/build/static/layout/Breadcrumb_cap_w.png
10/28/2016 1310 views

I have a lot of clients already provisioned, and in the past we have always used the built in agent provisioning from the K1000. Due to security changes, the provisioning no longer works from the K1000. I'm looking into other ways to provision the agent going forward. It seems like group policy would be the best option but I had some questions regarding this method.

1. How will the clients that were already provisioned from the K1000 react or be affected by a new GPO that installs the agent? Will this cause any problems for them?

2. What is the best way to update agents going forward? The K1000 has handled updates in the past but I'm assuming I'd need to disable that and handle it through GPO. Will I be able to update agents through group policy that were not originally installed by the GPO? I've seen conflicting information about setting up the GPO to "Allow Users to continue to use the software, but prevent new installations" versus "Immediately uninstall the software from users and computers" when updating it for new versions.

Many thanks if someone more experienced can give me some insight on this. The documentation and questions I've been able to find seem outdated.

0 Comments   [ + ] Show comments

Comments


All Answers

0

0
GPO Provisioning is the best way to go.... for new computers/reimaging. When a new agent update occurs, we use a smart label that detects agent version and upgrades the agent in-place. 
Answered 10/31/2016 by: jayrobinson
Yellow Belt

  • How are you actually doing the upgrade against the label? Also, how will the GPO behave against devices that weren't provisioned by GPO originally?
  • the update functionality of the appliance checks for the labels which are linked to it each time (it is the runkbot 5 or 7 depending on the OS) if the agent needs to be uploaded and uses the script to do this automaticly, so a label itself which checks which system does not have the latest agent doubles this check.
0
When you say you are using provisioning are you using the schedules to provision?  I have run into problems in the past sometimes when the versions were so close it would think it was already installed. 

I have gone to using the update Agents under provisioning.
Answered 10/31/2016 by: SMal.tmcc
Red Belt

  • The K1000 does a pretty solid job of updating agents where they are already provisioned. We have used the schedules in the past for new devices but that no longer works because of our environment. I'd like to use a GPO for provisioning new devices, I just don't really understand whether creating the GPO now will interfere with already provisioned devices and how updates coincide with the GPO.
    • I know its later but... the GPO will not interfere with already provisioned devices. It just does installs an agent if the computer doesn't have one.
      • Awesome, thanks for your reply. I thought I had read somewhere that it would try to install anyway if the original agent wasn't installed via GPO, but rather by another method. I may just do some testing before I roll it out.