SEE-IC 7.0.3 Administrator Guide

Symantec Endpoint Encryption
Integration Component
Administrator Guide
Version 7.0
Information in this document is subject to change without notice. No part of this document may be reproduced or
transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written
permission of Symantec Corporation.
2009 Symantec Corporation. All rights reserved.
Authenti-Check is a registered trademark of GuardianEdge Technologies Inc. Microsoft, Active Directory, Windows,
and Windows XP are either registered trademarks or trademarks of Microsoft Corporation. Altiris is a registered
trademark of Symantec Corporation. Any other trademarks used herein are the property of their respective owners
and are hereby acknowledged. Other product and company names mentioned herein may be the trademarks of their
respective owners.
Printed in the United States of America.
Administrator Guide
Contents
Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Altiris Console Computer(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Client Computer(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Encrypted Database Communication Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Altiris Connector Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
SEE Framework Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
SEE Full Disk Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
SEE Removable Storage Integration Component. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Restart Internet Information Services (IIS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Restart Altiris Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Database Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Client Installation Package Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4. Client Installation Package Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Create a Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Assign the Program and Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Adjust Program Name and MSIEXEC Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Verify Package Source and Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
5. Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Altiris Notification Server Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
SEE Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Symantec Endpoint Encryption Integration Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Restart Server and Resync Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
SEE Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Sequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Create a Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Assign the Program and Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Adjust Program Name and MSIEXEC Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
6. Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Altiris Notification Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
SEE Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Symantec Endpoint Encryption Integration Component
iii
Administrator Guide
Contents
7. Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Full Disk Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Clients Without SEE Full Disk Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Disk Encryption Status - # of Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Disk Encryption Status - Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Installation Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Installed Software by OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Installed Software by SEE Full Disk Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Last Check-In Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Removable Storage Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Clients Without SEE Removable Storage Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Installation Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Installed Software by OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Installed Software by SEE Removable Storage Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Last Check-In Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Removable Storage Encryption Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Removable Storage Portability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Removable Storage Recovery Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Users and Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Client Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Registered Users - # of Registered Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Registered Users - Date of Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
8. Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Appendix A. Altiris Tables & Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
iv
Administrator Guide
Figures
Figures
Figure 2.1Restarting IIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Figure 2.2Stop/Start/Restart Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Figure 2.3Shutting Down Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Figure 2.4Restarting the Altiris Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Figure 2.5Restart Other Services Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Figure 2.6Service Control Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Figure 2.7SEE Database Synchronization Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Figure 3.1Installation Package Creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Figure 3.2Save Client Installation Package Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Figure 4.1SEE Framework Client Installer, Software Delivery Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Figure 4.2SEE Framework Client Installer Program, Programs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Figure 4.3SEE Framework Client Installer Package, Package Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Figure 5.1SEE Framework Client Installer Program, Programs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Figure 6.1Uninstalling Altiris Connector Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Figure 7.1Symantec Endpoint Encryption Integration Component Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Figure 8.1Full Disk Client Installer Package Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Administrator Guide
Introduction
1. Introduction
Overview
The Symantec Endpoint Encryption Integration Component extends the Altiris Asset Management Solution, allowing
administrators to use the Altiris Console to perform the following tasks:
Create Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage client
installation packages.
Deploy Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage client
installation packages.
Upgrade Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage
clients.
Uninstall Symantec Endpoint Encryption Full Disk and Symantec Endpoint Encryption Removable Storage
clients.
Run reports.
In addition, detailed information about each client installation package created with the Altiris Console will be
available from the Altiris Log Viewer.
System Requirements
Basics
An Active Directory domain is required.
Altiris Notification Server

Operating System
Edition(s)
Service Pack(s)
Additional Software
Altiris Notification Server 7.0.4739
SQL Server 2005 Standard or Enterprise Edition
Windows Server 2003*
Standard or Enterprise
SP1 or SP2
Internet Information Services (IIS) 6.0

Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
SEE Framework 7.0.3
SEE Full Disk 7.0.3 and/or SEE Removable Storage 7.0.3
* Internet options must be configured to allow signed ActiveX controls to be downloaded.

64-bit Editions are not supported.
Altiris Console Computer(s)

Operating System
Edition(s)
Service Pack(s)
Additional Software
Windows XP*
Professional or Tablet
SP1, SP2, or
SP3
CAPICOM 2.1.0.2
Windows Vista*
Business, Ultimate, or
Enterprise
None, SP1, or
SP2
CAPICOM 2.1.0.2
Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)
* Internet options must be configured to allow signed ActiveX controls to be downloaded.

Administrator Guide
Introduction
Client Computer(s)
Operating System
Edition(s)
Service Pack(s)
Additional Software
Windows XP
Professional or Tablet
SP1, SP2, or SP3
Altiris Agent 7.0.3350
Windows Vista
Business, Ultimate, or Enterprise
None, SP1, or SP2
Altiris Agent 7.0.3350
Encrypted Database Communication Prerequisites

If you plan to use optional TLS/SSL for encrypted database traffic between the Altiris Notification Server and the
SEE database, you must install server-side TLS/SSL certificates on both the Altiris Notification Server and the SEE
database. See the SEE Management Server chapter of the Installation Guide for details on configuring the SEE
database for encrypted database communications.
This server-side TLS/SSL certificate you install on the Altiris Notification Server must possess the following
characteristics:
Valid during the period in which it will be used.
Enabled for server authentication.
Contain the private key.
Issued to the FQDN of the server hosting the Altiris Notification Server.
Installed in the local computer personal certificate store of the server hosting the Altiris Notification Server.
Administrator Guide
Altiris Connector Installation
2. Altiris Connector Installation

Overview
The Symantec Endpoint Encryption Integration Component is installed on the Altiris Notification Server. In order to
install the Symantec Endpoint Encryption Integration Component, you will need to log on with a Windows account
with software installation privileges. Before beginning, ensure that the target machine meets the system requirements
(System Requirements on page 1) and that all of the required additional software has been installed.
You will need the following files:
SEEFrameworkIntegrationComponent.msi
SEEFullDiskIntegrationComponent.msi
SEERemovableStorageIntegrationComponent.msi
SEE Framework Integration Component

The SEE Framework Integration Component must be installed before SEE Full Disk Integration Component or SEE
Removable Storage Integration Component will function. Therefore, you should begin your installation with this
MSI.
1. Double-click the file SEEFrameworkIntegrationComponent.msi. The first page of the SEE Framework
Integration Component Installation Wizard displays. Click Next.
2. The License Agreement page displays. Click I accept the license agreement, then click Next.
3. The Ready to Install the Application page displays. Click Next. The Updating System screen displays progress
during installation. When installation has finished, the completion screen is displayed.
4. Click Finish to exit the Framework Integration Component installer.
SEE Full Disk Integration Component

1. If you are installing the SEE Full Disk Integration Component, double-click the file named
SEEFullDiskIntegrationComponent.msi.
2. The first page of the Full Disk Integration Component Installation Wizard displays. Click Next.
5. Click Finish to exit the Full Disk Integration Component installer.
SEE Removable Storage Integration Component

1. If you are installing the SEE Removable Storage Integration Component, double-click the file named
SEERemovableStorageIntegrationComponent.msi.
2. The first page of the Removable Storage Integration Component Installation Wizard displays. Click Next.
Administrator Guide
5. Click Finish to exit the Removable Storage Integration Component installer.
Restart Internet Information Services (IIS)

After all Symantec Endpoint Encryption Integration Component components have been installed, you must restart
IIS.
1. Click Start, click Control Panel, then double-click Administrative Tools.
2. Double-click Internet Information Services (IIS) Manager.
Figure 2.1Restarting IIS

3. In the left pane, right click the node representing the Altiris Notification Server, point to All Tasks, and click
Restart IIS.
Figure 2.2Stop/Start/Restart Dialog

4. The Stop/Start/Restart dialog will display. Make sure that Restart Internet Services on servername is selected
from the drop down list, where servername is the name of your Altiris Notification Server.
5. Click OK.
Administrator Guide
Figure 2.3Shutting Down Dialog

6. The Shutting Down dialog will be displayed, showing the progress of the operation. You can click End now for a
more immediate result.
7. This window will close on its own and you will be returned to the Internet Information Services (IIS) Manager
once the restart operation completes.
Restart Altiris Service

If the Symantec Endpoint Encryption Integration Component does not appear to be functioning correctly after
installation, you may need to restart the Altiris Service.
To restart the Altiris Service, perform the following steps:
1. Click Start, click Run, type services.msc, and click OK. The Services snap-in opens.
Figure 2.4Restarting the Altiris Service

2. In the right pane, right-click the service named Altiris Service and select Restart. The Restart Other Services
dialog will display.
Administrator Guide
Figure 2.5Restart Other Services Dialog

3. Click Yes. The Service Control dialog will display the status of the restart operation.
Figure 2.6Service Control Dialog

4. Allow this dialog to close on its own. When it does, the restart process has completed.
With the Symantec Endpoint Encryption Integration Component now installed, you must next configure the database
settings.
Database Configuration
Initial installations of the Symantec Endpoint Encryption Integration Component require a one-time configuration of
the database settings using the SEE Database Synchronization panel. You must input the same settings that were
specified when the SEE Management Server was installed.
Once the database settings have been configured, data reported by Client Computers to the SEE Management Server
will be periodically copied to the Altiris Notification Server, allowing Altiris Console reports to display Client
Computer status information.
Administrator Guide
To configure the database settings, click Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The
Altiris Console opens. Click Settings, then click Symantec Endpoint Encryption Data Protection. In the left pane,
expand Symantec Endpoint Encryption Data Protection and click on SEE Database Synchronization.
Figure 2.7SEE Database Synchronization Page

The syntax used in the Database Server Name box is as follows:
computer name\instance name,port number
While the NetBIOS computer name of the machine hosting the SEE database will always be required, the instance
name will only be needed if you are using a named instance, and the TCP port number will only be necessary if you
are using a custom port. The custom port number would need to be preceded by a comma and the instance name by a
backslash.
Administrator Guide
Type the name of the SEE database, for example, SEEMSDb, in the Schema Name box.
Type the user name of the database communication account in the User Name box. This Microsoft SQL Server
account was created during the installation of the SEE Management Server.
Type the password of the database communication account in the Password box.
Click Enable TLS/SSL to encrypt all communications between the Altiris Notification Server and the SEE database.
Ensure that you are in compliance with the prerequisites (see Encrypted Database Communication Prerequisites on
page 2).
Once you have finished making your changes, click Apply.
Edit the number in the Polling Interval box to adjust the interval between updates. For example, if you type 15, the
Altiris Notification Server will synchronize with the SEE Management Server every 15 minutes. Values from 10
minutes to 10,080 minutes (one week) are accepted.
Click Synchronize Now to effect an immediate update. The SEE Database Synchronization page will update with
status information as the operation proceeds, and the date and time of last synchronization will be shown when the
update has completed successfully.
You can verify that successful synchronization has taken place by running a report from the Altiris Console.
Existing SEE Client Computers with records in the SEE database will be displayed in the report.
With the Symantec Endpoint Encryption Integration Component now installed and the database settings configured,
you can now create and deploy client installation packages.
Administrator Guide
Client Installation Package Creation
3. Client Installation Package Creation

Click Start, point to Programs, point to Altiris, and click Altiris Console 7.0. The Altiris Console opens. Click
Settings, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint
Encryption Data Protection, then expand Installation Package Creation.
Figure 3.1Installation Package Creation

A wizard will guide you through the process of creating an SEE Framework, SEE Full Disk, or SEE Removable
Storage client installation package. Click SEE Framework, SEE Full Disk, or SEE Removable Storage to launch
the relevant wizard. For information about the settings for each panel, refer to the SEE Full Disk or SEE Removable
Storage Installation Guide.
When creating SEE Full Disk client installation packages from a computer other than the Notification Server
and specifying a custom startup image, ensure that the specified file is located in a shared network location
that the Notification Server computer can access. You can use the Browse dialog for this purpose or type the
path in manually, e.g., \\CADC-01\Custom Images\custom image.bmp
If your Internet options are configured to prompt you before downloading signed ActiveX controls, the first
time that you open the Client Administrator or Master Certificate panel, Internet Explorer may display a
Security Warning message, asking you to confirm that you wish to install the GEFRAltirisCert.cab file.
Confirm that the Active X control is signed by GuardianEdge and then click Install.
Once you have completed the wizard, you will be prompted to save the client package.
Figure 3.2Save Client Installation Package Prompt
Administrator Guide
Client Installation Package Creation
The following table lists the default MSI names generated by each wizard and the location to which they are saved.
Table 3.1Wizard, MSI Name, and Destination
Wizard
Default MSI name
Destination
SEE Framework
Symantec Endpoint Encryption Framework

