Curious on a show of hands, and any general experiences with MAC applied to desktops. Observerve mode, tuning, Enabled mode.... self-approval for certain trusted users? Curious if anyone's really walking the walk on this and would be willing to share some of the hiccups,.
I've been involved with tihs for a couple of our customers and all I'm going to say is this "take your time". If you try to rush a default set of policies out you'll most likely generate helpdesk calls. Or if you just do a massive deployment in Observe Mode, you'll find the amount of data collected to be astronomical. (Similar to deploying HIPS in adaptive mode). Start with a small test group in Observe mode, try to go through the collection on a daily basis for tuning. You won't have to spend a ton of time if you do a little every day. But if you let it all go and jump in at the end of a week or two...you might be overwhelmed in the beginning.
When you do go forward, take into consideration tasks that may be run monthy, quarterly, annually. You will want to go through these time frames or be aware of tasks that run during them to be sure you capture the time sensitive tasks.
Wanted to give this post a bump here and see if there's anyone other than Dennis who's actually been involved in any customer deployments like this. I'm also curious how the interlock between SMS/SCCM deployments and solidcore modes goes for monthly patch updates, and what works well. Slapping the endpoints into update mode, or trying to ferret out trusting all the relevant installers during test deploys?
But I'll settle for "yeah, we're using this on desktops and we haven't committed suicide...yet" if anyone has actually achieved that.
THanks for any insights!
Looks like you have been contemplating Application Control for some time now!
We used McAfee Application Control / Solidcore about a year ago. The deployment was very slow paced. We found that systems that don't change often were easy candidates, but system that were more dynamic were a pain. Solidcore was originally designed for ATM type systems that never change, and for those type of systems it is great. We were constantly having to put PC's into update mode to deploy software and updates.
We ended up switching to another product which has been much easier to manage. Still about 1/4 of a full time job to manage for a network with 1000 desktops.
I havn't looked at the product in over a year, so I'm guessing they made improvements since application control is such a hot product market. Application control saves our PC's on a weekly basis. Before implementing this solution we had to re-image PC's at least once per week. Now we have gone about 6 months without the need to re-image computers.
Next step is to tackle laptops!