I have a collection of machines that rarely return to the network, but I would like to track them and provision them. I assume there is some documentation on this already, but I just can't find it. I expect I haven't learned the proper terminology yet. Could you direct me to the right place?

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

0

I think that, by default, if a machine doesn't check in with the K1 at least once every 90 days, it will then be moved to a "MIA" category. This is something you want to watch out for machines that aren't on the network very often.

 

Other than that you should be able to treat them like any other machine. Put them in labels and assign scripts, software, and updates as you see fit.

maybe work some social engineering and advise the users to connect them to the network as often as possible for the best service. 

Answered 10/05/2012 by: muebel
Tenth Degree Black Belt

Please log in to comment
0

I deal with this as well - my oldest syncs are currently at 382 days (without any type of MIA or "deletion from Inventory" issues).  For some "emergency use only" systems, I just booted them up to get the agent on them, ran inventory/patch scans, etc and then shut them back down.  For user systems, every month I call and advise the users to boot up the systems on the network (or connect on VPN) for security updates (at the risk of getting viruses and/or cut off from the network if they don't).  Pretty much a monthly routine at this point and just a fact of life when you have a lot of remote systems...

John

Answered 10/05/2012 by: jverbosk
Red Belt

  • So there is no recommended way to have the KBox face the Internet and allow machines interact with it from anywhere on the Internet unless a VPN is in place?
  • There is, I'm just not using that feature. Maybe these will help:

    http://www.kace.com/support/resources/kb/article/Which-network-ports-does-the-KACE-K1000-appliance-require-to-function?action=artikel&cat=1&id=589&artlang=en

    http://blog.kace.com/2012/05/24/using-ssl-with-your-k1000-appliance/

    http://www.itninja.com/question/remote-user-s-without-vpn

    http://www.itninja.com/question/kbox-in-the-dmz-best-practices

    John
  • Thanks, those links are helpful. Is there a reason you don't open the KBox up and save yourself from those monthly phone calls?
    • security and hackers
      • Is there some significant threat here? It seems like exposure is pretty limited with SSL on the two ports I'd need to expose, 443 and 52230.
  • Not sure what you're getting at - if the machines aren't booted up (i.e. sitting on a shelf) or connecting in, the KBOX isn't going to do much. Also, although I didn't say so specifically, I use calls as a last option - typically I start with an advisory email to the target individuals with managers copied on the request. That generally gets ~90% of the "offenders" to cooperate.

    John
    • I'm trying to figure out if there is any significant reason why I shouldn't save myself the time of manually pushing people to a task that I could automate in a way they don't have to think about. The greater number of humans involved, the more likely something fails.
  • there is not really, you need to look at choices people give you and go with what works best for you and your employer
  • The Kace box is pretty secure if setup correctly, the only outside problem we have had was some DOS attacks on the client port and lots of port scans.
Please log in to comment
0

Join the machines to the domain and make them log in using domain credentials.  If they do not reconnect to the domain at least once every 90 days their cached credentials become invalid and the have no choice but to connect.  Use a GPO to push the client

Answered 10/08/2012 by: SMal.tmcc
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity