7 Replies Latest reply on Nov 12, 2008 6:26 AM by metalhead

    Avoiding pushing to servers - possible?

      Just wondering if it is possible to set Epo to not push the agent or VSE to servers when a new one comes online? We would like to do it manually.

      We have AD sync on, and set to push the agent to systems when they are discovered in AD and sync'd to Epo, but we do not want them to talk to Epo until we manually install the agent and then push AV.

      Reason is because, even though we have our exclusion list created, it seems that when Epo does deploy the agent, then gets VSE 8.5 the policies are not pushed right away, so on something like an exchange server, everything will be blocked until the policy from Epo is updated on the clients, so we want to manage it this way.

      Anyone know if this is possible?
        • 1. RE: Avoiding pushing to servers - possible?
          metalhead
          Why don´t yo create an Installation Designer package of VSE8.5 with your settings ?
          Then you will have your settings right aufter the installation ...
          • 2. RE: Avoiding pushing to servers - possible?
            Is there any documentation that explains how this tool works and how we would deploy it to servers only within Epo 4.0, and not to every machine in the company?

            I think one of the admins looked into it, but there was nowhere he could import our policies created for servers (in epo 4), so basically I think he was turned off by the idea of having to create all the policies again in this package.

            I will look into it a bit more. If you have any good documentation (outside of the readme that comes with the tool) that would be great.

            Thanks!!!
            • 3. RE: Avoiding pushing to servers - possible?
              metalhead
              Installation Designer is a tool that repackages a standard VSE install package and includes your settings.
              This customized package can be deployed via epo like a normal package.

              To create such a customized package install installation designer on a workstation where VSE is installed. To minimize problems I would recommed using a workstation with a standalone VSE install and NO ePO agent installed.

              Older documentation can be found here https://mysupport.mcafee.com/eservice/productdocuments.aspx?strPage=2 - but running the tool is quite easy.

              Keep in mind to use the installation designer version required for your VSE version, e.g. ID 8.5 for VSE 8.5.
              • 4. RE: Avoiding pushing to servers - possible?
                Thanks, I will take a look.

                Might I ask why you recommend the package installed on a system with the agent?

                Lastly, I would think you also just "check in" the package to the server once completed and create a task, correct?
                • 5. RE: Avoiding pushing to servers - possible?
                  metalhead
                  > Might I ask why you recommend the package installed on a system with the agent?

                  I recommended creating a ID package on a workstation with >> NO << ePO Agent installed.
                  If you do so you will have the agent configuration in your VSE package - in my expirence this creates more problems than with no agent.

                  >Lastly, I would think you also just "check in" the package to the server once completed and create a task, correct?

                  Yes
                  • 6. RE: Avoiding pushing to servers - possible?
                    Thanks again for your help. Hopefully we can tackle this issue and get some AV on our new servers.

                    But as always, with answer come new questions!!

                    So, You suggest we install AV on a clean machine, install the designer tool, configure it the way we want our policies/settings for servers to be, create the package, then push it to servers only within Epo.

                    I can only assume that once the server gets the agent, and is being managed by Epo and we then push our newly created package to it that we can then control the policies that were created in the package by the designer.

                    My fear is that we create this package, bring it into Epo, and then if we want to add to the policies, we have to create a whole new package and bring it into Epo, etc...
                    • 7. RE: Avoiding pushing to servers - possible?
                      metalhead
                      The policies in your new Installation Designer package will only last until the first ePO Agent communication occurs. Then your ePO policies will be enforced. So no difference to the standard installation package.