Endpoint Protection

 View Only
  • 1.  deleting a synched group

    Posted Mar 28, 2011 11:27 AM

    When you sync a SEP 11 group using LDAP, it creates a subgroup where the clients actually go.  That subgroup has an icon that appears to be a folder with a book on top of it; the book is tilted.

    I had a group that was synched to the wrong LDAP OU - that LDAP OU should not have been synched at all.  There were 10 clients in that group.  Six of them are currently turned off; I did not get a response when I sent them a ping.  Four were turned on - they responded to the ping. Those four, as it turns out, should not have had SEP installed at all - they are servers in our Citrix environment.  (Let's not discuss the merits of that here - it's not up for discussion at this time.)

    I deleted that subgroup that was incorrectly synched- the one with the icon of the book on top of the folder.

    Question: Where did the clients go? Were they deleted as well?



  • 2.  RE: deleting a synched group

    Posted Mar 28, 2011 11:32 AM

    they will be in the default group..

    SEPM with imported OU will give the blue print of your structure, 

    You cannot delete clients inside a OU, the option will be grayed out.

    If its incorrectly displayed, remove OU, re-import again, Sync, u should see the same as your AD is..

     

    http://www.symantec.com/business/support/index?page=content&id=TECH98152&locale=en_US



  • 3.  RE: deleting a synched group

    Posted Mar 28, 2011 11:43 AM

    I checked with colleagues here; All but four were turned off (no ping). The 4 alive are now Linux servers; No SEP installed, I believe.

    They may have been 'ghost' accounts, to use a phrase.  Again, Could the accounts have been deleted?



  • 4.  RE: deleting a synched group

    Posted Mar 28, 2011 11:57 AM

    Hello

    By default the client goes to defaul group

    If they are not reporting at all

    Please try the following

    http://www.symantec.com/business/support/index?page=content&id=TECH96201&locale=en_US

    https://www-secure.symantec.com/connect/forums/wrong-inscription-tree-symantec-enpoint-protection-manager



  • 5.  RE: deleting a synched group

    Posted Mar 28, 2011 07:20 PM

    They will check in to the Default group once they report in. If they don't report in, you won't see them.



  • 6.  RE: deleting a synched group

    Posted Mar 28, 2011 09:05 PM

    on the linux servers you cant have sep installed  only sav can be installed. so there wont be any accounts in the sepm..

    the account what you are seeing will be computer accounts as you have imported AD, there wont be any green dot on them.

    inside sepm u will see the accounts what you see in AD, not necessarily with SEP installed. if you have deleted OU they will show under default group.

    Again, u cannot delete these accounts; it can only be deleted from AD. if you want to remove, remove the OU