3 Replies Latest reply on Jun 22, 2016 5:33 AM by phoffmann

    Software distribution to non-domain devices on network

    mkfobian Apprentice



      Is there a best practices for pushing software distribution tasks to non-domain machines? I have many machines on our network that, for various reasons, must remain off the domain. Obviously, this causes issues with running software distribution tasks where all our software packages are hosted on shares that will require some type of non-null domain authentication.


      Obviously, I'm trying to avoid shoving access to null Guest logons to my core server package folder, but so far I don't see an option for pushing software to a non-domain devices effectively.

        • 1. Re: Software distribution to non-domain devices on network
          masterpetz ITSMMVPGroup



          a simple way is to define your package server as preferred server even if it is your core itself. For this server you define a network scope for which this server should be the preferred server. If you have only one server, put in your whole IP range.

          Then you have to define read credentials which the client then uses to connect to the share. No need for null shares or domain users, just a user that has read access to the package share. You can set this up under "Distribution - Content Replication / Preferred servers".


          Kind regards


          • 2. Re: Software distribution to non-domain devices on network
            mkfobian Apprentice

            Hello Christian,


            I did set up my core server as a preferred server (though I seem to get wacky, inconsistent results with different pieces of landesk, eg. HII, software distribution, etc depending on whether I name the preferred/core server by short name, FQDN, or IP)


            I ended up finding a sort-of solution, though one that is going to require I do a lot of extra work.

            For the settings on the scheduled tasks from which I was pushing the software, it worked when I set it to "execute from share" rather than "download and execute". Works most of the time, but a lot of my packages are built using batch scripts etc that make the assumption that the installation media will be downloaded.

            • 3. Re: Software distribution to non-domain devices on network
              phoffmann SupportEmployee

              <Belated response...>


              The easiest / shortest version around distributing to non-domained devices is this -- use HTTP shares.


              UNC is a huge pain in regards to authentication (and even if you give the devices credentials to log on to the share, Windows may decide to go "No!" due to security policies & such) ... HTTP removes that pain.


              Also, that avoids Null-session shares.


              You would need to enable the BROWSE option on the share while the Core calculates the MD5 hashes of the files.


              If you're using PPS'es (Preferred Package Servers), you actually can turn off BROWSE (as long as the directory structure & files exist), as the client will be requesting specific files anyway, and as long as they exist, you're golden.