Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
854 Views 6 Replies Latest reply: Jul 23, 2013 1:15 PM by rmetzger RSS
rothman Newcomer 27 posts since
Jul 23, 2013
Currently Being Moderated

Jul 23, 2013 11:07 AM

Automating the removal of duplicate systems

After some searching, I couldn't find another topic like this on the community, but please point me in the right direction if there is.

 

Problem:

We reimage machines on a daily basis (with our images configured to be sure we do not create duplicate GUIDs) and the standard procedure is to rename the newly imaged machine the same name as it was prior to reimaging.  Due to this, we get dozens of duplicate machines in our ePO daily.

 

Desired Solution:

A query, set of queries or whatever it would take to automate the discovery of duplicate machines and removing the duplicate(s) which have an older 'Last Communication' time than the last one to check in to the ePO (with the assumption that the one which last communicated is the valid GUID).

 

Known tools:

For the automated part of this, I've already created a system task to run on a weekly basis.

 

For the query part of this, I know about the pre-built duplicate query and have been trying to tweak that / add nested queries / use tags to try and segregate the duplicate machines which actually need to be removed.

 

Results:

So far, no real luck (obviously, else I wouldn't be here ).  The problem I keep running into is that there is no good method to segregate the old ones, due to the fact that the machine with the valid GUID may have a last communiation time which meets the filter of 'if not communicated within (x) days' --- that's a whole other problem, but I also do not want to begin, possibly, ophaning machines which have a corrupt Agent or have simply been offline for a long time.

 

So, overall:

Does anyone know if there is a method to get the below pseudo code done?

 

if system_name is duplicated AND the last communication time of system_name(a) is older than last communication time of system_name(b)

   (

    Delete system_name(a)

   )

 

Added duplicate tag on 7/23/13 11:07:26 AM CDT
  • JoeBidgood McAfee SME 2,868 posts since
    Sep 11, 2009
    Currently Being Moderated
    1. Jul 23, 2013 11:26 AM (in response to rothman)
    Re: Automating the removal of duplicate systems

    Problem:

    We reimage machines on a daily basis (with our images configured to be sure we do not create duplicate GUIDs) and the standard procedure is to rename the newly imaged machine the same name as it was prior to reimaging.  Due to this, we get dozens of duplicate machines in our ePO daily.

     

     

    Are the machines being reimaged on the same hardware? Generally speaking reimaging a machine should not give you a duplicate, as long as the MAC address stays the same. Can you explain the reimaging process in a bit more detail?

     

    Thanks -

     

    Joe




    (Please post questions to the forum, as I am unable to respond to private messages. Thanks!)



  • rmetzger Champion 566 posts since
    Jan 4, 2005
    Currently Being Moderated
    3. Jul 23, 2013 12:13 PM (in response to rothman)
    Re: Automating the removal of duplicate systems

    Hi rothman,

     

    Welcome to the forums.

    rothman wrote:

     

    After some searching, I couldn't find another topic like this on the community, but please point me in the right direction if there is.

     

    Problem:

    We reimage machines on a daily basis (with our images configured to be sure we do not create duplicate GUIDs) and the standard procedure is to rename the newly imaged machine the same name as it was prior to reimaging.  Due to this, we get dozens of duplicate machines in our ePO daily.

    I would Consider clearing both the GUID and MacAdress from the master image prior to 'closing' the image. Either that or clear the GUID and MacAdress at first boot, as you are changing the Machine Name. Either way, this should eliminate the duplicates that are created when re-imaging systems.

     

    Here are the entries I would clear:

        REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /F

        REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /F

     

        REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /f

        REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /f

     

    Of course, to delete these entries, VSE's self-protection needs to be temporarily disabled.

     

    A really good discussion and explaination of this issue by Rackroyd:

    https://community.mcafee.com/message/116343#116343

     

    Based on your initial post, you did not inform us of the version of ePO you are using or the version of the Agent you are deploying within the image. I believe using the newer versions of both help to eliminate some of these issues.

     

    A good source of info might be: McAfee Agent 4.8.0 >  MA_480_ProductGuide.pdf  > pg. 41 Include the agent on an image

     

    Hope this helps,

     

    Ron Metzger

  • JoeBidgood McAfee SME 2,868 posts since
    Sep 11, 2009
    Currently Being Moderated
    5. Jul 23, 2013 12:53 PM (in response to rothman)
    Re: Automating the removal of duplicate systems

    OK. If you can clarify the exact process that it would be helpful. If the same user gets the same machine back again after reimaging, with the same name (and presumably MAC address as these are physical) then we should be OK.

    If the machine gets reimaged and given to a different user, or given a different name, then there could be a problem.

     

    Thanks -

     

    Joe




    (Please post questions to the forum, as I am unable to respond to private messages. Thanks!)



  • rmetzger Champion 566 posts since
    Jan 4, 2005
    Currently Being Moderated
    6. Jul 23, 2013 1:15 PM (in response to rothman)
    Re: Automating the removal of duplicate systems

    OK, it was just a thought.

     

    [quote]

    In the environment I inherited (still new to the company) all of the machines showing up as duplicates, I believe, are thin-clients.  That said, the MAC address is different on each one.[/quote]

     

    So, deleting the MacAddress during the re-image process wouldn't help?

     

    Are you restoring the image to the same machine as the embedded image MacAddress? As a 'thin-client' I would surmise that they each have a different MAC address, but the image will use the same one for each restoration if only one Master image was created.

     

    Is there unique image for each thin-client machine (one image to every MAC address)? Are you restoring the image in a one-to-one way?

    What version of ePO and McAfee Agent are you using?

     

    Ron Metzger

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points