On occasion, it may be necessary to install a stand-alone LES client without it connecting to an LES server, especially if:
- The client machine will never communicate to the server (no network connection) but policy enforcement is desired, or
- To test newer client functionality (NOTE: a newer versioned client must not be allowed to communicate to an older versioned backend infrastructure, hence the stand-alone procedure)
- The client machine must be protected by the LES client but the machine cannot have an immediate communication with the SXS server, e.g.: protecting the laptop of the users where no communication with the corporate network is possible at that time.
The procedure below describes how to configure and install a stand-alone LES client onto an endpoint machine:
- Download the latest service release from the Lumension Portal, extract the compressed file, and locate the client folder. Copy this client folder to another location (e.g., the Desktop) and make note of this location. This folder contains four files: LESClient.msi, LESClient64.msi, Setup.ini, and setup.exe.
- From the Lumension Endpoint Security Management Console (SMC), export a policy file by clicking the Tools menu and then choose Export Settings. Rename the file to be: policies.dat and save the file to your newly copied client folder (see step 1). NOTE: The polices.dat must be exported from an SMC that is of the same version as the client on which you will be importing the policies.
- Copy the server's public key (sx-public.key) to your new client folder as well. This public key can be found in %SystemRoot%\system32 (on a 32bit server) or %SystemRoot%\SysWOW64 (on a 64bit server). This is the same folder where the Application Server service (sxs.exe) is located.
- Take the copy of the client folder and place it on the stand-alone machine.
- Run the Setup.exe.
- In the 'Encrypted communication' dialog, select 'server is using unencrypted protocol' if your LES server is not using TLS, or else select another option.
- In the 'Lumension Endpoint Security Application Servers' dialog, DO NOT enter the server name from where the policies file has been issued, click 'Next.' A pop-up will appear indicating that an import file is provided, select 'Yes' and then 'Next' until the end of the installation.
- Reboot the machine.
NOTE: The LES client is now installed and it is protecting the machine. The client will update its permissions and options if it communicates back to the LES server or if you export a new policy file from the LES Server and import it on the machine by either method below:
- Right-click on the LES Tray Icon > 'Import Settings' menu
- Place a new copy of a policies.dat file into the "%ProgramFiles%\Lumension\Endpoint Security\Client\Import" folder
See also: Article 563 - Increasing the lifetime of a permissions package for more detail on changes you may choose to make to the policies.dat file