Any advice on whether i can do this and what i would add to group policy would be appreciated. If they're connected via low bandwith pipes, then get them to update directly from Mc Afee and specify this in the e PO Agent policy that controls them Cheers Si Hi, Thanks for responding, i will expand further, This is a stand alone network where users dial in using point to point ISDN (1b channel) the server or clients have no access to the outside world.
they connect, run a batch file and then replace their scan.dat, files by running the batch file, but you should not have any requirements on the clients to launch files Does that make sense or am I missing something ?
I'm not sure why you think files have anything to do with it apart from the Super Dat files ?
The default Windows 2003 policy as it stands allows users to download exe files but will block when user attempts to launch.
I know i could probably make them a local power user or admin but that will not be suitable.
But as you can guess since some users do not VPN in as often as I would like my reports show the laptops are not updating although they probably are considering the e PO agents are configured to hit the NAI site, they are just not telling my e PO server they are current. If I stand up a new e PO server in the DMZ and point it to the same SQL database that the current e PO server is using, would this be a bad idea?
Ideally what I would like to do is have both e PO servers on the same report the master generates and the only way I know how to accomplish this is to have them both writing to the same SQL database.
My problem is that i would like them to be able to download Mcafee DAT files and update locally on their laptops but not launch other exe files at will. Thanks Hi Stuart That's a really long winded way of doing things and really leaves your clients exposed with a massive window of vulnerability to new malware The correct way to do that would be to create a distributed repository or superagent and tell the e PO agent on each machine to update from either the distributed repository or superagent With group policy, you are just not going to achieve what you want The DAT files are normally KB in size so would not have a problem over a dialup line, let alone an ISDN line Do you not want the clients to update automatically ?
You could set a scheduled task to update an internal ftp site automatically and then get the clients to point to an internal ftp site as a repository when the clients connect You could copy the dat files down by batch file, i.e.
Thanks Source Sites on e PO 4.0When each workstation is actually connected to the e PO the current info will then be imported into the SQL database and then able to be used for reporting and such.
I don't know if two e PO servers can use the same SQL database. I think the anwser you are looking dfor is using Epo 4.5 and placing an Agent Handler in the DMZ.
Client DAT update there's a schedule tab when you go into properties (it defaults to the Task tab).