The default for new computer objects is the Computer Container. GPOs can't be applied there, thus the reason you modified AD to redirect new computer objects to an alternate OU.
- Sean On Thu, Jul 1, 2010 at 9:04 AM, Sherry Abercrombie <[email protected]>wrote: > Changed to go to a different OU than the default. There was a reason why > we didn't apply that GPO to the default, but I don't remember what it was > now..... > > > On Thu, Jul 1, 2010 at 11:56 AM, David Lum <[email protected]> wrote: > >> Interesting….I think I just found a hole in our deployment process, or >> more accurately, re-remembered it. Sherry did you change AD to new systems >> automatically go into a different OU than the default, or do you apply those >> GPO’s to the default \Computers OU? >> >> *David Lum** **// *SYSTEMS ENGINEER >> NORTHWEST EVALUATION ASSOCIATION >> (Desk) 971.222.1025 *// *(Cell) 503.267.9764 >> >> *From:* Sherry Abercrombie [mailto:[email protected]] >> *Sent:* Thursday, July 01, 2010 9:52 AM >> >> *To:* NT System Admin Issues >> *Subject:* Re: VMWare View, How are you handling AV? (Viper to be >> specific) >> >> >> >> The OU that Vipre looks at to do the automatic push has a GPO that is >> totally restricted, can't be logged into from the network etc etc. Only >> Vipre and WSUS can do anything to it while in that OU. Once it's been >> verified that the workstation has been updated appropriately, the computer >> will get moved to the actual OU that it belongs in which has the appropriate >> GPO's. >> >> On Thu, Jul 1, 2010 at 11:38 AM, Crawford, Scott <[email protected]> >> wrote: >> >> So, do you just plan on not getting any viruses before it gets pushed to >> the client? >> >> >> >> *From:* N Parr [mailto:[email protected]] >> *Sent:* Thursday, July 01, 2010 10:37 AM >> >> >> *To:* NT System Admin Issues >> *Subject:* RE: VMWare View, How are you handling AV? (Viper to be >> specific) >> >> >> >> Didn't realize it would do the detect and push, I guess that would solve >> my problem. Just have to keep an eye on the server and delete any old >> clones, but like I mentioned even that should be a problem if the clones get >> re-created with the same names. >> >> >> ------------------------------ >> >> *From:* Sherry Abercrombie [mailto:[email protected]] >> *Sent:* Thursday, July 01, 2010 10:34 AM >> >> >> *To:* NT System Admin Issues >> >> *Subject:* Re: VMWare View, How are you handling AV? (Viper to be >> specific) >> >> Vipre push was part of our standard server build out, we didn't make it >> part of our base os images for VMWare because of guid issues as mentioned. >> You can set up Vipre Enterprise to automatically detect new computers based >> on the OU they are put in and automatically push to it. We did this for our >> workstation builds, but not servers. >> >> On Thu, Jul 1, 2010 at 10:27 AM, N Parr <[email protected]> wrote: >> >> Why wouldn't you treat a VM license like any other? The console would see >> it as a normal computer and make it count anyway. Just trying to figure out >> an easy way to mange it. Could create an agent install package and push it >> out to the clone via GPO but when we update the base image for the clone >> with windows updates, new applications, etc it would get wiped out. I guess >> if the linked clones are getting created with the same naming structure you >> wouldn't have to worry about deleting the clients from Viper Enterprise >> server when because it just sees the agents by computer name and not SID or >> anything. When the new clones came back up they would get the agent >> installed via GPO again and then start talking to the Enterprise server like >> normal. My rambling make sense? >> >> >> ------------------------------ >> >> *From:* Jeff Cain [mailto:[email protected]] >> *Sent:* Thursday, July 01, 2010 10:15 AM >> >> >> *To:* NT System Admin Issues >> >> *Subject:* RE: VMWare View, How are you handling AV? (Viper to be >> specific) >> >> N Parr, >> >> >> >> I am assuming here that you are using VIPRE Enterprise. I >> would recommend protecting each clone with VIPRE as the growth from >> definitions would be minimal, this is the best way to protect your systems >> and any machines they are connected to. I would also say that you should >> reinstall the VIPRE agent after you clone the machine to prevent the >> Enterprise Console from confusing the machines as they’ll have the same >> agent GUID in the console. As far as licensing goes, I don’t believe we hold >> VM installs against you. >> >> Thanks, >> Jeff Cain >> >> Technical Support Analyst >> Sunbelt Software >> Email: [email protected] >> Voice: 1-877-757-4094 >> Fax: 1-727-562-5199 >> Web: <http://www.sunbeltsoftware.com> >> Physical Address: >> 33 N Garden Ave >> Suite 1200 >> Clearwater, FL 33755 >> United States >> >> -------------------------------------------------------- >> If you do not want further email from us, please forward >> this message to [email protected] with >> the word 'unsubscribe' in the subject of your email. >> -------------------------------------------------------- >> >> *Helpful Sunbelt Software Links:* >> >> >> >> Knowledge Base <http://support.sunbeltsoftware.com/> >> >> Open a New Support Ticket<http://www.sunbeltsoftware.com/Support/Contact/> >> >> Sunbelt Software Product Support >> Communities<http://www.sunbeltsoftware.com/communities/> >> >> >> >> *From:* N Parr [mailto:[email protected]] >> *Sent:* Thursday, July 01, 2010 11:06 AM >> *To:* NT System Admin Issues >> *Subject:* VMWare View, How are you handling AV? (Viper to be specific) >> >> >> >> So does anyone have any pointers on this? Are you just not worrying about >> it since you can wipe the linked clones out at any time if they get >> infected? I'm sill worried about handling outbreak protection. Don't care >> if the clone gets hosed but I don't want all my clones getting infected with >> something and trying to spread it around. If you install AV on the base >> image and don't use persistent clones then they will have to update >> signatures every time they boot from the day the base image was created. If >> you use persistent clones then their deltas will grow because of signatures >> being added every day. And then you've got licensing and agents on linked >> clones trying to update from the enterprise server with a pc name that is >> different than the base image they were created from. I don't think a lot >> of AV vendors have really thought this type of situation through. >> >> >> >> >> >> ... >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> Sherry Abercrombie >> >> "Any sufficiently advanced technology is indistinguishable from magic." >> Arthur C. Clarke >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> Sherry Abercrombie >> >> "Any sufficiently advanced technology is indistinguishable from magic." >> Arthur C. Clarke >> >> >> >> >> >> >> >> >> >> > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
