Endpoint Protection

I'm in the process of setting up a test environment where I will need to deploy a SEP 11 MR5 client for virtual desktops from within a VMware View master image? Has anyone performed this already? Are there any best practices for configuring SEP 11 MR5 clients in this environment? Any input / suggestions / recommendations are appreciated. Thanks.

We are just starting to use VMware view here and haven't crossed this bridge yet, but I'd imagine it can't be that much different then using something like Ghost to image computers, which I have people here using and they don't seem to have any trouble.

With this in mind, I think that as long as you're using a recent version, you can install and manage it as usual in the master image and things will be fine on the SEPM end. VMware view and hard drive imaging techniques are about the same thing as far as SEP is concerned.  Just beware, you're going to create a lot of orphaned entries in SEPM--esspecially if you use non-persistent desktops and delete the machine after the first use.

See here for details regarding imaging with SEP, the important part is copied below.

"Releases prior to MR3 required that the HardwareID be deleted by following the instructions below in order for a unique id value to be generated. MR3 and greater will dynamically generate a new HardwareID value based on the MAC address of the new machine to which the image is deployed."

Hi,

The most important thing to consider while doing this type of deployment is to make sure that the clients will generate a new Hardware ID whil registering with the SEPM.

You will need to ensure that the Symantec Endpoint Protection (SEP) client does not communicate with the Symantec Endpoint Protection Manager (SEPM) prior to and while creating the image. Once the image is applied to a new system, the client will generate a unique id value, check in with its SEPM and register. During the registration process the SEPM will register all necessary client information into the database.

If the SEP client has already checked in and registered with the SEPM, you will need to delete the following registry value prior to creating the image:

HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID

This value will regenerate the next time the client loads.

REF: http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/d84071c5137d6d318825738a00663b8d?OpenDocument

Best,
Aniket

Doesn't that link say that the latest versions don't require removing the hardwareID if the mac address changes?

Provided the MAC address changes you should not have a problem, unless you are joining the computer to a domain before imaging...

In any case, it may be best to run a tool such as newsid from technet (Microsoft tool) to generate new GUIDs everywhere before using the cloned VM images.

Hi all, I want to make sure everyone knows we made some changes to how the HardwareID is generated in RU5.
First of all, the HardwareID is no longer based on the MAC address.
Second, the HardwareID is now stored on the disk under: %Program Files%\Common Files\Symantec Shared\HWID\sephwid.xml

If you are cloning a machine, either physical or virtual, it's best to delete the hardware key before you clone the machine.
Also, if you want machines to join a specific group inside the SEPM server, make sure the "PreferredGroup" registry keys is set to the group you want them to join. You can set this registry key manually, or depending on how you created your initial client install, it may be set already.
Check out this article for more information.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/452a6f0b88a8e3ac882573a90068c482?OpenDocument

Thanks for that information.  I've shared it with my admins who use imaging software for deployment.

Hi Aniket,

Thank you for your reply to my posting. I appreciate your input to help me address this scenario.

Hi Eric,

Thank you for sharing your information / knowledge. I appreciate your input / assistance.

Hi Ghent,

Thank you for the information that you provided in response to my question. I really appreciate it.

 

Hi Jeremy,

Thanks for your response to my question.

Does anyone know if this applies to rolling out SAV 10.1.9.9000 or if there are best practices for this version and VMware View?

Configuring Symantec AntiVirus for deployment as part of a drive image
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005092215503348