PIXNET Logo登入

里歐's 布拉格

跳到主文

生活543

部落格全站分類:不設分類

  • 相簿
  • 部落格
  • 留言
  • 名片
  • 12月 06 週一 201010:08

  • [Symantec] Reset Symantec SEPM Pasword

This tool is to help you reset your SEPM password when you forgot your password.
http://www.symantec.com/connect/sites/default/files/SEPM11_password_reset.zip
 
@echo.
@echo Password reset script for: Symantec Endpoint Protection Manager 11.0
@echo.
@echo After running this script you can log in once with the password "symantec".
@echo (SEPM will prompt you to change the password again after the first login.)
@echo.
@echo.
@pause
(繼續閱讀...)
文章標籤

里歐 發表在 痞客邦 留言(0) 人氣(124)

  • 個人分類:Symantec
▲top
  • 6月 02 週三 201015:42

  • Migrating to Symantec Endpoint Protection 11.0 RU6

Migrating to Symantec Endpoint Protection 11.0 RU6
WebPage : http://service1.symantec.com/support/ent-security.nsf/docid/2010041310404248
Question/Issue:
This document describes how to migrate to Symantec Endpoint Protection 11.0 Release Update 6 (RU6).
Solution:
Before you begin
This section gives the information that you need to know in order to plan for migration. This information includes supported migration paths and factors that can affect the success of the migration.

Note:
This document is meant only for migrations in which a previous version of Symantec Endpoint Protection 11.0 exists on the network or on individual computers. If no previous versions of Symantec Endpoint Protection products are already installed, please read the installation guide.

Things to know to ensure a successful migration
The following is a list of critical information that you need to know in order for your migration to succeed.

  • Before you upgrade, you should back up the database. Read the document Best Practices for Disaster Recovery with Symantec Endpoint Protection.
  • If your site uses replication, you must disable replication before upgrading Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.

Migration paths
Symantec Endpoint Protection 11.0.6 (RU6) can migrate seamlessly over the following:

  • Symantec Endpoint Protection 11.0.780.1109/11.0.776.942 (RTM), 11.0.1000.1375 (MR1), 11.0.1006 (MR1 MP1), 11.0.2000.1567 (MR2), 11.0.2010.25 (MR2 MP1), 11.0.2020.56 (MR2 MP2), 11.0.3001.2224 (MR3), 11.0.4000.2295 (MR4), 11.0.4010.19 (MR4 MP1), 11.0.4014.26 (MR4 MP1a), 11.0.4202.75 (MR4 MP2), and 11.0.5002.333 (RU5)
  • Symantec AntiVirus client and server 9.x and later
  • Symantec Client Security client and server 2.x and later

For more information, see the Symantec Knowledge Base article Migration paths for Symantec Endpoint Protection 11.0.
Supported platforms
Supported platforms for Symantec Endpoint Protection 11.0.6 (RU6) are listed in the document System requirements for Symantec Endpoint Protection and Symantec Network Access Control 11.0.6.
Downloading the Symantec Endpoint Protection 11.0.6000.550 or 562 RU6 or RU6a Release Update
The installer package to upgrade Symantec Endpoint Protection is available from the Symantec FileConnect site: https://fileconnect.symantec.com/
Migration overview
The following table gives an overview of the migration process for each component of Symantec Endpoint Protection:


Component
Migration overview

Symantec Endpoint Protection Manager
When you migrate a server, the installation automatically detects and configures it appropriately.
You do not need to uninstall management servers before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.

Symantec Endpoint Protection
Clients
When you migrate a client, the overinstall automatically detects the client, and migrates and installs it appropriately. You do not need to uninstall existing clients before you install the new version.
Overview of the migration process
Migration to the current version of Symantec Endpoint Protection includes the following steps in order:
  • Create a migration plan
    Before you begin to install the Symantec Endpoint client, manager, and any administration upgrades, you should have a solid understanding of your network topology and a streamlined plan to maximize the protection of the resources on your network during the upgrade. Symantec strongly recommends that you migrate the entire network to the current version rather than managing multiple versions of Symantec Endpoint Protection.
  • Backup up the database
    Before you upgrade, you should back up the database.
  • Disable replication
    If your site uses replication, you must disable replication before upgrading Symantec Endpoint Protection Manager. You must disable replication at each site that replicates.
  • Stop the Symantec Endpoint Protection Manager service
    Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service is started automatically.
    WARNING: You must stop the Symantec Endpoint Protection Manager service before you upgrade, or you will corrupt your existing installation of Symantec Endpoint Protection Manager.
  • Upgrade the Symantec Endpoint Protection Manager
    You do not need to uninstall management servers before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.
  • Enabling replication after migration
    After you migrate all servers that used replication, including the servers that were configured for failover and load balancing, you must re-enable replication. After migration, you add a replication partner to enable replication. You only need to add replication partners on the computer on which you first installed the management server. Replication partners automatically appear on the other management servers.
  • Upgrade the Symantec Endpoint Protection Clients
    You do not need to uninstall previous clients before you install the new version. The overinstall process saves legacy settings, and then upgrades to the latest version.

