Video Screencast Help

Importing & Linking Policies into SEPM with a script

Created: 23 Jul 2013 | 17 comments


I need to make a powershell script that can take .dat policy files from media, import them into SEPM and link them to the correct groups they are supposed to be applied to.

I understand that this can be done quite easily in the SEPM GUI, but I need to make this anyways.

Right now, I'm not even sure if this is possible, so I would appreciate any help. Thanks!

Operating Systems:

Comments 17 CommentsJump to latest comment

Brɨan's picture

Haven't seen this done before. It would require editing the DB itself which is not recommended by Symantec. I suppose you can call support to see what can be done as they probably have the best working knowledge of how to accomplish or recommended way to proceed. Perhaps they even have a tool to do it already.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SMLatCST's picture

"Thumbs Up" to Brian's post above.

This would likely be accomplished via sql scripts rather than powershell.  There are a few articles on the SEP DB Schema out there, one of which can be found below for SEP12.1RU2:

The schemas for other versions of SEP can be found by searching for "database schema" in the below page:

Might be worth having a rummage to see if your DBAs can figure out how to accomplish this.  Clearly, any direct manipulation of the SEP DB is unlikely to be supported frown

Beppe's picture


the SEPM does not have command line options to do those things via a script neither there's a verified procedure to do it by using SQL statements, I'm afraid.



Philip C's picture

Thanks for the answers everyone! You pretty much confirmed what I thought.

However, would it be possible to do something via web services like this?

I can't actually get this script to work though.

SMLatCST's picture

I'd recommend you try sending a PM to; padding-right: 27px; margin-right: 3px; font-weight: 700; line-height: 15px; color: rgb(114, 168, 38); text-decoration: none; font-family: helvetica, arial, clean, sans-serif; font-size: 12px; background-position: 100% -30px; background-repeat: no-repeat no-repeat;">Yoann WYFFELSif you want help with that script.

As far as I can tell, it makes references to a couple of files that are not included in the download.

Philip C's picture

I've PMed that user, but I realise running that script wont work. I'm just trying to figure out how these web services work, because I'm not familiar with them.

Yoann WYFFELS's picture


All scripts (except those I wrote and share on Symantec Community) are included in the "SEP 12.1 RUx - part 2 - Tools" download (provided by Symantec, part 1 is SEP/SEPM setup).

If you don't have it, download it on fileconnect, or contact technical support to have a link.

Once downloaded, you'll find all documentations and scripts in the "Integration\SEPM_WebService_SDK\Sample_Code\PowerShell" folder ! :)

Yoann WYFFELS's picture

Webservices aren't so much hard to run, you'll need to carefully read documentation and do exactly what they tell you to do (and understand the "token" system :p).

In fact, you'll not be able to apply a policy directly into SEPM database. Too much actions have to be done (I already study that point !). The only way, is like you already find: webservices.

Anyway, I'm here if you have some difficulties about installation/configuration.

See you

Philip C's picture

Hi, I found the scripts and tried following the steps in the readme file in the powershell folder. I am not able to get Write-AccessTokenToConfig to work when I try running it though. I have already copied the client ID and client secret numbers into config.xml, as well as the directory of the WSDL files, but the script still won't execute properly. The IP and port #s are the defaults.

Yoann WYFFELS's picture

Do you mean "Write-TokenToConfig.ps1" ?

I can't find any "Write-AccessTokenToConfig.ps1"...

Do you have any errors details ? Do you run with "powershell -STA" ?

Do you configure powershell to run unisgned powershell script ?

Philip C's picture

Sorry, "Write-TokenToConfig.ps1" is what I meant.


I have been able to get the ImportPolicy.ps1 script to work! Now, is there a way link this policy to a group? Or must that still be done manually?


EDIT #2:

I've got that part working too now. This got a lot easier once I found the reference guide =)

Zack123's picture

Sorry for the n00bie question but can you use Web Services to run  scheduled task such as do a full scan on a on a list of computers as you would in SEPM?

Philip C's picture

That could be possible. Check the reference guide for all the available command functions:

Zack123's picture

Thank you Philip C. 

We  still running on SEPM 11 at the moment but will be upgrading soon. I've been looking at the documentation I dont think there is allot of info on the symantec forums yet. But the refrence link you mentioned is quite useful.

I 've managed to locate the webservice command to do what i want:

CommandClientResult  ( @WebParam(name="computerGUIDList") String[]  computerGUIDList,  

  @WebParam(name="scanType") String  scanType  

I Just wasnt sure how to execute or call the command webservice library or if it was only to be used with workflow solution. Looking at the sample code in D:\Tools\Integration\SEPM_WebService_SDK\Sample_Code\PowerShell\CommandServiceTest.ps1

I assume you can use powershell to establish a connection to the web services API?

Yoann WYFFELS's picture

Hi Zack,

All powershell scripts to etablish connection and send commands to webservices are included in SEP 12.1 RUx - part 2 - Tools download.'s picture


I'm running the ImportPolicy webservice method from Symantec workflow but there's an Exception:

The method or operation is not implemented.

Version is:12.1.3001.165

Any clue anyone?