Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Epo on ALL clients...?

Status
Not open for further replies.
inssain96

inssain96

MIS
Dec 4, 2002
20
0
0
US
I'm looking for techniques used by others to import computers into epolicy. Current version is 2.51. I currently have about 1400 clients, but know there are machines both on my AD domain and off that are unprotected. I have just imported ALL computer accounts from AD into Epolicy, minus the accounts that were already there, that's a start. Now I need a way to keep that up-to-date. One partial solution is to have a GPO that will install the epo client...not a problem (just wish there was an .msi for epo). The next obstacle is non-AD clients, rogue machines. We were just attacked by one this week (Deborm worm). No big deal since we are up to date, but a nusiance non-the-less, and an eye opener.

My plan is to run two scripts; one to pull all records from DHCP, and import new machines that are on for more than x days. The other is to pull all new machines from AD and import those...

This just seems like way too much work... Any ideas anyone?
 
Sort by date Sort by votes
Your question was lost on me. Not sure EXACTLY what you are trying to do. But I have a couple of questions for you.

1) Why don't you deploy the EPO agent via EPO? You can customize the install somewhat as you can change the INSTALLDIR. Deploying via EPO is independent of AD.

Deploying the agent via GPO seems redundant and unnecessary, since you already have EPO up and running.

2) Once you get the agents on all "rogue" machines, there are reports you can run which will TELL YOU which machines have no coverage and are/are not up to date. Can you use these reports?

3) For the rogue machines that are not always logged onto the network, use "Update at logon or startup" option for updates, this way they will not miss an update.

good luck!

Carpe diem, procrastination is the thief of time...
 
Upvote 0 Downvote
MCSE924:

Thanks for responding. Here ya go...

1. You are right,I can push the agent to any computer that will "allow" me to install the software - as long as I have created/added the computer to the epolicy directory. How do I get computers into the dir? Directory Update? In that scenario I'm relying on the Net Neighborhood to be up-to-date. I know of the methods native to epolicy to add new computers...they aren't good enough for an environment where computers are brought up out of IT's control.
I'm trying to get to a place where computers that are brought up on the net are added automatically. Utopia...maybe ;-)

2. I would consider creating a GPO to ensure that ALL domain members receive the agent, including those machines where the user, who is a local admin, has changed all passwords and removed all groups from the Local Admins group. In those cases I can't push the agent. It also relieves me of the duty of manually adding computers to Epo - the client applies the GPO, receives the software, epoagent talks to eposerver and automatically adds the cient, done. Problem with this is that it doesn't help me on machines that are in workgroups.

My problem is that I don't know the when/where/who/what of a "rogue" machine. I'm thinking that some of these huge organizations have better ways of dealing with these "new" machines...?
 
Upvote 0 Downvote
I created an .msi to ensure that every client that logs into the domain gets the agent package. I set up my site with groups divided by IP. When the new machine gets the .msi, it will automatically report to the server and either ends up in the lost and found or is placed into a group based on IP. I'm not

I am not confident in ePO's ability to detect new machines. I am constantly finding machines that the epo service has crashed on and doesn't report.

ePO 3.0 should be released at the end of this month. Hopefully it will be more reliable.
 
Upvote 0 Downvote
inssain,

Did you try using the Properties-IP Management configurations tab? It would help you capture machines in multiple IP address ranges and subnets.

I am capturing machines in New York (local) and London (frame relay), which are on different subnets and IP ranges.
However, these machines are part of the new domain. I guess you could test.

As far as rolling anything out via GPO, this does not help you with those rouge, non-AD, non-domain machines, but I'd give the IP management setting a whirl...

good luck

Carpe diem, procrastination is the thief of time...
 
Upvote 0 Downvote
inssain,

your problem of rogue machines is not possible to solve using the features of EpO. All those solutions of having GPO's, logon scripts, agent pushes etc. are useless for unknown rogue machines in your network. They are unknown for you, so also unknown for EpO and AD. So forget about that.


The only way I can think of is using DHCP as information base (if the rogue machine used it, and that's very probable), what you mentioned allready, or doing scheduled IP range scans (Some McAfee tecnician made a tool for that purpose, but it's a bit slow).

Anyway, it is a better policy to physically avoid rogue machines by using 100% switched networks with MAC restrictions and some screened patches for visitors or whatever.

succes

paul
 
Upvote 0 Downvote
Use McAfee ThreatScan within ePO. It will do a scan of the subnet and report on "active" machines during that time. Note the emphasis on active as it will not scan any other machine WITHOUT an IP address.

AVChap
... my $1 worth of advise, 2cents isn't enough due to inflation
 
Upvote 0 Downvote
Just something to throw in and it's disgustly hypocritical of me to say this but why not use static addressing for your internal subnets?

I know i know, DHCP ya ya ya (we use it...currently)

but the amount of control you gain by using static adressing is supreme - and if you can't look after a database of 1,400 numbers then why do you work in IT?

I think this is not something to really help you short term with this problem but it is definately something to think about.

one thing that really annoys me about internal IT is that you constantly fight for control of what should be yours in the first place.

Let me know what you think.



No Pain No Gain
 
Upvote 0 Downvote
Static IPs? Ouch! Too much pain!!! Maybe for a small shop but not an Int'l corporation w/1500+ users.

I actually got about 100 more clients by importing clients from an AD dump of computer accounts and a DHCP dump of active clients over a few days. I compared the files and imported the ones that weren't in Epol. This is ok, but not what I want to be doing every week.

I guess we're all pretty much doing the same thing - and it's probably the best we can do...

Thanks for all the input.
 
Upvote 0 Downvote
Well from what i heard a update on EPO 3.0.1 planned for release Q1 2004 will contain ThreatScan (or at least a part of it) integrated in EPO.

This should give you (and me) the option to actually find
rogue machines and deploy the EPO-Agent to them from the EPO console.

Untill then i am working with ThreatScan 2.5.



De rooie poon....is never alone
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
140
Sameer258
Sameer258
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
55
PauS0n
PauS0n
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
51
mcisar
mcisar
cbsarge
  • Locked
  • Question
SonicWALL Mobile Connect on Chromebooks
Replies
1
Views
60
jcarmichael1203
jcarmichael1203
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
60
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top