4 Replies Latest reply on Mar 22, 2012 6:32 AM by yintha

    Questions about McAfee Epolicy Orchestrator configuration.

      Hello,

       

      First of all I would like to intrudoce myself, im currently a 19 year old IT-Student the only thing I need to do to finish my school is to do a 10 week project in a real company, So i started at this company 2 weeks ago and my project is to configure their Epolicy Server and make proper documentation since their IT staff does not have much knowledge about the epo server at the moment.

       

      Current Situation:

      Mcafee Epo 4.5

      Active Directory, however the way they use AD here is abit, hmm. weird Id say the procedure is this:

       

      -Install + configure PC (Local)

      -Let it join the AD (stays in default computer container)

      -On the Local machine we edit the registry to let the computer automatically local login to the pc with a admin account, all the user credentials are set in the registry so there is no user interaction.

      -The computer boots and the user opens a RDP session (which has a shortcut on destkop) to make connection with a destkop hosted at a different company. (SaaS).

      -Every computer is having some manual adjustments when being installed/configured so it wouldnt be bad to have an action for mcafe there

       

      So the AD is kinda unused, I see it as a big workgroup myself since users login locally, the domain users are NEVER used to login with except the admin login to servers.

      Also there are multiple laptops running a Windows 7 version which does not support a Domain environment (AD).

       

      At the moment the epo server is running, it does synchronize with AD but it makes a 'flat list' in the epo system tree.

      also i noticed serveral users disabling the mcafee client.

       

      My questions are:

      -Should i upgrade to a later McAfee Epo version? what would the benefits be.

      -With this way of letting users login + computers not in the AD what way would you recommend me to deploy epo clients to pc's since id like to use ONE method for every computer

       

      Note: my english isn't 'great' so if i need to make things more clear please tell me.

      The computer i wish to manage is the local computer not the computer we RDP to

       

      on 3/21/12 6:56:03 AM CDT
        • 1. Re: Questions about McAfee Epolicy Orchestrator configuration.
          Sk1dMARK

          I'll take a stab at this for you.

           

          1.) Should you upgrade?  My answer would be: Yes.  If nothing else, the later versions will give you a longer ePO instance installation life before the software goes End of Support and eventually End of Life.  And to keep your environment is a McAfee-supportable state you will need to upgrade at that time.  However, In this case, the latest version of ePO (4.6) has moved the product closer to a true object oriented approach.  You can be more granular in your config and use of the application.  There are also some convenience features in 4.6 that are much appreciated by me.  For instance, you can use the left click-shift key method to select a string of multiple machines instead of having to click each check box next to the machine.

           

          2.) This is a tough question to answer without a little more information.  Since the McAfee Agent requires admin rights to install, you would either need to have an admin account that is common to all the computers or allow the users to install the agent themselves (good luck with that).  You may also have the option of using a system like SMS/SCCM or whatever to deploy for you.  How is this organization patching their machines currently?  That same method may allow you to deploy the agent.  You would just need to create a package for the install that uses the logged-on users credentials.

           

           

          All of that said, if you are looking for a good paying job, check out this organization you are running this project for.  Their standard operating procedures leave much to be desired from a security stand-point (you would have better than average job security there)  I'm sure the users love the convenience of not having to enter their credentials every time, but in this day and age, no one does that anymore.  Especially with the users being admins on their boxes.

           

           

          I hope this helps.

           

           

          Regards,

           

          Mark

          1 of 1 people found this helpful
          • 2. Re: Questions about McAfee Epolicy Orchestrator configuration.

            Hello and thanks for your reply

             

            There isn't much software on the computers, the only things being installed right now are Teamviewer / VNCclient  and a .rdp shortcut on the destkop but all those are in a Ghost image.

            Admin rights aren't a problem since users are local admin, and this is the same for every computer in the network except for some very important machines but manual installation on those few exceptions shouldn't be a problem.

             

            Is it possible to make a new ghost image for computers which includes a McAfee agent + the products the agent normally installs like Viruscan enterprise / anti-spyware, or would that mess up with the system tree since we will change the computer name after the ghosting process is completed?

             

            Or I was thinking about a framepkg package which uses the following credentials:

             

            Domain: %computername% (not sure if using windows variables will work.

            Username: Administrator.

            Password: The password.

             

            Running that .exe on every computer once is doable.

            • 3. Re: Questions about McAfee Epolicy Orchestrator configuration.
              Sk1dMARK

              OK.  So it sounds like you have a common admin username and password for all of the systems.  Since that is the case, you can use ePO to do the deployment..  If I recall correctly, you can enter the credentials like this.  The domain name will be "localhost", User: "Administrator" and Password: The Password.

               

              That said, you could Ghost a machine and do it that way as well.  You will need to do a little prep work though.  Immediately before you take the image you need to delete the AgentGUID registry key so that you do not end up with a duplicate AgentGUID problem.

               

              The duplicate AgentGUID problem goes something like this:ePO uses the AgentGUID as it's first check if a system checking-in is a new system.  If ePO sees an AgentGUID that it has seen before it will overwrite the data it already has for that machine with the data of the machine that has just checked-in.  If that happens ePO will only "know" about the last machine to check in with any specific AgentGUID.

               

              For example:

               

              You have computers A, and B.  Computer A performs an ASCI and checks in to ePO.  ePO notes the properties of Computer A.  You are now able to manage Computer A.  However, when Computer B ASCI's and checks in to ePO.  ePO sees the same AgentGUID and assumes that the name of the system or whatever has just been updated and overwrites what it has for Computer A with the information from Computer B.

               

               

              Hope this helps.

               

               

               

              Regards,

               

              Mark

              • 4. Re: Questions about McAfee Epolicy Orchestrator configuration.

                Hello Mark,

                 

                Thanks for your detailled explanation about agent deployment, it will really help and it will get into my documentation.

                My questions have been answered.

                 

                Thanks alot!

                 

                Regards,

                 

                Joep