    • Backing up the database
    Before you upgrade, you should back up the database.
    To back up the database
  • Click Start > Programs > Symantec Endpoint Protection Manager > Database Back Up and Restore.
  • In the Database Backup and Restore dialog box, click Back Up.
  • When asked "Are you sure you want to back up the database?" click Yes.
  • When you see the message "The database has been backed up successfully," click OK.
  • In the Database Backup and Restore dialog box, click Exit.

    • Disabling replication
    If your environment utilizes replication, you must disable replication on all sites prior to upgrading the Symantec Endpoint Protection Manager. You must not re-enable replication between sites until they are running the same version of the software.
    To disable replication
  • Log on to the Symantec Endpoint Protection Manager Console.
  • On the Admin tab, click the blue Servers tab at the bottom of the pane.
  • On the Servers tab, in the left pane, expand Local Site > Replication Partners.
  • For each site that is listed under Replication Partners, right-click the site, and then click Delete.
  • In the Delete Partner prompt, click Yes.
  • Log off of the console, and repeat this procedure at all sites that replicate data.

    • Stopping the Symantec Endpoint Protection Manager service
    Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service is started automatically.

    WARNING: You must stop the Symantec Endpoint Protection Manager service before you perform this procedure or you will corrupt your existing installation of Symantec Endpoint Protection Manager.

    To stop the Symantec Endpoint Protection service
  • Click Start > Settings > Control Panel > Administrative Tools.
  • Double Click Services to launch the Services MMC snap-in.
  • In the Services window, under Name, scroll to and right-click Symantec Endpoint Protection Manager.
  • Click Stop.
  • Close the Services window.
    Warning: You must close the Services window, or your upgrade may fail.
  • Repeat this procedure for all Symantec Endpoint Protection Managers.

    • Upgrading the Symantec Endpoint Protection Manager
    You must upgrade all Symantec Endpoint Protection Managers on which you stopped the Symantec Endpoint Protection service.
    To upgrade Symantec Endpoint Protection Manager
  • Download and unzip the Release Update.
  • Browse to the location where you unzipped the Release Update.
  • Double-click setup.exe to start the installation.
  • In the Symantec Endpoint Protection panel, click Install Symantec Endpoint Protection Manager.
  • In the Install Wizard Welcome panel, click Next.
  • At the License Agreement panel, select "I accept..." then click Next.
  • At the Ready to install the Program panel, click Install.
  • In the Install Wizard Completed panel, click Finish.
  • In the Upgrade Wizard Welcome panel, click Next.
  • In the Information panel, click Continue.
  • When the upgrade completes, click Next.
  • In the Upgrade Succeeded panel, click Finish.

    • Repeat the above steps on all other Symantec Endpoint Protection Managers on which you stopped the Symantec Endpoint Protection Manager service.
      Enabling replication after migration
      After you migrate all servers that used replication including the servers that were configured for failover and load balancing, you must re-enable replication. After migration, you add a replication partner to enable replication. You only need to add replication partners on the computer on which you first installed the management server. Replication partners automatically appear on the other management servers.
      To enable replication after migration
    • Log on to the Symantec Policy Management Console if you are not logged on.
    • On the Admin tab, click the blue Servers tab at the bottom of the pane.
    • On the Servers tab, in the left pane, expand Local Site, and then click Add Replication Partner.
    • In the Add Replication Partner panel, click Next.
    • In the Remote Site Information panel, enter the identifying information about the replication partner, enter the authentication information, and then click Next.
    • In the Schedule Replication panel, set the schedule for when replication occurs automatically, and then click Next.
    • In the Replication of Log Files and Client Packages panel, check the items to replicate, and then click Next.
      (Replicating packages generally involves large amounts of traffic and storage requirements.)
    • To complete the Add Replication Partner Wizard panel, click Finish.
    • Repeat this procedure for all computers that replicate data with this computer.

