1 Reply Latest reply on Aug 23, 2010 3:28 AM by JoeBidgood

    Agent with embedded credentials


      I've a simple question, but need clarification on someting..


      There are 2 versions of the 4.5 agent...the regular one and one with embedded credentials.


      Now I am pretty sure the epo (epo 4.0, agent 4.5.1429...so agent 4.5 with the VPN hotfix)), that I inherited has just the regular agent.


      In my systems tree, if I click on "new system", I am able to create a framework agent installer package. I have the choice of putting credentials in it, which I have done


      What is the relation between this function and the agent with embedded creds. Does this function appear on screen in epo, but (silently) require the agent with credentials function?


      Or is there "something else" to the agent WITH credentials?

        • 1. Re: Agent with embedded credentials

          This is a slightly confusing area since MA 4 was introduced - bear with me

          Firstly - the process of embedding credentials allows you to create an agent installer (framepkg.exe) with built-in administrator credentials, that can then be run by users without admin rights on their machine. If you don't need this ability - and the majority of users don't, since they use other methods such as push install, SMS, and so on to install the agent - then you can ignore the entire thing.


          As you point out, the agent install packages that you check into the master repository are available in two types - one with embedded credential support, one without. If you need EC support then you must check in the EC package: this can be used to create a framepkg with credentials in, but can also be used in the same way as the "normal" agent - i.e. the default framepkg still needs admin credentials to run, and you can push install it, and so on.


          The only slight irritant is that the wizard in the ePO console can't distinguish the two types. (This is because ePO wasn't expecting there to be two types - it was expected that there would only be on package type that would support EC. The problem that required two separate packages was only found with the release of MA4.)  This means that if you have the non-EC package checked in, the wizard will allow you to go through the motions of creating an EC framepkg - but the framepkg thus created won't actually have credentials embedded in it.


          The reason for there being two types, by the way, is that the EC package is considerably larger than the non-EC one - if you didn't need EC support then it was considered an unacceptable waste of bandwidth to have to replicate and deploy such a large package, so admins were given the choice.)


          HTH -