See this is where i start to wonder about our policies. Ours checks the device as it comes up, if it's Windows, and not on our domain or a defined workgroup, it's untrusted. So WinPE, looks like win7, and hard coded to WORKGROUP, no good.
They're trying to automate everything so they can cut back on desk side support folks, and now they want them to carry pcs back and forth. They can't have it both ways. Honestly, our Forescout people were baffled when I asked them about WinPE. Never heard of it, no idea how to manage it, knew nothing about OSD as a concept. Since there's exactly two guys in the whole company affected by this, it's kind of frustrating. Sent from my iPad > On Aug 13, 2014, at 11:26 AM, Daniel Ratliff <dratl...@humana.com> wrote: > > We just did 50,000 with our Win7 migration. It was mostly done with ZTI. If > the device is already trusted, it's not an issue. I don't know our exact > policies but I assume they have a grace period if the same machine gets > rebuilt on the floor, etc. > > Besides ZTI, all other builds and testing are done on build segments. > > Daniel Ratliff > > > -----Original Message----- > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Joe Sestrich > Sent: Wednesday, August 13, 2014 11:10 AM > To: mdtosd@lists.myitforum.com > Subject: Re: [MDT-OSD] Anyone working with OSD and NAC? > > So how does that work? If a PC dies, you have to go pick it up and carry it > somewhere to re-image it? > > We just upgraded 65000 pcs to Win 7, were we supposed to carry them to a lab > on hand carts? > > > Sent from my iPad > >> On Aug 13, 2014, at 10:48 AM, Daniel Ratliff <dratl...@humana.com> wrote: >> >> We use Forescout. We have prod segments and 'build' segments that untrusted >> devices are allowed on. If an untrusted device shows up on a prod segment >> tickets get generated, people get paged, volcanoes explode, and all sorts of >> other excitement. >> >> Daniel Ratliff >> >> -----Original Message----- >> From: listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Joe Sestrich >> Sent: Wednesday, August 13, 2014 10:36 AM >> To: mdtosd@lists.myitforum.com >> Subject: [MDT-OSD] Anyone working with OSD and NAC? >> >> Is anyone working with network access control product like Forescout? How do >> you allow your WinPE devices access to network resources when they appear to >> be unmanaged rogue devices to your NAC software? >> >> Sent from my iPad >> >> The information transmitted is intended only for the person or entity >> to which it is addressed and may contain CONFIDENTIAL material. If >> you receive this material/information in error, please contact the sender >> and delete or destroy the material/information. > > > The information transmitted is intended only for the person or entity to > which it is addressed > and may contain CONFIDENTIAL material. If you receive this > material/information in error, > please contact the sender and delete or destroy the material/information. > >
