Remote Uninstall for Windows Roaming Client
in progress ( live <90 days )
Josh Lamb
Would like the ability to initiate an uninstall of the Windows roaming client from the DNSFilter dashboard.
Carl Levine
Hey all, this functionality is ready to be tested. I wanted to extend the invitation to this group to see if there's anyone interested in helping out. Email [email protected] or respond to this thread and we can get you set up with the feature flag on your account and the alpha release of the next version of the RC. Confirmations will be sent on 10/31 and testing will likely begin on/after November 5th.
R
Ryan Poppa
in progress ( live <90 days )
Dave Kuhns
We would like to test this function
B
Barbara Webb
yes please add me to the feature release
Carl Levine
Hey all, this functionality is ready to be tested. I wanted to extend the invitation to this group to see if there's anyone interested in helping out. Email [email protected] or respond to this thread and we can get you set up with the feature flag on your account and the alpha release of the next version of the RC. Confirmations will be sent on 10/31 and testing will likely begin on/after November 5th.
Jeremy Rodriguez
Carl Levine Im in. Let me know what we need to do.
Andrew
Carl Levine we would like to test as well.
Chris Dewey
Carl Levine Im in for this. Please reach out to me
Carl Levine
Hey all, I wanted to take a moment and keep you apprised of our progress on this feature request. We have engineered the requisite API methods that will allow the dashboard to remotely uninstall the Windows RC. We are working on the UI (front end) enhancements to support this functionality, and there will be a version bump of the RC to accommodate this functionality. One of the cool things we were able to do while we were in the code base was to get protection for situations where endpoint users with Local Administrator permissions will be presented with a prompt for a passcode to uninstall the agent. This functionality will all be coming this quarter, and I think I speak for all of us here at DNSFilter that we appreciate your patience. Our goal in Q4 is to make the endpoint experience better than ever!
Carl Levine
Merged in a post:
Remote Lock shutdown/uninstall of client
MICHAEL MADL
To ensure that we can enforce policy and not have anyone work around the agent it is critical that we have the ability to remotely lock the ability [or unlock] to turn off and/or uninstall the DNSFilter agent for both MAC and WINDOWS.
John
As a reminder as this is built out, I think the agent behavior needs to change. Today - if we delete an agent from the portal while the machine is offline we can end up in a scenario where that machine ends up getting turned back on and has no internet because of having no DNS.
If the agent is on a machine, connects to the portal and discovers that it's been deleted from the portal it needs to uninstall.
If instead it's going to wake up, connect to the portal (potentially via broken DNS because it's been already deleted from the portal) and then not be able to see that the uninstall command has been queued this change is pointless.
Online Agent told to uninstall = agent uninstalls
Agent phones home and doesn't exist in the tenant = agent uninstalls
Carl Levine
John: Couldn't agree more! This is one of the scenarios that was posed in a planning meeting yesterday, and it's driving some pointed discussion about the approaches we'd take when an agent is called for uninstallation but isn't "phoning home". The logic for the "Activity in the last 15 minutes" status is API driven, so our approach will likely require adding a new state and doing exactly what you've suggested here. Alas, as the PM, I am the "what" and "why", with enough "how" to be dangerous. Watch this space, we're really excited to be delivering new value in this arena.
Deon
Carl Levine Keep in mind I can always understand the argument for the fail-closed that DNS Filter currently does because it offers the most protection.
However, I think it should be, at least, an option to allow for fail-open/uninstall as the people utilising that will more than likely have something like an RMM or MDM swooping in to replace the agent if the computer is still active, but for some reason wasn't checking in with DNS Filter.
Carl Levine
Deon: Watch this space, that's in the works as well.
Carl Levine
planned ( in queue )
John
As the oldest comment on this request -- from 2011... WHY has this not been prioritized by now?
David
This is a critical issue for us. The lack of this feature has started a search for other options that won't black-hole a workstation if it wasn't turned on in time for an uninstall job.
If an org is offboarded, we are expected to remove our RMM agent and other softwares by a specific date, but in many cases the expectation is to continue delivering services (including DNS filtering) up until that date.
Depending on an RMM-delivered offboarding script for DNSFilter (which depends on the RMM agent being present) causes a process issue. In larger orgs you are going to have a number of user-endpoints that are not turned on during an exit window. Typically, when removing an RMM agent, pending jobs are NOT executed when a system comes back online. The agent is simply uninstalled.
The DNSFilter RMM Agent automations are excellent for mass onboardings, but not exiting a client.
If this uninstall functionality isn't possible, the roaming agent should at LEAST deactivate filtering and pull DHCP provided DNS if it determines that the organization it was attached to has been deleted. The notification area icon could be made to indicate this mode.
Load More
→