PGP, Pretty Good Privacy, and the PGP logo are registered trademarks of PGP Corporation in the US and other
countries. IDEA is a trademark of Ascom Tech AG. Windows and ActiveX are registered trademarks of Microsoft
Corporation. AOL is a registered trademark, and AOL Instant Messenger is a trademark, of America Online, Inc.
Red Hat and Red Hat Linux are trademarks or registered trademarks of Red Hat, Inc. Linux is a registered trademark
of Linus Torvalds. Solaris is a trademark or registered trademark of Sun Microsystems, Inc. AIX is a trademark or
registered trademark of International Business Machines Corporation. HP-UX is a trademark or registered trademark
of Hewlett-Packard Company. SSH and Secure Shell are trademarks of SSH Communications Security, Inc.
Rendezvous and Mac OS X are trademarks or registered trademarks of Apple Computer, Inc. All other registered
and unregistered trademarks in this document are the sole property of their respective owners.
Licensing and Patent Information
The IDEA cryptographic cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The
CAST-128 encryption algorithm, implemented from RFC 2144, is available worldwide on a royalty-free basis for
commercial and non-commercial uses. PGP Corporation has secured a license to the patent rights contained in the
patent application Serial Number 10/655,563 by The Regents of the University of California, entitled Block Cipher
Mode of Operation for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. Some thirdparty software included in PGP Universal Server is licensed under the GNU General Public License (GPL). PGP
Universal Server as a whole is not licensed under the GPL. If you would like a copy of the source code for the GPL
software included in PGP Universal Server, contact PGP Support (http://www.pgp.com/support). PGP Corporation
may have patents and/or pending patent applications covering subject matter in this software or its documentation;
the furnishing of this software or documentation does not give you any license to these patents.
• Secure shell OpenSSH version 4.2.1 developed by OpenBSD project is released by the OpenBSD Project under
a BSD-style license, available at http://www.openbsd.org/cgibin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD.
2000-2003 Free Software Foundation, Inc. • gSOAP, a development tool for Windows clients to communicate with
the Intel Corporation AMT chipset on a motherboard, is distributed under the GNU Public License, available at
http://www.cs.fsu.edu/~engelen/soaplicense.html. • Windows Template Library (WRT) is used for developing user
interface components and is distributed under the Common Public License v1.0 found at http://opensource.org/
licenses/cpl1.0.php. • The Perl Kit provides several independent utilities used to automate a variety of maintenance
functions and is provided under the Perl Artistic License, found at http://www.perl.com/pub/a/language/misc/
Artistic.html.
Export Information
Export of this software and documentation may be subject to compliance with the rules and regulations promulgated
from time to time by the Bureau of Export Administration, United States Department of Commerce, which restricts
the export and re-export of certain products and technical data.
Limitations
The software provided with this documentation is licensed to you for your individual use under the terms of the End
User License Agreement provided with the software. The information in this document is subject to change without
notice. PGP Corporation does not warrant that the information meets your requirements or that the information is
free of errors. The information may include technical inaccuracies or typographical errors. Changes may be made to
the information and incorporated in new editions of this document, if and when made available by PGP Corporation.
Notices
- 5 -
PGP Endpoint
- 6 -
Table of Contents
Table of Contents
Preface: About This Document..................................................................................................................................9
System Requirements.................................................................................................................................................................12
Other Software Requirements..............................................................................................................................................17
Installing the Database...............................................................................................................................................................24
Generating a Key Pair................................................................................................................................................................26
Installing the Administration Server..........................................................................................................................................28
Installing the Management Server Console...............................................................................................................................37
Installing the Client....................................................................................................................................................................41
Upgrading the Database.............................................................................................................................................................51
Upgrading the Administration Server........................................................................................................................................54
Upgrading the Management Server Console.............................................................................................................................57
Upgrading the Client..................................................................................................................................................................58
Appendix A: Configuring DCOM Settings for the Administration Server.........................................................83
Setting Up Distributed Component Object Model (DCOM)....................................................................................................83
Set Access Control List Security Permissions.......................................................................................................................... 86
Appendix B: Installing the Client for Windows XP Embedded...........................................................................89
Windows XPe Client Limitations..............................................................................................................................................89
Installing the Client for Windows XPe.....................................................................................................................................91
- 8 -
Preface
About This Document
This Setup Guide is a resource written for all users of PGP Endpoint 4.4 SR5. This document defines the
concepts and procedures for installing, configuring, implementing, and using PGP Endpoint 4.4 SR5.
