Ahhhh, that was it. Thanks Sean, it's been several years so I didn't remember that, plus I don't work there anymore......
On Thu, Jul 1, 2010 at 12:12 PM, Sean Martin <[email protected]> wrote: > The default for new computer objects is the Computer Container. GPOs can't > be applied there, thus the reason you modified AD to redirect new computer > objects to an alternate OU. > > - Sean > > On Thu, Jul 1, 2010 at 9:04 AM, Sherry Abercrombie <[email protected]>wrote: > >> Changed to go to a different OU than the default. There was a reason why >> we didn't apply that GPO to the default, but I don't remember what it was >> now..... >> >> >> On Thu, Jul 1, 2010 at 11:56 AM, David Lum <[email protected]> wrote: >> >>> Interesting….I think I just found a hole in our deployment process, or >>> more accurately, re-remembered it. Sherry did you change AD to new systems >>> automatically go into a different OU than the default, or do you apply those >>> GPO’s to the default \Computers OU? >>> >>> *David Lum** **// *SYSTEMS ENGINEER >>> NORTHWEST EVALUATION ASSOCIATION >>> (Desk) 971.222.1025 *// *(Cell) 503.267.9764 >>> >>> *From:* Sherry Abercrombie [mailto:[email protected]] >>> *Sent:* Thursday, July 01, 2010 9:52 AM >>> >>> *To:* NT System Admin Issues >>> *Subject:* Re: VMWare View, How are you handling AV? (Viper to be >>> specific) >>> >>> >>> >>> The OU that Vipre looks at to do the automatic push has a GPO that is >>> totally restricted, can't be logged into from the network etc etc. Only >>> Vipre and WSUS can do anything to it while in that OU. Once it's been >>> verified that the workstation has been updated appropriately, the computer >>> will get moved to the actual OU that it belongs in which has the appropriate >>> GPO's. >>> >>> On Thu, Jul 1, 2010 at 11:38 AM, Crawford, Scott <[email protected]> >>> wrote: >>> >>> So, do you just plan on not getting any viruses before it gets pushed to >>> the client? >>> >>> >>> >>> *From:* N Parr [mailto:[email protected]] >>> *Sent:* Thursday, July 01, 2010 10:37 AM >>> >>> >>> *To:* NT System Admin Issues >>> *Subject:* RE: VMWare View, How are you handling AV? (Viper to be >>> specific) >>> >>> >>> >>> Didn't realize it would do the detect and push, I guess that would solve >>> my problem. Just have to keep an eye on the server and delete any old >>> clones, but like I mentioned even that should be a problem if the clones get >>> re-created with the same names. >>> >>> >>> ------------------------------ >>> >>> *From:* Sherry Abercrombie [mailto:[email protected]] >>> *Sent:* Thursday, July 01, 2010 10:34 AM >>> >>> >>> *To:* NT System Admin Issues >>> >>> *Subject:* Re: VMWare View, How are you handling AV? (Viper to be >>> specific) >>> >>> Vipre push was part of our standard server build out, we didn't make it >>> part of our base os images for VMWare because of guid issues as mentioned. >>> You can set up Vipre Enterprise to automatically detect new computers based >>> on the OU they are put in and automatically push to it. We did this for our >>> workstation builds, but not servers. >>> >>> On Thu, Jul 1, 2010 at 10:27 AM, N Parr <[email protected]> wrote: >>> >>> Why wouldn't you treat a VM license like any other? The console would >>> see it as a normal computer and make it count anyway. Just trying to figure >>> out an easy way to mange it. Could create an agent install package and push >>> it out to the clone via GPO but when we update the base image for the clone >>> with windows updates, new applications, etc it would get wiped out. I guess >>> if the linked clones are getting created with the same naming structure you >>> wouldn't have to worry about deleting the clients from Viper Enterprise >>> server when because it just sees the agents by computer name and not SID or >>> anything. When the new clones came back up they would get the agent >>> installed via GPO again and then start talking to the Enterprise server like >>> normal. My rambling make sense? >>> >>> >>> ------------------------------ >>> >>> *From:* Jeff Cain [mailto:[email protected]] >>> *Sent:* Thursday, July 01, 2010 10:15 AM >>> >>> >>> *To:* NT System Admin Issues >>> >>> *Subject:* RE: VMWare View, How are you handling AV? (Viper to be >>> specific) >>> >>> N Parr, >>> >>> >>> >>> I am assuming here that you are using VIPRE Enterprise. I >>> would recommend protecting each clone with VIPRE as the growth from >>> definitions would be minimal, this is the best way to protect your systems >>> and any machines they are connected to. I would also say that you should >>> reinstall the VIPRE agent after you clone the machine to prevent the >>> Enterprise Console from confusing the machines as they’ll have the same >>> agent GUID in the console. As far as licensing goes, I don’t believe we hold >>> VM installs against you. >>> >>> Thanks, >>> Jeff Cain >>> >>> Technical Support Analyst >>> Sunbelt Software >>> Email: [email protected] >>> Voice: 1-877-757-4094 >>> Fax: 1-727-562-5199 >>> Web: <http://www.sunbeltsoftware.com> >>> Physical Address: >>> 33 N Garden Ave >>> Suite 1200 >>> Clearwater, FL 33755 >>> United States >>> >>> -------------------------------------------------------- >>> If you do not want further email from us, please forward >>> this message to [email protected] with >>> the word 'unsubscribe' in the subject of your email. >>> -------------------------------------------------------- >>> >>> *Helpful Sunbelt Software Links:* >>> >>> >>> >>> Knowledge Base <http://support.sunbeltsoftware.com/> >>> >>> Open a New Support Ticket<http://www.sunbeltsoftware.com/Support/Contact/> >>> >>> Sunbelt Software Product Support >>> Communities<http://www.sunbeltsoftware.com/communities/> >>> >>> >>> >>> *From:* N Parr [mailto:[email protected]] >>> *Sent:* Thursday, July 01, 2010 11:06 AM >>> *To:* NT System Admin Issues >>> *Subject:* VMWare View, How are you handling AV? (Viper to be specific) >>> >>> >>> >>> So does anyone have any pointers on this? Are you just not worrying >>> about it since you can wipe the linked clones out at any time if they get >>> infected? I'm sill worried about handling outbreak protection. Don't care >>> if the clone gets hosed but I don't want all my clones getting infected with >>> something and trying to spread it around. If you install AV on the base >>> image and don't use persistent clones then they will have to update >>> signatures every time they boot from the day the base image was created. If >>> you use persistent clones then their deltas will grow because of signatures >>> being added every day. And then you've got licensing and agents on linked >>> clones trying to update from the enterprise server with a pc name that is >>> different than the base image they were created from. I don't think a lot >>> of AV vendors have really thought this type of situation through. >>> >>> >>> >>> >>> >>> ... >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> Sherry Abercrombie >>> >>> "Any sufficiently advanced technology is indistinguishable from magic." >>> Arthur C. Clarke >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> Sherry Abercrombie >>> >>> "Any sufficiently advanced technology is indistinguishable from magic." >>> Arthur C. Clarke >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >> >> >> -- >> Sherry Abercrombie >> >> "Any sufficiently advanced technology is indistinguishable from magic." >> Arthur C. Clarke >> >> >> >> >> >> > > > > > -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
