First off, thanks for responding. I have tried to help other companies beta test and would never get a response from the devs. So it means a lot to me and others that you guys want our help to make this product the best.
I plan to keep testing until the product is ready to go. This is such a great thing you guys have going and I want to help to see this product go far in the industry.
- Will there be a way to setup a group for user that can use the local admin for the firewall?
You touched an interesting point in behavior of Remotely Managed CFP (RM CFP) . Actually it is not so difficult to implement. At early stages of CESM design we planned that only CESM would enable to manage RM versions of Comodo desktop products. We even intended to completely eliminate GUI in such RM modifications. But finally we decided to save GUI so that users can manage RM CFP in case connection to CESM Central Service (CS) is broken - now any user can manage RM CFP via the GUI. Your suggestion brought us to understanding that we have to re-consider our plans and that we have to restrict such ‘unlimited’ management ability by allowing only appropriate users to configure local CFP - and this will be applicable only in cases if connection to CS is down. Thank you for such a good idea.
My thought behind this is due to my structure at this company. All my workstations are laptops and the majority of my users work from home as they are software developers. So at any given point they may need access to a program for development and need a quick way to all access to a program or add a port to talk to a program. So what I am thinking if there is a way to setup a group of say admin or power users that can have permission to certain feature that I allow them to have.
Also I think there should be a way that I can setup a group with firewall policies that the CFP would have to sync up with once on the network to check for updated firewall rules or to make sure the proper rules are in place and that the CFP is up-to-date. Similar to an AD when the user logs into the network it checks GPO and updates that user’s policy if an admin made a change to the GPO.
- IT management. With you already having a client on the workstations. It could pull info as far as software/last login/pc spec/ etc. This would be an IT dream. I could then keep an inventory of all systems in a network and make sure they are up-to-date with comodo and Microsoft.
CESM has such an ability. It’s mentioned in the CESM Product Brief , “Discover installed MSI packages”,“Discover Windows Services”,“Discover OS Version” paragraphs.
The only thing we have to do - is to collect such user requests and implement extended list of CESM Discovery Profiles.
I have not yet to get the discovery profiles feature to pull any information at all. I will keep playing around with it. I will be honest this is not a priority because this doesn’t apply with the firewall software itself. But I recommend you check out spiceworks.com. It is a free IT management software that does a pretty good job. Their flaw is that the software scans the network for IP and MAC, which is great and all but it does have its issues now and then. I just figured with you guys having a client side agent it would work much better than the network scan. The possibility would be endless of things you could do for example, check workstations info (os, hd space, system specs, network adapters, software installed, etc.), remote into the pc, deploy software (.msi which can already be done), etc. Basically create a listing of items in my network so I can do IT inventory easier.
Like I said this is not a pressing matter, it is just a WBC feature. Maybe this could be in another project you guys move into in the future.
- Computer listing by MAC rather than AD Computer listing. The listing don’t update when a user is changed or removed. With MAC or IP it will provide the NetBIOS name of the unit and will also give you the ability to check online status.
You could also have an option to pull Users in AD and allow the admin to assign an MAC or IP to a user.
In CESM we use GUID which for a computer is as unique as a “fingerprint” for human. CESM Agent Service sends its own GUID to CESM CS during network handshake. Thus GUID is an association between remote real PC and previously registered PC object in CESM Administrator Console (AC) Directory tree. So even if remote PC was renamed in AD and CESM Directory was not yet synchronized with AD, such GUID association would be working well.
The problem I see with this is if I update a pc or if a user pc is removed from the domain and placed back on the domain without changed the NetBIOS name it does not update properly in the CESM. For example I had a user the other day that I had to remove off the domain and place back on and now in CESM it has his name in the list 3 times. Each one of his names has a different GUID. So what I was thinking if there was a different feature of pulling my MAC (do a network scan for IP/MAC by entering a IP range) which would pull every workstation on the network even if it wasn’t in the domain. It could pull the NetBIOS name for that pc and I could sort it out that way.
Like I said in my case I deal with laptops and I have users in my AD that are not on my network that VPN every so often (which would go back to my other point of when the user connects to the network CFP should talk to the CESM and check for policy changes or updates). So with this approach I will never know if the user in the list is online or not.
I don’t see this as a design flaw. In most places this will work perfect. I just see it as a problem with me due to NetBIOS names will change on laptops. I may just be missing something. I’m still testing so I will keep playing around with it though.
Overall the software is looking good. I think this is going to get a lot of attention in the Enterprise world once it is finished.
I just want to let you guys know you are doing a great job! I will support your product till the end! (B)
Once again, thanks for the reply and I hope that I can be of use to make this product the best out there. Thanks for your time.
UPDATE Question - Will there be some sort of Wizard to help with setting up packages and installations vs. having to setup a package then setup sequence etc.
