Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 28 replies
  • Subscribers 1 subscriber
  • Views 28149 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AV client push scheduled task doesn't run in Windows 7

kevindv10

Hello.

I have Enterprise Console (4.5 I think) running on Windows 2008 64-bit, trying to push out to Windows 7 clients. About 60% of the clients receive and install ok, but the rest don't. I thought their group policies were the same but maybe not.

Anyway, I can see the scheduled task being created on the client, but it doens't run. If I run it manually the client installs fine and updates with Enterprise Console, but I can't manually run the task on hundreds of clients.

I've spent a lot of time trying to find a group policy that might be restricting the remotely created scheduled task from running (with everything up to and including domain admin credentials) but I'm empty handed. Anyone know what the problem might be?

A tech from Sophos helped me at least figure out that the task was being created and could be run manually. It was a pleasure working with a support person that actually seemed to care!! Made the best of a frustrating situation.

Thanks in advance.

:5156


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Once armed with the deployment string PSExec could also be used to protect machines outside of SEC:

    http://technet.microsoft.com/en-us/sysinternals/bb897553 

    It wouldn't take much work to put a GUI front-end on it where you pass it a deployment string and a list of computerames/IPs as a text file/textarea to deploy to.  The deployment string could also add the group path switch to the string dynamically based on the name/IP of the machine if that would be a suitable way of putting the machine in the target group automatically.

    Having said that I'd still favour an AD start-up script to run the deployment string as applied to certain OUs I know I need to protect. This way you know you'll always catch the machines when they're on a push always requires this, where as a "pull" from the client guarantees a higher change of success.  A quick check in the script to see if the machine already has the software and you're done.  

    As for putting it in the right group automatically, this depends on how many target groups you might have.  It could be sufficient to create different start-up scripts with hard-coded group paths in and these are applied to different OUs.  If there are more groups and more complexity, then a mapping table in the script that is checked as the script is run, then based on some machine marker to provide the group path on the fly.  Sub-string of the computer name, computer description, IP range, site logon server, etc..

    Hope that gives people a few ideas.

    Jak

    :7259
Reply
  • 0

    Hi,

    Once armed with the deployment string PSExec could also be used to protect machines outside of SEC:

    http://technet.microsoft.com/en-us/sysinternals/bb897553 

    It wouldn't take much work to put a GUI front-end on it where you pass it a deployment string and a list of computerames/IPs as a text file/textarea to deploy to.  The deployment string could also add the group path switch to the string dynamically based on the name/IP of the machine if that would be a suitable way of putting the machine in the target group automatically.

    Having said that I'd still favour an AD start-up script to run the deployment string as applied to certain OUs I know I need to protect. This way you know you'll always catch the machines when they're on a push always requires this, where as a "pull" from the client guarantees a higher change of success.  A quick check in the script to see if the machine already has the software and you're done.  

    As for putting it in the right group automatically, this depends on how many target groups you might have.  It could be sufficient to create different start-up scripts with hard-coded group paths in and these are applied to different OUs.  If there are more groups and more complexity, then a mapping table in the script that is checked as the script is run, then based on some machine marker to provide the group path on the fly.  Sub-string of the computer name, computer description, IP range, site logon server, etc..

    Hope that gives people a few ideas.

    Jak

    :7259
Children
No Data