cancel
Showing results for 
Search instead for 
Did you mean: 
jlph
Level 8
Report Inappropriate Content
Message 1 of 8

Product Deployment task permissions

Jump to solution

Hi, I have recently built a new ePO 5.3 instance and following the Getting Started wizard created some Product Deployment tasks to deploy the McAfee agent. We have LDAP sync in place and a continuous monitoring task to deploy the agent to all unmanaged devices. I'm noticing that the deployment task doesn't seem to be functioning. If I manually deploy the agent the continuous task to deploy VS kicks in and works as intended.

My question is which account does the Product Deployment task run under? I can't see any credentials specified in the task details and my belief is that this is a permission issue. I'm assuming I provided an account during set up but can't recall which account this was and also can't locate where this account is specified.

I also can't seem to find anything in the audit log.

Please let me know if further information is required.

Thanks in advance.

1 Solution

Accepted Solutions

Re: Product Deployment task permissions

Jump to solution

You could plan/work around this:

  • Create a query to run, periodically (your choice) which identifies UNMANAGED systems in your system tree.
  • Schedule that query in a TASK, and then assign a SUB-TASK to Deploy McAfee Agent to the results of that query, specifying the account credentials you prefer.

  • While you're at it, you can also have a copy of the query results emailed (or saved as a file) to inform you of those machine names to which you are trying to deploy.

Plenty of options.

Using TAGS, you can further evaluate/track the efficacy of your deployment, and even query/track those systems to which repeated deployments seem to fail.

7 Replies

Re: Product Deployment task permissions

Jump to solution

Moved from  Community Support > > Discussions.

For better exposure and assistance.

By

Moderator

Cliff
McAfee Volunteer
jlph
Level 8
Report Inappropriate Content
Message 3 of 8

Re: Product Deployment task permissions

Jump to solution

Many thanks CatDaddy.

Re: Product Deployment task permissions

Jump to solution

You are most welcome Hopefully someone from Corporate will pick up this thread, and add to the Discussion in short order.

​ Could you kindly assist this user?

Cliff
McAfee Volunteer

Re: Product Deployment task permissions

Jump to solution

So far as I know, any Agent tasks run as the NT AUTHORITY\SYSTEM account.

jlph
Level 8
Report Inappropriate Content
Message 6 of 8

Re: Product Deployment task permissions

Jump to solution

Thanks Woody. This particular task is deploying the agent to an unmanaged device so whichever account this is being run under it presumably needs to have local admin rights on target machines. I just can't seem to find which account it is currently running under...

jlph
Level 8
Report Inappropriate Content
Message 7 of 8

Re: Product Deployment task permissions

Jump to solution

For further information attached is a screenshot of the Product Deployment page so that the particular task type I'm referring to is clear. mcafee.JPG

Re: Product Deployment task permissions

Jump to solution

You could plan/work around this:

  • Create a query to run, periodically (your choice) which identifies UNMANAGED systems in your system tree.
  • Schedule that query in a TASK, and then assign a SUB-TASK to Deploy McAfee Agent to the results of that query, specifying the account credentials you prefer.

  • While you're at it, you can also have a copy of the query results emailed (or saved as a file) to inform you of those machine names to which you are trying to deploy.

Plenty of options.

Using TAGS, you can further evaluate/track the efficacy of your deployment, and even query/track those systems to which repeated deployments seem to fail.