How do I manage remote machines rarely on the network?
I have a collection of machines that rarely return to the network, but I would like to track them and provision them. I assume there is some documentation on this already, but I just can't find it. I expect I haven't learned the proper terminology yet. Could you direct me to the right place?
Answers (3)
I think that, by default, if a machine doesn't check in with the K1 at least once every 90 days, it will then be moved to a "MIA" category. This is something you want to watch out for machines that aren't on the network very often.
Other than that you should be able to treat them like any other machine. Put them in labels and assign scripts, software, and updates as you see fit.
maybe work some social engineering and advise the users to connect them to the network as often as possible for the best service.
I deal with this as well - my oldest syncs are currently at 382 days (without any type of MIA or "deletion from Inventory" issues). For some "emergency use only" systems, I just booted them up to get the agent on them, ran inventory/patch scans, etc and then shut them back down. For user systems, every month I call and advise the users to boot up the systems on the network (or connect on VPN) for security updates (at the risk of getting viruses and/or cut off from the network if they don't). Pretty much a monthly routine at this point and just a fact of life when you have a lot of remote systems...
John
Comments:
-
So there is no recommended way to have the KBox face the Internet and allow machines interact with it from anywhere on the Internet unless a VPN is in place? - flickerfly 11 years ago
-
There is, I'm just not using that feature. Maybe these will help:
http://www.kace.com/support/resources/kb/article/Which-network-ports-does-the-KACE-K1000-appliance-require-to-function?action=artikel&cat=1&id=589&artlang=en
http://blog.kace.com/2012/05/24/using-ssl-with-your-k1000-appliance/
http://www.itninja.com/question/remote-user-s-without-vpn
http://www.itninja.com/question/kbox-in-the-dmz-best-practices
John - jverbosk 11 years ago -
Thanks, those links are helpful. Is there a reason you don't open the KBox up and save yourself from those monthly phone calls? - flickerfly 11 years ago
-
security and hackers - SMal.tmcc 11 years ago
-
Is there some significant threat here? It seems like exposure is pretty limited with SSL on the two ports I'd need to expose, 443 and 52230. - flickerfly 11 years ago
-
Not sure what you're getting at - if the machines aren't booted up (i.e. sitting on a shelf) or connecting in, the KBOX isn't going to do much. Also, although I didn't say so specifically, I use calls as a last option - typically I start with an advisory email to the target individuals with managers copied on the request. That generally gets ~90% of the "offenders" to cooperate.
John - jverbosk 11 years ago-
I'm trying to figure out if there is any significant reason why I shouldn't save myself the time of manually pushing people to a task that I could automate in a way they don't have to think about. The greater number of humans involved, the more likely something fails. - flickerfly 11 years ago
-
there is not really, you need to look at choices people give you and go with what works best for you and your employer - SMal.tmcc 11 years ago
-
Ok, thanks - flickerfly 11 years ago
-
The Kace box is pretty secure if setup correctly, the only outside problem we have had was some DOS attacks on the client port and lots of port scans. - SMal.tmcc 11 years ago
Join the machines to the domain and make them log in using domain credentials. If they do not reconnect to the domain at least once every 90 days their cached credentials become invalid and the have no choice but to connect. Use a GPO to push the client
