How to prepare a Symantec Endpoint Protection 12.1.x client for cloning

Article:HOWTO54706  |  Created: 2011-06-27  |  Updated: 2014-09-25  |  Article URL
Article Type
How To

This document lists the best practices for cloning a Symantec Endpoint Protection 12.1.x client in either a physical or virtual environment. If you do not follow these best practices, then cloned Endpoint Protection clients have duplicate identifiers, which result in problems with management and reporting.

These instructions are for Windows clients; for Macintosh clients, see Related Articles.

Cloning Steps

  1. Install the operating system, applications, and patches.
  2. Install the Symantec Endpoint Protection client and update the definitions. 
    Cloning Windows 7 or Server 2008 with Symantec Endpoint Protection 12.1.671.4971 installed failed if Tamper Protection was enabled, which caused continuous reboots. For more information, see Related Articles
  3. Run ClientSideClonePrepTool.exe. This requires administrator rights. NOTE: this tool currently fails to run in SEP 12.1 RU5 with error "Failed: unable to get install path". Symantec is aware of the issue and this article will be updated when new information is available. The manual steps below should still perform the same function.

This tool removes all Symantec Endpoint Protection client identifiers and leave the Symantec Endpoint Protection services stopped. Using this tool should be the last step in the image preparation process, before running sysprep and/or shutting down the system. If the system reboots or the Symantec Endpoint Protection client services restart, then new identifiers are generated and you must un the tool again before cloning.

The ClientSideClonePrepTool does not run silently, but the following steps may be scripted as a silent alternative. If you script these steps, you must disable Tamper Protection on the Symantec Endpoint Protection client.

  1. Delete all instances of sephwid.xml on file system. Possible locations (usually only in the PersistedData folder):
    • If migrated from 11.x: C:\Program Files\Common Files\Symantec Shared\HWID\
    • C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\PersistedData\
      For Vista/Windows 7/Server 2008+: C:\ProgramData\Symantec\Symantec Endpoint Protection\PersistedData\
    • C:\Windows\Temp\
    • C:\Documents and Settings\userName\Local Settings\Temp\
      For Vista/Windows 7/Server 2008+: C:\Users\userName\AppData\Local\Temp\
  2. Remove all copies of communicator.dat from the file system. Possible locations:
    • C:\Windows\Temp\
    • C:\Documents and Settings\userName\Local Settings\Temp\communicator.dat
      For Vista/Windows 7/Server 2008+: C:\Users\userName\AppData\Local\Temp 
  3. Delete the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID
  4. Delete the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HostGUID

If you are dealing with duplicate IDs on machines cloned from an improperly-prepared image, see Related Articles for how to repair them.


Client Side Clone Prep (92 kBytes)

Supplemental Materials


SEP 12.1 RU5: Clone prep articles and tools need reviewing. CientSideClonePrepTool fails to run on RU5

Article URL

Terms of use for this information are found in Legal Notices