Best Practices for Central Deployment and Management of Symantec Endpoint Protection (SEP) in a Workgroup environment

Article:TECH91679  |  Created: 2009-01-06  |  Updated: 2010-01-20  |  Article URL http://www.symantec.com/docs/TECH91679
Article Type
Technical Solution


Environment

Issue



What are the Best Practices for Central Deployment and Management of Symantec Endpoint Protection (SEP) in a Workgroup environment ?

Symptoms
In the client GUI, under Help and Support > Troubleshooting, it displays the client status as "offline"
  1. No active communication between the Symantec Endpoint Protection (SEP) client and Symantec Endpoint Protection Manager (SEPM)
  2. Receive an error when trying to Deploy SEP using the Migration and Deployment Wizard
  3. Receive an error when trying to Deploy SEP using the Find Unmanaged Computers feature
  4. Client not receiving the latest definitions from the Symantec Endpoint Protection Manager (SEPM)
  5. The policy updates are not received to the Symantec Endpoint Client (SEP) from the Symantec Endpoint Protection Manager (SEPM)
  6. None of the Run Commands Executed from the Symantec Endpoint Protection Manager (SEPM) are successfully updated on the Symantec Endpoint Protection (SEP) client



Cause



This is caused due to the limitations of the workgroup environment as compared to the domain: (1) Windows Access policy (2) Windows firewall (3) File and print sharing (4) Permissions (5) Simple file sharing (6) Local user limitations

Solution



To establish communication between Symantec Endpoint Protection (SEP) client and Symantec Endpoint Protection Manager (SEPM) in a workgroup environment follow the steps mentioned below:
  • Enable the network access policy for let everyone permission's apply to anonymous users
    1. Click Start > Run
    2. Type gpedit.msc
    3. Click on Computer Configuration > Windows Settings > Security Settings > Local Polices > Security Options
    4. Go to "Network Access: Let Everyone permission's apply to anonymous users" and enable the same
  • Disable windows firewall on all client machines
    1. Click Start > Control Panel > Windows Firewall
    2. Disable Windows Firewall.

    Note: If you do not want to disable the firewall it can also be configured locally on each client in the workgroup to allow all ports required for communication between the Symantec Endpoint Protection (SEP) client and Symantec Endpoint Protection Manager (SEPM)
  • Ensure file and print sharing in enabled
    1. Go to Start > Control Panel > Network Connections
    2. Right-click Local Area Connection
    3. Click Properties
    4. Ensure that "File and Printer Sharing for Microsoft Networks" option is listed and enabled

    Note: If not listed, add the same by clicking on Install > Service > Have Disk... Then type C:\Windows\inf, select "File and Printer Sharing for Microsoft Networks" and click OK.
  • Disable simple file sharing
    1. Click Start > My Computer > Tools > Folder Options > View
    2. Uncheck "Simple File Sharing"
    3. Click Apply > OK
  • Create a local user with a common username and password on all the machines which could be used for the deployment




Technical Information
This issue is caused due to the limitations and architectural difference of the workgroup environment as compared to the domain.




Legacy ID



2009010622472148


Article URL http://www.symantec.com/docs/TECH91679


Terms of use for this information are found in Legal Notices