Video Screencast Help
Endpoint Management Community Blog
Showing posts tagged with Tip/How to
Showing posts in English
MBHarmon | 03 Apr 2009 | 1 comment

Like many organizations we have a mixed environment and we have to live with the decisions from the past.  One of those was the choice of Forefront for our antivirus/antimalware solution.  Until today we've been restricted in forcing scans from the Forefront console.  Thanks to Deployment Server our helpdesk staff now have the ability to force those scans themselves. 

By creating a simple Run script job with the following command lines you can force either a full or Quick scan on your workstations.

Full Scan -
"C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe" Scan -RestrictPrivileges -ScanType 2

Quick Scan -
"C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe" Scan -RestrictPrivileges -ScanType 1

Nelo | 02 Apr 2009 | 0 comments

A heads up - HP RDP shipped RDP 3.83

New hardware support

  • Deployment support for HP ProLiant G6 series of servers
  • Deployment support for VMware ESX 3.5 Update 3 and Microsoft HyperV Server 2008
  • Deployment support for Red Hat Enterprise Linux 5.3
kewidogg | 02 Apr 2009 | 0 comments

There are two ways you can get the client to report to the correct console.

These solutions assume you have a remote client installed, and that it is targeting a console other than the closest one:

Stop the Ghost Service

  • Click Start > Control Panel > Administrative Services > Services
  • Scroll down to any Symantec products. Click the Symantec product and click "Stop the service".

Delete pubkey.crt and dnscache.txt

  • Browse to C:\Program Files\Symantec\Ghost and delete the pubkey.crt and dnscache.txt files.

Start the Ghost Service

  • Click Start > Control Panel > Administrative Services > Services
  • Scroll down to any Symantec products. Click the Symantec product and click "Start the service".

You can reset the client:

Once the service is restarted, the client will search for the nearest console.

Copy the pubkey from the new...

kewidogg | 02 Apr 2009 | 5 comments

This can occur when you do not have enough space on the C:\ drive. Even though the ISO might be created to a external or shared network device, the boot wizard still creates files temporarily to the C:\ drive.

Simple Solution:

Remove files to clear up space on the C:\ drive, and try to create the ISO again.

Advanced Solution:

NOTE: Symantec does not provide support for modifying the registry. Please modify at your own risk.

First, back up your registry. Open the registry, and go to File > Export... and save the registry to a safe location.

To solve the issue, you can direct all temporary files to another location (such as a mapped drive, or external USB device).

Browse to the key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

And modify the key:

TEMP (the default location it is set to is %SystemRoom%\Temp)

Modify this key to point to your external or shared...

Terry Cutler | 30 Mar 2009 | 0 comments

Perhaps a better question is - How can the current Intel vPro Technology combined with existing management\security solutions help protect client systems?

This is not an attempt to scare or over-generalize the reality of security threats such as the Conficker worm.  The intent is directed to how a real-world situation can be addressed.  The suggestions below assume Intel vPro Technology is already configured within your environment - thus you are ready and able to use the out-of-band management technology in connection with existing "in-band" management tools.

 An overview of the Conficker worm is available online. The following are a few examples:

BRING | 27 Mar 2009 | 0 comments

In researching Altiris Agent logs recently, some new entries appeared. These were classed as informational entries, and were related to the Client Task Agent. Some examples are shown in the screenshot below.

Further research showed that this new level of logging has been added to the Client Task Agent to better track proxy connection and testing, HTTP communication, and task checking. This should aid in determining the communication and function of the Client Task Agent. They are new, and do occur frequently, based on the check-in schedule configured for the Task Server, which is 5 mins by default. At least now you know!

Randall Newnham | 27 Mar 2009 | 0 comments

I have seen some issues with hot imaging with McAfee installed and wanted to share the resolution I have found. the primary error I have seen is the "Application Error 503. Connection timed out with Ghost code 19945" in the Ghost Console task logs.Here is how to get around this:

1. Open the Image Create Task, click on the Advanced button in the lower right of the General tab add type this in the "Additional options for Ghost command line" box:


2. On the client and server machines, open McAfee and open the Access Protection feature. edit the Prevent IRC Communication feature (there may be an incoming and an outgoing rule; if so, edit both) and add these exceptions:


Note: The ePolicy Orchestrator is a utility that is often used along with this version of McAfee to make sure that settings are consistent acros a network; the above exceptions will need to be...

carubin | 26 Mar 2009 | 2 comments

I cut my teeth in the Altiris world with Deployment Server and it still is my preferred way of managing the workstations in our environment.  I like the speed and the instant feedback.  Today, though, I encountered a situation that made me glad I had NS in my toolkit.

We needed to add an internal web site to the list of trusted sites.  You can do this through a registry entry but the entry is to HKEY_Current_User.  In DS there was no way that I could think of to touch this key but in NS I just set the job to run for all users of the machine and voila problem solved.

ag97690 | 25 Mar 2009 | 5 comments

This topic has been discussed in the ( but I thought I would get this to others who might not look at that forum too.

For the NS 6  ( Not NS 7 ) CPU identification is limited and not updated any more. So to help update it some there happens to be a wonderful tool in the Altiris Knowledge base called AeXCpuIdent.exe ( KB # 17610 ) which will get you the CPU information of whatever Intel chipset it is ran on.


Processor Info


Vendor: GenuineIntel

Family: 0110

Model: 1101

Step: 1000

Type: 00

BrandId: 10110

Of course there is other ways of...

MT3 Duncan R. Green - US Navy | 25 Mar 2009 | 2 comments

A few months back (probably almost a year now, actually), my organization bought several (*cough* 90, whoops) licenses for Ghost Solution Suite 2.0. After several weeks of installing, uninstalling, reinstalling, conifugring routers, mucking with the domain, and client installs, we finally got it to work in conjunction with WINS. Because of the nature of my organization, we don't have direct control over our routers and switches - they're controlled remotely at another site several hours away. As such, we are unable to use Mutlicasting.

So, late one night when we finally had GSS running, one of my coworkers and I decided to see what we could do with it. We noticed that we could edit different computer settings - domain membership, computer names, etc.

I would also like to point out that at this point, we didn't have a console account set up for Ghost in the domain.

You can probably see where this is going.

My coworker decided to...