Two PCs got put into a client group with USB blocking turned on.

On each one I moved the client PC into a 'group' that does NOT have USB enabled but the PCs still have USB blocked, how to fix this??

On one PC we can try a re-install of the client with the correct policy chosen by the installer, but the 2nd one should have worked by it just being moved to a new client/policy group.

What is the best remedy?? Re-install?? It is annoying that the move clients does not effect the desired policy changes.

Thank you, Tom

Did you reboot the client after moving to the new group? Anytime you make a change to the Application and Device control policy a reboot is required.

Can you confirm the client picked up the new policy to disable the application and device control policy?

Other way around -- we want to ENABLE the USB drive usage, not disable it.

Yes, reboots have been done...will double-check on this.

Thank you, Tom

What is your heartbeat set to? Perhaps the clients just haven't picked up the policy yet.

You can verify in the System log on the client under View Logs >> Client Management >> System Log. You should see something along of the lines of Applied New Policy, reboot is needed.....

Also, application and device control does not work on 64-bit so if these are 64-bit machines, your out of luck.

On the Client..Right Click on the SEP Client Icon--update Policy.

Brian81 said: "Also, application and device control does not work on 64-bit so if these are 64-bit machines, your out of luck."

Does this refer to the processor or the OS??

If the processor is 64-bit but the OS is 32-bit XP, what happens??

Thank you, Tom

We already did the update policy, part of the problem is I forgot ADP does not work on 64-bit PCs...please see my question above about the processor vs. OS.

One for sure is 64-bit cpu, the other one is XP SP3 on I *think* 64-bit CPU, it is not clear to me if this will or will not work.

Thank you, Tom

It will not, device control is not suport on 64-bit systems

Symantec Endpoint Protection 11.0 compatibility with 64-bit platform

http://www.symantec.com/business/support/index?page=content&id=TECH102143&locale=en_US

The above-mentioned Symantec site does not say anything about 32-bit OS on 64-bit processor.

It says "...64-bit processors and operating systems."

Which is what I have on one PC wherein USB drives ARE blocked within the package's ADC policy and will not appear and I want to UN-do this...I already unsuccessfully tried moving the PC to a different client group with a different policy.

Tomorrow I plan to re-install to the same PC the 32-bit client with a different policy that does not block USB drives and see what happens.

I can also make and install a package without ADC enabled...32-bit as the OS on this PC is XP SP3.

I know I'm being picky so I will continue testing etc. and try to post my results here.

Thank you, Tom

Yes, it is dependent on OS. So if x86, it will work. Otherwise, it will not.

It's gonna work fine on 32-bit Windows XP even if the CPU is 64-bit. It is due to some limitations on 64-bit OS - kernel patch protection for example.

I fixed by doing the following:

1) reinstall a client with the correct policy settings, still did not work

2) moved client to a different group with USB enabled, re-enabled the drives

3) moved client back to desired group, drives still worked

Also I added 'Disk Drives' to the USB enabling part so they would work...kind of clunky but it works as desired for that PC...most PCs we do not want USB stuff enabled...

Thank you, Tom

Hello,

I think so your registy key cannot fix itself. Please check this key HKEY_Local_Machine\System\CurrentControlSet\Services\usbstor. in this place start key must be 3

Please check it. And maybe your hard drive cannot take a path. Please rigth click on computer and choice manage. click disk management and be sure your hard drive in there. If havent got a driver name rigth click and change name and path

Best Regards.

Fatih

Hello Tom,

Did you try my suggest?

Best Regards.

Fatih