3 Replies Latest reply on Oct 29, 2013 4:26 PM by synsa

    LDAP query / Unknown group ?

    Specialist

      Hello fellow administrators,

       

      We have landesk 9.5 sp1 and have a multiple site structure. Our site adminsitrators have acces to only their scope.

       

      When i make a public task, my site administrators can add pc's that only reside in the assigned scope / ou / team. That's good they may add and delete computers from there site as they please but can't adjust the public task.

       

      But the problem is when i add an LDAP query to that task, the site administrator can see an unknown device that is the " LDAP query" . No problem that they can view it but they can remove the unknown device and so my LDAP query will dissapear when the remove the unknown device. How can i hide the LDAP query for the site administrators view or how can i disable that they can remove that unknown device ( LDAP query ) ???

        • 1. Re: LDAP query / Unknown group ?
          synsa Specialist

          Hey Casper, so you want the site admins to be able to delete specific devices from Task A but not an LDAP query from Task A?  I'm assuming you already know that removing one device that is part of a query will remove the whole query?  I don't think you can seperate it down to that level.

           

          Also if you are using the web console then there is currently a bug in the permissions and everyone can see everything as public.  Patch released last week available through support.

          • 2. Re: LDAP query / Unknown group ?
            Specialist

            Hi Synsa,

             

            Thanks for the quick reply.

            New to landesk, nope didn't know that. It will make us think about the site rigths we gave our site administrators.

             

            Is this a bug ? or how is this possible in a tool like this, how do uinstall association work when you have a query for uninstall will it uninstall al workstations because it doesnt see the query anymore.

             

            Are they gonna fix it ?

            • 3. Re: LDAP query / Unknown group ?
              synsa Specialist

              No it's not a bug.  You can either add a query and all the devices are kind of "joined" to that one query.  If the task hasn't run yet it, you will just see unknown.  If you remove any device from the task that was determined by the query it will warn you that it will remove the whole query.  Alternatively, run the query and select all and drag them into the task.  This obviously won't be dynamic though.

               

              I recommend not using uninstall associations for critical business apps / tasks and especially not if other people are able to control rollout tasks.  We use them for little things that aren't critical like turning on and off xtrace logging.  We had major issues with applicaitons being installed, uninstalled, installed, uninstalled etc. in the past so removed all uninstall associations.  and yes remove the query and the uninstall association will kick in and uninstall from all workstations that had that policy.