作者:Allen Chung

【You do not have sufficient privileges to perform this operation when trying to launch the Symantec System Recovery (SSR) console】

【You do not have sufficient privileges to perform this operation when trying to launch the Symantec System Recovery (SSR) console】

clip_image001

Attempting to launch the Windows Event log service generates the following error:

clip_image002

Windows could not start the WIndows Event Log service on Local Computer.

Error 4201: The instance name passed was not recognized as valid by a WMI data provider

請參考以下網址:

http://www.symantec.com/business/support/index?page=content&id=TECH205162

Cause

Insufficient permissions to RTBACKUP folder that is use by Windows Management Instrumentation (WMI)

Solution

Set the permissions needed on the RTBACKUP sub-folder for WMI by following the steps listed below:

1. Re-start Windows in Safe Boot mode.

2. Use Windows Explorer to open the C:\Windows\System32\LogFiles\WMI sub-folder.

3. Right-click on the RtBackup sub-folder and choose Properties > Security > Edit

4. Click Add.

5. Type SYSTEM and press Enter.

6. Enable “Full control" Permission to “Allow" for the SYSTEM account.

7. Click OK, and then click Yes when asked for confirmation.

8. Restart Windows (in Normal mode), and verify that the Windows Event Service has started.

9. Attempt to launch the SSR console.

Enterprise Support – Symantec Corp. – Symantec System Recovery – Core Product Error Links

http://www.symantec.com/business/support/index?page=content&id=DOC7537

[SEP] GUP 設定流程

1. 選取「政策」→「LiveUpdate」→「新增 LiveUpdate 設定政策」。

image

 

2. 設定政策名稱。

clip_image002

 

3. 於伺服器設定頁籤,取消「使用 LiveUpdate 伺服器」,勾選「使用群組更新提供者」,接著點選「群組更新提供者」。

image

 

4. 可依照需求設定單個或多個 GUP 主機 IP,並依照需求設定如下圖建議。

image

 

5. 若設定多個群組更新提供者,可輸入多組 IP。

clip_image005

 

6. 可看到多組 IP。

image

 

7 . 設定多個群組更新提供者,並依照需求設定如下圖建議。

image

 

8. 設定完成,點選「確定」。

clip_image008

 

9. 指派政策。

clip_image009

 

10.  指派至相關群組。

clip_image010

 

11. 設定完成。

clip_image011

如何將SEP用戶端移轉至他台SEPM管理

可透過更改通訊設定的方式來讓分公司的用戶端向總公司報到,不需重新安裝

步驟如下:

【直接在總公司 Symantec Endpoint Protection Manager 主控台上建立一個讓分公司A未來要報到的群組,並匯出通訊設定 Sylink.xml 並匯入至用戶端】
1.【Symantec Endpoint Protection Manager 主控台】→【用戶端】→【選擇群組】→【在該群組上按右鍵】→【匯出通訊設定】→【選擇(電腦模式)或使用者模式】→【匯出】

clip_image001
2.將會取得【My Company_業務部_sylink.xml】(依所選的群組不同會有不同的檔案名稱)

3.在Symantec Endpoint Protection第二張安裝光碟的【Symantec_Endpoint_Protection_12.1.4_Part2_Tools_CH\SylinkDrop】目錄下,複製出【SylinkDrop.exe】

4.將【SylinkDrop.exe】與【My Company_業務部_sylink.xml】放置於同一個目錄下,將該目錄複製到欲受控管的用戶端

5.直接執行【SylinkDrop.exe】將【My Company_業務部_sylink.xml】匯入即可

clip_image002

※ 如果是大量用戶,可以使用 logon script

範例如下:

\\computer_name\share_name\sylinkdrop.exe xxxx.xml

clip_image003

Symantec™ Endpoint Encryption 授權移轉聲明 (SEE 是否為 PGP 的替代產品)

