Scanning remote clients

Comments

7 comments

  • Luke Nichols

    The PDQ team has put out extensive info about this lately, check the following links:

    https://www.pdq.com/blog/setting-up-pdq-to-work-with-remote-workers/

    https://www.youtube.com/watch?v=AulvvAfDrFI

    1
    Comment actions Permalink
  • Nsheth05

    This does help but I'm having hard time understanding the DHCP portion sorry, my firewall assign virtual IP in 10.11.11.0/24 and our work network is in 192.168.8.* subnet how does another DHCP scope and scavenging will help/work in my situation?

    1
    Comment actions Permalink
  • Luke Nichols

    Ok, there are a few takeaways from the resources I linked above that I think you should focus on:

    1. Enable the setting to test multiple addresses in name resolution within PDQ Inventory.

    Explanation: Each client that is connecting through VPN but was previously on the work network will probably end up with multiple A records in DNS, at least temporarily until the one from the work network is scavenged. You need this setting on in order to be able to resolve the second record in the even that the first record does not respond.

    2. Flush your DNS resolver cache on your PDQ Inventory server frequently. You can do this with a scheduled task. I put instructions for this below.

    Explanation: Most VPN systems do not properly do DHCP, they just hand out addresses on connection and return those addresses to the pool when the VPN session is terminated. This leaves you with IP conflicts in DNS until your scavenging takes care of the old records. You should flush your DNS cache on your server frequently to make sure you get the latest records from your DNS to benefit from your aggressive scavenging.

    ----------

    Open task scheduler on your PDQ server. In the action pane on the right, click "Create Task..."

    Name: Flush DNS Every 5 Minutes

    Under security options, click "Change User or Group" and change it to "System". (If you are uncomfortable with this you can use a Managed Service Account or save your own credentials. Using an MSA is the best way but it also takes the longest.) Click the checkbox for "Run with highest privileges". Change "Configure for:" to whatever OS your PDQ server is running.

    Switch to the "Triggers" tab. Click "New..."

    Change the "Begin the task" dropdown menu to "On a schedule". Change the frequency to "Daily". Under "Advanced settings" click the checkbox for "Repeat task every:" and change the dropdown menu to 5 minutes (this should match your heartbeat frequency in PDQ). Leave the "for a duration of" dropdown menu at the default value of 1 day.

    Switch to the "Actions" tab. Click "New..."

    For "Program/script" put in: C:\Windows\System32\ipconfig.exe

    For "Add arguments" put in: /flushdns

    ----------

    3. Set your DNS scavenging to a really aggressive schedule. I am not going to go into details here since I don't manage the DNS in my environment and it will vary based on what type of DNS you run, but PDQ has instructions on doing this in AD DNS which is probably what most of their clients use. Here is the timestamped link to the place in the video where they explain it: https://www.youtube.com/watch?v=AulvvAfDrFI#t=4m06s

    2
    Comment actions Permalink
  • Nsheth05

    Thank you and appreciate your help.

    1
    Comment actions Permalink
  • Luke Nichols

    No problem. I know the PDQ guys are working hard to get this information out there and I'm happy to help the process.

    1
    Comment actions Permalink
  • Tara Hammond

    This definitely helps, but we have so many users who are not connecting to VPN because we are primarily Office 365.  Is there a way to get the updated inventory over the internet?  

     

    Thanks!

    Tara

    0
    Comment actions Permalink
  • Colby Bouma

    We are looking into possible solutions for this. I don't know when they might be ready.

    0
    Comment actions Permalink

Please sign in to leave a comment.