K1000 inventorying remote machines
First, sorry - this question does not have a specific answer - we're looking for ideas!
We have a number of machines that rarely connect to our network, but we would like to inventory. These are mainly laptops of remote workers. They will occasionally use the VPN to change their passwords, but other than that they stay "out on the internet". I've seen a few posts about opening a K1000 to the internet, but wondering if anyone has any comments on the risks of this (script kiddies, somehow getting bad data from users that arent ours etc), as well as alternatives. We've also thought about using some kind of vpn "onconnect" script to run kbscriptrunner.exe.
Any comments welcome!
Community Chosen Answer
We have 80 laptops that mainly stay off-campus or use the public wireless when on campus. We had to open only the two ports in the firewall and so far only problem was some strange machines started showing up from a company back east and contacted them and it was from some misconfiguration they did and it pointed their clients to our IP. When their machines did check in they were at our mercy, not the other way around.
We feel it is worth it to open it up now we see the laptops check in and they also get critical patches this way, this is handy only half of the laptop users are admins on their systems