How to prepare workstations for Endpoint Security automatic deployment
One of the main features that Security for Endpoints provides is the possibility to automatically install remote network stations, process called deployment. In some cases it is possible to encounter an error message while trying to perform such automatic deployment ("Access denied" or "Log off network").
The current document presents how network stations within Workgroups should be prepared for automatic deployment.
Please prepare the network computers for deployment as follows:
Make sure the network computers meet the corresponding system requirements:
For Windows XP, you need to have Service Pack 3. To check the currently installed Service Pack, right-click My Computer and select Properties. This information is available in the General tab, System section.
For Windows Vista or Windows 7, you will need to disable User Account Control (UAC). To disable UAC go to Start > Control Panel > User Accounts. Here you must click Change User Account Control Settings. Set UAC on Never Notify and then click OK.
For Windows 8.1 stations, you need full administrative privileges (the credentials of the built-in administrator account or a domain user account). For more information on how to successfully deploy Endpoint Security to Windows 8.1 stations, please refer to this KB article.
- For Windows XP, you need to have Service Pack 3. To check the currently installed Service Pack, right-click My Computer and select Properties. This information is available in the General tab, System section.
Configuration required on the Workgroup computers:
Configure each Windows XP workstation not to use simple file sharing. Follow these steps:
a. On the Windows Start menu, click My Computer
b. Click Tools > Folder Options, then the View tab
c. Clear the Use simple file sharing check box in the advanced settings list
On all workstations and servers you want to manage, configure the firewall to allow the communication ports used by the security components. Or, if you prefer, you can disable the firewalls. These are the default communication ports you need to allow:
- 443 - the communication port between the cloud security console and Endpoint Security. This port must be allowed on all network computers;
80 - the communication port used for the update of the client;
Note:These ports must not be used by any other application installed in the network. If any of these ports is used by another application, you will need to choose anew communication port and set the firewalls to allow it instead of the default port.
Verify if the File and Printer Sharing protocol is enabled: please go to Start > Control Panel > Network Connections (or Network and Sharing Center on Windows Vista/7) . Identify the NIC on which the network connection is established, Local Area Connection, right click it and then click Properties (or double click and then click Properties)
Note: For the connection to be successful you must either disable the Windows Firewall or configure it to allow traffic through File and Printer Sharing protocol and also to allow ICMP traffic (so you can successfully PING the workstation). To disable Windows Firewall please open Control Panel > Windows Firewall and click Off. In order to check that the network stations are correctly configured please try the following:
- Ping the respective network station;
Try to log in on the administrative share \\computer_name\admin$
- Configure each Windows XP workstation not to use simple file sharing. Follow these steps:
Remove any other security software installed on your workstations
Before you deploy Endpoint Security on the workstations, REMOVE any third-party security software installed on the managed workstations. Failing to do so may result in failure to deploy Endpoint Security and in system instability.