Video Screencast Help

Replace Sylink

Created: 12 Jan 2012 • Updated: 12 Jan 2012 | 7 comments
james_stevenson's picture
+7 7 Votes
Login to vote
How to use SylinkDrop to make all SEP Clients on the network managed (Alternative to SylinkReplacer)
I regularly use both sylinkdrop and sylinkreplacer to make Symantec Endpoint protection clients managed by a SEP server. Often after a reinstall of the management software it is necessary to capture all machines on the domain to make them all managed by the new installation.

Sylink drop can be used on individual machines to make them managed where as SylinkReplacer is designed to be run from a machine to find SEP clients on the network and force them to be managed. Recently I have found that the replacer tool to be less and less effective at finding clients on the network particularly Windows 7 clients. I have also found the tool to be painfully slow at scanning IP ranges to find the clients in the first place.

As a workaround I have found it much more reliable to use the sylinkdrop tool in conjunction with psexec to set all computers on the network to be managed by a SEP server. To do this you will need to set up a share on the machine you are running the commands from with read access to everyone on the domain.

In this example the share I created was called “sylink” on the server AVSRV001. In the share you need the following files:

  • sylinkdrop.exe (scroll to bottom to find more info)
  • sylink.xml (found in - "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection" copy the file from a working manged client or the server and paste into the folder share)
  • drop.cmd (provided in download)
  • replace_domain.bat (provided in download)

In the drop.cmd file you will need to modify the server and share name in your file to match up with the shares you created. To edit right click and go to edit, also you won't have to run this file.

Once all the above is setup you can use the psexec command (available to download as part of the PsTools package by sysinternals from here)

Then simply run the following file replace_domain.bat

But first -

You will need to modify the server and share name in your file to match up with the shares you created. To edit right click and go to edit.

Also you will need to change domain\username to your domain name and an admin user and you will change password to the password matching the admin user. Now you can run the replace_domain.bat file

The file will enumerate all the computers in AD and then try to remotely execute the drop.cmd command on each of them. This will of course fail for computers which either don’t exist or are not present or switched on, so you may want to make a note of which clients fail (just watch the output of the command to collect these).

Where can I download / get Sylink Drop

Well sylinkdrop is not publically available from Symantec to download, however it is on your installation media in the following folder:


If you have lost your installation media providing you have an active subscription you should be able to log in to with your serial number on your certificate and download the latest version (which will include sylinkdrop).

Comments 7 CommentsJump to latest comment

Srikanth_Subra's picture

Useful Information..

Thanks & Regards,


"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Login to vote
Orient Dawn's picture

not try it yet, but I will, thanks James

Login to vote
james_stevenson's picture

Thanks for the feedback. If anyone has had a negative experience with the script then get back to me and I will try to iron out any problems. It worked on my network environment.

Login to vote
Constantine's picture

nice one

Login to vote
Bijay.Swain's picture

I have used both but prefer sylink replacer .

Login to vote
khurrath's picture
Thanks a lot james,
In your replace_domain.bat you have mentioned password \\* \\avsrv001\sylink\drop.cmd
if i'm not wrong \\* is entire domain, I tried replacing it with Specific OU I wanted to run this script on but unfortunately it didn't connect as it was having space in OU name,
Is there any other way we can specify this to run for particular OU objects ?
Login to vote
Cox4a's picture

enumerating domain....


PsExec could not start \Srv1\sylink\drop.cmd on CLIENT1:

System can´t find the path


Login to vote