I've been tasked with putting up an ePO box for my DMZ machines. Most are Linux based, but we have a few windows boxes for specific applications. We want to keep DMZ hosts seperate from LAN hosts.
I've got an agent for Linux just so the boxes check in (no A/V, just agent), and an agent for Windows boxes (with A/V8/7). The main point of the Epo box is for DAT file updates, as boxes in the DMZ can't connect to the internet. (I've put up a WSUS server for similar reasons.)
The issues is that, being a DMZ, all those boxes are standalone. No A/D or central auth. I've gotten (most) system owners to install the agent and A/V, and I see boxes checking in.
However, as all boxes are essentially un-managed (from an A/D perspective), I can't deploy ANYTHING to them (patches, Anti-spyware, RSD, etc...).
Is there a best-practice way to deal with these machines? Anyone had to overcome these kinds of issues? Any advice on how to simplify my management of these boxes?
In fact you just only need to deploy McAfee Agent to these boxes and then the AV deployment should work fine.
As these machines must be in a Workgroup then the only thing you must have is to create the same user on any of these machines and then when yu'll have to deploy the agent just put a dot (.) instead of the domain name.
Sweet. That actually helps a LOT.
Is there a way to have the agent CREATE the account? That way, I don't have to give others the password to the account I am creating/using?
I hate passing out credentials.