Client.msi
C:\Program Files\Altiris\SEE-ICFramework\Client Packages
SEE Full Disk
Symantec Endpoint Encryption Full Disk

Edition Client.msi
C:\Program Files\Altiris\SEE-IC-HD\Client Packages
SEE Removable
Storage
Symantec Endpoint Encryption - Removable

Storage Edition Client.msi
C:\Program Files\Altiris\SEE-IC-RS\Client Packages
Symantec recommends saving each client installation package with a unique and descriptive name. Saving a
client installation package with a unique name automatically creates a new program whose name is based on
the client installation package name. For example, an SEE Framework client installation package saved as
SEE-FR Client Installer for laptops (mm-dd-yy).msi will be displayed with the same name in the drop-down
menu at the top of the Programs tab of the SEE Framework client installation package (see Upgrades on
page 15) as well as in the Program name drop-downs of any software delivery tasks that are part of the SEE
Framework client installation package, such as the Install SEE Framework Clients task and the Upgrade SEE
Framework Clients task. Establishing a unique name for a particular client installation package makes it more
readily identifiable later on when selecting from among several program names within a software delivery
task.
10
Administrator Guide
Client Installation Package Deployment
4. Client Installation Package Deployment

Overview
Use the Software Installation section in the Symantec Endpoint Encryption Data Protection settings of the Altiris
Console to deploy SEE Framework, SEE Full Disk, and SEE Removable Storage client installation packages.
Sequencing
The clients must be deployed to install Symantec Endpoint Encryption Framework Client.msi first.
The Symantec Endpoint Encryption Full Disk Edition Client.msi and/or Symantec Endpoint Encryption - Removable
Storage Edition Client.msi packages must be executed following the successful completion of the Symantec Endpoint
Encryption Framework Client.msi package.
If youre deploying multiple sets of SEE client installer MSIs filtered to different groups of computers, create a new
software delivery task for each set and name it according to the specific combination of client installer MSI and filter.
This will allow you to maintain a traceable workflow detailing which client installer MSIs have been deployed, and
where.
Create a Software Delivery Task

Encryption Data Protection, expand Software Installation, and expand SEE Framework.
Right-click Install SEE Framework Clients and choose Clone.
The Clone Item dialog appears. Type the name of the new software delivery task, for example, Install SEE-FR
Client to all Laptops, then click OK.
Assign the Program and Filter

From the Program name drop-down list in the right pane, choose the program corresponding to the SEE Framework
client installer package you created earlier.
11
Administrator Guide
Click Apply to, then click Quick apply. In the Quick apply dialog, type the name of a group, filter, or target you
want to apply the program to, or select one from the drop-down list. For example, you may have previously created a
filter named All Laptops that includes all laptop computers and excludes all desktop computers. Click Apply.
Figure 4.1SEE Framework Client Installer, Software Delivery Task

Choose the desired scheduling options, if any, then click Save changes.
Adjust Program Name and MSIEXEC Parameters

To make adjustments to the program you selected in the software delivery task, do the following: in the left pane,
expand Symantec Endpoint Encryption Data Protection, expand Software Installation, expand SEE
Framework, and click on the SEE Framework Client Installer software delivery package.
12
Administrator Guide
In the right pane, click on the Programs tab. From the drop-down list at the top of the tab, choose the program with
the same name as the MSI package you created earlier, for example, SEE-FR Client Installer for laptops (mm-ddyy).msi.
Figure 4.2SEE Framework Client Installer Program, Programs Tab

The Command line box will contain a default MSI command appropriate for installing the program you selected. If
necessary, make any changes to the command line parameters or other values on this tab.
See the SEE Full Disk or SEE Removable Storage Installation Guide for a discussion of the suggested MSI
commands for each client installation package, as well as the list of supported MSIEXEC parameters.
13
Administrator Guide
Verify Package Source and Location

Next, verify the correct parameters for the source and location of the software delivery package. Click on the
Package tab of the SEE Framework Client Installer software delivery package.
Figure 4.3SEE Framework Client Installer Package, Package Tab

Do not change the Package source option or the Package location option. The Package source option must be
Access package from a local directory on the NS computer.
Ensure that the Package location option remains at the defaults identified in Table 3.1 on page 10.
Click Save changes when finished.
Begin deployment of the client installer MSI to the selected filter of client computers by enabling the software
delivery task. In the left pane, right-click the software delivery task named Install SEE-FR Client to all Laptops,
then click Enable.
Repeat this process for the SEE Full Disk and/or SEE Removable Storage client installer package(s).
14
Administrator Guide
Upgrades
5. Upgrades
Overview
Upgrades from Symantec Endpoint Encryption Integration Component 7.0.2 are supported.
Upgrades from Symantec Endpoint Encryption Integration Component 7.0.2 to Symantec Endpoint Encryption
Integration Component 7.0.3 must be performed in the following sequence:
1. Upgrade Altiris Notification Server 6.0 or 6.5 to Altiris Notification Server 7.0.
2. Upgrade the SEE Manager.
3. Upgrade all Symantec Endpoint Encryption Integration Component components.
4. Restart IIS and initiate a database synchronization operation.
5. Upgrade existing SEE Framework 7.0.0 or later, SEE Full Disk 7.0.0 or later, and SEE Removable Storage Client
7.0.0 or later Client Computers.

Basics
In order to perform the upgrade, you will need to log on to the Altiris Notification Server using a Windows account
that has software installation privileges.
Altiris Notification Server Upgrade

Upgrade your existing installation of Altiris Notification Server 6.0 or 6.5 to Altiris Notification Server 7.0. Please
consult the Altiris documentation for details on how to perform this upgrade.
During the upgrade of the Notification Server, you will be prompted to export the existing Altiris
Notification Server 6.X database. You can ignore this prompt if your Altiris Notification Server 6.X
deployment is being used only with Symantec Endpoint Encryption Integration Component. Symantec
Endpoint Encryption Integration Component 7.0.3 uses the existing Symantec Endpoint Encryption
Integration Component 7.0.2 Altiris database without modification. However, if you are using other Altiris
solutions alongside Symantec Endpoint Encryption Integration Component, export your existing Altiris
database as part of the upgrade process, then import it after you have upgraded to Altiris Notification Server
7.0.
SEE Manager
See the SEE Full Disk or SEE Removable Storage Installation Guide for instructions on how to upgrade the SEE
Manager.

