9 Replies Latest reply on Jul 18, 2008 6:43 PM by puercomal

    Scopes on Management Gateway Appliance?

    Apprentice

       

      If I understand it correctly, there is no way to setup the Management Gateway Appliance to use the same User List that the Core uses?  This means that there is no way to use Scopes with the Gateway.  Is this correct?

       

       

      To explain my situation a bit better...

       

       

      I work at a University.  There are many Systems Administrators that will be using the same Centrally managed LANDesk Core.  This isn't a problem on the core because we can separate machines into different departmental scopes.  The problem comes when we give those same admins access to the Gateway Appliance.  They can see all machines that are waiting to be managed.  What am I missing? 

       

       

      Thanks,

       

       

      Murf

       

       

        • 1. Re: Scopes on Management Gateway Appliance?
          Jed SupportEmployee

           

          Unfortunately at this time there is no way to limit your users to viewing only the nodes in their scopes on the Management Gateway, this is being looked at for future releases.  I believe however that if your users attempt to RC one of those machines they'll be told that the machine is not part of their scope.  I could be wrong I'll see if I can verify that.

           

           

          --Jed

           

           

          • 2. Re: Scopes on Management Gateway Appliance?
            Jared Barneck SupportEmployee

            You are not missing anything. That is the way it works.

             

            When a machine goes into Gateway mode, it shows up as available to be managed in the list.  Anyone with rights to the LDMG and logs in that way can see it and try to manage it.

             

            I see that you are concerned that your admin/support employees may remote control some machines that they should not.

             

            Remember the end user actually has to manually make the Remote Control go to gateway mode.  So it is not like these admin/support employees can remote control anyone at all without the end user allowing it.

            • 3. Re: Scopes on Management Gateway Appliance?
              Jared Barneck SupportEmployee

              I believe however that if your users attempt to RC one of those machines they'll be told that the machine is not part of their scope. I could be wrong I'll see if I can verify that.

               

              That didn't work when I tested it but I will test again.

              • 4. Re: Scopes on Management Gateway Appliance?
                Jared Barneck SupportEmployee

                Ok here is my test:

                 

                1. Logged in user (to windows and console)  = Domain\user

                2. Security Type = Integrated Security

                3. Domain\user has only one Scope with one machine: XP001

                4. I attempted to remote control a machine named XP004 which is outside of my scope.  XP004 was not in the list until I manually moved it to gateway mode. 

                 

                RESULT

                I was able to remote control it. It also told me what user was remote controlling me.

                 

                While it would be nice to integrate with the LANDesk Console Users, and that may happen in the future, it would take a lot of code and is a ways off. 

                 

                The only issue I find concerning that Murfy should take into consideration is that if a user goes into Gateway mode, and then is remote controlled by the correct person, when the remote control is disconnected the machine stays in Gateway mode until the end user changes it back.  Maybe use the "Permission required" setting with remote control if possible.

                 

                I also noticed in 8.7 SP5 that if I put my cursor over the remote control icon, a bubble pops up says that I am being remote controlled still, but if I double-click on the icon, it shows that I am not...maybe we are slow to update the bubble popup.  If it doesn't update on its own in a while, that may be a bug.

                1 of 1 people found this helpful
                • 5. Re: Scopes on Management Gateway Appliance?
                  Apprentice

                   

                  I am also in a university environment and will potentially be having a lot

                  of people use the gateway.

                   

                   

                  I have found the management of users who can remote control clients through

                  the gateway lacking.  I have not seen a way for them(the console users) to

                  change their password on the gateway, so the Admin of the gateway  creates

                  the password for them, and it never expires.

                   

                   

                  I think it should be a high priority for LANDesk to integrate the user id's

                  on the gateway to some external source (AD, ldap, radius ...)

                   

                   

                  • 6. Re: Scopes on Management Gateway Appliance?
                    CraigMiddelstadt Master

                    I have submitted the following enhancement request:

                     

                    CR00005520

                    Details: ER - To be able to manage gateway users outside of the Admin Web console.

                    Currently, a Gateway Admin needs to set the user's password and it will never expire.

                    It would be nice to allow users to change/set their own passwords for the gateway.

                    This could be done by integrating the user id's on the gateway with some external source such as active directory, LDAP, Radius...

                    • 7. Re: Scopes on Management Gateway Appliance?
                      Expert

                       

                      All,

                       

                       

                      A few of us here at LANDesk Support have worked on identifying that scopes are not applied to the LANDesk Management Gateway remote control tool. 

                       

                       

                      When using the mangement gateway remote control as integrated security your LANDesk user right to remote control a computer is verified but your scope is not.

                       

                       

                      There has been an enhancement request submitted to create logic that will apply scopes to the Management Gateway remote control tool. As another user has already stated it would require a major re-work of the tool and is scheduled for a future release.

                       

                       

                      Enhacement Request Number: CR00009854

                       

                       

                       

                       

                       

                      • 8. Re: Scopes on Management Gateway Appliance?
                        Apprentice

                         

                        Thanks for the update.  This enhancement will help us a lot at our University!

                         

                         

                        -Murf

                         

                         

                        • 9. Re: Scopes on Management Gateway Appliance?
                          Employee
                          rhyous wrote:

                          Remember the end user actually has to manually make the Remote Control go to gateway mode.  So it is not like these admin/support employees can remote control anyone at all without the end user allowing it.

                           

                          That's not necessarily true... http://www.droppedpackets.org/management-gateway-and-remote-control/folder.2007-10-25.8017126077/