I have an infrastructure hosting more than 20K laptops. The object management follows a delegation model where goegraphic location administrators enjoy rights to manage entities and objects within their geographic zone. Ofcourse, on top stays the SBAdmin centrally.
Now, the problem is that some of the machines' objects have been deleted (by mistake) from SafeBoot console. Here is where i am running into a risk. If the device crashes, or the disk fails to boot up, there is no way known to me in which i can recover the data on the disk. A COMPLETE CRASH scenario.
I need to recover the information of these 'lost' laptops back into the SBconsole, to make them managable again, without falling into the exercise of de-crypting all of them and encrypting them again.
Sadly, i cannot do the backed up DB extraction for more than 500 machines that have gone missing because i do not know about their deletion dates. And considering the volume of data of running an insight, it brings me shivers.
I would suggest to get in contact with the support.
Otherwise a few ideas to find out which clients are missing: You could try to find the deleted machines by digging through the local sync logs. Every client which does not exist anymore in the DB will get an error while syncing ("Object not found" i think). In our environment we collect all log files with errors centrally to find defective endpoints - most of the time it is a corrupt local DB but sometimes someone has deleted the wrong machine object in the DB.
Second way is to dig through the audit logs of the admin user who has deleted the machines by accident. You find the ID and date of the deleted machines.
If you are able to identify the deleted machines you can recover these objects either by setting up a second DB from your backup files, export the objects and import these clients to the productive DB or - if you are lucky - these objects can be found inside of the recycle bin (system tab, deleted items, machines).
If you have never done such things before get in contact with the support.
EDIT: I would like to have the output of the log window of the management center written to a file (with the correspondig user). The audit logs are way to simple to find out more complicated things.
there's no way of regenerating the machine info from the machine itself. Either you need to recover them from a backup of the DB, or to SafeTech/WinTech remove the problem machines and activate again.
You could probably work out which machines have been deleted or not from their client logs - they should be throwing a "object can not be found" type error.
so, with a simple login script you could create a report over time of all the machines which have the problem, you can use the API call "getlocalmachinename" to obtain the machine object ID (on the problem machine), and from that, you'll know which machine object to copy from the backup DB file structure into your main production DB.
once you've copied the correct folder across, and removed the xxxxxxxx.wpe folder that's currently there (indicating the machine has been wiped), a group scan will re-insert them into the visible groups list and you'll be back online.
easy peasy, as long as you have a good backup that is.
One thing we do is never permanetly delete objects. We rename them with somethng like -old, -rebuilt, or -unknown. Let them just sit in the trash can. This way they don't take up licenses but are recoverable.
Its pretty dangerous not to have a backup of your database. You may want to just stop the services once a week and make a copy of the entire c:\program files\safeboot folder.
As far as backups go, you don't have to stop services if you use the built-in database backup tool. It will require a license file to use it, but I can't imagine someone buying over 1000 licenses and going cheap on the backup option.