What are the GPO settings for protecting the KACE Agents?
I wanted to see if anyone had implemented a GPO to protect the KACE Agents from either being uninstalled or their services stopped. We haven't had many cases of this happening, but we wanted to make sure that some of these machines that are on our network are indeed having issues with the agent and not an unruly user.
Thanks in advance!
0 Comments
[ + ] Show comments
Answers (3)
Answer Summary:
Please log in to answer
Posted by:
nshah
8 years ago
Well with the new agent, it doesn't show up in add and remove so the use would have to run the installer to remove it themselves. if they had rights or via command line, again with rights.
Comments:
-
How about for hiding the services then? - dsykes 8 years ago
Posted by:
JasonEgg
8 years ago
We use the GPO for deployment and for persisting the install (as you mentioned). I don't have a good strategy to differentiate between "real" problems with the agent and user-created problems, though. In my opinion, any user savvy enough to hamstring KACE is also savvy enough to do all the things we use KACE for (patching, installing printers, etc.).
Posted by:
Channeler
8 years ago
Top Answer
Well, I could always find a way to remove the agent... but I think this applies for ANY software... not only KACE agent, right now is not inside the Programs and Features, but it can still be removed from CMD.
It sounds like your users are Power Users or Administrators. If they don't need this level of access, just remove them from those groups and/or cease adding them to these groups on new machine installs.....
In regards services... there might be a way https://community.sophos.com/kb/en-us/114251
It´s to prevent users from stopping the AV´s services, but it should apply for almost any service.
But I mean... I could still get into the ProgramData\KACE folder, and if I have enough knowledge... I do not even need to remove the agent or stop the service... by going to AMP.Conf, and replacing the hostname with whatever other IP address or name... the KACE agent will NO longer report to your K1000.
It sounds like your users are Power Users or Administrators. If they don't need this level of access, just remove them from those groups and/or cease adding them to these groups on new machine installs.....
In regards services... there might be a way https://community.sophos.com/kb/en-us/114251
It´s to prevent users from stopping the AV´s services, but it should apply for almost any service.
But I mean... I could still get into the ProgramData\KACE folder, and if I have enough knowledge... I do not even need to remove the agent or stop the service... by going to AMP.Conf, and replacing the hostname with whatever other IP address or name... the KACE agent will NO longer report to your K1000.