8 Replies Latest reply on Aug 5, 2008 3:05 AM by Aperry

    Inventory Only Agent

    Rookie

      Hi all,

       

      We're running LANDesk 8.8 SP1 and would like to create an agent that only does inventory so we can capture hardware and software information only.

       

      Obviously we can switch off Custom Data Forms, Software Distribution, etc but this still enables Patch and Vulnerability scanning, which could mean that someone could patch a server if they had the rights.

       

      Is it possible to use a series of files to run an inventory from a machine without actually performing an install so no services and files are resident on the machine?

       

      The reason for this is we're trying to ensure we get LANDesk information for a series of servers that we don't have direct access to as they're hosted at a managed data centre. Having local installations that requires changes to the OS and an agent that could 'alter' the OS is a security risk that we need to remove.

       

      If anyone else has this scernario or any ideas of how just to capture inventory data only it would be useful to hear...!

       

      Thanks,

       

      Andy

        • 1. Re: Inventory Only Agent
          Jared Barneck SupportEmployee

          Right click on the agent and choose Advanced Edit and take a look at the [Products] section.

           

          That may help you.

          • 2. Re: Inventory Only Agent
            zman Master

            So you could create a client config for this (Server - Just Inventory) and then hack the INI file (
            core server\ldmain\ldlogon\Server - Just Inventory.ini) and comment out the features you don't need.  Since Vulnerability scanner is a part of the Common Base Agent there is no check box.  So in theory (never done this) it should work.

             

            Search for vulscan.exe (Vulnerability Scanner Files) and comment out the files and any other Vulscan files. You could also just try an agentless inventory scan. Just make sure you are not referencing it via a local scheduled job.  Run the inventory scanner from

             

             

             

             

             

            \%CORESERVER%\LDLOGON\LDISCN32 /NTT=%CORESERVER%:5007 /S="%CORESERVER%" /I=HTTP://%CORESERVER%/LDLOGON/LDAPPL3.LDZ /NOUI
            

             

             

            You could try and use the AT scheduler on each box or something like psexec or lddiscover. 

             

             

             

            Just some thoughts.

            1 of 1 people found this helpful
            • 4. Re: Inventory Only Agent
              phoffmann SupportEmployee

              There's quite a bit of reasoning why essentially Inventory, Patch and Software Distribution are so tightly "huddled up" together - they're relying on each other quite a bit.

               

              For instance, when we had to come up with a good mechanism to cut down bandwidth use for getting the LDAPPL3 (so as to take load off the Core and potentially WAN's), the solution at hand was to use peer download ... but that requires various bits of the Software Distribution Client.

               

              It's a similar story with Vulscan - due to advanced feature requests made by customers, it's all becoming very much connected together, and is pretty difficult to do one without the other.

               

              As something increase in complexity it becomes increasingly difficult of doing a "very simple thing" because of those dependencies :).

               

              Paul Hoffmann

              LANDesk EMEA Technical Lead.

              • 5. Re: Inventory Only Agent
                phoffmann SupportEmployee

                And - uh - shouldn't you be giving permissions / RBA to people anyway so that "random employee # 1230985" can't patch servers through LANDesk anyway?

                • 6. Re: Inventory Only Agent
                  Rookie

                  Thanks all for the responses.

                   

                  Paul - yes, you're right and we will block the rights - the problem is it still leaves someone the ability to patch (especially the admin) and our service provider wants to remove all access to do something like this.

                   

                  We're in negotiations to allow certain access but I need to make sure I've covered off all questions. We'll give the agentless inventory a go, but I'm assuming this won't run gatherproducts.exe and SLM is one of the key requirements.

                  • 7. Re: Inventory Only Agent
                    phoffmann SupportEmployee

                    Well - it's pretty much an "either / or" situation.

                     

                    We COULD try and see if we can mangle an agent to really do "just inventory" in terms of a loose collection of files ... but Softmon is a service ... softmon relies on vulscan to be on the client (and vice versa) ... so ... that's a "not really" from that point of view.

                     

                    Just Inventory alone might be possible - but SLM requires Patch & SoftDist components for sure.

                     

                    Paul Hoffmann

                    LANDesk EMEA Technical Lead

                    • 8. Re: Inventory Only Agent
                      Rookie

                      Thanks Paul - I think you've just made our decision for us. The SLM information is important to us from a license complaince POV so we'll have to use the full agent.

                       

                      At least we know where we stand now

                       

                      Thanks again,

                       

                      Andy