I would like all the computers in 2 branches and their sub branches to get the McAfee agent and then other software such as VSE 8.8. If I run a client task "Now" or even at a specific time in the futire, many of the deployments will fail or expire due to desktops being powered off or laptops being away from the office at the time. I would like McAfee to instal the agent at any time systems with no McAfee agent are detected, but only if those systems belong to specific branches in ePO. For instance if someone has their laptop at home for weeks at a time and doesn't connectsit to the network until next month, I would like McAfee agent to still automatically install then.
What are the best ways to deploy the agent to computers that are not available at the time you schedule pushing the agent?
Have you thought of installing the agent via login script / GPO? That's how we have it configured, and it seems to be working pretty good. We will also be looking into including the agent as part of the image when computers are setup, but not there yet...
You could do it with Rogue System detection if you can setup a sensor at the site where the device generate broadcasts...
We already have started automatically deploying the agent when installing new systems, but we need to get the agent installed on many laptops that will not be reimaged for a long time and are away for the office more often than there are in the office
Would I have to install the rogue sensor app on PCs on every subnet? This may be a problem since the the most problematic subnet would be the wireless subnet used by laptops and it is not practical to have a dedicated laptop connected to wireless all day long to catch rogue laptops that come and go sporadically.
Can the rogue sensor be set on the DHCP server that would be connected to all subnets all the time (including the wireless subnet) or must there be a different rogue detection agent for every subnet?
We also need to set the agent to only try to install the McAfee agent on workstations that are members of our domain, so it does not waste time attempting and then failing to install on vendor's and visitors laptops that are not members of our active directory domain or printers, smartphones, tablets and voip phones it detects on the network.
on 1/15/13 9:31:07 PM CST
yes, the rogue sensor can be setup on a central dhcp server.
You can also use AD sync to push the agent on unmanaged devices.