Endpoint Protection

I require to be able to forcefully remove a laptop that was pushed a client that had issues with communication but is showing in SEPM. Since then I have went with unmanaged clients for laptops but this one fails to remove itself from SEPM since it was pushed a managed client initially. No other systems did this, anytime I uninstalled the SEP client on a pc it stopped showing in SEPM.

For some reason the right click option for delete is disabled. Can I endable this some how? I am logging in as admin to SEPM

I changed the seeting to purge clients that have no communicated to 15 days = still shows laptop in SEPM and it has been a good 29.

I am running version 11.0.4202.75

Thanks,

Do you have AD sync ?

If yes then that is the reason why the client is still listed in SEPM.

If you want to remove the client remove it from AD first , Re sync AD with SEPM then the client would disappear.

I agree with prachand. Synchronizing the active directory schema with SEPM will import the structure. But it will be a read-only entity. Thats the reason "delete" option is greyed out.

Best way is to delete the client from AD and then re-synch the directory schema. 

If the client remains in AD, it will be a part of the structure, and will be imported as a read-only entity.

Best,
Aniket

I am syncing with ADUC (pulls my OU's and computers that have endpoint installed)
Should not be pulling computers without endpoint managed client installed.

I have other laptops in the AD structure with unmanaged client installed = doesn't show them in SEPM
Something is stuck from when it had a managed client on this particular laptop that didn't work to get updates

This is still a active laptop so I can not simply delete it from AD and resync.

So basically I need to tell endpoint that this one PC object is not active and stop pull it's info

I'll play with the syncing some to see if I can make it happen though or maybe I can rename the laptop and move it to another OU or something to get it deleted and then move it back.

 

 

 Hi,

If you syn ur A/D with the manager then you will see all the computer what there in the A/D in the manager..  If you dont have SEP on any of the client you should still that client the manager but it will not have a green dot.. This is how it is supposed to work.. The laptop you are talking which has un- managed client & it is not showing the manager then there is some porblem over here..

With this laptop you dont want to see in the manager you can do this but i am not sure if it will work..

Break the AD syn then delete the laptop form the manager.. Re-sync the AD..

What  is the database you are using?

I can try that (unsync, delete, resync) and go from there.

Yeah I setup syncing before I pushed any clients. Pulled all my AD OU's Nothing showed in SEPM until I pushed clients. Then as I pushed clients they would appear connected (green dot).

So maybe something else is wrong still. I looked again now and went through all the OU's.

only 1 AD user account shows in any OU, all manged PC's show, just that 1 AD coputer account showing still.

Maybe I will resetup the syncing again.

 

OK so here is what I did to resolve the issue.

Stopped syncing all together
removed each synced folder = this moved all installed cleints to the default group
reselected each of the OU's I have server and computers to sync again
manually synced each folder
once resynced any inconsistencies where remove/corrected
Turned back on my hourly sync

Everything is the way I want it.

Now as for it pulling AD unmanaged computers,users and groups also.  This was just a selected view issue. Default view shows all these so it was pulling them all I assume before.

Now if ithe software could handle this on it's own then we would have something, what a concept.

Thanks for all responces!!!