We have deployed Safeboot using altiris to over 2000 machines. It has worked very well. We use a generic package. As far as creating users, we are using the AD connector with a modified filter on domain users. Hope this helps.
Altiris is probably the most commonly used deployment tool that I see in the field. I *strongly* recommend that you engage our professional services team. The nature of your question raises several red flags about understanding basic product functionality.
- You should make a single exe from the safeboot console. Make this install set from a machine group, not an individual machine.
- When Altiris runs this package, the machine will automatically register its unique name in the safeboot console.
- This new machine object in the console will adopt the properties of whichever group it is created in (i.e. the group from which the installer was built)
- One of the properties it inherits from the group is the users. If you are a small organization (500 or less), then just assign all users at the group level and then all those users will work as pre-boot accounts on your systems. If you are a large organization, you will need to devise a strategy for user provisioning. For example, you could leverage our API to automatically assign users to machines on install. Or if you use v6, then this code is native and you don't need any scripts.
- You users can be pulled from AD, or you can create them manually, or you could have the API / script automate the manual creation.
So you have many possible strategies for your deployment, but if you don't get training or professional services ... you may not choose the best strategy.
Thanks for your response.
Can you let me know what API are you referring to for automatically assinging the users to machines on install.
I have already populated the users from the AD using the AD connector.
In the nutshell it is AutoDomain VB script (comes as compiled) with SafeBoot/EEPC API calls (same as used for sbadmcl scripting).
To answer specifically, the SetUser command is used to assign a username to a machine. How you gather the user name and machine name is up to you, but you need both in order for the command to work. You should start by reading the SBADMCL Scripting Guide PDF that came with your install files.
Thanks for your response guys
Mcafee has released EEPC V6 which can be fully integrated with epo 4.5 so we have decided to test this out and roll out EEPC using EPO.
Thanks for all your help.
Be sure to use the "add local domain users" option in the v6 policy. This will enable our code to find the Windows users assigned to a machine and then make them valid pre-boot authentication accounts. This is a great feature because it eliminiates the need for complex scripting that we had in v5!
Also, consider using this Quickstart Guide when you begin your POC of EEPC v6.
Thanks for your inputs will keep in mind for the EEPC v6 rollout.
One more question does EEPC v6 has the same feature like earlier EEPC versions where in i can add admin users to a particular system so in case the users token is invalidate we can atleast login with the admin account.
with 6, you can add any AD user, or group of AD users etc, much the same as v5. 6 at the moment though has no capacity to create or use users from outside of AD.