Allow PMC/PMS admins to run non-F-Secure commands on clients
The PMC/PMS is a very good engine for distributing F-Secure software, and why not use this engine to distribute or run more than just F-Secure updates on computers that have an administered version of F-Secure installed?
Let me explain: We sometimes need to run a simple .bat file or .msi file on a group of computers without the user's interaction, and running it using a login script is not always a viable option. We want the file to be run now, without having the users log off/on. It would be very nice if we could place the .bat/.msi file on a network share and then run it by distributing an execute command to the selected clients that we want to run it. It would not just be a set of predefined commands hardcoded into the PMC gui, but rather a "remote command line" that can be used to run admin specified commands.
I can see this feature fitting nicely on the "Operations" tab in PMC, together with the option tos to update virus defs and scan for viruses.
On my short list of useful commands to run on clients would be the reset UID command so I can generate the new style GUIDs on clients that are upgraded from older versions of F-Secure and thus having the older UIDs.Yeah, I know that this feature will soon be obsolete, but I still have over 1000 computers with old style UIDs, and I want to bump them up to GUIDs.
After all, if you don't trust your friendly neighborhood F-Secure admin to only run safe and secure commands on the administered computers, then who do you trust? The users?
Comments
-
-
Thanks for the info, MJ.
That wasn't a very intuitive place to put such a (to me at least) useful feature. It deserves a spot on the Operations tab in Anti-virus mode. Plus, it wasn't the most intuitive or well documentet feature I have seen. Can't find it mentioned in the PMC admin guide. And some feedback from the GUI when using the feature would be appreciated.
I tried to schedule a Reset UID on approx. 400 PCs five hours ago, and not a single computer has reset it's UID so far. Of course, it would require at least one reboot for it to kick in, but at least a few of 400 computers would have rebooted during the day.
-
-
The Client Security hosts are running 9.11 or 9.20. We replace computers every three years, so many computers have a 2-3 year old F-Secure base install that has been upgraded several times. A lot of them started on 8.00 or 8.01 and are now on 9.11 or 9.20 (via 9.00 or 9.01). All computers that startet with a pre 9.11 install have the old UID, and some of them have the same UID (cloned from the same image). By repeatedly pushing a UID reset to the cloned computer, they will eventually get new and truly unique UIDs.
I know I may seem weird for wanting to reset the UIDs and use the new GUIDs on all older computers, but I guess I want all computers to be truly uniquely identifiable with the new GUID format...
-
No, the idea is correct and understandable.
But 9.11 has a different RESETUID than 9.20 and only with 9.20 you are really able to change it to GUID using resetuid.
for 9.11 you also would need some modifications in the registry, it requires TWO reboots and the GUID is not safe (some vendors created the cloned the BIOSID) in the meantime you might experience duplicate systems in the console.
have the systems upgrade to 9.20 first!
BR
-