HI There,

I am working on a dos script which besides the other things will have to determine whether a SEP installation is managed or not managed.

I thought I would call reg.exe to query a certain key, but so far I cannot find what key would tell me whether SEP is managed or not.

Is there such a key ?  Any other ideas ?

thanks !

try this key

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink

PolicyMode  1 – means communicating 0- means offline.

https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-few-registry-tweaks

See this articles

SEP Managed and Unmanaged-
To verify a SEP client is managed via script:
   a. If you can check for a value associated with a reg location, you could check for:
  HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\Sylink\HostGUID

  b. If you can't check for a value, then this reg key should still be present only on a managed client, and not an unmanaged:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\Sylink\TechExtensions

What SAV or SEP registry keys can be used audit server and client installs

Guys, thank you but either you info is outdated or something else is wrong. For example on my computer (win 7 64 bit) I have SEP 12.1.4013.4013 installed and HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC  does not have any subfolders.  It has just 3 keys :

(Default)

ProductVersion

smc_install_path

Can you use unamnaged detector?

What does it mean to set a client as an Unmanaged Detector?

http://www.symantec.com/business/support/index?page=content&id=TECH105722

Thanks but this is not what I am aiming at. (not a solution).

a. If you can check for a value associated with a reg location, you could check for:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\Sylink\HostGUID

I have check in My Managed SEP client (SEP 12.1.4) Windows 7 that reqistry key available,It's means it's managed sep client,If it's key not available Will be Unamanged SEP client.

Hi Steve,

You may try to look for the following registry key located below.

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\

The key to check: UseManagementServer

If the value is 0 then the client involved doesn't get his definitions from the SEPM and GUP (as clients getting definitions from GUP has to get an LU Policy which use the Management Server).

So if this key has the value 0 then you can deduct this client is currently Unmanaged, if it's set to 1 then it's by default managed client ;)

Feel free to test it and let us if it's a reliable work around for you.

Kind regards,

A. Wesker

Thank you all,

I found the missing subfolders of SMC. The trick is to open regedit as administrator, otherwise they are hidden.  I hope this note will be my little contribution to the topic.

A.Wesker's idea works like charm - tested.

Again: when you query those keys with reg.exe, call it from an elevated command prompt (unless you are logged in as admin)

Thank you again !

S