      • Upgrading the Symantec Endpoint Protection clients
      The easiest way to migrate Symantec Endpoint Protection clients is by using the auto-upgrade feature. All other client software deployment methods are supported, but the auto-upgrade approach is the easiest way. The client migration installation can take up to 30 minutes. It is recommended to migrate when most users are not logged on to their computers.

      Note: Test this migration approach before rolling out migration to a large number of computers. Create a new group and place a small number of client computers in that group for testing purposes.

      To migrate client software
    • Log on to the newly migrated Symantec Endpoint Protection Manager Console.
    • Click Admin > Install Packages.
    • In the lower-left pane, under Tasks, click Upgrade Groups with Package.
    • In the Welcome to the Upgrade Groups Wizard panel, click Next.
    • In the Select Client Install Package panel, all existing client packages are listed in the drop down box. Select one of the following:

      • Symantec Endpoint Protection <appropriate version>.
      • Symantec Network Access Control <appropriate version>.

    • Click Next.
    • In the Specify Groups panel, check one or more groups that contain the client computers to be migrated, then click Next.
    • In the Package Upgrade Settings panel, check Download client from the management server.
    • Click Upgrade Settings.
    • In the Add Client Install Package dialog box, on the General tab, specify whether or not to keep existing client features or specify new ones, then configure a schedule for when to migrate the client computers. Under the Notification tab, specify a message to display to users during the migration.

      • If the clients in the group run a version of Symantec Endpoint Protection previous to MR2, turn off scheduling. Scheduling is on by default when a new client install package is added to a group. If scheduling is turned on, the upgrade fails. To turn off scheduling, in the Add Client Install Package dialog box, uncheck Upgrade Schedule.

    • For details about settings on these tabs, click Help.
    • Click OK.
    • In the Upgrade Groups Wizard dialog box, click Next.
    • In the Upgrade Groups Wizard Complete panel, click Finish.

      • Note: Client computers that take a long time to automatically upgrade to Release Update 6 may need to be restarted. This occurs on client computers that run Windows Vista or Windows Server 2008.
      Document ID: 2010041310404248
      Last Modified: 2010/05/03
      Date Created: 2010/04/13
      Product(s): Endpoint Protection 11, Network Access Control 11
      Release(s): Endpoint Protection 11 [All Releases], Network Access Control 11 [All Releases]
      (繼續閱讀...)
      文章標籤

      里歐 發表在 痞客邦 留言(0) 人氣(134)

      • 個人分類:Symantec
      ▲top
      • 5月 31 週一 201013:30

      • Which Communication Ports does Symantec Endpoint Protection 11.0 use?


      Which Communication Ports does Symantec Endpoint Protection 11.0 use?


      WebPage : http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090614430148


      Question/Issue:
      Which communication ports does Symantec Endpoint Protection 11.0 use?
      Solution:






































































      Port NumberPort TypeInitiated byListening ProcessDescription
      80, 8014TCPSEP Clientssvchost.exe (IIS)Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older).
      443TCPSEP Clientssvchost.exe (IIS)Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers.
      1433TCPSEPM managersqlservr.exeCommunication between a SEPM manager and a Microsoft SQL Database Server if they reside on separate computers.
      1812UDPEnforcerw3wp.exeRADIUS communication between a SEPM manager and Enforcers for authenticating unique ID information with the Enforcer.
      2638TCPSEPM managerdbsrv9.exeCommunication between the Embedded Database and the SEPM manager.
      8443TCPRemote Java or web consoleSemSvc.exeHTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port.
      9090TCPRemote web consoleSemSvc.exeInitial HTTP communication between a remote management console and the SEPM manager (to display the login screen only).
      8005TCPSEPM managerSemSvc.exeThe SEPM manager listens on the Tomcat default port.
      39999UDPEnforcerCommunication between the SEP Clients and the Enforcer. This is used to authenticate Clients by the Enforcer.
      2967TCPSEP ClientsSmc.exeThe Group Update Provider (GUP) proxy functionality of SEP client listens on this port.


