configuring symantec antivirus corporate edition phần 5 doc

IntelliMirror may be used to rollout NAVCE 7.6 client software—however, it is limited by the fact that the network must be running Active Directory.Thistool is not able to deploy NAVCE 7

Trang 1

270 Chapter 6 • Implementing NAVCE 7.6 to Client PCs

12 Once we have placed the executable on the client machine, double-clickthe file

13 Select OK to begin the installation.

14 Since we prepared the installation for silent mode, we can sit back andthe installation will work without being noticed

The Setup.wis File in Depth:

To Answer or Not to Answer

An answer file is a script file that provides the input needed for a gram installation For instance, when an installation program asks if we want to install support for Exchange or Lotus notes, instead of prompting us for input, the installation program will read the precon- figured information in the answer file to get its answer, thus giving us a

pro-silent install.

The Setup.wis file has been provided for use with Windows

9x/NT/2000/XP and is located within the directory on NAVCE 7.6 disk

2\NAVCORP\ROLLOUT\AVSERVER\CLIENTS\WIN32 The following is an excerpt of some of the more commonly customizable options from the Setup.wis file Note the use of 1’s and 0’s, which equal true or false, respectively

[DestinationFolder]

InstallDir=Default The value can be either Default,

for a typical installation, or a path to a customized directory.

[RunOptions]

StartAutoProtect=1 This value indicates to the system

if File System Realtime Protection will be used or not 1 enables real-time protection and 0 disables it.

Notes from the Underground…

Continued

Trang 2

Implementing NAVCE 7.6 to Client PCs • Chapter 6 271

Using the Symantec Package Utility

to Create a Set of Floppy Disks

The process of creating a set of floppy disks for a client installation is covered inthis section Some may find it a little outrageous, considering it takes a total of 20

floppy disks to create this installation method for Windows 9x/NT/2000 clients.

However, there may be some instances where a floppy disk installation is the onlymethod available.This setup process is outlined in the following:

1 Double-click the package.exe file, which resides on the NAVCE Disk 2,

Navcorp\Rollout\Avserver\Clients directory

www.syngress.com

[SetupCompleteSuccess]

BootOption=0 On Windows 9x systems, this value

indicates whether or not there should be a forced reboot after installation 1 diables the automatic reboot and 0 enables the automatic reboot.

DisplaySilentMsg=1 This value indicates whether or not

to display a dialog box, indicating the system will be rebooted, during

a silent installtion 1 will display the dialog box and 0 will not display the dialog box.

[SnapIns]

ForceInstall=0 This value indicates if the user

will have the option to choose the install or not 1 forces the installation, and 0 does not.

Notes=1 This value indicates the option for

installing the Lotus notes snap-in.

(1) for yes, (0) for no

Exchange=1 This value indicates whether to

install the Exhange snap-in (1) or not install the snap-in (0).

Looking at this file, we can make correlations to a regular

interac-tive installation For instance, during installation of the client, we are

asked what e-mail support we would like to include If we are deploying our client software to a group of similar systems, this file will allow us

to customize all the systems to use the same features

Trang 3

2 Select the particular operating system to prepare an installation package

for Choose Windows 9x/NT/2000 (Other options are Windows 3.1

and DOS.)

3 Select the check box to enable a silent installation package By

choosing this option, the Accept Setup.with Options for Silent Install isenabled Select this option as well.This file serves as an answer file forthe installation.This file is only read during for the first install on asystem If the system has been previously installed and is being reinstalled

or upgraded, even if designated, the file will not be used

4 For the floppy disk install, select the button labeled Floppy disk – Multiple files that each fit on a floppy disk, shown in Figure 6.22

5 For this exercise, keep the default as TEMP directory

6 Select Create (This process will take five minutes to run.)

7 Click Ok and Close.

8 (The next steps involve putting the information on a series of floppydisks.) Find the location of the files just created In this case, C:\WIN-DOWS\TEMP\NAV32FLP Note that many more files have been cre-ated instead of “one” Self-Extracting Deliverable Package file (see Figure 6.23)

Figure 6.22 Client Packager—Floppy Disk Selected

Trang 4

For a Windows 3.1 and DOS installation, the directories would beNAV16FLP and NAVDSFLP, respectively

9 Label a floppy as Disk 1 and copy the NAV732.exe file to the firstfloppy

10 Repeat this process for all of the cab files in sequence

Now that we have our floppy disks ready, we can proceed with the mentation of our client machine

imple-1 Insert the floppy disk labeled disk imple-1.

2 Double-click My Computer.

3 Double-click 3-1/2 Floppy (A:) (if the A: drive is your floppy drive).

4 The NAV732.exe file should appear Double-click it.

5 Follow the onscreen instructions (This particular installation methodwill allow us to specify a parent server if we would like.)

6 Select Yes to reboot the client machine.

Understanding Third-Party Installation MethodsAlthough NAVCE 7.6 gives us many valuable options for client distribution,there are numerous other third-party software distribution tools available for use

as well Altiris eXpress Client Management Suite and Microsoft’s System

Figure 6.23Floppy Disk Files

Trang 5

Management Systems Server are just a few of the many we will cover in this section

With all the options given by NAVCE 7.6, one might wonder at the logicbehind using a third-party solution for implementing this product, or any productthat provides its own implementation methods for that matter One reason is that

a network administrator may not want to introduce an extra service to the work and consume bandwidth Another reason may be that the network adminis-trator is comfortable with the tools currently being used, or with the consistency

net-of reporting formats, or the snet-oftware inventory control, or perhaps it’s just theirpersonal preference Nevertheless, plenty of alternative options exist and we willtalk about a few of them here

Using Microsoft IntelliMirror

to Deploy the NAVCE Client

Microsoft IntelliMirror is a network management tool built in to the Windows

2000 operating system.This tool provides the functionality for user data ment, user settings management, and software installation and maintenance

manage-through the use of the Active Directory

IntelliMirror may be used to rollout NAVCE 7.6 client software—however, it

is limited by the fact that the network must be running Active Directory.Thistool is not able to deploy NAVCE 7.6 server or upgrade earlier versions of NAV

To deploy NAVCE 7.6 client software using MS IntelliMirror, perform thesesteps and follow them up with a client system reboot

1 Open Start | Programs | Administrative Tools | Active Directory Users and Computers

2 If NAVCE client software is to be deployed to:

■ A Domain Right-click the domain and select Properties.

■ Specific systems Right-click the organizational unit in which the

computers reside, and select Properties.