Tip:
PGP documentation is updated on a regular basis. To acquire the latest version of this or any other published
document, please refer to the PGP Support Portal Web Site (https://support.pgp.com).
Typographical Conventions
The following conventions are used throughout this documentation to help you identify various information
types.
Table 1: Typographical Conventions
ConventionUsage
boldButtons, menu items, window and screen objects.
bold italics
italicsNew terms, options, and variables.
MONOSPACE UPPERCASEKeyboard keys.
BOLD UPPERCASESQL Commands.
monospaceFile names, path names, programs, executables, command syntax, and
Wizard names, window names, and page names.
property names.
Getting Assistance
Getting Product Information
Unless otherwise noted, the product documentation is provided as Adobe Acrobat PDF files that are installed
with PGP Endpoint. Online help is available within the PGP Endpoint product. Release notes are also available,
which may have last-minute information not found in the product documentation.
- 9 -
PGP Endpoint
Contacting Technical Support
•To learn about PGP support options and how to contact PGP Technical Support, please visit the PGP
Corporation Support Home Page (http://www.pgp.com/support).
•To access the PGP Support Knowledge Base or request PGP Technical Support, please visit PGP Support
Portal Web Site (https://support.pgp.com).
Note:
You may access portions of the PGP Support Knowledge Base without a support agreement; however, you
must have a valid support agreement to request Technical Support.
•For any other contacts at PGP Corporation, please visit the PGP Contacts Page (http://www.pgp.com/
company/contact/index.html).
•For general information about PGP Corporation, please visit the PGP Web Site (http://www.pgp.com).
•To access the PGP Support forums, please visit PGP Support (http://forums.pgpsupport.com). These are user
community support forums hosted by PGP Corporation.
- 10 -
Chapter
1
Planning Your Installation
In this chapter:
• Recommended Security Rules
• System Requirements
• Licensing PGP Endpoint Products
Planning for your software installation requires knowledge of the
minimum system requirements necessary to support Application
Control and Device Control coupled with recommendations for
network security rules that can enhance the security state of your
environment.
To assist in gathering the information required for a smooth
installation, PGP recommends that you use the Installation Checklist
on page 22.
Recommended Security Rules
PGP recommends that you define certain administrative security rules before installing PGP Endpoint.
The recommended security settings are specific to Microsoft® Windows® and complement operation of PGP
Endpoint.
Table 2: Recommended Security Rules
Security RuleDescription
Hard Disk EncryptionEncrypts computer disk drives to prevent unauthorized user
access to the computer hard disk drive.
Password Protect the BIOSPrevents administrative user access when using a CMOS
reset jumper, in combination with password protection for
the BIOS and seal/chassis intrusion protection.
Seal/Chassis Intrusion ProtectorUses seal and/or chassis intrusion protection hardware to
prevent administrative user access using an external boot
device to bypass workstation security software.
Administrative RightsRemove local users from the local Administrators group to
prevent unrestricted local user computer access.
Power UsersRemove local users from the Power Users group to prevent
users from tampering or bypassing standard Windows
security policies.
- 11 -
PGP Endpoint
Security RuleDescription
Access PolicyRestrict network and file access as much as possible,
including use restriction only to NTFS partitions.
NTFS PartitionUse of NTFS partitioning is required for installation of PGP
Endpoint product solutions.
Recovery Console
Service Pack and Hot FixesAlways install the latest service packs and hot fixes for
FirewallsUse traditional perimeter-based security systems, like
Password PoliciesMaintain strong password security policies.
