Honestly, the deployment is super-dangerous - especially the larger in scope you go (i.e. 40,000 machines for example).

It's very convenient, but not very fleshed out feature-wise.


What I ended up doing, was removing deployment access from everyone except a few senior people. If you want to have people make deployment packages, you need to have someone review them before deploying them (not only the package, but QC the report criteria).

There are many features in Lansweeper that are really geared for smaller businesses and scopes, but can be used on a massive scale - this is one of them.

+1 to OS checks in packages and @CharlesX, Lansweeper desperately needs more granular permissions for the deployment feature (ie: can run, but not make packages or manage package scheduling) and the option to disable deployments from web-viewed reports.

Another option (though not always ideal) is to deny Lansweeper active scanning access to the servers and have them push scan data via LSPush.exe as a scheduled task.

A "hacky" backup option that is applied directly on the asset that you want to prevent deployments (for when co-workers create packages without OS checks and run them)

1. Create (or delete and recreate if it exists already) the folder C:\Windows\LSDeployment
2. Change the permissions of C:\Windows\LSDeployment to deny write access to the credential that scans your Windows servers (and also then connects to the machine to initiate the deployment).

Deployments to that machine should now fail with the below error.

"Unexpected failure while connecting to Asset. Access to the path '\\...\C$\WINDOWS\LSDeployment\RemoteDeployment_x64.exe' is denied"

Thanks mwrobo09 and Charles.X. It's not perfect but it does the job, thank you very much. Although, I would very much hope that such a feature would be added to Lansweeper, as this solution only applies to deployments made by myself.
P.S: The incident I had was the following: someone made a shutdown script, and accidentally deployed it to 64BIT Windows report instead of selection. Fortunately, it only shut down 2 servers (Unimportant file server and another non-critical server) before I forcefully power off the Lansweeper VM. It only got to computers and servers starting with the "a" letter, next on line would've been the domain controllers and a critical production server that would require a full restore from tape if shut down like this.

The options are either to target your deployments more precise with the use of reports or groups. Or as mwrobo09 mentioned, add conditions to the package so it only continues on machines you want.