About the Find Unmanaged Computers function in Endpoint Protection Manager


Article ID: 151305


Updated On:


Endpoint Protection


Learn about the Find Unmanaged Computers function in Symantec Endpoint Protection Manager (SEPM).


Ports required by Find Unmanaged Computers

Either TCP port 139 or 445 need to be open for the installation package to be delivered to the remote computer. If UDP port 137 is closed, the Endpoint Protection Manager will not be able to list the hostname of the computer during the initial scan. (Though deployment can still be carried out by manually entering the IP address of the prospective client.)

How (and why) to set the clients to "Classic Mode"

When the client is in Guest Only mode, Symantec Endpoint Protection Manager is not able to authenticate as an administrator. This means that the manager does not have access to push the package to the client.

To configure the client for Guest or Classic mode

  1. On the client, open Administrative Tools > Local Security Policy.
  2. Click Local Policy > Security Options > Network access > Sharing and security model for local accounts. Set this to Classic.
  3. If the client is part of a domain, this policy can be changed at the domain level.

Must use Administrative credential

  • If the client is part of a workgroup, this means an administrative account is on the client.
  • If it is part of a domain, then a domain administrative account should be used.
  • If a blank password is used, the client must be set to allow remote logins with a blank password (Local Policy setting). This can be set under Local Policies > Security Options > Accounts > Limit local account use of blank passwords to console logon only.

Remote Registry Service

  • The Remote Registry Service (RRS) is used to find out if a computer is "Managed" or "Unmanaged." This service is optional.
  • If this service is disabled, then the client always shows as "Unknown" and the Operating System Type (Description Field) is not populated.
  • If the RRS on the client is not running, but it is set to Manual or Automatic, Symantec Endpoint Protection Manager starts the service and then stops it after performing the scan.
  • If the service is set to "Disable" in the service panel, Endpoint Protection Manager does not start the service.
  • If a client's RRS is running, then the Endpoint Protection Management Server starts, scans, and then stops the RRS as long as the RRS is set to "Manual" or "Automatic" in the service panel.