270 Chapter 6 • Implementing NAVCE 7.6 to Client PCs 12. Once we have placed the executable on the client machine, double-click the file. 13. Select OK to begin the installation. 14. Since we prepared the installation for silent mode, we can sit back and the installation will work without being noticed. www.syngress.com The Setup.wis File in Depth: To Answer or Not to Answer An answer file is a script file that provides the input needed for a pro- gram installation. For instance, when an installation program asks if we want to install support for Exchange or Lotus notes, instead of prompting us for input, the installation program will read the precon- figured information in the answer file to get its answer, thus giving us a silent install. The Setup.wis file has been provided for use with Windows 9x/NT/2000/XP and is located within the directory on NAVCE 7.6 disk 2\NAVCORP\ROLLOUT\AVSERVER\CLIENTS\WIN32. The following is an excerpt of some of the more commonly customizable options from the Setup.wis file. Note the use of 1’s and 0’s, which equal true or false, respectively. [DestinationFolder] InstallDir=Default The value can be either Default, for a typical installation, or a path to a customized directory. [RunOptions] StartAutoProtect=1 This value indicates to the system if File System Realtime Protection will be used or not. 1 enables real-time protection and 0 disables it. Notes from the Underground… Continued 245_Symantec_06.qxd 5/9/03 4:09 PM Page 270 Implementing NAVCE 7.6 to Client PCs • Chapter 6 271 Using the Symantec Package Utility to Create a Set of Floppy Disks The process of creating a set of floppy disks for a client installation is covered in this section. Some may find it a little outrageous, considering it takes a total of 20 floppy disks to create this installation method for Windows 9x/NT/2000 clients. However, there may be some instances where a floppy disk installation is the only method available.This setup process is outlined in the following: 1. Double-click the package.exe file, which resides on the NAVCE Disk 2, Navcorp\Rollout\Avserver\Clients directory. www.syngress.com [SetupCompleteSuccess] BootOption=0 On Windows 9x systems, this value indicates whether or not there should be a forced reboot after installation. 1 diables the automatic reboot and 0 enables the automatic reboot. DisplaySilentMsg=1 This value indicates whether or not to display a dialog box, indicating the system will be rebooted, during a silent installtion. 1 will display the dialog box and 0 will not display the dialog box. [SnapIns] ForceInstall=0 This value indicates if the user will have the option to choose the install or not. 1 forces the installation, and 0 does not. Notes=1 This value indicates the option for installing the Lotus notes snap-in. (1) for yes, (0) for no. Exchange=1 This value indicates whether to install the Exhange snap-in (1) or not install the snap-in (0). Looking at this file, we can make correlations to a regular interac- tive installation. For instance, during installation of the client, we are asked what e-mail support we would like to include. If we are deploying our client software to a group of similar systems, this file will allow us to customize all the systems to use the same features. 245_Symantec_06.qxd 5/9/03 4:09 PM Page 271 272 Chapter 6 • Implementing NAVCE 7.6 to Client PCs 2. Select the particular operating system to prepare an installation package for. Choose Windows 9x/NT/2000. (Other options are Windows 3.1 and DOS.) 3. Select the check box to enable a silent installation package.By choosing this option, the Accept Setup.with Options for Silent Install is enabled. Select this option as well.This file serves as an answer file for the installation.This file is only read during for the first install on a system. If the system has been previously installed and is being reinstalled or upgraded, even if designated, the file will not be used. 4. For the floppy disk install, select the button labeled Floppy disk – Multiple files that each fit on a floppy disk, shown in Figure 6.22. 5. For this exercise, keep the default as TEMP directory. 6. Select Create. (This process will take five minutes to run.) 7. Click Ok and Close. 