Video Screencast Help

Script Convert unmanaged system to Managed system

Created: 27 Mar 2012 • Updated: 03 Apr 2012 | 20 comments
Ashish-Sharma's picture
+27 27 Votes
Login to vote

Hi,

 

Script will be help full where you can be covert unmanaged system to managed system.

 

This script work for stop the SEP password after this script will be copy syslink.xml file ,delete hardware id and sephwid.xml.

 This Batch file you may be run with help of download https://www-secure.symantec.com/connect/downloads/remotely-run-symantec-antivirus-related-batch-file

  

@echo off

 

 

*****Script for stop Symantec service******

 

 

"%programfiles%\symantec\symantec endpoint protection\smc.exe" -stop -p test (Test is SEP Stop password)

 

*****Syslink File Replace Command*****

 

Copy "C:\Unmanaged_to_Managed\syslink.xml" "C:\Program Files\Symantec\Symantec Endpoint Protection"

 

 

*****Script for Delete Sephwid.xml file for common folder*****

cd\

cd C:\Program Files\Common Files\Symantec Shared\HWID

del sephwid.xml

Cd\

 

*****Delete hardwareID for registry*****

 

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink" /v HardwareID /f

 

 

exit

 

Note: After restart the Client System.

 

 

 

Thanks & Regards

 

 Ashish Sharma

Comments 20 CommentsJump to latest comment

hemantsingh681's picture

hi ashish,

i will try this script.

0
Login to vote
Ghent's picture

It looks like this script would only work on SEP 11.x.

In SEP 12.1 there are 2 important changs which I believe would cause this script to fail. They are:

  1. By default, Tamper Protection is enabled and prevents you from replacing the Sylink file, even if you run smc -stop first.
  2. The Sylink.xml file is now kept in the ProgramData directory, (or Documents and Settings\All Users in XP). The SEP Version Number is now part of the path, so you must retrieve the current path from the registry to know "which" sylink file SEP is using.
+1
Login to vote
Ashish-Sharma's picture

Hi Chent,

Yes this script only working SEP 11.x.

because my organization using sep 11.x.

  1. By default, Tamper Protection is enabled and prevents you from replacing the Sylink file, even if you run smc -stop first.

First i am stop the smc service with below command.and after replace the syslink file.

"%programfiles%\symantec\symantec endpoint protection\smc.exe" -stop -p test (Test is SEP Stop password)

 

 

Thanks In Advance

Ashish Sharma

 

 

0
Login to vote
Ghent's picture

Yes, you are able to stop SMC in SEP 11.x and make the changes.

However, in SEP 12.1 tamper protection will block you from modifying SEP registry keys and files, even if you have stopped the SEP service using smc -stop. So as long as your have an 11.x deployment, you're good. If you haven't looked into SEP 12.1 yet (maybe you have), the enhance protection is definately worth a look.

0
Login to vote
Admin76's picture

smc.exe -stop -p doesn't work if...

- if the client window is opened

- if -stop parameter is not the last (after -p <passwd> parameter)

We use custom VBScript (compiled to exe) to stop client and delete/reset HwID. Yes we have Tamper protection exclusion for the script to be able to stop smc.

This is my question: How can I stop smc in the script if the client window is opened?  

 

0
Login to vote
Ghent's picture

It does seem like a bug that you can't stop the service if the SEP GUI is open. However, you may be able to close the SEP Window before you attempt to stop SMC.

I've never done Window manipulation in VBScript. However you might have some luck using the wshshell.AppActivate and SendKeys command ( see details here: http://devguru.com/technologies/wsh/17408.asp ). I believe you can also call an API from VBScript, but I've never done it. (Example: http://www.vbforums.com/showthread.php?t=30664 ). You may also be able to load WMI and close the window through that.

For situations where "window manipulation" is required, I usually use AutoIT ( http://www.autoitscript.com/site/autoit/ ). It has VB like syntax, compiles into an EXE, and provides commands for almost all your automation needs, including window searching, activating, closing, etc.

The details on how to do any of these would be a topic for a separate thread.

0
Login to vote
Ashish-Sharma's picture

Hi,

What version you are using ?

If you are not using any password you will be remove after (-p <passwd> parameter)

"%programfiles%\symantec\symantec endpoint protection\smc.exe" -stop

 

Thanks In Advance

Ashish Sharma

 

 

0
Login to vote
Admin76's picture

The described behavior I have tested with SEP12.1.

I have tested the same now with not upgraded client yet. SEP11.0.6300.803:
- if the client window is opened the service Symantec Management Client stopps. Client window is remains opened with the alarm.
- smc.exe -p <passwd> -stop works as well.

So it looks that problem is only witth  the new version.

0
Login to vote
Suryakant's picture

hi,

i am tested in my sep 11 version it's working fine.

 

0
Login to vote
consoleadmin's picture

Asihish- Nice Script for manage the systems.

Thanks.

0
Login to vote
sharmakhilesh's picture

It good script. any script which will work in Sep 12.1?

0
Login to vote
Ghent's picture

The problem with using a script to on SEP 12.1 is Tamper Protection. In 12.1 the Tamper Protection has been greatly revised and will block any script, even running under SYSTEM, from modifying the Sylink.xml or SEP registry keys. If you turn off Tamper Protection via a policy change, then you can get things to work.

I don't know of a way to turn off Tamper Protection through a script (You may be able to do it through GUI manipulation on the client, but that probably won't work well on 'real' end users).

If you do have Tamper Protection disable (or exceptions made), then you can have your script find the Sylink.xml file by checking the SEP client version. I normal yhav emy script read the HKLM\Software\Symantec\Symantec Endpoint Protection SMC\ProductVersion key. If it's 12.1 or greater, check ProgramData (or Documents and Settings on XP). If it's 5.x or 11.x, check Program Files.

0
Login to vote
AlexTomasson's picture

The only drawback to this script is that is can only be used on SEP 11.x. That limits its use outside of other versions. However, I still regard this as a very useful script, and I thank you for sharing this. Hopefully others can find it as useful as I did.

Alex - swftogif

0
Login to vote
confused12's picture

hey.....great scrip, but just a quick question, i'm just going to run the below as a logon script, my question is its automatically putting my clients into the Default computer group, where can i change this, i've setup Test fodlers under this that i want clients to go into?? or do i manually move them?

** Start of script to resolve the Hardware ID issue**

"%programfiles%\symantec\symantec endpoint protection\smc.exe" -stop  -p  *MY PASSWORD*

 REM Wait 120 seconds
ping -120 127.0.0.1 > nul
 

cd\
cd C:\Program Files\Common Files\Symantec Shared\HWID
del sephwid.xml
Cd\

 

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink" /v HardwareID /f

REM Wait 60 seconds
ping -60 127.0.0.1 > nul

"%programfiles%\symantec\symantec endpoint protection\smc.exe" -start

pause

exit

 

 

 

Thanks

0
Login to vote
Ghent's picture

You can set the Preferred Group registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\PreferredGroup

The value would be something like:
My Company\Accounting\HWID-Fixed

(Note, it is case sensitive).

If you need more information, you can just google that PreferredMode setting.

On the server side, you may also have to enable the communication option under Group -> Policies -> Communication Settings, one of the last ones... I forget the exact name, says something about, "Allow client group setting" (11.RU7? and newer)

I would like to see a more detailed description on why this is necessary. Is it just a one-time issue? Are you using a Virtual Clone? Ghost Image? Or VDI? There are solutions for this "image clones" types of issues so you don't have this problem.

0
Login to vote
James007's picture

Hi,

this Script will be work on sep 11 if i want to change in SEP 12,

what's the setting will be added.

0
Login to vote
Ambesh_444's picture

good one dear...

 

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

0
Login to vote