3 Select a current group policy or choose New to create a new group policy from the Group Policy tab.

4 Select Edit.

5 Within the Group Policy pane, select Computer Configuration | Software Settings | Software Installation

Trang 6

6 Go to New | Package by right-clicking Software Installation.

7 Browse to the location of the NAVCE 7.6 client installation files and

select Navce.msi.

8 Click the Open button.

9 Click Assign and then OK.

Using Microsoft Systems Management Server to Deploy the NAVCE ClientMicrosoft Systems Management Server (SMS) is a powerful network tool thatcan be used for software distribution, remote computer management, and man-aging assets such as hardware and Windows-based software As expected, SMS can

be used to roll out NAVCE 7.6 to the client computers It has certain advantagesfor network management, too, since it closely integrates with other Windows

2000 servers and applications SMS also provides a check point-restart feature thatwill continue a client installation from the point where it was interrupted if thenetwork was somehow disconnected Bandwidth management, scheduling, andstatus reporting are other advantageous features of this product

The NAVCE 7.6 Disk 2 includes a PDF file that SMS can utilize to deploy

the client software to Windows 9x/Me/NT/2000 systems while minimizing

configuration time.The PDF serves as an answer file that SMS can import tocreate a compressed NAVCE 7.6 software package

Using SMS, we would first create a source directory for each operatingsystem version of the client installation we will be installing Next, we need tocopy the files from the NAVCE 7.6 Disk 2 Navcorp\Rollouts\Avserver\Clientsdirectory to our newly created source directory (or directories) A query willneed to be created for verifying a client’s free disk space for the installation andthen the client installation package must be created Once the previous tasks havebeen completed, an SMS job can be generated and the implementation canbegin

Additional steps will need to be taken if the goal of the distribution is to

create silent installs for managed clients As we learned earlier, the Setup.wis file is

an answer file that the NAVCE 7.6 client installation program can use to enable asilent installation.This file should be edited for any preferences prior to pack-aging of the client installation.The grc.dat file will need to have a parent serverincluded in the configuration.This would involve opening grc.dat with a text

Trang 7

editor and adding the parent server name to the last line of the configuration asfollows:

PARENT=S<SERVERNAME> eg PARENT=SourServer

Microsoft SMS is an excellent tool and provides many features For moreinformation about SMS and the software packaging and deployment capabilities,

be sure to check www.microsoft.com/smserver/default.asp for product mentation

docu-Using Novell ZENworks for

Desktops to Deploy the NAVCE Client

Novell ZENworks for Desktops is a desktop management system which allows anetwork administrator to deploy software, operating system images to clients, andmany other features all from a central point For software distribution, NovellZENworks uses a utility called Application Launcher

Application Launcher can be used to create a client installation package and

deploy that package to client systems running Windows 3.x/9x/NT/2000.

Support is provided for Windows Installer (MSI) packages and ZfD snAppShotpackages.To deploy the NAVCE client:

1 Create an Application Object that points to the NAVCE 7.6 clientinstallation files.This can be done from the Network Administratorutility For Windows, the client installation files will default toSys:\Nav\Clt-inst\Win32\Setup.exe

2 Configure the Application Object by setting the option to associate theApplication Object with the organization unit or target systems, and bysetting the system requirements to the corresponding operating systemfiles on the server

3 Select the Application Object install style.

Uninstalling NAVCE from Client PCs

Sometimes it is ideal to perform a complete uninstall of a previous version of anapplication to get a good clean fresh install of a newer version NAVCE 7.6 pro-vides an easy method to uninstall, which is simply done within the ControlPanel.The following steps walk you through an uninstall

Trang 8

1 Click Start | Settings | Control Panel | Add/Remove

Programs

2 Select Norton AntiVirus Corporate Edition.

3 Click the Remove button.

The program files have now been uninstalled.There are still, however, filesthat are marked for deletion upon booting up If our intention to uninstallNAVCE 7.6 is to reinstall the same program, perhaps with different settings, areboot will need to take place If the computer isn’t first rebooted, the installationprocess will error out and display a message that the system needs a reboot

Figure 6.24 shows an example of this error message

Understanding NAVCE 7.6 Registry Keys on NT/2000/XP Client PCs

It is important for a network administrator to be familiar with the Registry keysused by the client systems.The following Registry keys are created during anNAVCE 7.6 installation and are considered important, therefore it’s best to

be aware of their existence.They are listed in order of importance and operating system

Windows 9x/NT/2000/XP

In Figure 6.25, note the location of the ProcessGRCNow key, as discussed earlier.

The parent server name can be seen and adjusted within the parent key We canalso see the IP ports currently configured, the name of the alert directory, andmany other configuration options Editing the Registry should be a last resort, asmost of these options can be configured using a GUI tool provided by NAVCE7.6.These keys are all found within HKEYUSERS\.DEFAULT\Software\Intel

Figure 6.24 Possible Installation Error

Trang 9

The following Registry keys are located on the parent server, yet are directlyrelated to the client configurations and updates.These keys can be changed tocustomize our system configuration Knowledge of these keys is also helpful introubleshooting any issue that may arise

The following keys can be modified for customization of the file pushingabilities Here we can set the time for checking updates and inspect the age ofcertain files (grc.dat, virus definitions, and so on)

■ By comparing these keys, the age of virus definitions can be obtained:

HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\

CurrentVersion\Clients\ComputerName\PatternVersion (and UsingPattern)

■ This value can be checked to indicate whether a client is acceptingupdates or not:

CurrentVersion\Clients\ComputerName\Flags.

Figure 6.25 Registry Keys Used by All Client Operating Systems

Trang 10

■ Check-in configuration options 60 minutes by default

HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersi on\ClientConfig\PatternManager\CheckConfigMinutes

■ The timestamp located here is used as a reference for the server to checkthe age of a clients grc.dat file:

CurrentVersion\Clients\ComputerName\GRCUpdateTime

Changes to the default location of the error reporting files for software andvirus definition updates can be made in the following.These error reportsinclude the time and reasons for failure of file updates

■ grc.dat file rollout errors:

Now we will discuss the services running on the NAVCE 7.6 client systems

These services function as communicators to the server for updating client status(such as RTVScan), and virus definition updates and utilization (such as

DefWatch) Another service discussed here is responsible for real-time virus tection, or Auto-Protect.These services are important to note as they work

pro-www.syngress.com

Trang 11

together to create the NAVCE 7.6 environment and could be useful for bleshooting purposes if needed

trou-Norton AntiVirus Server (RTVScan.exe)

One of the main features of NAVCE 7.6 is the RTVScan.exe program RTVScan

is responsible for managing crucial portions of the NAVCE system, includingupdating virus definitions throughout the network, updating client systems withthe latest configuration settings via the grc.dat file, and managing the Liveupd.hstfile.The RTVScan.exe file resides on both the servers and client systems.Thesefiles work in conjunction with each other to update the clients with any newconfiguration information

RTVScan.exe on the server checks for changes made within the SSC sole If a change is made, RTVScan file will adjust the grc.dat accordingly andexport the new grc.dat file to all intended client computers At that point, theclient RTVScan will detect the new grc.dat file and update the client system’sRegistry appropriately

con-Group level client option configurations made from the server are recorded

to the ClientConfig key and that information is written to the \Nav\grc.dat file.