8. (The next steps involve putting the information on a series of floppy disks.) Find the location of the files just created. In this case, C:\WIN- DOWS\TEMP\NAV32FLP. Note that many more files have been cre- ated instead of “one” Self-Extracting Deliverable Package file (see Figure 6.23). www.syngress.com Figure 6.22 Client Packager—Floppy Disk Selected 245_Symantec_06.qxd 5/9/03 4:09 PM Page 272 Implementing NAVCE 7.6 to Client PCs • Chapter 6 273 For a Windows 3.1 and DOS installation, the directories would be NAV16FLP and NAVDSFLP, respectively. 9. Label a floppy as Disk 1 and copy the NAV732.exe file to the first floppy. 10. Repeat this process for all of the .cab files in sequence. Now that we have our floppy disks ready, we can proceed with the imple- mentation of our client machine. 1. Insert the floppy disk labeled disk 1. 2. Double-click My Computer. 3. Double-click 3-1/2 Floppy (A:) (if the A: drive is your floppy drive). 4. The NAV732.exe file should appear. Double-click it. 5. Follow the onscreen instructions. (This particular installation method will allow us to specify a parent server if we would like.) 6. Select Ye s to reboot the client machine. Understanding Third-Party Installation Methods Although NAVCE 7.6 gives us many valuable options for client distribution, there are numerous other third-party software distribution tools available for use as well. Altiris eXpress Client Management Suite and Microsoft’s System www.syngress.com Figure 6.23 Floppy Disk Files 245_Symantec_06.qxd 5/9/03 4:09 PM Page 273 274 Chapter 6 • Implementing NAVCE 7.6 to Client PCs Management Systems Server are just a few of the many we will cover in this section. With all the options given by NAVCE 7.6, one might wonder at the logic behind using a third-party solution for implementing this product, or any product that provides its own implementation methods for that matter. One reason is that a network administrator may not want to introduce an extra service to the net- work and consume bandwidth. Another reason may be that the network adminis- trator is comfortable with the tools currently being used, or with the consistency of reporting formats, or the software inventory control, or perhaps it’s just their personal preference. Nevertheless, plenty of alternative options exist and we will talk about a few of them here. Using Microsoft IntelliMirror to Deploy the NAVCE Client Microsoft IntelliMirror is a network management tool built in to the Windows 2000 operating system.This tool provides the functionality for user data manage- ment, user settings management, and software installation and maintenance through the use of the Active Directory. IntelliMirror may be used to rollout NAVCE 7.6 client software—however, it is limited by the fact that the network must be running Active Directory.This tool is not able to deploy NAVCE 7.6 server or upgrade earlier versions of NAV. To deploy NAVCE 7.6 client software using MS IntelliMirror, perform these steps and follow them up with a client system reboot. 1. Open Start | Programs | Administrative Tools | Active Directory Users and Computers. 2. If NAVCE client software is to be deployed to: ■ A Domain Right-click the domain and select Properties. ■ Specific systems Right-click the organizational unit in which the computers reside, and select Properties. 3. Select a current group policy or choose New to create a new group policy from the Group Policy tab. 4. Select Edit. 5. Within the Group Policy pane, select Computer Configuration | Software Settings | Software Installation. www.syngress.com 245_Symantec_06.qxd 5/9/03 4:09 PM Page 274 Implementing NAVCE 7.6 to Client PCs • Chapter 6 275 6. Go to New | Package by right-clicking Software Installation. 7. Browse to the location of the NAVCE 7.6 client installation files and select Navce.msi. 8. Click the Open button. 