3 Replies Latest reply on Jul 2, 2009 3:33 AM by phoffmann

    Can the gateway make a LIVE call to the Core?

    Apprentice

      Hi,

       

      We are having some inventory issues, and I do not totally trust it.

       

      We are using a logon script to uninstall old antivirus and install new antivirus.  We are using a VB script to do this.

       

      This won't work for a remote user who is not VPN'd back to the Enterprise.  So.... will this work?

       

      Create a policy and target users from an LDAP query based on OU.  (We have a "remote" OU)  Create a policy that downloads the script, and then runs it.  The script checks for the old software, then if present uninstalls.  Then......the script DOWLOADS FROM THE CORE the setup.exe package for the new AV.

       

      Will it work?  Can the VB get to the Core through the LDMG?

       

      I don't want to d/l the setup file (70mb) if the machine has the install.  And I don't trust the inventory.

       

      Thanks,

       

      Scott.....

        • 1. Re: Can the gateway make a LIVE call to the Core?
          Apprentice

          My feeling is that you can't do it this way so I'll concentrate on your inventory issue instead.

           

          If you don't trust inventory, do you have patch manager?  If you do, then take a look at custom vulnerabilities instead.

           

          Create a distribution job that delivers your file and installs it.  This would just be a standard job as you have today. However, make sure that you have one of the following two things:

           

          1. Knowledge of the registry/file that indicates that the new version has been installed
          2. You place a registry key or a file that tells you that this has been done successfully

           

          Also make sure that this forces a vulnerability scan once complete.

           

          Now setup a custom vulnerability that looks for this identifier.  Since the vulnerability scanner operates independently of the inventory scanner, you should be able to trust this in a different way.  You will have an entry in the database for each system that has this 'vulnerability' and you can target these with the distribution job.

           

          Other than fixing the issue you have with inventory so that you can target successfully, I'm not sure what else you can do.

           

          Mark McGinn
          Verismic Software - http://www.verismic.com
          Precision Engineering for Systems Management

          • PC Power Management Software
          • LANDesk Historical Analysis
          • Self-Service Password Reset
          • LANDesk to Service Desk Integrations
          • 2. Re: Can the gateway make a LIVE call to the Core?
            Jed SupportEmployee

            Use software distribution and a policy as the delivery method.  Create your package with the VBS as the primary file and the .EXE or MSI as the secondary file and it should work.   All calls are live in the sense that you mention it, proxyhost will redirect any Inventory, or SD function to the Gateway and thereby the core server as necessary (assuming the client has the correct certificates).

             

            You can also use Security and Patch with a Custom Vulnerability also as the previous post said.

             

            --Jed

            • 3. Re: Can the gateway make a LIVE call to the Core?
              phoffmann SupportEmployee

              Jed wrote:

               

              Use software distribution and a policy as the delivery method.  Create your package with the VBS as the primary file and the .EXE or MSI as the secondary file and it should work.   All calls are live in the sense that you mention it, proxyhost will redirect any Inventory, or SD function to the Gateway and thereby the core server as necessary (assuming the client has the correct certificates).

               

              You can also use Security and Patch with a Custom Vulnerability also as the previous post said.

               

              --Jed

               

              What Jed should work fine.

               

              The VB script itself will NOT be able to talk to the Core, because it's running "its own thing" and doesn't know of stuff such as the LDMG, while the LANDesk stuff knows to talk to the Gateway (I'm simplifying here, but that's the essence of it).

               

              If you need additional stuff, then using the additional files option is the way to go, or you host the files you need on some share that can be accessed anywhere on the internet (the less preferrabel option, but that would work for the VB-script to then pull stuff down).

               

              - Paul Hoffmann

              LANDesk EMEA Technical Lead