This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ManageSoftRET$ and mgsRET$ shared folders violates customer's security

Jump to solution
patrik_sliacky
By
Level 3

Hello,

due to customer security rules we are about to remove ManageSoftRET$ and mgsRET$ shared folders from our beacon servers as per the same recommendations found in the community [e.g. here]. But I would like to confirm few points before:

  1. mentioned shared folders are used in 2 cases "for remote execution activities including adoption of inventory devices (automated installation of the FlexNet inventory agent) and zero footprint inventory collection by the inventory beacon."
    • Our design consists of FlexNet Inventory Agent app installed manually on production servers, FlexNet Beacon app on beacon servers and one FNMS cloud server on top of that. If I understand correctly - this case is none of above mentioned 2 cases for which shared folders are applied?
  2. for the start I used just "Stop Sharing" via Computer Management > System Tools > Shared Folders > Shares. Is this sharing enabled back by either beacon policy update or upgrade of beacon itself?

  3. The same question as in point 2. applies for scenario when I manually remove these folders. I expect only reinstallation of FlexNet Beacon app might bring back the folders as per default setup and so they can be removed within post-installation steps. 

 

Please confirm or correct me if I'm wrong.
Thanks!

 

‎Nov 25, 2020 04:16 AM

(1) Solution

Jump to solution
JeffVoss
By
Level 7

You will need to remove them from the Local Security Policy of the machines as well. Note removing them Local Security Policy settings for anonymous connections will generally clear your security teams scans of the the machines by itself. 

And yes, every beacon upgrade until now has required that the Local Security Policy be re-updated. 

You only loose any activity where the remote device needs to run the code from the remote devices local account from the  network location. You can still do VMWare and Oracle inventories from the beacon. 

Jeff

View solution in original post

‎Nov 25, 2020 08:59 AM

(1) Reply

Jump to solution
JeffVoss
By
Level 7

You will need to remove them from the Local Security Policy of the machines as well. Note removing them Local Security Policy settings for anonymous connections will generally clear your security teams scans of the the machines by itself. 

And yes, every beacon upgrade until now has required that the Local Security Policy be re-updated. 

You only loose any activity where the remote device needs to run the code from the remote devices local account from the  network location. You can still do VMWare and Oracle inventories from the beacon. 

Jeff

‎Nov 25, 2020 08:59 AM