9. Click Assign and then OK. Using Microsoft Systems Management Server to Deploy the NAVCE Client Microsoft Systems Management Server (SMS) is a powerful network tool that can be used for software distribution, remote computer management, and man- aging assets such as hardware and Windows-based software. As expected, SMS can be used to roll out NAVCE 7.6 to the client computers. It has certain advantages for network management, too, since it closely integrates with other Windows 2000 servers and applications. SMS also provides a check point-restart feature that will continue a client installation from the point where it was interrupted if the network was somehow disconnected. Bandwidth management, scheduling, and status reporting are other advantageous features of this product. The NAVCE 7.6 Disk 2 includes a PDF file that SMS can utilize to deploy the client software to Windows 9x/Me/NT/2000 systems while minimizing configuration time.The PDF serves as an answer file that SMS can import to create a compressed NAVCE 7.6 software package. Using SMS, we would first create a source directory for each operating system version of the client installation we will be installing. Next, we need to copy the files from the NAVCE 7.6 Disk 2 Navcorp\Rollouts\Avserver\Clients directory to our newly created source directory (or directories). A query will need to be created for verifying a client’s free disk space for the installation and then the client installation package must be created. Once the previous tasks have been completed, an SMS job can be generated and the implementation can begin. Additional steps will need to be taken if the goal of the distribution is to create silent installs for managed clients. As we learned earlier, the Setup.wis file is an answer file that the NAVCE 7.6 client installation program can use to enable a silent installation.This file should be edited for any preferences prior to pack- aging of the client installation.The grc.dat file will need to have a parent server included in the configuration.This would involve opening grc.dat with a text www.syngress.com 245_Symantec_06.qxd 5/9/03 4:09 PM Page 275 276 Chapter 6 • Implementing NAVCE 7.6 to Client PCs editor and adding the parent server name to the last line of the configuration as follows: PARENT=S<SERVERNAME> eg. PARENT=SourServer Microsoft SMS is an excellent tool and provides many features. For more information about SMS and the software packaging and deployment capabilities, be sure to check www.microsoft.com/smserver/default.asp for product docu- mentation. Using Novell ZENworks for Desktops to Deploy the NAVCE Client Novell ZENworks for Desktops is a desktop management system which allows a network administrator to deploy software, operating system images to clients, and many other features all from a central point. For software distribution, Novell ZENworks uses a utility called Application Launcher. Application Launcher can be used to create a client installation package and deploy that package to client systems running Windows 3.x/9x/NT/2000. Support is provided for Windows Installer (MSI) packages and ZfD snAppShot packages.To deploy the NAVCE client: 1. Create an Application Object that points to the NAVCE 7.6 client installation files.This can be done from the Network Administrator utility. For Windows, the client installation files will default to Sys:\Nav\Clt-inst\Win32\Setup.exe. 2. Configure the Application Object by setting the option to associate the Application Object with the organization unit or target systems, and by setting the system requirements to the corresponding operating system files on the server. 3. Select the Application Object install style. Uninstalling NAVCE from Client PCs Sometimes it is ideal to perform a complete uninstall of a previous version of an application to get a good clean fresh install of a newer version. NAVCE 7.6 pro- vides an easy method to uninstall, which is simply done within the Control Panel.The following steps walk you through an uninstall. www.syngress.com 245_Symantec_06.qxd 5/9/03 4:09 PM Page 276 Implementing NAVCE 7.6 to Client PCs • Chapter 6 277 1. Click Start | Settings | Control Panel | Add/Remove Programs. 2. Select Norton AntiVirus Corporate Edition. 