Symantec™ Endpoint Encryption 授權移轉聲明

2014年10月6日
 

通知 ID: SEE11-80188309-N-2xxxxxx

客戶編號: 60xxxxxx

銷售訂單號: 21xxxxxx
 

xxxxxxxxxxxxxxxxx. LTD
 

致以下產品客戶:
  • Symantec Drive Encryption
  • Symantec Drive Encryption with Encryption Management Server Limited
  • Symantec Drive Encryption with Encryption Management Server
  • Symantec Drive Encryption FlexChoice with Encryption Server Limited
  • Symantec Drive Encryption FlexChoice with Encryption Server
  • Symantec Drive and Removable Storage Encryption FlexChoice with Encryption Server Limited
  • Symantec Endpoint Encryption Removable Storage Edition
  • Symantec CAPS Activation Package for Whole Disk Encryption
  • Symantec PGP Universal Server and Whole Disk Encryption for Servers
 

本公司很榮幸在此宣布,我們將於 2014 年 10 月 6 日推出以 PGP 技術為後盾的 Symantec Endpoint Encryption 11.0。 此全新版本可整合並簡化我們的產品,而且 只需單一授權即可涵蓋磁碟與抽取式媒體加密及可擴充管理功能
 

享有上述產品現有維護服務的客戶將可等比例自動移轉至以 PGP 技術為後盾的 Symantec Endpoint Encryption。 此變更並不影響您目前的部署,而且您也無須採取任何行動。
 

如果不想升級現有的實作至新產品,您可以繼續使用現有的端點式加密用戶端與管理伺服器。 您現有的實作將於新的混合產品環境中搭配新產品使用。
 

Symantec Endpoint Encryption 與移轉的相關詳細資訊如下: http://www.symantec.com/docs/HOWTO101492
 

授權

不會停止供應任何產品。如果有需要,可參考以下授權碼解除產品鎖定,以及用於從 FileConnect 存取檔案的序號。
 

注意:如先前所述,您可繼續使用目前的加密用戶端和管理伺服器。藉由採用 PGP 技術的 Symantec Endpoint Encryption, 您有資格免費獲得 Symantec Drive Encryption 及 Symantec Encryption Management Server。
 

產品

數量

授權碼

序號

以 PGP 技術為後盾的 Symantec Endpoint Encryption 11.0

40

N/A – 不適用

M3755xxxxxx

含 Symantec Encryption Management Server 3.3

Dxxxx-xxxxx-LZPLV-9R5Y1-6ETKF-VUA

Symantec Drive Encryption 10.3 (獨立/未受管理)

Dxxxx-xxxxx-FTPFW-YL3VW-X7ZMX-AJC
 

下載賽門鐵克軟體

請使用上表的序號存取 FileConnect 中的產品。
 

支援

您的技術支援體驗不會變更,仍可繼續享有目前擁有的各項產品支援。
 

賽門鐵克致力於協助客戶使用賽門鐵克解決方案達到事業上的成功。若您對於本通知中的內容有任何問題, 請聯絡您的賽門鐵克合作夥伴或賽門鐵克企業業務經理。
 

感謝您使用賽門鐵克公司的產品與服務。
 

敬祝商祺
 

賽門鐵克公司
 
 

實用聯絡資訊︰
 

注意: 請勿回覆此電子郵件,因為它是系統自動產生的,而且此信箱無人監控。請改用以下客戶服務中心連結請求協助。

 

客戶服務中心:

http://www.symantec.com/zh/tw/business/support/assistance_care.jsp

若要深入瞭解賽門鐵克產品,請造訪:

http://www.symantec.com/zh/tw/

若要尋找當地的技術支援中心聯絡資訊,請造訪︰

http://www.symantec.com/zh/tw/business/support/techsupport_global.jsp
 

無法讀取此電子郵件?

