cancel
Showing results for 
Search instead for 
Did you mean: 
biiro
Level 9
Report Inappropriate Content
Message 1 of 10

Blocking Agent Install

Hi all,

I'm trying to create an agent policy within ePO 4.5.5 which blocks installing the agent on certain machines, defined by machine name.

We have two Xen master machines, which keeps pulling the agent down and I'm worried any dynamic machines spawned from that will also pull the agent down, so I wanted to get the agent blocked on the 2 master machines by setting a policy within ePO.

The reason for this, is we are getting McAfee MOVE shortly for our Xen virtual machines, and as they are dynamic and not static machines, it will generate a new machine ID thus making numbers and management in ePO nigh on impossible, as ePO would recognise it as a new machine, so the MOVE software seems to be a good solution to what we need.

Any suggestions or tips?  Tried a couple of different things but not had any success so far.

9 Replies
Tristan
Level 15
Report Inappropriate Content
Message 2 of 10

Re: Blocking Agent Install

Have you tried using manually applied tags to exclude the Xen masters from the deployment task?

biiro
Level 9
Report Inappropriate Content
Message 3 of 10

Re: Blocking Agent Install

Hi Tristan,

tried that to no success, but again it could be my implementation of said tags (likely).  How did you envisage setting up the tags and excluding them from a deployment task?

Tristan
Level 15
Report Inappropriate Content
Message 4 of 10

Re: Blocking Agent Install

Apologies...I did think about this after i posted.

My idea was based on ePO 4.6 which i know is possible. Whether you can do the same in 4.5 i can't remember as it's been so long since i used it.

Hopefully someone with a better memory than myself will pick-up the train of thought.

Message was edited by: Tristan on 27/03/12 15:53:39 IST
biiro
Level 9
Report Inappropriate Content
Message 5 of 10

Re: Blocking Agent Install

no problem.  we are moving to 4.6 in the next week or 2, but it was just a thought if it was at all possible in 4.5

Re: Blocking Agent Install

It IS possible in 4.5 actually......since we are still using 4.5...and i also use this strategy to exclude several servers and some VIP workstations that require special attention, policies, etc.

biiro
Level 9
Report Inappropriate Content
Message 7 of 10

Re: Blocking Agent Install

how did you go about it, if you don't mind explaining?  I tried several other ideas i thought might work yesterday but these failed to work

Re: Blocking Agent Install

With your requirements, and since you only have 2 servers to modify.. i think it will be much faster and easier if you use VSE Access Protection to block the installation. Just create a new User-define rule preventing installation of the agent to those 2 servers...then youre done...

biiro
Level 9
Report Inappropriate Content
Message 9 of 10

Re: Blocking Agent Install

I'd not tried that.  Though I will give it a shot and see what I can do.

Re: Blocking Agent Install

Hi Biiro,

How do you depoly the agent automatically? Do you use an Automatic (rogue system detection) Response?

If so, have you tried to include an exclusion there? You can exclude the two servers by computer name or IP address for instance, so that the agent does not get deployed by the ePO server to these two machines.

You can also add these two machines to the Exclusion list so that they won't be "bothered" by ePO any longer.

K

Message was edited by: kmcin11 on 4/1/12 5:48:50 PM CDT