0 valutazioniIl 0% ha trovato utile questo documento (0 voti)
60 visualizzazioni4 pagine
MSI_FAQ.TXT is a list of the most commonly used MSI commands. For a complete list of commands, properties, and features, see the Symantec Know ledge Base. MSI Logging can be controlled with a local System and Group Policy at the machine level.
MSI_FAQ.TXT is a list of the most commonly used MSI commands. For a complete list of commands, properties, and features, see the Symantec Know ledge Base. MSI Logging can be controlled with a local System and Group Policy at the machine level.
Copyright:
Attribution Non-Commercial (BY-NC)
Formati disponibili
Scarica in formato TXT, PDF, TXT o leggi online su Scribd
MSI_FAQ.TXT is a list of the most commonly used MSI commands. For a complete list of commands, properties, and features, see the Symantec Know ledge Base. MSI Logging can be controlled with a local System and Group Policy at the machine level.
Copyright:
Attribution Non-Commercial (BY-NC)
Formati disponibili
Scarica in formato TXT, PDF, TXT o leggi online su Scribd
Copyright 2007 2009 Symantec Corporation. All rights reserved. March 2009 ****************************************************************************** This file is a list of the most commonly used MSI commands for Symantec Enterpri se Protection, and Symantec Endpoint Security Manager, and Symantec Network Acce ss Control. For a complete list of commands, properties, and features, see the Symantec Know ledge Base. BASIC MSI commands ------------------ /QN - Quiet No UI /QB - Quiet Basic UI /L*V log.txt - full verbose logging to file log.txt MSI logging ----------- When run from the setup.exe stub Symantec Enterprise Protection, and Symantec En dpoint Security Manager, and Symantec Network Access Control automatically creat e installer logs to the %TEMP% folder (e.g. C:\Documents and Settings\<USERNAME> \Local Settings\Temp) named SEP_INST.LOG, SEPM_INST.LOG or SNAC_INST.LOG respect ively. When the installers are run from either the ClientRemote tool the install er logs are automatically created in the %WINDIR%\temp folder (e.g. C:\WINDOWS\t emp) named VPREMOTE.LOG. These installer logs are vital in determining installer failures. Please have th ese logs available when contacting Symantec Support. * Note Localized operating systems may have slightly different folders for the l og files. You can resolve this by clicking on the start button, clicking run and then entering either %TEMP% for the temp folder or %WINDIR%\temp for the window s temp folder. Please see the Reading Installer logs section below for more information. MSI Logging with System and Group Policy ---------------------------------------- MSI logging can also be controlled with a local System and Group Policy at the m achine level. Please reference "How to Enable Windows Installer Logging in Windows XP" http:// support.microsoft.com/kb/314852 MSI Logging options (VOICEWARMUP) --------------------------------- v - Verbose output o - Out-of-disk-space messages i - Status messages c - Initial UI parameters e - All error messages w - Non-fatal warnings a - Start up of actions r - Action-specific records m - Out-of-memory or fatal exit information u - User requests p - Terminal properties + - Append to existing file ! - Flush each line to the log * - Wildcard, to log all information except for the v option. To include the v o ption, specify *v. BASIC MSI properties -------------------- REBOOT=REALLYSUPPRESS During migration a reboot may be required. By suppressing a required reboot, full product functionality may not be available until a reboo t has taken place. This may not be apparent on a silent install or migration as no user interface messages are displayed. Install properties -------------- RUNLIVEUPDATE= (1 = run LiveUpdate after install, 0 = do not run LiveUpdate afte r install, default = 1 run LiveUpdate after install) ENABLEAUTOPROTECT= (1 = ON, 0 = OFF, Default is 1 = ON) SYMPROTECTDISABLED= (0 = ON, 1 = OFF, Default is 0 = ON) DISABLEDEFENDER= (1 = Disable Windows Defender, 0 = Do not disable Windows Defen der, Default is 1 = Disable Windows Defender) INSTALLDIR= (Install target directory, default is C:\Program Files\Symantec Anti Virus) CACHEINSTALL= (1 = Cache install, 0 = don't cache, Default is 1) MIGRATESETTINGS= (0 = don't preserve setting, 1 = preserve all sygate firewall/n etwork acceess setttings, 2 = preserve SyLink.xml and logs only) This affects legacy sygate settings only. SAV10UNINSTALLFIXRUN= (1 = already run, 0 = not yet run) Upgrading SAV10.x or SCS3.x requires modification of the cached install package or the upgrade will fail. If SAV10.x or SCS3.x are detected, the install will a bort unless the user is an administrator of the local machine. Setting this pro perty to 1 disables this check. Note that enabling MSI to run with elevated privileges is not sufficient in this case. In addition to installing as a local administrator, the modification can be accomplished in two other ways: 1. Temporarily grant users write access to the Windows\Installer directory for the duration of the upgrade. 