SEP 11 and DFSR Compatibility
Updated: 21 May 2010 | 5 comments
Has anyone been able to confirm that Symantec Endpoint Protection client software can be installed on a Windows 2003 Server running DFSR without causing unnecessary replication?
I am concerned that the software might change the timestamps of the DFSR shared files.
Does anyone have experience doing this successfully?
discussion Filed Under:
Comments
Scotty,
I had SEP11MR3 running on a WS2003R2 server while using DFSR to migrate a user files system. Worked fine.
Loel
We seem to be OK here, too, with SEP11 & DFSR on WS2003 R2 SP2. SEP 11 MP2 MR1 & just upgraded to MR4 & seems to be OK so far.
Somewhere in the documentation, or KB, can't recall, it says to exclude the DFSRPrivate folder for each replicated folder from scanning. This is a nuisance...IMO, SEP should exclude those automatically as it does SMSMSE, Exchange and DC folders.
Thanks for the info guys.
I take it that you've only installed the Antivirus / Antispyware protection and not the Network Threat Protection on the Win2k3 Machines?
Also, do you have any preferred way to exclude the DFSR Private folders?
AV/AS-only here, currently. Previously we had NTP on some of the servers but we've stopped using it in favor of Windows firewall, at least for now. NTP didn't seem to cause any problems for DFSR, however.
I have a Centralized Exceptions policy that excludes the DFSRPrivate folders for each of my replicated folders. That's not a preferred way; it's the only way I know of. If SEP supported Backup Exec-style wildcards, where drive letters and shares can be wildcarded, it would be easier. If SEP automatically excluded DFSRPrivate, that would be ideal.
The gotcha is that while DFS/DFSR makes it real easy to move DFS folders to other servers, and that's handy from time to time, you have to then remember to come back and coordinate the change with SEPM. And you have to remember to add a new Exception every time you add a new replicated folder, too.
Even if they don't automatically exclude DFSR folders, the other thing Symantec could do to make SEPM a whole lot easier to use with DFSR (among many other technologies, actually) is to allow multiple Centralized Exception policies to apply to a single group, much as you can apply multiple GPOs to an AD OU. Because at least in the SMB systems I run, there is a mix of roles on each server, and many of those roles occur across groups. That's real high on my wish list.
How to add Exception for Hidden Folder?
'm trying to set-up a centralized exception on each server for the Dfrsprivate folder, but when I try to add something like e:\groupshare\dfsrprivate, it reverts back to e:\groupshare\*. It would seem that it can't "see" dfsrprivate, so it won't add it. How did you get it to add it?
Would you like to reply?
Login or Register to post your comment.