To upgrade an existing installation of the Symantec Endpoint Encryption Integration Component, double click the
installer package for each Symantec Endpoint Encryption Integration Component component in sequence and follow
the installation wizard.
SEE Framework Integration Component (SEEFrameworkIntegrationComponent.msi) must be upgraded first.
Restart Server and Resync Database

Once you have performed the previous steps, restart IIS (see Restart Internet Information Services (IIS) on page 4).
Next, launch the Altiris Console, locate the Database Synchronization page (see Database Configuration on page 6)
and click Synchronize Now to perform an immediate resynchronization. Once the SEE Database Synchronization
15
Administrator Guide
Upgrades
page status information indicates successful completion of the operation, you are ready to create the client installation
upgrade packages.
SEE Client Computers

Basics
Use the Software Installation section of the Symantec Endpoint Encryption Data Protection option in the
Settings menu of the Altiris Console to upgrade SEE Framework, SEE Full Disk, and/or SEE Removable Storage
client installation packages.
To upgrade existing SEE Client Computers, you will need to log on to an Altiris Console Computer and perform the
following steps:
1. Create a new set of client upgrade packages. See Chapter 3 Client Installation Package Creation on page 9.
2. Create a new software delivery task for the upgrade.
3. Assign the upgrade program (i.e., the upgrade MSI) to the new software delivery task.
4. Select the upgrade program and set the MSIEXEC parameters for the upgrade in the software delivery package.
5. Enable the software delivery upgrade task.
Sequencing
The clients must be deployed to execute Symantec Endpoint Encryption Framework Client.msi first.
The Symantec Endpoint Encryption Full Disk Edition Client.msi and/or Symantec Endpoint Encryption - Removable
Storage Edition Client.msi upgrade packages must be executed following the successful completion of the Symantec
Endpoint Encryption Framework Client.msi package.
Create a Software Delivery Task

Encryption Data Protection, expand Software Installation, and expand SEE Framework.
Right-click Install SEE Framework Clients and choose Clone.
The Clone Item dialog appears. Type the name of the new software delivery task, for example, Upgrade SEE-FR
Client on all Laptops, then click OK.
Assign the Program and Filter

From the Program name drop-down list in the right pane, choose the program corresponding to the SEE Framework
client installer upgrade MSI you created earlier.
Click Apply to, then click Quick apply. In the Quick apply dialog, type the name of a Group, Filter, or Target you
want to apply the program to, or select one from the drop-down list. For example, you may have previously created a
filter named All Laptops that includes all laptop computers and excludes all desktop computers. Click Apply.
Choose the desired scheduling options, if any, then click Save changes.
Adjust Program Name and MSIEXEC Parameters

To make adjustments to the program you selected in the software delivery task, do the following: in the left pane,
expand Symantec Endpoint Encryption Data Protection, expand Software Installation, expand SEE
Framework, and click on the SEE Framework Client Installer software delivery package.
16
Administrator Guide
Upgrades
In the right pane, click on the Programs tab. From the drop-down list at the top of the tab, choose the program with
the same name as the MSI package you created earlier, for example, SEE-FR Client Upgrade for laptops (mm-ddyy).msi.
Figure 5.1SEE Framework Client Installer Program, Programs Tab

The Command line box will contain a default MSI command with the name of the MSI package you
selected. You will need to modify this command line with MSIEXEC parameters appropriate for an upgrade.
See the Upgrades chapter of the SEE Full Disk or SEE Removable Storage Installation Guide for a discussion of the
suggested MSI commands for upgrading each client installation package, as well as the list of supported MSIEXEC
parameters.
Once you have made the necessary modifications to the MSIEXEC parameters, click Save changes.
Begin deployment of the client installer MSI to the selected filter of client computers by enabling the software
delivery task. In the left pane, right-click the software delivery task named Upgrade SEE-FR Client on all Laptops,
then click Enable.
Repeat this process for the SEE Full Disk and/or SEE Removable Storage client installer upgrade package(s).
17
Administrator Guide
Uninstallation
6. Uninstallation
Overview
This section describes how to uninstall the Symantec Endpoint Encryption Integration Component components and
the SEE client software.

To uninstall the Symantec Endpoint Encryption Integration Component components, you will log on to the Altiris
Notification Server and uninstall each component using Add or Remove Programs.
Figure 6.1Uninstalling Altiris Connector Components
Uninstallation of the Symantec Endpoint Encryption Integration Component components will not delete any
SEE client installer packages created using the Installation Package Creation wizards.
SEE Client Computers

SEE Framework must be uninstalled last.
First, uninstall SEE Full Disk and/or SEE Removable Storage. Then uninstall SEE Framework.
Before SEE Full Disk can be uninstalled, all encrypted partitions must be decrypted, and any installation or
upgrade tasks must be disabled. Refer to the SEE Full Disk Installation Guide for more information.
18
Administrator Guide
Reporting
7. Reporting
Overview
Symantec Endpoint Encryption Integration Component complements Altiris Notification Consoles native reporting
capability by providing a number of reports that help you keep track of SEE Full Disk and SEE Removable Storage
clients on your network.
The reports query the Altiris Notification Server database, which is synchronized with the SEE database according to
the polling interval defined during installation (Database Configuration on page 6). You can click Synchronize
Now in the SEE Database Synchronization panel to ensure that you have the latest data.
The Symantec Endpoint Encryption Integration Component Reports are divided into three categories:
Full Disk Encryption,
Removable Storage Encryption, and
Users and Administrators.
To access the Symantec Endpoint Encryption Integration Component Reports, open the Altiris Console and click on
Reports, then click Symantec Endpoint Encryption Data Protection. In the left pane, expand Symantec Endpoint
Encryption Data Protection, expand one of the three report categories, and click on one of the reports.
Figure 7.1Symantec Endpoint Encryption Integration Component Reports

The right pane will show the standard page for running the report.
19
Administrator Guide
Reporting
Full Disk Encryption

