SAV Phone Home
If you’re like me and have ever had a problem where your Symantec Corporate Edition clients have either ceased speaking to the server or you’ve had to migrate servers, have no fear – I have a solution to your woes.
The Symantec website has almost all of this information, but they don’t give you an easy example of how this can be done, they merely hint at it. The cure is to copy the Grc.dat file and the xxx.x.servergroupca.cer file to the client, in two different locations. The next time the client goes to check in, it will redirect itself and you’re home free. Simple, but damned annoying if you have say, 30-some-odd clients that need these files. The trick is to use a login script (assuming you have a domain running these clients.) Here’s how I did it.
First, full path of origin and –> destination:
Second, I copied the relevant files to a new folder on my server: “\\avserver\transfer\savfix” so I could get them easily.
Third, I created a text file “done.txt” to act as a marker for if the job had been done and put that in the same folder as the others.
Fourth, I placed the script below into c:\windows\sysvol\sysvol\scripts. (No, I have no idea why they nested two identically-named folders.)
Last, I assigned the script (logon.bat) to each affected user. There is probably a better way to do it than the clickety-clickety-paste-clickety-clickety method I used, but I only had a dozen users to deal with. On with the code:
==============================
@echo off
ECHO This is a little logon script to update your Antivirus settings. It should only run once.
IF EXIST "C:\done.txt" GOTO done
REM Checks for the presence of the file done.txt in the root of c:
net use L: \\avserver\transfer\savfix
REM Mounts this folder as a drive temporarily. This cuts down on failures.
copy "L:\Grc.dat" "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\"
REM The quotes are necessary for using folder names with spaces.
REM Make sure you turn off word wrap so the above is all one line.
copy "L:\*.cer" "C:\Program Files\Symantec Antivirus\pki\roots\"
REM Lookee - I write portable code! That wildcard means you don't have to
REM edit the script the next time you do this for a stupid-long filename.
copy "L:\done.txt" "C:\"
REM Places the marker file so the next time this runs, it skips the copy process.
GOTO end
:done
ECHO Script has run before.
REM This is the other end of the IF EXIST statement above
:end
net use L: /delete
REM Drive is no longer needed, deleted for housekeeping
ECHO Operation is complete. We now return you to your normally scheduled logon.
PAUSE
REM This will hold for a keypress, I used it to make sure things worked.
REM Comment out the pause after the test run.
==================================
There is a small caveat here that the user logging in must have admin rights locally to copy the files. By placing the “done.txt” marker, you can now leave the script in place for a couple of weeks to make sure all the clients get the needed changes, should someone be on vacation or something. When you have all the clients talking again, simply remove the script from the user profiles.
July 29th, 2006 at 7:47 am
So it turned out to be a rights issue?