[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Symantec Endpoint Protection: HOW-TO - Manually Move Client to a Different Group

Published on
17,942 Points
1 Endorsement
Last Modified:
Community Pick
The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has already been registered to a SEPM. The SylinkDrop utility that comes with SEP unfortunately does not move the client when it is already registered. At that point that utility is only useful for re-establishing communication between the client and SEPM.

The information in this guide is based on version 11.0 RU6 of the product.

Information Technology personnel responsible for support of the SEP environment.

It is assumed that the personnel implementing the steps in this guide have basic knowledge of the Windows operating system and are comfortable making modifications in the registry.

1.      The SEP client must be installed, managed and able to communicate with a SEPM.
2.      The SEP client must remain in the same SEP domain it is currently in.
3.      A local administrator privileged account must be used.
4.      The client group the SEP client is moving to must already exist.

SEP – Symantec Endpoint Protection
SEPM – Symantec Endpoint Protection Manager

I was unable to locate other sources that provided the same information contained herein. Other sources make mention to the SylinkDrop utility, which this guide doesn't use to perform the intended function.

1.      Logon to the computer with an administrator privileged account.
2.      Click on Start then Run.
3.      Type smc -stop then press Enter.
a.    Wait for the SEP tray icon to disappear before proceeding.
4.      Browse to C:\Program Files\Common Files\Symantec Shared\HWID on x86 computers or C:\Program Files (x86)\Common Files\Symantec Shared\HWID on x64 computers, and delete the sephwid.xml file.
5.      Click on Start then Run.
6.      Type regedit then press Enter.
7.      Browse to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
8.      Open the HardwareID value and delete the data. Click Ok.
9.      If the following additional values exist, delete the data and click Ok for each one: CurrentGroup, CurrentMode and GroupGUID.
10.      Open the PreferredGroup value and replace the data with the path to the new group. Click Ok.
a.      Ex. My Company\Desktop\Default\Fri 2pm
11.      Click on Start then Run.
12.      Type smc -start then press Enter.
13.      Allow approximately 30-90 seconds for the client to update. Then check the SEP troubleshooting window under Help & Support to confirm the client is located in the intended group.
  • 2
LVL 38

Expert Comment

That you for putting this together - I'm sure that many of our Symantec Adminstrators will find it useful.
If I see any questions in the Zones that need this kind of help, I will be sure to post a hyperlink back to it.

Big "Yes" vote above.


Expert Comment

Dear Jmlamb

I have tried the Trick and i woks just like you wrote here, but for some reason and i guess it have something to do with the hardware ID, it shows up twice in the manager. The one in the old Group and off course in in the new group.

The old one is not managed, teh new one is. have you experienced the same ?
LVL 12

Author Comment

Hi Anders,

Yes, that is the expected behavior. The client's unique identifier in the database is the HWID. That is what the SEPM tracks the client by. It doesn't care about the computer's name (that is just for display purposes).

The stale record will be purged automatically when it has expired. That setting is controlled in the Site's configuration. I believe the default is 30 days unless you've changed it. If you don't want to wait you can delete the old client right away without harming anything.

Hope this helps.

Expert Comment

Thanks for the answer, it was the same conclusion i came to.

I will look into  purge time, we have it at default at the moment.

Featured Post

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Join & Write a Comment

Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month