To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Is it possible to force a UID reset from the PMC?

Popeye
Popeye Posts: 30 Security Scout
in Business Suite

We have approximately 15 workstations that are installed from the same Windows image, without running the "fsmautil resetuid" command before saving the image they all use. Some of them even have the same WINS name. Let's just saythat the guy who created the image and installed it onto the computers didn't do a very good job... Hence, the computers show up as one entry in the PMC, and can't be properly managed. They are all in the same hierarchy level, and as they connect to the PMS, I see the IP/name of the last connected PC displayed in the PMC. The computers are located 500 kilometers away, and we have no local "IT guru" that can run from computer to computer to reset the UID with the commandline util.

The PMS/PMC version is 10, and the clients are running FSCS 9.01. I would like to upgrade the clients to FSCS 9.11, but if I push an upgrade, only the first computer that connects after the push will get the upgrade. The rest will stay blissfully unaware of the available upgrade.

This situation happens every now and then in one of our 6 geographic locations and so far I have solved the problem by having someone run from computer to computer with a USB stick with a .bat file that resets the UID, but this time I have noone that can do this job for me.

In previous versions of PMS/PMC, I tried the "Force reinstall..." option when distributing a reinstall of the same version, but this did not reset the UID. I haven't tried the "repair" option in PMS/PMC 10, but I guess this will not touch the UID either.

This leads me to the question: Is it somehow possible to force a UID reset from the PMC/PMS?

Comments

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Hi,

     

    9.1x knows that it has an old style UID, so will not use the new style GUID, where it would be safe to clone the system. and resetuid is not working either.

     

    So either ask each user to execute FSMAUIL.EXE resetuid  before upgrade or

     

    you will need to push-install (not policy based) 9.11 to the hosts. Then set

    HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management
Agent\Host Information\UIDOperation=1

    on each of them. This will cause 9.11 register to PMS using the new GUID. It might happen that the same host generates two registration requests, one using the old (reset) UID and the new GUID.

     

    HTH

     

     

  • Popeye
    Popeye Posts: 30 Security Scout

    Thanks a lot for your reply!

     

    I'll talk to one of the desktop admins and have him run some tests to see what they prefer. Since this is a problem that reoccurs every now and then, it would be nice to get a solution that the desktop admins are comfortable with.

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Hi,

     

    there is no need for a new soultion, as a fresh 9.11+ from scratch will no longer use UIDs so they can no longer be duplicate.

     

    Just create a new image for cloning!

     

    BR

This discussion has been closed.

Categories