Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Installing Full Disk Encryption and File Encryption using System Center Configuration Manager (SCCM) 2007

    • Updated:
    • 3 Apr 2017
    • Product/Version:
    • Endpoint Encryption 5.0
    • Platform:
    • Windows 2003 Standard 64-bit
    • Windows 2008 Server R2
    • Windows 2012 Datacenter
    • Windows 2012 Datacenter R2
    • Windows 2012 Standard
    • Windows 2012 Standard R2
Summary

This is article will guide you on how to install Full Disk Encryption (FDE) or File Encryption (FE) using SCCM 2007. The setup is divided into four parts.

  • Creating a Package
  • Creating a Distribution point
  • Creating a Program
  • Advertising a Package
Details
Public
  1. From the Computer Management, go to Software Distribution and click the plus icon (+) to expand the selection.
  2. Right-click Packages then select New > Package. The New Package Wizard window appears.

    create_new_package

  3. On the left panel, click the General tab. Enter the Package name then click Next.

    General tab

  4. On the left panel, click the Data Source tab then set the following:

    • Tick the checkbox for This package contains source files.
    • On the Source directory field, click Set and find the location of the source folder.

       
      The Source Folder is the directory where you saved your FDE/FE installer.
    • Tick the Always obtain files from the source directory radio button then click Next.

      Data source tab

  5. On the left panel, click the Data Access tab. Tick the Access the distribution folder through common ConfigMgr package share radio button then click Next.

    Data access tab

  6. On the left panel, click the Distribution Settings tab. Leave the default setting then click Next.

    Distribution settings tab

  7. On the left panel, click the Reporting tab. Leave the default setting then click Next.

    Reporting tab

  8. On the left panel, click the Security tab. Leave the default setting, click Next then click Finish.

    Security tab

  1. From the Computer Management, go to Software Distribution and click the plus icon (+) to expand the selection.
  2. Go to Packages > Trend Micro Full Disk Encryption. Click the plus icon (+) next to Trend Micro Full Disk Encryption to expand the selection.
  3. Right-click on Distribution Points then choose New Distribution Points. The New Distribution Points Wizard window will appear.

    Create distribution points

  4. On the left panel, select the Copy Package tab. Choose the distribution point that you want to copy the package to then click Next until the Finish button appears.

    Copy Package

  5. Click Finish.
  1. From the Computer Management, go to Software Distribution and click the plus icon (+) to expand the selection.
  2. Go to Packages > Trend Micro Full Disk Encryption. Click the plus icon (+) next to Trend Micro Full Disk Encryption to expand the selection.
  3. Right-click on Programs then select New > Program. The New Program Wizard window will appear.

    Create program

  4. On the left panel, click the General tab then set the following:

    • In the Name field, enter the program name.
    • On the Command line, use the following command syntax:

      • For Full Disk Encryption:

        TMFDEInstall.exe username=[your user]password=[your password] host= [FQDN of TMEE server] enterprise=[domain name]

        For example: TMFDEInstall.exe username=deployphit password=deploy host= phmde01.trendmicro.com enterprise=trendph

      • For File Encryption:

        TMFDEInstall.exe FAUSERNAME=[your user] FAPASSWORD=[your password] PSHOST= [FQDN of TMEE server] PSENTERPRISE=[domain name]

        FileEncryptionInst.exe FAUSERNAME=deployphit FAPASSWORD=deploy PSHOST=phmde01.trendmicro.com PSENTERPRISE=trendph

    • In the Run field, select Hidden from the dropdown menu.
    • In the After running field, select No action required from the dropdown menu.
    • Click Next.

      New program_General tab

  5. On the left panel, click the Requirements tab then set the following:

    • On the right side of the window, tick the radio button next to This program can run only on specified client platforms then select the following OS:

      ∙ All x86 Windows7
      ∙ All x64 Windows 7
      ∙ All x64 Windows Vista
      ∙ All x86 Windows Vista
      ∙ All x86 Windows XP
      ∙ All x64 Windows XP

    • Click Next.

      Requirements tab

  6. On the left panel, click the Environment tab then set the following:

    • In the Program can run field, select whether or not a user is logged on from the dropdown list.
    • Under Run Mode, select Run with administrative rights.
    • Under Drive mode, select Runs with UNC name.
    • Click Next until the Finish button appears.

      Environment tab

    • Click Finish.
  1. From the Computer Management, go to Software Distribution and click the plus icon (+) to expand the selection.
  2. Right-click Advertisements then select New > Advertisements. The New Advertisements Wizard window appears.

    Advertise a package

  3. On the left panel, click the General tab and set the following:

    • Enter a name in the Name field.
    • Select the corresponding package for the Package field.
    • Select the corresponding collection for the Collection field.
    • Leave the Include members of subcollection checkbox selected.
    • Click Next.

      New advertisement_General tab

  4. On the left panel, click the Schedule tab and set the following:

    • Set the Advertisement start time. Tick the checkbox next to UTC.

       
      Trend Micro recommends not enabling advertisement expiration so other machines that are not available during the scheduled date can run the deployment any time when they get back to the office network.
    • In the Mandatory assignment field, select As soon as possible.
    • In the Program Rerun Behavior, select Rerun if failed previous attempt from the dropdown list.
    • Click Next.

      Schedule tab

  5. On the left panel, click the Distribution points tab and set the following:

    • Under When a client is connected within a fast (LAN) network boundary:, select Run program from distribution point.
    • Under When a client is connected within a slow or unreliable network boundary:, select Download content from distribution point and run locally
    • Tick the checkbox next to Allow clients to fall back to unprotected distribution points when the content is not available on the protected distribution point.
    • Click Next.

      Distribution points tab

  6. On the left panel, click the Interaction tab and set the following:

    • Tick the checkbox next to Allow users to run the program independently of assignments.
    • Tick the checkbox next to Display reminders according to the client agent reminder intervals.
    • Click Next then click Finish.

      Interaction tab

 

After doing the steps above, you should be able to setup the deployment for Full Disk Encryption or File Encryption using SCCM 2007.

Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy; Install
Solution Id:
1116800
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.