Endpoint Protection

Hey guys,

Im running SEPM 12.1 server and orginially we were using SEPM groups that we manually created to handle our policys. We recently moved over to our AD structure to handle them and its not working out for the best and we would like to move back to using our manual groups (which have been deleted). Is there an easy way to remove the AD structure and have the clients fill back into the defualt group and i can move them into new groups i create? Thanks for any input. 

-Rich

yes, break the schedule sync with AD. delete the AD groups manually. The clients will report to default group, from there on you can move clients to newly created groups using script or manual process.

Hello,

Once you delete the AD sync from SEPM, all the clients would report to the SEPM's default group in the next Heart Beat Interval.

Once you have them, you can later create new groups and new move the clients to the respective groups manually.

If incase, that doe not occur, you may require the assistance of SylinkReplacer version 12.1 Tool for replacing the sylink.xml file and reprting them to the SEPM machine.

SylinkReplacer version 12.1 Tool is available with the Symantec Technical Support Team. I would suggest you to create a case for the same.

Hope that helps!!

Hi,

You can opt following options after deleting AD synch.

Clients will reappear in the default group as they check in, unless you enable automatic creation of client groups by editing "scm.agent.groupcreation=true" to the conf.properties file

Add "scm.agent.groupcreation=true" line at the bottom of conf.properties

Conf.properties file will be available under C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc

In this way group should automatically created under My company & clients should connect to their respected group.

let me know if it worked.

How do i edit that file, do i have to manually point that file to a program like notepad?

yes, open in notepad. Once adding the line, restart the SEPM service.

Yes, you would have to manully edit the file as per the location adn just add the work TRUE

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc

editing "scm.agent.groupcreation=true" to the conf.properties file

Let me just double check before i go through with this. If those groups that i had originally were deleted after i started using our AD import structure and then I delete the AD structure, when the clients that showed in the AD structure check back in they will recreate and be added to the group they were part of at the start before AD syncing?

Why would i need to run the configuration wizard again?

Hello,

Once you delete the AD sync from SEPM, all the clients would report to the SEPM's default group in the next Heart Beat Interval.

To Delete the AD Sync, here are the steps:

* In the SEPM under Servers
* Right click on the server name and select Edit Properties
* Click on Directory Servers
* Select each server listed and click Delete
* Uncheck Synchronize with Directory Servers
* Click OK
* Wait for the database maintenance task to complete (happens at midnight)
* After a few minutes, go back to the Clients section
* Right click on the top OU and select Delete

The clients should end up in the Default group once they check in again.

Yes,Clients should recreate and be added to the group they were part of at the start before AD syncing.