Jump to content

Client Install from End Point


Recommended Posts

Hi Guys,

 

Installing Malwarebytes for business with End point security .. so tying to install from the management console without much luck.

 

The setup is a workgroup environment so with no server / domain or AD. 

 

I think authentication is the issue as the error returned is "access is denied", when I use just enter the user name and password without reference to the workgroup or hostname

 

When I enter \\Desktopname\username I get a slightly different error

 

"Installation failed. The user context supplied is invalid.  More help is available by typing NET HELPMSG 3775"

 

Can anyone point me in the right direction for a client install from the console in WORKGOUP setup.

 

Also the PC running the console does not seem to MBAM on the same PC ??

 

Regards

 

Rob 

Link to post
Share on other sites

  • Staff

Check the Admin Guide that came with it.  There is a section on pre-requisites on endpoints which must be met in order to a push install.  There are different specs for XP than for Vista, Win7 or Win8, but all have pre-requisites. 

Link to post
Share on other sites

I read the manual .. and no where does it state that the management console will NOT work in a workgroup environment. 

 

I have the management server on a Windows 7 machine with SQL and ISS installed and working, The console is on there too and it seems fine. this issue is logon credentials in a workgroup environment I think.

 

regards

 

Rob 

Link to post
Share on other sites

  • Staff

We support the server ONLY on WIndows Server 2008, Windows Server 2008 R2 and Windows Server 2012.  It is NOT supported on any other operating system.  You are correct that it WILL work in a domain OR workgroup environment.

Link to post
Share on other sites

Ok .. thanks for the info ... fully understand that it is not supported ... though I will say the that the server and console seem to be working fine ... the only issue is that the client install. 

 

The workgroup PCs are being picked up on a scan.

 

The question is this.

 

in the scan network window there is an option to scan and detect client software. It requires domain/username and password. Given that this setup is a workgroup .. what should I enter in the domain\username field. At the moment I am putting in the admin account that is on all workgroup PC's and the password. but I get access denied 

 

This output is from the log file 

 

2014-06-30 19:34:57.740 INFO  ComputerTest.TestIPAddress: Failed to connect to 192.168.1.80: System error 5 has occurred.  Access is denied.  
2014-06-30 19:34:57.740 INFO  ComputerTest.TestIPAddress: net use \\192.168.1.80\C$ "********" /user:"WORKGROUP\HGE"
2014-06-30 19:34:57.816 INFO  ComputerTest.TestIPAddress: Failed to connect to 192.168.1.80: System error 5 has occurred.  Access is denied.  
2014-06-30 19:34:57.817 INFO  ComputerScanAndTest.Execute: IP 192.168.1.80 simulation result: System error 5 has occurred.  Access is denied.  
2014-06-30 19:34:57.817 INFO  ComputerScanAndTest.Execute: IP 192.168.1.80 simulation result: Detection failed. Access is denied.

 

Whilst I fully understand that this is not a support configuration ... this seems more like an authentication error rather than anything else ... ie .. I would bet that if the server was running WIndows Server .. and this PC was not in a domain and in workgroup like it is now I would still be getting the error .. ??

 

 

Does this sound reasonable ?

 

Rob 

Link to post
Share on other sites

  • Staff

The admin account that is required is the BUILT-IN admin account on each endpoint.  You can enable that by following these instructions:

 

http://technet.microsoft.com/en-us/library/dd744293%28v=ws.10%29.aspx

 

Also check pages 54-55 of the Management Console Admin Guide to make sure that the pre-requisites have been met on your endpoints.  Once everything is setup, that should work.

 

Also, thank you for unintentionally showing me something I missed in the manual.  I have not made a mention of the built-in admin account needed for workgroup usage.  I gotta fix that.

Link to post
Share on other sites

Hi Michael,

 

Thanks for you help ... all is fine now ... the Management server and console are now seeing the two clients (one local) that are installed so far .. all seems well and good despite not having Windows server in the setup. The rest two roll out next week.

 

I have noticed that the business version is 1.7 and the personal version I have at home is 2. Are you able to share any information on when the business version will be upgraded and what the upgrade process might be ?

 

REgards

 

Rob 

Link to post
Share on other sites

  • Staff

The business version is 1.75.  The best I can say at this time is that it will "likely" be later this year.  Schedules sometimes slip, so its not realistic to provide a date unless it is near enough that you know nothing can change that date.  Promising either too much or too little can leave a bad taste in your mouth, if you know what I mean.  Features need to be added to allow version 2 to function as a standalone version or as a managed client (using Management Console).  I have not seen an upgrade in the managed version since I have been involved with Malwarebytes, so I do not know myself what the process will be.  I wish I did.

 

Was it the built-in admin password that allowed you to get the install done?  If not, what was it?  Others may read this and get their questions answered through your experience here.

Link to post
Share on other sites

Enabling the built in Administrator account did the trick. The technet artical assumes the "Local Users and Groups." is already present on a Windows 7 Machine with MMC, which I think it is not as I had to add it to the MMC on all the machines. It was however easy to add the snap-in to MMC or even call it directly from the search bar via the lusrmgr.msc command.

 

What are the chances of the Management server / console being official supported on a non Window Server environment. I ask as it strikes me that to support a client roll out to WORKGROUP machines (which is FAB) would mainly be done in a environment that does not include a server at all.

 

With more and more services in the CLOUD (email / storage / Office etc) I would imaging the need for a server in some case not really being required but the requirement for security increasing..... just a thought anyway ..

 

Thanks for all the help

 

Rob 

Link to post
Share on other sites

  • Staff

Thanks for the info on how you fixed it.  I'm taking your wording to mean non-server rather than non-Windows...just clarifying.  I can't speak for the developers and plans which may or may not exist (but are definitely not public), but I would think the chances are slim.  To be able to do it properly, it would have to be a boutique product.  A smaller implementation with SQL Express could run on some versions of Windows 7, but not all versions of 7.  A domain-based system would not run on 7 due to back-end server interactions.  A larger implementation would need more threads to support the load than Windows 7 could provide.  A full SQL Server install of the same machine on a larger implementation would bring the machine to its knees.  There would need to be either one build that is so optimized (and rigidly tested) that it would take forever to get it out the door, or a number of different builds tailored to the environment it would be used in.  Neither are really feasible if a rather simple set of requirements can be defined in the first place.

 

As far as the environment itself goes, a smaller company supporting clients in a WORKGROUP environment is probably (in most cases) heading towards a domain environment over time as needs get more complex.  In most cases, its probably a question of WHEN and not IF.  Cloud services does make an argument in a workgroup's favor, but often performance and security issues related to cloud services make companies pull it back in-house.  If the internet ever lives up to its promise, the cloud may be that ideal solution everyone's been looking for.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.