OK Well I tried to call support and find someone with knowledge. I was instructed to search the KB or post on the forums. Wow how awesome that is.
So this Network Access feature....we don't use it and everything is set to ASK for Unlisted Action. The Driver is disabled on everything, but I have had a few people send me screenshtos of a Kaseya dialog box asking people if they want to allow network access for things like Java or Windows Explorer.
Should everything be set to Approve All Unlisted? This could be a catastrophe and the support call I made was pointless.
I also don't use it. Mine is set to not Notify the User, Allowed, and Driver Disabled. I've never had anyone get a dialog box.
Well I don't want to make a global change just yet, but I feel that it should be set to that as well. I just wish when you called support, you could at least reach someone that can help you. Instead, I got a "I'm not familiar with that feature, you can try searching the Knowledgebase." Gee thanks...should just remove the support number from your website.
zippo, do you mean Notify User, Approve, Driver Disabled?
I sure wish I had some more resources on this. Even if anyone does not use it, can you please tell me what your page looks like in Agent -> Network Access so that I can set mine to the defaults? PLEASE THANK YOU
BAH i just set all workstations to approve because thats how the servers were setup. thanks for no help at all ............................
I'm thinking that when i started using application blocker in my policies that when i enabled that, the network access actually took the default of ASK even though i didn't mess with that one. that's a dangerous policy setting to implement if you've never implemented network access
Dantheman, I use Network Access. My defaults are set to Notify User (Enabled), Enable Driver (Enabled), Unlisted Action (Approve), Approved Apps (Approve All Unlisted). The principal behind this setup is to minimize notifications to users, Approved Apps (Approve All Unlisted), yet still have the driver in place and to block applications we, or our clients, don't want having access to the network. Primarily this is leveraged for known virus/malware files, from our usage of this feature. You can also use the follow URL to get a pretty detailed explanation of the different components. I'll try to keep an eye on this thread if you have any other questions or thoughts.
As well, we don't use Network Access on Servers as I don't feel comfortable inserting the Network Driver into the TCP/IP Stack of a server. I also just noticed I forgot the URL. Here it is.
Here is an image with a representative sample of my settings for Application Blocking...
With no offense intended to Kaseya I should add that I personally don't trust Kaseya to get application blocking right so, for my peace of mind, I don't use it. I'm very concerned that something will get blocked that shouldn't be blocked and I'll start having machines falling off the network or unable to boot or some other calamitous event that I'd just as soon not have to work to resolve and for sure don't want to have to try and go the support route. But that's just me and maybe they've got it right, for all I know.
Well I KNOW exactly what happened when I implemented application blocker through policy management....look what the default is when you activate it. This is the first policy I've come across that actually smacks you in the face if you don't change any of the settings or implement all of it.
I would have to agree with Zippo that each of us must determine our comfort level when implementing the different functions. Our approach has always been to test functionality on our internal systems before rolling to our clients. We usually test for a few months internally and then roll it out if results are favorable. That said, we've had solid success with no issues, knock on wood, with the Network Driver and have had this rolled out to our clients for well over a year...again with no issues thus far. We also use this in conjunction with the Info Center -> Reports -> Audit -> Network Statistics report. We run both Machine and Application each month to analyze traffic from the top 10 consumers to ensure there isn't anything overlooked because it wasn't picked up by AV, AM, etc. This gives both our clients and us more piece of mind and a value add to their managed services agreement.
Yep, I would change that Unlisted Action to Approve All Unlisted Applications.
The application blocker gave us no issues, but I think the default setting for Network Access in Policy Mgmt should be approve all or it should have its own check box. It made a global change that I was unaware of because of its default setting. This is still my error, but I'm sure this could happen to anyone else.
I then set all my workstations to Allow because saving and reapplying the global policy wasn't fast enough. Then the Agent change would timeout at around 11,000 or so agents, so I had to go through and manually check a few thousand boxes to fix the rest. That also makes me think there should be an option to check all the boxes for just one page at a time. That would have been helpful :[
I was also visiting the help file to determine what setting is the default and what Approve All Unlisted actually did and I got this: If the Approve all unlisted radio option is selected and applied to a machine ID, then the approved application list is replaced by the phrase Approve All Unlisted.
It could say something like: Approves all applications that you have not blocked specifically in the Network Access feature.
Saying the phrase will change is merely stating the obvious and makes me lol. I have not blocked or approved any applications in here and was simply wanting to know what Approve all would actually do, but now I know. I'm sure this thread will help someone else, someday. Thanks for your input fellas.