Endpoint Protection

Hi,
i got problem here
we are rollout new client on SEP MR4 MP2
first we try to install default group package in all branches but i got traffic issue in our envoriments so network manager ask me create specific package for specific branch then i create all package for rollout branches then they will move and get gup policy automatically from package.But some how it will not happened i got issue here that client automatically switch to user mode and they move into different group now we install any client it will switch to user mode and go to the different group.even now we install the defualt package which was using before these as well behave same like switch to user mode and not go to default group move to that group which was i created yesterday.
so please ist any one there how can help me in this.
my email is 
altafm.c@alrajhi.com.sa
g_shock_mak@hotmail.co.uk
makdaone@gmail.com  

Do you have a replication setup here? if yes then this could be happening because of that.

If--

• You use Groups imported from OUs, and
• Your imported OUs include user OUs, and
• The original SEP client still shows up in its original Group, although offline

--then this sounds a lot like a longstanding problem that's been discussed elsewhere here. Specifically:

https://www-secure.symantec.com/connect/forums/ad-integration-sep-groups-computers-moving-themselves-around

If those are your symptoms, there is no fix yet. But there is (finally) a workaround in MR4 MP2, as described in the other thread.

Also note that the README does not thoroughly describe the problem or its symptoms. The trigger need not be a hardware change...it can be caused by lots of common scenarios. And if your OU import includes OUs in which logged-on users are located, the client will not be in the Default Group, it will be in the user's OU/Group. But there's at least one user here who reports that it works with the Default Group clients.

From the README's description of the workaround, I'd bet it won't work if you have user OUs imported into SEPM. It looks like it only works for clients in Default Group.

NO we have only one server but different admin is using what i belive may be some admin change some policy is there any option in policy where we can chnage this in SEPM.
thanks for all replys.
i am still searching sloution.

yes there is duplicate of user some are in computer mode and usermode mostly computer mode is offline and user mode is online with green dott
thanks for you reply.

After long search i think some admin sync AD with sepm as Jeff Vandervoort told me about OU sync with SEPM so now how can i disable this sync OU with AD
Package is created in computer mode they showing as offline and policy is applying throw user mode they appear with online and with green dots.
Is it anybody now how can i disable this AD OU sync in SEPM i want use spem stand alone I don’t need that spem applying policy throw AD because of this sync OU with AD duplication happen

Mohammad, I think you have 2 options--

1. If--

•  Your AD OU structure is designed so that OUs containing users are separate from and not descended from OUs containing computers, and
• You don't intend to use User mode for anything, and
• You want to continue using AD OUs as your Groups and don't want to have to redesign SEPM installation around non-OU Groups

--then record the Policies that apply to each Group, delete the OU-imported Groups at the top level in SEPM, and re-import only OUs whose contents are computers. Then re-apply Policies to the Groups. Thereafter, the occasional duplicate client (after a Windows reinstall, for example) will still land in the Default Group, but the workaround described in the README will take care of it pretty quickly. You can set up a Notification whenever a Client is added to Default Group so you know to take care of it.

2. If you want to start over, do as I described in this comment: https://www-secure.symantec.com/connect/forums/ad-integration-sep-groups-computers-moving-themselves-around#comment-2437891. You won't have the duplicate client problem any more, and will still have a crude form of AD-integration.

I'm told by Symantec support that MR5 will include a SEPM database redesign, and by context, it was hinted that it is created with an awareness of this issue. So there's hope on the near horizon if you want to keep your AD-integration. Had MR4 MP2 been available 6 weeks ago, I'd probably have kept my OU/Groups in anticipation of MR5. Since I've already blown them away, I'll probably leave them blown away until MR5.

Today i delete directory server configuration in sepm what i see the user coming in default group with computer mode but i am not really sure that work same like before i just look on default group when I was leaving my office. Let me see tomorrow its work or not i delete directory server configuration in sepm server.

Still the same
what I see in my SEPM
I recently move client to default group then all the new client come to default group.
Then I move client to specific group, after that what I see next day the last client I move into ABC123 group all the new client move into ABC123 group and switch into user mode.
Any solution
 

Hi All,
I have a problem here i want to moved some users are moved in a group automatically and also if i am creating a user i want to move this user in a group automatically.
And one problem is also there in my company there are 2000 computers but some desktop hs benn shutdown for abow two month i want to find on the server 2003 which desktop not communicate with server how can find in the server. please reply me anybody............. bata de bhai m,