Download Software from https://support.symantec.com/en_US/mysymantec.html it's a zip file & size is around 266 MB
Once the download finishes successfully, extract the contents of the compressed file to a location of your choice.
ICT System requirements are mentioned here:
https://www.symantec.com/docs/TECH250504
ICT installation is divided into 3 parts
- AD Configuration
- IIS configuration
- SQL configuration
AD Configuration
To start the installation
1. Login to AD, Create Service account (ictsrv OR create username as per business requirement), This account will run application pool.
- Start > Administrative Tools > Active Directory Users and Computers
- In the left pane, right-click on Users and select New > User.
- In the Full name field enter ICT Service Account
- Enter 'ICTSRV' username or any username as per business requirement
- In the User logon name enter: ictsrv or username created as per the business requirement.
- Provide the password
- Click Finish
2. Create new OU called as “ICT”.
- In the left pane, right-click the root domain and select New > Organizational Unit (OU).
- Right click OU & Delegate control to service account, especially read all user information, create & modify membership of group
3. Create new Sub groups inside NEW OU i.e. ICT. Group scope should be 'Universal' and Group type 'Security'.
4. Need to create 9 sub-groups as per the following '
Note: Inside OU you may see new groups, later on will see that. First create following groups inside ICT OU.
- ICT_BLACLIST
- ICT_ROLES
- ICT_RULES
- ICT_CONFIGURATION
- ICT_ClASSIFICATION
- ICT_USERS
- ICT_MONIT
- ICT_AUDITING
Refer the below screenshot: -
Install and Configure IIS.
- Login to the machine where IIS is installed.
- Right-click the PowerShell icon (third in the bar) and select Windows PowerShell > Run as Administrator
- Paste and run the following script.
Install-WindowsFeature Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Http-Redirect, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Stat-Compression, Web-Filtering, Web-Windows-Auth, Web-Net-Ext, Web-Net-Ext45, Web-ASP, Web-ASP-Net, Web-ASP-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Metabase, Web-WMI
- Ignore the Windows Update warning message if any.
- Use the following command-let to install ASP.NET 3.5 Support
- Close the PowerShell window.
- Download and install the Microsoft Visual C++ Redistributable Packages for Visual Studio 2013 (x64).
- Go to Start > Administrative Tools and click Internet Information Services (IIS) Manager.
- In the Connections pane, expand the root (ICT (ACME\Administrator)).
- Select Do not show this message and click No in the “Internet Information Services (IIS) Manager” message window.
- Select Application Pools.
- In the Actions pane, select Add Application Pool.
- In the Name field, type: ICTAppPool
- For the .NET framework, select .Net CLR Version v4.0.30319.
- Set the Managed pipeline mode to Classic
- Click OK.
- Select the recently created ICTAppPool application pool, and in the Actions pane, select Advanced Settings.
- Select Identity and click the ellipsis icon (...).
- Select Custom account and click Set.
- In the User name field, type: (Domain Name)\Service account name (ictsrv)
- Provide the password
- Click OK twice.
- Set the “Load User Profile” property to True and click OK.
- Refer the below screenshot.
Create MS SQL databases
Symantec provides you the script to create SQL databases.
Navigate to C:\SW and extract the installation files to a path of your choice.
Open the recently extracted ICT-db-scripts folder and unzip the contents of the ICT-db-scripts.zip file.
Use Notepad to edit the create-databases-sql-user-and-grant-permissions.sql file, changing TRAINING\adrmssrvc to ACME\ictsrv •
- Creates a SQL user for the service account (ACME\ictsrv)
- Creates RightsWATCH databases
- Grants the required access these databases
This script accomplishes the following:
The following lines at the end of the SQL script should be deleted or will otherwise produce a warning:
USE [DRMS_Config_rms_training_watchfulsoftware_local_443]
GO
EXEC sp_addrolemember N'db_datareader', N'ACME\ictsrv'
GO
4. In production, you would need to edit the ict_db_script.bat file, but in this lab, localhost is the right value for the SQL Server parameter. This batch file calls the SQL scripts that: • Create databases and users
• Apply the schemas and data
5. Open an elevated command prompt window and navigate to the ICT-db-scripts folder.
Type the following and press Enter:
ict_db_script.bat
Run this script only ONCE.