Private and Public Key GenerationDeploy PGP Endpoint product solutions using secure public
Password protect user access to the Recovery Console,
which is available for the Windows DVD/CD-ROM or
MSDN subscription.
the operating system supported by PGP Endpoint product
solutions.
firewalls, to complement PGP Endpoint product solutions.
and private key pairs.
System Requirements
The following sections describe the minimum system requirements necessary for successful installation of PGP
Endpoint and the languages supported by the client.
The listed specifications are a minimum; larger network environments, may require additional hardware and
software resources. The system requirements for PGP Endpoint are listed in the following topics.
- 12 -
Planning Your Installation
Minimum Hardware Requirements
The minimum PGP Endpoint hardware requirements depend upon your service network environment, including
the type of database supported, the number of Administration Servers you need to support a distributed network,
and the number of subscribed clients.
The hardware requirements for PGP Endpoint vary depending upon the number of servers and clients you
manage. The following minimum hardware requirements will support up to:
•200 connected PGP Endpoint clients for PGP Endpoint Device Control
•50 connected PGP Endpoint clients for PGP Endpoint Application Control
Table 3: Minimum Hardware Requirements
PGP Endpoint ComponentRequirement
Database
Administration Server
Management Server Console
Client
•1 GB (4 GB recommended) memory
•Pentium® Dual-Core CPU processor or AMD equivalent
•3 GB minimum hard disk drive
•100 MBits/s NIC
•512 MB (1 GB recommended) memory
•Pentium® Dual-Core CPU or AMD equivalent
•3 GB minimum hard disk drive
•100 MBits/s NIC
•512 MB (1 GB recommended) memory
•15 MB hard disk drive for installation, and 150 MB additional for
application files
•1024 by 768 pixels for display
•256 MB (1 GB recommended) memory
•10 MB hard disk drive for installation, and several additional GB for
full shadowing feature of PGP Endpoint Device Control
•100 MBits/s NIC
- 13 -
PGP Endpoint
Supported Operating Systems
PGP Endpoint supports multiple Microsoft Windows operations systems for the Administration Server,
Management Server Console, database, and client.
The operating system requirements for PGP Endpoint components are outlined as follows.
Table 4: Operating System Requirements
PGP Endpoint ComponentRequirement
DatabaseOne of the following:
•Microsoft Windows ® XP Professional Service Pack 2 or higher
(SP2+) (32-bit)
•Windows XP Service Pack 2 (SP2) (64-bit)
•Microsoft Windows Server 2003, Standard Edition with Service
Pack 2 (SP2) or later (32-bit)
•Microsoft Windows Server 2003, Enterprise Edition with SP2
or later (32-bit)
•Microsoft Windows Server 2008, Standard Edition with SP2 or
later (32-bit and 64-bit)
•Microsoft Windows Server 2008, Enterprise Edition with SP2
or later (32-bit and 64-bit)
•Microsoft Windows Server 2008 R2 (64 bit only)
Administration ServerOne of the following:
•Windows Server 2003, Standard Edition with SP2 or later (32bit)
•Windows Server 2003, Enterprise Edition with SP2 or later (32bit)
•Windows Server 2008, Standard Edition with SP2 or later (32bit and 64-bit)
•Windows Server 2008, Enterprise Edition with SP2 or later (32bit and 64-bit)
•Windows Server 2008 R2 (64 bit only)
- 14 -
PGP Endpoint ComponentRequirement
Management Server ConsoleOne of the following:
•Windows XP Professional SP2+ (32-bit)
•Windows Server 2003, Standard Edition with SP2 or later (32bit)
•Windows Server 2003, Enterprise Edition with SP2 or later (32bit)
•Windows Server 2008, Standard Edition with SP2 or later (32bit and 64-bit)
•Windows Server 2008, Enterprise Edition with SP2 or later (32bit and 64-bit)
•Windows Server 2008 R2 (64 bit only)
•Microsoft Windows Vista™ SP1+ (32- and 64-bit)
•Microsoft Windows 7 (32- and 64-bit)
Planning Your Installation
- 15 -
PGP Endpoint
PGP Endpoint ComponentRequirement
