Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Can the new version of End Point security not be just installed on the workstation and managed mode selected and pointed to the new central server?

  • 1.  Can the new version of End Point security not be just installed on the workstation and managed mode selected and pointed to the new central server?

    Posted Apr 21, 2009 01:45 PM
    We are in the process of upgrading from MR1 to MR4. The title question is generating some discussions as MR4 appears to suggest that you can set up a 'standalone' workstation as managed mode. Is it the case that in this mode you can easily 'point' it to the SEPM when it joins the domain rather than going through the route of initially setting up an unmanaged client and then importing the relevant sylink file for it to be managed by the SEPM?
    Thanks for any guidance on this matter.


  • 2.  RE: Can the new version of End Point security not be just installed on the workstation and managed mode selected and pointed to the new central server?

    Posted Apr 21, 2009 01:48 PM
     umm...you can set it up standalone as managed mode surely. But, the minute you install as managed mode, the server automatically pushes defs and policies over to the clients.


  • 3.  RE: Can the new version of End Point security not be just installed on the workstation and managed mode selected and pointed to the new central server?

    Posted Apr 21, 2009 01:57 PM
    What you can do is, Create different groups as per you differentiate the clients.
    Now, For this group where you have the clients that are not yet in the domain but will probably join the domain later. Set the policy to be "Client Control" mode. It's effectively what you want.
    Export a package for this group and deploy it on these workstations.
    Change the settings back to Server control.
    Now, When the clients start checking back in again, They would be put into the Server Control mode with the new policies that you have set.

    For the clients that will not join the domain, You can convert them to Self Managed by replacing the Sylink.Xml as they fulfil the criterion of being in client control mode.
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008021910355348


  • 4.  RE: Can the new version of End Point security not be just installed on the workstation and managed mode selected and pointed to the new central server?

    Posted Apr 21, 2009 02:01 PM
    This 'standalone' workstation that I am referring to is in fact a disk image that is being SYSPREP'ed for a corporate rollout. It's ultimate destiny is as a managed client that will be pushed updates from a SEPM. What is the exact benefit of  a 'managed' standalone client?


  • 5.  RE: Can the new version of End Point security not be just installed on the workstation and managed mode selected and pointed to the new central server?

    Posted Apr 21, 2009 02:13 PM
    If you mean what is the benefit of having a client in "Client Control" mode, Its like having a User Managed client much like a "Self Managed" client and when it joins the domain and connects to the SEPM, You take over


  • 6.  RE: Can the new version of End Point security not be just installed on the workstation and managed mode selected and pointed to the new central server?

    Posted Apr 22, 2009 08:56 AM
    Yes Sandeep is right.