Video Screencast Help

If I make a managed client into an unmanaged client, will it retain all of the policies...

Created: 07 Feb 2013 | 8 comments

...specifically all of the centralized exceptions that I have defined on the SEPM, or will it all be gone and I will need to redefine it?

The second question I have is, I have made myself an unmanaged client in order to test something, first, the definitions are from Feb 5th, the day I made it unmanaged, 2nd, I can not click on the live update since it is greyed out.

How can I correct this?

Thank you

Windows O/S 7 64 BIT

SEP 12 (The most current one)

Comments 8 CommentsJump to latest comment

.Brian's picture

You needed to set it to Client mode before making it unmanaged. Policies will remain

per this TN

How to convert Symantec Endpoint Protection (SEP) clients from managed to unmanaged without uninstalling and reinstalling

Article:TECH104010  |  Created: 2008-01-19  |  Updated: 2011-09-16  |  Article URL http://www.symantec.com/docs/TECH104010

 

Note
If the communication mode was not set for Client Control in the Symantec Endpoint Protection Manager policies during initial installation, you will not be able to change the local client policies after placing the new Sylink.xml file on the client.

This procedure changes the managed client to an unmanaged client, but will not change the policies that exist on the client. Ensure that you have the ability to change settings and run LiveUpdate on the client before changing the client to unmanaged. If you change the client to unmanaged without ensuring that you can change settings on the client , you may need to uninstall and then reinstall the client if you need to change settings in the future.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

Ideally, what I want is to make it unmanaged, get the most current definitions but KEEP the centralized exceptions.

.Brian's picture

Per the KB above, policies will stay as is when you make unmanaged. So you should be good if you follow it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

HI,

No it's not take centralized exceptions policy.You can manually set exceptions

Check this thread also

https://www-secure.symantec.com/connect/forums/unmanaged-client-settings-grey-out

 

Thanks In Advance

Ashish Sharma

 

 

Rafeeq's picture

if you install a client and then make it unmanged

it will just stop communicating with SEPM but whatever policies it had those will be retained.

if you want to make any modifications in policy in future, export from a  managed client and import it on unmanaged client.

SMLatCST's picture

Perhaps these might be more up your street?

This article talk about how to create an unmanaged client installer with your custom policies in it:
http://www.symantec.com/docs/TECH105498

And this one talks about how to import policies from the SEPM to a SEP Client (if ever you want to make sure the endpoint has your desired exceptions):
http://www.symantec.com/docs/TECH190053

James-x's picture

Hello Bryan S,

Yes, the SEP client will retain all of the policies when you convert it from managed to unmanaged, including your centralized exceptions policy. Should you ever want to test a centralized exception, I find it helpful to create a custom scan, point it to a directory which should be excluded, disable the Scan Enhancements (Memory, Common infection locations, and Well-known virus and security risk locations), and then manually launch the scan. If the exception has been applied, zero files and folders will be scanned.

Second, the most likely explanation for your client falling behind on definitions is that LiveUpdate has not been scheduled within the client. It is likely that LiveUpdate wasn't scheduled when the client was managed, so it's not going to be scheduled now.

To fix this, you have two options:

Option 1:

Switch the client to Client Control Mode (from Server Control Mode) before converting it to unmanaged. This will un-grey most client options.

Option 2:

Schedule regular LiveUpdate sessions on the client before making it unmanaged. The client will retain this scheduling after becoming unmanaged.

Let me know if you have any further questions.

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!