      The Symantec Endpoint Protection Manager (SEPM) use two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 80 (or 8014) and 443 - Tomcat uses port 9090 and 8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS.

      Client-Server Communication:
      For IIS SEP uses HTTP or HTTPS between the clients or Enforcers and the server. For the client server communication it uses port 80 (or 8014) and 443 by default. In addition, the Enforcers use RADIUS to communicate in real-time with the manager console for clients authentication. This is done on UDP port 1812.

      Remote Console:
      9090 is used by the remote console to download .jar files and display the help pages.
      8443 is used by the remote console to communicate with SEPM and the Replication Partners to replicate data.

      Client-Enforcer Authentication:
      The clients communicate with the Enforcer using a proprietary communication protocol. This communication uses a challenge-response to authenticate the clients. The default port for this is UDP 39,999.

      (繼續閱讀...)
      文章標籤

      里歐 發表在 痞客邦 留言(0) 人氣(143)

      • 個人分類:Symantec
      ▲top
      • 5月 26 週三 201010:34

      • How to convert Symantec Endpoint Protection clients from managed to unmanaged without uninstalling and reinstalling


      WebPage : http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008021910355348


      Question/Issue:
      Symantec Endpoint Protection Clients are installed as managed by a Symantec Endpoint Protection Manager. You need to change the clients to be unmanaged, but do not want to uninstall and reinstall the client.

      Solution:
      To convert the Symantec Endpoint Protection clients to unmanaged after they have been installed as managed



      1. Locate the Sylink.xml file that is located on CD 1 in the SEP folder.
      2. Copy the Sylink.xml file to a location that is accessible to clients on the network.
      3. On the client, navigate to CD2\TOOLS\NOSUPPORT\SYLINKDROP.
        Note        : CD2 may also be labeled CD3
      4. Run SylinkDrop.exe on each Symantec Endpoint Protection client that needs to be converted to an unmanaged client.
      Note
      If the communication mode was not set for Client Control in the Symantec Endpoint Protection Manager policies during initial installation, you will not be able to change the local client policies after placing the new Sylink.xml file on the client.
      This procedure changes the managed client to an unmanaged client, but will not change the policies that exist on the client. Ensure that you have the ability to change settings and run LiveUpdate on the client before changing the client to unmanaged. If you change the client to unmanaged without ensuring that you can change settings on the client , you may need to uninstall and then reinstall the client if you need to change settings in the future.
      (繼續閱讀...)
      文章標籤

      里歐 發表在 痞客邦 留言(0) 人氣(353)

      • 個人分類:Symantec
      ▲top
      • 5月 26 週三 201010:33

      • How to change a Symantec Endpoint Protection client from unmanaged to managed


      WebPage : http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/52d862c54842f5b68825733d005ce48e?OpenDocument


      Question/Issue:
      How do you manually restore communications between a managed Symantec Endpoint Protection client and the Symantec Endpoint Protection Manager.
      Solution:
      Warning: The below solution is for MR1 and MR2 only. For MR3, see page 57 of the Symantec Endpoint Protection Administration guide for MR3.
      The SylinkDrop tool and Sylink.xml can be used to switch an unmanaged client to managed. In the following example we work with the Temporary group. These same steps can be used to place clients in other groups you have created by replacing Temporary with the name of the group you want the client to belong to.

      To copy the Sylink.xml from the Temporary group folder to the client



      1. In Windows Explorer on the computer that runs Symantec Endpoint Protection Manager, browse to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\.
        In this location, there are two or more folders with 32-character alphanumeric names. Each folder represents a group in your Symantec Endpoint Protection Manager site. Inside of each folder is a file named LSProfile.xml.
        Do not edit LSProfile.xml. Any edits to the LSProfile.xml file is not recommended or supported, and can cause serious communication problems.
      2. Open the LSProfile.xml file in one of the group folders, and find the XML tag: <GroupInfo Name="X" where X is the name of the group.
      3. Find which LSProfile.xml file specifies "Temporary" as the group name.
        The folder that contains that file is the folder that represents the Temporary group.
      4. In the Temporary group folder there is a file named Sylink.xml. Make a copy of that file and move it to the desktop of the client that you want to be managed.
      To use the SylinkDrop tool to apply the Sylink.xml file

