Endpoint Protection

 View Only

  • 1.  Kick off LiveUpdate by a non-administrative user?

    Posted Jan 10, 2018 03:21 PM

    So we've run into a situation where our users on travel (they are not administrators on their own laptops), cannot connect to our VPN until SEP has a recent set of definitions. While I do have an "off site" location awareness policy that directs them to the Symantec LiveUpdate servers, it seems as though the LiveUpdate process does not happen very quickly, and I like a method to jump start the LiveUpdate process on demand. I believe that SepLiveUpdate.exe will not launch as a non-administrative user, so that's out.

    Options I've thought of are to set a scheduled task that runs SepLiveUpdate.exe (as the Local System account) upon logon (maybe with a 5 minute delay). Or maybe to utilize SCCM to kick off SepLiveUpdate.exe.

    Does anyone one have an idea as to how a non-administrative user could manually kick off the LiveUpdate process?

    Thanks for your time,
    -Mike



  • 2.  RE: Kick off LiveUpdate by a non-administrative user?
    Best Answer

    Posted Jan 11, 2018 10:30 AM

    Using SCCM

    Create a Desired configuration Managed rule which would run Liveupdate when users are not in particular IP range or not connected to domain..

     



  • 3.  RE: Kick off LiveUpdate by a non-administrative user?

    Posted Jan 15, 2018 09:20 AM

    Thanks for the reply Rafeeq. I'm not sure if I'll ultimately use this suggestion, but it's a good one nonetheless.



  • 4.  RE: Kick off LiveUpdate by a non-administrative user?

    Posted Jan 15, 2018 09:43 AM

    make a laptop collection, deploy the DCM powershell as per this discussion

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/81954fae-029d-4bd1-8ca0-89c162afb458/how-can-i-test-if-machine-is-actively-connected-to-a-domain?forum=winserverpowershell

    let it run during logon, if not in domain, then run the LU using system account