Rationale

Devices that have remote management enabled but are not yet tied to a UMS instance can be taken over by an attacker's UMS. Make sure to register all IGEL devices on your network.

Instructions

By default, remote management is enabled on IGEL OS devices. Use automatic registration to catch all devices in your corporate network:

  1. Assign the DNS entry igelrmserver to the UMS host. For further instructions, see Registering Devices Automatically on the IGEL UMS.
  2. In the UMS console go to UMS Administration > Global Configuration > Device Network Settings.
  3. Activate Enable automatic registration (without mac address import)
    Now all new IGEL devices, UD Pockets and devices converted with OSC that are booting up in the network will automatically register with your UMS instance.
  4. Optionally, put newly registered devices into a quarantine directory automatically with UMS Default Directory Rules.
  5. Optionally, assign a Master Profile to this directory, thereby enforcing secure settings, e.g. a local administrator password.

    Alternatively you can disable remote management in the local IGEL Setup under System > Remote management. Of course this means losing one of the most powerful features of IGEL OS. However, this may be an option for particular devices.