Long story short, we found out about a month ago that we weren't installing Malwarebytes Anti Exploit and Anti Malware correctly. Instead of following the gold image rules (can't be connected to the internet), we just installed Malwarebytes onto the gold image with internet and it's duplicated IDs not registering with the Management Console properly. Since then i've been tasked to remedy this issue. We currently have approximately 800 PCs.
In Management Console under the Client tab, there is "Ungrouped Clients" and our OU group. For some reason, several of the PC's will show up in "Ungrouped Clients" even though in AD the PC shows up in the correct location. Trying to move the PC into the correct group is not possible as the options are grayed out. Why is this and how do i fix this issue? I've tried syncing the Domain query account but the PC still won't populate in the correct location. We just updated to version 22.214.171.12443 but it has yet to fix the issue.
The second issue is we are trying to figure out the easiest method of fixing the unregistered PCs in our domain due to the improper method we used to install Malwarebytes on the gold image. We currently have PDQ Deploy and ManageEngine and both are capable of removing and installing the software. Only when given access to the Malwarebytes Management Console did i realize there is an option to do the "Client Push Install." I saw that user djacobson posted this:
"An additional item to note, based on the upgrade tactic you've chosen with KACE, when you use the offline installer package through a third party push tool (GPO, SCCM, KACE PDQ Deploy etc), you cannot install the upgrade over the top of the existing software. You must first uninstall the current builds, reboot the machines, and then deploy the upgraded build through your chosen tool. Only the built-in push tool within the console can upgrade client builds over the top of the existing install."
So i know that on the client PCs there is a SCComm file and values are automatically inputted in. From what i know, the "ServerRef" and "Policy" values will stay the same across all the PCs and the "Client" value should vary for the PC. My question is does the 'Group" value vary for every PC? If i apply the "Client Push Install" on all the PCs in our domain, will this fix the deployed cloned pcs we have, register new values into the SCComm file, make the PC go from unregistered to active in Management Console and or will i have to run the Malwarebytes removal tool first?