閱讀線上版本
   

使用下列語言檢視這封電子郵件:

  

English | Deutsch | Español | Français | Italiano | Português | 繁體中文 | 简体中文 | 한국어

image

Surface Pro 3 安裝 PGP 全硬碟加密並完成加密,但回復原廠預設值後仍跳出註冊與 unlock disk 畫面

Surface Pro 3 安裝 PGP 全硬碟加密並完成加密,但回復原廠預設值後仍跳出註冊與 unlock disk 畫面

image

重開機後仍出現 BootGuard 驗證頁面

image

輸入第一次加密的 passphrase 仍無法通過驗證,之後出現以下頁面

image

試過格式化、重新以授權光碟重新安裝都有問題

【解決方案】

1.Surface Pro 3 安裝 PGP 全硬碟加密並完成加密,欲回復原廠預設值前請先進行解密

2.如果未解密便回復原廠預設值,請您參照以下方式將 Surface Pro 3 復原

【About Surface pro 3】下載 Microsoft Surface 適用的復原映像

必須要先以 Windows Live ID 註冊 Surface Pro 3,並以此 Windows Live ID 登入以下頁面,網頁會依據您註冊的 Surface Pro 版本提供您正確的 Surface Pro Image 來還原

http://www.microsoft.com/surface/zh-tw/support/warranty-service-and-recovery/downloadablerecoveryimage

clip_image001

註:Surface Pro 3 的硬碟配置

image

無法下載到 Symantec System Recovery 2013 R2

  • Symantec System Recovery 2013 R2需要 SSR 2013 R2 的授權才能在 Symantec Fileconnect 下載的到
  • SSR 2013 R2,安裝後輸入 SSR 2013 授權碼也無法通過授權
  • SSR 2013 R2 無法透過 LiveUpdate 取得

clip_image001

 

1. Symantec™ System Recovery 2013 R2 Server Edition FREE 60-day Evaluation! ( 60 天試用版可以於以下網址下載 )

https://www4.symantec.com/Vrt/offer?a_id=88724

clip_image003

2.

Enterprise Support – Symantec Corp. – Symantec System Recovery 2013 R2 General Information

http://www.symantec.com/business/support/index?page=content&id=TECH225253

※ Symantec System Recovery 2013 R2需要 SSR 2013 R2 的授權才能在 Symantec Fileconnect 下載的到

clip_image004

3. 雖然下載得到 SSR 2013 R2,但安裝後輸入 SSR 2013 授權碼也無法通過授權

clip_image005

clip_image006

台灣地區 SSR 2013 R2 Release Day 可能會落在 12 月中下旬

image

若您的 SSR 合約仍在有效期限內,請您登入 Symantec License Portal

http://www.symantec.com/zh/tw/global/licensing/

image

輸入帳號與密碼 ( 若您尚未註冊請按下下方【立即註冊】以進行註冊 )

image

按下【檢視所有授權】

image

找到您所購買的產品,並按下右方的【檢視詳細資料】

image

再出現的頁面中,按下【Upgrade this license】

image

即可取得下載序號與授權碼

image

漫遊使用者能否在 PGP 下正常運作?

漫遊使用者可以在 PGP 下正常運作

請參考以下測試

Roaming_user account is a roaming user

clip_image002

Windows7-temp.elite2003.intra is a domain computer and has installed the PGP client program,then the boot partition was encrypted.

clip_image003

We log out the current user and login with Roaming_user account.

clip_image004

As the same step,you must press the [ Always Allow for This Site ] to accept the Certificate.(We will use the publish CA and you will not see the PGP Alert. )

clip_image005

Please type the password for this domain roaming user.

clip_image006

After the silent enrollment finished,you can see the domain roaming user become a bootguard user.

This means that the domain roaming user account can pass the bootguard anthentication then single-sign-on to the Windows on this computer.

So if the domain roaming user account can login to any computer and enroll to the PGP Encryption Managemnet Server,it will work fine on these computers.

clip_image007

Document\PGP\ can be created and you can find the PGP key pair.

