Dell KACE K1000 Management Appliance Administrator GuideRelease 5.3 Revision Date: May 16, 2011 © 2004-2011 Dell, Inc. All rights reserved. Information concerning third-party copyrights and agreements, hardware and software warranty, hardware replacement, product returns, technical support terms and product licensing is in the Dell KACE End User License agreement accessible at http://www.kace.com/license/standard_eula Contents 1 Getting Started 15 15 15 15 16 17 18 18 18 19 21 23 23 23 25 25 26 26 27 27 28 28 30 31 32 32 32 33 33 About this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding the KACE K1000 Appliance components . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software deployment components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To set up your K1000 Management Appliance server . . . . . . . . . . . . . . . . . . . . . . . . . DNS Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring network settings from the console. . . . . . . . . . . . . . . . . . . . . . . . . . . . Logging in to the Administrative Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the KACE K1000 Appliance components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Home. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Guided Tours . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Client Check-In Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software Threat Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . License Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Clients Connected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managed Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tasks in Progress. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view the Summary Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Find Your Software Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating Your Appliance Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upgrade software without using Organizational Management . . . . . . . . . . . . . To upgrade software for Organizational Management users . . . . . . . . . . . . . . . . . Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Search. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Configuring your Appliance 35 35 35 37 39 40 40 42 42 42 43 44 44 45 47 47 49 3 Key configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure general settings for the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure general settings for your organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . List of open ports required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Network Settings for the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure the Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Local Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Local Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Local HTTPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Local HTTPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Security Settings for the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To generate an SSL Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Agent Messaging Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Agent Messaging Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring date and time Settings of the appliance server . . . . . . . . . . . . . . . . . . . . . . . . Administrator Guide, Version 5.3 Contents To configure Date & Time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Single Sign-on for multiple appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To enable linking of appliances for single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . To link appliances for single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To disable appliance links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To access the K1000 Troubleshooting Tools page. . . . . . . . . . . . . . . . . . . . . . . . . . . . To use Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 49 50 50 51 51 52 52 3 Labels and Smart Labels 53 53 54 55 55 56 57 57 58 58 59 59 60 60 61 61 62 63 About Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Labels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Computer Details by Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view label details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add or edit a new label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About Label Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view Label Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About Smart Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To change the Smart Label Run Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Agent Provisioning 65 65 66 67 67 67 68 68 69 69 69 71 72 72 73 73 73 Overview of first time Agent provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System requirements for Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing to provision the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling file sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing for Windows Platform provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Single Machine Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To deploy the Agent on a single machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advanced Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview of Advanced Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To use Advanced Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To provision Windows platforms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To provision Unix (Linux or Mac OS X) platforms . . . . . . . . . . . . . . . . . . . . . . . . . To schedule Agent provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Provisioned Configurations page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accessing the Provisioned Configurations page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Administrator Guide, Version 5.3 Contents To edit a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To duplicate a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Provisioning Results Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view Provisioning Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing K1000 Agent Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K1000 Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure an Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K1000 Agent Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview of Agent Updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To download a patch Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To update the Agent automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AMP Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view AMP Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a message queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 74 74 74 75 75 76 77 77 78 78 78 79 80 80 81 5 Managing Software and Hardware Inventories 83 83 84 85 85 85 86 86 87 87 89 89 89 90 91 91 92 92 92 93 94 94 95 95 96 96 96 97 97 Inventory Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Searching for Computers in Your Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Advanced Search for Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating Smart Labels for Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . Searching for Computers by Creating Computer Notifications . . . . . . . . . . . . . . . . Filtering Computers by Organizational Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Computer Inventory Detail Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Appliance Agent Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Advanced Search for Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Software to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding software automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add software to Inventory manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create software assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Custom Data Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Attaching a Digital Asset to a Software Item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To attach a digital asset to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to a software item. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To remove a label from a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To categorize a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To set threat level to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Administrator Guide, Version 5.3 5 Contents Managing Your Processes Inventory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 To view process details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 To delete a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 To disallow processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 To apply a label to a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To remove a label from a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To categorize a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To set threat level to a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To meter a process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Managing Your Startup Program Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 To view Startup detail information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 To delete a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To apply a label to a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To remove a label from a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To categorize a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To set threat level to a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Managing Your Service Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 To view service detail information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 To delete a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 To apply a label to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 To remove a label from a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 To categorize a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 To set a threat level to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Managing Your MIA (Out-Of-Reach Computer) Inventory . . . . . . . . . . . . . . . . . . . . . . . . 104 Configuring the MIA Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 To configure the MIA settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 To delete an MIA computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 To apply a label to an MIA computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 To create a new label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Using the AppDeploy Live Application Information Clearinghouse . . . . . . . . . . . . . . . . . . 106 Enabling AppDeploy Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Viewing AppDeploy Live content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 To view AppDeploy Live information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Using the Dell Warranty feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 To obtain Dell Warranty information on a single Dell machine instantly . . . . . . . . . . . 107 To renew Dell Warranty information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 To run Dell Warranty reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 6 Importing and Exporting Appliance Resources 111 111 111 112 115 116 117 117 Importing and exporting resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Transferring resources using a SAMBA share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Export resources from one appliance to another using SAMBA shares . . . . . . . . . . . Transferring resources between Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exporting resources to Other Organizations on an appliance. . . . . . . . . . . . . . . . . . . Importing resources from another organization on your appliance . . . . . . . . . . . . . . . Import software components from another organization . . . . . . . . . . . . . . . . . . . 6 Administrator Guide, Version 5.3 Contents 7 Scanning for IP Addresses 119 119 119 119 120 120 120 122 123 123 123 IP Scan Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Scheduled Scans list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an IP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an IP scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To search network scan results on the basis of status fields . . . . . . . . . . . . . . . . . . . IP Scan Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To dynamically identify the network scan results . . . . . . . . . . . . . . . . . . . . . . . . . To edit the order value of IP Scan Smart Labels . . . . . . . . . . . . . . . . . . . . . . . . . 8 Distributing Software from Your K1000 Management Appliance 125 125 126 127 127 127 128 128 129 129 129 130 130 133 134 134 137 137 138 139 139 142 142 143 143 143 144 145 146 146 146 147 147 148 Distribution Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Distribution Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributing packages from the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ensuring that Inventory item package names match . . . . . . . . . . . . . . . . . . . . . . Distributing Packages from an Alternate Location . . . . . . . . . . . . . . . . . . . . . . . . . . . When to use a replication share or an alternate download location . . . . . . . . . . . . . . Managed Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installation parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To determine supported parameters for the .msi file . . . . . . . . . . . . . . . . . . . . . . Creating a managed installation for the Windows platform. . . . . . . . . . . . . . . . . . . . . To create a managed installation for Windows platforms. . . . . . . . . . . . . . . . . . . Examples of common deployments on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard MSI example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for Windows platforms. . . . . . . . . . . . . . . . . . . Standard EXE Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard ZIP Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for a .zip file . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for an .rpm file . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard TAR.GZ Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for a tar.gz file . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Mac OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . File Synchronizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a file synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a file synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wake-on-LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wake-on-LAN feature overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Issuing a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To issue a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To schedule a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting Wake-on-LAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Administrator Guide, Version 5.3 7 . . . . . . . . . . . .3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add an Offline KScript or Online KScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Administrator Guide. . . . . . . . . . . . . . . Version 5. . . . Desktop Shortcuts Wizard. . . . . . . . . . . . . . . . . . . . . . Configuring Dell OpenManage Catalog Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Editing Scripts . . . . . . . . . . Dell Client and Server Upgrade workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About the Configuration Policies . . . . . . Enforce Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Contents Preparing to create a replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Desktop Control Troubleshooter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To import an existing script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Importing Scripts . . . . . To Duplicate an existing Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding the Differences between Patching and Dell Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To search scripting logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run Now Detail Page . . . . . . . . . . . To delete a script from the Scripts page. . . . . . . . . . . . . . . . To Delete an iPhone profile . . . . . . . . . . . . . . . . . To create a replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Token Replacement Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Dell Systems with Dell Updates . . . . . . . . . . . . . Monitoring Run Now Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run Now from the Script Detail page . . . . . Using the Run Now function . . . . . Working with your replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Registry Settings . . . . . . . . . To run scripts using the Run Now tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Windows-based Policies . . . . . . . . . . . . . . . . . . . Order of downloading script dependencies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Before you use K1000 iPhone profile support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a policy to enforce Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Appliance Default Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add an Online Shell Script. . . . . . . To use the Run Now function from the Scripts Lists Page . . . . . . . . . . . . . . To Configure Collection Settings for iPhones . . . . . . . . . . . . . To view replication share details . Adding Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a script from the Scripts Edit page . . . Searching the Scripting Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add an iPhone profile . . . . . . . . . . . . . . . . . . . . . Managing iPhone Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To troubleshoot remote behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 149 152 152 153 153 153 154 154 155 156 156 158 9 Using the Scripting Features 161 161 163 163 164 165 166 166 170 172 172 172 172 173 173 174 174 175 175 176 176 176 177 177 178 179 179 179 180 180 180 181 Scripting Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Mac OS Configuration-based Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an uninstaller script . . . To restore from the most recent backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restoring to factory settings . . . . . . . . . . . . . To Reboot and shut down KACE K1000 Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MSI Installer Wizard . . . . . . . . . . . . . . .3 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To verify the minimum server version . . . . . . . . . . . . To modify Windows Automatic Update settings . . . . . . . Enforce Active Directory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Contents To create scripts to add shortcuts . . . . . . . . . . . . . . . To change backup file location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating patch definitions from KACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To verify the upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Automatic Update Settings policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce VNC Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Upgrading your appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backing up K1000 Management Appliance data. . Restoring from most recent backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Version 5. . . . . . . . Un-Installer Wizard . . . To create an Event Log query . . . . . . . . . . . . . To access the backup files through ftp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Event Log Reporter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Administrator Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating K1000 Management Appliance software . . . . . . . . . . . . . . . . . . . . UltraVNC Wizard. . . . . . . . To start the Automatic Windows Update on a node . . . . Restoring K1000 Management Appliance settings . . . . . . . . . . . . . To update the patch definitions . . . . . . . Power Management Wizard . . . . . . . . . . To apply the server update. . . . To create the MSI Installer policy . . . . . . . . . . . . . To upload backup files . . . . . . . . . . . . . . . . About monitoring power use. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating your Dell KACE K1000 Management Appliance license key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downloading backup files to another location. . To delete patch files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Applying the server update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 181 182 182 182 184 186 186 186 187 188 188 188 189 189 190 192 192 10 Maintaining Your K1000 Management Appliance 195 195 196 196 196 196 197 197 197 198 198 198 198 198 199 199 199 199 200 200 201 201 201 201 201 202 202 K1000 Management Appliance maintenance overview. . . . . . . . . . . . . . . . . . . . . . Updating the license key . . . . . . . . Uploading files to restore settings . . . . . . . . . Enforce Power Management Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upgrade your K1000 Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To restore to factory settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run the appliance backup manually . . . . . . . . . . . . . . . . . . . . . To select a report if starting from the Schedule icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To duplicate an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report using the Report Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accessing K1000 Management Appliance logs . . . . . . . . . . . . . . . . . . . . . . . To create a new SQL report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Using Organizational Management 237 Overview of Organizational Management . . . . . . To create an e-mail Alert. . . . . . . . . . . To schedule a User Import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-mail Alerts . . . . . . . . . . . . . . . . . . . . . . To download Dell KACE K1000 Management Appliance logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 202 203 203 204 204 204 204 206 11 LDAP 209 About LDAP Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 . . . . . . . . . . . . . . . . . . . . . . . . . . To Create a Broadcast Alert Message . . . . 237 Default Organization . . . To edit an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Disk Status log data . . . . . . . . . . . . . Using the LDAP Browser Wizard. . . . . . . . . . . . . . . . . . . . To select a report if starting from the Schedule Reports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To define email notifications . . . . . . . . . . . . . . . . . . . . . . To log on to the AMP service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Version 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Alert Messages . . . . . . Creating an LDAP Label with the Browser . . . . . . . . . . . . . To update the OVAL and patch definitions . . . . . . . . . . . . . . Using LDAP Easy Search . . . . . . . . . . . . . . . . . . . . . . . . . Windows debugging . . . . . . . . . . . . . . . . . . . . . . . Running Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downloading log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . Automatically Authenticating LDAP Users . . . . . . . . . . . 