This content has been marked as final. Show 4 replies
if the device will be connected at time of install, use online, if not, offline.
Avoid offline installs if at all possible. They are nearly impossible to manage, in the fact that you would have to manually get the sbxfer.sdb from each machine. Additionally, you would not be able to easily publish updates to the software, with out replacing the sbxfer.sdb with an updated one (specifically for each machine).
You could try a hybrid... where it installs offline, builds its own key, encrypts, but has a server defined for when it does synch. I haven't tried it, so let me know how that goes.
Another problem with offline installs is that user accounts and passwords get very messed up, unless you are using some sort of standard account for all offline installs.
you might have missed something here - an "offline install" is exactly that - an offline >install<. It's assumed the device will be online at some point in the future for policy sync etc.
the case of permanently offline machines is so very rare nowadays anyway, after all, who doesn't pick up email occasionally? Remember, the EEPC/EEFF products only require an IP connection to a dns name to do policy work.
The reason I mention that is because we actually have a few machines in a truly offline mode. We encrypt out Disaster Recovery testing servers prior to shipping to another facility (to prevent data loss or system tampering). Since the only true DR test assumes that all of the normal production systems are gone, they are never attached to a real network.