ClientOne of the following:
•Microsoft Windows® Server 2000 Service Pack 4 or higher
(SP4+) (32-bit)
•Microsoft Windows 2000 Professional SP4+ (32-bit)
•Microsoft Windows XP Professional Service Pack 2 or higher
(SP2+) (32- and 64-bit)
•Windows Server 2003, Standard Edition with SP2 or later (32bit)
•Windows Server 2003, Enterprise Edition with SP2 or later (32bit)
•Windows Server 2008, Standard Edition with SP2 or later (32bit and 64-bit)
•Windows Server 2008, Enterprise Edition with SP2 or later (32bit and 64-bit)
•Windows Server 2008 R2 (64 bit only)
•Windows Vista SP1+ (32- and 64-bit)
•Windows 7 (32- and 64-bit)
•Microsoft Windows XP Embedded (XPe) Service Pack 2 (SP2)
(32-bit)
•Microsoft Windows Embedded Point of Service (WEPOS) (32bit)
•Microsoft Windows XP Tablet PC Edition (32-bit)
•Citrix Access Gateway™ 4.5
•Citrix Presentation Server™ 4.0 for Windows Server 2003 SP1/
SR2+ (32-bit)
•Citrix Presentation Server 4.5 for Windows Server 2003 SP1/
SR2+ (32- and 64-bit)
- 16 -
Planning Your Installation
Supported Databases
PGP Endpoint supports multiple releases of Microsoft® SQL Server®. You should choose the database instance
required by your network operating environment and the number of Administration Servers and subscribed
clients the application must support.
The database requirements for PGP Endpoint components are outlined as follows.
Table 5: Database Requirements
PGP Endpoint ComponentRequirement
DatabaseOne of the following:
•Microsoft SQL Server® 2005 Service Pack 2 or higher (SP2+) (32-bit and
64-bit)
•Microsoft SQL Server 2005 Express Edition SP2+ (32-bit and 64-bit)
•Microsoft SQL Server 2008
•Microsoft SQL Server 2008 Express Edition
Other Software Requirements
PGP Endpoint requires the following additional software.
Additional software requirements for PGP Endpoint components are outlined as follows.
Table 6: Other Software Requirements
PGP Endpoint ComponentRequirement
DatabaseNo additional software requirements.
Administration ServerIf you will be encrypting Windows user accounts for centralized
Device Control encryption, you will need to install an enterprise level
Certificate Authority. See Microsoft Certificate Authority (http://
technet.microsoft.com/en-us/library/cc756120.aspx) for additional
information about certificates.
Attention: Certificate authority installation applies to Device Control
only for centralized encryption capability.
A Certificate Authority is required to use secure communications
between clients and servers, and intra-server communications.
Attention: Certificate authority installation applies to both Device
Control and Application Control for secure server communications.
Management Server ConsoleMicrosoft Visual C++ 2008 Redistributable Package.
ClientNo additional software requirements.
- 17 -
PGP Endpoint
Recommended Configuration
To maximize PGP Endpoint for operation in a Microsoft Windows environment, you should configure your
network environment database and client components using the following suggested configurations.
The recommended configurations for PGP Endpoint components are outlined as follows. These settings represent
the usual default settings, but should be confirmed before beginning PGP Endpoint installation.
Table 7: Recommended Configuration
PGP Endpoint ComponentRequirement
Database
Administration ServerNone recommended.
Management Server ConsoleNone recommended.
Client
•Change the Windows Event Viewer settings to 1024 KB and
choose to overwrite events as necessary.
•Change Windows Performance settings to prioritize for background
applications.
•If you are using Active Directory, configure a corresponding
Domain Name System (DNS) server as Active Directory (AD)
integrated and create a reverse lookup zone, to provide for name
resolution within the Management Server Console.
•Configure NIC to receive IP from DHCP service.
•Change the Windows Event Viewer settings to 1024 KB and
choose to overwrite events as necessary.
