How to install McAfee ePolicy Orchestrator 4.6.4

It has been a while since I posted a how-to guide. In this post I will show you how-to install McAfee ePolicy Orchestrator 4.6.4.

To download ePolicy Orchestrator 4.6.4, go to the McAfee downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.  Be aware that a valid NAI grant number is necessary for download.

After you downloaded the installation files you can unzip it to any location of your choosing.

Note 1. In this post I installed ePolicy Orchestrator on a test machine with a local SQL express version installed. In a production environment it is highly recommended to install a full SQL (2005 or higher) version on a seperate server.

Note 2. Requirements

Hardware requirements and recommendations

Make sure that your environment conforms to these requirements and recommendations before

installing ePolicy Orchestrator software.

Component	Requirements and   recommendations
Dedicated server	If managing more   than 250 systems, McAfee recommends using a dedicated server.
Domain controllers	The server must have   a trust relationship with the Domain Controller on the network. For   instructions, see the Microsoft product documentation.
File system	NT file system   (NTFS) partition recommended.
Free disk space	• 1.5 GB —   First-time installation minimum • 2 GB — Upgrade   minimum • 2.5 GB —   Recommended minimum
IP address	McAfee recommends   using static IP addresses for ePolicy Orchestrator servers. ePolicy Orchestrator   supports both IPv4 and IPv6 networks.
Memory	• 2 GB available RAM   minimum • 4 GB available RAM   recommended minimum
Network Interface Card (NIC)	100 Mb or higher   If using a server with more than one IP address,   ePolicy Orchestrator software uses the first identified IP address. If you want to   use additional IP addresses for agent-server communication, McAfee recommends   creating additional Agent Handler groups for each IP address.
Ports	McAfee recommends   avoiding the use of Port 8443 for HTTPS communication. Although this is the   default port, it is also the primary port used by many web-based activities,   is a popular target for malicious exploitation, and it is likely to be   disabled by the system administrator in response to a security violation or   outbreak.   Ensure that the   ports you choose are not already in use on the server system.   Notify network staff   of the ports you intend to use for HTTP and HTTPS communication.   Installing the   software on a Domain Controller is supported, but not recommended.
Processor	• Intel Pentium   4-class or higher • 1.3 GHz or higher

 

Software requirements and recommendations

Make sure you have the required and recommended software installed on your server system before installing ePolicy Orchestrator software.

Software	Requirements and   recommendations
Microsoft .NET Framework   2.0 or later	Required — You must   acquire and install this software manually. This software is required if you   select an installation option that automatically installs the SQL Server   Express 2005 software bundled with this ePolicy Orchestrator software. If   this software is missing, you must exit the Setup and acquire and install it   manually before proceeding.
Microsoft updates	Recommended — Make   sure your Microsoft software is running the latest updates. Turn off Windows   updates before you begin installing or upgrading your software.
Microsoft Visual C++   2005 SP1 Redistributable	Required — Installed   automatically
Microsoft Visual C++   2008 Redistributable Package (x86)	Required — Installed   automatically
MSXML 6.0	Required — Installed automatically
Security software	Recommended. • Install and/or   update the anti-virus software on the server and scan for viruses. • Install and/or   update firewall software on the server.   If McAfee   VirusScan® Enterprise 8.5i or 8.7i is running on the system where you are   installing the ePolicy Orchestrator software, you must ensure that the   VirusScan Enterprise Access Protection rules are disabled during the   installation process, or the installation fails.
Supported browser	Recommended —   Although it is not a prerequisite for installation, ePolicy Orchestrator   software requires the use of a supported browser. You should acquire and   install a supported browser manually.
Supported SQL Server	Required — If a   supported version of SQL Server has not been previously installed, you can   choose to install SQL Server 2005 Express automatically.

 

Supported server-class operating systems

You can install ePolicy Orchestrator on any supported Microsoft Windows server-class operating systems.

The software is fully supported on the 32-bit and 64-bit (as a 32-bit application) server-class

operating systems listed below.

 

Operating System	32-bit	64-bit	Edition
Windows Server 2003   (with Service Pack 2 or higher)	X	X	• Datacenter • Enterprise • Standard
Windows Server 2008   (with Service Pack 2 or higher)	X	X	• Datacenter • Enterprise • Standard
Windows Server 2008 R2		X	• Datacenter • Enterprise • Standard
Windows 2008 Small   Business Server		X	Premium

 

Operating system language

ePolicy Orchestrator software runs on any supported operating system regardless of the language of the operating system.

The ePolicy Orchestrator user interface has been translated into the languages in the following list.

When the software is installed on an operating system using a language that is not on this list, the

interface attempts to display text in English.

• Chinese (Simplified)
• Japanese
• Chinese (Traditional)
• Korean
• English
• Russian
• French (Standard)
• Spanish
• German (Standard)

Supported virtual infrastructure software

ePolicy Orchestrator software supports use of several types of virtual infrastructure software.

Supported virtual infrastructure software includes:

• Citrix XenServer 5.5 Update 2
• Microsoft Hyper-V Server 2008 R2
• VMware ESX 3.5 Update 4
• VMware ESX 4.0 Update 1

Installation

1. Start the installation of McAfee ePolicy Orchestrator 4.6.4 by double clicking the setup.exe. Oops, seems I forgot to set the 8.3 naming convention on my test server. Why McAfee still hasn’t changed this is beyond me.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlFileSystem]

In the right pane, right-click NtfsDisable8dot3NameCreation, and select Properties and modify the Value data from 1 to 0.

NOTE: On a Windows 2008 server (and higher) the default value is 2, and you have to change it to 0.

Unfortunately you have to restart your server to get this key working.

2. Now after we started the installation again we can continue with the installation. Select ‘Next’ to get the installation on it’s way.

3. In my case I got this question as I didn’t have a SQL database installed on my test server. In a production envrionment it is recommended to have a seperate SQL database hosted on another server (in that case select the lower option). In this case I don’t have any database server running so I choose the first option. Select ‘Next’ to continue the configuration of ePolicy Orchestrator.

4. This extra step in the installation procedure is for the installation of the SQL Express database. Normally you wouldn’t have this step.

5. Enter the database information (username, password and domain) for use of the SQL database. In a production environment I would suggest a seperate services account with no logon locally rights configured. For this demo I just used the admin account of the domain (so sew me cause I’m lazy). Select ‘Next’ to continue

6. Specify the admin account used to logon to McAfee ePolicy Orchestrator. This is a application admin user you specify to logon the first time so you can configure the application further. This is NOT a domain user !!!! Select ‘Next’ to continue.

7. Enter the license key which relates to you McAfee grant number. If you want to run it in trail mode select ‘Evaluation’. You can always enter the license key afterwards in the console. Select ‘Next’ to continue with the installation.

8. Select the correct expiry and language type and accept the license agreement. Select ‘OK’ to continue the installation.

9.  Now we can finally start with the installation of ePolicy Orchestrator 4.6.4. Select ‘Install’ to start.

10. Select the option ‘Yes, I want to launch McAfee ePolicy Orchestrator now’ if you want to be redirected to the console immediately after you select ‘Finish’.

If you want to see another post on a basic walk through the ePolicy Orchestrator 4.6.4 console please vote here with this poll.

[poll id=”6″]