Community Pick: Many members of our community have endorsed this article.
Editor's Choice: This article has been selected by our editors as an exceptional contribution.

Symantec Endpoint Protection: HOW-TO - Manually Move Client to a Different Group

The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has already been registered to a SEPM. The SylinkDrop utility that comes with SEP unfortunately does not move the client when it is already registered. At that point that utility is only useful for re-establishing communication between the client and SEPM.

The information in this guide is based on version 11.0 RU6 of the product.

Information Technology personnel responsible for support of the SEP environment.

It is assumed that the personnel implementing the steps in this guide have basic knowledge of the Windows operating system and are comfortable making modifications in the registry.

1.      The SEP client must be installed, managed and able to communicate with a SEPM.
2.      The SEP client must remain in the same SEP domain it is currently in.
3.      A local administrator privileged account must be used.
4.      The client group the SEP client is moving to must already exist.

SEP – Symantec Endpoint Protection
SEPM – Symantec Endpoint Protection Manager

I was unable to locate other sources that provided the same information contained herein. Other sources make mention to the SylinkDrop utility, which this guide doesn't use to perform the intended function.

1.      Logon to the computer with an administrator privileged account.
2.      Click on Start then Run.
3.      Type smc -stop then press Enter.
a.    Wait for the SEP tray icon to disappear before proceeding.
4.      Browse to C:\Program Files\Common Files\Symantec Shared\HWID on x86 computers or C:\Program Files (x86)\Common Files\Symantec Shared\HWID on x64 computers, and delete the sephwid.xml file.
5.      Click on Start then Run.
6.      Type regedit then press Enter.
7.      Browse to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
8.      Open the HardwareID value and delete the data. Click Ok.
9.      If the following additional values exist, delete the data and click Ok for each one: CurrentGroup, CurrentMode and GroupGUID.
10.      Open the PreferredGroup value and replace the data with the path to the new group. Click Ok.
a.      Ex. My Company\Desktop\Default\Fr i 2pm
11.      Click on Start then Run.
12.      Type smc -start then press Enter.
13.      Allow approximately 30-90 seconds for the client to update. Then check the SEP troubleshooting window under Help & Support to confirm the client is located in the intended group.

Comments (4)

Author of the Year 2011
Top Expert 2006

That you for putting this together - I'm sure that many of our Symantec Adminstrators will find it useful.
If I see any questions in the Zones that need this kind of help, I will be sure to post a hyperlink back to it.

Big "Yes" vote above.

Dear Jmlamb

I have tried the Trick and i woks just like you wrote here, but for some reason and i guess it have something to do with the hardware ID, it shows up twice in the manager. The one in the old Group and off course in in the new group.

The old one is not managed, teh new one is. have you experienced the same ?


Hi Anders,

Yes, that is the expected behavior. The client's unique identifier in the database is the HWID. That is what the SEPM tracks the client by. It doesn't care about the computer's name (that is just for display purposes).

The stale record will be purged automatically when it has expired. That setting is controlled in the Site's configuration. I believe the default is 30 days unless you've changed it. If you don't want to wait you can delete the old client right away without harming anything.

Hope this helps.
Thanks for the answer, it was the same conclusion i came to.

I will look into  purge time, we have it at default at the moment.

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.