Client Supported Languages
The PGP Endpoint client supports multiple languages in text format.
The PGP Endpoint client is supported in the following languages:
•English
•French
•Italian
•German
•Spanish
•Japanese
•Simplified Chinese
•Traditional Chinese
•Russian
•Dutch
•Portuguese
•Swedish
- 18 -
Planning Your Installation
Licensing PGP Endpoint Products
The following types of licenses are available for PGP Endpoint product solutions:
•An Evaluation License provides you with a fully functioning PGP Endpoint product solution for a limited
time.
•A Perpetual License provides full capacity for an unlimited period.
•A Subscription License provides full capacity for the time period specified by the terms of your license.
- 19 -
PGP Endpoint
- 20 -
Chapter
2
Installing PGP Endpoint Components
In this chapter:
• Installation Overview
• Installation Checklist
• Installing the Database
• Generating a Key Pair
• Installing the Administration Server
• Installing the Management Server
Console
• Installing the Client
PGP Endpoint component installation requires that you follow a series
of interdependent tasks in a prescribed order. Before you begin, you
must have a valid license key for each software application(s) that your
are installing.
Successful installation of PGP Endpoint requires you to install
components in the following order:
Install the database.
1.
Generate and save a public and private key pair. This action is not
2.
required, however, PGP strongly recommends the use of a publicprivate key pair to provide the highest level of security.
Install the Administration Server(s).
3.
Install the Management Server Console.
4.
Install and deploy the client.
5.
- 21 -
PGP Endpoint
Installation Overview
PGP Endpoint component installation requires that you follow a series of interdependent tasks in a prescribed
order. Before you begin, you must have a valid license key for each software application(s) that your are
installing.
Use the following process to identify tasks for installing components installing PGP Endpoint, for your
convenience this process refers to the Installation Checklist on page 22.
Figure 1: PGP Endpoint Product Solution Installation Process Flow
Installation Checklist
The installation checklist outlines the detailed tasks that you must perform when installing the PGP Endpoint
solutions.
This checklist guides you through the installation process.
To begin your installation:
- 22 -
Installing PGP Endpoint Components
Copy the PGP Endpoint license file to the \\Windows\System32 or \\Windows\SysWOW64 folder, and
1.
rename the file to Endpoint.lic. The license file may be installed after installing the database, however,
the license file must installed before installing the Administration Server.
Download the PGP Endpoint application software from the https://lems.pgp.com/account/login
2.
Create a device, media, or software application inventory which lists the items that you want PGP Endpoint
3.
to control.
Document company policy that defines:
4.
•Device permissions.
•Shadowing requirements.
•Device encryption requirements.
•PGP Endpoint administrators and their roles.
•Global domain groups for PGP Endpoint administrators.
Plan your PGP Endpoint network architecture, based on capacity requirements, that list the Administration
5.
Server host names and IP addresses.
Create a dedicated Administration Server domain user rights service account and set the following:
6.
•User cannot change password.
•Password never expires.
The domain account must have local administration rights when you plan to use the TLS communication
protocol for client- Administration Server and inter- Administration Server data transfers.
Create Impersonate a client after authentication user rights for the Administration Server. See Impersonate
7.
a Client After Authentication ( http://support.microsoft.com/kb/821546 ) for additional information about
impersonating a client after authentication user rights.
Verify that the Administration Server domain account has Log on as a service user rights. See Add the Log
8.
on as a service right to an account ( http://technet.microsoft.com/en-us/library/cc739424(WS.10).aspx ) for
additional information about logging on as a service user rights.
Install Microsoft® Internet Information Services on the same computer as the certification authority,
9.
otherwise the enterprise root certificate cannot be generated. See Internet Information Services (IIS) ( http://
www.iis.net ) for additional information about installing Internet Information Services.
Install a Microsoft enterprise root certification authority to enable removable device encryption for
10.
PGP Endpoint Device Control. See Install a Microsoft enterprise root certification authority ( http://
technet.microsoft.com/en-us/library/cc776709.aspx ) for additional information about installing an enterprise
root certificate.
