Jump to content

[Help] Dynamic groups, dynamic templates and peer cert problem


Adhara-CS
 Share

Recommended Posts

Hi all,

 

We are trying to make the ERA server and agents to run as dynamically as possible, by that we mean:

We do have several group of users that don't have the right to the same ESET products and do have different policies applyed...

 

Therefore we:

  1. Generate a peer certificate per user group
  2. Create a new dynamic group template per group
  3. Create a new dynamic group (per group) and apply the group's template
  4. To finish we generate an agent live installer for each user group

That way, each agent live installer has a different certificate for each group, and so: each new agent is directly connected to ERA and computer is set in the correct group (thanks to the dynamic template that is matching the peer certificate serial number).

 

Well the problem is that this is theory and doesn't work !

The problems we encounter:

  • When the peer certificate has a password, the agent live installer setup never ends (we don't know why, we tried it on WIndows 7, 8 and 8.1)
  • When the peer certificate has no password, the agent live installer works but afet er setup the new computers are still in the "Lost & Found" directory of ERA

 

Here is what how we did it:

 

Here we allready have a peer certificate per group !

 

Create a new dynamic group template:

  • In the Web Console, navigate to Admin > Dynamic Group Templates > Click on "New Template" (down on the left).
  • Click on Basic to roll out the settings page
  • Enter a Name and a Description for the group template [company name - Peer Certificate detection]
  • Click on Expression to roll out the settings page
  • Select "+ Add rule" > click on "Peer Certificate" > "Serial number" and click on "OK"
  • Back in 'Expression', paste the Peer Certificate serial number.
  • Click on finish (down left of the page).

Create a new dynamic group:

  • In the Web Console, navigate to Computers and click on "All" (in the left "Computers" menu bar) > New Dynamic Group.
  • Click on Basic to roll out the settings page
  • Enter a Nam and a Description for the group [company name]
  • Click on Template to roll out the settings page
  • Select choose existing and select the template you just created.
  • Click on finish (down left of the page).

Create a agent live installer:

  • To generate setup scripts In the Web Console, navigate to Admin > (under in the left menu) "Agent Live Installers":
  • Server hostname: <OUR_SERVER_URL>
  • Peer certificate: ERA certificate
  • ERA certificate: Select the Peer Certificate you just created
  • To finish click on "Get installers"

 

We really need this to work as we cannot go on moving computers in groups and setting policies for hundred or thousand computers manually.

 

 

PS: It seems to work, but only when the dynamic group is directly under "ALL", bu not when the dynamic group is in a "Static group"

Which doesn't fit our needs !

 

 

If someone has a clue about the problem, he/she will be welcome...

 

Thank you

Edited by Adhara-CS
Link to comment
Share on other sites

  • ESET Moderators

Hello,

 

I spoke about this with a colleague and we found out that you have ticket opened for this with us, right?

 

If yes can we continue with the solution via the ticket?

Can you please share the solution with the community here once successfully solved?

 

Thank you.

 

P.R.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...