We have some of the components for Zenworks for Desktops in the NDS tree. They were put in shortly after I got here. But only after a protracted battle in the Lan Managers group delayed things. It seems word got out that this particular package contained a "remote desktop" component that would allow helpdesk techs to remote-control workstations.
Remote control the workstations? As in, control them? Without the user giving permission for that? Spyware! Spyware!
It got ugly. The battle was just winding down when I started here in early December, so I didn't get to see the nastiness. It did prompt The Powers That Be to obtain an, "affirmation of end-user privacy rights", that we had to sign. The form was just a rehash of the usual System Administrator code of ethics of:
You know, that sort of thing.
They wanted it written down and with a signature just in case someone DOES get caught doing something like that they'll have a firm document to nail 'em to the tree with. Which they could do anyway.
But I'm getting off topic a bit. Ahem.
The word has come down from on high that we are to look into certain aspects of ZenWorks considered untouchable not six months ago. The driving force behind this are multiple events of small numbers of workstations being compromised by something nasty and then effectively taking down our router core. They want to be able to tell centrally which machines we manage are unpatched. And the best way to do that is ZenWorks Inventory. Where Best means, "we've already paid for it." Recently we had eight (8) machines participating in a DDoS attack (not Akami) that also brought disruption to our network, just to give you an idea as to how few machines are needed to turn us off. The 80-90% effective methods we'd been using before aren't good enough, we need more better good!
It'll have to be a slow expansion, so we'll have to figure out how to rig the system so only small groups of users can be done at a time. This will take some finesse considering how our tree is designed. TPTB will be obtaining permission from each area to do this, and they feel that they have a very good case to convince the other areas with.
The first step, though, is Workstation Import. The very first step to all of this, and happily, fairly easy.
Remote control the workstations? As in, control them? Without the user giving permission for that? Spyware! Spyware!
It got ugly. The battle was just winding down when I started here in early December, so I didn't get to see the nastiness. It did prompt The Powers That Be to obtain an, "affirmation of end-user privacy rights", that we had to sign. The form was just a rehash of the usual System Administrator code of ethics of:
"Just because I can read every file on my servers, doesn't mean I have a right to look into files that aren't mine without permission. I will not look into files that I do not own, or do not need for my normal execution of duties."Which also means that I can't go trolling through the Student directories looking for illegal MP3's to borrow. Or look into the ASCII file Payroll prepares for the big pay-day EFT that contains details of how much I'm going to get paid this week, but now know a week early. Or into the calendar of a very busy person who is running for public office to see if they have campaign events in their state-funded calendar.
You know, that sort of thing.
They wanted it written down and with a signature just in case someone DOES get caught doing something like that they'll have a firm document to nail 'em to the tree with. Which they could do anyway.
But I'm getting off topic a bit. Ahem.
The word has come down from on high that we are to look into certain aspects of ZenWorks considered untouchable not six months ago. The driving force behind this are multiple events of small numbers of workstations being compromised by something nasty and then effectively taking down our router core. They want to be able to tell centrally which machines we manage are unpatched. And the best way to do that is ZenWorks Inventory. Where Best means, "we've already paid for it." Recently we had eight (8) machines participating in a DDoS attack (not Akami) that also brought disruption to our network, just to give you an idea as to how few machines are needed to turn us off. The 80-90% effective methods we'd been using before aren't good enough, we need more better good!
It'll have to be a slow expansion, so we'll have to figure out how to rig the system so only small groups of users can be done at a time. This will take some finesse considering how our tree is designed. TPTB will be obtaining permission from each area to do this, and they feel that they have a very good case to convince the other areas with.
The first step, though, is Workstation Import. The very first step to all of this, and happily, fairly easy.
Remote control the workstations? As in, control them? Without the user giving permission for that?Prompting the user for permission to remote control can be enabled or disabled by a checkbox. No problem.John
You know that, I know that. But some theoretical malicious privacy-hating nutball administrator could secretly disable the prompt and go in without your notice. Oh, the humanity.However... somewhere along the line the mindset has shifted a bit. Now the utility of such a remote control feature is becoming more attractive to certain sources.
The biggest challenge is staying current. We struggled for a year with v2.x that didn't understand the nuances of Win2K (i.e., "document and settings" vs "winnt\profiles"), finally got that updated to 3.x, and are now struggling because 3.x doesn't fully support WinXP features.A teammate is currently setting up 4.x on a test server to see what's new and improved for XP support. Cross your fingers for me.The remote control features are a big, huge, gigantic win here. We've got three locations in town, plus one each in Texas, Illinois, Virginia, and South Carolina, so our help desk uses RC all day, every day. When RC capability has been down in the past, HD personnel have been known to sneak into my area, rubber band guns in hand, to let their pain be known. And shared.Features listed in order of frequency of use: remote control, pushing apps, and inventory database.Features listed in order of "when I need it, nothing else will do": inventory database, pushing apps, remote control.I just wish more apps supported installation with MSI transforms or silent installs - that would my life a LOT easier.John
At OldJob we were in the begining process of getting 4.x installed. We had been using the StarterPack stuff from 2.x that came with NW5.1, NAL in particular. The thing that our helpdesk really really liked the idea of was the Remote Control. We hadn't gotten it deployed before I left, but we were almost there. Before we had been using a hodge-podge of an old NAI utility called 'Remote Desktop', then moved over to MS NetMeeting.At OldJob I'd put the utility list the same as yours. Remote Control, Pushing Apps, Inventory. We only had apps in place, but we had the droolies over what 4.x could do for us.Here is a bit different. University means Achademic Freedom is king. Our IT departments have much less dictatorial power than I did at OldJob, and the IT departments only work together grudgingly in some cases. I understand getting everyone into a single NDS tree took arm twisting over a few years.Good luck on your deployment!