Chicago Security User Group

Anyone know of the limitations of the MoveClients.vbs. I am able to move clients from a "Workstations" group but not from a "Desktops" group. Anyone know if there are character or special character limitations on the script or from the ipgroup.txt?

BTW- I understand the script is not supported by Symantec Tech support

Thank you in advance

I believe the wildcard to use is * and I believe that is the only one. You will need to verify with the PDF file that accompanies the script.

The My Company group is already there by default so you don't need to add it in the script.

What is the error that your are getting?

I had a similar thread in the past:

https://www-secure.symantec.com/connect/forums/moveclientvbs-scripts

You can still call support on it.

Hi Rigo,

MoveClient.vbs is a Visual Basic script which, when properly configured, will move one or more clients from a SEPM group to another group of your choice based on the hostname, username, IP address or operating system of the client.  It also has the ability to switch client mode from user mode to computer mode or visa versa.

IPgroup.txt file contains a list of IP addresses (IP ranges or IP addresses with subnet notation) and group names separated by a comma.  The script will search for clients with the IP address listed and move them to the associated group.

Setting up MoveClient Script:

To Configure the Move Clients Tool:

1. Open MoveClients.vbs in a text editor (such as notepad or wordpad)
2. Modify the DBUser, DBPass, and TempGroupName variables in this script to suit your environment:
   1. DBUser should correspond to the SQL user account used by your SEPM to interact with its database.
   2. DBPass should correspond to the password for the above SQL user.
   3. TempGroupName should correspond to your SEPM's Temporary/Default Group - or the specific group you wish to move clients out of (In SEPM MR3 and above, this should be "Default Group").
3. Save your changes.
4. Open the groups text file in a text editor (see below for different group text files).
5. Modify the groups text file to suit your needs:
   1. Each entry should be on a single line, followed by the Group you would like to move that client into.
   2. The client entry and group name should be separated by a comma
   3. One client entry per line with no blank lines between clients.

The errors on the moveClients.log are as follows:

::Checking for clients to move
  ::Failed to move Client 'xxxxxxxx' User 'xxxxxxx'.  The new group is invalid.
  ::Failed to move Client 'xxxxxxxxx' User 'xxxxxx'.  The new group is invalid.
  ::Failed to move Client 'xxxxxxxx' User 'xxxxxx'.  The new group is invalid.
  ::Failed to move Client 'xxxxxxxx' User 'xxxxx'.  The new group is invalid.
  ::Failed to move Client 'xxxxxxx' User 'xxxxxx'.  The new group is invalid.
  ::Failed to move Client 'xxxxxx' User 'xxxxx'.  The new group is invalid.
  ::Failed to move Client 'xxxxxx' User 'xxxxx'.  The new group is invalid.
  ::Failed to move Client 'xxxxx' User 'xxxxxxx'.  The new group is invalid.
  ::Failed to move Client 'xxxxxx' User 'xxxxxx'.  The new group is invalid.
  ::Failed to move Client 'xxxxxxxx' User 'xxxxxx'.  The new group is invalid.
  ::Failed to move Client 'xxxxxxx' User 'xxxxxx'.  The new group is invalid.
  ::Failed to move Client 'xxxxxxx' User 'xxxxx'.  The new group is invalid.

I like to add that I recently reorganize the Group structure on the SEPMs. I added the xxxxxs for security.

And you removed the "My Company\" at the beginning? The script will automatically add it.

So my clients are landing in the "Workstations" group, but when I go to move the clients I get the errors above in my last message.  I like to add that I recently reorganize the Group structure on the SEPMs. The script moves clients to groups that I have not reorganized, but not to groups that I moved. Yes I removed "My Company\" from the line of IPs etc. xxx.xxx.xxx.xxx/xx,GIS\DC\GBDC. The GIS\DC\GBDC path is underneath "Workstations" group. 

Can you paste just a short portion of your script? Redact whatever you need to or send it to me via PM if you can.

Hi,

This error may come due to typos or if the client is not already in the group.

Also check this article.

How to use SEP11.x Move Client Utility and Subnetgroups.txt script to move clients into a new group.

http://www.symantec.com/docs/TECH97764

' This is a script to Move clients on SEPM based on the IP address, hostname or user name of the client.
' Created by: Elisha Riedlinger
' Last Modified: 10/05/2010
' Version 3.04

Option Explicit

'--------------------------------------------------------
'Set the below values to your database password and username
'--------------------------------------------------------

Dim DBUser : DBUser = "xxxxxx"
Dim DBPass : DBPass = "xxxxxxx"
Dim TempGroupName : TempGroupName = "Workstations"

'--------------------------------------------------------
'Other settings
'--------------------------------------------------------

Dim DomainName : DomainName = "%"
Dim OnlyCheckClientsInTempGroup : OnlyCheckClientsInTempGroup = True
Dim SilentMode : SilentMode = False
Dim EnableLogging : EnableLogging = True
Dim sLogFile : sLogFile = "MoveClients.log"
Dim ConnectionString : ConnectionString = "DSN=SymantecEndpointSecurityDSN;UID=" & DBUser & ";PWD=" & DBPass

Dim TempGroupName : TempGroupName = "Workstations"

Dim OnlyCheckClientsInTempGroup : OnlyCheckClientsInTempGroup = True

If you want to move from other groups, you will need to change the above to False so that it checks the other groups as well.