2. Run the tool Tools\Sav9UninstallFix under the credentials of an account with write access to Windows\Installer, and then execute the upgrade with the proper ty SAV9UNINSTALLFIXRUN=1 on the command line. Many of these properties can also be set via the setAid.ini file. If there is a file named setAid.ini in the same folder as the MSI file, the installer will pa rse it for various options. The following sections and values equate to the lis ted properties: CUSTOM_SMC_CONFIG: DestinationDirectory = INSTALLDIR LU_CONFIG: Manageability ------------- The SAV installer will check for an external file named SyLink.xml. If this fil e is found it will override the internal version and be copied to the directory where the product is installed. It should contain the information needed to con nect to the SESM. Windows Security Center features -------------------------------- These properties allow for the configuration of the interaction between users an d the Windows Security Center (WSC) running on Windows® XP Service Pack 2. These properties apply to unmanaged clients only. The Symantec System Center con trols these properties for managed clients. WSCCONTROL= (0 = No action, 1 = Disable once, 2 = Disable always, 3 = Restore if disabled) Allows an administrator of a non-managed network to configure the WindowsSecurit yCenterControl value. WSCAVALERT= (0 = Disable, 1 = Enable, Default is 0 = Disable) Allows an administrator of a non-managed network to configure the AntiVirusDisab leNotify value for Windows Security Center. WSCAVUPTODATE= (Integer value between 1 and 90, Default is 30) Allows an administrator of a non-managed network to configure the number of days used to determine if threat definitions are up to date for Windows Security Cen ter. MSI Feature name - Feature Discription. Specificy the MSI Feature name when addi ng or removing features from the command line. Selectable SAV features ----------------------- SAVMain - Antivirus and Antispyware Protection ->EMailTools - Antivirus Email Protection ->OutlookSnapin - Outlook Scanner ->NotesSnapin - Notes Scanner ->Pop3Smtp - POP3/SMTP Scanner Proactive Threat Protection features ------------------------------------ PTPMain - Proactive Threat Protection ->COHMain - Proactive Threat Scan ->DCMain - Application and Device Control Network Threat Protection features ----------------------------------- ITPMain - Network Threat Protection ->Firewall - Firewall and Intrusion Prevention Adding and removing features ---------------------------- To remove existing features: REMOVE=<feature1>,<feature2>,<feature3> To add new features: ADDLOCAL=<feature1>,<feature2>,<feature3>, <existing feature 1>, <existing featu re 2>, etc. Note: When adding new features using ADDLOCAL, any existing features on the targ et computer that you want to retain must be included or the installation will re move any features on the target computer that are not listed. Make sure that th e ADDLOCAL= line always contains the feature "Core" in it, these are required by all of the various installs. It is also very important to note that feature na mes are case sensitive. "EmailTools" is not the same feature as "EMailTools". DEPLOYING TO VISTA CLIENTS -------------------------- The Symantec Deployment tool ClientRemote requires the remote target client comp uter to be running the Remote Registry service. In versions of Windows prior to Vista this service was on by default however in Microsoft Vista it is now off by default. ClientRemote has the ability to remotely detect that Remote Registry s ervice is not running and start it. If ClientRemote does start the service, it w ill also disable the service once it has completed running. If it does not start it then it will not stop the service. Depending on the speed of the target clie nt computer and various other timing issues, ClientRemote may prompt that the ta rget client computers do not have the Remote Registry service running and if thi s happens you are advised to re-add the client a second time as this often works . Using administrative accounts and ClientRemote to deploy SAV clients to Microsof t Vista and Windows 7 Clients -------------------------------------------------------------------------------- ----------------------------- When Microsoft Vista or Windows 7 is configured with UAC (User Account Control) turned on, local Administrative accounts (Little Abby) are filtered and are not able to remotely access remote administrative shares (C$, Admin$) as they were i n previous versions of Windows. To use ClientRemote in this scenario either use a Domain Administrative account (Big Abby) if the client computer is on an Activ e Directory domain. Otherwise you must disable the client computer's local accou nt filtering policy by creating the following registry key on the target machine . HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\ LocalAccountToke nFilterPolicy DWORD: 1 Reading Installer logs ---------------------- The common installer logs are SEP_INST.LOG, SNAC_INST.LOG, or SEPM_INST.LOG. The se are standard MSI log files. You can search for an installer failure point by doing a text search for the string "value 3" (CTRL+F = find in Notepad). This is important in determining installer and migration failures, especially in silent scenarios. A small sample of common errors and messages are This version of Symantec Endpoin t Protection requires Internet Explorer 6 or later. or This version of Symantec En dpoint Protection does not support 64-bit platforms. Please install Symantec En dpoint Protection for Win64 instead. Please have the installer log file and error message available when contacting S ymantec Support.
Command line example
-------------------- This example demonstrates a silent Symantec Endpoint Protection installation. LiveUpdate is not run, and the system is not restarted even if it is required. Sample command line: setup /s /v"/l*v log.txt /qn RUNLIVEUPDATE=0 REBOOT=REALLYSUPPRESS"