<

Symantec Endpoint Protection: HOW-TO - Manually Move Client to a Different Group

Published on
17,815 Points
8,215 Views
1 Endorsement
Last Modified:
Awarded
Community Pick
PREFACE
The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has already been registered to a SEPM. The SylinkDrop utility that comes with SEP unfortunately does not move the client when it is already registered. At that point that utility is only useful for re-establishing communication between the client and SEPM.

The information in this guide is based on version 11.0 RU6 of the product.

AUDIENCE
Information Technology personnel responsible for support of the SEP environment.

ASSUMPTIONS
It is assumed that the personnel implementing the steps in this guide have basic knowledge of the Windows operating system and are comfortable making modifications in the registry.

PREREQUISITES
1.      The SEP client must be installed, managed and able to communicate with a SEPM.
2.      The SEP client must remain in the same SEP domain it is currently in.
3.      A local administrator privileged account must be used.
4.      The client group the SEP client is moving to must already exist.

DEFINITIONS
SEP – Symantec Endpoint Protection
SEPM – Symantec Endpoint Protection Manager

REFERENCES
I was unable to locate other sources that provided the same information contained herein. Other sources make mention to the SylinkDrop utility, which this guide doesn't use to perform the intended function.

STEPS
1.      Logon to the computer with an administrator privileged account.
2.      Click on Start then Run.
3.      Type smc -stop then press Enter.
a.    Wait for the SEP tray icon to disappear before proceeding.
4.      Browse to C:\Program Files\Common Files\Symantec Shared\HWID on x86 computers or C:\Program Files (x86)\Common Files\Symantec Shared\HWID on x64 computers, and delete the sephwid.xml file.
5.      Click on Start then Run.
6.      Type regedit then press Enter.
7.      Browse to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
8.      Open the HardwareID value and delete the data. Click Ok.
9.      If the following additional values exist, delete the data and click Ok for each one: CurrentGroup, CurrentMode and GroupGUID.
10.      Open the PreferredGroup value and replace the data with the path to the new group. Click Ok.
a.      Ex. My Company\Desktop\Default\Fri 2pm
11.      Click on Start then Run.
12.      Type smc -start then press Enter.
13.      Allow approximately 30-90 seconds for the client to update. Then check the SEP troubleshooting window under Help & Support to confirm the client is located in the intended group.
1
Comment
Author:jmlamb
  • 2
4 Comments
 
LVL 38

Expert Comment

by:younghv
jmlamb:
That you for putting this together - I'm sure that many of our Symantec Adminstrators will find it useful.
If I see any questions in the Zones that need this kind of help, I will be sure to post a hyperlink back to it.

Big "Yes" vote above.

0
 

Expert Comment

by:andersjensen
Dear Jmlamb

I have tried the Trick and i woks just like you wrote here, but for some reason and i guess it have something to do with the hardware ID, it shows up twice in the manager. The one in the old Group and off course in in the new group.

The old one is not managed, teh new one is. have you experienced the same ?
0
 
LVL 12

Author Comment

by:jmlamb
Hi Anders,

Yes, that is the expected behavior. The client's unique identifier in the database is the HWID. That is what the SEPM tracks the client by. It doesn't care about the computer's name (that is just for display purposes).

The stale record will be purged automatically when it has expired. That setting is controlled in the Site's configuration. I believe the default is 30 days unless you've changed it. If you don't want to wait you can delete the old client right away without harming anything.

Hope this helps.
0
 

Expert Comment

by:andersjensen
Thanks for the answer, it was the same conclusion i came to.

I will look into  purge time, we have it at default at the moment.
0

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Join & Write a Comment

Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month