By updating the client configuration options when we press the OK button, theCurrentVersion\ProductControl\ProcessGRCNow key on the target server willhave its value of 0 changed to 1.The 1 indicates a change has been made which

is then read by an RTVScan thread, which monitors this key Once read,

RTVScan will rebuild the grc.dat file and another thread will start the tion to the appropriate clients

distribu-The RTVScan program on the client machines runs a CheckGRC call every

60 seconds, by default.The CheckGRC call checks for any new grc.dat files that

may have been recently received When configuration changes are made on theserver and the new grc.dat file is pushed and then received on a client system, theRTVScan program will use the new configuration file to update its local systemRegistry keys Once the Registry update is complete, the RTVScan will deletethe grc.dat file and resume monitoring for new configuration changes In addi-tion to the grc.dat file configuration updates, the client RTVScan will also per-

form the check-in function with the parent server at 60-minute intervals, and

check local virus definitions every three minutes If multiple changes are beingmade close together, such as a change is made | OK, another change is made |

Trang 12

OK and so on, the ProcessGRCNow Registry key will remain at a value of 1 until

all the configuration updates are carried out RTVScan will continue to check

the ProcessGRCNow key until if finds the value to equal 0.

NOTE

RTVScan95 is the RTVScan version for Windows 9x/Me systems.

DefWatch (defwatch.exe)DefWatch, utilizing RTVScan, monitors the VirusDefs folder for any changesmade to it, including newly added definitions or older definitions due to a roll-back.The changes made to this folder are created by the DefCast program, whichresides on the Quarantine Server When new definitions arrive, RTVScan notifiesthe DefWatch service DefWatch then picks up the new definitions and scans the

\Program Files\Norton AntiVirus\Quarantine folder on the server

vpexrt.exeThe vpexrt program provides the client system with a first line of defense againstincoming threats.This real-time monitoring is also known as Auto-detect, andscans all incoming e-mail attachments and any incoming files being processed bythe client system

vptray.exeThe vptray.exe program is responsible for showing the NAVCE icon within thesystem tray.To display or remove this icon from the system tray of managedclients, a configuration change must be made using the SSC console

The following changes can be used to add the icon to the system tray formanaged clients

1 Select the parent server from the SSC console and right-click it

2 Choose All Tasks | Norton AntiVirus | Client Administrator Only Options.

3 Click Show Norton AntiVirus Icon on Desktop.

4 Click OK.

Trang 13

To remove the icon from the system tray, simply deselect the Show Norton AntiVirus Icon on Desktop button and click OK For unmanaged clients, a

change must be made to the Registry as follows We highly recommend backing

up all Registry settings when making changes

1 Select Start | Run.

2 Type regedit in the text box and select OK.

3 Select the key:

HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\

CurrentVersion\AdministratorOnly\General

4 Right-click ShowVPIcon (found in the right pane).

5 Change the value to 1.

6 Close Regedit and reboot the computer

Testing Your Deployment

At this point, you should now have a firm understanding of the roles client puters can play, the access that is needed to obtain installation files, the installationmethod preferred in relation to your network and an understanding of how theservers and clients utilize the NAVCE services to communicate with one

com-another Now it is time for us to test the deployment of the NAVCE 7.6 clients

If things go well, this can be a fun part of the installation; if they go badly, itcan be a serious headache—hence our reason for testing our set up configuration

on a few machines that are not critical to production For this portion of a

deployment, it is ideal to have these extra computers available to test on If thereare no machines that can be used for testing purposes, the deployment should becarried out with the greatest of care and, of course, a secure backup strategyshould be in place

NOTE

We recommend having a list of procedures in place for ease of tion and to perhaps act as a check-list/notepad for any errors or common issues that may arise

Trang 14

installa-Implementing NAVCE 7.6 to Client PCs • Chapter 6 283

The process for installing a NAVCE 7.6 environment with managed clientsshould first include an installation of at least one server to act as a managing, orparent, server Once the server is installed and configured to our liking, the instal-lation of the clients may proceed

When installing the clients we should have an idea of the client type (managed,unmanaged, or sometimes managed) It is a good idea to perform the installation

on one operating system at a time—for instance, installing on Windows XP

machines and later moving to Windows 2000 or 9x machines.This will severely cut

down on troubleshooting issues later by allowing us to concentrate on one OS at atime By performing this test in a controlled environment, we can play around withdifferent configurations, practice pushing files, and uninstall and reinstall client soft-ware using different methods We can even try different operating systems or clienttypes.This testing should help update the current plan of implementation wealready have, and any notes taken will help to streamline the process

Trang 15

Summary

The client software rollout of NAVCE 7.6 is a process that can be easily formed if correct planning and testing is completed first.This chapter has dis-cussed the hardware requirements needed by the client systems to enable them tohandle both processing software and virus definition updates.The RTVScan pro-gram has the potential to bring a client system to its knees, yet only at times des-ignated by the network administrator For instance, a client laptop that has notbeen on the network for quite some time, depending on its hardware configura-tion, may run sluggishly while the latest updates are being traversed across the network

per-NAVCE provides us with many options for the rollout procedure, includingoptions for unmanaged clients, (no parent servers), and silent installs for minimaluser interaction Some of the options provided by Symantec include using a Webinterface, installing directly from the NAVCE CD-ROM, or pushing an installa-tion from a server Logon scripts are yet another option NAVCE client softwarerollout is also easily implemented using third-party software If a network isalready running Microsoft SMS or any number of other software implementationtools, the client software can be adjusted to suit those needs.The development of

an implementation plan includes becoming familiar with these installation

methods and how these options will interact with various networks Bandwidthutilization requirements need to be considered, as well as processor exertion onthe parent servers Once an installation method is selected, testing the method on

a few machines is highly recommended.This testing should be performed within

a controlled environment and on one platform at a time.This methodology willhelp uncover trouble spots and show how to deal with them in the real-

world installation

Solutions Fast Track

Understanding NAVCE 7.6 Client PCs

; Managed clients use a managing parent server for configuration, virus

definition, and software updates.The parent server can provide a centralpoint of management for all its managed clients, or child systems

