SEPM removed from server. How to change clients from managed to unmanaged with selfupdate
due to a problems on the SBS2003 server which also ran the SEPmanager 11.0 console, Symantec was completely removed/de-installed from server.
Clients updated through the server. Now not anymore.
I want the clients to update themselves directly from internet and not look at the server anymore.
As a test on 1 client I ran sylinkdrop.exe and referred to the sylink.xml file (as mentioned in document 2008021910355348)
This article also says that through this action it "will not change the policies that exist on the client".
On the client I see the LiveUpdate service is on manual and so far I don't see that the client is selfupdating.
What further steps do I have to take make clients update themselves straight through Internet.
Any help is welcome.
Comments
Ensure that you have the
Ensure that you have the ability to change settings and run LiveUpdate on the client before changing the client to unmanaged. If you change the client to unmanaged without ensuring that you can change settings on the client , you may need to uninstall and then reinstall the client if you need to change settings in the future.
thanks for quick response
thanks for quick response Cycletech. I read the warning in the mentioned article.
However, how do I verify that Client Settings can be changed.
For instance; when I go to 'Change Settings'- 'Client mangament Settings' the settings on the tab 'Scheduled updates' are greyed out.
Other settings are not greyed out.
I also can run Live Update update from the Configuration screen adjust settings.
Unfortunatly you have to
Unfortunately you have to change your agents to "Client Control" from the Manager.
You can either reinstall the manager and point the clients back to the new server, then change to "Client Control", or uninstall the agents, then reinstall the clients from the CD.
To change the clients
To change the clients to unmanaged without reinstalling you may follow the following link
http://service1.symantec.com/SUPPORT/ent-security....
Replace the Sylink file
PMF,
In SEPM CD1 you will have setup files & folders like Data, SEPM, SEP, SEPwin64 folders.
In SEP folder you will find sylink.xml file . This xml file is unmanaged & will get update from internet.
Regards...
Ramji Iyyer
Ramji, thanks for your
Ramji, thanks for your information. If it is right then the client I tested on should already be able to update itself.
Though I am not sure yet, because of Cycletech´s earlier answer.
Thank you all so far, I´ll keep you informed.!
@ PMF, Ramji's solution
@ PMF, Ramji's solution should work for you. As always test to verify.
Regards,
Thomas
Sylink File
Replace the Sylink.Xml file from the SEP Install Package (Folder )which you have Downloaded or from the Cd.
I followed the procedure as
I followed the procedure as described by Ramji and Shaizad, but in SEP on the client the defenitions are still from 21 july. And SEP says 'no problems detected".
On purpose I waited for more than a week as the 'scheduled updates" in Live update showed every one week (greyed out though).
Also, the Live update button on the left side of the SEP-screen is greyed out and says "your adminstrator locked this feature".
It looks like the client is still 'managed' and is not updating.
You can enable the
You can enable the Liveupdate buton by using the registry key bwlow:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\AllowManualLiveUpdate
If you set the value to 1, the Liveupdate button will be activated.
then you can click on it to run the liveupdate
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
i like the registry key option
I like the registry method
I can query all my clients for the reg value to check if they are updating or not,
Is there anything in the Sym Admin Console to check for the same?
Thanks
Anesh
Steps to ON and Off the Liveupdate
Steps to ON and Off the Liveupdate
1) It is advisable to backup the registry before editing.
2) Click Start > Run > Regedit.
3) In the Registry Editor go to HKEY_LOCAL_MACHINE\SOFTWARE\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\LIVEUPDATE.
4) In the right pane, locate the String Value “AllowManualLiveUpdate”.
5) Double click on the string value and change the Value data to zero.
6) Close the editor.
7) If the String Value “AllowManualLiveUpdate” is not present the you need to create it and you can do this by right clicking in a blank area of the pane and click on New and choose DWORD Value.
8) Name the new value “AllowManualLiveUpdate” ,without the quote marks, you can leave the default value of zero and this will disable the LiveUpdate button on the SEP client GUI. (Note: To Turn ON default value of 1)
9) Close the Registry editor.
10) Open the SEP client GUI and verify that the LiveUpdate button is disabled.
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
I think the registry option
I think the registry option wont be possible if one has lots of clients.
The better option would be you can install a new SEPM on your site ( or if there is any SEPM in you test network ) & you can enable the live update tab & also the scheduling for live update. ( through live update policy) you can export that policy from any of the client that is reporting to the SEPM & then import it on to your client.
But again the easiest and simple would be to install a new SEPM & let all the clients communicate to the SEPM using the sylink replacer make the policy changes & if you want you can again uninstall all the clients.:)
Hi, Could you please Let us
Hi,
Could you please Let us know How amny Clients in total (along with Servers) do you have...??
This is important when it comes to providing you an exact solution... :)
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
hey
Just a piece of advice you can try to replication the sepm and then create a policy for management server list where the new server is the priority one.hope this helps
Would you like to reply?
Login or Register to post your comment.