Inventory Only Agent
Provide an agent that will return hardware, software, custom, and patch inventories but will not allow for patching, scripting or managed install distributions.
The KACE Asset Management Appliance (AMA) is very close to this description, but we do not intend to create another product that meets the description precisely.
Mike Thaxter commented
We had a similar issue here. We just broke up our KACE SMA into different sub-Orgs;
a Server Org / Full Managed Workstation Org / Inventory Org.
Based on OU in the filter in the "Default" Org, you can assign or move "assets" from one org to another.
The Fully Managed Org can perform all the required updatings and everything, while the Inventory Org can just handle the "non"-manged machines, or authorize them out to other techs to support them how they feel.
But in the end you can have a complete list of all "Domain" machines for your overall Asset Inventory.
Please consult this document and see if that will help:
Craig Andersen commented
Our use case would be the ability to use one agent that can be applied at the top of our AD structure. Agentless is a hassle with 1000's of different subnets. We can not have the full agent installed in case patching management or a script would be ran on certain critical devices.My idea would be a base inventory agent with the ability to provision additional services like metering,patching,software distribution,scripting. This would also allow us to use custom inventory rules that agentless doesn't provide.
Bumping this, as agentless devices can't provide the same information that you get from a standard inventory (software installed/ license etc,).
Having a read only agent would solve many issues that we are facing.
Noah F. commented
This would be EXCEPTIONALLY helpful in our environment!
Dat lazy IT Guy commented
Meh, don't waste your time
Jason S. commented
Yes, we still want a read-only agent as the agent itself is why we bought Kace. Remote scanning is not reliable enough for mobile systems. Also, there are systems were we want inventory information, but do not want any software pushed to it. This is nearly impossible when certain labels include "All Windows 7 computers", etc.
Jason E. commented
In our use case, the need for an inventory-only agent would be somewhat supplanted by the uservoice-requested "exclude labels." That being said, I'd still like to see an inventory-only agent.
I agree with the comments bellow; in current world all incoming ports to client must be closed no exception; therefore client less inventory is useless and dangerous concept.
On open internet I still would like collect info about the machines; how could i determine the IPs for client less ??!
The Inventory only option sounds very good.
For security reasons (and scope of work) we don't open up ports on clients that would allow for provisioning, the same would be for Agentless. An Inventory Only Agent would forgo the need to open ports on the client.
Brant Taylor commented
Yes, this is still necessary.
Agentless would work for servers in our environment, as a first step. My use case is to have an agent stub that is ONLY used for replication. We house our replication shares for our remote sites on servers at this sites. And, unfortunately, these servers appear in the organization used by our end user support teams. This is FAR FROM IDEAL in our environment as responsibilities are segregated by function. We want to ensure support/administration is performed by the appropriate team (no accidental reboots or software deployments to servers). For this to work, a stub/lite agent (replication only agent) would have a configuration pointing to 1 org and the agentless inventory would be part of a different org. Essentially, this replication only agent would not appear in the device list or wouldn't be available for targeting via scripts, MIs, etc.
I echo all of the use cases commented here (particularly relating to servers).
We could really benefit from this on servers. No way agent will ever live on server due to potential misconfig. incorrect label, ect. Risk is way too high.
But to capture the other data would be super!
this feature is great for our system developing team which has test environment that should not be changed by patching. Previously i used LANDesk Ver.8.8, and it had this feature!
Recently i moved to KACE, and i disappointed there is no feature like this.
this would be perfect for our vendor owned machines and production servers, we could monitor what is installed and the status of the box, but not have to worry about deploying to something that has found its way into the wrong smartlabel
Agree with a lot of the posters here - we're still new to kace, and trusting that an agent cannot change any settings on a production server while still reporting "read only" would be reassuring
Ward Mosser commented
I agree we would like to utilize this enhancement for our server patching as well.
James Robinson commented
Being able to download only what each machine needs would be a great benefit and save on Gb's of patches not required.
This is one feature LANDesk Patch Manager has that I'm jealous of. They call it "Pre-stage" - it makes the deployment process so much quicker, but gives us the opportunity to test it first.