1 of 1 people found this helpful
I'll take a stab at this for you.
1.) Should you upgrade? My answer would be: Yes. If nothing else, the later versions will give you a longer ePO instance installation life before the software goes End of Support and eventually End of Life. And to keep your environment is a McAfee-supportable state you will need to upgrade at that time. However, In this case, the latest version of ePO (4.6) has moved the product closer to a true object oriented approach. You can be more granular in your config and use of the application. There are also some convenience features in 4.6 that are much appreciated by me. For instance, you can use the left click-shift key method to select a string of multiple machines instead of having to click each check box next to the machine.
2.) This is a tough question to answer without a little more information. Since the McAfee Agent requires admin rights to install, you would either need to have an admin account that is common to all the computers or allow the users to install the agent themselves (good luck with that). You may also have the option of using a system like SMS/SCCM or whatever to deploy for you. How is this organization patching their machines currently? That same method may allow you to deploy the agent. You would just need to create a package for the install that uses the logged-on users credentials.
All of that said, if you are looking for a good paying job, check out this organization you are running this project for. Their standard operating procedures leave much to be desired from a security stand-point (you would have better than average job security there) I'm sure the users love the convenience of not having to enter their credentials every time, but in this day and age, no one does that anymore. Especially with the users being admins on their boxes.
I hope this helps.
Hello and thanks for your reply
There isn't much software on the computers, the only things being installed right now are Teamviewer / VNCclient and a .rdp shortcut on the destkop but all those are in a Ghost image.
Admin rights aren't a problem since users are local admin, and this is the same for every computer in the network except for some very important machines but manual installation on those few exceptions shouldn't be a problem.
Is it possible to make a new ghost image for computers which includes a McAfee agent + the products the agent normally installs like Viruscan enterprise / anti-spyware, or would that mess up with the system tree since we will change the computer name after the ghosting process is completed?
Or I was thinking about a framepkg package which uses the following credentials:
Domain: %computername% (not sure if using windows variables will work.
Password: The password.
Running that .exe on every computer once is doable.
OK. So it sounds like you have a common admin username and password for all of the systems. Since that is the case, you can use ePO to do the deployment.. If I recall correctly, you can enter the credentials like this. The domain name will be "localhost", User: "Administrator" and Password: The Password.
That said, you could Ghost a machine and do it that way as well. You will need to do a little prep work though. Immediately before you take the image you need to delete the AgentGUID registry key so that you do not end up with a duplicate AgentGUID problem.
The duplicate AgentGUID problem goes something like this:ePO uses the AgentGUID as it's first check if a system checking-in is a new system. If ePO sees an AgentGUID that it has seen before it will overwrite the data it already has for that machine with the data of the machine that has just checked-in. If that happens ePO will only "know" about the last machine to check in with any specific AgentGUID.
You have computers A, and B. Computer A performs an ASCI and checks in to ePO. ePO notes the properties of Computer A. You are now able to manage Computer A. However, when Computer B ASCI's and checks in to ePO. ePO sees the same AgentGUID and assumes that the name of the system or whatever has just been updated and overwrites what it has for Computer A with the information from Computer B.
Hope this helps.
Thanks for your detailled explanation about agent deployment, it will really help and it will get into my documentation.
My questions have been answered.