Trang 16

; Unmanaged clients do not have a parent server assigned to them and must

be updated manually for the latest configuration, virus definitions, andsoftware updates.This may be useful for clients who work from home

; Sometimes-managed clients are client systems, such as laptops, that are

regularly taken off the network and receive configuration, virusdefinitions, and software updates only when reattached.This can beuseful for clients who travel

Implementing NAVCE 7.6 to Client PCs

; The implementation process of NAVCE 7.6 client software can beexpedited by several methods provided with the software.These optionscan be performed by installing, or not installing, a NAVCE 7.6 server,using a Web server interface, or pushing software to managed clientsystems

; User rights must be taken into consideration for implementation If atypical user is installing the software, perhaps from a Web interface, theuser must have local administrative rights on that system.The user musthave read and file scan rights as well, which can be accomplished byadding the user to the NORTONANTIVIRUSUSER group.Thisgroup is automatically created when running the server setup program

; Third-party software options may be used to implement NAVCE 7.6 aswell For example, Microsoft Systems Management Server (SMS) is apopular tool that works efficiently with the client rollout Other third-party solutions, including Novell ZENworks and Altiris, are available andcould be a more efficient option if the service is currently running onthe network

Understanding NAVCE 7.6 Registry Keys on NT/2000/XP Client PCs

; Managing the location of error reporting can be configured within the

Registry.The values to the keys GRCUpdateFailedTime, GRCUpdate

FailedReason, and DefUpdateFailedReason can be modified to write in

different directories

Trang 17

; Check-in intervals may be set within the Registry if the SSC console is

unavailable.This option can be changed within the CheckConfigMinutes

key.The default is 60 minutes

; The age of current virus definition files as well as the age of the currentgrc.dat file can be determined here and, if necessary, spur an update fromthe parent server

; The Registry keys may also be modified for the location of the parent

servers, alert directory, and local NAV files

Understanding NAVCE 7.6

Services Running on NT/2000/XP Client PCs

; RTVScan is the tool used for managing updates to a client computer aswell as to update all servers with information regarding the location ofclient systems and their status RTVScan monitors various configurationsettings, grc.dat, and makes comparisons from server to client (and server

to server) to determine if an update is necessary If RTVScan deems anupdate is needed, it will update and export a grc.dat file, at which pointthe receiving system’s instance of RTVScan will read the necessarychanges, make those changes, and delete the grc.dat file

; DefWatch provides up-to-date virus definition file environments by

utilizing RTVScan to alert it of new files Once DefWatch is alerted tothe presence of the new virus definitions, it will update the system andcheck the quarantine folder on the server

; vpexrt is the first line of defense for a client system, and handles

real-time system scanning, otherwise known as Autoscan.This program scans

e-mail attachments and other files as the client system processes them.Testing Your Deployment

; Testing the deployment is best accomplished by having a detailed planfor each of the installation methods that seem feasible for the particularnetwork in question

Trang 18

; The test should be performed within a controlled environment andperform on one type of platform at a time.This separation of platformswill provide an easier stage for troubleshooting any issues that may arise

; Documentation of the entire test procedure is crucial Notes oneverything from errors to successes will all help create and streamline theactual deployment process when it is performed

Q: Why can’t I turn off the NAVCE icon in the system tray?

A: If the client is managed, it must be shut off from the server If the client isunmanaged, the setting must be altered within the Registry

Q: I power down my computer every night before I go home and reboot everymorning Why does my computer run so slowly the next morning?

A: The network administrator must have NAVCE set to run scans every 24hours.There is most likely a scan set to run in the early morning hours whenit’s thought no one will be affected When your computer is brought back online, it will receive the order to scan the system from the parent server andproceed with the scan

Q: I work at home and e-mail attachments to my work computer all the time

Will NAVCE catch any viruses on my work computer?

A: NAV will catch the viruses when processing the e-mail However, there areways the virus can still get through For instance, an attachment is compressed

to save time while e-mailing a large file.Thus, the virus will essentially beencapsulated within the compressed file and can still be introduced to thecorporate network upon de-compression

Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts To have your questions about this chapter answered by the author, browse to

www.syngress.com/solutions and click on the “Ask the Author” form.

Trang 19

Q: Why does RTVScan delete the grc.dat file once the updates have been made?

A: The grc.dat file is deleted for security reasons If the grc.dat file was to be left

on a client system, remote users could potentially access this file and makechanges to the security settings of the client

Q: I don’t want to give my users local administrative rights on my computer.How can I still perform a client rollout?

A: By using the Install NAV to NT Clients option from Disk 2, the client’s

system account will be used instead of the user account.This will enable theinstallation without having to assign local administrative rights

Trang 20

Upgrading from Prior Versions

Solutions in this chapter:

■ NAVCE Upgrade Considerations

■ Developing an Upgrade Plan

■ Upgrading from NAVCE 7.0 and 7.5

■ Exploring Automatic Migration Options

■ Migrating from Third-Party LAN Antivirus Programs

■ Sample Project Plan for NAVCE Upgrade

Chapter 7

289

; Summary

; Solutions Fast Track

; Frequently Asked Questions

Trang 21

290 Chapter 7 • Upgrading from Prior Versions

Introduction

Upgrade… that omnipresent networking word No matter what the size of yournetwork, this word seems to rear its head practically on a weekly basis Whetherreferencing your system’s hardware, server operating systems, client platforms, orthe networkwide applications you are utilizing, you probably find yourself

upgrading technology continually And the larger and older your network, themore you stumble upon these upgrades

Has the word upgrade found its way into your antivirus solution? Possibly you

are already utilizing an older version of Norton AntiVirus Corporate Edition(NAVCE) and are not only looking to learn the finer points of version 7.6, but alsoseeking information on how easily you can upgrade your existing installation Ifyou are looking to upgrade, you already know how an enterprisewide product ofthis nature can be quite involved to deploy.You probably took a great deal of timedeveloping a deployment plan while cross-referencing every possible incompati-bility issue you could think of, and your hindsight in this matter can serve

you well

We like to think of NAVCE as a dynamic piece of software that is shared by

hundreds of computers throughout your network for the sole purpose of tecting the network from imminent virus attacks.The software is dynamic in thesense that all the computers throughout your network perform a specific func-

pro-tion automatically once they have the software installed and their role is defined.

