July 2006
S M T W T F S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About

I am The Cyberwolfe and these are my ramblings. All original content is protected under a Creative Commons license - always ask first.
Creative Commons License

SAV Phone Home

If you’re like me and have ever had a problem where your Symantec Corporate Edition clients have either ceased speaking to the server or you’ve had to migrate servers, have no fear – I have a solution to your woes.

The Symantec website has almost all of this information, but they don’t give you an easy example of how this can be done, they merely hint at it. The cure is to copy the Grc.dat file and the xxx.x.servergroupca.cer file to the client, in two different locations. The next time the client goes to check in, it will redirect itself and you’re home free. Simple, but damned annoying if you have say, 30-some-odd clients that need these files. The trick is to use a login script (assuming you have a domain running these clients.) Here’s how I did it.

First, full path of origin and –> destination:

:\Program Files\SAV\Grc.dat –> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\

:\Program Files\SAV\pki\roots\xxx.x.servergroupca.cer –> C:\Program Files\Symantec Antivirus\pki\roots\

Second, I copied the relevant files to a new folder on my server: “\\avserver\transfer\savfix” so I could get them easily.

Third, I created a text file “done.txt” to act as a marker for if the job had been done and put that in the same folder as the others.

Fourth, I placed the script below into c:\windows\sysvol\sysvol\scripts. (No, I have no idea why they nested two identically-named folders.)

Last, I assigned the script (logon.bat) to each affected user. There is probably a better way to do it than the clickety-clickety-paste-clickety-clickety method I used, but I only had a dozen users to deal with. On with the code:

==============================

@echo off

ECHO This is a little logon script to update your Antivirus settings. It should only run once.

IF EXIST "C:\done.txt" GOTO done
REM Checks for the presence of the file done.txt in the root of c:

net use L: \\avserver\transfer\savfix
REM Mounts this folder as a drive temporarily. This cuts down on failures.

copy "L:\Grc.dat" "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\"
REM The quotes are necessary for using folder names with spaces.
REM Make sure you turn off word wrap so the above is all one line.

copy "L:\*.cer" "C:\Program Files\Symantec Antivirus\pki\roots\"
REM Lookee - I write portable code! That wildcard means you don't have to
REM edit the script the next time you do this for a stupid-long filename.

copy "L:\done.txt" "C:\"
REM Places the marker file so the next time this runs, it skips the copy process.

GOTO end

:done

ECHO Script has run before.
REM This is the other end of the IF EXIST statement above

:end

net use L: /delete
REM Drive is no longer needed, deleted for housekeeping

ECHO Operation is complete. We now return you to your normally scheduled logon.

PAUSE
REM This will hold for a keypress, I used it to make sure things worked.
REM Comment out the pause after the test run.

==================================

There is a small caveat here that the user logging in must have admin rights locally to copy the files. By placing the “done.txt” marker, you can now leave the script in place for a couple of weeks to make sure all the clients get the needed changes, should someone be on vacation or something. When you have all the clients talking again, simply remove the script from the user profiles.

One reply to “SAV Phone Home”

  1. GreyDuck Says:

    So it turned out to be a rights issue?