Hi all,
This is my first post here. I have been using AVG Internet Security Business Edition, with Remote Administration. While the software itself is easy to manage when it is installed, I find it cumbersome to deploy with Remote Administration on the PC's. Sometimes it works just fine, some times I just give up and need to install it locally. Newly the need for VPN to remote locations announced itself, and am not convinced this will work out of the box on a LAN with a workgroup + VPN.
Currently I am testing Forticlient. My goal is to have a Windows 2012 R2 with FortiClient EMS, and have the possibility to remote install and manage all clients/PCs on the network.
The first question that popped up here was: Do I need a Active Directory Server to achieve Remote Client Management?
Since I couldn't find the answer to this I just went ahead and installed the AD and DNS. Domain is up and running and FC EMS sees the domain. I have also a VM Win7 box that I added to the domain. The user is created on AD, and I can logon from the Win7 VM to the domain. I only created the user with default settings, no profiles, nothing else.
In FC EMS > Endpoints I see the Win2012R2 Server, and the Win7 PC. An interesting detail is that the endpoints are listed with no user, no IP, default policy (see attached Endpoints.jpg).
Where do I take it from here? Many thanks for reading this.
i would presume that you need to install the forticlient onto the windows 7 machine, either by pushing it from the EMS server to the client or by installing forticlient directly on the client and than pointing it back to the EMS server.
if you click on the win7 entry in your screenshot, it should expand out and show you more information concerning the state of the machine.
Thank you @FortinKnight for your input. Indeed, I get all this information when clicking on the Win7 entry. Here it says, not managed by EMS, nothing installed, etc. So the question is, how do I push it from the server to Win7 PC?
Please see the FortiClient EMS Administration Guide.
https://docs.fortinet.com/document/forticlient/6.2.6/ems-administration-guide/24450/introduction
See the sections on:
Preparing Active Directory (There are Group Policies that must be set in advance to allow remote installation and make sure that Windows Firewall ports are configured)
Managing Installers:
Polar wrote:Thank you @FortinKnight for your input. Indeed, I get all this information when clicking on the Win7 entry. Here it says, not managed by EMS, nothing installed, etc. So the question is, how do I push it from the server to Win7 PC?
Basically
Create a Policy, can use default if required
Endpoint Policy \ Manage Policy \ select Add to create
Create a Profile
Endpoint Profiles \ Manage Profiles \ Click Add to create
Once they have been done you than have to link the 2 together
Go back to Endpont Policy \ Manage Policies \ highlight the policy you want \ select edit
in the endpoint workgroups, select the local group created
in the endpoint profile just select the profile you require
If on AD domain you cant push the initial software to the client, so within the Manage Deployment \ Deployment Package you need to create a package, once done you should see a download link to that package. Copy the link than go to the client and copy that link into the web browser. You should than see a x64 and 32 bit installer, Just click and install.
Once installed the software should than report back and eventually update to the latest versions.
You should see the client within The Endpoints \ All endpoints with each column populated and the EMS column with a green upward arrow in a circle.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.