/build/static/layout/Breadcrumb_cap_w.png

How do I manage remote machines rarely on the network?

I have a collection of machines that rarely return to the network, but I would like to track them and provision them. I assume there is some documentation on this already, but I just can't find it. I expect I haven't learned the proper terminology yet. Could you direct me to the right place?


0 Comments   [ + ] Show comments

Answers (3)

Posted by: muebel 12 years ago
10th Degree Black Belt
0

I think that, by default, if a machine doesn't check in with the K1 at least once every 90 days, it will then be moved to a "MIA" category. This is something you want to watch out for machines that aren't on the network very often.

 

Other than that you should be able to treat them like any other machine. Put them in labels and assign scripts, software, and updates as you see fit.

maybe work some social engineering and advise the users to connect them to the network as often as possible for the best service. 

Posted by: jverbosk 12 years ago
Red Belt
0

I deal with this as well - my oldest syncs are currently at 382 days (without any type of MIA or "deletion from Inventory" issues).  For some "emergency use only" systems, I just booted them up to get the agent on them, ran inventory/patch scans, etc and then shut them back down.  For user systems, every month I call and advise the users to boot up the systems on the network (or connect on VPN) for security updates (at the risk of getting viruses and/or cut off from the network if they don't).  Pretty much a monthly routine at this point and just a fact of life when you have a lot of remote systems...

John


Comments:
  • So there is no recommended way to have the KBox face the Internet and allow machines interact with it from anywhere on the Internet unless a VPN is in place? - flickerfly 12 years ago
  • There is, I'm just not using that feature. Maybe these will help:

    http://www.kace.com/support/resources/kb/article/Which-network-ports-does-the-KACE-K1000-appliance-require-to-function?action=artikel&cat=1&id=589&artlang=en

    http://blog.kace.com/2012/05/24/using-ssl-with-your-k1000-appliance/

    http://www.itninja.com/question/remote-user-s-without-vpn

    http://www.itninja.com/question/kbox-in-the-dmz-best-practices

    John - jverbosk 12 years ago
  • Thanks, those links are helpful. Is there a reason you don't open the KBox up and save yourself from those monthly phone calls? - flickerfly 12 years ago
    • security and hackers - SMal.tmcc 12 years ago
      • Is there some significant threat here? It seems like exposure is pretty limited with SSL on the two ports I'd need to expose, 443 and 52230. - flickerfly 12 years ago
  • Not sure what you're getting at - if the machines aren't booted up (i.e. sitting on a shelf) or connecting in, the KBOX isn't going to do much. Also, although I didn't say so specifically, I use calls as a last option - typically I start with an advisory email to the target individuals with managers copied on the request. That generally gets ~90% of the "offenders" to cooperate.

    John - jverbosk 12 years ago
    • I'm trying to figure out if there is any significant reason why I shouldn't save myself the time of manually pushing people to a task that I could automate in a way they don't have to think about. The greater number of humans involved, the more likely something fails. - flickerfly 12 years ago
  • there is not really, you need to look at choices people give you and go with what works best for you and your employer - SMal.tmcc 12 years ago
  • The Kace box is pretty secure if setup correctly, the only outside problem we have had was some DOS attacks on the client port and lots of port scans. - SMal.tmcc 12 years ago
Posted by: SMal.tmcc 12 years ago
Red Belt
0

Join the machines to the domain and make them log in using domain credentials.  If they do not reconnect to the domain at least once every 90 days their cached credentials become invalid and the have no choice but to connect.  Use a GPO to push the client

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