Installation Checklist

The installation checklist outlines the detailed tasks that you must perform when installing the Ivanti Device and Application Control solutions.

This checklist guides you through the installation process.

Important: For installation or upgrade to Ivanti Device and Application Control version 5.2:

  • You must have a valid license file that is issued specifically for version 4.5 or later. Confirm that you have the required license file available before you begin installation.
  • License files issued before Ivanti Device and Application Control version 4.5 will not work with the Application Server and may cause your Application Servers to stop working.
  • The Ivanti Device and Application Control 4.5 license must be installed before you install or upgrade the Ivanti Device and Application Control database, and then the Application Server.
  • Request a new license file using the Downloads tab on the Self-Service Portal.

To begin your installation:

  1. Copy the Ivanti Device and Application Control license file to the \\Windows\System32 or \\Windows\SysWOW64 folder, and rename the file to endpoint.lic. The license file may be installed after installing the database, however, the license file must be installed before installing the Application Server.
  2. Download the Ivanti Device and Application Control application software from the Self-Service Portal.
  3. Create a device, media, or software application inventory which lists the items that you want Ivanti Device and Application Control to control.
  4. Document company policy that defines:
    • Device permissions.
    • Shadowing requirements.
    • Device encryption requirements.
    • Ivanti Device and Application Control administrators and their roles.
    • Global domain groups for Ivanti Device and Application Control administrators.
  5. Plan your Ivanti Device and Application Control network architecture, based on capacity requirements, that list the Application Server host names and IP addresses.
  6. Create a dedicated Application Server domain user rights service account and set the following:
    • User cannot change password.
    • Password never expires.

    The domain account must have local administration rights when you plan to use the TLS communication protocol for client- Application Server and inter- Application Server data transfers.

  7. Create Impersonate a client after authentication user rights for the Application Server. See Impersonate a Client After Authentication (https://docs.microsoft.com/en-US/troubleshoot/windows-server/windows-security/seImpersonateprivilege-secreateglobalprivilege) for additional information about impersonating a client after authentication user rights.
  8. Verify that the Application Server domain account has Log on as a service user rights. See Add the Log on as a service right to an account (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc739424(v=ws.10)) for additional information about logging on as a service user rights.
  9. Install Microsoft® Internet Information Services on the same computer as the certification authority, otherwise the enterprise root certificate cannot be generated. See Internet Information Services (IIS) (https://www.iis.net) for additional information about installing Internet Information Services.
  10. Install a Microsoft enterprise root certification authority to enable removable device encryption for Device Control. See Install a Microsoft enterprise root certification authority (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc776709(v=ws.10)) for additional information about installing an enterprise root certificate.
  11. Install a Microsoft SQL Server®. See SQL Server technical documentation (https://docs.microsoft.com/en-us/sql/sql-server/?view=sql-server-ver15) for additional information about installing a SQL server.
  12. Complete Installing the Database.
  13. To install multiple Application Server s, create a shared file directory on a file server to share the Datafile directory component. This action is only required if you will be using more than one Application Server.
  14. Complete Generating a Key Pair. This action is recommended, but not required.
  15. Complete Installing the Application Server.
  16. Important: The Application Server service account must have database owner (DBO) rights to the Ivanti Device and Application Control database.

  17. Complete Installing the Management Console.
  18. Complete Installing the Client.
  19. Test your Ivanti Device and Application Control product solution installation for functionality.