Has anyone established best practices around purging old clients from their database? I work in a very widely distributed client installation, so computers might leave my network for updwards of six months. I'm trying to determine the best way to clean out the "dead" agents to reclaim the licenses, but I don't want someone coming back online and not have a server object waiting for them. Any advice?
Your situation is really not that different form mine. We have customers in the field that seldom have their machines on the network. The best way we have found to deal with the issue is to determine a "cut-off date". In my situation, our standards state that a company laptop must be put on the network once every 30 days. In reality that doesn't happen, so I decided I would make my cut-off date 90 days. So once a month, I run a "Last Synchronized Date" report, and look for anything older than 90 days. I then use the SBADMCL "Delete Machine" command with the Recycle switch set to True. This way, if a machine shows up again, you can still recover the database object. And then you educate the users about putting their machine on the network more often.
1. If a laptop is not on the network for 60 days, the logon time must increase to 5 minutes, displaying a message that you did not plug the laptop to the network. 2. If this date increases to 90 days, i wish to lock the account so that only the administrator / support staff can help him / her out...
let me know if that is a possibility with HDE. I am running 126.96.36.199
Matrix, I'm not sure if McAfee Endpoint Encryption will do what you are wanting, but it will do pieces of what you are wanting. Situation 1) You could use the SBADMCL UpdateMachineCfg to update the Logon Text, but I don't know of a way that you could script that with the logic to determine the last synch date of the client. I'm not sure the client stores the last synch date, I believe it is only done on the server. Situation 2) You could use the SBADMCL EnableUsers command with the Enable switch set to false to disable the user, but you would still have to have the client machine on the network so it could synch for that to work.
**This is not a recommendation. Independent testing is always advised before implementation on production systems.**
For the first one, you could have the machine check the date of the last "Checking for user updates" in the client log file. Once it parses the info and runs some date math on it, you could pop up a warning to the user. The only problem with this one, is you need to make sure that your sync interval is long enough to not rollover or your retention is long enough to hold it.
For the second one, just use the SB/MEEPC machine setting that disables a machine after XX days of not syncing. At that point the user would need a Boot Once code, provided by your help desk/support staff.