Endpoint Protection

Hi,

I would like to know why SEPM used GUI to register client on the console, can it be that even if SEP client has a duplicate hardware ID can it used IP address to register with SEPM?

You can register a client via SEPM console? 

Are you talking about adding client ?

Hello,

Symantec Endpoint Protection is using Hardware ID (found in Symantec registry and program files) as its one of the identifier. 

The sephwid.xml file contains the unique hardware identifier for the SEP client.

SEP clients are identified by this proprietary hardware ID generated at SEP installation. If the hardware does not change, you should get the same ID.

Check this Thread with similar query:

https://www-secure.symantec.com/connect/forums/formatting-client-machines

Hope that helps!!

Hi Rafeeq,

We have 2500 unmanaged computer due to hardware ID issue, we have tried using 

http://www.symantec.com/docs/TECH163349

Registering a client is a complicated process, lets concentrate on the client side. All  you need to do is to delete the hwid and recycle the sep service.

You can script it as per this document. 

Psexec @computerlist.txt -u username -p password cmd /c del /f /s /q "path to delete" will do the job

http://www.symantec.com/business/support/index?page=content&id=HOWTO54706

Using the IP address would cause havoc in an estate running DHCP (which I'm assuming you are using).

The reason for this is that it means when a client machine's IP address changes, they will link into a different client record in the SEPM.  This leads to changing client details (OS, inventory, features, policies, etc) and would results in inconsistent client behaviour and useless reporting.

That said, it is possible to replace the hwid using the MAC address.  Assuming you don't go swapping NICs around on your machines all the time (or use MAC spoofing), these can usually be assumed to be unique.

An example of how to do this can be found below (scroll down to the "Use a startup script to set a fixed HardwareID at boot" section):

http://www.symantec.com/docs/TECH123419

Note that is this specificall for Citrix environments.  Using the instructions described in this article on a different kind of environment may not be supported.

Hi SMLatCST,

We use only static IP address, we do not have DHCP server in our network.

In that case you can try amending the script decribed in the article to use IP addresses instead of MAC addresses if you want.

Just be aware that it will not be supported, and to implement very rigid procedures for IP address management

Dear Jeshrel,

SMLatCST is just giving you an example of why using the IP address as unique identifier is not a good idea, another scenario is when clients are connected via VPN, in other words it is not a unique identifier in all cases.

It does not matter what you use or you don't use in your company, the product has to work in all environments, that's why it is designed to generate a unique HID per each client which is also the primary key in the database table which stores the clients details. That is, you can't change this behavior, this is how the product works.

Hi Beppe,

Thank you for the explanation, appreciate it. Do u have a document that you can help me with.

The reasoning behind using a proprietary unique identifier would require asking the original developers at Sygate (which became part of Symantec back in 2005).

As far as what happens when multiple machines use the same unique identifier goes, one example can be found below:

http://www.symantec.com/docs/TECH97626

Essentially, the HWID must be unique in order to provide accurate management and reporting.  Using IP addresses are more likely to result in inaccurate results because they are not unique.

Hi Jeshrel,

if my understanding is correct, you need to reset the HD ID on 2500 clients, don't you?

If so, you already have the right document: http://www.symantec.com/docs/TECH163349

You may also see what already linked by other members.

Hi, 

Thanks for your help, but do not appreciate the sarcasm SMLatCST.

No probs and apologies for any offence caused.

I wasn't intending to be sarcastic at any point in my post however.  It is unfortunate, but we are unlikely to be able to find out now why SEP is built the way it is for the core functions.  That said, the PM for SEP does visit the forums sometimes, so may be able to provide rationale for the newer parts if you have questions surrounding those.

Hello,

no reasons to disturb Sygate's developers. As explained, it is just a unique identifier that is used as primary key in the client table of the DB. The tecnique used to generate it, based on the MAC and other hardware related ID's, is just a common way in the IT market to generate unique ID's with very small risk that they change over the time.