Video Screencast Help
Security Community Blog

Changing the DLP Endpoint Agent Server Automatically

Created: 27 Sep 2013
jjesse's picture
+1 1 Vote
Login to vote

The Problem:

Currently within the DLP System there is no way to change a group of agents automatically, the only way is to do this manually through the Enforce Management Console. If you have a large number of agents this needs to be perfomed on it can be tedius. 

In the Management Console navigate to System -> Agents -> Overview and then select the computers you want and under the Actions menu you can change the Endpoint Server these computers communicate with.

Once again this is a bit tedious.

 

The Solution:

The update_configuration.exe file that is included in the SymantecDLPWinAgentTools_X.zip file can solve this problem.  The update_configuration.exe file needs to be in the same location as the Endpoint Agent is installed.

To change the DLP Endpoint Agent server:

  1. Verify the update_configuration.exe file is in the same location as the agent installed
  2. Execute the following command:

update_configuration.exe -name=AggregatorCommunicator -setting=AggregatorHost -type=str -value=server1

This does not require a restart of the DLP Endpoint Agent

To add an additional Endpoint Agent Server:

  1. Verify the update_configuration.exe file is in the same location as the agent installed
  2. Execute the following command:

 update_configuration.exe -name=AggregatorCommunicator -setting=AggregatorHost2 -type=str -value=server2

This requires a restart of the DLP Endpoint Agent