MSI and inherited policy
We have an MSI assigning the host to a group. Both the host MSI package and the group are set to a certain policy and/or to inherit the group's policy. Every time we push the MSI to a client however, the user goes to the group we specify with no policy assigned. This leaves the endpoint without our security whitelist from the policy it is supposed to be getting. We are forced to manually monitor the default "unassigned" folder and apply the policy every time our auto-deployment MSI hits a new endpoint. With hundreds of endpoints and a sensitive coporate environment, this is a real pain and security risk.
Comments
-
@CTAIT I have something similar.
PROBLEM:
The policy linked to a group is not automatically and systematically applied to the hosts of my organization group. I update regulary the version of Teamviewer Host on existing computers (when a new version is released), therefore some of them are already present in my organization group.
After an update (or a simple uninstall / reinstall), the host record shows sometimes "not removed (<policy name>)". After a while the policy is suppressed from the host automatically but then do not re-apply the policy set on the group to the host.
I have to manually set the policy to the host, even he is set to inherit the policy of the group where he is linked, which is particulary annoying. It is as well a security issue as all the policy settings are not applied to the host (whitelist, etc...)
CONFIG:
I have configured my custom host to inherit the policy from the organization group where he will be affected. I affect the host to the organization group with the MSI assignment command line parameters:
ASSIGNMENTOPTIONS="--alias %COMPUTERNAME% --group <groupname> --reassign"
The host register correctly to my teamviewer account as well (i can see it under account affectation).
Teamviewer Version 14.4 (as well 15.6)
0 -
Hello @CTAIT
I have openend a case at the Teamviewer's helpdesk a few weeks ago regarding this behavior. They forwarded the case to their development department to look on the issue.
I got a reply from them a few days ago saying the latest release (15.8.3) will be solving the problem. I try to rollout on a few machines and it looks like it's working.
I had to uninstall the older Teamviewer Host version (14.4.X) on the clients prior installing the new one.
Hope this will solve your issue as well.
0 -
I still have this problem with version 15.26.4
Have to manually update every existing member of the group. New installs get the policy while old ones need to be manually set to "inherit" or explicitly assigned the policy before they ever attempt to apply it.
0 -
Did anyone here figure out a solution? This problem is one of the main things causing me to look for alternatives to TeamViewer.
0