237 10 Administrator Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Reports . .Contents Updating OVAL definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To use the LDAP Browser Wizard . . . . . . . . . . . . . . . . . . . . . . . . . Scheduling Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an LDAP Label Manually . . To schedule the time the report runs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a scheduled report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a report schedule . . . To configure the appliance for user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Report Layout . . . . . . . . . . . . . . . . . . 209 210 211 213 214 214 215 215 218 12 Running the K1000 Appliance Reports 221 221 222 223 223 225 228 229 229 229 230 230 230 231 232 233 233 233 234 234 Reporting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting K1000 Management Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organizational Filters. . . . . . . . . . . To delete a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Steps for Mac OS X Systems . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . Creating and Editing Organizational Filters. . . . . . . . . . . . . Redirecting Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organizational Roles . . . Steps for Red Hat Enterprise Linux Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To test an organization filter . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit an organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a role. . . . . . . . Steps for Windows Systems . . . . . . . . . . . To delete an organization . . . . . . . . . . . . . . . . Advanced Search . . . . . . . . . . . . . . . . . . . . . . . . . . To change the password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and editing Organizational Roles . . . . . To create an organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To redirect computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 238 239 241 242 243 243 244 244 245 245 245 246 247 248 248 248 249 249 250 251 252 252 252 252 253 253 253 254 254 254 254 A Administering Mac OS Nodes 259 259 260 260 260 263 Mac OS Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for Mac OS nodes . . . . . . Version 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To duplicate a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B Adding Steps to a Script 265 265 265 269 271 11 Adding Steps to Task Sections . . . Managing System Admin Console users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a data filter . . . . . . . . . . . . . . . . . . . . . . . . . . Administrator Guide. . . . . . . . . . . Refiltering Computers . . . . . . . . To troubleshoot nodes that fail to show up in Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a LDAP filter . . . . . . . . . . . . . . . . . . . Distributing Software to Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Mac OS® . . . . . . . . . . . . To delete a filter . . . . . . . . . . . . . . . Computers . To create a role . . . . . . . Test and Organization Filter . . . . . . . . . Default role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Patching Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . To refilter computers . . . .Contents Creating and editing Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Value Return rule reference . . . . . . . . . . . . . . . . . . . . . . . . . Checking for multiple true conditions (AND). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Version 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Comparing node values (Greater and Less Than rules) . . . . . . . . . . Getting PLIST values . . . . . Getting multiple values . . . . . . . . . . . . Finding a registry key and entry . . Checking for conditions (Conditional rules) . . . . . . . . . . Getting command output. . . . . . . . . Understanding rule syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D Database Tables 295 K1000 Management Appliance Database Tables . . . . . . . . . . . . . Finding a path or file . . . . . . . . . . . . . . . . . . . . . . . . . Creating a Custom Inventory rule . . . . . . . . . .Contents C Writing Custom Inventory Rules 273 273 273 274 275 275 275 276 277 279 280 281 282 282 283 283 284 284 285 285 286 286 287 287 289 289 290 290 290 290 290 290 292 293 293 293 293 293 294 Understanding Custom Inventory Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Matching file names with Regular Expressions . . . . . . Getting File Information values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 12 Administrator Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Regular Expressions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Conditional rule reference . . . . . . . . . . . . . . . . . . . . . . . . . . Regular Expression Rule Reference. . . . . . . . . . . . . . . . . Using a regular expression. . . . . . . . . . . . . . . . . . . . . . . . Testing for Linux and Mac file attributes. . . . . . . . . . . . . . . . . . . . . Using Windows file attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying values to test. . . . . . . . . Specifying a version . . . . . . . . . Specifying a file attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How Custom Inventory Rules are implemented . . . . . . . . . . . . . Specifying the datatype . . . . . . . . . . . . . . . . . . . Specifying environment or user variables. . . . . . . . . . . . . .3 . . . . . . . . . Specifying a PLIST key (Mac only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Argument syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for one true condition (OR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining rule arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting values from a node (Custom Inventory Field) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Testing for multiple conditions. . . . . . . Evaluating node settings (Equals rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting Registry key values . . . . . . . . . . . . . . . . Specifying the name of a registry entry (Windows only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Function syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying if a Condition exists (Exists rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To manually remove the Agent . . . . To access the Computers : Detail page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using shell scripts to install the Agent. . . . . . To run an Inventory check . . . . . . . . . . . . . . . . . . . . . . . . Running Reports . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Reports . . . Linux Debugging . . . . . . . . . . . . . . . . . Version 5. . . . . . . . . . . . . . . Manually installing the Agent on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Information collected by the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report using the chart presentation type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report using the table presentation type . . . . . . . . . . . . . . . . . . . . . . . . Administrator Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check the version of the Agent . . . . . . . . . . . . . . . . . . . . . Updating the Agent . . . . . . . . . . . . . . . . . To manually remove the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows debugging . . . . . . . . . To duplicate an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing and Configuring the Agent on Linux . . . . . . . . . To Install and Configure the Agent on Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . To install from startup or login. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F Understanding the Daily Run Output G K1000 Classic Reports 315 321 321 322 322 322 324 326 326 327 Reporting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 13 . . . . . . . . . . . . . . . . . . . . . . To start and stop the Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a report using SQL Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Contents E Manually Deploying Agents 301 301 301 302 302 302 303 304 304 305 305 305 306 306 306 306 306 307 307 307 308 308 308 308 309 309 309 309 309 310 310 311 Overview of manual deployment . . . . . . . . . . . . . . . . . . . . . . . . Other Agent operations . . . . . . . . . . . . . . . . . . . . . . . . . . . To check that the Agent is running . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows security issues . . . . . . . To manually install the Agent on Windows using command lines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To start or stop the Agent . . . . . . . . . . . . . . . . Resources for troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Macintosh Debugging . . . . . . . . . . . . . . . . . . . . . . . . To check the version of the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check that the Agent is running . To run an Inventory check . . . . . . . . . . . . To manually install the Agent on Windows using the Install wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . To install or upgrade the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other Agent operations . . . . . . . To install the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report from scratch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upgrade the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 328 329 329 H Warranty. . . . . . . . . . . . . Microsoft Windows . . . . . . . . . . . . . . . . . . . . .3 . . . . . . . . . . . . . NO WARRANTY. . . . . . . . . . Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preamble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FreeBSD . . . . . Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OpenSSL License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Knoppix . . . . . . . Version 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Original SSLeay License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run a schedule . . . . . . . . . . . . . . To create a report schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Samba. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Third Party Software Notice. . . . . . . . . . To delete a schedule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . and Support 331 331 331 331 334 335 335 339 343 344 344 344 345 346 347 348 352 Warranty And Support Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EZ GPO . . . . . . . . . . . . . . . . . . . . OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Index 355 14 Administrator Guide. . . . . . . . . . . . . . . . . . . . . . PHP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Contents Scheduling Reports . . . . . . . Sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preamble . . . . . . . . . . . . . . . . . . . you will see the Administrator Portal appliance.1 Getting Started This chapter starts with an overview of this guide and the Dell KACE K1000 Management Appliance interface components. The chapter then explains how to install and set up your K1000. and use the Dell KACE K1000 Management Appliance. At that point. on page 15. the Web page from which you configure and use your appliance. Understanding the KACE K1000 Appliance components. on page 34. Using the KACE K1000 Appliance components. from unpacking the appliance to Initial Konfiguration. on page 15. Understanding the KACE K1000 Appliance components Your appliance includes the following components: Administrator Guide. What’s Next. This section also lists the basic administrative procedures and the best practices for system management. This section provides an introduction to your appliance and an overview of the total system management workflow. on page 15. configure. • • • • • • About this guide. on page 21. About this chapter This chapter explains how to install and set up your K1000 Management Appliance. set up. About this guide This guide explains how to install. on page 24. Version 5. Before you can use your appliance.3 15 . About this chapter. Using Home. you need to configure it. this chapter provides an overview of the Administrator Portal. and finally it provides an overview of the K1000 Management Appliance Administrator Console Home page features. When finished. The Administrator Console provides access to the following components: • • • • • • • • • • Inventory Management Software Distribution Reporting K1000 Settings Asset Management Scripting Security Service Desk Settings Virtual Kontainers 2. It includes an application component that manages downloads. Version 5. The agent also includes the Agent Management Service appliance that initiates scheduled tasks such as inventory or software updates. Administrator Console—This is used by administrators to control the K1000 Management Appliance. 4. Service Desk is accessible by browsing to http://k1000_hostname. Assistance for users in routine tasks. such as software installation and getting help from the Knowledge Base. A way for users to submit and track Service Desk (or Service Desk tickets). This portal is a Web-based interface to access and direct the functionality and capabilities within your company. Service Desk—This makes software titles available to users on a self-service basis. The Service Desk provides: • • • A repository for software titles that are not required for all users. 16 Administrator Guide. The Service Desk does not replace traditional push software distribution (as is handled by the Administrator Console and the agent). installations. You can change or customize the Service Desk name. and desktop inventory.1 Getting Started 1. Agent—This is the K1000 Management Appliance technology that sits on each desktop that the appliance manages.3 . It is accessible by browsing to http://k1000_hostname/ admin. System Console—This is an interface designed primarily to enforce the policies across organizations. 3. Many Dell customers use the portal for handling occasional user applications. and this section lists the components used for the deployment of packages: • Managed Installations can be configured by the administrator to run silently or with user interaction. on page 143 for more information.4in) 77.66GHz 12GB 5 5 550GB Quad Gigabit Dual Redundant. uninstall. • • Administrator Guide. See Managed Installations. 100 . 2.24cm (19in) (includes rack latches) 4.Getting Started 1 Hardware specifications The K1000 Management Appliance include a high-performance server with the following hardware configuration: Hardware Form Factor Dimensions Height Width Depth Model CPU (Quantity/Core) RAM RAID Level Number of Disks Storage Ethernet Ports Power Supply 4.4 GHz 6GB 5 3 215GB Quad Gigabit Energy Smart 520 Watts.26cm (1.26cm (1.2cm (30.3 17 . Unlike Managed Installations. The K1000 Management Appliance supports several types of distribution packages.” the administrator can define install. Within a “Managed Installation Definition.7in) 48. print drivers.24cm (19in) (includes rack latches) K1100 1U Rack mount chassis K1200 1U Rack mount chassis 77. or command-line parameters. File Synchronization is used to distribute files that need to be copied to a user’s machine without running an installer.4in) (includes PSU handles & bezel) (includes PSU handles & bezel) PowerEdge R610 2/4 Intel® Xeon®.2cm (30. Energy Smart 520 Watts. on page 129 for more information. 2. You also can use the Service Desk to resolve installation issues by allowing users to download and install fixes. File Synchronization is another way to distribute content to computers with the agent software. and so on. Version 5.7in) 48. Service Desk Packages are ear-marked by administrators for user self-service. See the Service Desk Administrator Guide for detailed information. See File Synchronizations.240 VAC PowerEdge R610 2 /4 Intel® Xeon®. 100 .240 VAC Software deployment components This section describes the packages that can be deployed by the server on the agents. but do not connect a network cable at this time.exe files. on page 182. 3. The package types are mostly setup. See Chapter 4: Agent Provisioning. Version 5. Configuring network settings from the console 1. it should be specified in the appropriate “A” record created in your internal Domain Name System (DNS) server. 2. Power on the appliance. enter: Login ID: konfig Password: konfig 18 Administrator Guide. A Split DNS is required if the appliance is connected to the Internet using a reverse proxy or by being placed in the DMZ (Demilitarized Zone or Screened Subnet). DNS Considerations The K1000 Management Appliance requires its own unique static IP address. A DMZ adds an additional layer of security to a LAN (Local Area Network). Whatever name you use. MSI Installer Wizard creates a policy and helps you set the basic command line arguments for running MSI-based installers. An “MX” record containing the hostname defined by the “A” record is required so that the users can e-mail tickets to the Service Desk. By default. The appliance requires 5 to 10 minutes to start up for the first time. its hostname is kbox. for details on how to configure and perform these tasks. To access the console. See MSI Installer Wizard.1 Getting Started • • Agent is a special tab to manage the appliance agent. At the login prompt. connect a monitor and keyboard directly to the appliance. The sections that follow describe how to configure the K1000 Management Appliance to meet the needs of your company. To set up your K1000 Management Appliance server This section describes how to set up the K1000 Management Appliance after the appliance has been properly installed in its rack. starting on page 65.3 . for more details.msi or setup. The wizard generates a script used for installing or removing the software. Getting Started 1 Modify the following settings using the Up and Down arrow keys to move between fields. appliance. Field K1000 (DNS) Hostname K1000 Web Server Name Description Enter the host name of the appliance. Clients connect to the K1000 using the Web Server Name.. 1. and then press Enter or Return. The default setting is kbox. connect an Ethernet cable into the port labeled “Gb 1” and to a switch on your network. 4. Enter the appliance Administrative Console URL: Administrator Guide. The appliance restarts. Use the Right arrow key to enable.kace. 2. To enable email notifications. specify an SMTP server. User the Right arrow key to select from the available speeds if you need to change the default. Enter the IP address of the secondary DNS server.com). Enter your subnet mask. Logging in to the Administrative Console After the basic network configuration is complete. Static IP Address Domain Subnet Mask Default gateway Primary DNS Secondary DNS Network Speed SMTP Server SSH Enabled Proxy. Open a Web browser. if needed.3 19 . you can log in to the Administrative Console from any computer on the Local Area Network (LAN) using a Web browser. Enter the network gateway for the appliance server. Enter any necessary proxy information. Press the Down arrow to move the cursor to Save. This is the value of Hostname concatenated with Domain (for example. enclosing the IP address with square brackets []. While your appliance reboots. Enter the IP address of the primary DNS server the appliance uses to resolve host names. (Required) Enter the IP address of the appliance server. 5.. Version 5. (Recommended) Enter the fully qualified domain name (FQDN) of the appliance on your network. Permits console access to the K1000. Enter the domain on which the appliance is running. We recommend adding a DNS host record matching the K1000 Web Server Name chosen during this setup. 20 Administrator Guide. on page 199. 6. 3. 5. Version 5. 7. refer to Restoring to factory settings. Enter the license key (including dashes) that you in received in the welcome email from Dell KACE. log in using the username “admin” and the password you chose. 4.kace. The following sections explain the various K1000 Management Appliance feature components. You can restore the factory settings of the appliance. When the appliance has restarted. If you cannot find your license key. 8. refresh the browser page. contact Dell KACE Customer Support at www.3 . For more information. Click Apply Settings and Reboot. Enter the name of your company or organization. The appliance restarts. Enter a secure and unique password for the admin account. 9. Select the timezone for your K1000 location. You are now ready to start using the Administrator Interface.com/support. After accepting the EULA.1 Getting Started http://k1000_hostname/admin The Initial Konfiguration page appears. and so on. and so on. Version 5. which are a method for grouping machines. and deploy and run them on the nodes you administer from the Dell KACE K1000 Management Appliance. • • • • Guided Tour Summary Label Search Inventory • • • • • • • Computers Software Processes Startup Service IP Scan MIA Management Deployment Creation Administration Assets Asset Types Asset Import Metering Virtual Kontainers • • • • Create virtual versions of supported applications. • Establish relationships between assets (using logical assets). includes guided tours for learning more about your K1000 Management Appliance. software... see the Virtual Kontainer User’s Guide.” Provide overview statistics of your running processes. Administer the hardware and software managed by your appliance. the following components are available on your appliance: The components are described in the following table: Component Home Sub-tabs Used to. Track computers and other physical assets.Getting Started 1 Using the KACE K1000 Appliance components Depending upon your options.3 21 . see the Asset Management Guide. You can also have labels dynamically assigned by using “Smart Labels. For more information. Asset • • • • Administrator Guide. For more information. • Meter actual software usage. Manage labels. Also used to: • Determine software compliance. printers. such as software. Also. people. • • • • • • Managed Installation File Synchronization Wake-on-LAN Replication iPhone Dell Updates Scripts Run Now Run Now Status Search Logs Configuration Policy Security Policy Patching OVAL Assessment SCAP Scan Secure Browsers Scripting • • • • • • Automate system administration tasks. Remote software distribution and administration.1 Getting Started Component Distribution Sub-tabs Used to. Security • • • • Reduce the risks from malware. spyware. For more information about patching and security. and viruses. Help Desk • • • • • • Provide a repository for software resources and documentation for your users to access and Software download. see Patching and Security Guide..3 . Provides a full-featured service desk Library system for creating and tracking Service Desk Knowledge Base tickets. including iPhones and Dell OpenManage updates. Tickets Users Roles Configuration Reports Classic Reports Schedule Reports Alerts Email Alerts Run pre-packaged reports and report-creating tools to monitor your appliance implementation. Reporting • • • • • 22 Administrator Guide. Version 5.. 