Endpoint Protection

We have someone with an agency notebook who doesn't bring the notebook to work...

Can I set up the managed client to call Symantec for updates if it can't call the SEP server??

OR How do I change the existing managed client to an unmanaged client?? -- this would be easier than re-installing an un-managed client.

Thank you, Tom

Yes setup the LU policy to go to symantec when offline usign location awareness.

You can setup two locations, one for on network and the other for off network.

Create two LU policies, one for off and one for on. Assign the different policy for each location.

Setting up Scenario Two location awareness conditions

I know what you mean about LU policy -- is this set within the client computer per se?? or on the server??

Would you please refresh my memory where this LU policy is configured??

Many computers never leave the domain...

Thank you, Tom

Needs to be done via the LiveUpdate policy from within the SEPM.

On the Schedule tab, you can configure a download schedule for when off network. Just the off network policy to the off network location.

When the client is off network (location awareness) it will use the off network LU policy

If you make it unmanaged, you lose ability to centrally manage it, which makes it a pain

You can put that machine to a new group in SEPM which has automatic liveupdate enabled with a schedule

If you want to make it as unmanged then you need to import the Sylink from CD1 ( SEP) folder

To convert the Symantec Endpoint Protection clients to unmanaged after they have been installed as managed

1.Locate the Sylink.xml file that is located on the installation media in the SEP folder.
2.Copy the Sylink.xml file to a location that is accessible to clients on the network.
3.In the install media, navigate to \TOOLS\NOSUPPORT\SYLINKDROP.
Run SylinkDrop.exe on each Symantec Endpoint Protection client that needs to be converted to an unmanaged client. Additionally in SEP 12.1, you can import the Sylink.xml file from within the client interface by clicking Help, then Troubleshooting, then clicking on Import under Communication Settings.
4.To prevent the client from switching back to managed, ensure that the sylink.bak file on the SEP client is deleted

opem

sepm

policies tab

select liveupdate - create new liveupdate policy

select symantec server, 

put a schedule

apply it to the group where the laptop resides, more on LU policy here

http://www.symantec.com/business/support/index?page=content&id=TECH178257

Hello, 

You can accomplish this by creating new location and create new LU policy and new LU polciy you should mention take update from Internet and apply this policy at new location.

Note  you must create a switing polciy between two locations.

Regards

Ajin

I think the sylink method may work better, the LU policy appears to completely replace updating from the SEP server and I don't want that.

Thank you...

create a new group, move the client, 

create  a new liveupdate policy with liveupdate server selected ( internet) apply it

or

make it unmanaged you will have full control over  SEP

You lose visibility by making unmanaged and there used to be a procedure with steps on how to do it but Symantec now just recommends uninstalling and installing the unmanaged client from the download ISO

@_Brian: Is the unmanaged client this one from the download site??

Symantec_Endpoint_Protection_12.1.4_Win64-bit_Client_EN.exe

If so, that is sufficient though I must check what's installed in the laptop...

Thank you, Tom

Yes, it is.

How excellent.

I think that's what I'll do.

Thank you, Tom

Sounds good :) enjoy the rest of the day!