Symantec Endpoint Protection duplicate client hardware ID
I was hit with this issue using Endpoint Protection 12.1 this past week. I guess there is a bug in the client where it will not generate a new unique hardware ID from a cloned image. As a result, after imaging about 100 machines with Windows 7 and SEP 12.1, they all had the same ID and the Endpoint server console believed them all to be the same system. Of course this created all sorts of issues that needed to be fixed before we returned from break. Nothing like having to work remotely over a major holiday... Anyways, I wrote a script to fix the issue and thought I should share it to help anyone else having the same issue. The support article detailing the problem can be read here. Enterprise Support - Symantec Corp. - Duplicate Hardware IDs result in only one client showing up in the Symantec Endpoint Protection Manager for multiple systems
Replace the hardware ID in the strHardWareID string with whatever your duplicate hardware ID is and set the script up in GPO as a start-up or shutdown script. I hope this helps someone out there.
Const HKEY_LOCAL_MACHINE = &H80000002
strBlank = ""
strHWKeypath = "SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink"
strHWValueName = "HardwareID"
strVersionKeyPath = "SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion"
strVersionValueName = "PRODUCTVERSION"
Set objRegistry = GetObject("winmgmts:\\" & "." & "\root\default:StdRegProv")
If strHardWareID = "2A1807A13128598D89F43A0A625D18DF" Then
'Get OS Version
Set objWMI = GetObject("winmgmts:").InstancesOf ("Win32_OperatingSystem")
For Each OSItem In objWMI
strOSVersion = OSItem.Version
strOSVersion = Left(strOSVersion, 1)
'Get SEP Version
strVersion = Left(strVersion, 2)
If strVersion = "11" Then
strpath = "C:\Program Files\Common Files\Symantec Shared\HWID"
ElseIf strVersion = "12" Then
If strOSVersion = "5" Then
strPath = "C:\Documents and Settings\All Users\Application Data\Symantec\PersistedData"
ElseIf strOSVersion = "6" Then
strPath = "C:\ProgramData\Symantec\Symantec Endpoint Protection\PersistedData"
'Blank the hardware id reg key
'Delete the file
Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.DeleteFile(strpath & "\sephwid.xml")