TITLE: Altiris XPe Add-On (HP Sygate Policy Editor) VERSION: 1.0 Rev. A DESCRIPTION: This package contains the HP Sygate Policy Editor for the listed thin client models and operating systems. The HP Sygate Policy Editor enables the administrator to create advanced rules for the HP Sygate Standalone Agent. With this tool, administrators can create a new policy and configuration options for the HP Sysgate Security Agent in order to further restrict control or enable port access for clients with HP Sygate Security Agent software installed. PURPOSE: Routine SOFTPAQ NUMBER: SP29389 SUPERSEDES: None EFFECTIVE DATE: February 1, 2006 CATEGORY: Software - Security SSM SUPPORTED: No PRODUCT TYPE(S): Thin Clients HARDWARE PRODUCT MODEL(S): HP t5700: All Models HP t5710: All Models HP t5720: All Models SOFTWARE PRODUCT(S): None OPERATING SYSTEM(S): Microsoft Windows 2000 Microsoft Windows 98 Microsoft Windows Server 2003 Microsoft Windows XP Embedded Microsoft Windows XP Home Edition Microsoft Windows XP Professional LANGUAGE(S): Global ENHANCEMENTS: N/A PREREQUISITES: - The Sygate Security Agent Software outputs a .dat and .SAR file, which must be installed on an HP Sygate enabled thin client device (Microsoft Windows XP Embedded [XPe] with Service Pack 2 [SP2] Image version 5.01.209, [or later]). - Altiris Deployment Server 5.6 SP1 (or later) must be installed for remote deployment support. The following minimum system requirements must be met: - Intel Pentium 133 Processor (or equivalent) - 128 MB of RAM - 3 MB of free disk space - The following operating systems are HP approved compatable for using the Policy Editor tool: Microsoft Windows XP Embedded, Home, Professional, Server, 2000 - Internet Explorer (supports Policy Editor help file web links) - Existing .DAT file is required (HP Default White list provided with this release) - Provided Policy Editor and scripts require HP Sygate Agent version 4.0.2965 (or later) (provided with this release) HOW TO USE: 1. Download the SoftPaq .EXE file to a directory on your hard drive. 2. Execute the downloaded file and follow the on-screen instructions. NOTE: The SoftPaq installation provides a tool that creates and sets firewall policies and agent options. The created stddef.dat file can be successfully deployed to the client by completing the following steps after executing the installation package: 3. After using the Policy Editor to generate an stddef.dat on a thin client device, import the file to a thin client by clicking Start, and then clicking Run. On the command line, type: smc.exe -importconfig 4. The write filter must commit the changes to flash memory. To commit the changes to flash memory, execute the following command: C:\windows\system32\ewfmgr.exe c: -commit 5. Execute a reboot after the changes are committed to flash memory. The reboot can be completed from an Altiris deployment server job. To conserve space on a thin client running the Microsoft Windows XP Embedded (XPe) Operating System, HP recommends that the installation be executed from a network share, and that the Windows XPe %TEMP% and %TMP% system variables be temporarily re-defined. Otherwise, unless the thin client has free uncompressed space equal to three to four times the size of the installation package, the installation probably will not complete successfully. ALTIRIS INSTRUCTIONS: 1. Modify your Sygate configuration as needed by following the steps detailed above. 2. Create a new Altiris job that accomplishes the following: a) Copies the stddef.dat file to a temporary directory on the thin client system b) Executes the following command: c:\program files\sygate\ssa\smc.exe -importconfig c:\"temp dir"\stddef.dat c) Commits the changes 3. Verify successful importation of the new policy by checking the HP Sygate "system" log on a target system. A new entry labled "New Profile Imported" should be present. The "system" log can be found by right-clicking on the HP Sygate systray icon and selecting "Logs". Copyright (c) 2004-2006 Hewlett-Packard Development Company, L.P.