Windows commands for the client service
You can manipulate the client directly from the command line on a Windows client computer by using the smc command for the client service. You may want to use this command in a script that runs the parameters remotely. For example, if you need to stop the client to install an application on multiple clients, you can stop and restart each client service.
The client service must run for you to use the command-line parameters, with the exception of smc -start parameter. The command-line parameters are not case sensitive.
Table: Parameters that all Windows members can use describes the parameters that you can run if users are members of any Windows user group.
Table: Parameters that all Windows members can use
Parameter | Description |
|---|
smc -checkinstallation | Checks whether the smc client service is installed. Returns 0, -3 |
smc -checkrunning | Checks whether the smc client service is running. Returns 0, -4 |
smc -dismissgui | Closes either the Symantec Endpoint Protection or Symantec Network Access Control client user interface, including the notification area icon. The client still runs and protects the client computer. Returns 0
|
smc -exportlog | Exports the entire contents of a log to a .txt file. To export a log, you use the following syntax: smc -exportlog log_type 0 -1 output_file
where:
log_type is:
0 = System Log 1 = Security Log 2 = Traffic Log 3 = Packet Log 4 = Control Log For example, you might type the following syntax: smc -exportlog 2 0 -1 c:\temp\TrafficLog Where: 0 is the beginning of the file -1 is the end of the file You can export only the Control log, Packet log, Security log, System log, and Traffic log.
output_file is the path name and file name that you assign to the exported file. Returns 0, -2, -5 |
smc -runhi | If Symantec Network Access Control is installed, runs a Host Integrity check. Returns 0 |
smc -showgui
| Displays either the Symantec Endpoint Protection or the Symantec Network Access Control client user interface. Returns 0 |
smc -updateconfig | Checks whether the configuration file on the management server is more recent than the configuration file on the client. The configuration file includes all the settings on the management server, such as policies, groups, log settings, security settings, and user interface settings. If the client's configuration file is out of date, updateconfig downloads the most recent configuration file and replaces the existing configuration file, which is serdef.dat. Returns 0 |
You can run the parameters in Table: Parameters that members of the Administrators group can use only if the following conditions are met:
The client runs Windows 2003/XP/Vista, or Windows Server 2008 and users are members of the Windows Administrators group.
The client runs Windows 2003/XP and users are members of the Power Users group.
If the client runs Windows Vista and the User Account Control is enabled, the user automatically becomes a member of both the Administrators and Users group. To use the following parameters, the user must be a member of the Administrators group only.
Table: Parameters that members of the Administrators group can use
Parameter | Description |
|---|
smc -exportconfig | Exports the client's configuration file to an .xml file. The configuration file includes all the settings on the management server, such as policies, groups, log settings, security settings, and user interface settings. You must specify the path name and file name. For example, you can type the following command: smc -exportconfig C:\My Documents\MyCompanyprofile.xml Returns 0, -1, -5, -6 |
smc -importconfig | Replaces the contents of the client's current configuration file with an imported configuration file. The client must run to import the configuration file's contents. You must specify the path name and file name. For example, you can type the following command: smc -importconfig C:\My Documents\MyCompanyprofile.xml. Returns 0, -1, -5, -6 |
smc -exportadvrule | Exports the client's firewall rules to a .sar file. The exported rules can only be imported into an unmanaged client or a managed client in client control mode or mixed mode. The managed client ignores these rules in server control mode. You must specify the path name and file name. For example, you can type the following command: smc -exportadvrule C:\myrules.sar Returns 0, -1, -5, -6 |
smc -importadvrule | Adds the imported firewall rules to the client's list of existing firewall rules. These rules do not overwrite the existing rules. The client lists both existing rules and imported rules, even if each rule has the same name and parameters. You can import only firewall rules into an unmanaged client or a managed client in client control mode or mixed mode. The managed client ignores these rules in server control mode. To import firewall rules, you import a .sar file. For example, you can type the following command: smc -importadvrule C:\myrules.sar An entry is added to the System log after you import the rules. Returns 0, -1, -5, -6 |
smc -start | Starts the Symantec Endpoint Protection or Symantec Network Access Control client service. Returns 0, -1 |
smc -stop | Stops the Symantec Endpoint Protection or Symantec Network Access Control client service and unloads it from memory. Returns 0, -1 |
When you import configuration files and firewall rules, note that the following rules apply:
Thank you.