cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AdmJLovejoy
Champion Sweeper
This has always been an issue with Lansweeper. The Action Path assumes one scan server, as it only has one entry. In practice, each scan server that is deployed should have it's own Action Path entry, as that is where the actions would be run from for servers owned/managed by that Scan server.
Thanks, Jim Lovejoy __________________________________________________________________________________________________ James W. Lovejoy | IBM - Cloud Managed Services Delivery | Infrastructure Architect (Windows Server ...
10 REPLIES 10
AdmJLovejoy
Champion Sweeper
That sounds like the way to go. Thanks for your efforts.
Thanks, Jim Lovejoy __________________________________________________________________________________________________ James W. Lovejoy | IBM - Cloud Managed Services Delivery | Infrastructure Architect (Windows Server ...
AdmJLovejoy
Champion Sweeper
Then setup a session with me and I'll make my case.
Thanks, Jim Lovejoy __________________________________________________________________________________________________ James W. Lovejoy | IBM - Cloud Managed Services Delivery | Infrastructure Architect (Windows Server ...
AdmJLovejoy wrote:
Then setup a session with me and I'll make my case.

Jim,

We understand your problem, the actions do not work the way you want.

We are working on Deployment/Scripting, this way you will be able to execute commands in the context/security of the scanning servers to the clients.
AdmJLovejoy
Champion Sweeper
This is why it's never been very useful to us. And will not be very useful in large segregated environments. If the client is not a member of the domain, this is useless. It truly is a design flaw.
Thanks, Jim Lovejoy __________________________________________________________________________________________________ James W. Lovejoy | IBM - Cloud Managed Services Delivery | Infrastructure Architect (Windows Server ...
AdmJLovejoy wrote:
It truly is a design flaw.

Let's say that we don't agree on this one 😉
Hemoco
Lansweeper Alumni
This will most likely not be changed, the actions are designed to be run on the client in the security context of the client.
AdmJLovejoy
Champion Sweeper
I get what you're saying, two issues.

1. All of our users are remote, and their Laptops are not a member of any of our server domains. So the security context has to come from the webserver.

2. It's not possible to push out a DFS share to all locations.

My thinking is, if actions were executed from the appropriate scan server the issue goes away.
Thanks, Jim Lovejoy __________________________________________________________________________________________________ James W. Lovejoy | IBM - Cloud Managed Services Delivery | Infrastructure Architect (Windows Server ...
Hemoco
Lansweeper Alumni
I'm not sure if we are talking about the same problem.

All actions are initiated from the workstations in the security context of the user running the action.
The place where the actions (executables) are stored is not related to these security.
You can place the files anywhere you want, as long as the user running the action has access to them (a file share or unc path is most common)
AdmJLovejoy
Champion Sweeper
This assumes that workstations will have access to file shares, and that the files shares will have access to run Actions against all servers. That may be true in small environments, but it not in corporate enterprise environments that may consist of multiple data centers.

In our environment, desktop access will never have direct access servers over a file share protocol. There would be not way to comply with HIPAA nor FDA guidelines if we opened our network in that fashion.

Any other ideas?
Thanks, Jim Lovejoy __________________________________________________________________________________________________ James W. Lovejoy | IBM - Cloud Managed Services Delivery | Infrastructure Architect (Windows Server ...