Would like some input on KACE Agent deployment strategies
Hello all, I've been working with/leanring our KACE system for the last few months and I'm getting ready to throw the agent on all our systems throughout the company. It's primarily a windows environment, but we have a good number of Macs as well. I was hoping to get some thoughts on what is the best, or preferred method for deploying the Agent through an organization (Windows only for now)?
I ask this because I am not the network administrator, but I am the only one who works on our KACE systems and I'll have to coordinate with our admin for any domain policies we need to create. I have an IP range that will reach all of our machines, but many have the firewall enabled and/or do not have any users or groups other than the default added to the Administrators group (Only domain admins, administrator and the machines user are administrators for the most part and I am not in the domain admin group). My first though was to have a GPO made to open ports 139 and 445 on the domain portion of Windows Firewall, and then have a domain account made with limited permissions added to the domain admin group to run the provisioning configuration.
Our organization is only about 250 machines, and I've already got my K2000 setup to add the agent to any new deployment (which makes about 75 that have it running now) so moving forward it shouldn't be an issue. My main concern (or rather that of our network admin) is security and before I make a proposal to him I wanted to see if anyone had any thoughts or advice on the best way deploy the agent. Thank you for your insights.