pronto 6 Posted August 2, 2021 Share Posted August 2, 2021 Servus Community, I need to upgrade all Mac OSX clients to a newer operating system version and prefer a clean reinstallation in most cases. In order to remove the ESET clients from the server console and release the license, I wanted to create an uninstall task according to this guide [1]. But now this task only allows either a security product or an agent version as the product to be removed. This means that with this strategy I need two tasks per client and then one task for each version used. I am not primarily concerned with a clean uninstall on the clients, but rather a clean removal in the server database and the release of the license. Can this be made easier? Note: On the newly installed systems, ESET should be installed again, but with the latest versions. The name of the workstation will also change, only the IP address will remain mostly the same. So I have not much hope that the newly installed client will reconnect with the old license and database record afterwards. [1] https://support.eset.com/en/kb7724-push-uninstall-to-client-workstations-using-eset-protect-8x ESET PROTECT (Server), Version 8.0 (8.0.1258.0) ESET PROTECT (Web Console), Version 8.0 (8.0.191.0) Thx & Bye Tom Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted August 2, 2021 ESET Staff Share Posted August 2, 2021 2 hours ago, pronto said: This means that with this strategy I need two tasks per client and then one task for each version used. When creating software uninstallation task, it is possible to configure it in a way that product will be uninstalled regardless of present version, so there is no need to create separate for each installed version. But still multiple tassks will be required to uninstall different products. 2 hours ago, pronto said: Note: On the newly installed systems, ESET should be installed again, but with the latest versions. The name of the workstation will also change, only the IP address will remain mostly the same. So I have not much hope that the newly installed client will reconnect with the old license and database record afterwards. Connection between device entity as visible in console and actually installed ESET Management Agent is based on identifier stored in it's database, so no changes in hardware nor software will change this interconnection. In this case, I would recommend to leave installation of ESET Management Agent intact, it should automatically reconnect to management console after operating system upgrade - only possible issues might occur in case connectivity parameters will change in a way that actually new installation or new configuration of ESET Management Agent is required. In case name of the device changes, it won't be reflected automatically in the console, but there is a task that can be executed regularly, which will synchronize real FQDN name of device with device name as seen in the console. There is also an alternative to use "multi-rename" mechanisms for one-time renaming procedure, once systems are updated and new hostnames/FQDNs are reported to console. Could you possibly provide more details of why would you follow originally proposed steps? Asking because I would expect that both ESET products should do "survive" upgrade of operating system, especially in case both of the product are upgraded and do support new OS version. Link to comment Share on other sites More sharing options...
pronto 6 Posted August 2, 2021 Author Share Posted August 2, 2021 4 minutes ago, MartinK said: Could you possibly provide more details of why would you follow originally proposed steps? Asking because I would expect that both ESET products should do "survive" upgrade of operating system, especially in case both of the product are upgraded and do support new OS version. Servus Martin, there is a misunderstanding, I primarily plan to reinstall the systems. The new operating system no longer supports 32 bit applications, so after an upgrade I will be left with some legacy applications, which I would like to avoid. So keeping the agent is not an option. However, I could get comfortable with not necessarily uninstalling the ESET applications on the clients, because the system will be reinstalled anyway, but I definitely need to get them out of the database in a clean and supported way, with releasing the license afterwards. Since I have a lot of work to do with the migration anyway, I'm primarily interested in the cleanest solution, not necessarily the fastest. There is no need for a quick and dirty solution... Thanks for your attention & Bye Tom Link to comment Share on other sites More sharing options...
ESET Staff Solution MartinK 384 Posted August 2, 2021 ESET Staff Solution Share Posted August 2, 2021 59 minutes ago, pronto said: Servus Martin, there is a misunderstanding, I primarily plan to reinstall the systems. The new operating system no longer supports 32 bit applications, so after an upgrade I will be left with some legacy applications, which I would like to avoid. So keeping the agent is not an option. However, I could get comfortable with not necessarily uninstalling the ESET applications on the clients, because the system will be reinstalled anyway, but I definitely need to get them out of the database in a clean and supported way, with releasing the license afterwards. Since I have a lot of work to do with the migration anyway, I'm primarily interested in the cleanest solution, not necessarily the fastest. There is no need for a quick and dirty solution... Thanks for your attention & Bye Tom Now it makes sense, and obviously retaining installed ESET applications is not a way. Technically after re-installation of ESET Management Agent, new "computer" entity will be created in the console (except in case so called Remote Deployment Task is used to re-deploy management agents) so you will end up with duplicate entries in the console, where original entities will be no longer connecting. In order to clean them up, simple removal from console is sufficient, where during this removal process, you will be asked, whether devices should be also deactivated - you should chose this option, otherwise you will end up with license overusage due to seeming duplicate use. This would automatically recover after some time but it would take probably month. Explicit deactivation performed by console does not require client to be connection to management console and it is similar to deactivation that can be performed from ESET Business Account or other licensing portals. Once devices are removed from console, upcomming cleanups that are performed once a day will remove also data tied to no longer removed devices, so detections and other similar data tied to specific and no longer existing devices will be completely purged. Just be aware, that policy assignments to specific devices or similar configuration will be actually lost by device removal and duplication, i.e. such custom configuration will have to be re-created afterwards. So in short, I would follow these steps: Mark devices that are to be re-installed in the console, for example by tags or by moving them to specific static group. This is just for purpose of later identification of such devices if it won't be possible to distinguish old and new installations. Reinstall devices, i.e. perform OS upgrade and re-deployment of ESET Management Agent and ESET security product Re-create device specific policy assignments and similar device-specific settings that will be lost once devices are removed from the console -> i.e. manual mirroring of such properties is required. This might mostly include policies assigned to devices, tasks to-be-executed on specific clients, tags and possibly also report filters for specific devices - if used. Remove already reinstalled devices from the console with enabled deactivation. In case history date for device is to be retained, deactivation without removal is also possible, even after device has been reinstalled already. Link to comment Share on other sites More sharing options...
pronto 6 Posted August 5, 2021 Author Share Posted August 5, 2021 Servus Martin, sorry for my late reply. It works as you describe above without uninstalling the ESET products from the client. Only removing and deaktivating in the Protect console was necessary... Thank you very much & Bye Tom Link to comment Share on other sites More sharing options...
Recommended Posts