Video Screencast Help

Managing Endpoints at NON trusted Domain

Created: 08 Feb 2013 • Updated: 11 Feb 2013 | 8 comments
HXG's picture
This issue has been solved. See solution.

Hi all, I am will be implementing Altiris for our company.  The challenge is we have newly acquired sites that are not trusted.  Does anyone have experience or know how on approaching this challenge?  What account do I use? Method on how to push agents etc.  Keep in mind that these non trusted AD domains do have network communication to our HQ site, where the SMP Altiris server resides.

Thanks in Advance.

Comments 8 CommentsJump to latest comment

mclemson's picture

When you push the agent, use an account that has administrator rights on the workstations you've targeted for the push.  After the agent is installed, it will communicate with the NS over port 80 (if you've used HTTP on the default port).

Does this answer your question?

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner

HXG's picture

What application identity will it use for inventory scan?

andykn101's picture

It runs in the same context that the base Symantec Management Agent, the local system account and posts back data using http.

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.

JoeVan's picture

One other item to consider; DNS.  The agent machines will need the ability to resolve the FQDN of your SMP NS server and any site servers which are assigned to them.  For certain features, including the agent push, the NS server also needs the ability to resolve the client DNS names.  In my case I ended up writing a custom agent installer script since I did not have a way to allow the NS to resolve client FQDNs.   

Joe VanHollebeke
Systems Engineer

JoeVan's picture

Script is attached.  Rename to VBS.  Be warned this is a farily involved script designed to run o a schedule.  However I did made it modular so you should be able to shape it for your environment by modifying a few variables.  Some basic instructions are included in the header of the script. 

Also, I recalled when looking over this that I ended up needing to add a HOSTS file entry to the machines I deployed to which were not in a domain.  Even when I deployed the agent using this script which uses only the IP address of the NS, the agents would talk to the NS and then fail to download packages because the package sources would be returned to the agent as DNS names. The command to add this entry is part of this script but is commented out.  Un-REM this line if you also require this added.

Here are a few disclaimers:

- This script was written for and used on an Altiris NS 6.x enviornment.  It was not designed for or tested on SMP 7.x. 

- USE THIS SCRIPT AT YOUR OWN RISK.  THE WRITER ACCEPTS NO RESPONSIBILITY FOR HOW THIS SCRIPT IS USED OR PROBLEMS IT MAY CAUSE.  If you do not fully understand everything the script is doing you should NOT use it. 

AltNSClientPush_vbs.txt 27.94 KB

Joe VanHollebeke
Systems Engineer

HXG's picture

Thank you so much, I will test it out in our Test environment