Data Loss Prevention

 View Only

  • 1.  Script to change server name on clients

    Posted Apr 02, 2012 08:39 PM

    We use SCCM to deploy our DLP clients and hardcode the server at that time.  Eventually hundreds of these clients will get redirected to a different server for load balancing.  I'd like to deploy this using a script using the update_configuration.exe utility.  Could anyone share a scipt they've used to do this?  Thanks for your time. 



  • 2.  RE: Script to change server name on clients

    Posted Apr 03, 2012 02:04 AM

    isn't it possible just to use the update script from the agent installation package to change the server ? 

    just state in the script the new server that you want to use.

    the update_configuration.exe utility must be used localy from the agent folder.

     

     



  • 3.  RE: Script to change server name on clients

    Broadcom Employee
    Posted Apr 03, 2012 05:05 AM

    If you are using DLP 11.x, then, you can change the Endpoint Server of your DLP Agent just from then Encorce Consule UI.



  • 4.  RE: Script to change server name on clients

    Posted Apr 03, 2012 10:03 AM

    Not sure what you mean exactly.  My update script to do the original install or an update script that Symantec includes somewhere in the install that I'm not finding?  Changing the server on the fly may require stopping and starting of services not to mention a reboot possibly? 



  • 5.  RE: Script to change server name on clients

    Posted Apr 14, 2012 06:18 AM

    Hi Phans,

    Yes definitely you can change the Endpoint Server of your DLP Agent as per Yang_Zhang,

    but if you have older version clients just create DNS Alias for host name that server.

    I tested in our test LAB, your all Client definitely contact to newer server.

     

    Thanks,

    Manoj



  • 6.  RE: Script to change server name on clients

    Posted Jun 19, 2012 01:28 PM

    Sometimes you will have agents who lost the connection to the EPS Server. So the only way to change the EPS without the need of reinstallation is to use the update configuration utility , assuming that you set up the same encryption key on the new EPS Servers.

    I  used the sysinternal utility psexec to run that remotely. You can run the following script with administrative rights, where the Hosts.txt file contains the list of the hosts that you want to change. "server1" and "server2" should be replaced with your prim. and sec. EPS servers you want to set to your agent. Note that the update configuration tool needs to be run from the installation directory of the DLP agent..

    @echo off
    for /F %%i in (Hosts.txt) do (
    REM Copy the tool to the remote computer
    copy update_configuration.exe "\\%%i\c$\Program Files\Manufacturer\Endpoint Agent"
     

    REM Change the EPS of the agent
    PsExec.exe \\%%i "C:\Program Files\Manufacturer\Endpoint Agent\update_configuration.exe"  -name=AggregatorCommunicator -setting=AggregatorHost -type=str -value=server1
    PsExec.exe \\%%i "C:\Program Files\Manufacturer\Endpoint Agent\update_configuration.exe"  -name=AggregatorCommunicator -setting=AggregatorHost2 -type=str -value=server2
     

    REM  Delete the tool from the agent
    DEL "\\%%i\c$\Program Files\Manufacturer\Endpoint Agent\update_configuration.exe"
     

    REM restart the EDPA service to enable the agent to connect to the new EPS
    sc \\%%i stop edpa
    )

     

     

     



  • 7.  RE: Script to change server name on clients

    Posted Jun 20, 2012 04:23 AM

    DNS Alias is a good suggestion. You may want to add the below registry keys as well, in case you are using DNS Aliases:

    DisableStrictNameChecking - http://support.microsoft.com/kb/281308

    DisableLoopbackCheck - http://support.microsoft.com/kb/896861