Group non-av machines?

Hello MattRR,

I'll try to unravel the different topics here in the hope it help you finding the best approach.

Licensing: SESC does not enforce licensing. While it does report the number and state of your computers if you allow it to do so (you don't have to - furthermore you can elect to remain anonymous if you do) this information isn't linked AFAIK in any way to sales data. As you could have computers where SAV is installed but not RMS (which might or might not be known to SEC - see below for managed)), computers with RMS but not SAV (which is somewhat senseless but possible) and computers which have neither (again they might be known to SEC or not) the consolidated information could reveal "license violations" only under very specific circumstances. 

Managed computers: The term refers to computers which have the RMS component installed and are communicating with the server (and not to all the computers SEC knows). Unmanaged computers are those known to SEC (note that there might be "invisible" ones - those which have been deleted from SEC, not the database, and not reported back since).

Finding computers: There are basically two ways a computer can be added to SEC - when SESC is installed with an appropriate RMS package, in which case it will connect to SEC after install and added to the database, or proactively (with the possible intention of protecting it later).

The latter comes in four flavours:

1. Automatic (aka AD sync) - SEC regularly polls one or more AD containers for new computer objects. In doing so it also mirrors the AD structure below the synchronised containers. In addition you can choose whether SEC should automatically attempt to protect the computers or not. Computers whose corresponding object has been removed from AD will be moved to the Unassigned group
2. Import from AD - on manual request, imports the group structure below the specified container with or without the computers; no automatic protection
3. Discover - "finds" computers, for network discovery methods the computer must be switched on. All found items are put into the Unassigned group
4. Import from a file - in principle this is inserting basic computer information into the database. You'd use this if your computers can't be discovered (but then it is unlikely you can protect them from SEC) or to pre-assign computers (which will later be protected by other means) to specific groups

I'd expect that using an appropriate method you should be able to "find" only computers belonging to "your" domain. If you have troubles with this feel free to discuss it further. You don't have to remove the existing "unwanted" computers from the database (although you could do so), simple deletion suffices as far as management is concerned.

If I have misunderstood yo, please let me know. Otherwise

HTH

Christian

Hello MattRR,

I'll try to unravel the different topics here in the hope it help you finding the best approach.

Licensing: SESC does not enforce licensing. While it does report the number and state of your computers if you allow it to do so (you don't have to - furthermore you can elect to remain anonymous if you do) this information isn't linked AFAIK in any way to sales data. As you could have computers where SAV is installed but not RMS (which might or might not be known to SEC - see below for managed)), computers with RMS but not SAV (which is somewhat senseless but possible) and computers which have neither (again they might be known to SEC or not) the consolidated information could reveal "license violations" only under very specific circumstances. 

Managed computers: The term refers to computers which have the RMS component installed and are communicating with the server (and not to all the computers SEC knows). Unmanaged computers are those known to SEC (note that there might be "invisible" ones - those which have been deleted from SEC, not the database, and not reported back since).

Finding computers: There are basically two ways a computer can be added to SEC - when SESC is installed with an appropriate RMS package, in which case it will connect to SEC after install and added to the database, or proactively (with the possible intention of protecting it later).

The latter comes in four flavours:

1. Automatic (aka AD sync) - SEC regularly polls one or more AD containers for new computer objects. In doing so it also mirrors the AD structure below the synchronised containers. In addition you can choose whether SEC should automatically attempt to protect the computers or not. Computers whose corresponding object has been removed from AD will be moved to the Unassigned group
2. Import from AD - on manual request, imports the group structure below the specified container with or without the computers; no automatic protection
3. Discover - "finds" computers, for network discovery methods the computer must be switched on. All found items are put into the Unassigned group
4. Import from a file - in principle this is inserting basic computer information into the database. You'd use this if your computers can't be discovered (but then it is unlikely you can protect them from SEC) or to pre-assign computers (which will later be protected by other means) to specific groups

I'd expect that using an appropriate method you should be able to "find" only computers belonging to "your" domain. If you have troubles with this feel free to discuss it further. You don't have to remove the existing "unwanted" computers from the database (although you could do so), simple deletion suffices as far as management is concerned.

If I have misunderstood yo, please let me know. Otherwise

HTH

Christian