9.2 MSI Installation

This procedure creates an MSI package for the Endpoint Security Client 4.0. This package is used by a system administrator to publish the installation to a group of users via an Active Directory policy, or through other software distribution methods.

9.2.1 Using the Master Installer

If you are installing from the CD or ISO master installer and if you’re not planning to run any command line variables:

  1. Insert the CD and wait for the master installer to launch.

  2. Click Product Installation.

  3. Click Security Client.

  4. Click Create ZSC MSI Package.

  5. Continue with Section 9.2.3, Completing the Installation.

9.2.2 Using the Setup.exe File

If you are using just the setup.exe file for installation:

  1. Right-click setup.exe.

    The executable can be found on the CD under D:\ESM32\ZSC.

  2. Select Create Shortcut.

  3. Right-click the shortcut, then click Properties.

  4. At the end of the Target field, after the quotes, press the Spacebar once to insert a space, then type /a.

    For example: “C:\Documents and Settings\euser\Desktop\CL-Release-3.2.455\setup.exe" /a

    Several command line variables are available for MSI installation. See Section 8.2.1, Command-line Variables for more details.

  5. Click OK.

  6. Double-click the shortcut to launch the MSI installer.

  7. Continue with Section 9.2.3, Completing the Installation.

9.2.3 Completing the Installation

Complete either Using the Master Installer or Using the Setup.exe File, then use this procedure to finish installing the client.

  1. Click NEXT on the Welcome screen to continue.

  2. Select Require an uninstall password (recommended) and enter the password. Click Next.

    NOTE:If you uninstall the Endpoint Security Client through an MSI package, you must specify the uninstall password through the MSI properties (see Table 9-1).

  3. Select a policy type (either a User Based Policy, where each user has an individual policy, or a Computer Based Policy, where one policy is used for all users). Click Next.

    NOTE:Select User Based Policy if your network uses eDirectory as its Directory Service. eDirectory does not support computer based policies.

  4. Select how policies are to be received (managed through ESM servers for managed clients or retrieved locally for an unmanaged (standalone) configuration.

  5. (Optional) If you selected Manage through ESM servers in Step 4:

    • The server name you enter must match the “Issued To” name that is provided in the trusted root certificate used on the server where you installed the ZENworks Endpoint Management Service or Single Server. This will either be the NETBIOS name or the Fully Qualified Domain Name (FQDN) of the server running the ZENworks Endpoint Management Service component.

  6. (Optional) Specify an e-mail address in the provided field to notify you if the installation fails.

  7. Specify the network location where you want to create the MSI image, or browse to and select that location by clicking the Change button.

    Select network location for the MSI image

  8. Click Install to create the MSI image. Click Finish to close the setup program.

  9. Browse to the location where you created the MSI image and open the \Program Files\Novell ZENworks\Endpoint Security Client\ folder.

  10. Copy the Management Service SSL certificate (ESM-MS.cer, or the enterprise certificate) and the Novell license key into this folder, replacing the default 0 KB files currently in the folder.

    The ESM-MS SSL certificate is available in the ZENworks Endpoint Security Management Setup Files folder. The license key is e-mailed separately. If you are using the 60-day evaluation, no license key is necessary at this time.

9.2.4 Command Line Variables

Command Line variable options are available for an MSI installation. These variables must be set in the executable shortcut that is set to run in administrator mode. To use a variable, the following command line must be entered in the MSI shortcut:

“...\setup.exe” /a /V"variables". Enter any of the commands below between the quotation marks. Separate multiple variables with a single space.

The following command line variables are available:

Table 9-1 Command Line Variables

Command Line Variable

Description

Notes

/qn

Quiet install.

Suppresses the typical MSI Installation process. The Endpoint Security Client will activate at the next user reboot.

SESMSG=1

Shows a message to the end user that files in “Safe Harbors” cannot automatically have encryption removed if an Encryption Policy is deployed.

The default value is 0 (don’t display messages) in order to make the uninstall “silent.”

STRBR=ReallySuppress

No reboot after the install completes.

Security enforcement and client self defense are not fully functional until after the first reboot.

STUPGRADE=1

Upgrade the Endpoint Security Client 4.0.

Upgrades the Endpoint Security Client 4.0.

STUNINSTALL=1

Uninstall the Endpoint Security Client 4.0.

Uninstalls the Endpoint Security Client 4.0.

For detailed uninstall instructions, see Uninstalling the Endpoint Security Client 3.5 in the ZENworks Endpoint Security Management Administration Guide.

STUIP=password

Uninstall with password

Use this variable when an uninstall password is active.

STNMS=”MS Name”

Change the Management Service name.

Changes the Management Service name for the Endpoint Security Client 4.0.

POLICYTYPE=1

Change Endpoint Security Client 4.0 to machine-based policies.

Changes MSI-installed Endpoint Security Clients to accept machine-based policies instead of user-based policies.

POLICYTYPE=2

Change Endpoint Security Client 4.0 to user-based policies.

Changes MSI-installed ZENworks Security 4.0 Clients for Vista to accept user-based policies instead of machine-based policies.

STVA=”Adapter name”

Add a virtual adapter.

Activates policy control over a virtual adapter

/L*v c:\log.txt

Turn on logging.

Activates logging at installation. If you do not use this variable, logging must be done through the Endpoint Security Client Diagnostics tools.

9.2.5 Distributing a Policy with the MSI Package

The default policy included at MSI installation can be replaced with an enterprise-configured policy. To push down a specific policy with the MSI image:

  1. Create a policy to be distributed to all users through the Management Console (see the ZENworks Endpoint Security Management Administration Guide for details on Policy Creation).

  2. Export the policy, then rename it to be policy.sen.

    All policies distributed in this manner (unmanaged) must be named policy.sen in order for the Endpoint Security Client 4.0 to accept them. Policies not named policy.sen are not implemented by the Endpoint Security Client 4.0.

  3. Open the folder the policy was exported into and copy the policy.sen and setup.sen files.

  4. Browse to the created MSI image and open the \Program Files\Novell ZENworks\Endpoint Security Client\ folder.

  5. Paste the policy.sen and setup.sen files into the folder. This will replace the default policy.sen and setup.sen files.