Granted, some of your computers are running the server-side software, while theremainder of your network is running the client software Nonetheless, all ofthese devices are interconnected by NAVCE With that thought in mind, youprobably have many concerns and considerations regarding your network’s

upgrade, so let’s begin addressing them

NOTE

It is important to make very clear that all upgrade processes need to be clearly planned, thought out, tested and done with utmost precision A failed upgrade only adds new problems to your old solution, and a successful upgrade to a new platform (such as any older Symantec AntiVirus suites) will add new complexity and even some new incompatibilities to your preexisting infrastructure It is also extremely important to test your upgrade in a lab environment first Failure to do so could create massive problems you may not be aware of until it’s too late

Trang 22

NAVCE Upgrade Considerations

There are many questions you may contemplate when planning to upgradeNAVCE to version 7.6 Which servers should you upgrade first? Can you utilizeyour existing management console? What is the best way to minimize unpro-tected clients during the antivirus migration? How can you increase the odds of

an effortless and efficient deployment? Breathe deep and relax Remember,Rome wasn’t built in a day It took much time and planning Upgrading yourantivirus will be far easier if you invest your time and efforts into developing asolid migration plan

Additionally, your plans to migrate to NAVCE 7.6 may center on a muchlarger enterprise network If such is the case, your upgrade considerations may bemore diverse For example, a larger enterprise network would most likely have agreater number of applications In this global scheme, the possibility that you arerunning different applications at remote sights, all which perform similar or iden-tical functions, could cause a greater concern regarding incompatibility issues

Furthermore, these applications may be installed, or even written in a differentlanguage! Certainly, you may possess an advanced level of knowledge concerningthe configuration of particular software products, but are your remote locationsusing that same software to complete the same tasks? Acquiring information such

as this in advance will assist you in your planning phase and give you a strongersense of insight when dealing with application incompatibilities

Upgrading from Prior Versions • Chapter 7 291

Oops… I Didn’t Consider That!

We’re not all perfect, and even when laying out the greatest of plans, it

is easy to overlook minute details, as I recently did in my current employers migration We were migrating from another high-profile antivirus software to NAVCE 7.6 With the assistance of my Lead Network/Security Engineer, we built up a small test lab with servers running the same operating systems and software that was in our actual environment We tested NAVCE against several other applications, including our backup software We were confident of our testing and planning, but overlooked one major point: we tested NAVCE against the

Configuring & Implementing…

Continued

Trang 23

Testing Your Deployment

If the resources are available to you, you should consider creating a testing labthat mirrors your actual environment on a smaller scale A small-scale mock-rollout is likely to expose issues that could occur in your actual migration

Possible issues could center on other installations of software that you are utilizingthroughout your network Once these possible software incompatibilities areexposed, you can develop a plan to work around, patch or even fix the issue andtest its overall outcome

latest version of our backup software that was only deployed in our headquarters location We were running Computer Associates’ latest

versions of its widely known backup software ARCserve (now known as BrightStor) However, all of our remote sights were running older ver-

sions of the ARCserve software Needless to say, we discovered this

minor problem when our remote sights were failing to complete daily system backups Luckily, the solution to this problem was as easy as vis- iting that vendor’s Web site and finding available software patches that addressed the issue I highly recommend that, when investigating all possible issues with your deployment, you pay particular attention to your backup software If you are utilizing “real-time” protection, NAVCE will scan files when your backup software attempts to write files to your backup medium Test your configuration against all versions of software that you are utilizing so as to avoid mishaps such as this one that caught

me by surprise.

Application Mayhem

Our problems with backup software didn’t end there Being a large manufacturing company, my employer had a great deal of design engineers working throughout all our facilities Strangely enough, you’d think that as each location was staffed and networked over the years, the same CAD programs would have ended up being used company- wide Unfortunately, such was not the case Domestically, our engineers

Continued

Trang 24

Your lab will additionally serve you well in testing multiple techniques ofclient upgrades to identify which method would suit your needs.The fact is thatyou definitely have more computers that will be running the client software, andyou will want this portion of your upgrade or migration to go as smoothly aspossible

Developing an Upgrade Plan

All good deployments must have a plan.The true success of your deployment will

be exposed in the end, and that success will revolve around the deployment planyou create and utilize Create your plan for upgrading based on all the informa-tion you acquired in your testing lab However, if you are not in a position to set

up a testing lab to analyze the software deployment, research all your options and

be sure to have a contingency plan if any aspect of your deployment goes awry

Testing Your Rollout Once you feel you are ready for deployment, consider a test rollout within asingle (preferably small) department within your organization.The best possible

were using three extremely different CAD programs to produce their drawings and product designs Our headquarters location was using PTC’s Pro/ENGINEER, while remote locations were using SolidWorks Office Professional and a Unigraphics CAD program Luckily, these programs had no direct bearing on the antivirus solution However, due to the size of the files generated by these CAD programs, there had always been an issue concerning data backup procedures As stated, we were using various versions of Computer Associates’ ARCserve for NetWare backup software on the file servers of all remote locations This is where the problem tied in with NAVCE Both services would “lock-up” on most open files, especially if the file in question were one of the larger CAD drawings This in turn would cause extremely high utilization on the server being backed-up In the end, the solution was to install Computer

Associates’ Open File Agent for NetWare on all of our file servers storing

these files

The fix to the second backup issue was also simple, but finding it took some time The fix also produced an additional cost for acquiring the new software, a consideration that had not been factored into the original planning phase Hindsight is always 20/20, and in this case, I wish my foresight had been the same.

Trang 25

candidate would most likely be your IT department.The underlying fact here isthat this department is comprised of sophisticated high-end users who not onlywill need to be more familiar with the product during the rollout, but be able toassist with input if issues arise If any aspect of the deployment creates corruption

on the client side, it is in your best interest to have a user who can deal with theproblem, and ultimately help correct the issue

After piloting your rollout within a single department, you should by thispoint have exposed possible additional issues that may not have been brought tolight in your testing lab Make the necessary changes to your deployment plan toreflect issues not covered in the pilot rollout

Probably the most important aspect of your deployment is the training ofyour support staff Educating your support staff should ultimately be considered ahigh point within the overall rollout scheme When your staff knows how toreact to possible issues, correcting these issues can be simple Additionally, youshould educate your end users so, as the environment noticeably changes aroundthem, they will know what to expect If your end users are preoccupied with

attempting to comprehend why their computer seems to have changed, chances are

your helpdesk will become inundated with calls notifying you of events you werealready expecting to occur

Your Average End User

Is there such a thing as an average end user anymore? This long has

been a term that many of us have used to describe the low-tech level of intelligence that a company employee possesses I am confident that you, just as I, have cracked a million jokes concerning the networking and basic computer knowledge of users at every company where you have procured employment Certainly, educating your end users to the level of your preference would be an astronomical undertaking, but keeping them abreast of network changes is quite simple and can only work to your advantage

If I, or any of my departmental peers feel that end users will notice changes made to the network infrastructure, I make sure to notify them first A simple e-mail sent throughout the company can ease fears of

those end users who tend to get overly protective of their computers.

