Endpoint Protection

 View Only
Back to Library

Don't miss a scheduled scan again 

Jul 14, 2009 11:43 AM

What is it all about?

The ability to perform almost all tasks in the client computers from a remote location had been a biggest boon to Administrators. Endpoint Protection makes it possible to schedule full scans and LiveUpdate at specific time. Some clients miss the scheduled tasks because they maybe turned off by the users. Turning on every computer manually is a tough task. In this article, I am going to speak about how we can workaround and still make the life of administrators easier.


What would I need?

You would need a ATX motherboard with WoL connector, a NIC card with WoL support, Wake-on-Lan Utility, Latest version of Endpoint Protection Manager(MR4 and above) and a computer that is online atleast at the scheduled time(Allow me to suggest let this be a server) and finally Microsoft Excel to make life even simpler. In addition to these, you need to determine the MAC addresses and the Multicast IP(usually the last IP address in your network - x.x.x.255. In this example I am using 10.10.20.255)

How to do it?

  1. Enable WoL in the BIOS.
  2. Grab a copy of WoL tool from MatCode.Com.
  3. Save it to C:\Windows\
  4. Get a list of MAC address. In Endpoint Protection Manager, pulling a report on the client inventry will get you the MAC addresses. Discussing about this out of scope of this article.
  5. Open a new spreadsheet in Excel.
  6. In sheet1, gather all the MAC addresses in Column A, one on each row.
  7. In sheet2, on row 1 of column A, type ="mc-wol " & sheet1!A1& "/a 10.10.20.255"
  8. Drag the first row to autopopulate for the remaining MAC addresses
  9. Save the spreadsheet as "wake-up.txt" type:Text (MS-DOS)
  10. Open the file in notepad and check if it is exported correctly, save the file again as "wake-up.bat" in C:\Windows
  11. In a command prompt, type at 02:00 wake-up.bat /every:M,W,F
  12. In the Manager schedule the scans or LiveUpdate with a difference of 15 min. In this case, I configured at 2:15 every Monday, Wednesday, Friday of the week in the Antivirus and AntiSpyware Policy.

I hope this article would help you to make your Boss happy! :)

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Migration User
Jul 19, 2009 10:37 PM

Since we have more than 10,000 computers..
this would be very helpfull...
thanks..

Migration User
Jul 17, 2009 09:25 AM

we can't use it as in our enviroment if a client if off then it means it is totally powered off and not pluged to ac outlet.

Migration User
Jul 14, 2009 09:01 PM

Great idea, BharRie! (Still needs to be built in to SEPM IMO...if you agree, vote here: https://www-secure.symantec.com/connect/idea/add-wol-sepm)

Regarding step 4, "Get a list of MAC address. In Endpoint Protection Manager, pulling a report on the client inventry will get you the MAC addresses. Discussing about this out of scope of this article.", please elaborate, out of scope or not. Because in SEPM 11.0 MR4 MP2, the only "Client Inventory Report" (under "Computer Status") that I see gives me pie charts showing distribution of OS versions, CPUs, RAM, disk space, and other mostly useless trivia. But it is completely free of MAC addresses.

I did search for a SEPM report that would give me MAC addresses for a similar WOL effort a short time ago, but gave up before finding one. (One can export DHCP-assigned addresses from the DHCP console, but in a large system that could be a lot of work, too.) (Though there might be a way to automate it with WMI...hmmm...) (Anyway, that's enough parentheses for one paragraph.)

Tip: CMOS settings, including WOL, can be set centrally on most enterprise-type PCs. For Dell Optiplexes or Latitudes, for example, it requires OpenManage Client Instrumentation to be installed. It's installed with the factory config, or you can download it as an MSI file and install it by Group Policy or the push install method of your choice. Then, WOL can be enabled with a WMI script (useful with Group Policy Startup Scripts, which is how I do it), or (if I recall...don't have it in front of me ATM) through OpenManage IT Assistant.

Related Entries and Links

No Related Resource entered.