Automatically Deploy Agent 2

[JohnDohUK]

Hi all,

I've got ePO4 configured to deploy VSE8.5, etc when a system has the Agent installed, so when I add a new machine to the domain, I run Framepkg.exe and the other installations begin.

However I'd like to take this to the next level, so that when a machine is added to the domain, ePO picks up on this fact and attempts to push the agent.

Currently I've managed to Synchronise Active Directory to ePO every hour, but does anyone know how to add the Agent Push task for newly discovered machines?

Many thanks
John.

 

[BramB]

I think one of the only options to do so is either using rogue system detection to install an agent to rogue machines that match the domain name or use a 3rd party tool to install the agent by eg. scripting or Microsoft SMS.

 

[jeffatemc]

We use a simple domain logon script that checks for the presence of a marker file. If that marker file is not there, the agent is installed, allowing for further monitoring, installs, etc.

While this is not 100% accurate, it does get most new PCs. Additionally, we periodically review our corporate inventory of PCs against ePO's list and install accordingly.

We've not really used rogue detection and would be curious if others have used it with success and/or problems they may have encountered.

Regards - Jeff

 

[mikehiland]

We have been using the Rogue System Detection feature to identify and deploy the ePO agent to about 500 computers on our LAN and WAN. As I understand, RSD captures broadcasts from computers on the subnet, and then reconciles the computer name to the ePO database to decide if this is a managed or unmanaged computer.

Generally, it gives you an idea of what is out there. Probably the most annoying aspect is that if a user has both a wired and wireless network connection, you will see both RSD is based on MAC addresses, I think). So, once the computer is "managed" (usually on the wired connection), you will continue to see the wireless connection as a "rogue".

The McAfee answer to this is to mark the wireless as an "exception" and then filter your views to exclude exceptions. It works, but seems like a tail-chasing exercise when trying to figure out if you have deployed to all of your systems. Something new is always popping up as a "rogue".

Prior to deployment, we had no list of computers by site. Our A/D contains hundreds of computers that have long been decommissioned, so synchronizing to A/D seems unreliable. I would say that in our scenario, the Rogue Detection has helped quite a bit. It is just a tedious process.

I like the other post about using a logon script to search for a file, and then decide whether to pull the agent. BTW - pulling the ePO agent is much easier than pushing it through the WinXP firewall and dealing with permissions issues.

Hope this helps. Good luck.

 

[JohnDohUK]

Thanks for the replies, i've been looking into RSD but I can't see much about it on McAfee's site (i remember we used it with ePO 3.5, but I can't see any mention of it with ePO4, is it still available?

Thanks!

 

[mikehiland]

We are on ePO v3.6.1 and are not planning to move to v4.0 yet. I do not know if RSD is available in the new version or not.

 

[jeffatemc]

Mike,

Thanks for the explanation of how you use RSD in your environment. This is something we may revisit as an additional tool of discovery.

Have a star!

 

[JohnDohUK]

Yes I'd agree with Jeff, thanks Mike,

Also FYI I've checked and RSD isn't available in the current release of ePO4, but the rumor is that it apparently will be supported in the next release (second half 2008).

 

[AndrewTait]

I've just spent 2 days with one of McAfee's resellers, who gave me a demonstration of RSD version 4 which is currently in Beta.

At present there is no official release date, but it is likely to be late 2008.

=======================================
I got to the edge of sanity....then i fell off
======================================