Messages posted by: Bethesdaadk
 
  
Since the agent requires on authentication to install and communicate with the SysAid server, what happens if, say after 30 days, you are required to change your Active Directory password? Does the user need to take action on their mobile phone to somehow reflect the change in the corporate password? Or is the initial install of the agent a one-time deal and no action is required?

Thanks.
ok. I thought it would NOT work on 2.3 and under. Not 2.3 and over. It never occurred to me that support would only be for a phone that no one uses anymore.

So, effectively, the exchange policy is useless - because Android 2.3 and under is first, second at best, generation Android. Those phones are 4-5 years old or older. It's equivalent to Windows 98.

My mistake for not seeing the difference. Thanks for clearing that up.

To be clear, the Android 2.3.4 phone is not my phone. It was a test phone. The MDM policy worked for reset and wipe, but not Exchange - which conforms to what you are saying and I accept that.

What you are not answering just yet, is the fact that my phone is Android 5.0.2

It already has an exchange account on it for my corporate email.

The MDM policy did not prompt me for anything regarding Exchange.

Was it supposed to? Or not? If I remove the existing Exchange account, do I just refresh the agent on the phone to see if an account is created?

I hope this clarifies my question.

Thanks.

Adam

First, assume you have a supported version of Android and a supported version of iOS. Then suppose that the user has Touchdown by Nitro or some other Exchange client on their phone. These phones come with their own Exchange client natively, but some staff install a different one - like Touchdown by Nitro.

Which client does the SysAid MDM configure with the policy? The native client? Or Touchdown?

Secondly, what if the user already has an Exchange Account on their phone. Does this policy create a second one?

When I applied the policy to my phone, which already had Exchange setup on it. It did nothing. I hesitate to remove my existing exchange account to test it, but that may be my only choice.

I hope this helps explain my questions.

Thanks.

Thanks. I had already added the policy to my own phone, which is running Android 5.x , but I already had active-sync installed for corporate email access.

The MDM policy had no effect. Was it supposed to create a second account? Or does it leave it alone if there's an existing account already?

What if the user has two active sync capable clients on the phone - for instance, a built-in mail client as well as an after market client like Touchdown by Nitro. Which email client would SysAid configure?

This begets a larger question of the fact that all of our staff who are eligible already have Exchange accounts on their phones (we have a 2010 server). While Exchange allows for remote wiping of phones, it is very cumbersome and you have to know Powershell to get any reports out of exchange. I see SysAid as being a solution to that.

Should we even bother with the Exchange portion of the MDM since our users are already setup?

Please advise - and I'd be interested in other users who may have had to deal with this.

Thanks.

Adam in DC

I was able to re-enroll the older droid after the wipe and tried a new policy.

This one had a 5 character pin, wifi guest account and exchange account.

The 5 character pin worked.

This time, the Wifi worked - it actually showed the network twice - once live and once as the policy. it appears that the password was prepopulated, so that worked.

The exchange policy did not work.

Some progress.

We are a SysAid Cloud customer. I am testing MDM. I have enrolled my production phone (Sprint HTC One M7 running Lollipop) and a test phone (Verizon Droid running Android 2.3.4)

Both enroll quite easily and show up in Assets pretty quickly.

If I modify a policy and update it, the phones respond very quickly.

Since my HTC is already hooked up to my office WiFi and email, the policies seemed to make no difference.

The Droid, however, was a freshly reset phone. Downloading the MDM Policy, where I had WiFi settings and Exchange Settings - made absolutely no changes to the phone.

However, the Wipe function was immediate and effective.

This leads me to believe that there are only certain versions of Android - and perhaps certain apps - that will actually take the WiFi and Exchange Policies of SysAid MDM.

Please advise.

Thanks

Adam in Washington DC


I am already a SysAid Customer (just moved to the cloud). I am comparing SysAid MDM with Sophos MDM. I own both. Easily finding discussion threads on MDM would be helpful.

Thanks.

Adam in Washington DC
We are an on-premise installation. Our serverConf.xml file has no "RC" section in it. Moreover, your port suggestions don't seem to jibe with others I've received. I thought RC was done over 4228.

In the case that led me to post the original question, I uninstalled the SysAid agent and reinstalled the agent via the SysAid deploy program.

SysAid now reports the workstation as being "Online."

However, most of the SysAid Deploy Program still reports that it cannot determine what version of SysAid agent is installed on the workstation - even after uninstalling it and reinstalling it - and then rescanning the network.

I may have to open up a ticket because either the deploy agent is too buggy or I'm doing something wrong.
My GPO appears to be applied, but again, I'm not sure if what's being applied is correct. Here is a Wizard result. It indicates it's an inbound rule. Does there need to be anything else?

Inbound Ruleshide
Name Description Winning GPO
SysAid Agent Version Verification UDP Port 8193 Allows SysAid Remote Discovery to report on the version of the SysAid Agent running on a workstation behind the local Windows Firewall Firewall Exceptions
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled True
Program Any
Action Allow
Security Require authentication
Authorized computers
Authorized users
Protocol 17
Local port 8193
Remote port Any
ICMP settings Any
Local scope Any
Remote scope Any
Profile Domain
Network interface type All
Service All programs and services
Allow edge traversal False
Group

I recently tried to perform a remote control session with an internal desktop that had the SysAid RC Client installed and was in my list of assets. But it wouldn't work. When I looked in my Deploy SysAid program, it reported back with the "see if it's running" message - even though it was running. Looking back on earlier posts, I realized the UDP 8193 needed to be open. However, I checked that I had indeed created a GPO for just that purpose.

However, I don't think that GPO works correctly. It was applied, but when I ran portqry on the machine in question, I did not find 8193 open.

C:\PortQryV2>portqry -n optiplex

Querying target system called:

optiplex

Attempting to resolve name to IP address...


Name resolved to 10.5.19.135

querying...

TCP port 80 (http service): FILTERED

C:\PortQryV2>

Can someone point to the correct GPO settings - in a Windows 7 environment - for opening up this port? I think there is more than one location in GPO to achieve this.

Thanks.

Adam in DC
Perfectly acceptable answer. Glad to know that you can reproduce it.
Any update on the 404 error?
I'm deploying a fleet of Dell Ultrabooks - E7440s. They come with vPro and I'm turning vPro on.

My last batch of Dell's also had vPro and I was able to connect to them via SysAid - at a basic level. Power up, down, etc. But no RC. RC had to be done via the SysAid client.

However, with the new Dells, I'm getting the following error when attempting to talk to their vPro:

vPro connection error (Transport error: 404 Error: Not Found).

I know that vPro is indeed working because I was just able to do a KVM session to a new machine via Real VNC.

Another question:

Since SysAid leverages RealVNC in it's remote control AND RealVNC is also a usable remote client for leveraging vPro, it would seem that SysAid should not only talk to vPro, but also offer optional remote control via vPro rather than the SysAid client.

I'm not sure if this is technically feasible, or it's a licensing issue, or just a bad idea, but it would be interesting to hear more about this.

Thanks.

Adam in DC

We're running v9.1.02 b71 with a sql express back end.

I have a user who is properly enrolled in the self service section of SysAid and discovered that she cannot unlock her account because the option no longer exists on the login screen.

There is a password reset option, but not an unlock option. This was an important feature. Where did it go?

Thanks.

Adam in DC