Showing results for 
Show  only  | Search instead for 
Did you mean: 

"Cross Forest" Client and Repository Admin/Management ?


Can anyone tell me what is/isn't possible using ePO to attempt to  manage clients that are located in a different AD Forest ?

As well as general info. I'd like to know if basc cliet AV Management is possible centrally and whether it setup and manage Distributed Repository located in another forest.

Also need to know whether - assuming that there is some fuctionality "cross forest" - the mangement capabilities are version dependant - e.g is it possible with ePO 3.5/3.6/4.0/4.5?



3 Replies

Re: "Cross Forest" Client and Repository Admin/Management ?

Hello Jim,

I think you will not have problems to manage clients located in a different AD Forest. The main concern here would be to get the McAfee Agent installed on the machines from a diferent domain. Anyway there are currently tools that allow you to resolve this like a embedded agent with a custom account.

Once the McAfee Agent is installed it will connect into the ePO server or Agent handler (only available in ePO 4.5) by using its Ip Address/FQDN/Netbios on its specific port which is defined during the installation. Then the McAfee Agent download new policies and tasks from the ePO server and will upload events. All of this traffic is done via Spipe (a proprietary protocol which works like HTTP) so no domain information is used during these activities. This is the reason on why I think you will not have problems during normal agent to server communication.

There are some features that you can use to deploy McAfee Agents like RSD, Active Directory Synch task, Send Agent Install. These features will require adjustments in order to adhere the requirements to deploy the McAfee Agent to a machine in a different domain.

Hope this helps.



Re: "Cross Forest" Client and Repository Admin/Management ?

Thanks Bruno that looks very encouraging.

Apologies for the late reply but I did not get an email notification about the response for some reason..

If the communication is via "SPIPE" then how does this "transit" through firewalls etc. ? - or is it genuinely seen as HTTP and we only ned to allow HTTP on the designated comunication port for the agent ?

Thanks again,



Re: "Cross Forest" Client and Repository Admin/Management ?

Hello Jim,

Please take a look at the KB in order to obtain more information about SPIPE.

Also take a look at the KB for information about ports that you will need to open in your firewall.


You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community