TEM Questions

1

(imported topic written by mjb.slx)

Hi all,

I am new to TEM but learning… I have setup a small deployment on our office clients, I have a few polices I would like to fullfil but am having issues understanding if TEM comes pre-packaged or do I need to create these actions…

Here is what I would like the product to do;

  1. Where clients are deployed to the nodes, I would like to see if the node has HDD Encryption enabled (is this already inside TEM or do I need to create this feature?)

  2. Free space on HDD??

  3. Screensaver password enabled

  4. Sufficent Password strength on Node

  5. Programs Installed on Node

Any help or information would be great!

Cheers

Matt

2

(imported comment written by SystemAdmin)

You don’t specify the OS you are interested in … Where I work, it seems we have every OS ever written/sold/downloaded.

  1. Node … System/Agent? In terms of HDD Encryption, there is nothing built into TEM that I know of. We use PGP where I work, I’m in the process of writing fixlets/tasks to track PGP status and upgrade it when appropriate. I’ve seen information on the web regarding detecting encryption on newer OS X machines, but my guess is you’re going to have to define this in TEM yourself, on an OS by OS basis and on a package by package basis. Too many ways to encrypt systems, in fact too many definitions of encryption.

  2. There is a predefined Retrieved Property for this … Free Space On System Drive.

  3. Screensaver Password Enabled … That is going to depend on the OS, Version of the OS and at least under Windows if AD is managing it via GPO’s. You would need to determine this on your own, it’s not built into TEM. Since this information is usually stored SOMEWHERE on the system, I would be willing to bet someone has done this already. In fact, I may add it to my list of Things To Do. Screensaver Timeout and Password Required status.

  4. See answer to #3. This is going to be more of a question of what password policies are applied to a given system. Local Policy or Domain Policy.

  5. Assuming you are talking about Windows, usually pulling the Display Names from the Uninstall branch of the Registry will tell you what is “properly” installed. There are some programs that do not follow the standards (ie DropBox). For other OS’s (ie Mac, Linux, Solaris, AIX, etc), I don’t know the answer to this one.

In very basic terms I think anything that you can do manually on a system, can be automated by TEM. Many things have already been done, people here in the Forums are usually willing to help. I know the IBM’ers are great about offering assistance when they can.