Hi,
Script will be help full where you can be covert unmanaged system to managed system.
This script work for stop the SEP password after this script will be copy syslink.xml file ,delete hardware id and sephwid.xml.
This Batch file you may be run with help of download https://www-secure.symantec.com/connect/downloads/remotely-run-symantec-antivirus-related-batch-file
@echo off
*****Script for stop Symantec service******
"%programfiles%\symantec\symantec endpoint protection\smc.exe" -stop -p test (Test is SEP Stop password)
*****Syslink File Replace Command*****
Copy "C:\Unmanaged_to_Managed\syslink.xml" "C:\Program Files\Symantec\Symantec Endpoint Protection"
*****Script for Delete Sephwid.xml file for common folder*****
cd\
cd C:\Program Files\Common Files\Symantec Shared\HWID
del sephwid.xml
Cd\
*****Delete hardwareID for registry*****
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink" /v HardwareID /f
exit
Note: After restart the Client System.
Thanks & Regards
Ashish Sharma
good one dear...
Nice Script
Nice Script.
this Script will be work on sep 11 if i want to change in SEP 12,
what's the setting will be added.
You can set the Preferred Group registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\PreferredGroup
The value would be something like: My Company\Accounting\HWID-Fixed
(Note, it is case sensitive).
If you need more information, you can just google that PreferredMode setting.
On the server side, you may also have to enable the communication option under Group -> Policies -> Communication Settings, one of the last ones... I forget the exact name, says something about, "Allow client group setting" (11.RU7? and newer)
I would like to see a more detailed description on why this is necessary. Is it just a one-time issue? Are you using a Virtual Clone? Ghost Image? Or VDI? There are solutions for this "image clones" types of issues so you don't have this problem.
hey.....great scrip, but just a quick question, i'm just going to run the below as a logon script, my question is its automatically putting my clients into the Default computer group, where can i change this, i've setup Test fodlers under this that i want clients to go into?? or do i manually move them?
** Start of script to resolve the Hardware ID issue**
"%programfiles%\symantec\symantec endpoint protection\smc.exe" -stop -p *MY PASSWORD*
REM Wait 120 seconds ping -120 127.0.0.1 > nul
cd\ cd C:\Program Files\Common Files\Symantec Shared\HWID del sephwid.xml Cd\
REM Wait 60 seconds ping -60 127.0.0.1 > nul
"%programfiles%\symantec\symantec endpoint protection\smc.exe" -start
pause
Thanks
The only drawback to this script is that is can only be used on SEP 11.x. That limits its use outside of other versions. However, I still regard this as a very useful script, and I thank you for sharing this. Hopefully others can find it as useful as I did.
waw, good...
The problem with using a script to on SEP 12.1 is Tamper Protection. In 12.1 the Tamper Protection has been greatly revised and will block any script, even running under SYSTEM, from modifying the Sylink.xml or SEP registry keys. If you turn off Tamper Protection via a policy change, then you can get things to work.
I don't know of a way to turn off Tamper Protection through a script (You may be able to do it through GUI manipulation on the client, but that probably won't work well on 'real' end users).
If you do have Tamper Protection disable (or exceptions made), then you can have your script find the Sylink.xml file by checking the SEP client version. I normal yhav emy script read the HKLM\Software\Symantec\Symantec Endpoint Protection SMC\ProductVersion key. If it's 12.1 or greater, check ProgramData (or Documents and Settings on XP). If it's 5.x or 11.x, check Program Files.
It good script. any script which will work in Sep 12.1?
Asihish- Nice Script for manage the systems.
hi,
i am tested in my sep 11 version it's working fine.
The described behavior I have tested with SEP12.1.
I have tested the same now with not upgraded client yet. SEP11.0.6300.803: - if the client window is opened the service Symantec Management Client stopps. Client window is remains opened with the alarm. - smc.exe -p <passwd> -stop works as well.
So it looks that problem is only witth the new version.
It does seem like a bug that you can't stop the service if the SEP GUI is open. However, you may be able to close the SEP Window before you attempt to stop SMC.
I've never done Window manipulation in VBScript. However you might have some luck using the wshshell.AppActivate and SendKeys command ( see details here: http://devguru.com/technologies/wsh/17408.asp ). I believe you can also call an API from VBScript, but I've never done it. (Example: http://www.vbforums.com/showthread.php?t=30664 ). You may also be able to load WMI and close the window through that.
For situations where "window manipulation" is required, I usually use AutoIT ( http://www.autoitscript.com/site/autoit/ ). It has VB like syntax, compiles into an EXE, and provides commands for almost all your automation needs, including window searching, activating, closing, etc.
The details on how to do any of these would be a topic for a separate thread.
Yes, you are able to stop SMC in SEP 11.x and make the changes. However, in SEP 12.1 tamper protection will block you from modifying SEP registry keys and files, even if you have stopped the SEP service using smc -stop. So as long as your have an 11.x deployment, you're good. If you haven't looked into SEP 12.1 yet (maybe you have), the enhance protection is definately worth a look.
What version you are using ?
If you are not using any password you will be remove after (-p <passwd> parameter)
"%programfiles%\symantec\symantec endpoint protection\smc.exe" -stop
Hi Chent,
Yes this script only working SEP 11.x.
because my organization using sep 11.x.
First i am stop the smc service with below command.and after replace the syslink file.
smc.exe -stop -p doesn't work if...
- if the client window is opened
- if -stop parameter is not the last (after -p <passwd> parameter)
We use custom VBScript (compiled to exe) to stop client and delete/reset HwID. Yes we have Tamper protection exclusion for the script to be able to stop smc.
This is my question: How can I stop smc in the script if the client window is opened?
It looks like this script would only work on SEP 11.x.
In SEP 12.1 there are 2 important changs which I believe would cause this script to fail. They are:
hi ashish,
i will try this script.