Right click on the agent and choose Advanced Edit and take a look at the [Products] section.
That may help you.
1 of 1 people found this helpful
So you could create a client config for this (Server - Just Inventory) and then hack the INI file (
core server\ldmain\ldlogon\Server - Just Inventory.ini) and comment out the features you don't need. Since Vulnerability scanner is a part of the Common Base Agent there is no check box. So in theory (never done this) it should work.
Search for vulscan.exe (Vulnerability Scanner Files) and comment out the files and any other Vulscan files. You could also just try an agentless inventory scan. Just make sure you are not referencing it via a local scheduled job. Run the inventory scanner from
\%CORESERVER%\LDLOGON\LDISCN32 /NTT=%CORESERVER%:5007 /S="%CORESERVER%" /I=HTTP://%CORESERVER%/LDLOGON/LDAPPL3.LDZ /NOUI
You could try and use the AT scheduler on each box or something like psexec or lddiscover.
Just some thoughts.
There's quite a bit of reasoning why essentially Inventory, Patch and Software Distribution are so tightly "huddled up" together - they're relying on each other quite a bit.
For instance, when we had to come up with a good mechanism to cut down bandwidth use for getting the LDAPPL3 (so as to take load off the Core and potentially WAN's), the solution at hand was to use peer download ... but that requires various bits of the Software Distribution Client.
It's a similar story with Vulscan - due to advanced feature requests made by customers, it's all becoming very much connected together, and is pretty difficult to do one without the other.
As something increase in complexity it becomes increasingly difficult of doing a "very simple thing" because of those dependencies :).
LANDesk EMEA Technical Lead.
And - uh - shouldn't you be giving permissions / RBA to people anyway so that "random employee # 1230985" can't patch servers through LANDesk anyway?
Thanks all for the responses.
Paul - yes, you're right and we will block the rights - the problem is it still leaves someone the ability to patch (especially the admin) and our service provider wants to remove all access to do something like this.
We're in negotiations to allow certain access but I need to make sure I've covered off all questions. We'll give the agentless inventory a go, but I'm assuming this won't run gatherproducts.exe and SLM is one of the key requirements.
Well - it's pretty much an "either / or" situation.
We COULD try and see if we can mangle an agent to really do "just inventory" in terms of a loose collection of files ... but Softmon is a service ... softmon relies on vulscan to be on the client (and vice versa) ... so ... that's a "not really" from that point of view.
Just Inventory alone might be possible - but SLM requires Patch & SoftDist components for sure.
LANDesk EMEA Technical Lead
Thanks Paul - I think you've just made our decision for us. The SLM information is important to us from a license complaince POV so we'll have to use the full agent.
At least we know where we stand now