How to prepare a Symantec Endpoint Protection 12.1 client for cloning
|Article:HOWTO54706|||||Created: 2011-06-27|||||Updated: 2012-03-29|||||Article URL http://www.symantec.com/docs/HOWTO54706|
This document lists the best practices for cloning a Symantec Endpoint Protection 12.1 client in either a physical or virtual environment. If this document is not followed then cloned Endpoint Protection clients will have duplicate identifiers, which will result in problems with management and reporting. These instructions are for Windows clients; for Macintosh clients see Cloning a Symantec Endpoint Protection for Macintosh client.
- Install the operating system, applications, and patches.
- Install the Symantec Endpoint Protection Client and update the definitions.
- On Windows 7 or Server 2008 systems, you may need to disable Tamper Protection if you experience problems. For more information, read the article Symantec Endpoint Protection 12.1: Tamper Protection causes continuous reboot after cloning or sysprep.
- Run ClientSideClonePrepTool.exe. This requires administrator rights.
This tool will remove all Symantec Endpoint Protection client identifiers and leave the Endpoint Protection services stopped. It should be done as the last step in the image preparation process, before running sysprep and/or shutting down the system. If the system is rebooted or the Endpoint Protection client services are restarted then new identifiers will be generated and you must re-run the tool before cloning.
The ClientSideClonePrepTool does not run silently, but the following steps may be scripted as a silent alternative.
- Delete all instances of sephwid.xml on file system. Possible locations (usually only in the PersistedData folder):
C:\Program Files\Common Files\Symantec Shared\HWID\ (if it is migrated from 11.x);
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\PersistedData\
(Replace "Documents and Settings\All Users\Application Data" with "ProgramData" on Vista/Win7/2008+)
C:\Documents and Settings\<userName>\Local Settings\Temp\
C:\Users\<userName>\AppData\Local\Temp\ (on Vista/Win7/2008+)
- Remove all copies of communicator.dat from the file system. Possible locations:
C:\Documents and Settings\<userName>\Local Settings\Temp\communicator.dat
C:\Users\<userName>\AppData\Local\Temp (on Vista/Win7/2008+)
- Delete HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID
- Delete HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HostGUID
If you are dealing with duplicate IDs on machines cloned from an improperly-prepared image, see How to repair duplicate IDs on cloned Symantec Endpoint Protection 12.1 clients
Article URL http://www.symantec.com/docs/HOWTO54706