Clients Without SEE Full Disk Installed
Basics
The Computers Without SEE Full Disk Installed report will retrieve the records of the following computers on your
network:
Did not have SEE Full Disk installed as of the time of last check-in.
Resides on a forest or tree that is synchronized with the SEE Management Server and has not checked in. These
computers may or may not have SEE Full Disk installed. Only the computer name and directory service location
of these computers will be available.
Query Parameters
You can further limit the records retrieved by this report by setting one of the following parameters.
Table 7.1Full Disk: Clients Without SEE Full Disk Installed Query Parameters
Parameter
Value
Explanation
Domain
[All]
Do not filter the results according to domain.
[Empty]
Retrieve the records of clients that report their domain membership as an

empty string.
[Null]
Retrieve the records of clients that do not report membership in a domain.
domain
Each discovered domain will be listed. Select one of the domains to obtain
only the records of clients that are members of it.
Filter
Hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this filter
will be retrieved.
OS Name
[All]
Do not filter the results according to operating system.
[Empty]
Retrieve the records of clients that report their operating system as an empty
string.
[Null]
Retrieve the records of clients that do not report an operating system.
Unknown
Windows
Select clients reporting an installed Windows operating system that is

unknown.
operating system
This list will prepopulate with multiple operating system entries, one for each
discovered domain. Select one of the domains to obtain only the records of
clients that are members of it.
Retrieved Data
The report will return the following information about the computers that fall within the query parameters:
Computer Name;
Domain; and
OS name.
20
Administrator Guide
Reporting
Disk Encryption Status - # of Partitions

Basics
The Disk Encryption Status - # of Partitions report will retrieve the records of SEE Full Diskprotected computers
that have reported in to the SEE Management Server according to how many partitions they have.
Query Parameters
Table 7.2Full Disk: Disk Encryption Status - # of Partitions Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Filter
Hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this
filter will be retrieved.
Minimum
Number of
Partitions
number
Retrieve clients with at least the specified number of partitions.
Maximum
Number of
Partitions
number
Retrieve clients with no more than the specified number of partitions.
OS Name
[All]
[Empty]
string.
[Null]
Unknown
Windows

unknown.
operating system
This list will prepopulate with multiple Operating System entries, one for
each discovered domain. Select one of the domains to obtain only the records
of clients that are members of it.
Retrieved Data
The report will return a list of computers showing the following data:
Computer Name;
Encrypted Volumes;
Encrypting Volumes;
Decrypted Volumes;
Decrypting Volumes;
Domain; and
21
Administrator Guide
Reporting
OS name.
Disk Encryption Status - Encryption

Basics
The Disk Encryption Status - Encryption report will retrieve the records of SEE Full Diskprotected computers that
have reported in to the SEE Management Server according to their encryption status.
Query Parameters
Table 7.3Full Disk: Disk Encryption Status - Encryption Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Filter
hyperlink
Encryption
Status
All
Encrypted
Retrieve the records of clients with one or more partitions in an encrypted

state.
Encrypting
Retrieve the records of clients with one or more partitions in the process of
being encrypted.
Decrypted
Retrieve the records of clients with one or more partitions in a decrypted

state.
Decrypting
Retrieve the records of clients with one or more partitions in the process of
being decrypted
[All]
[Empty]
string.
[Null]
Unknown
Windows

unknown.
operating system
OS Name
Retrieved Data
Computer Name;
Encrypted Volumes;
22
Administrator Guide
Reporting
Encrypting Volumes;
Decrypted Volumes;
Decrypting Volumes;
Domain; and
OS name.
Installation Status
Basics
The Installation Status report will retrieve the records of SEE Full Diskprotected computers that have reported in to
the SEE Management Server. These results can be filtered according to when SEE Full Disk was installed.
Query Parameters
Table 7.4Full Disk: Installation Status Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Filter
hyperlink
OS Name
[All]
[Empty]
string.
[Null]
Unknown
Windows

unknown.
operating system
Install
Start DateTime
yyyy-mm-dd
Retrieve clients with a SEE Full Disk install date that is the same as or later
than that date and time specified.
Install End
Date-Time
yyyy-mm-dd
Retrieve clients with a SEE Full Disk install date that is the same as or no
later than that date and time specified.
Computer
Name
partial computer
name%
Use the % wildcard character in conjunction with computer name portions to

retrieve the records of computers with specific characters in their computer
names. For example, "D%" will retrieve all computers that have names
starting with "D".
23
Administrator Guide
Reporting
Retrieved Data
Computer Name;
Version;
Install Date-Time;
Encrypted Volumes;
Encrypting Volumes;
Decrypted Volumes;
Decrypting Volumes;
Domain; and
OS name.
Installed Software by OS
Basics
The Installed Software by OS report will identify how many clients of a given operating system that have reported in
to the SEE Management Server are protected by SEE Full Disk.
Query Parameters
Table 7.5Full Disk: Installed Software by OS Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
hyperlink
Filter
Retrieved Data
The report will show the following data:
OS Name;
Domain;
Number of Discovered Endpoints;
Number of Endpoints with Full Disk Encryption; and
Percentage installed.
The percentage installed result will reflect the number of discovered endpoints divided by the number of endpoints
with SEE Full Disk.
24
Administrator Guide
Reporting
Installed Software by SEE Full Disk Version

Basics
The Installed Software by SEE Full Disk Version report will provide you with the total number of SEE Full Disk
protected computers that have reported in to the SEE Management Server on a given domain. These results will be
sorted according to the version number of SEE Full Disk that is installed.
Query Parameters
Table 7.6Full Disk: Installed Software by SEE Full Disk Version Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
hyperlink
Filter
Retrieved Data
Version;
Domain; and
Full Disk Client Count.
Last Check-In Status

Basics
The Last Check-In Status report will retrieve the records of:
SEE Full Diskprotected computers on your network that have checked in with the SEE Management Server; or
Clients that reside on a forest or tree that is synchronized with the SEE Management Server and have not checked
in with the SEE Management Server. Only the computer name and directory service location of these computers
will be available.
If the client has checked in, you will be able to filter the results according to when it did so.
25
Administrator Guide
Reporting
Query Parameters
Table 7.7Full Disk: Last Check-In Status Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Filter
hyperlink
Have/have not
checked in
Have
Select to retrieve only the records of clients that have checked in with the
SEE Management Server.
Have Not
Select to retrieve the records of clients that reside on a forest or tree that is
synchronized with the SEE Management Server and have not checked in
with the SEE Management Server.
Since
number
Enter the number that corresponds to your specified time unit. For
example, if you wish to retrieve the records of clients that have checked in
within the last 20 days, type 20.
Units
Hour|Day|Week|
Month|Quarter|
Year
Select the unit of time that corresponds to your specified date range. For
within the last 20 days, select Day.
OS Name
[All]
[Empty]
Retrieve the records of clients that report their operating system as an

empty string.
[Null]
Unknown
Windows

unknown.
operating system
This list will prepopulate with multiple operating system entries, one for
each discovered domain. Select one of the domains to obtain only the
records of clients that are members of it.
Data Retrieved
Computer Name;
Last Check-In;
Registered Users;
Domain; and
OS name.
26
Administrator Guide
Reporting
Removable Storage Encryption

Clients Without SEE Removable Storage Installed
Basics
The Computers Without SEE Removable Storage Installed report will retrieve the records of the following computers
on your network:
Did not have SEE Removable Storage installed as of the time of last check-in.
Resides on a forest or tree that is synchronized with the SEE Management Server and has not checked in. These
computers may or may not have SEE Removable Storage installed. Only the computer name and directory service
location of these computers will be available.
Query Parameters
Table 7.8Removable Storage: Clients Without SEE Removable Storage Installed Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Filter
hyperlink
Click the hyperlink to select a filter. Only the records of the clients in this filter
will be retrieved.
OS Name
[All]
[Empty]
string.
[Null]
Unknown
Windows

unknown.
operating system
Data Retrieved
Computer Name;
Domain; and
OS name.
27
Administrator Guide
Reporting
Installation Status
Basics
The Installation Status report will retrieve the records of SEE Removable Storageprotected computers that have
reported in to the SEE Management Server. These results can be filtered according to when SEE Removable Storage
was installed.
Query Parameters
Table 7.9Removable Storage: Installation Status Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Filter
hyperlink
OS Name
[All]
[Empty]
string.
[Null]
Unknown
Windows

unknown.
operating system
Install
Start DateTime
yyyy-mm-dd
Retrieve clients with a SEE Removable Storage install date that is the same as
or later than that date and time specified.
Install End
Date-Time
yyyy-mm-dd
Retrieve clients with a SEE Removable Storage install date that is the same as
or no later than that date and time specified.
Computer
Name
partial computer
name%
Use the % wildcard character in conjunction with computer name portions to

retrieve the records of computers with specific characters in their computer
names. For example, "D%" will retrieve all computers that have names
starting with "D".
Retrieved Data
Computer Name;
Version;
Install Date-Time;
28
Administrator Guide
Reporting
Domain; and
OS name.
Installed Software by OS
Basics
The Installed Software by OS report will identify how many clients of a given operating system that have reported in
to the SEE Management Server are protected by SEE Removable Storage.
Query Parameters
Table 7.10Removable Storage: Installed Software by Operating System Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
hyperlink
Filter
Retrieved Data
The report will show the following data:
OS Name;
Domain;
Number of Discovered Endpoints;
Number of Endpoints with Removable Storage Encryption; and
Percentage installed.
The percentage installed result will reflect the number of discovered endpoints divided by the number of endpoints
with SEE Removable Storage.
Installed Software by SEE Removable Storage Version

Basics
The Installed Software by SEE Removable Storage Version report will provide you with the total number of SEE
Removable Storageprotected computers that have reported in to the SEE Management Server on a given domain.
These results will be sorted according to the version number of SEE Removable Storage that is installed.
29
Administrator Guide
Reporting
Query Parameters
Table 7.11Full Disk: Installed Software by SEE Removable Storage Version Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
hyperlink
Filter
Retrieved Data
Version;
Domain; and
Removable Storage Client Count.
Last Check-In Status

Basics
The Last Check-In Status report will retrieve the records of:
SEE Removable Storageprotected computers on your network that have checked in with the SEE Management
Server; or
Clients that reside on a forest or tree that is synchronized with the SEE Management Server and have not checked
in with the SEE Management Server. Only the computer name and directory service location of these clients will
be available.
If the client has checked in, you will be able to filter the results according to when it did so.
Query Parameters
Table 7.12Removable Storage: Last Check-In Status Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
hyperlink
Filter
30
Administrator Guide
Reporting
Table 7.12Removable Storage: Last Check-In Status Query Parameters

Parameter
Value
Explanation
Have/have not
checked in
Have
Select to retrieve only the records of clients that have checked in with the
SEE Management Server.
Have Not
Select to retrieve the records of clients that reside on a forest or tree that is
synchronized with the SEE Management Server and have not checked in
with the SEE Management Server.
Since
number
within the last 20 days, type 20.
Units
Hour|Day|Week|
Month|Quarter|
Year
within the last 20 days, select Day.
OS Name
[All]
[Empty]

empty string.
[Null]
Unknown
Windows

unknown.
operating system
Data Retrieved
Computer Name;
Last Check-In;
Registered Users;
Domain; and
OS name.
Removable Storage Encryption Policy

Basics
The Removable Storage Encryption Policy report will retrieve the records of SEE Removable Storageprotected
computers on your network that have checked in with the SEE Management Server. These results will display and
can be filtered according to the access and encryption policies that they are enforcing and the encryption methods that
they allow.
31
Administrator Guide
Reporting
Query Parameters
Table 7.13Removable Storage: Removable Storage Encryption Policy Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Filter
hyperlink
Encryption
Policy
[All]
Do not filter the results according to encryption policy.
Write
unencrypted
Retrieve the records of clients that are allowing both read and write access
and are not encrypting files.
Encrypt new
files
and are encrypting new files written to removable media.
Encrypt all files
and are encrypting all files.
Read only
Retrieve the records of clients that are enforcing a read-only access policy.
No access
Retrieve the records of clients that are enforcing a no access policy.
[All]
Do not filter the results according to encryption method.
No encryption
Retrieve the records of clients that are not encrypting files.
Password
Retrieve the records of clients that allow users to encrypt with passwords.
Certificate
Retrieve the records of clients that allow users to encrypt with certificates.
Any
Retrieve the records of clients that allow users to encrypt using a

certificate, password, or both.
[All]
[Empty]

empty string.
[Null]
Unknown
Windows

unknown.
operating system
Encryption
Method
OS Name
Data Retrieved
Computer Name;
Encryption Policy;
32
Administrator Guide
Reporting
Encryption Method;
Domain; and
OS Name.
Removable Storage Portability

