Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 2979 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protect Clients in diffrent domains

Ralph Fabian

Hello,

 

actualy we have to Active-Directory Forests with one domain in each.

We want to protect clients with endpoint protection located in other domoain than the enterprise console. This should be no problem, or ? I only need to deploy the client with a user from other domain right ?

But the next step will be, that we move all clients a few month after the deployement to the same domain where the enterprise console is located. Do we need to redeploy the endpoint protection client, or do we need to do anything else, or do we need to do nothing. Only change domainmemebership of the clients ?

 

Thanks in Advance,

Ralph



This thread was automatically locked due to age.
Parents
  • 0

    Hello Ralph,

    the client isn't domain-aware (and neither is SEC). It must be able to resolve the server name in the updating policy and access the share with the specified credentials. Do you mean Protect Computers when you say deployment? This could be tricky. I'd suggest installing with a package or a GPO.

    If you change the membership the endpoints will report a new domain but as they keep their identity if you do nothing SEC should recognize them as the same.

    Christian

Reply
  • 0

    Hello Ralph,

    the client isn't domain-aware (and neither is SEC). It must be able to resolve the server name in the updating policy and access the share with the specified credentials. Do you mean Protect Computers when you say deployment? This could be tricky. I'd suggest installing with a package or a GPO.

    If you change the membership the endpoints will report a new domain but as they keep their identity if you do nothing SEC should recognize them as the same.

    Christian

Children
  • 0 in reply to QC

    Hello Christian,

     

    thank you for your reply.

    OK. Resolving Servername is not an issue. For my understanding, because i do not know the Software actually, i need two credentials to deploy the Endpoint Protection Client:

    1. on the Client in other Domain to deploy, 2. on the source Domain where the Console is located an account to Access the update share ?

    For the deployment of the Client we are using our central Software deployment platform. So this should also be no issue.

    So it Looks quit easy and should not be a big issue for the way we want to go.

     

    Thanks

    Ralph

  • 0 in reply to Ralph Fabian

    Hello Ralph,

    two credentials
    err - no. my bad. Shouldn't have mentioned Protect Computers. It's hard to know what people are up to [:)] - the expectation that SEC's Protect Computers can magically deploy to endpoints is not uncommon.

    Anyway, there are no special requirements for the endpoint installation other than it must be, naturally, done by an administrator as this is machine software. The installer (a bootstrap setup.exe) uses the Windows Installer to install AutoUpdate which then downloads the other components from the CID and installs them. As said, the endpoints must be able to access the share with the credentials specified in the updating policy.

    Christian

  • 0 in reply to QC

    the missunderstanding Comes from my bad english. Anyway.

     

    For me now it´s clear.

    Thank you for your Support.

     

    Ralph

     

Unfiltered HTML