Continued

Trang 26

Planning Virus Definition Update MethodsBecause there are several different methods of receiving virus definition updatefiles for your servers and clients with version 7.6, it is important you decide inadvance (preferably before your pilot rollout) what method of updating you willutilize Configure your plan to include your remote clients and those clients thattravel often and as a result are not always connected to your network

It is important to remember that if you are upgrading from pre-7.x versions

of NAV or LANDesk Virus Protect, the updating procedure and scheduling

established in that environment will not automatically migrate to your new

environment Because of this, you will need to reconfigure these options to provide

protection to your servers and client.This fact alone may warrant upgrading yourmanagement console utility before any other component, ensuring you are fullyprotected throughout your rollout

Testing Each Rollout Phase

During your rollout, you should test all clients and servers to immediately verifythey are receiving their virus updates Never take for it granted that your plan isworking.Test the environment after every phase of the rollout to make sure youare protected

Within my e-mail software, I maintain several draft templates that can

easily be altered and e-mailed within minutes I have templates for everything from new virus notifications to structural file system changes.

I not only find that this e-mail notification system works to incorporate end users as a proactive component of the network, it also generates great “PR” for the IT department who tend to be blamed for every possible problem that exists in the work environment When your end users know what to expect, they won’t be wasting time around the water cooler comparing notes with other employees in an attempt to find out

“what the IT department is up to now!”

Trang 27

Now You See Them… Now You Don’t!

During our recent migration to NAVCE 7.6, we found that several clients, although displayed under their parent servers in the SSC console, would not receive updated definition files, and after several days would drop off the list entirely Additionally, a particular NetWare server would not update its definition files from its primary server It became apparent that the virus definition files were not updating correctly on the server because the new definition files were somehow being corrupted when sent to that server To bring the offending server back into the fold was quite easy I would launch the Novell RCONSOLE utility to remotely take control of the remote server’s system console and unload the NAVCE Console module from the server Then, I would browse the file system of the server to its SYS:NAV directory to delete the virus definition file that carried the date of the server’s last definition update Once deleted, I would manually copy the latest virus update file from the primary server

to the corrupted server and launch NAVCE by issuing the Load Vpstart

command on the server’s system console This fix worked every time we experienced the issue on a server

As for the clients that would drop out of the SSC console, you can uninstall, reboot, and reinstall the NAVCE 7.6 client software on that computer In most cases, this will fix the problem; however, we found that some clients would resume their erratic behavior of not updating and thereafter dropping from the console following a short period of time In this case, you can run LiveUpdate locally even if a policy setting locks out a client from doing so To bypass these settings, browse to the LiveUpdate directory on the computer and execute luall.exe Running this program overrides any LiveUpdate locks you may have set in the client policy, and will allow the corrupted computer to run the LiveUpdate utility We found this method to be quite successful in returning clients to the console permanently

But wait, there’s more! Clients who do not communicate with their parent server for more than three days will automatically be dropped from the SSC console A parent server is responsible for maintaining a list of their clients The SSC console only lists clients that a parent server maintains in its list However, this means that an individual simply going

on vacation and having their computer powered down for a week would drop from the console after 72 hours of not communicating with its

Damage & Defense…

Continued

Trang 28

Upgrading from NAVCE 7.0 and 7.5

Upgrading from these two previous versions can be accomplished with far moreease than any other scenario In most cases, the NAVCE Setup program willdetect earlier versions of NAVCE and LANDesk Virus Protect Once detected,

the Setup program will automatically migrate these older versions to 7.6.

When upgrading from an earlier 7.0 version, it is imperative you plan calls forthe migration of your servers before that of your clients If you were to upgradethe clients first, they will still attempt to connect to their existing parent server,

which will still be running the older version of the software When this occurs, the client

will attempt to overwrite its installation with the server’s version, which may sibly cause corruption to the client

pos-www.syngress.com

parent You may then (as I had) flag this client as corrupted since it was dropped To overcome this issue, we extended the “time-out” value for our clients in the SSC console with a modified Registry setting To extend this three-day time-out, complete the following steps:

1 On the parent server, launch the Registry Editor, and then select the following key: HKEY_LOCAL_MACHINE\

SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion.

This path is identical on a NetWare server when using the Vpregedt module NAVCE 7.6 should be unloaded prior to making any changes

2 Right-click the CurrentVersion key, and then select New | DWORD Value Name the new value

5 Click OK, and exit the Registry Editor No restart is required.

6 Reload the Norton AntiVirus or Symantec AntiVirus Server Service.

Trang 29

When upgrading from version 7.0 and 7.0x, the custom settings that were

configured for your clients and servers will be preserved.This will alleviate theneed to reestablish configurations once the migration has been completed

Upgrading from NAVCE 6.x

NAVCE 6.x will also automatically be detected when the NAVCE 7.6 Setup

program is initiated However, when migrating from an earlier version, such asNAVCE 6.0 or LANDesk Virus Protect, most of your custom client and serversettings will be lost Some of these lost settings include, but are not limited to, thefollowing:

■ All Scheduled scans and scan options

■ All real-time protection options

■ The NAV activity logs

■ All Quarantine forwarding informationThere are however, two major settings that will be retained when upgradingfrom these earlier versions.The first setting that will be retained will be that of yourestablished Client/Parent relationships.Your clients will still “report” to their orig-inal parent server to receive updates and send alerts Secondly, your “domains” will

be retained and converted into Symantec System Center server groups

To migrate a server from NAVCE 6.x or 7.0x to NAVCE 7.6, complete the

follow steps:

1 Using Disk 2, execute the AntiVirus Server rollout tool and choose

Update (Figure 7.1) By selecting Update, you will preserve yourexisting domain structure, allowing NAVCE 7.6 to migrate it into aserver group

Figure 7.1 The AntiVirus Server Rollout Tool’s Welcome Screen

Trang 30

2 Once the server has been upgraded, you may need to restart the server iffiles in use were replaced

Upgrading the Norton System CenterBefore upgrading a single server on your network, you may want to upgradeyour management console to allow you to manage both your servers and clients

as soon as they are rolled out If you were using a previous version of NAV, youwere most likely managing your antivirus environment using the Norton SystemCenter.To migrate to the current management utility, the Symantec SystemCenter (SSC), you will need to completely install the SSC and the required man-agement snap-ins onto a different computer than the one you are using to runthe Norton System Center Bear in mind that SSC takes advantage of Microsoft’sexisting technology by utilizing the Microsoft Management Console (MMC)framework.Thus, you will only be able to install SSC onto a Windows NT/2000

or XP Professional computer

Throughout your migration, you may continue to use the Norton System

Center to manage existing NAV 4.x and 5.x clients until they are migrated to

NAVCE 7.6 Once your migration is complete, you may wish to uninstall the

Norton System Center.To do so, access the Add/Remove programs applet within the management computer’s Control Panel, and remove the Norton System Center , followed by the Norton Event Manager.

