Endpoint Protection

Hello,

I know that a problem such as mine has already been discussed but I have a problem, I would like to move my 2000 clients from one SEPM 11 to another new SEPM 12. I use the following script as startup in a computer GPO :

if exist C:\Softs\sep_12_transfert\transfert4.txt GOTO END


set sylink=\\server\share$\SEP12_Transfert\Ma_societe_Postes_utilisateurs_sylink.xml
set sylinkdrop=\\server\share$\SEP12_Transfert\SylinkDrop_1.exe

:: verification si Windows 2000

ver | find /i "Windows 2000" > nul

if %errorlevel%==0 (
            copy /Y %sylink% "%ProgramFiles%\Symantec Antivirus\"

            ) else %sylinkdrop% -silent -p password %sylink%

mkdir C:\Softs\sep_12_transfert\
echo "OK_3" > C:\Softs\sep_12_transfert\transfert4.txt


:END

My GPO seems to work (the file "transfert4.txt appear) but the client is never moved and I use the sylink.xml as explained in this photo :

And I search to move my computers in "ordinateursTest" OU from old SEPM to the new... but no one is never moved.

Isn't there a legacy between an directory and his "sub-OU" ?

Did you turn off tamper protection on the SEP clients to what the result is?

Hi,

I don't know much about scripting however check path mentioned in this script "

copy /Y %sylink% "%ProgramFiles%\Symantec Antivirus\

Ideally folder name should be Symantec Endpoint Protection.

As a second option you can use Sylink replacer tool to move clients to the new SEPM.

In SEP 12.1 RU2 Symantec has introduced new feature i.e. reset client server communication

Check this article to know more about it:

 https://www-secure.symantec.com/connect/articles/sep-12-ru2-and

About the tamper off :

I thought it was not necessary to disable the tamper off if you used the password with Sylinkdrop.exe, I haven't disable it for the moment but it should be a possibility.

About the script :

I have checked the path and it's the good on. It's for a Windows 2000 OS and it seems that the link is different than other OS.

About the SEPM, I have currently the 12.1 RU1 thanks to the portal https://my.symantec.com , I have searched to have the RU2 but I haven't found it for the moment.

I think I've finally found the RU2 installer/updater. I'll update my SEP and try it and I'm gonna feedback you.

You are not stopping the service.

You cannot replace the Sylink file with the service running.

Nice script though.

Just add into it a net stop smc.exe and a net start smc.exe and that should allow you to get the sylink.xml file replaced on your workstations.

For sylink replacement to work you need as mentioned stop the SMC service and disabled Tamper Protection if it is protecting these machine. The easiest way - upgrade to 12.1 RU2 and the you can use the Communication Update Package Deployment:

https://www-secure.symantec.com/connect/articles/sep-121-ru2-and-reset-client-communication

Thank you Jason. I have made several versions of this script, and yes, stopping the smc.exe seems to be safer than to keep it working.

I've upgraded in 12.1RU2 and use the "Communication Update Package Deployment" given by Chetan and it's the easiest way. It nearly works but there are some last problems :

1 - Users have a pop-up asking them to enter the password despite I entered a password to stop the client in the "Reset Client Communication" process.

2 - the "browse network" list seems not to be very reliable because when I choose my computer in the left list, and push the toggle button, the IP is good, but the hostname is false but it's not very important, because it seems to be only for this screen.

Ok, sorry for the double post, I think I have resolved a part of my problems.

About the Browse Network, it come from my DNS servers which aren't very clean (another project). And for my problem about the password pop-up, maybe I only have forgotten one time to write the password, because I tried on test computers and no more problems.

But now I have a new problem. Many computers are linked with my new SEPM via "Reset Client Communication" process. But they are always considered as "offline" in the SEPM as if they were not linked with the new SEPM.

Hi

For the new server the IP address / Hostname would be different

Regards

I don't understand why you don't use the new feature included on SEPM 12.1 RU2.

You have now the possibility to deploy only the communication settings and it's very easy and useful as long as you have a SEP 12.1.671.4971 (RTM) client installed minimum as on the previous version SylinkDrop.exe are not installed on the client.

The nea feature runs in fact a remote action on the SylinkDrop.exe present on client side to update their Sylink.xml.

Advantage of that is simply that you don't need anymore manual actions on client side and you get straight away confirmation from your SEPM if the communication settings have been correctly updated or not.

You don't need to deactivate Tamper Protection as the native process involved for this feature is already trusted by design.

If you get an error message when the update of communication settings fails, feel free to let us know as there are already some of them very known and solutions can be provided.

In order to ensure that it works, pre-requisites of Deployment and Migration Client Wizard should be respect as usual.

TCP 137, 138, 139 and 445 on both side should be opened.

I know that it may sounds annoying to open Netbios ports for many customers for security reasons but if you perform some research, you could find alternative solution for deployment (Altiris, etc ...)

Kind Regards,

A. Wesker

For Sameer,

Yes the server IP/hostname is different, but it's not important in my case.

For Wesker,

Now I use it. Yes, in first I've used the Sylinkdrop.exe file because I didn't know the existence of this new feature, I had my SEPM in 12.RU1 version and clients in 11RUxx. That's why I used a script.

I've updated to SEPM12.1RU2 following Chetan's advices, and I've used the new feature. And it works almost perfectly : although my clients have been moved and 80% of them are considered as "offline" in my SEPM, while the included deployment tool gave me a "green" deployment status and communication update status. (I've used the "computer mode" if it's important.)

I've verified about ports between the server and the clients, and these ports are opened.

Of course I have some problems in deployments too, but I think it may be due to another thing (about 3% of our computers).

Regards

So I've updated in 12.1 RU2 and use the new feature.

And it works ! Thank you !