This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can EC protect computers outside the domain/forest?

Is it possible for EX to protect computers outside the domain/forest in which the EC is installed? Our environment includes a large number of domains and forests -- some with trusts, some without.

For instance, it's unclear to me if the credentials one types in the Protect Wizard are ... local admin on the target box? Domain admin on the EC domain/box? The wizard only proceeds if I enter credentials on the EC domain/box which are themselves authorized to administrate the EC. From this, I infer that EC assumes that target machines are in the same domain as the EC itself.

Is it possible to protect machines which are NOT in the same forest/domain as the EC?

Thanks for any help,

Andrew

This thread was automatically locked due to age.

0 jak over 14 years ago

Hi,

The account you specify in the deployment wizard needs to be able to log on to the management service machine. The management service locally impersonates it in order to create the scheduled task on the remote machine.

You can protect a machine in another domain, but the account has to be able to log onto the machine where the management server resides and have admin rights over the target machine. Remote Registry and C$ are a good test as is creating a scheduled task remotely.

It is also worth pointing out that the management service uses the NetBIOS machine name to attempt the protect so ensure the domain suffixes are correct in the DNS networking tab.

If this is not possible maybe consider start-up scripts or using psexec to deploy to remote machines. I once considered writing a little psexec wrapper app to deploy SAV, i.e. run setup.exe on various target machines using all the necessary switches to supplement SEC but never quite got around to it. It would be quite simple though.

Thanks,

Jak
:6099
Cancel
Vote Up 0 Vote Down

Cancel