MoveClient Script

Version 4.04

Description:
MoveClient.vbs is a Visual Basic script which, when properly configured, will move one or more
clients from a SEPM group to another group of your choice based on the hostname, username,
IP address or operating system of the client. It also has the ability to switch client mode from user
mode to computer mode or visa versa.

Password for the zip file is: symantec

Setting up MoveClient Script:

To Configure the Move Clients Tool:
1. Open MoveClients.vbs in a text editor (such as notepad or wordpad)
2. Modify the DBUser, DBPass, and TempGroupName variables in this script to suit your
environment:
a. DBUser should correspond to the SQL user account used by your SEPM to
interact with its database.
b. DBPass should correspond to the password for the above SQL user.
c. TempGroupName should correspond to your SEPM's Temporary/Default Group -
or the specific group you wish to move clients out of (In SEPM MR3 and above,
this should be "Default Group").
3. Save your changes.
4. Open the groups text file in a text editor (see below for different group text files).
5. Modify the groups text file to suit your needs:
a. Each entry should be on a single line, followed by the Group you would like to
move that client into.
b. The client entry and group name should be separated by a comma
c. One client entry per line with no blank lines between clients.

Running MoveClient Script:

To Run the Move Clients Tool:
1. Execute MoveClient.vbs by double-clicking on the file. This script must be run on the SEPM
server itself.

Group Text Files:

Groups.txt
This file contains a list of groups to be checked. If this file exists then the MoveClient script will
only move clients from the list of groups in this file.

Format:
GroupName

Sample text file:

Marketing
Group1
Group1\subgroup1

©1995 - 2012 Symantec Corporation

IPgroups.txt
This file contains a list of IP addresses (IP ranges or IP addresses with subnet notation) and
group names separated by a comma. The script will search for clients with the IP address listed
and move them to the associated group. This supports single IP addresses, IP ranges and IP
subnet notations.

Format:
IP,GroupName
IP,GroupName,DomainName
IP,GroupName,DomainName,Description

Sample text file:

172.24.20.171,Marketing
10.0.0.4,Group1
192.168.0.1-192.168.0.254,Group1\subgroup1
192.168.0.1/24,Group1\subgroup1
172.16.0.2,Group2\subgroup1
207.33.111.27,Group3

Hostgroups.txt
This file contains a list of hostnames and group names separated by a comma. The script will
search for clients with the hostnames listed and move them to the associated group. Wildcards
are supported for the hostname.

Format:
Hostname,GroupName
Hostname,GroupName,DomainName
Hostname,GroupName,DomainName,Description

Sample text file:

Computer1,Marketing
hostname,Group1
v-349ghh,Group1\subgroup1
smith,Group2\subgroup1
Dell*,Group2\subgroup2
Tom,Group3

Usergroups.txt
This file contains a list of usernames and group names separated by a comma. The script will
search for clients with the usernames listed and move them to the associated group. Wildcards
are supported for the username.

Format:
Username,GroupName
Username,GroupName,DomainName
Username,GroupName,DomainName,Description

Sample text file:

Bob,Marketing
username,Group1
admin,Group1\subgroup1
smith,Group2\subgroup1
Dell,Group2\subgroup2
Tom,Group3

©1995 - 2012 Symantec Corporation

OSgroups.txt
This file contains a list of operating system types and group names separated by a comma. The
script will search for clients running the listed operating system and move them to the associated
groups. Wildcards are supported for the operating system.

Format:
OS,GroupName
OS,GroupName,DomainName
OS,GroupName,DomainName,Description

Sample text file:

Windows XP*,Marketing
Windows 2000,Group1
Windows Embedded*,Group1\subgroup1
Windows 2008,Group2\subgroup1
Windows Vista,Group2\subgroup2

VMgroups.txt
This file contains a list of virtual machine types and group names separated by a comma. The
script will search for clients running in the listed virtual machine type and move them to the
associated groups.

Format:
VM,GroupName
VM,GroupName,DomainName
VM,GroupName,DomainName,Description

Sample text file:

VMware,Marketing
Citrix,Group1
Unknown,Group1\subgroup1
Microsoft,Group2\subgroup1

SwitchClientGroups.txt
This file contains a list client modes (ToUser or ToComputer) and group names separated by a
comma. The script will search for all clients in the group and switch them to the client mode.
“ToUser” will switch all clients in that group to user mode. “ToComputer” will switch all clients in
that group to computer mode.

Format:
Mode,GroupName
Mode,GroupName,DomainName
Mode,GroupName,DomainName,Description

Sample text file:

ToUser,Marketing
ToComputer,Group1
ToComputer,Group1\subgroup1
ToUser,Group2\subgroup1

©1995 - 2012 Symantec Corporation

Domain support:
Also, on any of the text files supported by this script a domain name can be added as the third
column.

