Video Screencast Help

SEPM removed from server. How to change clients from managed to unmanaged with selfupdate

Created: 22 Jul 2009 • Updated: 21 May 2010 | 15 comments
pmf's picture

due to a problems on the SBS2003 server which also ran the SEPmanager 11.0 console, Symantec was completely removed/de-installed from server.
Clients updated through the server. Now not anymore.
I want the clients to update themselves directly from internet and not look at the server anymore.

As a test on 1 client I ran  sylinkdrop.exe and referred to the sylink.xml file (as mentioned in document 2008021910355348)
This article also says that through this action it "will not change the policies that exist on the client".
On the client I see the LiveUpdate service is on manual and so far I don't see that the client is selfupdating.

What further steps do I have to take make clients update themselves straight through Internet.
Any help is welcome.

Comments 15 CommentsJump to latest comment

Thomas K's picture

Ensure that you have the ability to change settings and run LiveUpdate on the client before changing the client to unmanaged. If you change the client to unmanaged without ensuring that you can change settings on the client , you may need to uninstall and then reinstall the client if you need to change settings in the future.

pmf's picture

thanks for quick response Cycletech. I read the warning in the mentioned article.
However, how do I verify that Client Settings can be changed.
For instance; when I go to 'Change Settings'- 'Client mangament Settings' the settings on the tab 'Scheduled updates' are greyed out.
Other settings are not greyed out.
I also can run Live Update update from the Configuration screen adjust settings.

Thomas K's picture

Unfortunately you have to change your agents to "Client Control" from the Manager.
You can either reinstall the manager and point the clients back to the new server, then change to "Client Control",  or uninstall the agents, then reinstall the clients from the CD.

imagebrowser image

Ramji Iyyer's picture


In SEPM CD1 you will have setup files & folders like Data, SEPM, SEP, SEPwin64 folders.

In SEP folder you will find sylink.xml file . This xml file is unmanaged & will get update from internet.

Ramji Iyyer

pmf's picture

Ramji, thanks for your information. If it is right then the client I tested on should already be able to update itself.
Though I am not sure yet, because of Cycletech´s earlier answer.
Thank you all so far, I´ll keep you informed.!

Thomas K's picture

@ PMF, Ramji's solution should work for you. As always test to verify.


Shaizad's picture

Replace the Sylink.Xml file from the SEP Install Package (Folder )which you have Downloaded or from the Cd.

  1. Open the SEP Folder from the which you have downloaded.
  2. Copu the Sylink.Xml file
  3. Then Go the Machine which you want to make Self Managed
  4. Stop the Smc Service
  5. Start-- Run-- Smc - Stop
  6. Copy the sylink file to the Symantec Endpoint Protection  install Location
  7. By Default it's on C\Program Files\Symantec\Symantec Endpoint Protection
  8. Then Start the Smc service .Start-- Run--- Smc -Start
pmf's picture

I followed the procedure as described by Ramji and Shaizad, but in SEP on the client the defenitions are still from 21 july. And SEP says 'no problems detected".
On purpose I waited for more than a week as the 'scheduled updates" in Live update showed every one week (greyed out though).
Also, the Live update button on the left side of the SEP-screen is greyed out and says "your adminstrator locked this feature".
It looks like the client is still 'managed' and is not updating.

P_K_'s picture

You can enable  the Liveupdate buton by using the registry key bwlow:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\AllowManualLiveUpdate

If you set the value to 1, the Liveupdate button will be activated.

then you can click on it to run the liveupdate

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

v_anesh's picture

I like the registry method
I can query all my clients for the reg value to check if they are updating or not,
Is there anything in the Sym Admin Console to check for the same?


Mithun Sanghavi's picture

Steps to ON and Off the Liveupdate

1) It is advisable to backup the registry before editing.
2) Click Start > Run > Regedit.
4) In the right pane, locate the String Value “AllowManualLiveUpdate”.
5) Double click on the string value and change the Value data to zero.
6) Close the editor.
7) If the String Value “AllowManualLiveUpdate” is not present the you need to create it and you can do this by right clicking in a blank area of the pane and click on New and choose DWORD Value.
8) Name the new value “AllowManualLiveUpdate” ,without the quote marks, you can leave the default value of zero and this will disable the LiveUpdate button on the SEP client GUI. (Note: To Turn ON default value of 1)
9) Close the Registry editor.
10) Open the SEP client GUI and verify that the LiveUpdate button is disabled.

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kavin's picture

I think the registry option wont be possible if one has lots of clients.
The better option would be you can install a new SEPM on your site ( or if there is any SEPM in you test network ) & you can enable the live update tab & also the scheduling for live update. ( through live update policy) you can export that policy from any of the client that is reporting to the SEPM & then import it on to your client.

But again the easiest and simple would be to install a new SEPM & let all the clients communicate to the SEPM using the sylink replacer make the policy changes & if you want you can again uninstall all the clients.:)

Mithun Sanghavi's picture


Could you please Let us know How amny Clients in total (along with Servers) do you have...??

This is important when it comes to providing you an exact solution... :)

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

gilbert08's picture

Just a piece of advice you can try to replication the sepm and then create a policy for management server list where the new server is the priority one.hope this helps