Basics
The Removable Storage Encryption Policy report will retrieve the records of the SEE Removable Storageprotected
computers on your network that have checked in with the SEE Management Server. These results will include and
can be filtered by the portability policy in effect.
Query Parameters
Table 7.14Removable Storage: Removable Storage Portability Query Parameters (Continued)
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Filter
hyperlink
Copy Access
Utility
Any
Do not filter the results according to whether or not the Removable Storage
Access Utility is being written to removable media.
Yes
Retrieve the records of clients that are automatically writing the

Removable Storage Access Utility to removable media.
No
Retrieve the records of clients that are not automatically writing the
Removable Storage Access Utility to removable media.
Any
Do not filter the results according to whether or not the clients are allowing
users to create self-extracting executables.
Yes
Retrieve the records of clients that allow users to create self-extracting

executables.
No
Retrieve the records of clients that do not allow users to create selfextracting executables.
Executables
Data Retrieved
Computer Name;
User Name;
Copy Access Utility;
Executables;
Encryption Policy;
33
Administrator Guide
Reporting
Encryption Method;
Domain; and
OS Name.
Removable Storage Recovery Certificate

Basics
The Removable Storage Encryption Policy report will retrieve the records of the SEE Removable Storageprotected
computers on your network that have checked in with the SEE Management Server. These results will include and
can be filtered by whether or not a master certificate is being used for encryption.
Query Parameters
Table 7.15Removable Storage: Removable Storage Recovery Certificate Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Filter
hyperlink
Recovery
Certificate
Enabled
Any
Do not filter the results according to whether or not a master certificate is

in use.
Yes
Retrieve the records of clients that are using a master certificate.
No
Retrieve the records of clients that are using a master certificate.
All
Do not filter the results according to encryption method.
No encryption
Retrieve the records of clients that are using no encryption.
Password
Retrieve the records of clients that are using password encryption.
Certificate
Retrieve the records of clients that are using certificate encryption.
Any
Retrieve the records of clients that are using any encryption method.
[All]
[Empty]

empty string.
[Null]
Unknown
Windows

unknown.
operating system
Encryption
Method
OS Name
34
Administrator Guide
Reporting
Data Retrieved
Computer Name;
Recovery Certificate Serial Number;
Encryption Policy;
Encryption Method;
Domain; and
OS Name.
Users and Administrators

Client Administrators
Basics
The Client Administrators report will retrieve information about the Client Administrators on the computers on your
network that have checked in with the SEE Management Server.
Query Parameters
Table 7.16Client Administrators Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Filter
hyperlink
Authentication
Method
Any
Do not filter the results according to the authentication method used by its
Client Administrators.
Password
Retrieve the records of clients with Client Administrators that authenticate

using a password.
Token
Retrieve the records of clients with Client Administrators that authenticate

using a token.
Unauthenticated
Retrieve the records of clients enforcing an automatic authentication

policy.
35
Administrator Guide
Reporting
Table 7.16Client Administrators Query Parameters (Continued)

Parameter
Value
Explanation
OS Name
[All]
[Empty]

empty string.
[Null]
Unknown
Windows

unknown.
operating system
Data Retrieved
Computer Name;
Client Admin Name;
Authentication;
Domain; and
OS Name.
Registered Users - # of Registered Users

Basics
The Registered Users - # of Registered Users report will retrieve information about the registered users on the
computers on your network that have checked in with the SEE Management Server. The results can be filtered by the
number of users that have registered on the computer.
Query Parameters
Table 7.17Registered Users - Number of Registered Users Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Each discovered domain will be listed. Select one of the domains to

obtain only the records of clients that are members of it.
Hyperlink
Filter
36
Administrator Guide
Reporting
Table 7.17Registered Users - Number of Registered Users Query Parameters (Continued)

Parameter
Value
Explanation
Authentication
Method
Any
Do not filter the results according to the authentication method used by

its Client Administrators.
Password
Retrieve the records of clients with users that authenticate using a

password.
Token
Retrieve the records of clients with users that authenticate using a token.
Unauthenticated

policy.
Minimum
Number of
Registered
Users
number
Retrieve clients with at least the specified number of registered users.
Maximum
Number of
Registered
Users
number
Retrieve clients with no more than the specified number of registered

users.
OS Name
[All]
[Empty]

empty string.
[Null]
Unknown
Windows

unknown.
operating system
Data Retrieved
Computer Name;
User Name;
User Type;
Authentication;
Registration Time;
Domain; and
OS Name.
Registered Users - Date of Registration

Basics
The Registered Users - Date of Registration report will retrieve information about the registered users on the
computers on your network that have checked in with the SEE Management Server. The results will include and can
be filtered by the date of registration.
37
Administrator Guide
Reporting
Query Parameters
Table 7.18Registered Users - Date of Registration Query Parameters
Parameter
Value
Explanation
Domain
[All]
[Empty]

empty string.
[Null]
domain
Filter
hyperlink
Authentication
Method
Any
Do not filter the results according to the authentication method used by its
Client Administrators.
Password
Retrieve the records of clients with users that authenticate using a

password.
Token
Retrieve the records of clients with users that authenticate using a token.
Unauthenticated

policy.
Registered
Since
number
example, if you wish to retrieve the records of client computers with users
that have registered within the last 20 days, type 20.
Units
Hour|Day|Week|
Month|Quarter|
Year
example, if you wish to retrieve the records of client computers with users
that have registered within the last 20 days, select Day.
OS Name
[All]
[Empty]

empty string.
[Null]
Unknown
Windows

unknown.
operating system
Data Retrieved
Computer Name;
User Name;
User Type;
Authentication;
38
Administrator Guide
Reporting
Registration Time;
Domain; and
OS Name.
39
Administrator Guide
Logging
8. Logging
The settings selected in the client installation packages will be logged and available for viewing within the Altiris Log
Viewer. To access these, click to open the Windows Start menu. Point to Programs, point to Altiris, point to
Diagnostics, and select Altiris Log Viewer.
Figure 8.1Full Disk Client Installer Package Log

