I'm a new KBOX user and have been rolling out the Agent to my 120+ users over the past month. Got my head around the firewall/ports thing and configured that via a GPO. But now that I am also supporting new Windows 7 PCs/notebooks, I am curious about a couple of things:

(1) the security implications of setting UAC via a GPO with "Run all administrators in Admin Approval Mode" set to ENABLED ... what does this really mean in terms of changing UAC behaviour?
EDIT: just realised that the default in the GPO settings is Enabled, so I guess all my Windows 7 machines already have this set unless I have specified otherwise?

(2) I've not been able to discover how to enable File and Printer Sharing via a GPO ... so am I stuck with a manual process on a per-machine basis for this?

Just wondering whether others here are happy with that UAC change and also whether others here have a better way of dealing with item #2.

For the time being I have had to manually turn off UAC, manually turn on File and Print Sharing and Network Discovery, reboot, install the Agent, turn UAC back on again, reboot. Painful.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
If you have GPO why not deploy the agent that way as well? http://www.kace.com/support/kb/index.php?action=artikel&cat=2&id=848&artlang=en
Answered 08/17/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
0
I suppose I could. But I've always been a bit wary of apps deployed via GPO and avoid it when I can. That wouldn't address the UAC and other issues though would it?
Answered 08/17/2011 by: stephen.frost
Senior Yellow Belt

Please log in to comment
0
I was assuming that the only reason you were playing with UAC, etc was to get provisioning to work. If so then yes this would address that problem as it would use AD's security mechanisms in lieu of agent provisioning and not require those other changes
Answered 08/17/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
0
OK, thanks, I didn't realise that; I will finish rolling out the current batch manually, but when we upgrade to the next Agent version I will give the .MSI deployment via GPO a go.
Answered 08/18/2011 by: stephen.frost
Senior Yellow Belt

Please log in to comment
0
Just to be clear that once you have an agent you should never need to reprovision it again --it will update itself. Provision or other installation methods like via GPO are only necessary for machines that do not have an agent.
Answered 08/18/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity