Endpoint Protection

Hi,

I'm having some trouble with the new endpoint manager.

Apparently i'm overdeployed on clients, but a lot of said "clients" are computer entries in AD that are disabled and no longer exist. (For continuity's sake their entries are kept)

Why does Endpoint Manager count disabled AD computers as requiring a licence when they are clearly disabled and obviously have no symantec software installed?

Couldn't find anything about this with search.

Thanks.

When you import AD; not all clients are consider to Have SEP installed.

Even after importing from AD, you need to create the package and push them out, I think after installation and clients started to report to the console, Its considered to have 1 valid license. AD does contain printers, so they are definetly not considered to be using Licenses.

Do you mean to say that your SEPM is having dpuble entries of the clients???? One active another not???

I'm not sure if i understand your question.

There are no double entries.

There are entries of all computers that have ever been online and had some form of symantec endpoint installed on them, even though they have been off the network for years.

Well, the thing is most of them probably had SOME version installed at some point in time, but they have been offline for years now and have been carried on in computer lists with every newer Endpoint Manager version. (Just the current version started being vocal about it)

They are listed like this in the manager.

Yes, As I said; when you import from AD; you get everythign from AD

Only after installign SEP you have the details populated and have green dot. Others will have just like what you have.

If they , had SEP , and NOw not in network that info will be in DB for default 30 days; after that its deleted; it can be changed under

admin-servers-local site

right click-prop- and set the value.

If the system are there in AD they will be seen, also check the days it has been configured to delete the clients that are not reported to SEPM.

My deletion date was the default of 30 days.

Now i set it to 40 days to test things, but after a few hours of letting the server "think things over", i still see computers that were last online in 2006.

The delete function does not work at all. This is the problem.

are these client within OU ? if yes , delete would be greyed out.

Looks like you'll either have to finally clean up AD, or submit in the Idea Forum asking for the ability in SEP to pick computers to exclude when importing from AD. I'm guessing most people would keep AD cleaned up from computers deleted as far back as 2006, so I'm not sure if it will be a priority for Symantec to modify the behavior of SEP. But it never hurts to ask!