LOL, Computer OUs were setup according to department and we had delegated the permissions to move computers to those department OUs to the Helpdesk/Desktop group so that they could manage workstations. They could not manage servers ;) So the manual intervention wasn't in my group.
On Thu, Jul 1, 2010 at 2:14 PM, Crawford, Scott <[email protected]>wrote: > Gotcha. A little too much manual intervention for my tastes, but yeah, > that’s valid. > > > > *From:* Sherry Abercrombie [mailto:[email protected]] > *Sent:* Thursday, July 01, 2010 1:25 PM > > *To:* NT System Admin Issues > *Subject:* Re: VMWare View, How are you handling AV? (Viper to be > specific) > > > > A person.....workstations will stay in that OU until they are actually > placed on a users desk. > > On Thu, Jul 1, 2010 at 12:43 PM, Crawford, Scott <[email protected]> > wrote: > > Nice. > > > > What does the moving? > > > > *From:* Sherry Abercrombie [mailto:[email protected]] > *Sent:* Thursday, July 01, 2010 11:52 AM > > > *To:* NT System Admin Issues > *Subject:* Re: VMWare View, How are you handling AV? (Viper to be > specific) > > > > The OU that Vipre looks at to do the automatic push has a GPO that is > totally restricted, can't be logged into from the network etc etc. Only > Vipre and WSUS can do anything to it while in that OU. Once it's been > verified that the workstation has been updated appropriately, the computer > will get moved to the actual OU that it belongs in which has the appropriate > GPO's. > > On Thu, Jul 1, 2010 at 11:38 AM, Crawford, Scott <[email protected]> > wrote: > > So, do you just plan on not getting any viruses before it gets pushed to > the client? > > > > *From:* N Parr [mailto:[email protected]] > *Sent:* Thursday, July 01, 2010 10:37 AM > > > *To:* NT System Admin Issues > *Subject:* RE: VMWare View, How are you handling AV? (Viper to be > specific) > > > > Didn't realize it would do the detect and push, I guess that would solve my > problem. Just have to keep an eye on the server and delete any old clones, > but like I mentioned even that should be a problem if the clones get > re-created with the same names. > > > ------------------------------ > > *From:* Sherry Abercrombie [mailto:[email protected]] > *Sent:* Thursday, July 01, 2010 10:34 AM > > > *To:* NT System Admin Issues > > *Subject:* Re: VMWare View, How are you handling AV? (Viper to be > specific) > > Vipre push was part of our standard server build out, we didn't make it > part of our base os images for VMWare because of guid issues as mentioned. > You can set up Vipre Enterprise to automatically detect new computers based > on the OU they are put in and automatically push to it. We did this for our > workstation builds, but not servers. > > On Thu, Jul 1, 2010 at 10:27 AM, N Parr <[email protected]> wrote: > > Why wouldn't you treat a VM license like any other? The console would see > it as a normal computer and make it count anyway. Just trying to figure out > an easy way to mange it. Could create an agent install package and push it > out to the clone via GPO but when we update the base image for the clone > with windows updates, new applications, etc it would get wiped out. I guess > if the linked clones are getting created with the same naming structure you > wouldn't have to worry about deleting the clients from Viper Enterprise > server when because it just sees the agents by computer name and not SID or > anything. When the new clones came back up they would get the agent > installed via GPO again and then start talking to the Enterprise server like > normal. My rambling make sense? > > > ------------------------------ > > *From:* Jeff Cain [mailto:[email protected]] > *Sent:* Thursday, July 01, 2010 10:15 AM > > > *To:* NT System Admin Issues > > *Subject:* RE: VMWare View, How are you handling AV? (Viper to be > specific) > > N Parr, > > > > I am assuming here that you are using VIPRE Enterprise. I would > recommend protecting each clone with VIPRE as the growth from definitions > would be minimal, this is the best way to protect your systems and any > machines they are connected to. I would also say that you should reinstall > the VIPRE agent after you clone the machine to prevent the Enterprise > Console from confusing the machines as they’ll have the same agent GUID in > the console. As far as licensing goes, I don’t believe we hold VM installs > against you. > > Thanks, > Jeff Cain > > Technical Support Analyst > Sunbelt Software > Email: [email protected] > Voice: 1-877-757-4094 > Fax: 1-727-562-5199 > Web: <http://www.sunbeltsoftware.com> > Physical Address: > 33 N Garden Ave > Suite 1200 > Clearwater, FL 33755 > United States > > -------------------------------------------------------- > If you do not want further email from us, please forward > this message to [email protected] with > the word 'unsubscribe' in the subject of your email. > -------------------------------------------------------- > > *Helpful Sunbelt Software Links:* > > > > Knowledge Base <http://support.sunbeltsoftware.com/> > > Open a New Support Ticket<http://www.sunbeltsoftware.com/Support/Contact/> > > Sunbelt Software Product Support > Communities<http://www.sunbeltsoftware.com/communities/> > > > > *From:* N Parr [mailto:[email protected]] > *Sent:* Thursday, July 01, 2010 11:06 AM > *To:* NT System Admin Issues > *Subject:* VMWare View, How are you handling AV? (Viper to be specific) > > > > So does anyone have any pointers on this? Are you just not worrying about > it since you can wipe the linked clones out at any time if they get > infected? I'm sill worried about handling outbreak protection. Don't care > if the clone gets hosed but I don't want all my clones getting infected with > something and trying to spread it around. If you install AV on the base > image and don't use persistent clones then they will have to update > signatures every time they boot from the day the base image was created. If > you use persistent clones then their deltas will grow because of signatures > being added every day. And then you've got licensing and agents on linked > clones trying to update from the enterprise server with a pc name that is > different than the base image they were created from. I don't think a lot > of AV vendors have really thought this type of situation through. > > > > > > ... > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > > > -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