NOTE

For additional information on installing SSC, refer to Chapter 3.

Exploring Automatic Migration Options

As discussed in the last section, a great deal of the components found in the vious version of NAVCE will automatically migrate into version 7.6.This is abenefit that can cut your overall time devoted to the rollout by a considerablemargin Automatic migration is accomplished by a series of processes that occurupon executing the NAVCE 7.6 Setup program.The steps are as follows:

pre-www.syngress.com

Trang 31

■ The Setup program calls pmig.dll, this is the migration DLL The DLL

checks specific Registry keys to establish if NAV, Norton SystemWorks,

or LANDesk Virus Protect already exists on the computer If any ofthese programs exist, their current version is identified

■ Once the version of the existing program is determined, pmig.dll willobtain the product’s uninstall key listed in the Registry However, if it isdetermined that Norton SystemWorks is already resident on the com-puter, the NAVCE Setup program will terminate

■ If a valid version of NAVCE or LANDesk Virus Protect is detected, any

items found in either the “Quarantine” or “Virus Bin” are then moved

to Program Files\Symantec\Conversion.

■ The existing product’s uninstall feature is launched with the previouslyobtained Registry uninstall value, after which, the NAVCE install pro-gram executes

■ Towards the end of the installation, items that may have been moved tothe Conversion folder are scanned for infection If the files are infectedwith a virus, they are converted into NAVCE Quarantine items, if theyare not infected, the install program will delete them altogether

■ The NAVCE install program completes and exits

NOTE

After completing your installation on various Windows platforms, such

as 95 and 98, NT Workstation, and Server 4.x, you must restart these

computers before they can be protected by NAVCE 7.6.

Upgrading from NAV for NetWare

The NAVCE 7.6 Setup program is capable of automatically migrating any

NetWare server running NAVCE version 6.x or later Unfortunately, the NAVCE

7.6 install cannot detect an installation of NAV for NetWare Hence, you will firstneed to uninstall NAV for NetWare before you migrate the server.To migrate aserver from NAV for NetWare to NAVCE 7.6, complete the follow steps:

Trang 32

1 On the server you intend to upgrade, unload NAV from the NortonAntiVirus console on that server It is important to note that if do notunload the NAV NLM and you attempt to load NAVCE 7.6, the instal-

lation will fail when you initiate the LOAD VPSTART /Install startup

command

2 Remove all of the NAV for NetWare files from your NetWare server

3 Use the NetWare Administrator program to remove the NAV server object from your NDS tree Additionally, if it exists, remove the NAV

load command from the server’s autoexec.ncf file.

4 Using Disk 2, execute the AntiVirus Server rollout tool (Figure 7.2) inorder to install NAVCE 7.6 to your NetWare server

Automatically Migrating NAVCE Client PCsMigrating your clients will probably consume the greatest amount of time spent

on your NAVCE rollout Before migrating your clients to your new antivirussolution, you’ll need to determine which servers will supply policies and act asparent servers for your clients Once you have determined which clients will look

to which parents, you are ready to go

Every server in your environment that receives the NAVCE 7.6 server ware installation automatically receives a full set of installation files for all sup-ported client platforms.These files are located in the Program Files\Nav\Clt-instfolder on a Windows NT/2000 server or in the SYS:NAV\clt-inst directory on aNetWare server When a client executes the Setup program from the appropriate

soft-Clt-inst subdirectory, that client will look to that server as its parent server.

Figure 7.2 Selecting a NetWare Server Using the AntiVirus Server Rollout Tool

Trang 33

Once you set the client configurations on a server, these policy settings aresaved to the grc.dat file Whether you make configuration changes or not, this filewill exist within every server’s client installation directories and will be updated

every time the policy is changed When you install NAVCE to a client, these policy

settings, which include the parent server’s identification, are copied to the client.Upgrading 16-Bit Windows Client PCs

If you have older 16-bit clients that need to be upgraded to NAVCE 7.6, and

they are running Norton AntiVirus 4.x, LANDesk Virus Protect, or NAVCE 6.x.

there’s a little uninstall work involved Since these clients are not capable of matically being migrated, you will first need to remove their current antivirusversions

auto-To uninstall NAV 4.x for DOS/Windows 3.1, you will need to run the Setup program utilizing the uninstall command line switch This program, aptly named

setup.exe, can be located within the directory that NAV was installed into—forexample, C:\NAV

To uninstall LANDesk Virus Protect or NAVCE 6.x, you can run the

pro-gram vpremove.exe located in the original installation directory

When uninstalling any of these 16-bit versions from a DOS client, you mightwant to create a batch file and store it on a network drive so that once yourDOS clients are attached to the network, simply executing the batch file willaccomplish your uninstall needs

Once the prior versions have been removed from your clients, you can installthe NAVCE 7.6 16-bit client software from within the NAV\Clt-inst\Win16directory of the selected parent server

Upgrading Windows 9x/Me Client PCs

How you upgrade your Windows clients entirely depends on the level of trustyou have in your end users.This is to say, do you want them to assist, or wouldyou rather handle the task on your own Here are two recommended options:

■ Utilize a login script No muss or fuss.Your end users log into the work, and the installation is quietly run in the background

net-■ Actually involve the end users by having them run the Setup programthemselves

When upgrading Windows 95/98/ME clients, you should run setup.exe fromthe \NAV\Clt-inst\Win32 folder Additionally, if you want to initiate a silent

Trang 34

installation onto your clients, you can execute the Setup program using the

fol-lowing command line switches: Setup.exe /s /v /qn.

NOTE

If a computer has the NAV user interface open (vpc32.exe) during an attempt to upgrade the client software, the product installation and migration will exit and fail.

Client Installation Errors

During my company’s recent migration to NAVCE 7.6, to reduce the amount of travel time I would personally incur (thus reducing overall cost), we worked on three projects simultaneously in our remote locations: our NAVCE migration, our NetWare 5 upgrade, and our rollout of Windows 2000 DHCP servers As a result I went from one end of the U.S.

to the other in a matter of a few months! Towards the end of both of our projects, I found myself in one of our facilities located in Tijuana, Mexico Most of the clients in this location were Windows 95 clients running IE 4.0 Needless to say, the client computers in this location hadn’t had a single patch, fix, of support pack loaded onto them since the ini- tial installation some time ago in 1997 In short, there wasn’t any chance

of these computers being able to install NAVCE due to the fact that their Microsoft installer packages were not up-to-date The clients were then completely updated with all available critical patches, at which point we migrated our clients to NAVCE 7.6.

