Endpoint Protection

 View Only
Expand all | Collapse all

Move offline client to another group, not working

Migration User

Migration UserSep 14, 2011 05:55 PM

Migration User

Migration UserSep 15, 2011 07:22 AM

  • 1.  Move offline client to another group, not working

    Posted Sep 14, 2011 02:02 PM

    I am trying to move a SEP11 client (offline, not connected to LAN) to another group using this procedure:

    smc -stop
    replace original sylink.xml with a modified version that contains this line:

    RegisterClient PreferredGroup="the-name-of-the-group-i-want-to-move-to" PreferredMode="1"

    smc -start

    Then when opening SEP GUI, and under Troubelshooting-section I still see the originalgroup, that means the client did not get it.

    Any suggestions?



  • 2.  RE: Move offline client to another group, not working

    Trusted Advisor
    Posted Sep 14, 2011 02:08 PM

    Hello,

    Incase, you open the Sylink.xml file and edit the same, there are very high chances, the file may get corrupt.

    So, I personally would not recommend you to perform this action.

    Otherwise technically, this is where the name of the group should show.

    Why don't you manually Replace the Sylink.xml Or use a Tool like Sylink Drop or SylinkReplacer??

    For SylinkReplacer, check this:

    http://www.symantec.com/connect/downloads/sylinkreplacer-tool-connecting-sep-clients-sepm

    Check this Article for Manual restoring the Communication.

    Hope that helps!!



  • 3.  RE: Move offline client to another group, not working

    Posted Sep 14, 2011 03:04 PM

    Not sure what you're trying to accomplish; since the client is offline, they won't show as moved in the SEPM. Or are you trying to establish communication again?

    Symantec Endpoint Protection Client reverts to old group after being moved to new group with SylinkDrop
    http://www.symantec.com/docs/TECH105886

    (Which version of SEP?)

    sandra



  • 4.  RE: Move offline client to another group, not working

    Posted Sep 14, 2011 05:55 PM

    This.

    James



  • 5.  RE: Move offline client to another group, not working

    Posted Sep 14, 2011 08:18 PM

    When the client is offline it does not report to any group. Since you have replaced the sylink file it must automatically move to the new group once you connect it to the network.



  • 6.  RE: Move offline client to another group, not working

    Posted Sep 15, 2011 01:59 AM

    I do not have access to SEPM, but we usually get help from our Antivirus-dept. when the need for moving from a group to another.

    This time, the pc was moved to an offsite part of our company with no LAN connection at all, before we got the chance to move it to another group.

    Then I got some advice from Antivirus-dept. to do like I wrote first (smc -stop, delete sylink.*, and copy a modified one, then start smc again.

    But the client seems to be ignoring this.  Oh, I forgot - the goal is to put the client in an uninstall-group so that SEP11 can be Cleanwipe'd. It does not work when the client is in the orginal productiongroup.

     



  • 7.  RE: Move offline client to another group, not working

    Posted Sep 15, 2011 02:26 AM


  • 8.  RE: Move offline client to another group, not working

    Posted Sep 15, 2011 03:30 AM

    This is our setup:

    All computers resides in a normal "productiongroup" in SEPM, and when a client needs SEP uninstalled, our Antivirusdept. moves the client to an Uninstallgroup which makes it possible to uninstall SEP using Cleanwipe and a given password that I have.

    If a computer is not moved to this Uninstallgroup, that password will not work. (I once ended up with teeferdriver corrupt because Cleanwipe messed up when not getting correct pw, but I'll leave that for now...)

    Now, when this computer has been moved to another part of our company, and does not have a LAN connection we forgot to have the computer moved to the Uninstallgroup.

    Our Antivirusdept. gave me a possible unsupported solution to trick the client into uninstallgroup by replacing sylink.xml, but the GUI never seems to pick this up.



  • 9.  RE: Move offline client to another group, not working

    Posted Sep 15, 2011 03:58 AM

    ...will do nothing to change the policy applied to your SEP client without a connection to the SEPM.

    Without the policy change, the uninstall password won't change to the one you know.

    Your options are to either obtain the current uninstall password (for the group your client currently resides in), or connect to the SEPM.

    Also note that the group membership recorded by the SEPM takes precedence over whichever group the client think its should be in.  Therefore, if the SEP Client's sylink file says it should be in group A, but the SEPM thinks the client should be in group B, the client will be placed in group B and use the policies from there.  This means you'll need the Antivrusdept to perform the move even if you do manage to connect back to the SEPM.

    As a final note, there was a forum thread here from a week or two back that describes how to remove the uninstall password.  You might want to have a rummage...

    #EDIT# Ahh, here it is... https://www-secure.symantec.com/connect/forums/sep12-requires-uninstall-password-was-never-set



  • 10.  RE: Move offline client to another group, not working

    Posted Sep 15, 2011 04:02 AM

    When you move machines to different group, they get new policy, 

    so other than trying to move the clients to group, we need to have the machine have the uninstall group Policy..(since you gonna remove them, lets not worry if they are communicating or not)

    You need have policy exported and then import it on client machine  ( if its not communicating with the manager )

     

    How to manually apply the policy from a Symantec Endpoint Protection Manager (SEPM) group to an Symantec Endpoint Protection (SEP) Client.

     

    http://www.symantec.com/business/support/index?page=content&id=TECH103129

     

    if u want to uninstall without password, there is the article

    http://www.symantec.com/connect/articles/how-uninstall-symantec-endpoint-client-if-uninstall-password-place



  • 11.  RE: Move offline client to another group, not working

    Posted Sep 15, 2011 07:06 AM

    Would this be a possible solution to get the uninstallpolicy:

    Let antivirusdept. move another pc to the right Uninstallgroup, copy the policy from this pc, to the one that is offline?

    If so, which file/s contains the policy?

    (I get a passwordquestion when trying to Export, therefor would be easier to just copy a file)

     

     



  • 12.  RE: Move offline client to another group, not working

    Posted Sep 15, 2011 07:20 AM

    why u move a machine to unisntall group? to get the policy right..

    what if the client is not communicating with the manager and not taking the uninstall group policy,

    in that case u just neeed to export the policy from the Manager

    and Import it on the offline clients.

    It should be done on the client interface, where it reads and makes the necessary changes, 

    do a search for LSprofile, if u found some where, replace it



  • 13.  RE: Move offline client to another group, not working

    Posted Sep 15, 2011 07:22 AM

    I do not have access to SEP Manager



  • 14.  RE: Move offline client to another group, not working

    Posted Sep 15, 2011 08:34 AM

    You need not have to open the manager, if u are able to browse the folders on SEPM u can pick it up

    or else

    if it prompts for password, just use the password tric thats it..



  • 15.  RE: Move offline client to another group, not working
    Best Answer

    Posted Sep 15, 2011 09:39 AM

    I think I solved this now!

    I copied Sylink.xml & Serdef.dat from a computer that was already in our Uninstallgroup.

    Then on the machine that is offline and has no contact with SEPM, I stopped smc and replaced the original files with those mentioned above.

    Then after starting smc the client's gui seems to believe it is in the uninstallgroup.

    And Cleanwipe could use the known password for uninstallation.

    (I am not sure what serdef.dat is, but replacing only sylink.xml did not work)