No problem. I just recently staged a new Windows 2008 Forest/Domain so the info was still fresh in my mind.
- Sean On Thu, Jul 1, 2010 at 10:36 AM, Sherry Abercrombie <[email protected]>wrote: > Ahhhh, that was it. Thanks Sean, it's been several years so I didn't > remember that, plus I don't work there anymore...... > > On Thu, Jul 1, 2010 at 12:12 PM, Sean Martin <[email protected]>wrote: > >> The default for new computer objects is the Computer Container. GPOs >> can't be applied there, thus the reason you modified AD to redirect new >> computer objects to an alternate OU. >> >> - Sean >> >> On Thu, Jul 1, 2010 at 9:04 AM, Sherry Abercrombie >> <[email protected]>wrote: >> >>> Changed to go to a different OU than the default. There was a reason why >>> we didn't apply that GPO to the default, but I don't remember what it was >>> now..... >>> >>> >>> On Thu, Jul 1, 2010 at 11:56 AM, David Lum <[email protected]> wrote: >>> >>>> Interesting….I think I just found a hole in our deployment process, >>>> or more accurately, re-remembered it. Sherry did you change AD to new >>>> systems automatically go into a different OU than the default, or do you >>>> apply those GPO’s to the default \Computers OU? >>>> >>>> *David Lum** **// *SYSTEMS ENGINEER >>>> NORTHWEST EVALUATION ASSOCIATION >>>> (Desk) 971.222.1025 *// *(Cell) 503.267.9764 >>>> >>>> *From:* Sherry Abercrombie [mailto:[email protected]] >>>> *Sent:* Thursday, July 01, 2010 9:52 AM >>>> >>>> *To:* NT System Admin Issues >>>> *Subject:* Re: VMWare View, How are you handling AV? (Viper to be >>>> specific) >>>> >>>> >>>> >>>> The OU that Vipre looks at to do the automatic push has a GPO that is >>>> totally restricted, can't be logged into from the network etc etc. Only >>>> Vipre and WSUS can do anything to it while in that OU. Once it's been >>>> verified that the workstation has been updated appropriately, the computer >>>> will get moved to the actual OU that it belongs in which has the >>>> appropriate >>>> GPO's. >>>> >>>> On Thu, Jul 1, 2010 at 11:38 AM, Crawford, Scott <[email protected]> >>>> wrote: >>>> >>>> So, do you just plan on not getting any viruses before it gets pushed to >>>> the client? >>>> >>>> >>>> >>>> *From:* N Parr [mailto:[email protected]] >>>> *Sent:* Thursday, July 01, 2010 10:37 AM >>>> >>>> >>>> *To:* NT System Admin Issues >>>> *Subject:* RE: VMWare View, How are you handling AV? (Viper to be >>>> specific) >>>> >>>> >>>> >>>> Didn't realize it would do the detect and push, I guess that would solve >>>> my problem. Just have to keep an eye on the server and delete any old >>>> clones, but like I mentioned even that should be a problem if the clones >>>> get >>>> re-created with the same names. >>>> >>>> >>>> ------------------------------ >>>> >>>> *From:* Sherry Abercrombie [mailto:[email protected]] >>>> *Sent:* Thursday, July 01, 2010 10:34 AM >>>> >>>> >>>> *To:* NT System Admin Issues >>>> >>>> *Subject:* Re: VMWare View, How are you handling AV? (Viper to be >>>> specific) >>>> >>>> Vipre push was part of our standard server build out, we didn't make it >>>> part of our base os images for VMWare because of guid issues as mentioned. >>>> You can set up Vipre Enterprise to automatically detect new computers based >>>> on the OU they are put in and automatically push to it. We did this for >>>> our >>>> workstation builds, but not servers. >>>> >>>> On Thu, Jul 1, 2010 at 10:27 AM, N Parr <[email protected]> wrote: >>>> >>>> Why wouldn't you treat a VM license like any other? The console would >>>> see it as a normal computer and make it count anyway. Just trying to >>>> figure >>>> out an easy way to mange it. Could create an agent install package and >>>> push >>>> it out to the clone via GPO but when we update the base image for the clone >>>> with windows updates, new applications, etc it would get wiped out. I >>>> guess >>>> if the linked clones are getting created with the same naming structure you >>>> wouldn't