      1. Copy the SylinkDrop.exe file to the desktop of the client you want to be managed.
        This tool can be found on CD 2 of the Symantec Endpoint Protection 11 installation files, in the folder "\TOOLS\NOSUPPORT\SYLINKDROP". It can also be obtained from Symantec Technical Support.
      2. Double-click SylinkDrop.exe.
      3. When prompted to select a Sylink.xml file, select the Sylink.xml you saved to the desktop.
      (繼續閱讀...)
      文章標籤

      里歐 發表在 痞客邦 留言(0) 人氣(111)

      • 個人分類:Symantec
      ▲top
      • 1月 06 週二 200911:51

      • Symantec Information

      賽門鐵克 技術支援電話
      Tel : 00801861032
      Tel : (02)8761-5800 轉2 再轉 1
      (以上兩支電話會接到賽門鐵克技術支援)
      可以讓您存取技術支援「知識庫」、新聞群組、聯絡資訊、下載及郵寄清單訂購
      www.symantec.com/zh/tw/enterprise/support/index.jsp
      提供註冊、常見問題集、錯誤訊息回應方式及接洽「賽門鐵克授權管理」的方式等資訊
      https://licensing.symantec.com/acctmgmt/index.jsp?localeStr=zh_TW
      提供產品消息與更新
      www.symantec.com/zh/tw/enterprise/products/index.jsp
      提供對 Threat Explorer 的存取權限,其中包含所有已知威脅的相關資訊
      www.symantec.com/region/tw/avcenter/download.html
      病毒定義檔與安全更新
      http://www.symantec.com/zh/tw/business/security_response/definitions.jsp
      存取File Connect
      https://fileconnect.symantec.com/LangSelection.jsp
      產品啟用與授權碼
      http://www.symantec.com/zh/tw/business/products/licensing/activation/index.jsp
      Symantec Licensing Portal
      https://licensing.symantec.com/acctmgmt/index.jsp
      (繼續閱讀...)
      文章標籤

      里歐 發表在 痞客邦 留言(0) 人氣(96)

      • 個人分類:Symantec
      ▲top
      1

      自訂側欄

      自訂側欄

      個人資訊

      里歐
      暱稱:
      里歐
      分類:
      不設分類
      好友:
      累積中
      地區:

      熱門文章

      • (2,556)[Cacti] Cacti 錯誤訊息及排除方法
      • (284)正常移轉 FSMO 五大角色
      • (288)Enterasys A2 Switch Restore Configuration to factory defaults (Reset Password)
      • (10,643)[Linux][CentOS]設定 yum mirror 為台灣地區
      • (990)[Linux] Configuring the Softflowd NetFlow Exporter
      • (2,547)[Linux] 調整時區、系統時間、BIOS時間、同步系統時間 For Redhat
      • (1,344)Solaris 環境變數設定
      • (560)Exchange 2010 標準版及企業版差異功能
      • (603)Windows 2008 R2找KMS Server做產品啟動時,出現0xC004F074錯誤
      • (4,823)手動設定windows ntp client (w32tm & reg)

      文章分類

      • Mikrotik (0)
      • 理財 (0)
      • Cacti (1)
      • XenServer (1)
      • VMware (1)
      • 旅遊 & 飲食 (1)
      • Network (1)
      • Cisco (12)
      • Windows (6)
      • MySQL (7)
      • Solaris (18)
      • Symantec (6)
      • 文章 (3)
      • Acronis (0)
      • FortiGate (3)
      • Linux (48)
      • Microsoft (5)
      • 未分類文章 (1)

      最新文章

      • Installation vsftpd-3.0.2 with xinetd on CentOS 6 .4 x86_64
      • MPLS QoS Example
      • 手動設定windows ntp client (w32tm & reg)
      • Installation Memcached On CentOS 6.3
      • Installation vsFTPd on CentOS
      • Solaris Command
      • Windows 2008 R2找KMS Server做產品啟動時,出現0xC004F074錯誤
      • Windows Update Server IP
      • CactiEZ 0.6 upgrade to Cacti 0.8.7i
      • Windows 2003 Server 關閉不必要的服務

      動態訂閱

      文章精選

      文章搜尋

      誰來我家

      參觀人氣

      • 本日人氣:
      • 累積人氣: