Dear Community and Cisco Support,
As part of the uninstallation of an existing antivirus product on over 2000 workstations, I would like to run a PowerShell script that moves the computer from Audit mode into Protect mode.
Is there any way to move an endpoint (computer) into a new group with a new policy - by running a (PowerShell) script on the endpoint?
I have tested a script in which I do the following in order:
- Stopping the service
- Replacing the old policy.xml file (in the AMP folder) with the policy.xml file from the Protect policy (downloaded before-hand)
- Overwriting the content of the local.xml file with "<config></config>" (Since we use identity persistence and I want to ensure a fresh start)
- Starting the service again
However, the Connector always ends up with putting the computer in the default (fallback) group - which uses the Audit policy, even though the correct policy.xml file was copied into the AMP-folder.
How can I move the computer in a new group via a script?
(I am aware that I can use the API to move computers - but I want to make a script that can run as part of the uninstallation process and that does not require the API to be opened in allow-editing-mode.)
Thank you in advance for your help.
Best regards,
Rika