Enable Computer Browser service
SEPM has to discover the computers within the WORKGROUP before it can deploy SEP remotely to the computers. You have to turn on Computer Browser service, by default this service is disabled. You only require this service when SEPM needs to discover and enumerate computers that are destined to manage; once the SEP is deployed to the computer you should stop computer browser service henceforth.
Prepare for SEP deployment
From Symantec it mentioned that deployment requires UDP 137 and 138 and TCP 139 and 445 on both SEPM and remote computer. UDP137 and 138 are for network discovery, TCP 139 and 445 are for pushing symantec client after login.
SEPM will use netbios to try to resolve your computer name as well as use ICMP echo request to try to find the computer. Depend on remote computer’s network profile (Home/Work, Private, Public) turn on network discovery on the applicable network profile.
Typically Windows 7 computer enable Windows firewall by default, network discovery rules are also turn on by default, enable File and printer sharing (ICMPv4-In) this rule allows the remote computer to receive echo request; if you want to discover the remote computer through IP address you need to enable File and printer sharing (ICMPv4-In) rule in your Windows firewall.
On the remote computer turn on network discovery under the profile that is applicable to you. For my case I turn on network discovery under public profile.
On the remote computer you also need to enable Administrator account, Administrator account is inactive in Windows 7. To activate Administrator account run cmd as administrator:
net user administrator /active yes
You will have to give administrator account a password, by default there is no password for Administrator account.
To search the computer name network discovery has to be turned on on the remote computer, also on the Windows firewall you need to enable rules for network discovery (which are enabled by default). To search using IP address you must enable File and printer sharing (ICMPv4-In) rule.
On the remote computer windows firewall disable the file and printer sharing (SMB-In) and file, printer sharing (NB-Session-In) rules and file and printer sharing (ICMPv4-In) rules. Turn off network discovery, run cmd as administrator and deactivate Administrator user account.
net user administrator /active no
Administrator account still appears, however you will never be able to login with the correct Administrator password.
To make Administrator user account never appear on your Winlogon screen type:
net user administrator /active:no