TITLE: Altiris XPe Add-On (HP Sygate Policy Editor) VERSION: 1.0 Rev. B DESCRIPTION: This package contains the HP Sygate Policy Editor for the supported thin client models and operating systems. The HP Sygate Policy Editor enables the administrator to create advanced rules for the HP Sygate Standalone Agent. With this tool, administrators can create a new policy and configuration options for the HP Sysgate Security Agent in order to further restrict control or enable port access for clients with HP Sygate Security Agent software installed. PURPOSE: Routine SOFTPAQ NUMBER: SP33568 SUPERSEDES: SP29389 EFFECTIVE DATE: January 21, 2008 CATEGORY: Software - Security SSM SUPPORTED: No PRODUCT TYPE(S): Thin Clients HARDWARE PRODUCT MODEL(S): HP Compaq t5730 Thin Client: All Models HP t5700: All Models HP t5710: All Models HP t5720: All Models SOFTWARE PRODUCT(S): None OPERATING SYSTEM(S): Microsoft Windows 2000 Microsoft Windows 98 Microsoft Windows Server 2003 Microsoft Windows XP Embedded Microsoft Windows XP Home Edition Microsoft Windows XP Professional LANGUAGE(S): Global ENHANCEMENTS: - Adds new advanced rules for Session Allocation Manager (SAM) and Dynamic Host Configuration Protocol (DHCP) application support. PREREQUISITES: - The Sygate Security Agent Software outputs a .dat and .SAR file, which must be installed on an HP Sygate enabled thin client device (Microsoft Windows XP Embedded [XPe] with Service Pack 2 [SP2] Image version 5.01.212, [or later]). - Altiris Deployment Server 5.6 SP1 (or later) must be installed for remote deployment support. The following minimum system requirements must be met: - Intel Pentium 133 Processor (or equivalent) - 128 MB of RAM - 3 MB of free disk space - The following operating systems are HP approved compatible for using the Policy Editor tool: Microsoft Windows XP Embedded, Home, Professional, Server, 2000 - Microsoft Internet Explorer (supports Policy Editor help file web links) - Existing .DAT file is required (HP Default White list provided with this release) - Provided Policy Editor and scripts require HP Sygate Agent version 4.0.2965 (or later) INSTALLATION INSTRUCTIONS: 1. Download the SoftPaq .EXE file to a directory on your hard drive. 2. Execute the downloaded file and follow the on-screen instructions. NOTE: The SoftPaq installation provides a tool that creates and sets firewall policies and agent options. The created stddef.dat file can be successfully deployed to the client by completing the following steps after executing the installation package: 3. After using the Policy Editor to generate an stddef.dat, import the file to a thin client by clicking Start, and then clicking Run. On the command line, type: c:\progra~1\sygate\ssa\smc.exe -importconfig stddef.dat 4. The write filter must commit the changes to flash memory. To commit the changes to flash memory, execute the following command: C:\windows\system32\ewfmgr.exe c: -commit 5. Execute a reboot after the changes are committed to flash memory. The reboot can be completed from an Altiris deployment server job. To conserve space on a thin client running the Microsoft Windows XP Embedded (XPe) Operating System, HP recommends that the installation be executed from a network share, and that the Windows XPe %TEMP% and %TMP% system variables be temporarily re-defined. Otherwise, unless the thin client has free uncompressed space equal to three to four times the size of the installation package, the installation probably will not complete successfully. ALTIRIS INSTRUCTIONS: 1. Modify your Sygate configuration as needed by following the steps detailed above. 2. Create a new Altiris job that accomplishes the following tasks: a) Copies the stddef.dat file to a temporary directory on the thin client system. b) Executes the following command: c:\program files\sygate\ssa\smc.exe -importconfig c:\"temp dir"\stddef.dat. c) Commits the changes. 3. Verify successful importation of the new policy by checking the HP Sygate "system" log on a target system. A new entry labeled "New Profile Imported" should be present. The "system" log can be found by Copyright (c) 2004-2008 Hewlett-Packard Development Company, L.P.