I'm trying to create an agent policy within ePO 4.5.5 which blocks installing the agent on certain machines, defined by machine name.
We have two Xen master machines, which keeps pulling the agent down and I'm worried any dynamic machines spawned from that will also pull the agent down, so I wanted to get the agent blocked on the 2 master machines by setting a policy within ePO.
The reason for this, is we are getting McAfee MOVE shortly for our Xen virtual machines, and as they are dynamic and not static machines, it will generate a new machine ID thus making numbers and management in ePO nigh on impossible, as ePO would recognise it as a new machine, so the MOVE software seems to be a good solution to what we need.
Any suggestions or tips? Tried a couple of different things but not had any success so far.
tried that to no success, but again it could be my implementation of said tags (likely). How did you envisage setting up the tags and excluding them from a deployment task?
Apologies...I did think about this after i posted.
My idea was based on ePO 4.6 which i know is possible. Whether you can do the same in 4.5 i can't remember as it's been so long since i used it.
Hopefully someone with a better memory than myself will pick-up the train of thought.Message was edited by: Tristan on 27/03/12 15:53:39 IST
It IS possible in 4.5 actually......since we are still using 4.5...and i also use this strategy to exclude several servers and some VIP workstations that require special attention, policies, etc.
With your requirements, and since you only have 2 servers to modify.. i think it will be much faster and easier if you use VSE Access Protection to block the installation. Just create a new User-define rule preventing installation of the agent to those 2 servers...then youre done...
How do you depoly the agent automatically? Do you use an Automatic (rogue system detection) Response?
If so, have you tried to include an exclusion there? You can exclude the two servers by computer name or IP address for instance, so that the agent does not get deployed by the ePO server to these two machines.
You can also add these two machines to the Exclusion list so that they won't be "bothered" by ePO any longer.
KMessage was edited by: kmcin11 on 4/1/12 5:48:50 PM CDT