Install a Microsoft SQL Server® . See Getting Started with SQL Server ( http://msdn.microsoft.com/en-us/
11.
sqlserver/default.aspx ) for additional information about installing a SQL server.
Complete Installing the Database on page 24.
12.
To install multiple Administration Server s, create a shared file directory on a file server to share the Datafile
13.
directory component. This action is only required if you will be using more than one Administration Server.
Complete Generating a Key Pair on page 26. This action is recommended, but not required.
14.
Complete Installing the Administration Server on page 28.
15.
Important: The Administration Server service account must have database owner (DBO) rights to the PGP
Endpoint database.
- 23 -
PGP Endpoint
Complete Installing the Management Server Console on page 37.
16.
Complete Installing the Client on page 41.
17.
Test your PGP Endpoint product solution installation for functionality.
18.
Installing the Database
The PGP Endpoint database is the first component that you install. The database serves as the central repository
for device permissions rules and executable file authorizations.
Prerequisites:
Before you can successfully install the PGP Endpoint database, you must:
•Verify that you satisfy the minimum hardware and software system requirements.
•If you will be using a database cluster, you must specify an alternate TDS port during SQL server
setup. See Creating a Server Alias for Use by a Client (SQL Server Configuration Manager) (http://
msdn.microsoft.com/en-us/library/ms190445.aspx) for additional information about creating a server alias.
You can install the PGP Endpoint database on a server cluster, where there are at least two servers in the
cluster running SQL Server. For additional information regarding database clustering, see Microsoft Cluster
Service (MSCS) Installation Resources (http://support.microsoft.com/kb/259267).
Log in to a computer as an administrative user with access to a Microsoft® SQL Server®.
1.
Close all programs running on the computer.
2.
From the location where you saved the PGP Endpoint application software, run the \server\db
3.
\setup.exe file.
Step Result:
Click Next.
4.
Step Result:
Figure 2: License Agreement Page
Review the license agreement and, if you agree, select I accept the terms in the license agreement.
5.
The Installation WizardWelcome page opens.
The License Agreement page opens.
- 24 -
Installing PGP Endpoint Components
Click Next.
6.
Step Result:
Figure 3: Destination Folder Page
You may choose an installation destination folder other than the default folder C:\Program Files\PGP
7.
Corporation\PGP Endpoint.
The Destination Folder page opens.
a) Click Change
Step Result:
Figure 4: Change Current Destination Folder Page
The Change Current Destination Folder page opens.
b) Select a folder from the Look in: field.
c) Click OK.
Step Result:
The Change Current Destination Folder closes, and the Destination Folder page changes
to reflect the new location.
- 25 -
PGP Endpoint
Click Next.
8.
Step Result:
Figure 5: Ready to Install the Program Dialog
Click Install.
9.
A progress bar runs on the page, showing installation progress.
The Ready to Install the Program page opens.
Step Result:
Click Finish.
10.
Result:
PGP Endpoint setup runs the SQL installation scripts and creates the PGP Endpoint database for the
SQL Server database instance that you specified.
The Completed page opens.
Generating a Key Pair
The Administration Server uses a symmetric encryption system to communicate with a client, using a publicprivate key pair that you generate during installation.
The Administration Server and PGP Endpoint clients contain a embedded default public and private key pair that
should only be used with an evaluation license. PGP provides a Key Pair Generator utility, which generates a
key pair for fully licensed application installations. The key pair ensures the integrity for communication between
the Administration Server and clients.
- 26 -
Installing PGP Endpoint Components
When an Administration Server cannot find a valid key pair at startup, the event is logged and PGP Endpoint
uses the default key pair.
Caution: When you are using Device Control, do not change the key pair:
•For media encrypted before exchanging a key pair, which will result in disabling password recovery for the
previously encrypted media.
•During a PGP Endpoint upgrade installation which will result in the loss of access to media previously
encrypted centrally and subsequent loss of data.
