Selecting Computers to Manage

[m.richards 0]

I have a seemingly bespoke situation because I can't find any documentation to support what I'm trying to do. I have all computers in the same Active Directory; I only want to manage some of them via ESMC but I don't want to manually add PCs to groups. For example AD OU structure is:

AD DOMAIN OUs:

>Computers

>>Office 1

>>>Computer Type 1

>>>Computer Type 2

>>Office 2

>>>Computer Type 1

>>>Computer Type 2

etc.

All "Computer Type 1" PCs I want to install ESET and manage via ESMC but all "Computer Type 2" PCs have different licensing and different non-ESET Antivirus. If we have to manually add PCs or new static groups to policies eventually one will get missed and PCs will be unprotected so I want a dynamic solution.

Ideally I want to sync AD OUs to ESMC Static Groups as usual but then create Dynamic Groups that include all PCs from Static Groups that are called "Computer Type 1". I saw an old forum post for Remote Administrator 6 that said this functionality was coming in V7 but can't find it. Is this possible?

Alternatively is it possible import PCs into static groups from a csv via a Server Task? That way I could create a Windows server task to export computers from desired OUs to a csv and create a ESMC task to import the csv on schedule?

Finally is it possible to manage the ESMC via command-line? I found old documentation that says use the eracmd.exe but this doesn't seem to exist in my ESMC install directory? If CLI is still possible can we script the csv import?

Thanks!

Matt

[MichalJ 434]

Hi Matt,

Is there anything besides manual identification that could be used for putting a computer into a Type 1 / Type 2 devices? 

You currently can´t add content of dynamic group, based on static group membership. But you can theoretically specify conditions based on computer naming convention, IP Range, Device Type, or any supported attribute. 

If the "Type 1" is a static group in your AD, then the only thing you need to do is to create a DG under this static group. 

With regards to your 2nd question: there is no option to initiate a server task for CSV import. 

Concerning the 3rd point: we have server API, not an command line interface. Theoretically, you can achieve something similar, but I am not sure if any effective documentation exist with regards to how to achieve it. 

[m.richards 0]

Quote

Is there anything besides manual identification that could be used for putting a computer into a Type 1 / Type 2 devices?

Unfortunately we've managed to use the OU structure for everything else so both PC naming format and network are the same from each "Office #" OU. I've also checked the rest of the options in New Group Template and none of them guarantee we would capture all relevant PCs.

Quote

If the "Type 1" is a static group in your AD, then the only thing you need to do is to create a DG under this static group.

Because we have multiple static groups I don't think this would help us as I don't think I can add 1 DG to multiple SGs so I'd have the same issue needing to manually add policies to the groups I want unless I've missed something?

 

[MichalJ 434]

You can do nested DGs, meaning you replicate the same template, under different SG locations. 

Meaning: 

• Office1
  • Computer Type1 SG
    • DG1
  • Computer Type 2SG
    • DG2
    • DG3
• Office2
  • Computer Type1 SG
    • DG4 (same template as DG1) 
  • Computer Type 2SG
    • DG5 (same template as DG2) 
    • DG6 (same template as DG3) 

Yes, you will have to add policies manually, to those DGs, but DGs can be identified by parameters, like product / or any other valid conditions. What would be the condition you would like to use, besides the "specifics" you want to specify manually (like custom attributes) ? 

[m.richards 0]

So the specifics would be "Windows OS (Client)" but that solution doesn't avoid my main issue of not wanting to do anything manually to add/remove computers. Also this over complicates the issue because each SG only contains one type of computer anyway so theres no need to add sub-DGs. I thought you were suggesting we could:

• Computers
  • Office 1
    • Computer type 1 SG
      • DG1 *
    • Computer Type 2 SG
  • Office 2
    • Computer type 1 SG
      • DG1 *
    • Computer Type 2 SG

* same DG assigned to multiple ST

It sounds like I'll probably need to reorganize my OU structure which I really hoped to avoid.

Semi-related question, why was the ERA CLI management dropped? I get it's not commonly required but would really help in situations like this. Is this something that is likely to return in future releases?

[MichalJ 434]

What you can theoretically do (but that would work only in case that the policies are intended to be the same on all devices, regardless the "location" (office 1 / 2 / n), you can place the particular DG on the root level. You currently can´t assign a DG to multiple SGs, as assignment has to respect hierarchy. 

With regards to the drop of CLI, ESMC (V7) is a bit different code base. We have replaced CLI with API, which should serve as a replacement that should theoretically achieve the same set of things.  https://help.eset.com/esmc_install/70/api/