hi Doug, thank you for your reply.
I have a similar option for the re-enablement.
but since i want the automated adding of each machine to the arsenal of the ITMS (Since i dont want to miss any machine), i wish the agent installation will be done from the network discovery on the ITMS, and then maybe add selective machines into a certain group / policy that will disable the agent.
later on, when needed, i will have the option and way to re-enable them as your mentioned above.
by they way, regarding the purge. ok, i understand the after a certain time period they will be deleted, but even after 1 year, if a machine has an agent, and server is active, it will get reconnected to it , right? (let's say i have a critical security update, and i wish to push all devices immediately, i will be able to do so if necessary, correct)?
Thanks,
Hagai
Original Message:
Sent: 10-29-2020 11:21 AM
From: Douglas Butler
Subject: Selective ITMS Agent status (make disabled on 1st machine boot)
That is a tricky thing because if you have the agent in a disabled state we obviously cannot communicate with it to turn it on when it is needed.
I think your best option is going to be something outside of the product. So, install the agent then use something like Sysinternals PsService (part of PsTools), Group Policy, Powershell, etc. to disable it.
You would then need to use a similar process to enable it when needed.
Keep in mind that the platform does have purging settings so if the agents do not communicate in the defined time range they will be deleted causing a delay when they check in to get into all the correct filters and targets again.
------------------------------
Systems Engineer
Broadcom
Original Message:
Sent: 10-29-2020 10:41 AM
From: Hagai Nachmani
Subject: Selective ITMS Agent status (make disabled on 1st machine boot)
Hi Experts!
I am trying to figure out how to deploy the end client agent on all discovered machines connected to our subnets automatically.
But on some devices, I wish the agent to be disabled after deployment. (agent not activated and service down)
Is there such a way to achieve such task?
Is there a way to automatically tell the ITMS console that every hostname of a devices that is named "ABCDE" will get this task accordingly? (maybe by groups, or by other identifier?)
they reason I want to do this, is to have the option to use the ITMS agent if / when needed, but still dont let it interfere with any activity on my machines (not even report back to the NS server).
Any suggestions?
tnx,
Hagai