Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Restart SMC.exe remotely?

Created: 20 Apr 2010 • Updated: 05 Jun 2010 | 34 comments
.Brian's picture
This issue has been solved. See solution.

Is there a way (script?) or a tool out there that will restart smc.exe remotely on a client. I'm making changes to the client remotely and need smc.exe to be restarted in order for it to contact SEPM.

Will PSExec work?

Discussion Filed Under:

Comments 34 CommentsJump to latest comment

Rafeeq's picture

smc.exe is your symantec management client service
you can try net start / net stop symantec management client service

RNishi's picture

I used psexec.
create a *.bat with command:

psexec @test.txt -u [domain\admin user] -n [10] -p [password] cmd
 
Will open command prompt remotely at hosts placed in "test.txt"
you can type the command "net stop smcgui.exe" in directory symantec
blenahan's picture

Even easier, put this in your BAT file.

SET /P COMPNAME=Machine Name:
psexec \\%COMPNAME% "c:\program files\symantec endpoint protection\smc.exe" -p [password] -stop
psexec \\%COMPNAME% "c:\program files\symantec endpoint protection\smc.exe" -start
psexec \\%COMPNAME% "c:\program files\symantec antivirus\smc.exe" -p [password] -stop
psexec \\%COMPNAME% "c:\program files\symantec antivirus\smc.exe" -start

It will prompt you for the machine name when you run it, this way you do not have to edit the script each time to enter a machine name.  I have both types of directories because my clients have one or the other.

Put the psexec.exe in teh same folder as this bat and you're good to go.

It if returns a -0 error, it actually did work on the remote end.  If it says file not found, that is when it tried one of the two directories of which did not exist on the client.

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

.Brian's picture

@ Blenahan

Thanks for the script, very simple. However, I get the following error:

The service cannot be started, eithe rbecause it is disabled or because it has no enabled devices associated with it

I'm researching now, just curious if you've run into this one before

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

blenahan's picture

is remote registry enabled on the clients?

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

.Brian's picture

Yes it is.

I tihnk the problem is because we have psexec blocked via hash.

We had a clampi outbreak last yr and it used psexec to propagate itself across the network so we blocked it

However, it was only for one specific version of psexec that clampi was using. Assuming I can find an earlier or later version, it should work

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

blenahan's picture

Latest and greatest...

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

.Brian's picture

Now I'm getting unknown user name or bad password. I'm guessing it wants local admin creds.

Sorry not much of a scripter, I got a guy here helping me but he keeps running off

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

blenahan's picture

Yeah, sorry I should have mentioned that.  You'll need admin level access to remote workstations when running this.  If you have an elevated account, you can create a shortcut to the BAT and then change the properties of the shortcut to Run with different credentials.  This way it will prompt you for admin credentials each time you run it without having to necessarily login with an admin account to Windows.

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

.Brian's picture

Which is why I'm confused because i'm a domain admin

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

blenahan's picture

do you have a password required to stop the service?  If not, is any part of the -p [password] string remaining in the BAT file?

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

.Brian's picture

No passwords, and no I did not edit your script. Just copied and pasted as is

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

blenahan's picture

That's why.  Take out the -p [password] so that is just says -stop.  I have mine password protected and part of my script.  Yours should then look like:

SET /P COMPNAME=Machine Name:
psexec \\%COMPNAME% "c:\program files\symantec endpoint protection\smc.exe" -stop
psexec \\%COMPNAME% "c:\program files\symantec endpoint protection\smc.exe" -start
psexec \\%COMPNAME% "c:\program files\symantec antivirus\smc.exe" -stop
psexec \\%COMPNAME% "c:\program files\symantec antivirus\smc.exe" -start

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

.Brian's picture

It changed it

I even had to add c:\program files\symantec client security\symantec antiVirus\smc.exe as this is another location

Still says its disabled

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

blenahan's picture

You might still be having issues with PSEXEC being allowed to run.  Their might be traffic blocked from that file and maybe as well as an MD5 hashs block somewhere.

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

.Brian's picture

There is a hash block in place. My understanding is that it was for one specific version of PsExec, the one Clampi was using. And now I can't find our GPO guy. Either way if appears to disabled for all versions, sadly.

I can use dameware ntu but it takes too much time, your script would be quick and easy

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

blenahan's picture

Well, I'm sorry it's not going to work for you.  I'll see if I have something else handy as well.

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

.Brian's picture

Definitely bummed. I tried psservice as well but continue to get errors. Unfortunately, admins at other locations like to deviate from policy and tweak permission, etc. I just don't have the time now to fix what they broke as I'm trying to get SEP rolled out company wide.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

blenahan's picture

Copy the below code into notepad and save as whatever you like WITH A .vbs extension.  Then double click on it.  This one references the static c:\program files\symantec client security\symantec antivirus path you referred to.  Do you clients have other install locations?  I'll get you a new one that scans several directories here shortly.  Try this one out on a machine though.  This will always be dependent on the SMC service NOT being password protected.  If you ever decide to do so, it is a very simple edit to the code.

strComputer = ""
strMsg = "This script will restart the SMC services on the remote machine."
strComputer = UCase(Trim(InputBox(strMsg,"Enter Target Computer Name", strComputer)))
If Len(strComputer) = 0 Then
   WScript.Echo "Machine name not specified" & vbCrlf &  "Terminating Script"
   WScript.Quit
End If

Set objShell = CreateObject("Wscript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2:Win32_Process")
intReturn = objWMIService.Create("c:\program files\symantec client security\symantec antivirus\smc.exe -stop", Null, Null, intProcessID)
Wscript.Sleep 10000
intReturn2 = objWMIService.Create("c:\program files\symantec client security\symantec antivirus\smc.exe -start", Null, Null, intProcessID)

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

blenahan's picture

It kept formatting the code weird and I was afraid it would break up code that needed to be on one line and would causes problems.  Below is the script.  Save it locally and rename it from RestartRemoteSEP.txt to RestartRemoteSEP.vbs

AttachmentSize
RestartRemoteSEP.txt 749 bytes

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

SOLUTION
zer0's picture

Blenaha,

Have you created one that will take a list of IP addresses by any chance?
I used to have a fantastic version a vbs guru wrote for me that would take a list of IP's or comp names, stop smc, drop the sylink and restart smc.
As well as write the results to a log file but have since lost it somewhere :(

Z

blenahan's picture

I have a batch file that does with with PSEXEC already.  If you are in Brian's situation where he can't use PSEXEC, it shouldn't be too hard to get one running.  It might be a couple days as I got something going on, but I can provide you with a VBS if you need that vs. the PSEXEC one.

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

zer0's picture

psexec rules!!
There is no way that is getting blocked anywhere I work  :)

.Brian's picture

Beautiful! Quick, quiet, and easy.....much appreciated, thanks for taking time out of your day to lend a hand yes

Thanks again
Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

And yes, most of my clients have the referenced path in the vbs script but I have also seen the other two paths above in the batch file. I can always edit if necessary or just create two more, one for each path. I'm just excited to be able to do it now!

Thanks

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

blenahan's picture

Ok sounds good.  My pleasure, glad I could help.

_________________________________________________________________

Please remember to mark the thread 'SOLVED' with the answer that most helped you by choosing 'Mark As Solution' on the applicable answer

Paul Murgatroyd's picture

I did this a while ago, no third party tools required.

I wrote a little VBScript that did the following:

Remote Registry connection to remote host to determine correct location for SMC
WMI to run "smc -stop" appending password if required
WMI to wait for the processes to actually stop
WMI to run "smc -start"

it worked very well, I can try and find it again if you want... its been a while...

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

.Brian's picture

@ Paul,

if you can, that would be great.

PsExec is being blocked so I need another workaround.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Cooperfield's picture

Hope you can find that Paul.  :-)  
Thanks, Paul,  blenahan and others.

.Brian's picture

blenahan's script has been flawless for me smiley

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

janub's picture

Hello,

I am facing problems with SEP clinets. After shifting server to different loaction and IP , few clients are gettings updates. It in same LAN and network.
I checked the following

Symantec macnagemet Client Service  cannot be restarted. Its aalready started and Automatic but when right click on this service show all options as faded [ start , stop, pause,resume , restart]. The green betton in the SEP icon in task bas is also not appearing.

I have tried removing using clean wipe and reinstalled it again. Still the same.

Please help me on this ASAP .

With Regards
MJ
mail2janub@gmai.com

janub's picture

Hello,

I am facing problems with SEP clinets. After shifting server to different loaction and IP , few clients are gettings updates. It in same LAN and network.
I checked the following

Symantec macnagemet Client Service  cannot be restarted. Its aalready started and Automatic but when right click on this service show all options as faded [ start , stop, pause,resume , restart]. The green betton in the SEP icon in task bas is also not appearing.

I have tried removing using clean wipe and reinstalled it again. Still the same.

Please help me on this ASAP .

With Regards
MJ
mail2janub@gmai.com

.Brian's picture

Please create a new thread so we can address separately from this one as it has already been solved and might be overlooked

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

JRV's picture

Would love it if we could restart SMC from SEPM.

Well, I haven't installed RU6 yet...maybe we can now. If not, vote here: https://www-secure.symantec.com/connect/idea/remote-smc-restart-sepm