Windows commands for the client service

Article:HOWTO26882  |  Created: 2010-01-08  |  Updated: 2010-01-15  |  Article URL http://www.symantec.com/docs/HOWTO26882
Article Type
How To


Environment


Windows commands for the client service

You can manipulate the client directly from the command line on a Windows client computer by using the smc command for the client service. You may want to use this command in a script that runs the parameters remotely. For example, if you need to stop the client to install an application on multiple clients, you can stop and restart each client service.

The client service must run for you to use the command-line parameters, with the exception of smc -start parameter. The command-line parameters are not case sensitive.

Table: Parameters that all Windows members can use describes the parameters that you can run if users are members of any Windows user group.

Table: Parameters that all Windows members can use

Parameter

Description

smc -checkinstallation

Checks whether the smc client service is installed.

Returns 0, -3

smc -checkrunning

Checks whether the smc client service is running.

Returns 0, -4

smc -dismissgui

Closes either the Symantec Endpoint Protection or Symantec Network Access Control client user interface, including the notification area icon.

The client still runs and protects the client computer.

Returns 0

smc -exportlog

Exports the entire contents of a log to a .txt file.

To export a log, you use the following syntax:

smc -exportlog log_type 0 -1 output_file

where:

log_type is:

  • 0 = System Log

  • 1 = Security Log

  • 2 = Traffic Log

  • 3 = Packet Log

  • 4 = Control Log

    For example, you might type the following syntax:

    smc -exportlog 2 0 -1 c:\temp\TrafficLog

    Where:

    0 is the beginning of the file

    -1 is the end of the file

    You can export only the Control log, Packet log, Security log, System log, and Traffic log.

output_file is the path name and file name that you assign to the exported file.

Returns 0, -2, -5

smc -runhi

If Symantec Network Access Control is installed, runs a Host Integrity check.

Returns 0

smc -showgui

Displays either the Symantec Endpoint Protection or the Symantec Network Access Control client user interface.

Returns 0

smc -updateconfig

Checks whether the configuration file on the management server is more recent than the configuration file on the client. The configuration file includes all the settings on the management server, such as policies, groups, log settings, security settings, and user interface settings.

If the client's configuration file is out of date, updateconfig downloads the most recent configuration file and replaces the existing configuration file, which is serdef.dat.

Returns 0


You can run the parameters in Table: Parameters that members of the Administrators group can use only if the following conditions are met:

  • The client runs Windows 2003/XP/Vista, or Windows Server 2008 and users are members of the Windows Administrators group.

  • The client runs Windows 2003/XP and users are members of the Power Users group.

If the client runs Windows Vista and the User Account Control is enabled, the user automatically becomes a member of both the Administrators and Users group. To use the following parameters, the user must be a member of the Administrators group only.

Table: Parameters that members of the Administrators group can use

Parameter

Description

smc -exportconfig

Exports the client's configuration file to an .xml file. The configuration file includes all the settings on the management server, such as policies, groups, log settings, security settings, and user interface settings.

You must specify the path name and file name. For example, you can type the following command:

smc -exportconfig C:\My Documents\MyCompanyprofile.xml

Returns 0, -1, -5, -6

smc -importconfig

Replaces the contents of the client's current configuration file with an imported configuration file. The client must run to import the configuration file's contents.

You must specify the path name and file name. For example, you can type the following command:

smc -importconfig C:\My Documents\MyCompanyprofile.xml.

Returns 0, -1, -5, -6

smc -exportadvrule

Exports the client's firewall rules to a .sar file. The exported rules can only be imported into an unmanaged client or a managed client in client control mode or mixed mode. The managed client ignores these rules in server control mode.

You must specify the path name and file name. For example, you can type the following command:

smc -exportadvrule C:\myrules.sar

Returns 0, -1, -5, -6

smc -importadvrule

Adds the imported firewall rules to the client's list of existing firewall rules. These rules do not overwrite the existing rules. The client lists both existing rules and imported rules, even if each rule has the same name and parameters.

You can import only firewall rules into an unmanaged client or a managed client in client control mode or mixed mode. The managed client ignores these rules in server control mode.

To import firewall rules, you import a .sar file. For example, you can type the following command:

smc -importadvrule C:\myrules.sar

An entry is added to the System log after you import the rules.

Returns 0, -1, -5, -6

smc -start

Starts the Symantec Endpoint Protection or Symantec Network Access Control client service.

Returns 0, -1

smc -stop

Stops the Symantec Endpoint Protection or Symantec Network Access Control client service and unloads it from memory.

Returns 0, -1


When you import configuration files and firewall rules, note that the following rules apply:

  • You cannot import configuration files or firewall rule files directly from a mapped network drive.

  • The client does not support UNC (universal naming convention) paths.


Legacy ID



349239


Article URL http://www.symantec.com/docs/HOWTO26882


Terms of use for this information are found in Legal Notices