Symantec Endpoint Protection: HOW-TO - Manually Move Client to a Different Group

Published on
18,238 Points
1 Endorsement
Last Modified:
Community Pick
The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has already been registered to a SEPM. The SylinkDrop utility that comes with SEP unfortunately does not move the client when it is already registered. At that point that utility is only useful for re-establishing communication between the client and SEPM.

The information in this guide is based on version 11.0 RU6 of the product.

Information Technology personnel responsible for support of the SEP environment.

It is assumed that the personnel implementing the steps in this guide have basic knowledge of the Windows operating system and are comfortable making modifications in the registry.

1.      The SEP client must be installed, managed and able to communicate with a SEPM.
2.      The SEP client must remain in the same SEP domain it is currently in.
3.      A local administrator privileged account must be used.
4.      The client group the SEP client is moving to must already exist.

SEP – Symantec Endpoint Protection
SEPM – Symantec Endpoint Protection Manager

I was unable to locate other sources that provided the same information contained herein. Other sources make mention to the SylinkDrop utility, which this guide doesn't use to perform the intended function.

1.      Logon to the computer with an administrator privileged account.
2.      Click on Start then Run.
3.      Type smc -stop then press Enter.
a.    Wait for the SEP tray icon to disappear before proceeding.
4.      Browse to C:\Program Files\Common Files\Symantec Shared\HWID on x86 computers or C:\Program Files (x86)\Common Files\Symantec Shared\HWID on x64 computers, and delete the sephwid.xml file.
5.      Click on Start then Run.
6.      Type regedit then press Enter.
7.      Browse to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
8.      Open the HardwareID value and delete the data. Click Ok.
9.      If the following additional values exist, delete the data and click Ok for each one: CurrentGroup, CurrentMode and GroupGUID.
10.      Open the PreferredGroup value and replace the data with the path to the new group. Click Ok.
a.      Ex. My Company\Desktop\Default\Fri 2pm
11.      Click on Start then Run.
12.      Type smc -start then press Enter.
13.      Allow approximately 30-90 seconds for the client to update. Then check the SEP troubleshooting window under Help & Support to confirm the client is located in the intended group.
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free