This utility gives the Symantec administrator the ability to view diagnostic data on a remote managed endpoint from the comfort of their computer. Please take some time to review the utilities features and the the prerequisites. This utility is not an official Symantec endorsed utility.
Utility prerequisites:
With the exception of the Symantec Management Agent requirement, the following requirements are for running the utility only. The endpoint you plan on connecting to does not need to meet these requirements.
Utility Features:
Directions:
Download the attached .ZIP file to a location on your computer.
Extract the ZIP file and run the MSI to install the utility.
Launch the utility from Start > All Programs > Remote Symantec Agent Diagnostics Utility
Enter computer name or IP Address and click on the Add button.
Right click on the computer to bring up the actionable items list.
Important Things To Know:
When you first launch the Remote Symantec Agent Diagnostics utility, it will create a text file called computers.txt. This text file is used to store recently used computers.
The following features require that the remote computer be configured for PowerShell remoting. http://technet.microsoft.com/en-us/library/hh849694.aspx
- Retrieve Agent Details
- Update Configuration
- Send Basic Inventory
- Execute SWD
- Enable Verbose Logging
- Disable Verbose Logging
- Set NSE Capture Folder
- Disable NSE Capture Folder
When you click on any of the above listed features, the program will check that remoting is enabled on the selected computer. If not, it will make two attempts to enable PSRemoting. The following is what will be attempted:
Enable-PSRemoting First Attempt:
Create a scheduled task on the remote computer called EnablePSRemote. This scheduled tasks runs powershell.exe, passing the command “enable-psremoting –force”.
- Execute scheduled task
- Delete scheduled task.
- Pause for 20 seconds.
- Verify first attempt was successful
Enable-PSRemoting Second Attempt:
If verification for the first attempt fails, the following five steps will be done:
- Configure remote computer’s WinRM service to listen for WinRM requests by creating one registry key on the remote computer.
- Create registry key: "SOFTWARE\Policies\Microsoft\Windows\WinRM\Service"
- Create two DWORD values and two String values as follows:
- DWORD Name = "AllowAutoConfig"
- DWORD Value = "0x1"
- String Name = "IPv4Filter"
- String Value = “*”
- String Name = “IPv6Filter”
- String Value = "*"
- Change the startup type of the WinRM service to automatic.
- Restarts the WinRM service.
- Configure remote computer's firewall by setting one registry key.
- Create registry key: "SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules"
- String Name = “WINRM-HTTP-In-TCP”
- String Value = “v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=5985|App=System|Name=@FirewallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30267|”
- String Name = “WINRM-HTTP-In-TCP-PUBLIC”
- String Value = “v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30267|”
- Create registry key: "SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules"
- Restarts Windows Firewall
Please feel free to leave feedback or request any features you might like to see.