3. Click the Remove button. The program files have now been uninstalled.There are still, however, files that are marked for deletion upon booting up. If our intention to uninstall NAVCE 7.6 is to reinstall the same program, perhaps with different settings, a reboot will need to take place. If the computer isn’t first rebooted, the installation process will error out and display a message that the system needs a reboot. Figure 6.24 shows an example of this error message. Understanding NAVCE 7.6 Registry Keys on NT/2000/XP Client PCs It is important for a network administrator to be familiar with the Registry keys used by the client systems.The following Registry keys are created during an NAVCE 7.6 installation and are considered important, therefore it’s best to be aware of their existence.They are listed in order of importance and operating system. Windows 9x/NT/2000/XP In Figure 6.25, note the location of the ProcessGRCNow key, as discussed earlier. The parent server name can be seen and adjusted within the parent key. We can also see the IP ports currently configured, the name of the alert directory, and many other configuration options. Editing the Registry should be a last resort, as most of these options can be configured using a GUI tool provided by NAVCE 7.6.These keys are all found within HKEYUSERS\.DEFAULT\Software\Intel. www.syngress.com Figure 6.24 Possible Installation Error 245_Symantec_06.qxd 5/9/03 4:09 PM Page 277 278 Chapter 6 • Implementing NAVCE 7.6 to Client PCs The following Registry keys are located on the parent server, yet are directly related to the client configurations and updates.These keys can be changed to customize our system configuration. Knowledge of these keys is also helpful in troubleshooting any issue that may arise. The following keys can be modified for customization of the file pushing abilities. Here we can set the time for checking updates and inspect the age of certain files (grc.dat, virus definitions, and so on). ■ By comparing these keys, the age of virus definitions can be obtained: HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\ CurrentVersion\Clients\ComputerName\PatternVersion (and UsingPattern) ■ This value can be checked to indicate whether a client is accepting updates or not: HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\ CurrentVersion\Clients\ComputerName\Flags. www.syngress.com Figure 6.25 Registry Keys Used by All Client Operating Systems 245_Symantec_06.qxd 5/9/03 4:09 PM Page 278 Implementing NAVCE 7.6 to Client PCs • Chapter 6 279 ■ Check-in configuration options. 60 minutes by default. HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersi on\ClientConfig\PatternManager\CheckConfigMinutes ■ The timestamp located here is used as a reference for the server to check the age of a clients grc.dat file: HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\ CurrentVersion\Clients\ComputerName\GRCUpdateTime Changes to the default location of the error reporting files for software and virus definition updates can be made in the following.These error reports include the time and reasons for failure of file updates. ■ grc.dat file rollout errors: HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\ CurrentVersion\Clients\ComputerName\GRCUpdateFailedReason ■ grc.dat file rollout error time: HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\ CurrentVersion\Clients\ComputerName\GRCUpdateFailedTime ■ Error codes reported during a virus definition update: HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\ CurrentVersion\Clients\ComputerName\DefUpdateFailedReason ■ Length of time of last definition update: HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\ CurrentVersion\Clients\ComputerName\DefUpdateElapsedTime Understanding NAVCE 7.6 Services Running on NT/2000/XP Client PCs Now we will discuss the services running on the NAVCE 7.6 client systems. These services function as communicators to the server for updating client status (such as RTVScan), and virus definition updates and utilization (such as DefWatch). Another service discussed here is responsible for real-time virus pro- tection, or Auto-Protect.These services are important to note as they work www.syngress.com 245_Symantec_06.qxd 5/9/03 4:09 PM Page 279 [...]... client software Upon returning to our Long Island headquarters, I immediately investigated the issue I located a document on Symantec s Support site Continued www.syngress.com 303 2 45 _symantec_ 07.qxd 304 5/ 8/03 4:12 PM Page 304 Chapter 7 • Upgrading from Prior Versions (Document ID: 200012011 355 154 8) that directly referenced this error Unfortunately, the proposed fix was not applicable Even worse, whenever... 