This script will create three databases as per below:-
Install ICT component
Go to the server where you would like to install ICT componenets, open a command prompt with elevated privileges and navigate to the ICT installation folder or you can install through by doing double click as well.
- Run the installer for the Administration module by typing: Symantec_ICT_SERVER_Administration_15.5.exe
- Click Next, select the ICTAppPool in the Application Pool drop-down menu, and click Next.
- Click Next, and when the installation finishes, click Close.
- Go to Start > Administrative Tools and click Internet Information Services (IIS) Manager.
- In the Connections pane, expand the root, expand Sites, expand Default Web Site, and select the ICT folder.
- In the Actions pane, select Edit Permissions, Click Add..., type ictsrv, click Check Names, and click OK.
- In the permissions section, place a mark in the Allow checkbox next to Modify, then click OK twice.
- Select the ICT folder, and in the middle pane, double-click Authentication in the IIS group:
- Disable Anonymous Authentication
- Enable Windows Authentication.
- On the left pane left-click on administration under ICT
- On the center pane, double-click on Connection Strings
- Double click on ConfigurationConnectionString
- Enter SQL db details.
- The resulting line should look like:
Data Source= DOMAIN FQDN;Initial Catalog=ICT_CONFIG;Integrated Security=SSPI
Set up the ICT Administration Console
- Open Internet Explorer, press the gear on the top right corner, select Internet options
- Security tab > Local intranet > Sites > Advanced
- In the Add this website to the zone enter domain FQDN, press Add, then Close, then OK twice
- Press the gear on the top right corner, select Compatibility View settings
- Uncheck Display intranet sites in Compatibility View
- Maximize Internet Explorer window
- In the browser’s address field, type: http://Domain FQDN/ICT/administration/
It may take a couple of seconds to load, please hold. - Complete the initial “System Setup Wizard” using the following information
Install ICT Web Service
- Run the installer for the Webservice module.
- Click Next, select the ICTAppPool in the Application Pool drop-down menu, and click Next.
- Click Next, then when the installation finishes, click Close.
- Go to Start > Administrative Tools and click Internet Information Services (IIS) Manager.
- In the Connections pane, expand the root (ICT (Domain name\Administrator)), expand Sites, expand Default Web Site, and select the ICT folder.
- On the left pane left-click on administration under ICT
- On the center pane, double-click on Connection Strings
- Double click on ConfigurationConnectionString
- Copy the entire string on the Custom box
- On the left pane left-click on webservice under ICT (press F5 to refresh if does not show up)
- On the center pane, double-click on Connection Strings
- Double click on ConfigurationConnectionString
- Delete all text in the Custom box and paste
Information Centric Tagging Monitoring console
- Run the installer for the Monitoring module.
- Click Next, select the ICTAppPool in the Application Pool drop-down menu, and click Next.
- Click Next, then when the installation finishes, click Close.
- Go to Start > Administrative Tools and click Internet Information Services (IIS) Manager.
- In the Connections pane, expand the root (ICT (Domain name\Administrator)), expand Sites, expand Default Web Site, and select the ICT folder.
- On the left pane left-click on administration under ICT
- On the center pane, double-click on Connection Strings
- Double click on ConfigurationConnectionString
- Copy the entire string on the Custom box
- On the right pane left-click on monitoring under ICT (press F5 to refresh if does not show up)
- On the center pane, double-click on Connection Strings
- Double click on ConfigurationConnectionString
- Delete all text in the Custom box and paste
Login to Monitoring Console:-
In the browser’s address field, type: http://Domain FQDN/ICT/monitoring
