Detecting computers with Shared GUIDs

Article:HOWTO49693  |  Created: 2011-04-15  |  Updated: 2013-12-06  |  Article URL http://www.symantec.com/docs/HOWTO49693
Article Type
How To



 A GUID is shared when two or more Symantec Management Platform (SMP) agents are using the GUID at the same time. This can cause some fairly odd behavior, see:
  What are the effects of having duplicate GUID's?
  http://www.symantec.com/docs/TECH133462

Preventing Shared GUIDs
   How to Prevent Shared GUIDs
   http://www.symantec.com/docs/HOWTO93988

Correcting Shared GUIDs
   Shared GUID cleanup script
   http://www.symantec.com/docs/TECH212345

Detecting Shared GUIDs

To check for shared GUIDs, run the attached SQL query, and review the results; or import the attached Altiris report into the Altiris console, run the report and review the results. The attached Altiris reports is based on the attached SQL query which is based on the query used in the SQL script used TECH212345, mentioned above.
The Altiris report has the additional feature that right-clicking on any row brings up a context menu for the particular Computer GUID.
To confirm whether two or more computers are using the same (shared) GUID, connect to those computers and check the SMP agent's GUID. This can be done using the SMP Agent UI, or using the Remote Altiris Agent Diagnostic (RAAD) tool, see:
   Remote Altiris Agent Diagnostics (RAAD) 2.0,
   http://www.symantec.com/docs/HOWTO21449

Query results details:

Field
Description
GUID

the computer GUID

Name

the current computer name associated with the GUID, not very helpful

IsManaged

1 if computer is managed (e.g. has an Altiris agent installed), 0 otherwise

IsBlacklisted

1 if computer GUID has been blacklisted, 0 otherwise

KeyAdd
Count

number of times the value of this key was set (for this GUID, during the time period)
Did the change a few times, and you can explain why it changed that many times?
Or, did the value change too many times for explanation?

KeyAdd Date
Range

first time and the last time this key value was to any value (for this GUID, during the time period)
Did the name change on just one day?
Or did it change on multiple days?

h

number of unique host name values (extracted from KeyValue field)
Is there just one host name, such as when the computer joined the domain?
Is there just two host names, such as when the computer was actually renamed?
Is there many host names, as if the GUID is being shared.

d

number of unique domain name values (extracted from KeyValue field)

t

number of unique values for the "name.domain" field

KeyValue

one value to which this key was set (for this GUID, during the time period)
Note: Multiple KeyValues are shown on sequential rows.

ValueAdd
Count

number of times this resource key was set to this value (for this GUID, during the time period)

ValueAdd
Date Range

first time and the last time this key value was to this value (for this GUID, during the time period)


Attachments

Shared GUID Detection report, as SQL query
Shared Guid Report-3h1.sql (4 kBytes)
Shared GUID Detection report, as Altiris report
Shared Guid Report-3h1.xml (14 kBytes)




Article URL http://www.symantec.com/docs/HOWTO49693


Terms of use for this information are found in Legal Notices