We have a remote datacenter which then requires all system owners to log onto their servers using terminal services.
I would like to know if this problem in KB60750 is being addressed?
We are finding our server owners are not getting the Application Control error messages and it is therefore difficult for them to determine what is going on. Along with the ability to self approve is not available due to the agent not being in the taskbar.
I believe the solution in the article is a workaround at best and may be ok with only VSE running but is not a viable solution with Application Control installed.
If you require the McAfee Agent User Interface function on other terminal services client sessions, you can run UPDATERUI.EXE manually.
Terminal sessions will not allow you to see MA in task bar wherther you have any product installed on machines.
But in my environment it is working
Check MA policy from ePO.Maybe you have set it wrongly.on 3/8/13 5:07:45 PM CST
I recommend using the agent gui command line to get it up and running. There's a simple design reason it doesn't display during RDP sessions: If you are using a classic RDP setup with multiple users or a technology like that then a server would have dozens or hundreds of copies of the agent present and running at the same time. That takes a ton of coordination for no reasonable benefit. And it causes massive problems on those systems.
You can also use the /CONSOLE 0 option to get to the primary console of an RDP session. You should always have the agent gui visible there, too.
Thank you for responding, unfortunately I still do not find this to be accurate as Windows 2008 Server does not support anyone logging in to the CONSOLE session (you can put that at the command prompt but you will never be given session 0).
Also when you say there would be a possibility of having dozens/hundreds of copies of the agent present and running, how is this possible when terminal services only supports 2 concurrent connections?
Our environment is predomintely Windows 2008 servers, we have server administrators that are responsible for the Operating System and security (blacklisting/whitelisting) and we then there are the application owners that are the SME of the applications that reside on the particular servers (ie: Business Objects,SAP,SQL, ect). These people need to see any messages from AppControl and/or at times self approve, asking them to run UPDATERUI.EXE will more than likely not work out in our situation.
And you're correct. I haven't used /console in a long time. However, you can install full terminal services on any server (with the correct licensing) or you can use XenApp which will instatiate lots of sessions. There is a really good reason we have this limitation in place. The GUI will cause massive scale problems in those situations.
I think a better way to do this would be to include the correct trusted updaters (Certificates of the server applicaton providers or locations of standard software builds).