•During a PGP Endpoint upgrade installation when client hardening is enabled, which will cause PGP
Endpoint Application Control and PGP Endpoint Device Control installations to fail.
From the location where you saved the PGP Endpoint application software, run the server\keygen
1.
\keygen.exe file.
Step Result:
Figure 6: Key Pair Generator Dialog
In the Directory field, enter the name of the temporary directory where you will save the key pair.
2.
In the Seed field, type a random alphanumeric text string.
3.
The Key Pair Generator dialog opens.
This text is used to initiate the random number generator; the longer the text string the more secure the key
pair.
Click Create keys.
4.
Step Result:
The Key Pair Generator confirmation dialog opens.
Figure 7: Key Pair Generator Dialog
- 27 -
PGP Endpoint
Click OK.
5.
Step Result:
Click Exit.
6.
Result:
After Completing This Task:
Distribute the key pair by copying sx-private.key and sx-public.key files to the \\%windir%
\system 32 directory on the computer(s) where you are installing the Administration Server. At startup, the
Administration Server searches all drive locations for a valid key pair, stopping at the first valid key pair.
The keys are saved as sx-private.key and sx-public.key files in the directory you specified.
You return to the Key Pair Generator dialog.
Installing the Administration Server
The Administration Server processes PGP Endpoint client activities and is the only application component that
connects to the database. One or more Administration Servers communicate device and application control
information between the PGP Endpoint database and PGP Endpoint client(s).
Prerequisites:
Before you can successfully install the Administration Server, you must:
•Verify that a valid PGP Endpoint license file is listed in the \Windows\System32 or \\Windows
\SysWOW64 folder, and is name file to Endpoint.lic.
•Verify that you satisfy the minimum hardware and software system requirements.
Restriction: If you are installing the PGP Endpoint Application Control Terminal Services Edition, you
must install the Administration Server on a computer separate from the Citrix® Metaframe® Presentation
Server.
•When using TLS protocol confirm TCP ports 33115 and 65229 are open. When not using TLS protocol open
TCP port 65129. Depending upon how firewalls are setup in your environment, these ports may be closed.
•Configure the TCP/IP protocol to use a fixed IP address for the computer that runs the Administration Server.
•Configure the Administration Server host computer to perform fully qualified domain name (FQDN)
resolution for the PGP Endpoint clients that the server manages.
•Ensure that the Administration Server host computer account is configured to read domain information
using the Microsoft® Windows® Security Account Manager. See Security Account Manager (SAM) ( http://
technet.microsoft.com/en-us/library/cc756748.aspx ) for additional information about the Microsoft Windows
Security Account Manager.
•Synchronize the Administration Server's system clock with the PGP Endpoint database server's system clock
using the Microsoft Windows time service. See Time Service ( http://support.microsoft.com/kb/816042 ) for
details about using the Microsoft Windows time service.
Log in with administrative user access to the computer where you are installing the Administration Server.
1.
Important: For Active Directory environments, log in using the dedicated Administration Server domain
user rights service account. The Administration Server installation process configures the Administration
Server service account for access to the database.
- 28 -
Installing PGP Endpoint Components
Close all programs running on the computer.
2.
From the location where you saved the PGP Endpoint application software, run \server\sxs\setup.exe.
3.
Click OK.
4.
Step Result:
Click Next.
5.
The Installation WizardWelcome page opens.
Step Result:
Figure 8: License Agreement Page
Review the license agreement and, if you agree, select I accept the terms in the license agreement.
6.
Click Next.
7.
Step Result:
The License Agreement page opens.
The Setup dialog opens when the setup process detects an operating system that is subject to
security changes concerning Remote Procedure Calls (RPC).
Figure 9: Setup Dialog
- 29 -
PGP Endpoint
Click Yes.
8.
Step Result:
Figure 10: The Setup Dialog
Click OK.
9.
Step Result:
A confirmation dialog opens after the registry value is reset.
The Destination Folder page opens.
Figure 11: Destination Folder Page
- 30 -
Loading...
+ 70 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.