For example on the Hostgroups.txt file this format can also be used:
Computer1,Marketing,Default
Hostname,Group1,MyDomain1
v-349ghh,Group1\subgroup1,MyDomain2
smith,Group2\subgroup1,MyDomain3
Dell*,Group2\subgroup2,MyDomain2
Tom,Group3,MyDomain1

This is an optional column. The domain name functionality will change depending on how the
MoveClientsToNewDomain option is set.

If MoveClientsToNewDomain is set to false and a domain name is specified it will check for the
client only in that domain. If no domain name is specified then it will use the default (or first)
domain.

If MoveClientsToNewDomain is set to true and a domain name is specified it will move the client
to the domain name specified, if the domain exists. If no domain name is specified then it will use
the default (or first) domain.
***Note: this will only work if the SEPM version is 12.1.2 (RU2) or newer***

Description support:
Also, on any of the text files supported by this script a description can be added as the fourth
column. The description will then be added to the client’s description field in the SEPM console.

For example on the Hostgroups.txt file this format can also be used:
Computer1,Marketing,Default,MyDescription
Hostname,Group1,MyNewDomain1,MyDescription
v-349ghh,Group1\subgroup1,MyNewDomain2,MyDescription
smith,Group2\subgroup1,MyNewDomain3,MyDescription
Dell*,Group2\subgroup2,MyNewDomain2,MyDescription
Tom,Group3,MyNewDomain1,MyDescription

This is an optional column, but this column will only work if the domain column is also specified.
If the description is not specified then it will not modify the client’s description.

Other Settings:
DomainName
This will configure what domain the tool uses. If “%” is specified then it will default to the first
domain. Note: if a domain name is specified in the text file it will override this value. Default
value is: "%"

OnlyCheckClientsInTempGroup
This option will control whether the script should look for clients only in the Temporary Group or in
all groups. Valid options are: True or False

©1995 - 2012 Symantec Corporation

MoveClientsToNewDomain
This option will control whether the script should move the clients to the new domain that is
specified as the third column in the text files listed above. Valid options are: True or False
***Note: this will only work if the SEPM version is 12.1.2 (RU2) or newer***

SilentMode
This will configure whether the script should run silently or allow pop-ups. Valid options are: True
or False

EnableLogging
This will configure whether the script should create a log file. Valid options are: True or False

sLogFile
This will configure the name of the log file. Default value is: "MoveClients.log"

LogDBPassword
This will have the script log the database username and password. Default is to not log the
database password. Valid options are: True or False

LogOldClientGroup
This will have the script log the original group name that the client was in before moving the client.
Valid options are: True or False

UpdateUOClients
This will allow the script to move clients that are in OU groups. Default is to not move clients that
are in OU groups. Valid options are: True or False

UseFutureTime
This allows the script to use a future time for the timestamp it updates in the database. This is
useful if you want to make sure that updates from this script will be persistent after replication.
This puts the timestamp to exactly one day in the future. Valid options are: True or False

©1995 - 2012 Symantec Corporation

UseVBStoSearch
This controls whether the vbs script should search through all clients (UseVBStoSearch = True)
or whether the script should query the database for each client one-by-one (UseVBStoSearch =
False). This option affects the performance of the script. Valid options are: True or False

ExactMatch
This option is only used when UseVBSSearch is disabled. This option will chose whether to do
an exact SQL match or an SQL match using ‘like’. If this option is enabled it may greatly improve
the performance of the tool. However it will match the name in the database exactly. Wildcard
matching will not work when this option is enabled and case sensitivity will depend on the
database. If this option is disabled then the search will not be case sensitive and will support
wildcard matching. Valid options are: True or False

Database Rights:
The script needs the following database rights:
Read access to:
BASIC_METADATA
IDENTITY_MAP
SE_GLOBAL
SEM_AGENT
SEM_CLIENT
SEM_COMPUTER

Write access to:

SE_GLOBAL
SEM_AGENT
SEM_CLIENT
SEM_COMPUTER

©1995 - 2012 Symantec Corporation

Setting up ODBC Connection for SSEP 5.1:
If you are using SEPM 11 then the ODBC connection is already setup. However if you are using
SSEP 5.1 then you will nee to manually create an ODBC connection.

System ODBC Configuration:

If you run this on SSEP 5.1 you will need to create a System DSN entry in the ODBC Data
Source. The DSN must be called "SymantecEndpointSecurityDSN". Please test the connection
to make sure it works before running the script.

Here is how to configure the ODBC connection for SQL:

Step 1:

©1995 - 2012 Symantec Corporation

Step 2:

Step 3:

©1995 - 2012 Symantec Corporation

Step 4:

Step 5:

©1995 - 2012 Symantec Corporation

Step 6:

Step 6:

©1995 - 2012 Symantec Corporation