Showing results for 
Search instead for 
Did you mean: 

Agent GUID on imaged PCs - Mcafee EPO


We are using EPO 4.0 , agent , VSE 8.5i . Recently we have added 1000 new pcs in the network . These new Pcs are ghosted from the master HDD which has epo agent and VSE . Unfortunately we did nt delete the agent guid in the master HDD . So the agent guid is duplicated in all the Pcs . NOw the problem is , we are not able to see the newly ghosted pcs in the EPO console . How could i manage these PCs with the EPO console .

I dont have the list of PCs which are ghosted recently . I know, If we delete the agent guid and regenerate it , it will fix the problem . How could i do it without proper list of PCs . Is there any other way to find the PCs with duplicated GUID .

11 Replies

RE: Agent GUID on imaged PCs - Mcafee EPO

I'd use a computer startup script (you can access HKLM branch). Something like:

REG QUERY "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID | find "{CEFA96CB-5870-4721-B33E-BB33CE394A2D}"

if %errorlevel% == 0 echo "GUID found. Removing ..."

Query AgentGUID key, find a GUID to be removed, if found then execute reg delete to remove a key.

Maybe there's more elegant way how to do it wink

RE: Agent GUID on imaged PCs - Mcafee EPO

Thanks for your reply,

Most of the machines are in production area . So restarting the machine is not possible .

Also i am not sure the agent guid will be unique in the ghosted PCs. Could you give a script to delete the agent guid and restarting the framework service .

RE: Agent GUID on imaged PCs - Mcafee EPO

The GUID has to be same if all the machines were ghosted from one master image. If you have more HW configurations/master images then you can't use this script indeed.

So the only way is to run similar script against all your running machines (with admin privileges) and remove GUID remotely.

REG command is able to remove key from remote machine. Get a list of machines and use something like:

for /f %%a in (listofpc.txt) do REG DELETE "\\%%a\HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID

I didn't test the script ...
Level 7
Report Inappropriate Content
Message 5 of 12

RE: Agent GUID on imaged PCs - Mcafee EPO

Or if you just want to cover all PCs, which can be done multiply ways, GPO, software deployment, etc....

Stop the service
"sc Stop McAfeeFramwork"
Run script to delete the guid and macadress

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent]

start the service
"sc Start McAfeeFramwork"

No need to reboot the PC.

RE: Agent GUID on imaged PCs - Mcafee EPO

That's basically the same I offered him in the 1st reply. I believe he doesn't have SMS and such because he would have use it ... or not?

If you use it through GPO you have two options: 1) a computer start up script - you have to reboot machine 2) an user start up script - an user has to have a local admin privileges to do any changes in HKLM branch so running regedit *.reg to remove keys w/o required privileges would simply fail ...

And there's another drawback, if you left script running for more days then the key gets deleted every logon, not really sure how big is the problem for ePO though.

RE: Agent GUID on imaged PCs - Mcafee EPO

Out of interest, when the new machine goes back into ePO, would it go straight into Lost & found ?
Level 7
Report Inappropriate Content
Message 8 of 12

RE: Agent GUID on imaged PCs - Mcafee EPO

depends.... I will say prepare for the worst and yes they will go to the lost and found. however, you should be able to not have that problem if the machines exist in ePO already. Basically do not delete them out of the ePO server and hope mcafee can figure out the same "machine name" has just checked in with a different GUID.
Level 7
Report Inappropriate Content
Message 9 of 12

RE: Agent GUID on imaged PCs - Mcafee EPO

I have the same issue (imaged machines with dupe GUID's).

Seems like a pain with methods mentioned so far.

Since AD is already replicating into EPO 4, isn't there a more robust way to accomplish this? I really don't have time to setup and test these scripts that may or may not work.

Since the imaged machines can be seen in the EPO console (just no stats\info for them, only machine names), isn't there a quick way to send a task to them to update their GUID's without all the hassle? Perhaps forcing an uninstall of the agent (including GUID), etc.?

Level 7
Report Inappropriate Content
Message 10 of 12

RE: Agent GUID on imaged PCs - Mcafee EPO

First i would rather reset the GUID any day then force a uninstall/reinstall. Second, since there are dups you can not simple uninstall without missing machines from the console since they are using the same GUID to communicate. I also do not believe forcing a install over the current install will create a new GUID. Basically there is no easy way once you screw up only to make sure you get it right the next time.
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community