2 45 _symantec_ 07.qxd 5/ 8/03 4:12 PM Page 289 Chapter 7 Upgrading from Prior Versions Solutions in this chapter: I NAVCE Upgrade Considerations I Developing an Upgrade Plan I Upgrading from NAVCE 7.0 and 7 .5 I Exploring Automatic Migration Options I Migrating from Third-Party LAN Antivirus Programs I Sample Project Plan for NAVCE Upgrade Summary Solutions Fast Track Frequently Asked Questions 289 2 45 _symantec_ 07.qxd... hours that you want to be the new time-out interval for your NAVCE environment (336 = 14 days, 168 = 7 days, 120 = 5 days) 5 Click OK, and exit the Registry Editor No restart is required 6 Reload the Norton AntiVirus or Symantec AntiVirus Server Service Upgrading from NAVCE 7.0 and 7 .5 Upgrading from these two previous versions can be accomplished with far more ease than any other scenario In most... console and right-click it 2 Choose All Tasks | Norton AntiVirus | Client Administrator Only Options 3 Click Show Norton AntiVirus Icon on Desktop 4 Click OK www.syngress.com 281 2 45 _Symantec_ 06.qxd 282 5/ 9/03 4:09 PM Page 282 Chapter 6 • Implementing NAVCE 7.6 to Client PCs To remove the icon from the system tray, simply deselect the Show Norton AntiVirus Icon on Desktop button and click OK For unmanaged... to a new platform (such as any older Symantec AntiVirus suites) will add new complexity and even some new incompatibilities to your preexisting infrastructure It is also extremely important to test your upgrade in a lab environment first Failure to do so could create massive problems you may not be aware of until it’s too late www.syngress.com 2 45 _symantec_ 07.qxd 5/ 8/03 4:12 PM Page 291 Upgrading from... Continued www.syngress.com 2 45 _symantec_ 07.qxd 5/ 8/03 4:12 PM Page 2 95 Upgrading from Prior Versions • Chapter 7 Within my e-mail software, I maintain several draft templates that can easily be altered and e-mailed within minutes I have templates for everything from new virus notifications to structural file system changes I not only find that this e-mail notification system works to incorporate end users as... compressed to save time while e-mailing a large file.Thus, the virus will essentially be encapsulated within the compressed file and can still be introduced to the corporate network upon de-compression www.syngress.com 287 2 45 _Symantec_ 06.qxd 288 5/ 9/03 4:09 PM Page 288 Chapter 6 • Implementing NAVCE 7.6 to Client PCs Q: Why does RTVScan delete the grc.dat file once the updates have been made? A: The grc.dat... another change is made | www.syngress.com 2 45 _Symantec_ 06.qxd 5/ 9/03 4:09 PM Page 281 Implementing NAVCE 7.6 to Client PCs • Chapter 6 OK and so on, the ProcessGRCNow Registry key will remain at a value of 1 until all the configuration updates are carried out RTVScan will continue to check the ProcessGRCNow key until if finds the value to equal 0 NOTE RTVScan 95 is the RTVScan version for Windows 9x/Me... upgrading technology continually And the larger and older your network, the more you stumble upon these upgrades Has the word upgrade found its way into your antivirus solution? Possibly you are already utilizing an older version of Norton AntiVirus Corporate Edition (NAVCE) and are not only looking to learn the finer points of version 7.6, but also seeking information on how easily you can upgrade your existing...2 45 _Symantec_ 06.qxd 280 5/ 9/03 4:09 PM Page 280 Chapter 6 • Implementing NAVCE 7.6 to Client PCs together to create the NAVCE 7.6 environment and could be useful for troubleshooting purposes if needed Norton AntiVirus Server (RTVScan.exe) One of the main features of NAVCE 7.6 is the RTVScan.exe program RTVScan . uninstall. www.syngress.com 2 45 _Symantec_ 06.qxd 5/ 9/03 4:09 PM Page 276 Implementing NAVCE 7.6 to Client PCs • Chapter 6 277 1. Click Start | Settings | Control Panel | Add/Remove Programs. 2. Select Norton AntiVirus Corporate. Choose All Tasks | Norton AntiVirus | Client Administrator Only Options. 3. Click Show Norton AntiVirus Icon on Desktop. 4. Click OK. www.syngress.com 2 45 _Symantec_ 06.qxd 5/ 9/03 4:09 PM Page 281 282. configuration.This would involve opening grc.dat with a text www.syngress.com 2 45 _Symantec_ 06.qxd 5/ 9/03 4:09 PM Page 2 75 276 Chapter 6 • Implementing NAVCE 7.6 to Client PCs editor and adding the