Discovery and Inventory Group

Expand all | Collapse all

Managing Endpoints at NON trusted Domain

Jump to Best Answer
  • 1.  Managing Endpoints at NON trusted Domain

    Posted 02-08-2013 02:14 PM

    Hi all, I am will be implementing Altiris for our company.  The challenge is we have newly acquired sites that are not trusted.  Does anyone have experience or know how on approaching this challenge?  What account do I use? Method on how to push agents etc.  Keep in mind that these non trusted AD domains do have network communication to our HQ site, where the SMP Altiris server resides.

    Thanks in Advance.



  • 2.  RE: Managing Endpoints at NON trusted Domain

    Posted 02-12-2013 09:11 AM

    One other item to consider; DNS.  The agent machines will need the ability to resolve the FQDN of your SMP NS server and any site servers which are assigned to them.  For certain features, including the agent push, the NS server also needs the ability to resolve the client DNS names.  In my case I ended up writing a custom agent installer script since I did not have a way to allow the NS to resolve client FQDNs.   



  • 3.  RE: Managing Endpoints at NON trusted Domain

    Posted 02-12-2013 03:04 PM
      |   view attached

    Script is attached.  Rename to VBS.  Be warned this is a farily involved script designed to run o a schedule.  However I did made it modular so you should be able to shape it for your environment by modifying a few variables.  Some basic instructions are included in the header of the script. 

    Also, I recalled when looking over this that I ended up needing to add a HOSTS file entry to the machines I deployed to which were not in a domain.  Even when I deployed the agent using this script which uses only the IP address of the NS, the agents would talk to the NS and then fail to download packages because the package sources would be returned to the agent as DNS names. The command to add this entry is part of this script but is commented out.  Un-REM this line if you also require this added.

    Here are a few disclaimers:

    - This script was written for and used on an Altiris NS 6.x enviornment.  It was not designed for or tested on SMP 7.x. 

    - USE THIS SCRIPT AT YOUR OWN RISK.  THE WRITER ACCEPTS NO RESPONSIBILITY FOR HOW THIS SCRIPT IS USED OR PROBLEMS IT MAY CAUSE.  If you do not fully understand everything the script is doing you should NOT use it. 

    Attachment(s)

    txt
    AltNSClientPush_vbs.txt   27 KB 1 version


  • 4.  RE: Managing Endpoints at NON trusted Domain

    Posted 02-14-2013 05:27 PM

    Thank you so much, I will test it out in our Test environment



  • 5.  RE: Managing Endpoints at NON trusted Domain

    Posted 02-11-2013 06:14 PM

    Thank you!



  • 6.  RE: Managing Endpoints at NON trusted Domain

    Posted 02-11-2013 06:01 PM

    What application identity will it use for inventory scan?



  • 7.  RE: Managing Endpoints at NON trusted Domain

    Posted 02-12-2013 12:22 PM

    JoeVan, do you mind sharing your script?



  • 8.  RE: Managing Endpoints at NON trusted Domain

    Trusted Advisor
    Posted 02-11-2013 06:08 PM

    It runs in the same context that the base Symantec Management Agent, the local system account and posts back data using http.



  • 9.  RE: Managing Endpoints at NON trusted Domain
    Best Answer

    Broadcom Employee
    Posted 02-11-2013 12:01 PM

    When you push the agent, use an account that has administrator rights on the workstations you've targeted for the push.  After the agent is installed, it will communicate with the NS over port 80 (if you've used HTTP on the default port).

    Does this answer your question?