Jump to content

A few newbie questions...


grunta
 Share

Recommended Posts

Hey guys,

I'm fresh to Pulseway, and I must say this stuff is an eye opener to our current remote access tool!!
I do have a few questions that I would like to ask before converting our 100+ devices to Pulseway.

We have a satelite PC's and laptops that we want to install Pulseway on (which we would do unattended for the majority of).. 
Without having to go into each and every config afterwards and password protect the config with 'click here to prevent changes' and lock it down - is there a global change option that we can do for this? - the issue I have is with leaving this open is that someone only has to make changes to the username, password and servername, and we have complete disconnection to the monitored device...
I know we could 'import Settings' from a file to get the system back up and running again, but telling some of our users how to do that can be time consuming..

So, is there a lock down available?

Also, in the case of an ICT employee / contractor leaving (with knowledge of the Admin / install credentials), we would change the password and have it propagated to our agents - if we selected a selected propagated time and the device wasn't turned on during that time - does that mean a monitored device will not be connected again?

Is this why we would employ the 2 factor authentication?

Thanks - Grunta

 

Link to comment
Share on other sites

  • Staff

Hi Grunta,

There is no global lockdown option available, however you can push the registry keys required to do so through a GPO. If you need assistance how to do that please send an email to support [at] pulseway [dot] com.

If the device isn't online at least once during the password propagation period, then it will not show up again on the agent until it's credentials are manually updated. You can resolve this issue by registering all systems under an administrator account and then provide delegated access to the employees. Once an employee leaves the company you delete the account to revoke it's access to the systems.

Regards

Chris

Link to comment
Share on other sites

Thanks Chris

I have emailed you already... Is there a plan on the roadmap to possibly add this as a global policy within Pulseway? - that way if people do learn the of the lockdown password that it can be pushed down and updated across the Pulseway Group.... It would be a whole heap easier to manage as an administrator...

Yes, we have run all our agent installs as the Administrator user, (and will do)....

I really don't see how practical this three day password propagation before the agent is disconnected works in the real world..
Let me run this real world example to help explain what I mean:

  • What say a laptop user has Pulseway installed - works fine
  • We have the lock down installed settings with a 'prevent changes'.
  • There is an employee / contractor issue & is promptly dismissed (on a Friday)
    • We know they know the valid username password for Pulseway
    • For preventive reasons we change the valid password for Pulseway (3 day propagation is enforce)
  • Our laptop user is on extended vacation and doesn't return until Wednesday and is working from a satelite office many miles from support.
    • More than 3 days has passed and now the Pulseway password doesn't sync up
      • Pulseway 'prevent changes lock' is enforce
    • To have them reconnect, we have to tell them the 'password'
      • Now we have a possible security breach (the worker now knows the password - potentially the same across generic devices)
    • Staff make the changes / import the file
  • Pulseway reconnects (YAY!!!)

My suggestion: Why not just have the existing / old password retained, when the device is next connected (could be a months time - or whenever) it would then simply pull the correct config / password.... As long as the device doesn't get deleted from the Pulseway Management, then it should just reconnect (thats where I guess the Computer Identifier ID comes into play)....

By doing this, I think the risk / hassles would be reduced:

  • Transparency to end user
  • Connectivity/support just works.
  • No hassles / panic for the the IT staff to contact the end user to have the device on before 3 days
  • No breach in the end user knowing the 'prevent changes' lock
  • Remote software that just carries on working when times are difficult

Thanks - am interested in your thoughts...

Grunta :)

Link to comment
Share on other sites

  • 10 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Similar Content

    • By Jamie Taylor
      BitDefender: In-product trial set-up, purchasing and provisioning now available
      We have made it easier to quickly get the EDR protection you need by making it possible to trial, purchase and provision Bitdefender AV, including EDR, from within the Pulseway RMM. Users can set up a free trial from the AntiVirus section of the WebApp, then purchase directly from the billing section. The new license can than be provisioned directly from the WebApp as well.
      Remote Control for macOS Performance Enhancements
      We have launched an improved Remote Control engine for macOS that delivers speed and performance enhancements. The latest release also introduces support for monitor selection.
    • By Tim Hall
      After receiving a verification on my phone I get this nasty gram.
       
      So far:
      .Net 4.0 install was blocked because a later version was already installed. So I don't think it is a .net version issue.
      Any help would be appreciated.
       
      --Tim

      I blocked out the server name to keep it annonymous
      I blocked out the server name to keep it anonymous. Also, please ignore the localhost:8443 page. It is irrelevant as far as I know.
    • By Jamie Taylor
      You can now trigger workflow executions from Performance Counter notifications and evaluate Name, Category and Instance in conditions to build even more customizable workflows for your IT processes.
    • By Jamie Taylor
      You can now create interactive, conditional troubleshooters that can be used to ask questions, provide answers, and run self remediation scripts and tasks based on user input. Pulseway's Client Portal can be used to standardize IT processes, empower end-users and reduce the workload on your support team.

       

       
    • By Jamie Taylor
      You can now trigger workflow executions from Event Logs notifications and evaluate Event Id, Level, Message, Name, Source and Filter Title in conditions to build even more customisable workflows for your IT processes.  
×
×
  • Create New...