It has been a while since I posted a how-to guide. In this post I will show you how-to install McAfee ePolicy Orchestrator 4.6.4.
To download ePolicy Orchestrator 4.6.4, go to the McAfee downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx. Be aware that a valid NAI grant number is necessary for download.
After you downloaded the installation files you can unzip it to any location of your choosing.
Note 1. In this post I installed ePolicy Orchestrator on a test machine with a local SQL express version installed. In a production environment it is highly recommended to install a full SQL (2005 or higher) version on a seperate server.
Note 2. Requirements
Hardware requirements and recommendations
Make sure that your environment conforms to these requirements and recommendations before
installing ePolicy Orchestrator software.
|Component||Requirements and recommendations|
|Dedicated server||If managing more than 250 systems, McAfee recommends using a dedicated
|Domain controllers||The server must have a trust relationship with the Domain Controller on the
network. For instructions, see the Microsoft product documentation.
|File system||NT file system (NTFS) partition recommended.|
|Free disk space||• 1.5 GB — First-time installation minimum
• 2 GB — Upgrade minimum
• 2.5 GB — Recommended minimum
|IP address||McAfee recommends using static IP addresses for ePolicy Orchestrator servers.
ePolicy Orchestrator supports both IPv4 and IPv6 networks.
|Memory||• 2 GB available RAM minimum
• 4 GB available RAM recommended minimum
|Network Interface Card (NIC)||100 Mb or higher
If using a server with more than one IP address, ePolicy Orchestrator software
uses the first identified IP address. If you want to use additional IP addresses for
agent-server communication, McAfee recommends creating additional Agent
Handler groups for each IP address.
|Ports||McAfee recommends avoiding the use of Port 8443 for HTTPS communication.
Although this is the default port, it is also the primary port used by many web-based activities, is a popular target for malicious exploitation, and it is likely to be disabled by the system administrator in response to a security violation or outbreak.
Ensure that the ports you choose are not already in use on the server system.
Notify network staff of the ports you intend to use for HTTP and HTTPS communication.
Installing the software on a Domain Controller is supported, but not recommended.
|Processor||• Intel Pentium 4-class or higher
• 1.3 GHz or higher
Software requirements and recommendations
Make sure you have the required and recommended software installed on your server system before installing ePolicy Orchestrator software.
|Software||Requirements and recommendations|
|Microsoft .NET Framework 2.0 or later||Required — You must acquire and install this software manually. This software is required if you select an installation option that automatically installs the SQL Server Express 2005 software bundled with this ePolicy Orchestrator software. If this software is missing, you must exit the Setup and acquire and install it manually before proceeding.|
|Microsoft updates||Recommended — Make sure your Microsoft software is running the latest updates. Turn off Windows updates before you begin installing or upgrading your software.|
|Microsoft Visual C++ 2005 SP1 Redistributable||Required — Installed automatically|
|Microsoft Visual C++ 2008 Redistributable Package (x86)||Required — Installed automatically|
|MSXML 6.0||Required — Installed automatically|
• Install and/or update the anti-virus software on the server and scan for viruses.
• Install and/or update firewall software on the server.
If McAfee VirusScan® Enterprise 8.5i or 8.7i is running on the system where you are installing the ePolicy Orchestrator software, you must ensure that the VirusScan Enterprise Access Protection rules are disabled during the installation process, or the installation fails.
|Supported browser||Recommended — Although it is not a prerequisite for installation, ePolicy Orchestrator software requires the use of a supported browser. You should acquire and install a supported browser manually.|
|Supported SQL Server||Required — If a supported version of SQL Server has not been previously installed, you can choose to install SQL Server 2005 Express automatically.|
Supported server-class operating systems
You can install ePolicy Orchestrator on any supported Microsoft Windows server-class operating systems.
The software is fully supported on the 32-bit and 64-bit (as a 32-bit application) server-class
operating systems listed below.
|Windows Server 2003 (with Service Pack 2 or higher)||X||X||• Datacenter
|Windows Server 2008 (with Service Pack 2 or higher)||X||X||• Datacenter
|Windows Server 2008 R2||X||• Datacenter
|Windows 2008 Small Business Server||X||Premium|
Operating system language
ePolicy Orchestrator software runs on any supported operating system regardless of the language of the operating system.
The ePolicy Orchestrator user interface has been translated into the languages in the following list.
When the software is installed on an operating system using a language that is not on this list, the
interface attempts to display text in English.
- Chinese (Simplified)
- Chinese (Traditional)
- French (Standard)
- German (Standard)
Supported virtual infrastructure software
ePolicy Orchestrator software supports use of several types of virtual infrastructure software.
Supported virtual infrastructure software includes:
- Citrix XenServer 5.5 Update 2
- Microsoft Hyper-V Server 2008 R2
- VMware ESX 3.5 Update 4
- VMware ESX 4.0 Update 1
1. Start the installation of McAfee ePolicy Orchestrator 4.6.4 by double clicking the setup.exe. Oops, seems I forgot to set the 8.3 naming convention on my test server. Why McAfee still hasn’t changed this is beyond me.
In the right pane, right-click NtfsDisable8dot3NameCreation, and select Properties and modify the Value data from 1 to 0.
NOTE: On a Windows 2008 server (and higher) the default value is 2, and you have to change it to 0.
Unfortunately you have to restart your server to get this key working.
2. Now after we started the installation again we can continue with the installation. Select ‘Next’ to get the installation on it’s way.
3. In my case I got this question as I didn’t have a SQL database installed on my test server. In a production envrionment it is recommended to have a seperate SQL database hosted on another server (in that case select the lower option). In this case I don’t have any database server running so I choose the first option. Select ‘Next’ to continue the configuration of ePolicy Orchestrator.
4. This extra step in the installation procedure is for the installation of the SQL Express database. Normally you wouldn’t have this step.
5. Enter the database information (username, password and domain) for use of the SQL database. In a production environment I would suggest a seperate services account with no logon locally rights configured. For this demo I just used the admin account of the domain (so sew me cause I’m lazy). Select ‘Next’ to continue
6. Specify the admin account used to logon to McAfee ePolicy Orchestrator. This is a application admin user you specify to logon the first time so you can configure the application further. This is NOT a domain user !!!! Select ‘Next’ to continue.
7. Enter the license key which relates to you McAfee grant number. If you want to run it in trail mode select ‘Evaluation’. You can always enter the license key afterwards in the console. Select ‘Next’ to continue with the installation.
8. Select the correct expiry and language type and accept the license agreement. Select ‘OK’ to continue the installation.
9. Now we can finally start with the installation of ePolicy Orchestrator 4.6.4. Select ‘Install’ to start.
10. Select the option ‘Yes, I want to launch McAfee ePolicy Orchestrator now’ if you want to be redirected to the console immediately after you select ‘Finish’.
If you want to see another post on a basic walk through the ePolicy Orchestrator 4.6.4 console please vote here with this poll.