum
Number of
Registered
Users
number
Maximum
Number of
Registered
Users
number
OS Name
[All]
[Empty]
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for
each discovered domain. Select one of the domains to obtain only the
records of clients that are members of it.
Data Retrieved
The report will return a list of computers showing the following data:
Computer Name;
User Name;
User Type;
Authentication;
Registration Time;
Domain; and
OS Name.
37
Administrator Guide
Reporting
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.18Registered Users - Date of Registration Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]
[Null]
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Authentication
Method
Any
Do not filter the results according to the authentication method used by its
Client Administrators.
Password
Token
Retrieve the records of clients with users that authenticate using a token.
Unauthenticated
Registered
Since
number
Enter the number that corresponds to your specified time unit. For
example, if you wish to retrieve the records of client computers with users
that have registered within the last 20 days, type 20.
Units
Hour|Day|Week|
Month|Quarter|
Year
Select the unit of time that corresponds to your specified date range. For
example, if you wish to retrieve the records of client computers with users
that have registered within the last 20 days, select Day.
OS Name
[All]
[Empty]
[Null]
Unknown
Windows
operating system
This list will prepopulate with multiple operating system entries, one for
each discovered domain. Select one of the domains to obtain only the
records of clients that are members of it.
Data Retrieved
The report will return a list of computers showing the following data:
Computer Name;
User Name;
User Type;
Authentication;
38
Administrator Guide
Reporting
Registration Time;
Domain; and
OS Name.
39
Administrator Guide
Logging
8. Logging
The settings selected in the client installation packages will be logged and available for viewing within the Altiris Log
Viewer. To access these, click to open the Windows Start menu. Point to Programs, point to Altiris, point to
Diagnostics, and select Altiris Log Viewer.
Highlight the event that is of interest in order to view the specific installation settings that were selected in this
package.
40
Administrator Guide
Tables
The following table lists the database tables and elements of the Symantec Endpoint Encryption Integration
Component data.
Table A.1Database Tables, Elements, and Description
Table Name
Table Element
Description
Inv_EndPoint_Encryption
[_ResourceGuid]
Inv_EndPoint_Encryption
[EndPointGUID]
Inv_EndPoint_Encryption
[FR_Version]
Framework version
Inv_EndPoint_Encryption
[FR_InstallationTime]
Inv_EndPoint_Encryption
[FD_Version]
Inv_EndPoint_Encryption
[FD_InstallationTime]
Inv_EndPoint_Encryption
[RS_Version]
Inv_EndPoint_Encryption
[RS_InstallationTime]
Inv_EndPoint_Encryption
[LastCheckIn]
Inv_EndPoint_Encryption
[EncryptedVolumes]
Inv_EndPoint_Encryption
[EncryptingVolumes]
Inv_EndPoint_Encryption
[DecryptedVolumes]
Inv_EndPoint_Encryption
[DecryptingVolumes]
Inv_EndPoint_Encryption
[RSEncryptPolicyID]
Inv_EndPoint_Encryption
[RSEncryptMethodID]
Inv_EndPoint_Encryption
[MasterCert_Enabled]
Inv_EndPoint_Encryption
[MasterCertIificateID]
Inv_EndPoint_Encryption
[AccessUtilityEnabled]
Inv_EndPoint_Encryption
[IsDeleted]
Inv_EndPoint_Encryption
[RSExecutablesEnabled]
Inv_EndPoint_Encryption
[RSEncryptMethod]
Inv_EndPoint_Encryption
[RSEncryptPolicy]
Evt_EndPoint_Encryption_Users
[_ResourceGuid]
Evt_EndPoint_Encryption_Users
[UserName]
Evt_EndPoint_Encryption_Users
[DnsDomainName]
Evt_EndPoint_Encryption_Users
[UserTypeID]
Evt_EndPoint_Encryption_Users
[AuthenticationID]
Evt_EndPoint_Encryption_Users
[LastLogonTime]
Evt_EndPoint_Encryption_Users
[RegistrationTime]
Evt_EndPoint_Encryption_Users
[IsDeleted]
41
Administrator Guide
Table Element
Description
Evt_EndPoint_Encryption_Users
[UserType]
Evt_EndPoint_Encryption_Users
[AuthenticationMethod]
RSMasterCertificate
[CertificateID]
ID of the certificate
RSMasterCertificate
[SerialNumber]
RSMasterCertificate
[Issuer]
Methods
The following table lists the database methods of the Symantec Endpoint Encryption Integration Component schema.
Table A.2Database Schema, Methods
Method Name
Value
Description
GEUserAuthenticationMethod
Unauthenticated
GEUserAuthenticationMethod
Password
GEUserAuthenticationMethod
Token
GEUserType
Registered User
GEUserType
Client Administrator
RSEncryptionMethod
No encryption
RSEncryptionMethod
Password
RSEncryptionMethod
Certificate
RSEncryptionMethod
Any
RSEncryptionPolicy
Write unencrypted
RSEncryptionPolicy
RSEncryptionPolicy
RSEncryptionPolicy
Read only
RSEncryptionPolicy
No access
42