Endpoint Protection

I have one symantec Management Server at primary location (Hyderabad) and I have installed site servers in Delhi, Bangalore and Pune. We have installed 50 machines in each location. All the 150 machines are reporting to primary location (Hyderabad). However, when we look at Delhi location, it shows Delhi machines as well as other 2 location machines (pune and bangalore) and the same is reflecting when we check other locations also (In pune location it shows bangalore and delhi machines and In bangalore it shows Pune and Delhi machines. 

But we want the respective locations to show its machines (50 each) and all 3 location machines should be reflected in primary server. Please assist. 

So you have replication setup. You need to edit the management server list to set Hyderabad as Priority number 1 and set all the others as Priority 2. Once the clients pick up the policy change, you can shut off the SEPM service on the others so that the clients go to your priority 1 server. Once they migrate over you can decom the remaining SEPMs if you wish.

Soooo, my interpretation of your post is that you want only Pune clients to show up on the Pune SEPM, only Delhi clients to show up on the Delhi SEPM, and for all clients to be visible from the Hyderabd SEPM.  Is this correct?

If so, please read on...

When replication is enabled, all SEPMs are aware of all clients.  Replication always sends around current data about all managed clients (see Q3 of http://www.symantec.com/docs/TECH93107 to see confirmation of what gets replicated).

You can restrict or filter what your admins can manage by using Administrator (note, not System Administrator) accounts, which can be granted or denied access to specific SEP Sites if you so wish:

http://www.symantec.com/docs/HOWTO81226

Though you could accomplish the same level of separation (and more) with SEP Domains instead:

http://www.symantec.com/docs/HOWTO55042

Exactly SMLatCST.

How to setup like that?

Hi,

What i can understand from your post is that all your SEP clients should communicate to their respective SEPM only and should also been seen in main Hyderabad SEPM.

So what you need to do is remove every replication partner using the SEPM admin tab so that all SEP will report to their repsective SEPM only.

And then add replicatation parner to main SEPM, so that every SEP clients will be replicated to main Hyderabad SEPM.

Here's article for your reference -

https://support.symantec.com/en_US/article.HOWTO81215.html

Essentially, what I'm saying is that you already have everything you need (in terms of replication) setup.  All you need to do is to change the kind of SEPM accounts you give to your engineers managing the Pune, Delhi and Bangalore sites.

Choosing the right kind of account (as per the links I provided before) allow you to filter what the engineers can see.

I have setup the management servers like this on hyderabad and delhi_banking locations.Now hyderabad clients reporting to hyderabad site(online)(srv-kdms-hydav-192.168.84.91) and the clients reflecting to central management server(online on remote site)(srv-kdms-av-192.168.84.3) and delhi_banking client reporting to delhi_banking site(online)(srv-kdms-dlav-172.30.12.130) and the clients reflecting to central management server(online on remote site)(srv-kdms-av-192.168.84.3).Now how to setup the central managemt server list(global)?

Regards,

Harsha

Have you had a chance to through my previous posts by any chance?

You don't need to do anything extra to get management working across the estate.  Just using the default Management Server Lists would have worked just fine.  For example: after a client reports into srv-kdms-hydav, the client will appear on the consoles of all other SEPMs after replication is complete (i.e. after srv-kdms-hydav tells the other SEPMs about the new client).

Similarly, if you issue a command to the new Hyderabad SEP Client from srv-kdms-dlav or srv-kdms-av, the client will get the command after either of those SEPMs replicate with srv-kdms-hydav.

Your OP appeared to be regarding restricting the view of SEP administrators to just the clients in their respective sites. To do so, please follow the articles I linked about creating them as Administrators or Limited Administrators, but not System Administrators.

Ok

I have setup like this.When i am trying to install client the client is going to my company default group some time directly banking folder in central console.The client should go the remote server and it will sit on delhi banking folder.I don't know why it is shoing in central console.

Please assist. 

​

If you want clients to be automatically added to a specific group on install, then just tick the "Add clients automatically to the selected group" checkbox when creating the client install package, and select the group.

The MSL's you're looking at can be embedded in the client install package, but have no influence over which group the client appears in.

And just to reiterate one last time, no matter where you install the client, all the SEPMs will know about them and display them if you're replicating.

At this point, I'd highly recommend you enrol on the online training offered by Symantec, or perhaps reach out to a Symantec Partner who can set this up for you, as providing very specfic instructions via the forums may not be the most efficient or effective way of getting to know the product.

More on Symantec's online courses can be found below:

https://www.symantec.com/content/elibrary/selibrary.html