\\192.168.181.121\profiles\roaming_user.V2\Documents\PGP

clip_image008

User the domain roaming user to another computer

clip_image001

Type the password for this domain roaming user.

clip_image002

Enrolling to the PGP Encryption Managemnet Server

clip_image003[4]

After the silent enrollment finished,you can see the domain roaming user become a bootguard user.

clip_image004[4]

Review the roaming user profile document folder

clip_image005[4]

View the record on the console

image

The roaming user also create a local user profile on local,you can find the PGP key pair in the c:\users\%username%\Documents\PGP,so it is working fine if the roaming user is offline.

 

image

DLP Data Insight 3.0 安裝

DLP Data Insight 安裝

l 系統需求 →

Windows Server 2003 (含R2) (32 or 64)

Windows Server 2008 (含R2) (32 or 64)

Red Hat Enterprise Linux 5.0 update 5 以上 (64)

l 10GB 可用空間

l 可連線 DC → 389 636(TLS)

l Port 8383

l Console → Https

l Keystore → commd. Keystore

l Credential

l SMTP Alert

l Data Insight Ignore list

l Compoment

Management Server (4G 2CPU) (建議 64 bit) → 443 8383 139 445

Indexer worker node (8G 2CPU) →

Collector worker node (4G 2CPU) →8383 139 445

Agent:Windows File Server agent node (4G 2CPU) → 8383 139 445

Sharepoint Web Service (2007 2010) →

Web server → Tomcat 6.0.32

安裝 DLP Data Insight

可先 Single-tier ,再two-tier three-tier

l Single-tier →

(Pre-installation、Management Server、configuration)

l two-tier →

(Pre-installation、Management Server 、Collector worker nodes (remote location)、register Collector worker nodes、configuration)

l three-tier →

(Pre-installation、Management Server 、Collector worker nodes (remote location)、Linux Indexer worker node、register Collector worker nodes、configuration)

Single-tier

l 機器上不安裝其他程式

l 停防毒

l

l Symantec_DataInsight_windows_3_0_0_2114_x64.exe

clip_image002

clip_image003

clip_image005

clip_image007

clip_image009

clip_image011

Data Insight data folder

C:\datainsight\data

clip_image013

clip_image015

clip_image017

clip_image019

clip_image021

clip_image023

clip_image025

clip_image027

clip_image029

clip_image031

clip_image032

clip_image034

clip_image036

clip_image037

clip_image039

Restoring Encryption Management Server Backups larger than 2GB

http://www.symantec.com/business/support/index?page=content&id=TECH149146

Issue

Due to a limitation of Apache, it is not possible to restore backups of 2GB or greater using the Encryption Management Server (previously PGP Universal Server) administrative interface.  To restore backups larger than 2GB requires accessing the server from the command-line interface.

Accessing the Symantec Encryption Management Server (SEMS) command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.

Any changes made to SEMS via the command line must be:

  • Authorized in writing by Symantec Support.
  • Implemented by a Symantec Partner, reseller or Symantec Technical Support.
  • Summarized and documented in a text file in /var/lib/ovid/customization on the PGP Universal Server itself.

Changes made through the command line may not persist through reboots and may be incompatible with future releases. Symantec Technical Support may also require reverting any custom configurations on SEMS back to a default state when troubleshooting new issues.

Solution

To restore a backup larger than 2GB in size:

  1. Copy the most current backup file of SEMS to a network drive or other location.
  2. Export the Organization Key of the server from the SEMS administrative interface.
    Note: It is important to export the full keypair with no passphrase. Entering the passphrase will cause the restore process to fail.
  3. Install SEMS from the .iso image.
  4. Import your SSH key to the server.
  5. Import the Organization key to the server.
  6. Connect to the server with WinSCP and copy the backup to the /var/lib/ovid/backups/ directory on the server.
  7. Access the server via SSH. For more information on accessing the server via SSH, see article TECH149673.
  8. Run pgpbackup --restore <backupfile.pgp> --key <orgkeyfile.asc> --done
  9. Restart tomcat using the command: #pgpsysconf --restart tomcat