Symantec Endpoint Encryption (SEE) 8.0.1 is my first upgrade since Symantec purchased GuardianEdge. It is a newer version inspite of being a lower number than GuardianEdge 9.5.x. I guess it is really too soon to expect big changes. I was hoping they would address some of the installer annoyances.
With SEE, you install a management server, then create the client install packages. These are MSI packages.
Separate 32 bit and 64 bit Installer Files
I don’t do MSI package generation myself, but the software I’ve seen allows you to put both 32 bit and 64 into one installation file. I would think this would make things a lot easier. The main drawback would be the size of the install file. I end up putting both 32 and 64 bit files into one installation package and call the appropriate one based on the CPU architecture. So it doesn’t save me space and instead requires extra scripting work. Is there some technical limitation I’m not aware of?
Upgrading versions of Symantec Endpoint Encryption (or GuardianEdge Hard Disk Encryption) requires using special switches. When performing an upgrade, I need to use the command line MSIEXEC /i “\.msi REINSTALL=”ALL” REINSTALLMODE=”vomus”. This upgrades the client by reinstalling all features of the product.
On the other hand, a regular install of Symantec Endpoint Encrytption, where it was not installed previously, uses more familiar switches (/qb). In previous upgrades I’ve found that if I try to use the reinstall/reinstallmode switches on a fresh install it will not work. I then have to script the install to use different command line options based on installation status in addition to 32 bit versions 64 bit.
To make matters worse, some computers in my environment have Removable Storage Encryption and others don’t. My install script is getting too complicated.
When creating the installation package, you must save the client installation package to a local or network volume with Full control permissions set. The SEE instructions say “This ensures the success of the upgrade package, as it will retain the Windows permissions of the location to which it is saved.” Again, I don’t create MSI packages often. Adobe Reader and Symantec Endpoint Encryption both create packages where a setup.exe calls the MSI. However in neither case am I advised to change permissions on a folder.
I think I actually have seen issues that support has blamed on not creating the package in a directory with Full Control. But I’m not sure what the actual problem is.
The old Files
In the past, when I’ve upgraded using the switches provided, I found I needed to have all the old install file available. While people are generally on one version, I found it better to leave every version I’ve ever used in the install directory. That can take up a lot of room.
I’m really lost as to the cause of this issue. Shouldn’t MSI files be cached locally so even if it did need the original installation files it should have them, not require me to have them. I am going to try one more time and removing the old install files from my SEE8.0.1 package and see if I still have issues. Perhaps that was a problem only with older versions of the product.
Doesn’t Symantec own a MSI packaging company? Hopefully some in-house expertise can cross divisions of the company to create a better product.