Endpoint Protection

The background:

Symantec Endpoint Protection Manager server. Many of our computers "in the field" have had SEP 11 installed on them. However, they were installed in unmanaged mode as no server was yet available to manage them. Now, with the server up, I desire them to be managed by it. I thought this might be a simple task of simply redeploying the latest build of SEP from the Manager. This does not work however.

Am I missing something? I've read some "how to's" involving moving xml files and editing the registry. Surely there must be a simpler way than this?

Any help would be appreciated.

Thanks.

-kirk

you are correct, u need to replace the sylink file

How to change a Symantec Endpoint Protection client from unmanaged to managed in MR1 and MR2

http://service1.symantec.com/support/ent-security.nsf/docid/2007082009543848

in the download section you have the sylink drop.exe.

which can be used to replace the file remotely


read the readme.txt file..its easy to install...it should be managed with in few minutes..

good day

Hi,

       To change the client from unmanaged to managed
Log on to the Symantec Endpoint Protection Manager Console.
In the Console, in the left pane, click Clients.
In the View Clients column, select the group to which you want to assign the unmanaged client. 
Right-click the selected group, then click Export Communication Settings at the bottom of the drop-down menu.
In Export Communication Settings, in the group name dialog box, click Browse.  The default selection is My Documents.
In the Select Export File dialog, locate the folder to which you want to export the sylink.xml file, and click OK. 
In the Export Group Registration Setting for group name dialog box, select one of the following options:
To apply the policies from the group from which the computer is a member, click Computer Mode.
To apply the policies from the group from which the user is a member, click User Mode.
Click Export.
If the file name already exists, click OK to overwrite it, or Cancel to save the file with a new file name.
Copy the file to the desktop of the unmanaged computer.
Open the client interface on the unmanaged computer.
Click on Help and Support and select Troubleshooting.
Click Import, browse to the .xml file exported from the Manager, and click OK.

In case the above is not feasible then I would advice you to create a new package for the clients and use the Migration & Deployment Wizard to deploy this new package to the unmanaged clients and they will start reporting to the SEPM.

Thank you very much for the quick replies!

It seems another method works, led on by you Sandip. Since I'm upgrading the version of SEP from 11.0.4014 to 11.0.4202, I would like to redeploy anyway. Intiially, merely deployin the package was not sufficient to force the client to connect to the server. This is, perhaps, because I was doing a simple upgrade.

However, in the Client Install settings for a partiticular package, if you select the option to "Remove all previous logs and policies, and reset the client-server communications settings" option, and THEN deploy the package, it forces the client to (obviously) forget the previous settings and connect to the server and managed mode.

Thanks again, guys!

-kirk

If the computers are on an AD domain, this will put it on auto-pilot. It also makes SEP more resilient when computers are offline for a while:

https://www-secure.symantec.com/connect/articles/startup-scripts-and-sylinkdrop-better-together

HTH

Title: 'How to restore/retain client-server communication using custom installation settings without having to use the sylink drop tool.'
Document ID: 2008052008163148
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008052008163148?Open&seg=ent