Each time that the Symantec Endpoint Encryption Integration Component is used to create a client installation
package, one of the following three entries will be added to the Altiris Log Viewer, as appropriate to the client
installation package:
SEE Full Disk Client Installer created.
SEE Framework Client Installer created.
SEE Removable Storage Client Installer created.
Highlight the event that is of interest in order to view the specific installation settings that were selected in this
package.
40
Administrator Guide
Altiris Tables & Methods
Appendix A. Altiris Tables & Methods

Overview
This appendix provides the tables, elements, and methods of the Symantec Endpoint Encryption Integration
Component data. It can be used for the purpose of creating custom reports.
Tables
The following table lists the database tables and elements of the Symantec Endpoint Encryption Integration
Component data.
Table A.1Database Tables, Elements, and Description
Table Name
Table Element
Description
Inv_EndPoint_Encryption
[_ResourceGuid]
Link the data to Altris Resource GUID
[EndPointGUID]
SEE GUID for the client installed
[FR_Version]
Framework version
[FR_InstallationTime]
Framework install time
[FD_Version]
Full Disk version
[FD_InstallationTime]
Full Disk install time
[RS_Version]
Removable Storage version
[RS_InstallationTime]
Removable Storage install time
[LastCheckIn]
Last check-in time
[EncryptedVolumes]
Volumes in an encrypted state
[EncryptingVolumes]
Volumes being encrypted
[DecryptedVolumes]
Volumes in a decrypted state
[DecryptingVolumes]
Volumes being decrypted
[RSEncryptPolicyID]
Encryption policy (link to RSEncryptionPolicy table)
[RSEncryptMethodID]
Encryption Method (link to RSEncryptionMethod table)
[MasterCert_Enabled]
Master Certificate enabled/disabled
[MasterCertIificateID]
Master Certificate (link to RSMasterCertificate Table)
[AccessUtilityEnabled]
Removable Storage Access Utilty allowed/not allowed
[IsDeleted]
Flag indicating soft deletion of endpoint
[RSExecutablesEnabled]
Removable Storage Executables allowed/not allowed
[RSEncryptMethod]
Removable Storage Encryption Method (text as displayed in the UI)
[RSEncryptPolicy]
Removable Storage Encryption Policy (text as displayed in the UI)
Evt_EndPoint_Encryption_Users
[_ResourceGuid]
Link the data to Altris Resource GUID
[UserName]
Name of the Registered User
[DnsDomainName]
DNS domain name of the Registered User
[UserTypeID]
Type of user (link to GEUserType Table)
[AuthenticationID]
Authentication method (link to GEUserAuthenticationMethod Table)
[LastLogonTime]
User Log On Time
[RegistrationTime]
User Registration Time
[IsDeleted]
Flag indicating soft deletion of user
41
Administrator Guide
Altiris Tables & Methods
Table A.1Database Tables, Elements, and Description (Continued)

Table Name
Table Element
Description
[UserType]
User Type (text as displayed in the UI)
[AuthenticationMethod]
Authentication Method (text as displayed in the UI)
RSMasterCertificate
[CertificateID]
ID of the certificate
RSMasterCertificate
[SerialNumber]
Serial number of the certificate
RSMasterCertificate
[Issuer]
Issuer of the certificate
Methods
The following table lists the database methods of the Symantec Endpoint Encryption Integration Component schema.
Table A.2Database Schema, Methods
Method Name
Value
Description
GEUserAuthenticationMethod
Unauthenticated
Password
Token
GEUserType
Registered User
GEUserType
Client Administrator
RSEncryptionMethod
No encryption
RSEncryptionMethod
Password
RSEncryptionMethod
Certificate
RSEncryptionMethod
Any
RSEncryptionPolicy
Write unencrypted
RSEncryptionPolicy
Encrypt new files
RSEncryptionPolicy
Encrypt all files
RSEncryptionPolicy
Read only
RSEncryptionPolicy
No access
42

SEE-IC 7.0.3 Administrator Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SEE-IC 7.0.3 Administrator Guide

Uploaded by

Copyright:

Available Formats

Symantec Endpoint Encryption

Symantec Endpoint Encryption Integration Component

Symantec Endpoint Encryption Integration Component

Symantec Endpoint Encryption Integration Component

Altiris Notification Server

Windows Server 2003*

Internet Information Services (IIS) 6.0

* Internet options must be configured to allow signed ActiveX controls to be downloaded.

Altiris Console Computer(s)

* Internet options must be configured to allow signed ActiveX controls to be downloaded.

Symantec Endpoint Encryption Integration Component

SP1, SP2, or SP3

Altiris Agent 7.0.3350

Business, Ultimate, or Enterprise

None, SP1, or SP2

Altiris Agent 7.0.3350

64-bit Editions are not supported.

Encrypted Database Communication Prerequisites

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

2. Altiris Connector Installation

SEE Framework Integration Component

SEE Full Disk Integration Component

SEE Removable Storage Integration Component

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

Restart Internet Information Services (IIS)

Figure 2.1Restarting IIS

Figure 2.2Stop/Start/Restart Dialog

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

Figure 2.3Shutting Down Dialog

Restart Altiris Service

Figure 2.4Restarting the Altiris Service

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

Figure 2.5Restart Other Services Dialog

Figure 2.6Service Control Dialog

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

Figure 2.7SEE Database Synchronization Page

Symantec Endpoint Encryption Integration Component

Altiris Connector Installation

Symantec Endpoint Encryption Integration Component

Client Installation Package Creation

3. Client Installation Package Creation

Figure 3.1Installation Package Creation

Figure 3.2Save Client Installation Package Prompt

Symantec Endpoint Encryption Integration Component

Client Installation Package Creation

Default MSI name

Symantec Endpoint Encryption Framework

C:\Program Files\Altiris\SEE-ICFramework\Client Packages

SEE Full Disk

Symantec Endpoint Encryption Full Disk

C:\Program Files\Altiris\SEE-IC-HD\Client Packages

Symantec Endpoint Encryption - Removable

C:\Program Files\Altiris\SEE-IC-RS\Client Packages

Symantec Endpoint Encryption Integration Component

Client Installation Package Deployment

4. Client Installation Package Deployment

Create a Software Delivery Task

Assign the Program and Filter

Symantec Endpoint Encryption Integration Component