cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ozmaan
Level 7
Report Inappropriate Content
Message 1 of 6

Database purging best practices

Has anyone established best practices around purging old clients from their database? I work in a very widely distributed client installation, so computers might leave my network for updwards of six months. I'm trying to determine the best way to clean out the "dead" agents to reclaim the licenses, but I don't want someone coming back online and not have a server object waiting for them. Any advice?
5 Replies

RE: Database purging best practices

Your situation is really not that different form mine. We have customers in the field that seldom have their machines on the network. The best way we have found to deal with the issue is to determine a "cut-off date". In my situation, our standards state that a company laptop must be put on the network once every 30 days. In reality that doesn't happen, so I decided I would make my cut-off date 90 days. So once a month, I run a "Last Synchronized Date" report, and look for anything older than 90 days. I then use the SBADMCL "Delete Machine" command with the Recycle switch set to True. This way, if a machine shows up again, you can still recover the database object. And then you educate the users about putting their machine on the network more often.

RE: Database purging best practices

hi,

well, i need to do the following:

1. If a laptop is not on the network for 60 days, the logon time must increase to 5 minutes, displaying a message that you did not plug the laptop to the network.
2. If this date increases to 90 days, i wish to lock the account so that only the administrator / support staff can help him / her out...

let me know if that is a possibility with HDE. I am running 4.1.12.0

thanks.
Matrix!

RE: Database purging best practices

Matrix,
I'm not sure if McAfee Endpoint Encryption will do what you are wanting, but it will do pieces of what you are wanting.
Situation 1) You could use the SBADMCL UpdateMachineCfg to update the Logon Text, but I don't know of a way that you could script that with the logic to determine the last synch date of the client. I'm not sure the client stores the last synch date, I believe it is only done on the server.
Situation 2) You could use the SBADMCL EnableUsers command with the Enable switch set to false to disable the user, but you would still have to have the client machine on the network so it could synch for that to work.

**This is not a recommendation. Independent testing is always advised before implementation on production systems.**
SafeBoot
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 6

RE: Database purging best practices

there's also a "showoldmachines" command in the api which will get you a report of suspected dead objects.

it's then pretty simple to either archive and delete them, or just move them into another group and apply a configuration message as the above poster indicated.
mrgui
Level 7
Report Inappropriate Content
Message 6 of 6

RE: Database purging best practices

For the first one, you could have the machine check the date of the last "Checking for user updates" in the client log file. Once it parses the info and runs some date math on it, you could pop up a warning to the user. The only problem with this one, is you need to make sure that your sync interval is long enough to not rollover or your retention is long enough to hold it.

For the second one, just use the SB/MEEPC machine setting that disables a machine after XX days of not syncing. At that point the user would need a Boot Once code, provided by your help desk/support staff.
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community