So to follow on from the above, I'm wondering if the DLP agent on the server can make a share available, where it is not shared natively via windows.
The reason for my questions is that the customer that is going to be installing HDLP has a lazy IT department and they avoid work as much as possible. The believe if it isnt broke dont touch it, so i need to break access to DLP controlled shares. They dont want to have the HDLP agent pushed automatically when a new system joins the domain, so I am trying to figure out how to block access to the DLP 'secured' data until the DLP agent is installed on the client machine.
If anyone has any ideas I'd be glad for the assistance
In my company, there are two parts of agent installation, McAfee agent and DLP agent. We use sccm to deply McAfee agent which is exported from EPO console, it will be installed automatically if sccm client detects there is no McAfee agent installed. And we use EPO to deploy DLP agent, automatically too. But you can define your way, one time at once / on schedule...
Also you can install McAfee agent from EPO, and same as deploy DLP agent you can define your way too.
There is no share for agent installation, and you can get it from above, no step needs a share.