search cancel

Deploying Endpoint Protection for Mac as part of a drive image for cloning

book

Article ID: 152596

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How to create a base drive image with SEP for Mac (Symantec Endpoint Protection), suitable for deployment (cloning) to other systems.

Resolution

To successfully create a drive image with a SEP for Mac client, suitable for cloning, follow these steps:

  1. Install macOS, updates and other applications to the Macintosh that will act as the source (or base) of your disk image. 
     
  2. Install a SEP for Mac client, managed or unmanaged. Restart when prompted. This base image may be prepared with an unmanaged client and a communications settings file described in next step, if desired, and when another machine that is prepared with this image (a clone) starts for the first time, it can use this settings file to convert SEP to a managed client with desired group membership. 
     
  3. In your SEPM (Symantec Endpoint Protection Manager) choose a client group that you wish your clones to be a member of. Right-click the desired client group and choose "Export Communications Settings..." and save the SyLink.xml file.

    The following steps are to be performed only when you are ready to capture an image of this base system drive:
     
  4. On the Macintosh base image machine, for SEP 12.1 RU4 and newer, run the following command to stop the symdaemon service:
    sudo launchctl unload /Library/LaunchDaemons.com.symantec.symdaemon.*plist
    (NOTE: the asterisk in daemon pathnames will accommodate suffix variations - SEP 12.1.x uses .plist and SEP 14.0 uses .NFM.plist)
    Do not restart the Macintosh or reload symdaemon after this point. 
     
  5. If an unmanaged client is the desired end result for clones, skip to step 6. Otherwise, replace /Library/Application Support/Symantec/SMC/SyLink.xml with the exported SyLink.xml file. 
     
  6. Delete the following files (this ensures that clones will generate a new, unique Hardware ID and be identified uniquely in the SEPM):
    /Library/Application\ Support/Symantec/SMC/SymantecRegistry.bak 
    /Library/Application\ Support/Symantec/SMC/SymantecRegistry.xml
    ref: Duplicate Hardware IDs registered by Endpoint Protection for Mac
     
  7. Capture/save an image of this Macintosh's system drive, using the preferred tools and methods.

Once the image has been created, it can be deployed to a new Macintosh for use in a production environment. When preparing this Macintosh, follow these steps:

  1. Write the image to the target Macintosh using the preferred tools and methods.
  2. Restart the Macintosh normally. The SEP client will use the SyLink.xml file (if part of image) to connect to the SEPM.
  3. Change the Computer Name in the Sharing preference pane in System Preferences.