Endpoint Protection

I've looked around here for this answer, and only seen a few suggested that were close or for the wrong version.  (Seems that 11 had a good tool to find unprotected computers, and was removed.)

My clients are synced with AD, (I hate that you can't deploy from there though) I can see all of my computers from each OU.  That part works fine.

I need to export a list of the computers that have yet to have SEP installed.  I have tried the monitors, log, and computer status.  1. It only lists clients that have SEP installed already, 2. I have 2 sites, and 2 domains.  Even when I specify in advanced filters to only use one site, and one domain.  It still lists every computer that has SEP installed.

From what I see monitors and logs only see clients, not unprotected computers.  Even if there are listed in an imported OU.

For those that must ask why.  (Why ask why anyway?  I need a list, why?  Because I need a list.)  I need a text list, I use in one of my ping scripts, if the computer is online, it outputs to a text file.  That text file appears to be the most efficient way to install SEP.

So pull a list from SEP, import that list into SEP, deploy.  (Sounds funny doesn't it?)

Thank you.

Chris

IT - need a sense of humor, if you're not having fun, you're doing it wrong.  Or you need to find another profession.

Best bet is run this script against your OUs:

http://gallery.technet.microsoft.com/scriptcenter/Symantec-Endpoint-8e47c450

You won't get much help from the SEPM unless you setup unmanaged detectors to find devices without SEP.

Are you using SQL or Embedded DB?

If you are using SQL and have Management Studio Installed

Check the SEM_Client Table

The colum Group_IS_OU 

0 meaning client is from AD and has SEP installed

1 client is Synched from AD but do not have SEP installed

Select Group_IS_OU ,Computer_Name from dbo.SEM_Client

Here is the entire schema

http://www.symantec.com/business/support/index?page=content&id=DOC6039