Rationale

Endpoint devices that have Remote Management enabled but are not yet tied to a UMS instance can be taken over by an attacker's UMS. Make sure to register all IGEL endpoint devices on your network

Instructions

By default, Remote Management is enabled on IGEL OS endpoints. Use Autoregistration to catch all endpoint devices in your corporate network:

  1. Assign the DNS entry igelrmserver to the UMS host.
  2. In UMS Console go to UMS Administration > Global Configuration > Thin Client Network Settings.
  3. Activate Enable automatic registration (without mac address import)
    Now all new IGEL thin clients and devices converted with UDC3 booting up in the network will automatically register with your UMS instance.
  4. Optionally, put newly registered endpoint devices into a quarantine directory automatically with UMS Default Directory Rules.

  5. Optionally, assign a Master Profile to this directory, thereby enforcing secure settings, e.g. a local Administrator password.

    Alternatively you can disable Remote Management in the local IGEL Setup under System > Remote Management. Of course this means losing one of the most powerful features of IGEL OS. However, this may be an option for particular endpoints.