?
Solved

Do I install Anti Virus Client before imaging?

Posted on 2011-05-10
15
Medium Priority
?
1,581 Views
Last Modified: 2013-12-09
When preparing images, why is it better to join to the domain, and install the Anti Virus client after we create the image and restore another computer? I thought this was the correct way to do this, but I have seen people actually prepare a computer, join to the domain and install the McAfee client before cloning it, so that the computers that get cloned allready have McAfee client installed and are on the domain?
0
Comment
Question by:fstinc
  • 5
  • 3
  • 3
  • +3
15 Comments
 
LVL 7

Expert Comment

by:jaguarpriest
ID: 35731016
well this a matter of practicality. If it is practical to box a computer ready to go and have it brought up somewhere else, it should be ready to log into the domain since it is already a member of. Otherwise and administrator would have to unpack the computer and join it to the domain where ever it may go. The antivirus probably has no impact before or after. I would probably prep it all before to minimize what needs to be done when the computer is brought online. Once online the antivirus would simple get the latest definitions. Ideally you can restore this prepared image and hand it to the client to simply plug in and turn on.
0
 

Author Comment

by:fstinc
ID: 35731043
How about active directory problems. I always thought that computers are to get joined to the domain after cloning because there will be duplicate computers names on the network?
0
 
LVL 7

Expert Comment

by:jaguarpriest
ID: 35731102
Well the idea is that it is a "backup" correct? If the computer that was online fails, it is the reason you would use the image to put it back onilne. The idea is that you are replacing the existing computer, not bringing it online along side it. Maybe i misunderstood. If i did, i do apologize
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:fstinc
ID: 35731124
Yeah, misunderstanding. I am referring to cloning many computers for employees on our network. I am not referring to actual backups and restores on a single computer.
0
 
LVL 7

Expert Comment

by:jaguarpriest
ID: 35731160
I see, so i think it still stands to how practical it is for you to distribute these machines. If an admin is to set them up at the location they can log in with the admin password, then join the domain and reboot. I would probably install the Antivirus Before hand so it is ready. Unless you are using an Internal antivirus solution that requires some kind of authentications from AD I don't see the need for that piece to be installed afterwards. It would be just more efficient.
0
 
LVL 3

Accepted Solution

by:
brianm71 earned 800 total points
ID: 35731346
Before Capturing an Image

Delete the Agent GUID and MAC address keys

1.Open Registry Editor
•Click Start | Run type Regedit
•Navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent]
•Right-Click MacAddress and select Delete
•Right-Click AgentGUID and select Delete
1.Shut down the OS immediately after performing Step 1 so that the Agent does not check into the ePO server and create a new Agent GUID.
Finish the Image Process:

•Capture the image with the image software (Ghost, Acronis, Alteris, etc.)
•Push the image out to the computers that are to be imaged
•Start the computers and run any tools necessary to rename them.
•The McAfee Framework Service will start and check in with the ePO server
¿A new AgentGUID key is created
¿A new MacAddress key is created
¿The ePO database is updated and the system tree is populated
0
 

Author Comment

by:fstinc
ID: 35731440
Not doing so causes duplicate keys correct which is a problem  right? My manager wants to add the EPO agent before capturing the reimage, but does not want to delete anything on REG. Thanks.
0
 
LVL 8

Assisted Solution

by:ActiveDirectoryman
ActiveDirectoryman earned 400 total points
ID: 35731539


You have to remove the GUID.  it is a unique identifier. if you dont do that you will have problems because  each client cannot have the same guid. the guid has to be created.   Its like having a SID for your OS.  You can't have two computers with the same security Identifier. Thats why you have to sysprep the machine and clear all of that out.   Having object conflicts is the last thing you need on your network.  You dont want hundreds of clients deployed with the same GUID.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35731637
Remember that these are local GUIDs (not network GUIDs).

You will still want to sysprep either way. What OS are you deploying and how are you deploying it?

We do not put any software on the image. Instead we deploy software such as an antivirus. The machine will get it right after the Out of Box Experience runs (right after joining the domain and rebooting). This allows us to never update the image when a new antivirus definition/software comes out. Imaged machines always have the latest version before the first user logs on.
0
 

Author Comment

by:fstinc
ID: 35731645
What kind of problems can this cause?
0
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 400 total points
ID: 35731664
Duplicate local GUIDs can allow unauthorized acces to local resources from users that do not have access.
0
 
LVL 3

Assisted Solution

by:brianm71
brianm71 earned 800 total points
ID: 35731679
The machines will also not talk to you epo server and receive the correct policies and tasks.
0
 

Author Comment

by:fstinc
ID: 35731680
I am trying to deploy Virus Scan VSE 8.7 on a 64 bit Windows 7 Machine.

The image is getting captured using Symantec Ghost.

Its definitely makes sense that duplicate Guids will cause problems, but what kind since I need to convince my manager to not deploy the client Antivirus and not join to the domain prior to capturing an image.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 35731720
Joining to the domain is supported as long as the machine is syspreped before the image is captured. Syspreping will remove any domain settings (that are not preferences).
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 400 total points
ID: 35732814
I always used McAfee ePO on my networks - and NEVER added the McAfee client to any image/clone.

When you add the system to the domain, ePO is going to identify it and push the agent within minutes, so there is no need to add it manually.

As mentioned above, you are going to have any number of identity problems - including identifying/managing the client from your ePO console.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question