Video Screencast Help

How to check client Policy number on SEPM console without logging in

Created: 08 Feb 2012 • Updated: 08 Feb 2012 | 11 comments

Hi Members,

Is there away to check a client group policy number  on SEPM server without logging in the SEPM console? I want to tell a couple of my staff who do not have access to the SEPM console how to compare or verify the policy number that's on the client PC with the policy number that's on SEPM.  Or away for non-SEPM console  users to verify or confirm that the SEP package is installed completely. I appreciate any help with this.

Thank you

Comments 11 CommentsJump to latest comment

Avkash K's picture


This method is for client side checking the policy number..

    1. Launch Symantec Endpoint Protection from the System Tray icon or the Start menu
    2. Select View logs button
    3. Select the View Logs button to the right of Client Management and select the System Log
    4. Select the Filter from the main menu and select Show All Logs
    5. Browse for the most recent entry labelled "Applied new policy with serial number..."
    6. Compare the serial number with the serial number shown in the Symantec Endpoint Protection Manager console

Hope that helps you!!


Avkash K

Avkash K's picture

Alternately, in the Symantec Endpoint Protection client interface you can choose Help & Support then Troubleshooting, and in the Management pane, look for Policy Serial Number.

Following article will help you understand more.

Troubleshooting Policy Changes:


Avkash K

pete_4u2002's picture

if you want to compare the policy serial number from SEPM and SEP client without logging into SEPM console, you can use the path Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\XXXXXXXXX\ and check for index.xml file.

XXXXXX being the group ID.

Milan_T's picture

what a great solution avkash.

i saw that each and every step u have discribed are in sequence.

Steve451's picture

Thank you all for responding so promptly. I understand how to check the policy number from the client side, but how do you know that the policy number is correct if you do not have access to the SEPM?

Here is the situation. I exported and saved the client installation packages on a network share where other none-SEP admin can copy and install the package on a client PC, if the SEP admin is not available. A none-SEP admin installed the SEP client on a few PCs. He sees the green dot and a policy number from the client side and thought everything was working fine. A week later the clients were having some strange issues. When I compare the policy numbers on the client with the SEPM, they were different. We found out he installed the 32-bit version on the 64-bit machine.

Pete_4u2002 alluded to what I am trying to figure out, but that method is not so suitable because  when I navigated to the path Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\, I had to decipher the string of numbers and reviewed the index.xml files to determine the group ID.  Is there any other method of verifying that the client has the correct policy without logging into SEPM?

pete_4u2002's picture

I do not think other way to achieve, since end user does not has access to SEPM DB, i do not think they can access the DB.

Steve451's picture

OK. Thanks.  That's a drawback.  I thought about making an admin account on SEPM for this purpose, but I quickly realized that there is no read or view only option.

Swapnil khare's picture

Steve you can send your Idea to Symantec as Suggestion .

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.