Jump to content

Recommended Posts

Posted

Good morning/afternoon/evening!

 

I've heard some of the ESET staff here talk about setting up a dynamic group based on who is logged into a computer. It would be nice to setup a dynamic group of computers where No user is logged into the machine. This would be very helpful as that is one of the major deciding factors that go into whether we can start to preform a software update on a client machine. We obviously don't want to restart a user's machine while they're using it. Is there a way to setup a dynamic group that contains computers with no users logged into it? How often does eset check this information (the same time it reports to ERA, or?)? 

 

Thanks 

 

Jdashn

  • ESET Staff
Posted (edited)

It should be possible to create such group but I was not able to verify it. There are multiple options, but you may try to configure dynamic group template as in screenshot:

 

post-9831-0-65633800-1469820025_thumb.png

 

EDIT: dynamic group does not work in ERA 6.4

 

Once this dynamic group is replicated to AGENT, it is evaluated automatically and should detect change in list of logged users almost immediately as it is listening for system notifications. AGENT will be joining and leaving dynamic groups autonomously without active connection to SERVER -> if you attach specific task to this group, it will be executed even if computer is offline. I guess it is no surprise that you won't see offline computer joining/leaving dynamic group in Webconsole as this information requires working connection to SERVER.

Edited by MartinK
Posted

Thanks for the reply, I know i've tried something similar a few times using Regex. I have not tried using 'Has Mask'. I've setup a group and a template and it's applied. I've got a few test machines i have setup to report back to ERA every min so i should see some computers populate shortly (that and it's getting to be pretty late on a friday for everyone to still be in the office lol).

 

I will let you know if i see any machines there within an hour!

 

Thanks,

 

Jdashn

Posted

Sadly no computers have joined this dynamic group, but i know we've got computers actively reporting to ERA with no users logged in.  

 

Any other suggestions? 

 

 

Thank you very much!!!

 

Jdashn

  • ESET Staff
Posted

Have you also tried what happens after system reboot but before users logs in?

When users are leaving computer, do they actually log out, or they only lock screen? There is also possibility to create report with "Computer name" and "Logged user name" to check what is going on, but my guess is that computer will be still reporting last logged user.

Posted

So i've got a few test computers, and many many user computers. With our User machines there is likely all of the possibilities of a way a user can log off, think they logged off, reboots, etc etc etc. The test machines i know for sure that i've tested the following conditions with no success with the group as you suggested:

 

(with windows 7 64bit enterprise, laptops, desktops - all connected to network via cable (no wireless in this test) all set to have agent report to RA every 60sec). 

User logged in, then log out via start menu

User logged in, then logs out via start menu and reboot issued remotely

User logged in, then reboots machine from start menu

 

 

I'm wondering if the DB is just recording who logs into the computer and not who logs out. Which might be the logical, easier thing to code if all you are looking to do is change things based on who is logged in. Are you finding success in your environment with this query?  

 

Thanks,

 

Jdashn

  • ESET Staff
Posted
I'm wondering if the DB is just recording who logs into the computer and not who logs out. Which might be the logical, easier thing to code if all you are looking to do is change things based on who is logged in. Are you finding success in your environment with this query? 

 

I should have tested it before posting ... seems negated rule does not work as I have expected.

Problem is that when there is no one is logged in, list of logged users is empty and therefore evaluation of dynamic group is automatically considered as "not matching" (because there is no data to compare or match). I am currently not even sure what is correct behavior.

  • 7 months later...
Posted

It does appear that this has been changed/updated in version 6.5 (ERA) and it does appear that you can now create a group that represents computers with no one logged into them as the DB does now record logouts!

Thanks again for your help with this! And thanks to whomever saw the problem and fixed it for this new version!

 

Jdashn

  • ESET Staff
Posted
26 minutes ago, jdashn said:

It does appear that this has been changed/updated in version 6.5 (ERA) and it does appear that you can now create a group that represents computers with no one logged into them as the DB does now record logouts!

Thanks again for your help with this! And thanks to whomever saw the problem and fixed it for this new version!

Actually problem was in dynamic groups evaluation as described in my previous post. Logged users were reported correctly, but it was not possible to create dynamic group with required conditions (negate condition on empty list).

Posted

Ahh, When i was looking at the DB previously i had noticed that it didn't log logouts, so i had figured that ERA wouldn't be able to see if no one was logged in, because the DB only recorded 'who had logged in' .. at least that's how it appeared!

Regardless it's awesome that the test dynamic group i had setup, is now working. Once i get the other issues i've got with installing 6.5 cleared up this should really help for deployments!

Jdashn

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...