This project is replaced by the ldms_auto_gateway project; if you're here to investigate creating your own solution, read on, but otherwise, you should go there instead.

Agents configured to use the Management Gateway do not connect to the gateway for remote control service by default; this is because leaving the connection on will use up resources on the gateway. Here's a good way to configure the system to provide flexibility.

The simplest thing is to let the user control the tool you need to provide the Remote Control system tray icon. This is often done with a separate agent config for laptops (also useful to provide Extended Device Discovery on desktops instead of laptops).

Once this is done, the helpdesk technician working with an end-user can tell the user to right-click the icon and switch mode to Gateway.

After the problem is solved, it's difficult to remember to switch mode back. To do that, use a local scheduler command or a frequent custom vulnerability to automatically switch mode back. The mode is controlled by a registry key at HKLM/Software/Intel/LANDesk/WUSER32/Gateway -- toggle that and restart ISSUSER.EXE.

But as long as we're talking about a script, we might as well handle the use case of environments where you can't show the user an icon or trust them to click the right things. In that environment, you'll want a more complex script which runs from the local scheduler on every IP address change and does The Right Thing(TM). In this case, we'll want to distribute a script to somewhere sensible like c:\program files\landesk\ldclient, then create a Local Scheduler script with the following parameters:

• Command = wscript.exe
• Parameters = c:\program files\LANDesk\LDClient\auto_gateway.vbs
• Freq = 1 min
• On IP Address change

This should make the script run within one minute of an IP address change. One handy side effect of doing it this way is that Local Scheduler is running as Local System, so your end user doesn't have to have permissions to write registry values and restart services.

UPDATE: Ken Carlile provided an update to auto_gateway.vbs that adds control of the brokerconfig settings (this causes inventory scanning, vulnerability scanning, and policy checking to go through or avoid the gateway).

UPDATE: Wolgang Dausend had trouble getting the service restarts to work, so he changed it to use net commands instead of WMI. I've posted his version, which has the old commands just commented out (and some commented print debugging). Someday I'll look into a command line option I suppose, or maybe someone who likes writing VBScript can do that.

UPDATE: Doyle Spence didn't like Ken's addition of brokerconfig control, so he removed it. Get his version here.

UPDATE: Turns out Doyle was right, one of the 8.8 Service Packs changed behavior so that it only creates the brokerconfig control file in select cases; so, I've modified the code. If the file is present, we'll control it; if not, nothing will happen to the agent behavior... remote control's behavior will still be toggled. I updated the custom vulnerability definition too.

Download the auto_gateway script here. Or, you could just use the custom vulnerability definition... note that's a template and may need modification. If you'd rather have more control over who gets the script, and you're on 8.8, Local Scheduler scripts are just a new type of script (see Tools > Distribution > Manage Scripts). For 8.7 or previous, you'll need to search the help file or community for the right syntax.