have to worry about deleting the clients from Viper Enterprise >>>> server when because it just sees the agents by computer name and not SID or >>>> anything. When the new clones came back up they would get the agent >>>> installed via GPO again and then start talking to the Enterprise server >>>> like >>>> normal. My rambling make sense? >>>> >>>> >>>> ------------------------------ >>>> >>>> *From:* Jeff Cain [mailto:[email protected]] >>>> *Sent:* Thursday, July 01, 2010 10:15 AM >>>> >>>> >>>> *To:* NT System Admin Issues >>>> >>>> *Subject:* RE: VMWare View, How are you handling AV? (Viper to be >>>> specific) >>>> >>>> N Parr, >>>> >>>> >>>> >>>> I am assuming here that you are using VIPRE Enterprise. I >>>> would recommend protecting each clone with VIPRE as the growth from >>>> definitions would be minimal, this is the best way to protect your systems >>>> and any machines they are connected to. I would also say that you should >>>> reinstall the VIPRE agent after you clone the machine to prevent the >>>> Enterprise Console from confusing the machines as they’ll have the same >>>> agent GUID in the console. As far as licensing goes, I don’t believe we >>>> hold >>>> VM installs against you. >>>> >>>> Thanks, >>>> Jeff Cain >>>> >>>> Technical Support Analyst >>>> Sunbelt Software >>>> Email: [email protected] >>>> Voice: 1-877-757-4094 >>>> Fax: 1-727-562-5199 >>>> Web: <http://www.sunbeltsoftware.com> >>>> Physical Address: >>>> 33 N Garden Ave >>>> Suite 1200 >>>> Clearwater, FL 33755 >>>> United States >>>> >>>> -------------------------------------------------------- >>>> If you do not want further email from us, please forward >>>> this message to [email protected] with >>>> the word 'unsubscribe' in the subject of your email. >>>> -------------------------------------------------------- >>>> >>>> *Helpful Sunbelt Software Links:* >>>> >>>> >>>> >>>> Knowledge Base <http://support.sunbeltsoftware.com/> >>>> >>>> Open a New Support Ticket<http://www.sunbeltsoftware.com/Support/Contact/> >>>> >>>> Sunbelt Software Product Support >>>> Communities<http://www.sunbeltsoftware.com/communities/> >>>> >>>> >>>> >>>> *From:* N Parr [mailto:[email protected]] >>>> *Sent:* Thursday, July 01, 2010 11:06 AM >>>> *To:* NT System Admin Issues >>>> *Subject:* VMWare View, How are you handling AV? (Viper to be specific) >>>> >>>> >>>> >>>> So does anyone have any pointers on this? Are you just not worrying >>>> about it since you can wipe the linked clones out at any time if they get >>>> infected? I'm sill worried about handling outbreak protection. Don't care >>>> if the clone gets hosed but I don't want all my clones getting infected >>>> with >>>> something and trying to spread it around. If you install AV on the base >>>> image and don't use persistent clones then they will have to update >>>> signatures every time they boot from the day the base image was created. >>>> If >>>> you use persistent clones then their deltas will grow because of signatures >>>> being added every day. And then you've got licensing and agents on linked >>>> clones trying to update from the enterprise server with a pc name that is >>>> different than the base image they were created from. I don't think a lot >>>> of AV vendors have really thought this type of situation through. >>>> >>>> >>>> >>>> >>>> >>>> ... >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Sherry Abercrombie >>>> >>>> "Any sufficiently advanced technology is indistinguishable from magic." >>>> Arthur C. Clarke >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Sherry Abercrombie >>>> >>>> "Any sufficiently advanced technology is indistinguishable from magic." >>>> Arthur C. Clarke >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> Sherry Abercrombie >>> >>> "Any sufficiently advanced technology is indistinguishable from magic." >>> Arthur C. Clarke >>> >>> >>> >>> >>> >>> >> >> >> >> >> > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