However, towards finishing up the client migration, several clients refused to install the NAVCE program, thus producing the error message, “25002 Failed to load navinsnt.dll…” which caused the installation

to fail At this point, two factors were working against me The first:

there were no IT members staffed at this location, and the second: a return flight to New York was scheduled for me the following morning.

As a result of these constraints, half of the updated clients in this tion never received the NAVCE 7.6 client software

loca-Upon returning to our Long Island headquarters, I immediately investigated the issue I located a document on Symantec’s Support site

Damage & Defense…

Continued

Trang 35

Upgrading Windows NT Client PCs

Here again we are confronted with an issue of how well you trust your end user’stechnical skills.To involve, or not to involve them… that is yet again the ques-tion As with your Windows 95/98/Me clients, you presented with the same twochoices for Windows NT clients, however there’s a twist Whether utilizing alogin script or the talents of an end user, in either case, the individual logged on

to the Windows NT client that is to install NAVCE must have administrative rights

I finally called Symantec and opened a support ticket with them Immediately, the support tech handling my call pointed me to documentation I had already found on my own However, he additionally e-mailed me the following information:

"Had a customer getting this error when trying to install NAVCE 7.6 client to a Win 98 computer After running RNAV, going through

a NAVCE manual uninstall, installing LiveUpdate 1.7.22, installing Symevnt, copying the WIN32 directory to the hard drive and trying an install, we STILL had this error After checking the clnt-inst directory WIN32\Support, we noticed he was missing two DLLs I sent him the missing NAVCUST2.DLL and NAVINS95.DLL He copied them into the support directory and the install was successful Guess the DLL has to be there to actually run the DLL."

pre-Upon further investigation, I found that the file navinst95.dll had been missing from the parent server’s SYS:NAV\Clt-Inst\Win32\SUPPORT directory at that location After copying the DLL to the server, I had my contact in Tijuana try yet another installation and, to my blissful amaze- ment, it was successful! All 14 clients that previously were unable to install NAVCE were successfully in my SSC console and updating virus definitions within minutes of him completing the installs If I learned anything from this situation, it was to not hesitate to involve Symantec Support when stumped by an issue.

Trang 36

be granted to the end user logged on to the Windows NT client However, anadministrator who wants to run the Windows NT Client Install utility must haveadministrative rights to the domain that the client computer is a member of.To

start the utility, go to the Menu bar in the SSC Console, click Tools | NT Client Install, and follow the directions.You can also run the executablentremote.exe found on Disk 2 in the folder Navcorp\Rollout\Ntclient

No matter which method of upgrade you choose, automatic migration fromearlier versions will occur and the client will inherit the policy that was stored ontheir parent server

Upgrading Unmanaged NAVCE Client PCsUnmanaged clients do not communicate or rely on any parent server within the NAVCE infrastructure If you decide to migrate unmanaged NAVCE clients

and the list went on and on! To solve the infinite number of tasks required by each client, I created a simple two-column multirowed table

in a Microsoft Word document Placing the task into the table in a ical flow” order, team members found it easier to complete all upgrades

“log-on the clients while guaranteeing that no individual task was looked

over-Notes from the Underground…

Trang 37

running older versions, to be managed clients in your 7.6 environment, you mustfirst decide which servers are going to be the parent servers to each unmanagedclient Once you have arrived at this decision, you will need to copy the grc.datfile from the NAV folder of the chosen parent server to the Application datafolder on the unmanaged client

After rebooting the unmanaged client, Rtvscan.exe detects the existence ofthe grc.dat file; the file is then processed, thus allowing communications to beginwith the parent server It is at this point that you can manage the client from theSSC Console as you would any other client on the network Now that the com-puter is a managed client, automatic migration is possible

Upgrading Remote Client PCs

Throughout your company there are quite possibly several users who rarely, ifever, are “in-house” and connected to the network With their laptops in tow,they attend conferences, conventions, and perspective clients and buyers of yourorganization services.These remote users are unique in the overall aspect of yourNAVCE 7.6 rollover

When the time comes to migrate these clients, you will need to utilize theprogram package.exe.The package.exe utility can create a self-extracting exe-cutable, or a set of installation diskettes for your remote users.The disk set created

by package.exe will migrate clients whose computers or laptops are running lier versions of Norton AntiVirus or LANDesk Virus Protect, as they would anyother client on your network

ear-Before creating the install disk set, there are few major considerations to takeinto account First, you will need to decide whether these clients should be man-

aged or unmanaged clients If they are to be managed, you will then need to

decide which server will serve as the clients’ parent server.To further ease theadministration of these clients, you may want to consider the creation of a sepa-rate server group to serve their needs.This will allow you the freedom to create apolicy that specifically suits the needs of such remote users Either way, you willalso need to determine your antivirus policy and virus definition updates beforecreating the install disk By doing so in advance, you will ensure that the clientsreceive the policy you have chosen

Creating an Install Set for Managed Remote Clients

The following steps are a guideline to assist you in accomplishing the creation of

an install disk set for those remote clients you wish to upgrade as managed clients

Trang 38

1 Select the parent server and/or server group for your remote clients, andthen set the policy on the parent server to reflect the exact policy set-tings you want the remote clients to receive

2 Determine if you want NAVCE to install into a folder other than thedefault folder.To install into another directory other than the default,edit the setup.wis file (Figure 7.3) that is located in the NAV\Clt-inst\Win32 folder of the parent server Within the file, locate the

[DestinationFolder] section and identify the line that reads

InstallDir=Default Replace the word Default with the full path of

the location you want the program to install to on your remote clients

3 Determine if you want a reboot to occur automatically after the tion.Your Windows 95, 98, and Me clients will reboot by default, asyour Windows NT and 2000 clients will not

installa-4 Execute package.exe from the parent server’s Clt-inst folder, making sure

to select the correct media type and client platform, and whether or not

to perform the installation silently

Creating an Install Set for Unmanaged Remote Clients

I guess these are the users you trust 100 percent! The following steps are a line to assist you in accomplishing the creation of an install disk set for thoseremote clients you wish to upgrade to NAVCE 7.6, while letting them exist asunmanaged clients

guide-www.syngress.com

Figure 7.3 The setup.wis File

Định dạng
Số trang	76
Dung lượng	1,32 MB