Sysprep Symantec Endpoint Protection

To reduce the machine build time and increase the security of the systems, many of us want to include Symantec Endpoint Protection client on the base image.

If we go on the path of installing SEP client on base image, before capturing the image SEP need to be syspreped. Otherwise SEP management console will report all the newly built machines with same hardware ID and same host GUID’s.

SEP sysprep involves deleting hardware ID xml files and few registry keys

To Sysprep Symantec Endpoint Protection client follow the below steps.

1.       Install SEP client along with all other applications

2.       Create a package including a bath file with following command or add to your MDT deployment share

**********************************************************************

REM Sysprep Symantec Endpont Protection Client

del "C:\Users\All Users\Application Data\Symantec\Symantec Endpoint Protection\PersistedData\sephwid.xml" /F /s /Q

del "C:\Windows\Temp\communicator.dat" /F /s /Q

REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink" /v "HardwareID" /t REG_DWORD /d "-" /f

REG ADD "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink" /v "HostGUID" /t REG_DWORD /d "-" /f

echo.

***********************************************************************

3.       Add a step on the task sequence to use a package which has this batch file or you can add Run Command line and copy above command on the command box.

That’s it.

The Symantec Endpoint Protection Client is installed and Syspreped and ready to be captured as a base image.

Note:  To make sure the sysprep is worked properly, build any two machines and check the Hardware ID and Host GUID by going to the above mentioned registry path. The both machines should have different Hardware ID and Host GUID’s.

Otherwise you have to go through the capture process again.