6 Replies Latest reply on Jan 15, 2009 1:49 PM by cdstech

    VirusScan 8.5i - Symantec Ghost Imaging

      I am trying to create an image for several hundred computers and I want to include VirusScan on the image.

      I have read several places that you must delete the GUID key after your image is complete. This key is not even being created that I can see...

      Anyways...Bottom line....

      What is the best way to deploy McAfee with my image? Using the RunOnceEX key, can i just install it on my image and then sysprep and go from there?

      Any help would be greatly appreciated...

      Thanks In Advance.
        • 1. RE: VirusScan 8.5i - Symantec Ghost Imaging
          metalhead
          Speaking of VSE - yes you can. If you also include an ePO agent you have to delete the agents GUID before imaging the system.
          • 2. Thanks + One Additional Question
            metalhead...

            Thanks for the quick response. I just have one other question. In the past when we tried to deploy multiple machines, we seemed to have run across an issue where the machine name was also in an additional location. Local settings or in a NAI directory or something, which caused problems when looking at the machines from the management console.

            Maybe this was an unrelated issue, and I do know in the past we did not install the agent at the same time. I believe this time around I will install the agent as well and then simply delete the GUID registry entry as you indicated.

            I will post back once the initial imaging is complete, hopefully with nothing but good news.

            Thanks Again...
            • 3. RE: Thanks + One Additional Question
              runcmd
              We had a lot of problems with imaged computers registering properly in the ePO database before learning about the Unique Identifier previously mentioned. When building a new computer from an image, I also noticed that the MAC recorded by the agent in the registry did not necessarily match that of the NIC on the new computer. Do you need to remove that from the registry as well? I always removed it to be thorough, but wasn't sure if it was required. If memory serves me correctly, unlike the Unique Identifier (which appears as soon as the Framework service is restarted), the MAC wasn't rerecorded until communication with the repository occurred for the first time (and sometimes it required a reinstall of the agent).

              Finally, at least the "OnDemandScan" log file will record the workstation name. I don't believe this effects functionality, but it can cause some confusion when looking through the logs and seeing the name of the workstation used to create the image in old entries. I'm certainly not a McAfee expert, but those are the only caveats I'm aware of when imaging.
              • 4. RE: Thanks + One Additional Question
                This is what i have in our bat file when before running sysprep.

                Just make sure the sysprep machine has a custome policy that allows the mcafee service to be stopped and mcafee files/settings to be modifed. Otherwise you will not be able to stop the services or delete the registry keys.


                ECHO.
                ECHO Stopping unnessary services:
                net stop McAfeeFramework /yes
                net stop McShield /yes
                net stop McTaskManager /yes

                ECHO.
                ECHO Terminating unneeded processes:
                pskill /t frameworkservice
                pskill /t updaterui
                pskill /t vstskmgr


                ECHO
                Echo Prep Mcafee Agent
                REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /F
                REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /F

                ECHO Clearing McAfee Logs....
                del /q "%DEFLOGDIR%\AccessProtectionLog.txt"
                del /q "%DEFLOGDIR%\BufferOverflowProtectionLog.txt"
                del /q "%DEFLOGDIR%\EmailOnDeliveryLog.txt"
                del /q "%DEFLOGDIR%\OnAccessScanLog.txt"
                del /q "%DEFLOGDIR%\OnDemandScanLog.txt"
                del /q "%DEFLOGDIR%\UpdateLog.txt"
                del /q "c:\quarantine\*.*"
                • 5. RE: Thanks + One Additional Question
                  Gazz300


                  MMM when you want a custom policy then drop me a note.
                  • 6. Custom Policy
                    Gazz,

                    Is their a way to import/export the custom policy settings?

                    I am attempting my first image now...will let you know how things work out...