Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Only deploy on-site and not on VPN

Hello,
We are deploying our VPN client updates through PDQ.
We have seen several times that people have complained that their VPN client has been uninstalled without installing the new one and/or cutting them off in the middle of their work.

We are using an inventory collection that will look if the IP address is within the VPN scope and if it isn't, only then is it supposed to deploy the new version.

The problem is that the IP address is sometimes slow to update in inventory and it is seen as the previous IP address from the last time they were online. This will lead to the following:

1. User works in office. IP address is updated.
2. Next day, user works from home. Connects with VPN.
3. User comes online, but is not in VPN IP scope in PDQ because it hasn't updated IP address yet. Deployment starts.
4. VPN is uninstalled.
5. New VPN client is not installed because user is now disconnected. Deployment failed.

I guess you could make a PS script to detect the IP address as the first step and if that gives an errorcode it will stop the deployment.

However this is not the only instance where this specific issue has popped up. Sometimes we don't want large packages to go through the VPN client.

Is there a way to reliably detect IP address in PDQ Deploy before deploying. With this i mean a scanner or the like. 

If not, then this turns into a request for future versions.

1

Comments

1 comment
Date Votes
  • Can you change how often PDQ Inventory scans?  Then edit the IP Address collection that you mentioned so that it only shows computers that are online and have been scanned within the past few hours but not more than 23 hours ago?

    1