This document lists the best practices for cloning a Symantec Endpoint Protection (SEP) 12.1/14 client in either a physical or virtual environment. If you do not follow these best practices, then cloned Endpoint Protection clients have duplicate identifiers, which result in problems with management and reporting.
These instructions are for Windows clients; for Macintosh clients, see Related Articles.
- Install the operating system, applications, and patches.
- Install the Symantec Endpoint Protection client and update the definitions.
Cloning Windows 7 or Server 2008 with Symantec Endpoint Protection 12.1.671.4971 installed failed if Tamper Protection was enabled, which caused continuous restarts. For more information, see Related Articles.
- Run ClientSideClonePrepTool.exe. This requires administrator rights.
This tool removes all Symantec Endpoint Protection client identifiers and leave the Symantec Endpoint Protection services stopped. Using this tool should be the last step in the image preparation process, before running Sysprep and/or shutting down the system. If the system restarts or the Symantec Endpoint Protection client services restart, then new identifiers are generated and you must run the tool again before cloning.
The ClientSideClonePrepTool does not run silently, but the following steps may be scripted as a silent alternative. If you script these steps, you must disable Tamper Protection on the Symantec Endpoint Protection client.
- Run smc -stop
- Delete all instances of sephwid.xml and communicator.dat on file system. Possible locations:
C:\Program Files\Common Files\Symantec Shared\HWID\
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\PersistedData\
C:\ProgramData\Symantec\Symantec Endpoint Protection\PersistedData\
C:\Users\All Users\Symantec\Symantec Endpoint Protection\PersistedData
C:\Documents and Settings\*\Local Settings\Temp\
- Delete the following registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\ForceHardwareKey
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HostGUID
NOTE that these values on 64-bit systems have been moved in SEP 12.1 RU5 to HKLM\SOFTWARE\Wow6432Node
If you are dealing with duplicate IDs on computers cloned from an improperly-prepared image, see Related Articles for how to repair them.