This are a couple of blogs or articles that you can find that describes how to prepare Symantec customers Edpoint protection in a Citrix environment provisioned using strartup script. These scripts defines among other identifier necessary equipment. See also http://www.symantec.com/business/support/index?page=content&id=TECH123419
This blogs A explains how to prepare a Symantec Endpoint customer protection for citrix environment provisioning using the personality of the device in the properties of the target device, which makes use of Symantec EP pretty easy.
Symantec Endpoint Protection fixed machine needs to have a unique ID to be identified and registered only on a Symantec server to avoid duplicates created each restart.
therefore Companys like Symantec can leverage personality.ini which is "c: personaltiy.ini". on each machine provisioned to enter the necessary information already starting
to remedy this situation, you can use the "personality of the unit" -Tab ( which can be found in the properties of the target device) to put the necessary information in what would be copied in personalty.ini during startup.
Symantec is looking for a registry key called "HardwareID" located under "HKLM SOFTWARE Symantec Endpoint Protection SMC SYLINK SYLINK " with its corresponding value. After smc service is started, symantec creates sephwid.xml kown with the registry hwid chain.
Therefore put the "hwid" chain with a value of 32 hexadecimal digits in the personality of the unit of each target devices. Since the MAC address is a unique setting within a network, at least it should be, you must create a value that could be made to address mac machine (12 digits) plus 20 for example "0".
Example: "hwid = 128b20c91a7a00000000000000000000". If you use the MAC address of the machine it is necessary to remove all "-".
To do this just for a couple of machines that you do not really make reflections on the automation.
If you have, say thousands of machines, it will not make a lot of fun to put this string for each machine manually.
For this reason, you can make use of the online Citrix Provisioning Control (MCLI) in combination with Powershell.
The following script defines "hwid" necessary -string with the respective value for each target device in a predefined Provisioning Services Site and is corresponding Collection Device .
Therefore, the script prompts you to
1. hostname provisioning server (it could be a server in the PVS-Farm, it is just needed to make a connection to the farm in order to be able to execute commands MCLI)
2. The site name Provisioning services and finally
3. collection of the unit that contains the target devices that you want to change
once the script was executed on hwid-string was added to all target devices in this device collection with the respective value:
| Add-PSSnapin -Name McliPSSnapIn
# User-Input
[ string ] $ PVSSERVER = Read-Host "Enter a server-service Provisioning your farm" Write-Host "Connect to server ... $ PVSSERVER" -ForegroundColor Blue
server MCLI Run SetupConnection = $ PVSSERVER
[ string ] $ site = Read-Host "Enter the name of your site Provisiong services" write-host "You have entered the $ Site site" -ForegroundColor blue [ string ] $ Collection = Read-host "Enter the name of a collection of devices" Write-host "You entered like $ Collection Collection Device" -ForegroundColor Blue
[ hashtable ] $ Devices = @ {} [ string ] $ LastKey = ""
# automatically create hashtable (device name is a key, the MAC address is a value)
ForEach ( $ line in $ (MCLI-Get unit -p collectionName = $ Collection siteName = $ site -f deviceName, deviceMAC | where { $ _ -like "deviceName: *" -or $ _ -like "deviceMAC: *" })) { If ( $ Line -like "deviceName: * " ) { $ LastKey = $ line .Remove (0.12) $ Devices .Add ( $ LastKey "" ) } Else { $ Devices .Item ( $ LastKey ) = $ Line .Remove (0.11) } }
ForEach ( $ Device in $ Devices .GetEnumerator ()) { MCLI-setlist DevicePersonality -p deviceName = $ ( $ Device .Key) -r name = "hwid" , the = $ ( $ Device .Value -replace "-" ) 00000000000000000000 } start-sleep -seconds 3 |
Symantec should enter the string defined in the "personality.ini" and copy in the registry of the machine. This beahvior I saw on my last project. Recently, I had to realize that Symnatec ignored the value in the personaltiy tab in my current project. The client uses Symantec EP 11.1
The following result was requiered to work with Symantec PVS :.
1. Stop the SMC-service with the command -stop smc.exe (smc.exe is located in C: Program Files (x86) Symantec Symantec Endpoint Protection)
2 . Remove sephwid.xml (located in C: Program Files (x86) Common Files Symantec Shared HWID)
3. Remove the registry-itmes "HardwareID" and "HOSTGUID" (located in HKLM Software Symantec Symantec Endpoint Protection SMC SYLINK Sylink)
4. Set manual smc Service by setting the value of the item "Start" from 2 to 3 (located in HKLM System ControlSet001 services SmcService)
5. Create a startup script that captures the HWID-String in personality.ini and copy in the registry. Finally, the script must start again smc Service
This must be done every time before sealing the vDisk
I created this script in PowerShell.!
| $ 1 = select-string -pattern "hwid" -path "c: personality.ini "[19450412] $ = $ 1 -replace", " $ HWID = 2 $ -replace" = "," " $ regkey =" HKLM "* hwid. " Software Symantec Symantec Endpoint Protection SMC SYLINK Sylink" Set-ItemProperty -path $ RegKey -name HardwareID -value $ HWID start-sleep -seconds 3 net start SmcService |
This solution never works. 
0 Komentar