![]() ![]() We have a domain-join approach that has worked well for us. I’d recommend instead of doing this kind of a policy, you check into using OS Deployment and Bare Metal Imaging, which can handle installing the OS, uniquely naming each machine, and performing the Domain Joins when you provision the machine. ![]() But because the encryption keys for each client need to be known when you take the action, you cannot target such an action dynamically or make it a policy - the keys for the clients are not created until they register to the Bigfix deployment. With Secure Parameters, the password can be uniquely encrypted and sent to each targeted endpoint. We have a method to protect those on the server and relay, known as Secure Parameters. Those are security sensitive, as they could be retrieved from the client or by malicious action queries to the relays. OS Deployment handles naming computers based on their MAC address, Serial Number, Asset Tag, or IP Address, because these can all be detected at the client and may be an avenue for you to consider.Ī fixlet to change a name of a Domain computer or to Join a domain will need Domain credentials. ![]() You’d have difficulty using an incrementing number like ‘newpc01’ and ‘newpc02’, because one client doesn’t know which number another one chose. Renaming client machines isn’t too bad, but you’d need to do that based on some client attribute. Because it’s complex, doesn’t have a wider use case that I can see, would take a considerable amount of time, and would have security implications, I don’t think this is something I can spend time on. I’m not sure I understand the use case for it. Since you tagged me on the post though I’ll give a but of explanation. Normally if I was not going to work on something I’d stay silent and see whether someone else picks up the gauntlet. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |