This content has been marked as final. Show 11 replies
Hmm, haven't looked into it (no SB/EE environment at home), but if you can dump the list of machines the users are assigned to, you could script (Altiris, SMS, PSExec, etc) a solution where you'd force the computer to run ForceSync?
I'll play tomorrow to see if there might be a better idea happy
Sorry, I don't see anything else in the docs that might help force the sync down from server side. I think you're looking at a client side ForceSync to accomplish this - you've just got to engineer the solution that triggers it.
There is not currently a product feature for this. The only way you could do it would be somehow detect the change on the client (perhaps a bit gets flipped in the registry) and check for that change in a programatic way (maybe a logoff script). The script would have to call our ForceSynch command, as you rightly suggest.
I have had some customers implement a logoff script that does a ForceSynch on shutdown. This adds more value than just catching password changes; it makes for more accurate reports and ensures policy changes are actually enforced.
I suppose you could reduce the risk by simply modifying your sync interval. How many clients do you have?
Actually, I am thinking that adding it to the logoff script might just do the trick. Not ideal, but workable. But I am wondering if the "Friday Syndrome" might overtax the server (that is, everyone leaving at the same time at 5:00 and trying to synch at logoff). Much the same way that the synch is delayed in the morning to avoid such a scenario.
from your website, how will you know what client to sync the new password to?
from the IP address of the connection?
if you do know the machine name, use something like sysinternals psexec to simply run a force sync on that box?
Spolok, what is your sync interval set to? Also, how many users are assigned to each machine?
Hmmm, hadn't really thought of how we would get machine name. We could we perhaps dump the user audit and see which machine was last logged into successfully?
Synch interval is 120 minutes. Most of our machines will be 1 user per machine (at least for the sake of this discussion...) wink
if the machine didn't sync yet, then you won't be able to tell from the user audit which machine they are working from. Not with any certainty anyway.
Best to look up their IP address from the connection I think. psexec should be able to handle \\ip notation?
of course you could always use client side scripting - you might need to sign it etc to get the client browser to accept it but that might be even easier?
Newbie here, you mention in this thread that you have customers who have a logoff script to do a forcesynch on shutdown, can you give me any guidance as to how I might achieve that please ?
We are currently running 5.1.8 EEPC