3 23 .. When you log on to the Administrator Console. but do not replace.. on page 34 Guided Tours The Guided Tours are tutorials that help you learn more about the KACE K1000 Management Appliance by walking you through some of basic tasks. on page 24 Label. Administrator Guide. The Guided Tours supplement. Version 5. N/A Using Home The Home component includes tabs for: • • • • Guided Tours. on page 24 Summary. • • • • Control Panel K1000 Agent Resources Support Organization (Organizational Management) Global Search N/A Divide your appliance implementation into different logical organizations that you administer separately.Getting Started 1 Component Settings Sub-tabs Used to. the Home component displaying the Summary tab appears by default. Boot Kamp and documentation. Administer your appliance implementation. Search your appliance for terms you enter. on page 33 Search. Summary The K1000 Summary page provides information about the configuration and operation of your appliance. 3 .1 Getting Started The top of the K1000 Summary page provides updated news and popular FAQ information about your Dell KACE K1000 Management Appliance: Below the Summary are dashboard meters and graphs to give you a quick view of your appliance status:. The scales on the Summary page gauges adjust automatically. 24 Administrator Guide. Version 5. and file synchronizations that are enabled.Getting Started 1 Client Check-In Rate Displays the total number of clients that have checked into the server in the past 60 minutes. This also displays the number of alerts that you have configured. scripts.3 25 . Administrator Guide. Version 5. Distributions Displays the number of managed installations. see To configure general settings for the server. For example.1 Getting Started Software Threat Level Displays the various threat levels for software installed on various machines. which can be installed on 1000 machines. For general information about assets and license compliance. License Compliance Displays the number of machines that use a particular licensed software. on page 35. To change this configuration. this software is used by 12 machines. 26 Administrator Guide. freeware) and licenses that are approaching or at 100% usage. Version 5. This display can use different colors for license types that are ignored (for example. see Asset Management Guide. In this example. the following figure displays a licensed software Adobe flash player 9.3 . 3 27 . Managed Operating Systems Displays the various operating systems present in the inventory by percentage as a pie chart.Getting Started 1 Clients Connected Displays the percentage of clients connected to the server. Version 5. Administrator Guide. To view the Summary Details To perform these steps.3 . and then select the View Details button at the bottom of the page: 28 Administrator Guide. Scroll down. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.1 Getting Started Tasks in Progress Displays the total number of tasks in progress on the server. 1. Version 5. 2. Click Home > Summary. The Summary page appears. Summary separated out by distribution method. including a breakdown of the operating systems in use. In addition. Each organization has its own summary details. Administrator Guide. Version 5. Software Statistics Software Distribution The packages that have been distributed to the computers on your network. Summary Section Computer Statistics Description The computers on your network.3 29 . you are notified of it here.Getting Started 1 The K1000 Summary Details page appears: The following sections describe summary details sections. if the number of computers on your network exceeds the number allowed by your Dell KACE K1000 Management Appliance license key. The summary also indicates the number of packages that are enabled and disabled. A summary of the number of software titles that have been uploaded to the Dell KACE K1000 Management Appliance. The software in Inventory. in addition to the numbers of computers scanned. New K1000 Management Appliance installations mostly contain zero or no record counts. The patches received from Microsoft. and total packages downloaded. including the number of IP addresses scanned. The IT Advisory refers to the number of Knowledge Base articles in Service Desk. This also indicates the number of alerts that are active and expired.1 Getting Started Summary Section Alert Summary Description The alerts that have been distributed to the computers on your network.3 . The summary includes the date and time of the last patch (successful and attempted). The summary includes the date and time of the last OVAL download (successful and attempted) and the number of OVAL tests in the appliance. total patches. separated by message type. The results of the Network Scans that have run on the network. The OVAL definitions received and the number of vulnerabilities detected on clients in your network. Apple. Version 5. and number of detected devices that are SNMP-enabled. the record count information is refreshed. As this page is refreshed. Patch Bulletin Information OVAL Information Network Scan Summary To Find Your Software Version The About K1000 link in the lower-left side of the K1000 Management Appliance page brings up KACE software information including: • The software revision level. number of devices discovered. number of services discovered. and so on. 30 Administrator Guide. an alert like this one is displayed on the Home page the next time you log in as Administrator: This section explains how to accept the latest appliance server upgrade. Administrator Guide. Version 5. If a software update is available.3 31 .Getting Started 1 • A list of all of the appliance components that are running: Updating Your Appliance Software Your K1000 Management Appliance checks in with the servers at Dell KACE daily to find out if more recent appliance software is available. For information. and more. Click Edit Mode at the top left of the page. • • Labels—Provide ad-hoc organization of users. Label To find these tabs. About Labels. managed installations. and more according to your needs. software. be sure to select your organization in the Organization drop-down list in the top-right hand corner of the page. However. To upgrade software without using Organizational Management To perform these steps. The Logs tab displays the latest updated files from Dell. 1. 2. 4. based on saved criteria. Smart Labels—Enable you to dynamically group users. Version 5. Click the Check for upgrade button. be sure to select System in the Organization drop-down list in the top-right hand corner of the page. LDAP Labels—Automatic labeling based on LDAP or Active Directory lookup.1 Getting Started For details on how to find your current appliance version. The K1000 Server Maintenance page appears. The K1000 Server Maintenance page appears. on page 31.3 . Click Edit Mode at the top left of the page. You can find the Label tab by going to Home > Label. The Logs tab displays the latest updated files from Dell. see About Smart Labels. software. 3. Click K1000 Settings > Server Maintenance. For information on labels see. See About LDAP Labels on page 209. • 32 Administrator Guide. computers. Click the Check for upgrade button. Click K1000 Settings > Server Maintenance. 2. you can also create labels and smart labels within the other components of the Dell KACE K1000 Management Appliance that use labels. computers. on page 53. 1. on page 60. To upgrade software for Organizational Management users To perform these steps. be sure to select System in the Organization drop-down list in the top-right hand corner of the page. see To Find Your Software Version. Smart Labels work much like Search Folders in Outlook or Smart Folders in Mac OS X. by organization. 3. see Chapter 2: Configuring your Appliance. you need to configure it to fit your company’s needs. Administrator Guide. on page 211. Search You can perform a global search for terms throughout the appliance using the Search tab.3 33 . See Creating an LDAP Label with the Browser. Version 5. starting on page 35.Getting Started 1 • LDAP Browser—Automatically discover information via the agent or to interface with Active Directory or LDAP organizational units. For the rest of the setup instructions. What’s Next Now that your appliance is installed and running. 1 Getting Started 34 Administrator Guide. Version 5.3 . • • • • • • • • To configure general settings for the server. Configuring Local HTTPD. To configure general settings for the server To access some settings. on page 49. on page 47. For details on agent connection settings. Configuring Single Sign-on for multiple appliances. on page 42.3 35 .2 Configuring your Appliance This chapter explains the configuration settings necessary to set up and use your Dell KACE K1000 Management Appliance. on page 40. Version 5. Configuring Network Settings for the Server. The General Settings page appears. 1. on page 49. Troubleshooting Tools. CompanyInstitution Name Click Edit Mode to edit the field values. starting on page 65. on page 51. 2. you need to select System on the Organization drop-down list in the top-right hand corner of the page. Click General Settings. Key configuration settings It is important to properly configure the server settings on the agent before you begin inventorying and actively managing the software on your network. This name appears in every pop-up window or alerts displayed to your users. Configuring date and time Settings of the appliance server. Dell. For example. Configuring Local Routing Tables. on page 35. Administrator Guide. on page 42. Click K1000 Settings > Control Panel. refer to Chapter 4: Agent Provisioning. 4. Configuring Agent Messaging Protocol Settings. Enter the following settings: Enter the name of your company. 3. see Chapter 13: Using Organizational Management. Server crashes are automatically reported. select System on the Organization drop-down list. By enabling the Login Organization drop-down. By enabling Organization Fast Switching. see Chapter 13: Using Organizational Management.0. starting on page 237.0 and 10. For information about Organizational Management. any unsaved changes are lost. change windows. The default is 1. dell. Select the check box to enable your appliance to share data with the AppDeploy Live! web site. Users restart this timer with any action that causes the appliance interface to interact with the appliance server (refresh a window. including any critical messages. 36 Administrator Guide.2 Configuring your Appliance User Email Suffix System Administrator Email Login Organization Drop-down Enter the domain to which your users send email. the value in this field must be between 0. For information about Organizational Management.com. Enter the email address of the appliance administrator. etc. Service Desk windows have Timeout Session counters to alert users of this time limit. Select the check box to enable Organization Fast Switching. Organization Fast Switching Send to Dell KACE Enable AppDeploy Live! Session Timeout: Set the number of inactive hours to allow all users before closing their session and requiring another login. 5. Version 5. Specify the following Agent-Server Task settings: To access these settings. This option is recommended because it provides additional information to the Dell KACE Technical Support team in case you need assistance. This address receives system-related alerts. Only those organizations that have the same user name and password appear in the drop-down.). the static Organization: field at the top right corner of every page is replaced with a drop-down of organizations to which the user has access. For the server to run normally. If the session times out. starting on page 237. Note: The organization field or drop-down only appears if more than one organization is configured. For example. This time limit only counts periods of inactivity. save changes. the empty Organization: field on the Welcome login page will be replaced by a drop-down of the configured organizations. This value indicates the date and time when the appliance Task Throughput was last updated.3 . Current K1000 Load Average Last Task Throughput Update The value in the field depicts the load on an appliance server at any given point of time. Crash reports (Recommended) Select this check box to send reports of any agent crashes to Dell KACE. and the users is presented with the login screen again. Select the check box to enable the Login Organization drop-down. patching updated and execution of scripts. Click Edit Mode to edit the field values. you need to select your organization in the Organization drop-down list in the top-right hand corner of the page. Specify the following User Portal settings if required to customize the User Portal page: Enter a title for the User Portal page.0 and the Last throughput update time is more than 15 minutes. 2. You can adjust the xml report if you need a different layout size. Click Settings > Control Panel. which are specified in the auto-generated XML layout. 6. b. Click Set Options. Enter a description of the User Portal page when accessed through an iPhone. Specify the following Logo Override settings to use your custom logo: a.jpg) Displays on the User Portal login page.jpg) Custom Report Logo (. The General Settings page appears. To configure general settings for your organization To access the next set of settings. 8. Enter a title for the user portal page when accessed through an iPhone. The report image dimensions are 120x32 pixels. Click Edit Mode to edit the field values: Login User Portal (. Scripting Updates. 3. Portal Title Portal Text iPhone Portal Title iPhone Portal Text 7.3 37 . Click General Settings. to save your changes. Displayed at the top of reports generated by the appliance. Specify the following Logo Override settings to use your custom logo: Administrator Guide. 1. 4.Configuring your Appliance 2 K1000 Task Throughput At any given point. The value in this field decides how the scheduled multiple tasks are balanced by the appliance. the appliance has multiple tasks scheduled like Inventory Updates. Enter a description of the User Portal page. Note: The value of the task throughput can be increased only if the value in the field Current K1000 Appliance load Average is not more than 10. Version 5. Click Upload Logo. then your appliance assumes it as a URL. Click Upload Logo. The appliance substitutes the KACE_HOST_IP variable with the target machine IP address and open a new browser window with that URL.exe (Remote Desktop Connection). The actions can execute two different tasks.bmp) 5. • 224x50 pixels is the normal size. The client bmp image is scaled to 20x20 pixels only and cannot be customized to any other size. associate the appropriate actions and then click Set Actions. and opens a new browser window for it. It is displayed on snooze pop-ups. Displayed in the agent. 6. which are specified in the auto-generated XML layout.jpg) Displayed at the top of the User Portal page. so you can access or execute a specified task on the target machine directly from the user interface. The default Machine Action is mstsc. Click next to the target machine IP to ping the machine and click next to the target machine IP to launch a web browser.3 . Click Edit Mode to edit the field values: User Portal (. • 104x50 pixels is shorter and doesn't clip the blue highlight around the Log Out link.2 Configuring your Appliance a. Machine Actions allow setting up of a scripted action that you can perform against individual machines in your environment. because ActiveX is required to launch these programs on the local machine. Some of the actions listed in the Machine Actions drop-down list require Internet Explorer. The Machine Actions can also be programmed for other tasks. If the machine action does not include the string . Specify http://KACE_HOST_IP in command line field for Action #2 Click Set Actions.jpg) Displayed at the top of reports generated by the appliance. KBOXClient (.exe. The report image dimensions are 120x32 pixels. Report (. install progress pop-ups. 38 Administrator Guide. Under the Machine Actions section.exe -t KACE_HOST_IP from the Action #1 drop-down. You can configure two actions by selecting them from the Action Item menu. Click Inventory > Computers. There are 16 pre-programmed actions available. and message windows created by scripts. You can adjust the xml report if you need a different layout size. alerts. . Firefox does not support this feature. They are used to connect to machines remotely. For example: • • • • Select ping. • 300x75 pixels is maximum size that does not impact the layout. Version 5. 9 month. enter IP addresses you would like ignored as the node IP and then click Save List. using DameWare requires you to install TightVNC on your machine as well as on the machine you want to access. and select the amount of time you want to save machine uptime data. You can retain this data forever. on page 26. like a proxy address. This might be appropriate in cases where multiple machines could report themselves with the same IP address. see K1000 Asset Management Guide. List of open ports required Ensure that following ports are not blocked by your firewall. Machine uptime data refers to information about the number of hours each day your nodes are running. 10. 9. For example.Configuring your Appliance 2 Most actions in the Action Icon drop-down list require you to install additional software for them to function. or select 1 month. In the Optional Ignore Client IP Settings section.3 39 . 11. In the License Usage Warning Configurations section. never save it (None). For information about setting up license assets. Click Action #1 or Action #2 next to the target machine on the Inventory > Computers tab to execute the Machine Action. In the Data Retention section. This changes when the alert colors are used in the License Compliance. enter the new values. or 12 month settings. Version 5. These ports are required to access the server. 8. on page 188. 7. Port Number 21 25 80 443 3306 8080 8443 52230 Use To access backup files through FTP If the KACE K1100 Appliance SMTP Server is to be used HTTP SSL To access an appliance database Connects directly to Tomcat Connects directly to Tomcat For agents to connect to the server through AMP Administrator Guide. For more information about power management. click Edit Mode. 3 month. 6 month (default). see About monitoring power use. Click Override Configuration to save. Click Save Settings to save. For example. Caution: Be careful when changing this setting. The network speed setting should match the setting of your local LAN switch. refer to the appliance Administrative Console. which can be the hostname. To configure the Network Settings To access the next set of settings. When set to auto negotiate the system automatically determines the best value. The default value is corp.kace. This requires the switch to support auto-negotiate. K1000 Server (DNS) Hostname K1000 Web Server Name Static IP Address Domain Subnet Mask Default Gateway Primary DNS Secondary DNS Network Speed 40 Administrator Guide. The primary DNS server the appliance uses to resolve hostnames. you need to select System in the Organization dropdown list in the top-right hand corner of the page. The K1000 Network Settings page appears. select System. The default value is 255. Click K1000 Settings > Control Panel. and using the default Hostname and Web Server Name. If fields are grayed out. K1100. If the IP address is entered incorrectly. Total reboot downtime is 1 to 2 minutes—provided that the changes result in a valid configuration. or IP address. 4. Saving any changes to the Network settings on this page forces the Appliance to reboot.3 . The IP address of the appliance server. Version 5. The fully-qualified domain name of the appliance on your network is the value of Hostname concatenated with Domain. K1000.255.2 Configuring your Appliance Configuring Network Settings for the Server The key KACE K1000 Appliance network settings are mostly configured when you log in for the first time. click Edit Mode to edit the field values. The domain that the appliance is on. For example. Nodes connect to the appliance using the Web Server Name. 1.255. From the Organization drop-down list. 5. using the konfig/konfig credentials. An administrator can verify or change these settings at any time. and use the konfig login to correct it. Specify the following settings: We recommend adding a static IP entry for “K1000” to your DNS. The network speed. 2.kace.com The domain that the appliance is on. Otherwise contact your network administrator for the exact setting to be used. Click Network Settings. fully-qualified domain name.0 The default gateway. 3.com. (Optional) The secondary DNS server the appliance uses to resolve hostnames. realm-based authentication. Administrator Guide. Version 5. To set SMTP Server. Enter the port for the proxy server.Configuring your Appliance 2 6. on page 51. select the Use Proxy Server check box. if necessary: Proxy Type Proxy Server Proxy Port Proxy (Basic) Auth Proxy Username Proxy Password Enter the proxy type. and then specify the following proxy settings. Set the external SMTP Server. For more information on how to use Network Utilities. The server named here must allow anonymous (non-authenticated) outbound mail transport. b. perform the following steps: a. Enter the password for accessing the proxy server. The mail server must be configured to allow relaying of email from the appliance without authentication. to enable email notifications through this SMTP server. The default port is 8080. The appliance includes support for a proxy server. Select the check box to use the local credentials for accessing the proxy server.3 41 . which uses basic. Enter the user name for accessing the proxy server. For information about the Enable Help Desk POP3 Server setting. see the Service Desk Administrator Guide. you must add the IP address of the appliance on the exception list of the proxy server. You can test the email service by using Network utilities. Ensure that your company’s network policies allow the appliance to contact the SMTP server directly. To set Network Server Options. Click Save to save the Network Server options. To set the proxy server. refer to Troubleshooting Tools. either HTTP or SOCKS5. select the Use SMTP Server check box. and then enter the SMTP Server name in the SMTP Server box. which prompts for a user name and password: If your proxy server uses some other kind of authentication. Enter the name of the proxy server. 7. 3 . you can specify a whitelist of hosts that 42 Administrator Guide. Label Destination Netmask/CIDR Gateway Select the Green Plus Sign (+) to add settings. 9. but many users are located in California. Once an IP address or Domain Name has been added to the white list. A warning will appear indicating the Apache service needs to be restarted.255. 3. All others will be blocked. 4. Using the local routing feature. Version 5. As an example of when this might be used. consider the following: The KACE K1000 Appliance is physically located in an office in Texas. so that it could host the California clients as well as the Texas clients. Click OK to continue. From the Organization drop-down list.2 Configuring your Appliance Configuring Local Routing Tables Local routing tables allow the KACE K1000 Appliance to route traffic through multiple gateways on a network.240. Using this feature. 1. Enter the IP address for the router that actually routes the traffic between the KACE K1000 Appliance and the destination network. The K1000 Local Route Configuration page appears. Netmask/CIDR is applied to the host (for example. 8. Click the Save Changes button to save all changes. only that IP or Domain can access that page. you need to select System in the Organization dropdown list in the top-right hand corner of the page. To configure Local Routing Tables To access the next set of settings. select System. Click K1000 Setting. Click the Green Plus Sign (+) to add additional settings. 7.” Configuring Local HTTPD The Local HTTP Configuration feature in the KACE K1000 Appliance helps you to manage adminui/userui/systemui pages. Enter the IP address or Network for the destination with which you want your KACE K1000 Appliance to communicate. 5.0"). Click Local Routing Table. "/24". the Appliance could be pointed to the network in California. 6. The KACE K1000 Appliance would be serving the client machines on the Texas IP subnet. "255. Specify the following settings: Enter a name/label for the route. Click the Save button to add this setting. Enter the “netmask” of the specified network. 2. 6. Click the Save Changes button to save all changes. only that IP or Domain can access that page. access to the adminui/userui/systemui pages will be restricted according to your settings. From the Organization drop-down list. you need to select System in the Organization dropdown list in the top-right hand corner of the page. 5. 8. The K1000 Local HTTPD Configuration page appears. Userui Allow List—This is a white list of who can log in to the http://kbox page. Once saved. 1. All others will be blocked. Click K1000 Settings.Configuring your Appliance 2 are allowed access.3 43 . 3. Click the Save button to add this setting.” Administrator Guide. Click OK to continue. select System. 4. Select the Green Plus Sign (+) to add settings. Version 5. 2. Systemui Allow List—This is a white list of who can log into the http://kbox/ systemui page. the Netmask/CIDR provides a finer-grained subnet control. This can be any of the following: Directive IP Address/ Domain Name • • • A (partial) domain name A full IP address Partial IP address Netmask/CIDR Along with a network.” indicating the host should be allowed access. A warning will appear indicating the Apache service needs to be restarted. The default for this field is “Allow. Once an IP address or Domain Name has been added to the white list. 7. To configure Local HTTPD To access the next set of settings. 9. Click the Green Plus Sign (+) to add additional settings. Click Local HTTPD Configuration. Specify the following settings for the following • • • Adminui Allow List—This is a white list of who can log into the http://kbox/ adminui page. If you do not want to expose the appliance SNMP data. Offbox DB Access. Select the SSH Enabled check box to permit someone to login to the appliance using SSH. Click Security Settings. d. SSL. To enable SSL. Version 5. If your private key has a password. 4. 44 Administrator Guide. Clear the Enable database access check box. To configure Security Settings To access the next set of settings. Nightly the appliance creates a backup of the database and the files stored on it. c.2 Configuring your Appliance Configuring Security Settings for the Server Security Settings are not mandatory but are required to enable certain functionalities like Samba Share. Click Edit Mode to edit the security settings fields. you must reboot the appliance to make the changes take effect. Enable this feature to upload backup files using FTP. Contact KACE support if you have this issue. To use any of the Security Settings features. The K1000 Security Settings page appears. You access these files using a read-only FTP server. 3. 1. 2. you need the correct SSL Private Key file and a signed SSL Certificate. If you change any security settings. and disable the FTP server. you need to select System in the Organization dropdown list in the top-right hand corner of the page. turn off this option. If you do not need this feature.3 . Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears. In the General Security Settings area. If you do not want to expose the database in this way. SNMP is a network/appliance monitoring protocol that is supported by many thirdparty products. turn off this option. and FTP access on the appliance server. The appliance database is accessible via port 3306 to allow you to run reports using an off board tool. you can turn off this option. e. b. SNMP. SSH. specify the following security settings: a. Clear the Enable SNMP monitoring check box. which allows you to create a process on another server that pulls this information off the appliance. it will prevent the appliance from restarting automatically. like Access or Excel. This feature is useful if your backup files are too large for the default HTTP mechanism (browsers timing out). you must enable them. Select the Enable backup via ftp check box. Clear the Make FTP Writable check box. In the Samba Share Settings area. to save the changes and reboot the appliance. If you disable port 80. Refer To generate an SSL Certificate. For ease of agent deployment. Clear the Enable port 80 access check box. SSL settings should only be adjusted after you have properly deployed the appliance on your LAN in non-SSL mode. 6. Certificates should be supported by a valid Certificate Authority. Dell recommends that this file server only be enabled when performing node software installs. unless Enable port 80 access check box is cleared. Select the SSL Enabled on port 443 check box to have nodes check in to the appliance server using https. select the Enable Organization File Shares check box to allow each organization to leverage the appliance's client share as an install location for the node. Click Set Security Options. The files must be in Privacy Enhance Mail (PEM) format. If you are enabling SSL. If you have your own SSL certificate and SSL private key. on page 45. the standard Agent installers attempt to contact the appliance via port 80. click Edit Mode to edit the field values. you need to select System in the Organization dropdown list in the top-right hand corner of the page. b. Administrator Guide. The appliance has a built-in windows file server that can be used by the provisioning service to assist in distributing the samba client on your network. In the Set SSL Private Key File field. leave port 80 active. if required: a. You can load SSL certificates into the appliance by any of these two methods: • • You can click Open SSL Certificate Wizard and follow the step by step procedure to load the SSL certificates. Once you switch over to SSL. contact KACE Support to adjust the agent deployment scripts to handle SSL. By default. similar to those used by Apache-based Web servers and not in the PCKS-12 format used by some Web servers.3 45 . specify the following SSL settings. this is a one-way automatic shift for the nodes. you will need to identify the correct SSL Private Key File and SSL Certificate File. after getting the server configuration. They must be reconfigured manually if you later decide not to use SSL.Configuring your Appliance 2 5. Version 5. port 80 continues to be active. When you activate SSL. browse to the SSL Private Key file and browse to the signed SSL Certificate. A properly signed SSL Certificate is required to enable SSL. and then switch to SSL over port 443. Contact Dell KACE Technical Support if you want to enable SSL on your appliance. in the Set SSL Certificate File field 7. It is possible to convert a PCKS-12 certificate into a PEM format using software like the OpenSSL toolkit. To generate an SSL Certificate To access the next set of settings. In the Optional SSL Settings area. Enter the name of your State or Province. Retain these two files for your own records. The K1000 Security Settings page appears. 3. Enter the name of your organization. and then send it to the person who provides your company with web server certificates. The certificate and private key for SSL are not included in the appliance’s nightly backups for security reasons. Click Security Settings. Do not send the private key to anyone. Click Edit Mode to edit the fields and specify the following: Enter the name of your country. 4. The K1000 Settings: Control Panel page appears. Your Private Key is displayed under Private Key field. Click Set CSR Options. 6. Version 5. 2.3 . The K1000 Advanced SSL Settings page appears. It will be deployed to the appliance when you upload a valid certificate and subsequently click Deploy. Enter your email address. Click Deploy to deploy the certificates and turn on SSL on the appliance. It is displayed here in case you want to deploy this certificate to another web server. Enter a common name of the appliance you are creating the SSL certificate for. Click Open SSL Certificate Wizard. Click OK to reboot the appliance. You need to copy the text between the lines “----BEGIN CERTIFICATE REQUEST----. Enter your locality name. This certificate will not be accepted by any nodes until it is added into the trusted certificate database on every machine running the client. 7. Enter the name of unit your organization belongs to. The SSL certificate is generated. 46 Administrator Guide.and -----END CERTIFICATE REQUEST-----” along with these lines. Click Create Self Signed Certificate and for Deploy to be displayed. Click Create Self Signed Cert. Click K1000 Settings > Control Panel. Your Certificate Signing Request is displayed in the field below the Set CSR Options button. Country Name State or Province Name Locality Name Organization Name Organization Unit Name Common Name e-mail 5.2 Configuring your Appliance Generate an SSL certificate using the wizard as follows: 1. Click Agent Messaging Protocol Settings. The K1000 Settings: Control Panel page appears. and communications components to perform optimized realtime communications for control of systems management operations. 1. you need to select System in the Organization dropdown list in the top-right hand corner of the page. Version 5. AMP provides: • • • • Persistent connection between the appliance Server Server driven inventory updates Higher scalability in terms of number of nodes supported on one K1000 Server Better scheduling control and reliability These settings are specific to the AMP infrastructure and do not affect other appliance configuration settings or runtime operations. Administrator Guide. Exercise caution when changing these settings and contact Dell KACE Technical Support for any questions regarding these parameters. AMP includes server. To configure Agent Messaging Protocol Settings To access the next set of settings.3 47 . Changing these settings will temporarily interrupt communications between the appliance and the agents. Click K1000 Settings > Control Panel. 2.Configuring your Appliance 2 Configuring Agent Messaging Protocol Settings Agent Messaging Protocol (AMP) is the appliance Communications Protocol used by the server with its respective agents. client. The K1000 Agent Messing Protocol Settings page appears. These settings control both the runtime state of the AMP server and also the operational state of the agent. 3 .” Allow inbound Protocol Port 52230 to the appliance server. (That is. For the Agents to connect to the appliance SERVER using AMP. 4.) Example of an OUTBOUND restriction: “Windows XP Firewall blocking outbound port 52230”. You can click Restart AMP Server to restart the AMP server without saving the settings. Note: Before you can choose this setting. you must have the AMP Protocol Port 52230 open and available OUTBOUND. Version 5. Enable SSL for AMP Select the check box to enable SSL for AMP.2 Configuring your Appliance 3. This can be configured in your Filter/Firewall Software or Hardware as an allowed OUTBOUND Exception. you must update the ALLOWED OUTBOUND/INBOUND port on your filter/firewall. Server Port Specify the General Settings: Specify the Server Port. it must have the AMP Protocol Port 52230 open and available INBOUND to the appliance IP ADDRESS. 48 Administrator Guide. you must enable SSL as described in step b on page 45. The activation of SSL is for AMP Only. Allow outbound Protocol Port 52230. Restarting the AMP Server will not restart the appliance. 5. For the SERVER to accept connections via AMP. Note: If you change the default AMP Port of 52230. (That is.) Example of an INBOUND restriction: “A NAT Firewall such as Cisco or SonicWall blocking INBOUND port 52230 to the K1000 IP ADDRESS. The check box must be selected to activate SSL over AMP even though the general appliance settings may have SSL enabled already. The AMP Server on the appliance SERVER will listen on port 52230 (default). This allows the separate configuration of AMP traffic to be un-encrypted even though all other appliance communication is SSL encrypted. the agent must be able to connect through this port number OUTBOUND without restriction from any OUTBOUND filter/firewall. the appliance SERVER must be able to accept connections through this port number INBOUND without restriction from an INBOUND filter/firewall. Click Save and Restart AMP Server to the save the settings and restart the AMP server. This can be allowed through a One-to-One Inbound NAT Policy. Enable Select the check box to enable different levels of “server” debug/logging to the server's Server Debug log file. After saving changes. Once appliances are linked. You can link all Dell KACE K1000 Management Appliances. Time Zone Automatically synchronize with an Internet time server Set the clock on the K1000 manually 5. Configuring Single Sign-on for multiple appliances The Single Sign-On feature (appliance linking) enables users to authenticate once and gain access to and run multiple appliances. To configure Date & Time settings To access the next set of settings. The K1000 Settings: Control Panel page appears. Enter the time server in the text box. Click Set Options to set the date and time settings. you need to select System in the Organization dropdown list in the top-right hand corner of the page. When updating the time zone. Click Edit Mode to edit the field values. you can sign on to one of them and gain access to the others without having to re-login into each appliance individually.3 49 . The K1000 Date & Time Settings page appears. the appliance web server will be restarted in order for it to reflect the new zone information.Configuring your Appliance 2 Configuring date and time Settings of the appliance server Keep the time of the appliance accurate as most time calculations are made on the server. Click K1000 Settings > Control Panel. this page will automatically refresh after 15 seconds. Version 5. but you cannot transfer resources or information between them using this feature. For example: time. 3. 1. 2.com Select the check box to manually set the appliance clock. Click Date & Time Settings. Select the appropriate time and date from the drop-down lists. Administrator Guide. Specify the following information: Select the appropriate time zone from the drop-down list. You can run multiple appliances from the same appliance console.kace. 4. Select the check box to automatically synchronize the appliance time with an internet time server. Active connections may be dropped during the restart of the web server. To link appliance so you can run them from the same console. you are redirected to the Linking K1000 Appliances Settings page when you click the Manage Linked K1000 Appliances link. If appliance linking is not enabled. Once linking is enabled.3 . The default is 10 seconds. This procedure involves copying the K1000 Friendly Names and linking keys from one appliance to another. Enter the number of minutes to keep the link open. Other appliances use this name to select this appliance. Enabling linking creates appliance names and linking keys. Click Set Options to save link settings. on page 50. copy these to a central location. return to the Control Panel page and select Manage Linked K1000 Appliances to configure remote appliances. Copy the appliance names and linking keys between the appliances to link using the instructions in To enable linking of appliances for single sign-on. you need to select System in the Organization dropdown list in the top-right hand corner of the page. An SSL connection is only available if you have enabled SSL on all K1000 Management Appliance you are linking. you can make the link an SSL connection for added security. logical name for this appliance. 4. Enter the number of minutes this server waits for a remote appliance to respond to a linking request. Version 5. To save time. 2.2 Configuring your Appliance • • Start by enabling linking on each appliance with the instructions in To enable linking of appliances for single sign-on. 1. you need to provide login credentials when switching to a linked appliance. Friendly Name (this server) Remote Login Expiration Request Timeout 5. When this time period expires. 50 Administrator Guide. Click the Enable Dell KACE Appliance Linking check box to enable the linking. 3. you need to select System in the Organization dropdown list in the top-right hand corner of the page. Click Edit Mode. To link appliances for single sign-on To access the next set of settings. Optionally. The K1000 Settings: Control Panel page appears. Click Linking Dell KACE Appliances Settings. To enable linking of appliances for single sign-on To access the next set of settings. The K1000 Linking Dell KACE Appliances Settings page appears. Click K1000 Settings > Control Panel. The Manage Linked Appliances page appears after you enable linking. The default is 120 minutes. Enter a unique. 6. and repeat these steps to add the Host Name and Linking Key to it. You can now switch among the linked appliance consoles using the Org: drop-down menu on the upper right side of the appliance user interface. The K1000 Linking Dell KACE Appliances Settings page appears. The Linking K1000 Appliances page appears. Enter the K1000 Friendly Name and the Linking Key of the appliance that you are establishing the link to. Version 5. Clear the Enable Dell LACE Appliance Linking check box. on each appliance that you want to link with. you need to select System in the Organization dropdown list in the top-right hand corner of the page. the Test Connection option appears. you can still switch to and control that appliance until you log off and log in again from the appliance Server. click Add New Item. 1. The K1000 Settings: Add Linked Appliance page appears. 4.Configuring your Appliance 2 1. 7. Click Set Options. the newly updated linked appliances appear on the Organization drop-down list of the Home tab. In the Choose Action menu. Click K1000 Settings > Control Panel > Manage Linked Dell KACE Appliances. 3. on page 50. Click Test Connection to verify the connection between the two linked appliances. 5. When you re-login into the first appliance. Click Edit Mode to make this page editable. Click K1000 Settings > Control Panel. Click Set Options. To disable appliance links To access the next set of settings.3 51 . The K1000 Settings : Control Panel page appears. 3. the Connection Successful message is displayed. Troubleshooting Tools The Troubleshooting Tools page contains tools to help administrators and Dell KACE Technical Support to troubleshoot problems with this appliance. If the settings are configured correctly. 2. 2. 5. Log on to the other appliance you are creating the link for. Administrator Guide. After you click Save. 4. After a appliance link is deleted. Follow the instructions in To enable linking of appliances for single sign-on. Click Linking Dell KACE Appliance Settings. The Troubleshooting Tools page appears. Enter the IP Address in the text box. 1. Dell KACE Technical Support may request the troubleshooting logs to help in troubleshooting some issues. • 52 Administrator Guide. 4. The K1000 Settings: KACE Support page appears. Select the appropriate network utility from the drop-down list. To use Network Utilities To access the next set of settings. The Troubleshooting Tools page appears. Select the Enable Tether check box under the KACE Support Tether to allow Dell KACE Technical Support to access your appliance. 3. Click Edit Mode.3 . 5. Click Test. you need to select System in the Organization dropdown list in the top-right hand corner of the page. 6. • You can download K1000 Troubleshooting Logs. Click the click here link to download troubleshooting logs. Click Troubleshooting Tools.2 Configuring your Appliance To access the K1000 Troubleshooting Tools page Click Settings > Support > Troubleshooting Tools. Click K1000 Settings > Support. Enter the key supplied by Dell KACE in the text box. 2. You can use Network Utilities to test various aspects of this appliances network connectivity. Dell KACE Technical Support will provide you a key when this type of support is required. Version 5. What’s Next. for example. on page 60. starting on page 209. Label Groups are strictly for organizational purposes. For example. distribution packages. the labels assigned to that group have only the type Patches available. About Labels Labels can be used to organize and categorize computers. on page 63. and how your Dell KACE K1000 Management Appliance uses them. Labels can be manually or automatically applied through LDAP or Smart Labels. the other types are grayed out. see Chapter 11: LDAP. items can be managed on a per-label basis. categorizing computers. people. and setting the permission levels of users. • • • About Labels. and locations. All items that support labeling can have none.3 Labels and Smart Labels This chapter gives an overview of Labels and Smart Labels. Labels are intended to be used in a flexible manner. to the labels they contain. You can use labels. Capabilities include: • Label groups can pass their type.3 53 . For information on LDAP Labels and the LDAP Browser. setting up the geographic relationships. or multiple labels. if a Label Group is restricted to Patches. They cannot be targeted for Patching jobs or Managed Installations. such as the “View By” function in the Computer Inventory page. Label Groups pass their type restrictions to the labels they contain. with patching. Version 5. and how you use labels is completely customizable. You can also organize labels with Label Groups. About Smart Labels. Label types include: • • • • • • • Computer inventory IP Scan Inventory Processes /Startup Items / Services Software Patches Dell Update Packages Users Once included in a label. on page 53. software. Administrator Guide. one. such as Patches or User. 3 Labels and Smart Labels • You can associate labels with one or more Label Groups. (Be sure to select your organization first using the Organization menu in the top-right corner of the page. You can find the Label tab by going to Home > Label. To create a hierarchy.) You can also create Labels and Smart Labels in the other components of the appliance that use labels. you can: • • • • • Create Labels (which is also done in other parts of the interface) Create Label Groups (or nested labels) Edit Label Groups Delete Labels or Labe Groups Show or Hide Label Groups 54 Administrator Guide. In fact. membership in one Label Group does not preclude membership in another Label Group. see To create a Smart Label. Label groups do not create a functional hierarchy of labels. on page 62. Version 5. For more information. you can restrict the deployment of a script to nodes that belong to particular labels. you can see a label selection list. on page 61 and To change the Smart Label Run Order. which you use to constrain an action to a one or more labels.3 . In many areas of the appliance user interface. Label Groups can be a member of another Label Group. Managing Labels In Label Management. you can make a label dependent on other labels by using Smart Labels to change the order in which labels are processed. For example. see About LDAP Labels. The associated with a Smart Label. For example. on page 209. You can click on the numbers under the categories to see what the members are. Microsoft Office Proof is also associated with a Smart Label. icon means that the label is • • • • The laptops label is a machine label that contains only one item. Licenses contains one label. It is also in the Label Group. This label is associated with a Smart Label that adds any computer with the chassis type laptops to the Smart Label.2 label belongs to the Licenses Label Group. For information about LDAP labels. FrameMaker 7. they will be added to the label.Labels and Smart Labels 3 Viewing Labels Select Label Management to view labels created. in the following screenshot: • The FrameMaker 7.3 55 . If any more laptops are purchased. for example. Viewing Computer Details by Label After you have created a Computer label. portal packages. and users associated with the label Administrator Guide. Microsoft Office Proof has four members—until more copies of Office Proof are purchased. and there are two items in the label. you can view details about the computers on your network that belong to that label. Licenses. so it is a Label Group. Version 5.2 is a software label. From the Label Detail view. you can see: • • • • The IP addresses and machine names of the computers in the label The number of Managed Installations and File Synchronizations deployed to the label The number of network scans and scripts run on the machines in the label The number of alerts. MemberOfBuildingA and MemberOfFinancesGroup have the icon for an LDAP Label. 1. click the + sign beside the section headers to expand or collapse the view. 3. In the Labeled Items section. 56 Administrator Guide. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 2.3 . To view label details To perform these steps. Version 5. Click Home > Label. and click Label Management. Click the linked name of the label you want to view. The Labels: Edit Detail page appears.3 Labels and Smart Labels • The number of filters and replication shares associated with the label. Click Home > Label and select Label Management. Click OK. be sure to escape the backslash with another backslash. 8. on page 89. Avoid using backslashes (\) in Label names. 5. Click Home > Label. To delete a label To perform these steps. restrict it to that. Version 5. You can also add or edit them under Label Management. If you defined KACE_ALT_LOCATION. You can delete a label in its edit page. and click Label Management. 9. For example. If you have large numbers of labels. refer to Adding Computers to Inventory. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.Labels and Smart Labels 3 To add or edit a new label To perform these steps. See To create a Label Group. For an another example on how to manually apply labels. 1. For example. click Add New Label. scripts check here for dependencies. 2. if the label is for software. Click OK in the confirmation window. On the Label : Edit Detail page. (Optional) Under Restrict Label Usage To. click Delete Selected Item(s). select an appropriate category. In the Choose Action menu. include the labels of your licensed software in a software Label Group named Licenses.3 . enter a descriptive title. If KACE_ALT_LOCATION is used. on page 59 4. (Optional and for Computer labels) Enter a value for KACE_ALT_LOCATION. you can also: 1. 3. 4. From the Choose Action menu. You can add or edit labels from most places in the user interface. you can use Label Groups for organization. Click the check box for the label. See To create a Label Group. 6. Click Save. specify the User Name and Password for it. If you have large numbers of labels. 3. this value is not used. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. If used. (Optional) Select a Label Group. Typically. 57 Administrator Guide. consider putting them in a Label Group. 2. 7. on page 59. As well as organizing labels. Label Groups share their types with the labels they contain. To view Label Groups To perform these steps. The following illustration shows the Label Group type inherited by the label from the Label Group. 58 Administrator Guide. Click Home > Label. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. and click Label Management.3 Labels and Smart Labels About Label Groups You can organize long lists of labels by putting them in Label Groups. a label can be associated with more than one Label Group. Not only can a Label Group include multiple labels. Version 5. 1.3 . enter the name of the Label Group in the Name field. the MS Office Home Smart Label is associated with the Licenses Label Group. select the respective label check boxes before selecting Add New Label Group. do the following: 2. To create a Label Group To perform these steps. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. click Add New Label Group. click Show Label Groups. and click Label Management. Administrator Guide. 5. 6. Version 5. In the Choose Action menu. restrict it to that. the Smart Label MS Office Home is selected. (Optional) Enter any notes about this Label Group.3 59 . 2. For example. 3. select an appropriate category. Click Home > Label. and click Label Management. In the Label Group : Edit Detail page.Labels and Smart Labels 3 If you see Label Name [groups hidden]. To apply a label to a Label Group To perform these steps. You can hide Label Groups by clicking Hide Label Groups. 7. if the label is for software. click Apply Label Group. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. (Optional) Use the Assign to Label Group option to assign this Label Group to another Label Group. (Optional) Use the Restrict Label Usage To. You can put Label Groups within other Label Groups. 2. In this example. In the Choose Action menu. 1. To include existing labels in the Label Group. In this example. Select the check box for the label with which you will work. Click Home > Label. Click Save. 3. You organize labels by putting them in Label Groups: 1. 4. In the Choose Action menu. delete its member labels. 3. Smart Label types include: • • • Dell Package Smart Label IP Scan Smart Label Machine Smart Label 60 Administrator Guide.3 Labels and Smart Labels To delete a Label Group To perform these steps. 6. click Delete. Click the recycle bin and OK Click Save. 5. In the Label Selection window. Version 5. 1. 2. The Label Group : Edit Detail page appears. You can view the list of available Smart Labels from the Home > Label > Smart Labels tab.3 . Expand the Labels under Labeled Items. Your appliance allows you to create specific types of Smart Labels. In the Assign to Label Group section. Before you delete a Label Group. and click Label Management. About Smart Labels Smart Labels enable you to dynamically apply a label based on a search criteria. Click the name of the Label Group. Click the name of the label to open its Edit Detail page. click Edit. 8. select the name of the Label Group from step 2. Click Home > Label. When you have removed all labels from Label Items of the Label Group. 9. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 7. 4. 3. choose or enter the label to associate with the Smart Label. if you selected Software Smart Label. Software Smart Labels are applied in the following ways: • • If a specific software Smart Label is edited using Home > Label > Smart Labels. You can also create a Smart Label in every component where you use them. Go to Home > Label. Click Create Smart Label. it is reapplied to all software. 4. see. You can also add a new software Smart Label or change the order of Smart Labels by going to Home > Label > Smart Labels. 1. The Create Smart Label tab appears for the type of label that you selected. 6. From the Choose label list. whenever machines with software that meets the specified criteria check into your appliance. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. For more examples of using Smart Labels. Click Test Smart Label to view the results. For example. 2. click the type of Smart Label you want to create. Administrator Guide. the software is automatically assigned to the associated Smart Label. To edit a Smart Label To perform these steps. All Smart Labels are reapplied to a software item when it is updated on Inventory > Software.Labels and Smart Labels 3 • • Patch Smart Label Software Smart Label You can also change the order of your smart labels or delete them from the Smart Labels page. and To dynamically identify the network scan results. To create a Smart Label To perform these steps. on page 86. and click Smart Labels.3 61 . From the Choose Action menu. 5. Now. Deleting a Smart Label does not delete the label associated with it. Creating Smart Labels for Computer Inventory. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. the criteria just apply to software. Specify the search criteria using the available fields. Version 5. on page 123. Go to Home > Label. software. Click Duplicate to create a new Smart Label with same SQL code.3 Labels and Smart Labels You can find all Smart Labels in the Home component. you can only reassign it to a new label. and click Smart Labels. You can also edit Smart Labels within the components that they belong to. Select one of these options from the Choose Action menu: • • • • • Order Dell Update Smart Labels Order IP Scan Smart Labels Order Machine Smart Labels Order Patch Smart Labels Order Software Smart Labels The order Smart Labels page appears for the type of Smart Label. on page 54. Click Save. The Smart Labels page appears. 3. 1. The Smart Labels page appears. listing all of that type. Item Type Assigned Label Label Notes SQL Specifies the type of Smart Label. When you click Duplicate to create a new Smart Label with the SQL code. To change the order in which Smart Labels: 1. for example.3 . Displays the query in SQL (Structured Query Language). Contains a drop-down list from which you choose the label you want to assign. To change a Smart Label’s order value. For more information on editing labels. depending on the type of Smart Label. if entered in the Notes field. The Smart Label : Edit Detail page shows the following information. 62 Administrator Guide. refer to Managing Labels. Version 5. Select a Smart Label Name. Displays notes relevant to the label. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. This field does not show when the Details link is selected. and click Smart Labels. click the icon next to it. 2. Click Details to edit label details. To change the Smart Label Run Order To perform these steps. Go to Home > Label. 2. 3. starting on page 83. 4. What’s Next Many organizations use labeling with their software and hardware inventories. Version 5. For more examples of using labeling. Smart Labels have a default order value of 100. Click Save.3 63 .Labels and Smart Labels 3 Smart Labels with smaller values execute before those with larger values. see Chapter 5: Managing Software and Hardware Inventories. Administrator Guide. Version 5.3 .3 Labels and Smart Labels 64 Administrator Guide. See Enabling file sharing on page 67. Using the Provisioning Results Page. You can deploy the Agent on multiple machines simultaneously by creating a configuration that identifies a range of IPs to target. 1. K1000 Agent Update. 2. Administrator Guide. Using the Provisioned Configurations page. on page 65. Managing K1000 Agent Tasks. on page 80. on page 73. Preparing to provision the Agent. on page 310. Support contains white papers. Overview of first time Agent provisioning Agent Provisioning helps you to easily deploy the K1000 Management Appliance Agent software on your network. on page 78. on page 69. Using the Provisioned Configurations page. and a Knowledge Base.3 65 . Version 5. on page 75. on page 68. File share on the K1000 Management Appliance must be enabled. Advanced Provisioning. on page 66. Dell KACE Support is a good source for additional information and help for Agent Provisioning. AMP Message Queue. on page 77. • • • • • • • • • • • • Overview of first time Agent provisioning. System requirements for Agents. Single Machine Provisioning. articles. on page 76. Information about the data collected by the Agent for each computer is located in Information collected by the Agent. on page 67.4 Agent Provisioning The Agent Provisioning feature enables you to directly install the Dell KACE K1000 Management Appliance Agent onto machines in your environment. A provisioning configuration identifies one or more IP addresses for the first time deployment or removal of the Agent. K1000 Agent Settings. on page 73. The procedure for Agent provisioning depends on the operating system. If the Agent is not detected.4 Agent Provisioning 3. See Appendix E: Manually Deploying Agents. 4.3.6 Intel Mac OS X 10. Version 5.3 .5 Intel and PowerPC Mac OS X 10.1 or later to 5. then it will remotely install the Agent directly from the appliance. 66 Administrator Guide.4 Intel and PowerPC • Upgrades supported: Supports upgrading from Agent version 5. Linux. System requirements for Agents System requirements to install the Agent are: • Windows: • • • • • • • Windows 7 (32-bit and 64-bit) Windows Vista (32-bit and 64-bit) Windows XP (32-bit and 64-bit) Windows Server 2008 (32-bit and 64-bit) Windows Server 2008 R2 (64-bit) Windows Server 2003 (32-bit and 64-bit) Windows 2000 Server (32-bit) • • Linux: Red Hat Enterprise Linux (RHEL) 3. and Macintosh platforms. The target IP address is tested for the existence of an Agent. 4. starting on page 301. and 5 (32-bit and 64-bit) Macintosh®: • • • Mac OS X v10. You can also deploy the Agent manually on Windows. Click Save Samba Settings. the following configuration settings are required: • Windows XP: Turn off Simple File Sharing. If Simple File Sharing is enabled. Preparing for Windows Platform provisioning For Windows platform installations. Provisioning requires standard file sharing with its associated security. 2. Select the File Share Enabled checkbox.Agent Provisioning 4 Preparing to provision the Agent You must perform the steps in this section before provisioning the Agent. (Optional) Enter a password for the user share.3 67 . go to Settings > Control Panel. you must enable file share for each organization. 5. you must enable the K1000 Management Appliance file share. 3. 6. If you have multiple organizations. In the Dell KACE Management Center. Enabling file sharing To activate the provisioning functionality. Administrator Guide. In the Samba Share Settings section. For information on how to do this. click Edit Mode. The K1000 Settings: General page appears. Version 5. see the Microsoft Support web site. 4. You can access the provisioning installers on the appliance at: \\k1000_name\client\agent_provisioning where k1000_name is the hostname of your appliance. 1. a LOGON FAILURE occurs because simple file sharing does not support administrative file shares and the associated access security. Click General Settings. 4 Agent Provisioning • Windows Firewall: If turned ON, you must enable File and Print Sharing in the Exceptions list of the Firewall Configuration. The appliance verifies the availability of ports 139 and 445 on each target machine before attempting to execute any remote installation procedures. Vista and Windows 7: • • Provide Administrative credentials for each machine. Configure User Account Control (UAC) in one of two ways: • • Turn UAC off. Set User Account Control : Run all administrators in Admin Approval Mode to Disabled. • From the Advanced sharing settings page, turn on network discovery and turn on file and printer sharing. Ports 139 and 445 along with File and Print Sharing are required only for Agent distribution. Administrative credentials are only needed for installation of the Agent. The Agent runs within the context of the Local System Account, which is a built-in account used by the Windows operating system. Once the Agents are installed and communicating with the appliance you can turn off access to these ports and services. After installation, the Agent uses port 52230. Single Machine Provisioning Single Machine Provisioning option provides an easy way to deploy the Agent technologies for the first time. Single Machine Provisioning assumes some default values for settings such as TCP ports, time outs, appliance server name, and so on. To deploy the Agent on a single machine 1. Go to Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Single Machine Provisioning. The Single Machine Provisioning page appears, including the Agent version. 3. 4. 5. 6. 7. 8. 9. 68 Enter the Target IP. Select Install Agent. Select the operating system of the Agent. (Windows Only) Enter the domain or workgroup for the user name you enter below. Enter a user name that has the necessary privileges to install the Agent. Enter the password for the account. Click Run Now. Administrator Guide, Version 5.3 Agent Provisioning 4 The system saves the configuration with a default name as Simple Provisioning - IP Address and then runs the configuration against the targeted IP. The Provisioned Configurations page appears where the newly created configuration is displayed. Advanced Provisioning Advanced Provisioning provides the ability to provision the Agent to multiple computers. Overview of Advanced Provisioning The following steps describe how to do Advanced Provisioning: 1. Select the type of provisioning: • • • 2. 3. Auto Provisioning: provides the ability to define an IP range. Manual Provisioning by IP: allows you to specify IP addresses manually and also pick machines from IP Scan and Inventory. Manual Provisioning by Hostnames: allows you to enter hostnames manually. Set the General Settings according to the type of provisioning (described in the previous step). See next section (To use Advanced Provisioning, on page 69). Set the platform settings, as described in: • • To provision Windows platforms, on page 71. To provision Unix (Linux or Mac OS X) platforms, on page 72. 4. Schedule the provisioning. See To schedule Agent provisioning on page 72. To use Advanced Provisioning 1. Click Settings > K1000 Agent > Advanced Provisioning. The Advanced Provisioning page appears. 2. Under General Settings, select the type of provisioning you wish to do: • • • Auto Provisioning Manual Provisioning by IP Manual Provisioning by Hostname Administrator Guide, Version 5.3 69 4 Agent Provisioning 3. Enter the information shown in the following table: Specify a unique configuration name to differentiate between different configurations. Auto Provisioning Config Friendly Name Provisioning IP Range Enter an IP or IP range. Use hyphens to specify individual IP class ranges. For example: 192 168 2-5 1-200 Manual Provisioning by IP Target IPs Enter a comma-separated list of IP addresses for the target computers. The Help me pick machines link aids in adding machines to the Target IP list: • Provisioning IP Range: use hyphens to specify individual IP class ranges. For example: 192 168 2-5 1-200. After specifying a range, click the Add All button. • IP Scan Computer: this drop-down list is populated from the Network Scan Results. • Inventory Computers: this drop-down list contains all the inventoried computers. The following list describes the available functions: • Click a computer in the list to add it to the Target IP field. • Filter: filters by character. For example, entering “lib” would display computer names in the list such as Library-1, Library2, and so on. • (n) indicates the number of computers selected by the filter. • Limit List to 20 Computers. • Only Include Found Computers. • Add All: adds all machines displayed in the list according to the filter and selection criteria. Manual Provisioning by Hostname Target Hostnames Configuration Enabled K1000 Server Name K1000 Client Share Name Enter a comma-separated list of hostnames for the target computers. Enables the provisioning configuration. Note: Scheduled configurations run only if this check box is selected. The server that installs the Agent. This field displays the default name of the appliance server. Update this field if you have multiple servers. The share folder name on the appliance, where the Agents are located. 70 Administrator Guide, Version 5.3 Agent Provisioning 4 DNS Lookup Enabled Name Server for Lookup Lookup Time Out 4. Enables DNS lookup. By default, displays the primary DNS Server defined in Network Settings. You can specify either a hostname or IP address. The time, in seconds, after which a DNS lookup expires. Set up provisioning for the platform, as described below in: • • To provision Windows platforms, on page 71. To provision Unix (Linux or Mac OS X) platforms, on page 72. To provision Windows platforms 1. Enter the following details under Windows Platform Provisioning Settings: Enables provisioning. Provision this platform Agent Identification Port Required open TCP Ports Port Scan Time Out Bypass Port checks Enable Debug Info K1000 Agent Version (Read-only) Displays the Agent Version number. The port currently in use by the Agents. The port number is 52230. The ports that the appliance uses to access the target machine for the Agent install. Use a comma separated list. The time period (in seconds) during which the appliance scans the port for response. Select to avoid port checks while the appliance installs the Agent. Select to view debug information in the machine’s provisioning results. Remove K1000 Agent Select to remove the Agent from machines. This overrides any current provisioning activity. 2. Enter the following details under Windows Network Administrative Credentials: The domain or workgroup name associated with the login credentials you enter below. The user name that has the necessary privileges to install the Agent on the target machines. The password for the account listed above. Domain (or Workgroup) User Name (admin level) Password 3. Schedule the provisioned configuration, as described in To schedule Agent provisioning, on page 72. Administrator Guide, Version 5.3 71 4 Agent Provisioning To provision Unix (Linux or Mac OS X) platforms 1. Enter the following details under Unix (Linux or Mac OS X) Platform Provisioning Settings: Enables provisioning on Linux or Macintosh platform. The ports that the appliance uses to access the target machine for the Agent install. Use a comma separated list. The time period (in seconds) during which the appliance scans the port for response. Select to avoid port checks while the appliance installs the Agent. Provision this platform Required open TCP Ports Port Scan Time Out Bypass Port Checks Remove K1000 Agent Removes the Agent from machines. This overrides any current provisioning activity. Remove agent data directory 2. Removes any remaining data folder/files after the uninstall process completes. Enter the following details under Network Root Credentials: The user name that has the necessary privileges to install the Agent on the targeted machines. Enter the password for the account listed above. User Name Password K1000 Agent Version (Read-only) This field displays the Agent version number. 3. Schedule the provisioned configuration, as described in the next section (To schedule Agent provisioning, on page 72). To schedule Agent provisioning Scheduling Agent provisioning ensures that the appliance periodically checks computers in the specified IP range. You can install, reinstall, or uninstall the Agent as required. 1. To schedule the provisioning configuration, select the appropriate radio button under Scheduling: (Default) Select when you do not want to run the provisioning configuration on a schedule. Run at a specified minute or hour interval. Run daily at a specified time. -orRun on specified day of the week at a specified time Run monthly at the specified time. -orRun on a specified day of the month at a specified time. Don’t Run on a Schedule Run Every n minutes/ hours Run Every day/specific day at HH:MM AM/PM Run on the nth of every month/specific month at HH:MM AM/PM 72 Administrator Guide, Version 5.3 Agent Provisioning 4 2. Click Save to save the provisioned configuration. The Provisioned Configurations page appears and displays the provisioned configuration you created in the list of configurations. Using the Provisioned Configurations page The Provisioned Configurations page displays a list of provisioning configurations and their status. Accessing the Provisioned Configurations page 1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears: Field Config Name Total Target Running Not Started Succeeded Failed % Succeeded IP Range Schedule Enabled Description The name of the provisioning configuration. (Links to the Advanced Provisioning page.) The total number of target machines in the configuration. (Links to the Provisioning Results page.) The total number of target machines on which provisioning is currently running. (Links to the Provisioning Results page.) The total number of target machines on which provisioning has not yet started. (Links to the Provisioning Results page.) The total number of target machines on which provisioning has succeeded. (Links to the Provisioning Results page.) Indicates the total number of target machines on which provisioning has failed. (Links to the Provisioning Results page.) The total number of target machines on which provisioning has succeeded as a percentage. The IP range of the target machine. (Links to the Provisioning Results page.) Indicates the specified provisioning schedule. For example: Every n minutes, Every n hours, or Never. A green check mark indicates that the provisioning configuration is enabled. To create a new configuration 1. On the Provisioned Configurations page, click the Choose Action drop-down list and then select Create New Configuration. Administrator Guide, Version 5.3 73 4 Agent Provisioning The Single Machine Provisioning page appears, where you can create a new configuration. For more information, see To deploy the Agent on a single machine, on page 68. 2. To provision the Agent to multiple computers, click Advanced Setup. To edit a configuration 1. On the Provisioned Configurations page, click the name of the provisioned configuration that you want to edit. The Advanced Provisioning page appears. 2. Edit the provisioned configuration. For more information, see To use Advanced Provisioning, on page 69. To run configurations 1. 2. On the Provisioned Configurations page, select the check boxes for the configurations that you want to run. In the Choose Action drop-down list, click Run Selected Configuration(s) Now. To duplicate a configuration 1. On the Provisioned Configurations page, click the name of the configuration that you want to duplicate. The Advanced Provisioning page appears. 2. Under Scheduling, click Duplicate. The Provisioned Configuration page appears with the new configuration listed. To delete a configuration 1. 2. On the Provisioned Configurations page, select the check boxes for the configurations that you want to delete. In the Choose Action drop-down list, click Delete Selected Item(s). Deleting a configuration will delete all associated target machines in the provisioning inventory list. Altering or updating a configuration will reset the data in the associated target machines list to the default settings until the subsequent provisioning run. 74 Administrator Guide, Version 5.3 Agent Provisioning 4 Using the Provisioning Results Page The Provisioning Results page displays a list of computers for the selected Agent Provisioning Configuration. To view Provisioning Results 1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears. 3. Click an item listed in one of the following columns: Total Target, Running, Not Started, Succeeded, Failed, and IP Range. The Provisioning Results page appears with the following information for each computer IP Address DNS Action Result Error The IP address of the target computer. The host name of the target computer. opens a Remote Desktop Connection (Internet Explorer only). I indicates a successful install. U indicates a successful uninstall. Whether the most recent provisioning succeeded or failed. The failure error, such as TCP ports not accessible. Indicates an active AMP connection to the server. Configuration Last Run 4. The name of the configuration. The last time the configuration was run. To view additional information about a target computer, click its IP Address. The K1000 Agent Provisioning page appears. This page displays the results from the most recent provisioning run and includes information such as the IP address, Agent status, port configuration, and the logs of each provisioning step. 5. 6. To print this page, click Printer Friendly Version. To view inventory information, click the [computer inventory] link next to the MAC address. This link is displayed only if the provisioning process can match the MAC address of the target machine with the current inventory data. For more information on computer inventory, see Adding Computers to Inventory, on page 89. Administrator Guide, Version 5.3 75 4 Agent Provisioning Managing K1000 Agent Tasks The K1000 Agent Tasks option displays a list of all the tasks that are currently running or are scheduled for a machine connected to the appliance. To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Click K1000 Settings > Support. The K1000 Settings: Dell KACE Support page appears. 2. Click Troubleshooting Tools. The K1000 Troubleshooting Tools page appears. 3. Under the K1000 Agent Messaging, click the tasks link in See status of K1000 Agent tasks. The K1000 Agent Tasks page appears. By default, In Progress tasks are listed. If you don’t see any task, select another filter in the View by drop-down list: Column Machine Name Task Type Description The computer name on which the tasks are carried out. The type of Agent task. Types depend on your configuration and include alerts, inventory, kbot, krash upload and scripting update. The start time of the task type. The time when the task type is completed. The next schedule or run time of the Agent task type. How long it took the task to run. When the task type has to be timed out. The importance or rank of the task type. Started Completed Next Run Running Time Timeout in Priority Some options displayed in the filter depend on the configuration of your Task Types. While most Tasks and Task Types are self-explanatory, the following Tasks may need further explanation: • • • 4. Ready to Run (connected): Tasks that are AMP connected and about to run. Ready to Run: Tasks that will run when an AMP connection established. Longer than 10 minutes: Tasks that have been waiting longer than 10 minutes for a connection. To view details about a computer, click its name in the Machine Name column. The Computers: Detail Item page appears. 5. (Optional) To see a print view of the page and print it, click Printer Friendly Version. 76 Administrator Guide, Version 5.3 Agent Provisioning 4 K1000 Agent Settings Agent settings configure various options, such as how often the Agent runs on the target computer and how often inventory is performed. To configure an Agent To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Click Organizations. The K1000 Organizations page appears. 2. 3. In the table, click the name of an Organization. Click Edit Mode. The K1000 Organization: Edit Detail page appears. 4. Field Communications Window Under K1000 Agent Settings For This Organization, specify the following Agent options: Suggested Setting 00:00 to 00:00 (+1 day) Notes The period when the Agent can communicate with the appliance to perform inventory, script updates, and crash uploads. Other processes such as patching and scripting are still performed. You may wish to limit this time, if your computers are particularly busy during a certain period of the day. How often the server asks each Agent to report Inventory, Custom Inventory, File Synchronization, and Managed Installations and to check if the Agent needs upgrading. The interval that the appliance performs inventory on the nodes in the network. For example, if you set this parameter to 4 hours when the Agent “Run Interval” is 2 hours, the Inventory is checked every other time. Conversely, the Agent checks Custom Inventory, File Synchronization, and Managed Installation every 2 hours. The message that appears to users when communicating with the appliance. Agent “Run interval” 2 hours Agent “Inventory Interval” 0 Agent “Splash Page Text” Administrator Guide, Version 5.3 77 4 Agent Provisioning Field Scripting Update Interval Suggested Setting 1 hour Notes The frequency that the Agents checks for the latest scripts. If necessary, the updated scripts are then downloaded. This does not affect how often a script is run. Turning off Agent Log Retention will save about 1GB of disk space in the database. Agent Log Retention Save All Agent Logs 5. Click Save to save the Agent settings configuration. The K1000 Agent Settings page appears in read-only mode. These changes are reflected the next time Agent checks into the appliance. The Agent normally checks in using the “Run Interval” schedule specified in K1000 Agent Settings page. However, you can force a check-in outside the normal schedule by running: Windows command window: Go to C:\Program Files\Dell\KACE\ or C:\Program Files (x86)\Dell\KACE\ and enter: runkbot 4 0 Macintosh terminal window: sudo /Library/Application Support/ Dell/KACE/bin/runkbot 2 0 UNIX (RHEL) terminal window: sudo /opt/dell/kace/bin/runkbot 2 0 K1000 Agent Update Agent Update allows you to automatically update the Agent software for some or all computers that check into your appliance. Updating the Agent to 5.3 is supported from 5.1 or 5.2. Overview of Agent Updating The following steps describe how to update the Agents: 1. 2. 3. Download the Bundled Agents file from Dell KACE Customer Support. Load the Bundled Agents file on the appliance. Update the Agent on the target computers. The following sections describe each of these steps. To download a patch Agent To download an Agent bundle, you must first register with Dell KACE Customer Support. 1. Using your login credentials, download and save the k1000_patch_agents_xxx.kbin file from the following link: 78 Administrator Guide, Version 5.3 Agent Provisioning 4 http://www.kace.com/support/customer/downloads.php 2. In the Dell KACE Management Center, click Settings > K1000 Agent. The Agent Provisioning page appears. The Agent package that you post to the server from this page should be an official Agent release received from Dell KACE directly. 3. Click Agent Updates from KACE. The Agent Updates from KACE page appears. 4. 5. 6. 7. Under Upload K1000 Agent Update Files, click Edit Mode. Click Browse and locate the update file that you downloaded. Click Load Bundle File. Verify that the file is uploaded and applied. The updated files appear under Loaded K1000 Agent Updates. To update the Agent automatically You can see the version numbers of Agent patches currently uploaded to the appliance under Loaded K1000 Agent Updates. 1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Agent Updates from KACE. The Agent Updates from KACE page appears. 3. 4. Click Edit Mode under the section that you want to edit. Specify the Agent updates as shown in the following table: The time the Agent bundle was downloaded. Upgrades the Agent the next time the computers check into the appliance. Updates those machines with the selected labels. Distribution Time Stamp Enabled Limit Updates to Labels Administrator Guide, Version 5.3 79 4 Agent Provisioning Limit Update To Listed Machines Filter Select the machines from the Select machine to add dropdown list. Filters the machines displayed in the Limit Update To Listed Machines field. The (n) indicates the number of computers selected by the filter. Filters by character. For example, entering “lib” would list computer names such as Library-1, Library-2, and so on. Enter release notes about the Agent. Notes 5. To save the new Agent updates, click Save. AMP Message Queue The AMP (Agent Messaging Protocol) Message Queue page displays the list of pending communications with the Agents, such as pending alerts, patches, scripts, or crash dumps. To view AMP Message Queue To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Click K1000 Settings > Support. The K1000 Settings: KACE Support page appears. 2. Click Troubleshooting Tools. The K1000 Troubleshooting Tools page appears. 3. Under K1000 Agent Messaging, click the message queue link. The AMP Message Queue page appears. The pending communications are displayed in this queue only during continuous connection between the Agent and the appliance. For Alerts, the pending communications are displayed in the AMP Message Queue even if there is no continuous connection between the Agent and the appliance. These messages are displayed until the Alert’s Keep Alive time interval has expires. For more information about alerts, see To Create a Broadcast Alert Message, on page 233. The Agent Message Queue page contains the following fields: Field Machine Name Description The machine name that contains the computer inventory information. Click a name to view the Computers Inventory page. 80 Administrator Guide, Version 5.3 1. 2. click the message queue link. 6. such as Completed or Received. The message payload. Click K1000 Settings > Support. To delete a message queue To perform these steps.Agent Provisioning 4 Field Message Type [ID. 4. Click Troubleshooting Tools. In the Choose Action drop-down list. 3.3 81 . Src ID] Message Payload Expires Status Description The type of message type. Administrator Guide. The AMP Message Queue page appears. The date and time when the message expired. Version 5. 5. This removes the message queue from the Agent. Click the check box for the message you want to delete. The K1000 Settings: KACE Support page appears. such as Run Process. click Delete Selected Item(s). Click OK to confirm deleting the message. The K1000 Troubleshooting Tools page appears. The status of the AMP message. Under K1000 Agent Messaging. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. Version 5.3 .4 Agent Provisioning 82 Administrator Guide. on page 97. on page 106. Managing Your MIA (Out-Of-Reach Computer) Inventory. Managing Your Service Inventory. Inventory Feature Overview The agent collects Inventory information from each node. Managing Your Computer Inventory. Managing Your Processes Inventory. Managing Your Software Inventory. • • • • • • • • • Inventory Feature Overview. on page 107.3 83 . on page 83. The data is then listed on one of the Inventory tabs: • • • • • • • Computers Software Processes Startup Services IP Scan MIA Administrator Guide. Using the AppDeploy Live Application Information Clearinghouse. on page 104.5 Managing Software and Hardware Inventories The Dell KACE K1000 Management Appliance Inventory tab enables you to identify and manage the hardware and software on your network and organize these assets using labels and filters. Version 5. on page 100. on page 102. on page 84. Using the Dell Warranty feature. Managing Your Startup Program Inventory. on page 91. The information is uploaded and displayed on your K1000 Management Appliance after the nodes check in. Figure 5-1: Inventory . invokes an For more details on Machine Actions. If the Agent Inventory Interval is set to zero.3 . Then select the Organizations tab and click an organization in the list.Computers Tab Managing Your Computer Inventory The Computer Search & Filter page displays the computer’s IP address and the user connected to it. 84 Administrator Guide. To view the Agent Inventory Interval and Agent Run Interval settings. Version 5. starting on page 119. the IP Scan feature is discussed in Chapter 7: Scanning for IP Addresses. Clicking Action #1 Machine Action if specified.5 Managing Software and Hardware Inventories Inventory data is collected automatically according to the Agent Inventory Interval schedule specified in Settings > K1000 Agent. starting on page 35. These settings are listed under the K1000 Agent Settings for this Organization section of the K1000 Organization : Edit Detail page. the inventory is performed as per the Agent Run Interval setting on the same page. Although it is listed under the Inventory tab. make sure you have selected the correct organization using the Organization drop-down list in the top-right corner of the main page. refer to Chapter 2: Configuring your Appliance. This figure illustrates some of the Inventory features using the Computers ab. or Action #2 beside the IP address. 5.* Note: You can add more than one criteria. click its name.3 85 . on the other hand. Select a condition from the drop-down list. Administrator Guide. Version 5. if you needed to list computers with a particular version of BIOS installed. The search results are displayed. The options are AND or OR.Managing Software and Hardware Inventories 5 From the Computers tab you can: • • • • • • • Search by keyword or invoke an Advanced Search Create a Filter to apply labels to computers automatically Create Notifications based on computer attributes Add/delete new computers manually Filter the Computer Listing by label Apply or remove labels Show or hide labels To view details about a computer. To add more criteria. Using Advanced Search for Computer Inventory Although you can search computer inventory using keywords like “Windows XP” or “Acrobat. Click Search. select a conjunction operator from the drop-down list. For example: IP Address 3. allows you to specify values for each field present in the inventory record and search the entire inventory listing for that value. Enter the attribute value.XX. Searching for Computers in Your Inventory This section explains the various options you have for searching for computers in your inventory. 2. 6. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.” those types of searches might not specific enough. to search machines in an IP range: XXX. 1. For example. Click the Advanced Search tab. Select an attribute from the drop-down list. For example: contains 4. This is useful for example. Advanced search. To specify advanced search criteria To perform these steps. Specify the search criteria and the constraints. click Test Notification. 7. 5. Machine connecting to the K1000 Management Appliance is detected in a specified IP range known to originate in building 3. For more information about Smart Labels. and then send an e-mail automatically to an administrator. Computers connecting where computer name contains the letters “sales”. to know when computers have a critically low amount of disk space left. Enter the email address of the recipient of the notification. see About Smart Labels. Smart Labels work well with Inventory attributes. to track laptops that travel. Select the Create Notification tab. For example. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Specify the search criteria to look for a value of 5 MB or smaller in the Disk Free (G) field Notify an administrator to take appropriate action.” The table below lists some examples of useful Smart Labels that can be applied to a machine based on its inventory attributes: Filter Examples Sample Label Name XP_Low_Disk XP_No_HF182374 Building 3 CN_sales Sample Condition Windows XP Machine with less than 1 GB of free hard disk at last connection. 86 Administrator Guide. Windows XP Machine without Hotfix 18237 installed at last connection. Specify a title for the search.5 Managing Software and Hardware Inventories Creating Smart Labels for Computer Inventory Smart Labels enable you to dynamically apply a label based on a criteria. 6. such as disk capacity or OS version. 2. 3. To create a notification To perform these steps. To see whether the filter produces the desired results. For example. 2. create a label called “San Francisco Office. 4. you can: 1. Version 5. Whenever a machine that meets the IP range is checked in. Click Create Notification to create the notification. Searching for Computers by Creating Computer Notifications You can also use the Notification feature to search the inventory for computers that meet certain criteria. on page 60. Go to Inventory > Computers.” and create a Smart Label based on the IP range or subnet for machines located at the San Francisco office. 1.3 . it is labeled as “San Francisco. among other attributes. you can select a computer in inventory and view its details. The Computer Detail page provides details about a computer’s hardware. install. click the + sign next to the section headers. on page 209. Version 5. an e-mail is automatically sent to the specified recipient. software. The following sections describe each of the detail areas on this page.3 87 . You can modify or delete a notification after it has been created on the Reporting > Email Alerts tab. refer to About LDAP Labels. To expand or collapse the sections. and OVAL vulnerability history. Using the Computer Inventory Detail Page From the Computers tab. whenever machines that meet the specified notification criteria check into the K1000 Management Appliance. you can create LDAP Labels to do this from the Home > Label > LDAP Labels tab. patch. Administrator Guide. For more information on how to create LDAP Labels. Filtering Computers by Organizational Unit To filter computers based on an Organizational Unit found in LDAP or AD. Service Desk.Managing Software and Hardware Inventories 5 Now. on page 89. see AMP Message Queue. Tests which passed are grouped together and marked as Safe. Use the Force Inventory Update button to immediately update all computer inventory information. click the Ticket ID (for example. Security The Patching Detect/Deploy Status section displays a list of patches detected and deployed on the computer. and All to sort the list of patches. This section provides details on the software programs the computer has installed. Failed. • The Failed Managed Installs section displays a list of Managed Installations that failed to install on this machine. including patching level information. • The Labels section displays the labels assigned to this computer. The Threat Level 5 list section displays the items that have been marked with the threat level as 5. • The Help Tickets section provides a list of the Service Desk Tickets (if any) associated with this machine. The Portal Install Logs section provides details about the User Portal packages installed on this machine. See Appliance Agent Logs. It requests that the node send an inventory to the appliance. TICK:0032). To access details about the Managed Installations. along with the status of any scripts in progress. Not Patched. Patched. The OVAL Vulnerabilities section displays the results of OVAL Vulnerability tests run on this machine. • The To Install List section lists the Managed Installations that are sent to the machine the next time it connects. running processes. process. and services associated with this machine is considered as threat level 5. Some appliance features work only if there is a constant connection between the agent and the appliance: • A icon indicates a constant connection between the agent and the appliance. • A icon indicates that the agent and the appliance are not connected. To view a Service Desk Ticket’s details. Only tests that failed on this computer are listed by the OVAL ID and marked as Vulnerable.You can review your patch schedules by clicking the Patch Schedules link. for example. and startup programs. click the Managed Software Installation detail page link.5 Managing Software and Hardware Inventories Inventory Heading Summary Description Contains basic computer identification information. The Scripting Logs section lists the Configuration Policy scripts that have been run on this computer. A threat that is harmful to any software. startup item. For more details on the AMP connection. Most of this is self-explanatory. Logs 88 Administrator Guide. Inventory Information Software Activities This section provides more detail on some of the categories in the Summary section. on page 80. These can either be Tickets assigned to the machine owner or Tickets submitted by the machine owner. Click Force Inventory Update to synchronize the computer with the server.3 . Labels are used to organize and categorize machines. The only appliance-specific information in this section is the AMP connection and the agent software level. Click the appropriate link. for details on this section. Version 5. A script is executed on the node after which it sends the inventory information to the appliance. see the Asset Management Guide. • Management Service Logs: The primary role of appliance Management Service is to execute the Offline KScripts. The logs related to this request are displayed in Boot Strap logs. These steps include. Client. • Scripting Updater: A request is initiated periodically from the node to get the latest information related to the changes in Offline KScripts. you can track computers that currently do not have agent support or computers that are not available on your LAN. Adding Computers to Inventory The appliance provides the convenience of automatically adding computers to inventory. type of the asset and name of the asset are displayed. inventory is uploaded to the appliance. However. For more information about Assets. boot strap. Details such as the date and time when the Asset record was created. and Scripting Updater. dependencies downloads and validating the KBOTS file. The Management Service logs display the steps performed by Management Service to execute the Offline KScripts. This is especially useful when you maintain a large number of computers on your network.exe. The agent logs display these actions. • Boot Strap Logs: The appliance sends a boot strap request to get inventory information for a node that has checked in for the first time. Click the [Edit] link to edit the asset information.3 89 . Scripting Updater logs displays this information. the appliance also provides the flexibility to manually add computers to inventory.Managing Software and Hardware Inventories 5 Inventory Heading Asset Description This section displays the details of the Asset associated with that machine. For example. the date and time when it was last modified. The computers on which the agent is installed will check into the appliance Administrator Guide. Any error in the execution of Offline KScript is logged in the Management Service logs. Appliance Agent Logs This section displays logs for K1000 Management Appliance Management Service. Version 5. Adding Computers Automatically Computers are automatically added to Inventory by provisioning the agent on the computers on your network. • Client Logs: The appliance sends a request to the agent to get inventory information periodically. On successful execution of K1000Client. starting on page 65. The K1000Client. 3.xml. Select the check box next to the computer(s) you want to delete. Complete the information required by: • Entering by hand: For example data. refer to Chapter 4: Agent Provisioning. The number of computer or machine records in Inventory affects your license count even if the computer is no longer in use. To configure this. If you choose this option.5 Managing Software and Hardware Inventories and upload all the available inventory data. To add a computer to inventory manually To perform these steps. which you can upload here. Version 5. 90 Administrator Guide. 2. 1. Adding Computers Manually You can use the K1000 to maintain inventory data of all the machines on your network. including those not connected to your LAN. • Importing the machine. the appliance ignores all other field values on this page. click Delete Selected Item(s). Go to Inventory > Computers. Click OK to confirm deleting the computer. This might be a good practise if you want to maintain Inventory on computers in dark networks. 1.exe can take an optional command line parameter-inventory. 3. To delete a computer To perform these steps. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. click Add New Item. view the computer record of a machine that is already listed in the inventory. Go to Inventory > Computers. 2. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. For more information on agent provisioning. In the Choose Action menu. In the Choose Action menu.xml file for this computer. type: K1000 Agent/exe-inventory The appliance agent collects the inventory data and generates a file called machine. 4.3 . The Computer: Edit Computer Detail page appears. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. the software list alphabetically lists only the first 100 software items detected.Managing Software and Hardware Inventories 5 To apply a label to a computer To perform these steps. From the Inventory > Software tab you can see all the software installed across your network. Go to Inventory > Computers. 1. Avoid using backslashes (\) in Label names. Enter the New Label name to apply and click Save. From the Software List page. click the Show All link. 1. This feature allows you to specify values for each field present in the software inventory and search the entire Administrator Guide. In the Choose Action menu. be sure to escape the backslash with another backslash. remove. Select the computer to which you will apply a label. If used. To view all software installed. 3. Managing Your Software Inventory The Inventory feature also collects and displays an inventory of the software items installed on each of the computers listed in the inventory. By default. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.3 91 . To remove a label from a computer To perform these steps. Select the check box next to the computer from which you will remove a label. click the software name link. you can: • • • • Add or delete software Add. In the Choose Action menu: • • Select Add Label. click the appropriate label under Remove Label. Version 5. Go to Inventory > Computers. 2. or apply labels Categorize the Software Set Threat Level to Software To view the details of a software title. 2.” For more refined search results use the Advanced Search. 3. Using Advanced Search for Software Inventory You can search your software inventory using keywords like “Adobe Flash Player” or “ActivePerl. For example. Enter the Attribute Value. 7. For example. Enter the Attribute Value. 4. refer to Chapter 4: Agent Provisioning. Adding software automatically Software items are added to Inventory automatically when the agent checks in. For example. if you need a list of computers that have a specific application installed on a specific operating system. starting on page 65. XP.5 Managing Software and Hardware Inventories inventory for that particular value or combination of values. Display Name (Title) and contains. For more information on agent provisioning. ActivePerl causes all the machines having ActivePerl software to be searched. Thus. create a managed installation from it. you can add a software item that is not yet been installed on your network. The combination of XP and ActivePerl returns all machines that have Windows XP OS and ActivePerl software installed. 6. Supported OS and contains. Select an attribute and a condition from the drop-down lists. For example. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. The nodes on which the appliance agent is installed check in to your appliance and upload all the available software inventory data. For example. 1. To add more than one criteria. For example: AND. 3. 2. 5. and then deploy it to your other nodes. Automatically capturing software inventory items is especially useful when it is difficult to determine and maintain lists of all the software titles installed on your network nodes. select the Conjunction Operator from the drop-down list.3 . Adding Software to Inventory You can add software inventory items automatically or manually. the K1000 Management Appliance also provides you with the flexibility to manually add software titles to the inventory. For example. Click Search. Select an attribute and a condition from the drop-down lists. Version 5. Go to the Advanced Search tab. 92 Administrator Guide. To specify advanced search criteria To perform these steps. 4. 7.0. The appliance automatically creates inventory records for the software titles found on the network. See Appendix C: Writing Custom Inventory Rules. the appliance may not be able to detect the presence of the application without additional information from the administrator.0. 1. starting on page 273.44) Before deploying a software item to a remote node. 6. For more information on Custom Inventory ID (rule). 9. In the Custom Inventory Rule field. it’s better to install the package on a node and run inventory. the package probably isn’t installed on a node in your K1000 Management Appliance. it is not sent to the machine a second time. starting on page 273. 3. Administrator Guide. Publisher (Vendor). In the Assign To Label field. In the Choose Action menu. In such cases. refer to Appendix C: Writing Custom Inventory Rules. Upload or specify links to available information files associated with the software. 5. Beside Upload & Associate File. In some instances. installed programs do not register in Add/Remove Programs or in standard areas of the registry. click Add New Item. your appliance first verifies whether that file is present on the that node. If it is detected. than to manually install. and then click Open. For example: RegistryValueGreaterThan(HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. (Optional) Enter any other information in the Notes field. click Browse to browse to the file you wish to upload and associate with this software.3 93 . Enter the general software details.4. enter the Custom Inventory ID. 10. the appliance may repeat the install each time the node connects. If you don’t see a software package in Inventory. and Display Name (Title) consistently across software inventory to ensure proper downstream reporting. Go to Inventory > Software. You may want o include a custom rule so that information about the software is current and the package is not reinstalled each time that the agent check in. 8. The Software : Edit Software Details page appears. for example. Enter the Display Version. 2. Version 5. Select the supported operating systems in the Supported Operating Systems field. Therefore.Managing Software and Hardware Inventories 5 To add software to Inventory manually To perform these steps.szDatVersion. Specify the Custom Inventory Rule. select the labels to assign. Usually.xx. 5 Managing Software and Hardware Inventories 11. 4. You can also view the license asset detail by clicking on the license link. or “DATE”. In the Choose Action menu. (Use for proprietary information. This is useful for reading and reporting on information in the registry and elsewhere on the target machine. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. In the Choose Action menu. 3. see the Asset Management Guide. 3. To create software assets To perform these steps. NUMBER is an integer value: 94 Administrator Guide. “NUMBER”. Select the check box for the appropriate software.) 12. In the Custom Inventory Rule field. click Create Asset. enter the appropriate syntax according to the information you want returned: • To return a Registry Value. Click Save. Go to Inventory > Software. replacing valueType with either “TEXT”. 1. click Add New Item. Go to Inventory > Software. Version 5. Select this check box to hide this information from Live Application Deployment. 2. file publisher. specify the following information: Category Threat Level Hide from AppDeploy Live! Select the desired category. 1. Custom Data Fields You can create custom data fields to read information from a target machine and report it in the Computer Inventory certificate. Under Metadata. For more information about using Assets.3 . file created date. 2. To create a custom data field To perform these steps. enter the following. DAT file version number from the registry. Select the threat level. For example. Enter a value in the Display Name (Title) field. or other data. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. The software detail page displays license information for the software. The Assets page appears. string valueName. 1.exe. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. string valueType). Example: RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\McAfee. To associate multiple files. Version 5.SourceDisk. enter: FileInfoReturn(string fullPath.com\Viruss can Online.TEXT) You can retrieve the following attributes from the FileInfoReport() function: Comments CompanyName FileBuildPart FileDescription FileMajorPart FileMinorPart FileName FilePrivatePart FileVersion InternalName IsDebug IsPatclhed IsPreRelease IsPrivateBuild IsSpecialBuild Language LegalCopyright LegalTrademarks OriginalFilename PrivateBuild ProductBuildPart ProductMajorPart ProductMinorPart ProductName ProductPrivatePart ProductVersion SpecialBuild CreatedDate ModifiedDate AccessedDate Attaching a Digital Asset to a Software Item Whether you add the software to inventory automatically or manually.Managing Software and Hardware Inventories 5 RegistryValueReturn(string absPathToKey. Go to Inventory > Software.zip file. TEXT) • To return File Information. Select the linked name of the software title. and associate the resulting archive file. string attributeToRetrieve. Comments. To attach a digital asset to a software item To perform these steps. string valueType) Example: FileInfoReturn(C:\Program Files\Internet Explorer\iexplore. 2. 95 Administrator Guide.3 . you need to associate the files required to install the software before distributing a package to users for installation. create a . 5. 2. The Software-To-Computer Deployment Detail table at the bottom of the Software > Edit Software Detail page shows which computers have the software title installed. In the Choose Action menu. Version 5. Click OK to confirm deleting the software. Go to Inventory > Software. 2. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 2. click Browse. Select the check box next the software you wish to delete. 4. Modify other details as necessary. on page 86. If you want your label to include all copies of this software. 3. 3. Go to Inventory > Software. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Go to Inventory > Software. 1.3 . be sure to escape the backslash with another backslash. click Apply Label and then the appropriate label to apply. Locate the file to upload. Select the check box beside the software to apply a label to. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. and then click Open.5 Managing Software and Hardware Inventories The Software: Edit Software Detail page appears. Avoid using backslashes (\) in Label names. In the Choose Action menu. To remove a label from a software item To perform these steps. 3. Beside Upload & Associate File. the ones you have now and any you might purchase in the future. use a Smart Label. Select the check box beside the software to remove the label from. See Creating Smart Labels for Computer Inventory. 1. If used. click Delete Selected Item(s). 96 Administrator Guide. You can also click Add Label in the Choose Action menu to create and apply a new label. 4. and then click Save. 1. To apply a label to a software item To perform these steps. To delete a software item To perform these steps. 3. In the Choose Action menu. Select the check box next to the software. Business. To set threat level to a software item To perform these steps. 6. you can: • • • • • • View Process details Delete selected processes Disallow selected processes Meter selected processes Apply labels Remove labels The processes are categorized in: Audio / Video. click Set Category and the category. Managing Your Processes Inventory The K1000 Management Appliance Processes feature allows you to keep track of processes that are running on all agent machines across your enterprise. Select the check box beside the software you want to categorize. including the name of the computer running those processes. Detail pages provide information on individual processes. and the last user. or 12 months. Using Processes feature. Driver. The Processes feature records and reports the processes details information. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 3. Go to Inventory > Software. click Remove Label and the appropriate label. Security. In the Choose Action menu. You can record and view software usage for the last 1. and System Tool. Version 5. 3. Administrator Guide. Go to Inventory > Software.3 97 .Managing Software and Hardware Inventories 5 3. system description. Internet. Games. Malware. To categorize a software item To perform these steps. 2. In the Choose Action menu. 2. Desktop. 1. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Development. 2. click the appropriate threat level. ] You need a KACE user name and password to log in to the Dell KACE database. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 5. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 3. click Delete. 2. Click Save.5 Managing Software and Hardware Inventories To view process details To perform these steps. Select labels to assign to a process using the Assign To Label option. 3. 1. From the Process detail page. Select the process name to view details. Enter any notes that further describe this process in the Notes field. 2. 1. You can also ask for help from KACE about the processes by clicking [Ask For Help. select the check box beside the process. In the Choose Action menu. 98 Select the check box beside the processes to disallow. Select the category of the process in the Category drop-down list. 7. Select the threat level of the process in the Threat Level drop-down list. You can also see computers with running the selected process. Go to Inventory > Processes. and then in the Choose Action menu. do one of the following: • • 2. Click OK to confirm deleting the selected process. You can read comments on the process submitted by other users by clicking [Read Comments] on the Process Details page. To delete processes. 6. The Processes page appears. click Disallow Selected Item(s). From the Processes List view. 1. 4. click Delete Selected Item(s). To disallow processes To perform these steps.3 . The Processes page appears. Go to Inventory > Processes. You can view and print a printer friendly version of this page. Version 5. Administrator Guide. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. The Process Details page appears. To delete a process To perform these steps. 3. In the Choose Action menu. 2. 2. Select the check box next to the processes you want to categorize. click the appropriate label under Remove Label. Select the check box next to the processes you want to apply a label to. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 2. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. In the Choose Action menu. 4. 3. Go to Inventory > Processes. Administrator Guide. 1. To categorize a process To perform these steps. refer to Chapter 9: Using the Scripting Features. click the appropriate threat level. Go to Inventory > Processes.Managing Software and Hardware Inventories 5 The Script : Edit Detail page appears. 2. In the Choose Action menu. 1. 1. Version 5. click the appropriate label to apply. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Go to Inventory > Processes. Select the check box next to the processes. To apply a label to a process To perform these steps. 3. Enter the script configuration details. starting on page 161. In the Choose Action menu. and then click Run Now to run Disallowed Programs Policy. For more detailed information on scripting and Disallowed Programs Policy. 3. click the appropriate category. Select the check box next to the processes you want to remove the label from. To set threat level to a process To perform these steps. 1. Go to Inventory > Processes. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. To remove a label from a process To perform these steps.3 99 . Click the check box next to the processes. (Optional) Enter notes that further describe this startup program in the Notes field. Driver. including the name of the computer running those startup programs. Click the startup program name to view details. 4. In the Choose Action menu. and System Tool. Go to Inventory > Processes. 1.5 Managing Software and Hardware Inventories To meter a process To perform these steps. click Meter Selected Items(s). 2. 2. Managing Your Startup Program Inventory The K1000 Management Appliance Startup feature allows you to keep track of startup programs on all agent machines across your enterprise. Malware. Internet. The process are added to the list of processes to be monitored in the Metering tab. 5. Select the category of the startup program in the Category drop-down list. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Go to Inventory > Startup. 1. Security. Using Startup feature. The Startup feature records and reports the startup program detail information. Version 5. For more information on Software Metering. Select labels to assign to startup program using the Assign To Label option. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. The Startup Programs page appears. 3. Business.3 . you can: • • • View startup program details Delete selected startup programs Apply or remove labels The startup programs are categorized in: Audio / Video. To view Startup detail information To perform these steps. Detail pages provide information on startup programs. 6. Games. Development. The Startup Programs : Edit Startup Programs Detail page appears. 100 Administrator Guide. Select the threat level of the startup program in the Threat Level drop-down list. and the last user. system description. 3. Desktop. refer to Asset Management Guide. do one of the following: • • 2. 3. Go to Inventory > Startup. and then in the Choose Action menu. Select the check box next to the startup programs you want to remove from the label. select the check box next to the startup program. Go to Inventory > Startup. To delete a startup program To perform these steps. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. From the Startup Program : Edit Startup Program Detail page. 2. 1. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.Managing Software and Hardware Inventories 5 7. Version 5. click Delete. You can also see computers with running the selected startup program. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. You can also ask for help from KACE about the startup programs by clicking [Ask For Help. To apply a label to a startup program To perform these steps. 1. You can view a printer friendly version of this page and take print outs of the report. To categorize a startup program To perform these steps. You can read comments on the startup program submitted by other users by clicking [Read Comments]. To remove a label from a startup program To perform these steps. Click OK to confirm deleting the selected startup program. Click Save to save the startup program details. To delete startup programs. From the Startup Programs List view. 3. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 2. In the Choose Action menu. click the appropriate label under Remove Label. Select the appropriate label to apply from the Choose Action menu.3 101 . 1.] You need a KACE user name and password to log in to the Dell KACE database. Administrator Guide. click Delete Selected Item(s). Select the check box next to the startup programs you want to apply a label to. you can: • • • View services details Delete selected services Apply or delete labels The services are categorized in: Audio / Video. 3. To view service detail information To perform these steps. Business. 1. In the Choose Action menu. 4. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. In the Choose Action menu. Go to Inventory > Startup. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Click the service name to view details. 2.3 . and System Tool. Using Services feature. Security. Select the check box next to the startup programs you want to categorize. Malware. including the name of the computer running those services. and the last user. 102 Administrator Guide. Go to Inventory > Startup. Desktop. click the appropriate threat level. Enter any notes that further describe this service in the Notes field. Select the check box next to the startup programs. 3. 3. The Service feature records and reports the services information in detail. Version 5. click the appropriate category. The Service : Edit Service Detail page appears. Internet. Development. Go to Inventory > Service. Select labels to assign to service using the Assign To Label option. Detail pages provide information on services.5 Managing Software and Hardware Inventories 1. system description. To set threat level to a startup program To perform these steps. 1. Games. 2. The Services page appears. 2. Driver. Managing Your Service Inventory The K1000 Management Appliance Service feature allows you to keep track of services running on all agent machines across your enterprise. Click Save to save the service details. You can also ask for help from Dell KACE about the service by clicking [Ask For Help. Go to Inventory > Service. Click OK to confirm deleting the selected service. To delete services. 7. To apply a label to a service To perform these steps. Select the check box next to the services you want to apply a label to. To remove a label from a service To perform these steps. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. click the appropriate label under Remove Label. 1. select the check box next to the service. From the Services List view. Select the category of the service in the Category drop-down list. To delete a service To perform these steps. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 2. and then in the Choose Action menu. In the Choose Action menu. You can read comments on the service submitted by other users by clicking [Read Comments]. Select the check box next to the services you want to remove the label from. 1. Select the threat level of the service in the Threat Level drop-down list. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. click Delete Selected Item(s). click Delete. From the Process detail page. Version 5. do one of the following: • • 2. You can also see computers with running the selected startup program. Administrator Guide. 3.] You need a KACE username and password to log in to the Dell KACE database. 2. click the appropriate label to apply. 3. You can view a printer friendly version of this page and take print outs of the report. 1. 6.3 103 . In the Choose Action menu. Go to Inventory > Service.Managing Software and Hardware Inventories 5 5. MIA page. 1. Configuring the MIA Settings You can configure the MIA Settings to enable the appliance to automatically delete computers from the inventory after they have not checked in for a specified number of days. Select the check box next to the services. The MIA Settings page appears. To configure the MIA settings To perform these steps.5 Managing Software and Hardware Inventories To categorize a service To perform these steps. 2. 3. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. From the MIA tab. In the Choose Action menu. or which have not communicated with appliance in the last 1-90 days. 1. To set a threat level to a service To perform these steps. Go to Inventory > Service. You can filter the MIA view by computers that have missed the last first. or tenth syncs. Select the check box next to the services you want to categorize. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. This eliminates the need to manually delete the computers from the Computers . Version 5. click the appropriate threat level. 104 Administrator Guide. 1. you can remove the computers from the appliance Inventory and assign them to labels to group them for management action. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. fifth. click the appropriate category. click Configure Settings.3 . 2. 2. Go to Inventory > MIA. In the Choose Action menu. In the Choose Action menu. Go to Inventory > Service. 3. Managing Your MIA (Out-Of-Reach Computer) Inventory The K1000 Management Appliance MIA tab offers a list of the nodes that have not checked in to the appliance in some time. The MIA tab also displays the IP and MAC Addresses of these computers. In the Add Label window. Avoid using a backslash (\) in Label names. Click Inventory. Select the check box next to the computers you want to delete. Automatically delete MIA computers Days 4. enter a name for the new label. Click OK to confirm deleting the computer. Go to Inventory > MIA. click Delete Selected Item(s). be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. click Add Label. 3. To apply a label to an MIA computer To perform these steps. In the Choose Action menu. To delete an MIA computer To perform these steps. Go to Inventory > MIA. Enter the period in number of days. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.Managing Software and Hardware Inventories 5 3. Enter the following information: Select this check box to enable automatic deleting of MIA computers. 2. If used. 3. for example. select the appropriate label to apply . 2. 2. In the Choose Action menu. Click Save. In the Choose Action menu. Software. 4. To create a new label To perform these steps. Computers that do not communicate with the appliance for the number of days specified are automatically deleted. and click the tab you want to work with. Administrator Guide.3 105 . Version 5. 3. 4. be sure to escape the backslash with another backslash. Select the check box next to the computers you want to apply a label to. Click Save. For example. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 1. you can create a label on any tab in Inventory: 1. The AppDeploy Live! website is both a platform for product forums and a source of up-todate news and announcements. Click K1000 Settings > Control Panel > General Settings. To view AppDeploy Live information To perform these steps. For more information on how to change K1000 General Settings. 106 Administrator Guide. Refer to Using the AppDeploy Live Application Information Clearinghouse. Click Set Options to save your changes.com for more information.) By centralizing relevant information in one place.com reduces the need for searching answers through vendor sites. processes.5 Managing Software and Hardware Inventories Using the AppDeploy Live Application Information Clearinghouse AppDeploySM (or AppDeploy. deployment. be sure to select System in the Organization drop-down list in the top-right hand corner of the page. Click Edit Mode. Click OK on the pop-up confirmation page. on page 106.3 . and services. 5. This website provides computer administrators an easier way to search for answers and solutions. Enabling AppDeploy Live! integrates community submitted information directly from this web site. Click the Enable AppDeploy Live! check box. You can visit www. you can view AppDeploy Live information on software. 4. Version 5. and systems management automation. startup programs. AppDeploy Live information can also be viewed from the Distribution > Managed Installations and Distribution > File Synchronization. Enabling AppDeploy Live To perform these steps. discussion boards. The Software page appears. From Inventory. Go to Inventory > Software. AppDeploy. 1. it does not tie directly into the appliance. Select a software title to see the associated information from AppDeploy Live. 2. 2.com) contains information on installation. and technical publications. you cannot view AppDeploy Live information. 3. which lists the software installed on nodes. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. on page 35. 1. Viewing AppDeploy Live content You can view AppDeploy Live contents of your appliance. (However. If you have not enabled AppDeploy Live. refer to To configure general settings for the server.AppDeploy. The Dell Warranty feature runs a background service that gathers and updates warranty information on your Dell computers that are in Inventory. 1. 3. Under the Inventory Information section. select the Hardware link. you can also access the Dell Support Web site to renew your warranty information if it is out of date or view additional details about your warranty. From the Dell Warranty tab. Administrator Guide. Go to Inventory > Computers. To obtain Dell Warranty information on a single Dell machine instantly To perform these steps. Select the Dell machine in the list of computers for which you wish to gather warranty information to view the machine details. Over time. Every four hours. 2. If you need to see warranty information immediately. Using the Dell Warranty feature The Dell Warranty feature only works for Dell computers that are in inventory. Scroll Down to view AppDeploy Live information.3 107 . 3. there is an option to gather warranty information on a single Dell machine instantly. warranty information is gathered and updated for all Dell machines. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. You can download warranty information into a CSV file for a single or multiple machines within your organization. This process may take a week or up to a month to acquire warranty information for all of the Dell machines across different organizations. Version 5.Managing Software and Hardware Inventories 5 The Software : Edit Software Detail page appears. This background service runs every four hours and selects a different organization in a round-robin fashion. The Computers : Detail Item <Machine Name> page appears. the service runs on approximately 100 machines per organization. From the View By drop-down list in the top-right corner of the page. you will see Dell warranty information under the Dell Service Info section as shown in the following figure: 4.5 Managing Software and Hardware Inventories If this is a Dell computer that you have selected.com link in the Dell Service Info section. 2. Select the support@dell. select the Hardware link. Go to Inventory > Computers. 4. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. You will be redirected to the Dell Support Web site. select Dell Warranty. The K1000 : Reports page appears. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. To renew Dell Warranty information To perform these steps. To run Dell Warranty reports To perform these steps. 1. The Computers : Detail Item <Machine Name> page appears. Select the Dell machine in the list of computers for which you wish to renew warranty information. Version 5. The warranty information is updated immediately for this machine. Go to Reporting > Reports.3 108 . You can also view additional information about your existing warranty. Here you can renew your warranty information if it is outdated. Administrator Guide. Under the Inventory Information section. Select the Refresh button. 3. Administrator Guide. CSV or PDF files. View the following reports: • • Dell Warranty Expired Dell Warranty Expires in the Next 60 Days You can run these reports and store them as HTML.Managing Software and Hardware Inventories 5 3. Version 5. These reports are available at both the Organization level and the System level within the K1000 Management Appliance.3 109 . Version 5.3 .5 Managing Software and Hardware Inventories 110 Administrator Guide. on page 111. allowing you to import and export appliance resources among them. its options are not displayed. see Transferring resources between Organizations. on page 115. Transferring resources using a SAMBA share. Transferring resources using a SAMBA share Any appliance can export the resources listed in Importing and exporting resources to another appliance using their SAMBA share directories as staging areas. you also can transfer resources between organizations within an appliance.3 111 . For details. For details.6 Importing and Exporting Appliance Resources This chapter explains how to transfer K1000 Management Appliance resources between organizations within an appliance and between separate appliances. see the Transferring resources using a SAMBA share section. Transferring resources between Organizations. Importing and exporting resources The Administrator Portal offers you the ability to import and export the following resources components between separate K1000 Management Appliances or between different organizations within an appliance: • • • • • • • Email alerts Managed Installations Reports Scripts Smart labels Software components from Inventory Ticket rules All K1000 Management Appliance have built-in SAMBA share directories. Administrator Guide. on page 111. on page 115. If you do not use Organizational Management. Version 5. • • • Importing and exporting resources. If you use the Organizational Management component of the K1000 Management Appliance. 3. The Resource Management Panel appears.3 . 112 Administrator Guide. all available resources on the appliance are listed. 1. The Export K1000 Resources page appears. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Click Export K1000 Resources. Select a resource from the View by list to display only that resource category. Version 5. Open the Administrator Portal of the appliance from which to export resources. Go to Settings > Resources. By default. You can limit the resources to view using the drop-down list and Search field on the right side of the page.6 Importing and Exporting Appliance Resources Export resources from one appliance to another using SAMBA shares To perform these steps. listing all of the resources available to export. 2. go to Settings > Resources. 7. 9. Go to Settings > Control Panel > General Settings. The Annotate Exported Resource(s) splash screen appears.3 113 . and click General Settings. 11. but very large resources take longer. copy the resources from the exporting appliance SAMBA share to the importing appliance SAMBA share. Using a third-party file copying utility. Administrator Guide. 5. In this example. The resources you exported are now available on your SAMBA share for other K1000 Management Appliance to import. 10. The K1000 Settings: General page appears. and note the location of the SAMBA share directory in the SAMBA Share Settings section. You need to copy the appliance resources from this directory to the SAMBA share of the appliance importing the software. Your exported resources first appear on the Resource Manager Queue page with a Status of New Request. go to Settings > Control Panel. 6. the Status changes to Completed. In the Choose Action menu. Enter a description of the components to export in the Notes field and click Save. When finished. Most import/export tasks only take a moment. click Export to SAMBA Share. Version 5. Select the check boxes next to those resources you wish to export. For the importing appliance. 8. only reports with the term closed in the description are listed: 4.Importing and Exporting Appliance Resources 6 Enter a term in the Search field to limit the resources list even further. note the location of the SAMBA share directory. For the importing appliance. Click the Refresh button to update this page. This page does not refresh by itself for several minutes. In the SAMBA Share Settings section. Version 5.3 . From Choose Action menu. 114 Administrator Guide. listing all of the appliance resources available to import. click Import Resource(s) from SAMBA Share. Click Import K1000 Resources.6 Importing and Exporting Appliance Resources The Resource Management Panel appears: 12. The Import Resources from SAMBA Share Directory page appears. The Import K1000 Resources page appears. 13. Scripting. Inventory > Software. Distribution > Managed Installations) for your organization to use. This page does not refresh by itself for several minutes. Version 5.3 115 . Once you see a Status of Completed. Click Refresh to update this page. Select the resource files to import. Transferring resources between Organizations You transfer resources between KACE K1000 Appliance organizations by exporting them from one organization and then importing them into another. and click Import Resources. the Status changes to Completed. the resources you imported are available and listed on their respective tabs (Reporting. Your imported resources first appear on the Resource Manager Queue page with a Status of New Request.Importing and Exporting Appliance Resources 6 14. Most import/export tasks only take a moment. When finished. but very large resources take longer. Administrator Guide. The sections below explain how to do this. 6 Importing and Exporting Appliance Resources Exporting resources to Other Organizations on an appliance To perform these steps. The Resource Management Panel appears. 3. click Export to Local K1000. 1. click Export K1000 Resources. Version 5. The Annotate Exported Resource(s) splash screen appears. which is explained in this section. 4. The first step in transferring any of the resources listed in Importing and exporting resources is exporting them from one organization. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 116 Administrator Guide. 2. In the Choose Action menu. To export resources from one organization to the others. Go to Settings > Resources. and then click Save.3 . Select the check boxes next to the resources you wish to export. listing all of the resources on the appliance available to export. The Export K1000 Resources page appears. Enter a brief comment describing the exported resources in the Note field. 5. follow the instructions in the Exporting resources to Other Organizations on an appliance section. see the Importing resources from another organization on your appliance section. In a few minutes. 1. and the Status changes to Completed. Version 5. To import appliance resources from another appliance. Click Import K1000 Resources.3 117 . be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.Importing and Exporting Appliance Resources 6 Your exported resources first appear on the Resource Manager Queue page with a Status of New Request. the export will complete. For details on importing these resources into another organization. they are available to the other organizations on that appliance to import and use. Import software components from another organization To perform these steps. The resources you exported are now available for other organizations on your appliance to import. Go to Settings > Resources. follow the instructions in the Transferring resources using a SAMBA share section. Importing resources from another organization on your appliance Once resources are exported from an organization. Administrator Guide. Click the Refresh button to update this page. The Resource Management Panel appears. If you have not yet exported the appliance resources you need. 2. Select the check boxes next to the resources that you would like to import. 118 Administrator Guide. In the Choose Action menu. the resources you imported are available on the respective pages (Reports. click Import Selected Resource(s). Distribution > Managed Installations) for your organization.3 . This page may not refresh for several minutes. Version 5. When finished. the Status changes to Completed. listing all of the resources available to import: 3. 4. Once you see a Status of Completed. Inventory > Software. Click the Refresh button to update this page.6 Importing and Exporting Appliance Resources The Import K1000 Resources page appears. Scripting. The Resource Manager Queue page appears. Your imported resources first appear on the Resource Manager Queue page with a Status of New Request. but very large resources take longer. Most import/export tasks only take a moment to complete. and switches. (This can be done only if configured under Machine Action. routers. network devices. Create a remote connection to the machine.3 . It can scan any type of device (as long as the device has an IP address on the network). allowing you to monitor the availability and service level of a target machine. including computers. Version 5. IP Scan scans ports in addition to IP addresses.) 119 Administrator Guide. Viewing Scheduled Scans list By default. you can: • • • Schedule new scan. From this page. allowing you to retrieve information about machines connected to your network. you can invoke a scan on-demand or schedule an IP scan to run at a specific time. Apply a label or a Smart Label or delete a label. on page 119. • • • IP Scan Overview. About scan results On the scan results page. on page 120. Delete scans. You can collect data even without knowing the IP addresses of the target machines. printers. virtual machines. Creating an IP Scan.7 Scanning for IP Addresses IP scan allows you to scan a range of IP addresses to detect the existence and attributes of various devices on a network. wireless access points. IP Scan reports a variety of inventory data. Viewing Scheduled Scans list. on page 119. servers. the IP Scan tab displays the available scans. IP Scan Overview The K1000 Management Appliance can scan a range of IP addresses for SNMP-enabled machines. Although IP scans have their own server-side scheduling. you can also: • • Schedule a new scan. relatively small. click Add New Item. The following is an example: 1. and SNMP across a single subnet or multiple subnets. if you need to scan a large number of IP addresses frequently. define a network scan to report which machines are listening on that port. 3. Port 80). When defining a network scan. 2. Go to Inventory > IP Scan. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. This allows you to view devices that are connected to your network even when the agent is not installed on those devices. balance the scope of the scan (number of IP addresses you are scanning) with the depth of the probe (number of attributes you are scanning for). 2. You also define a network scan to search for devices listening on a particular port (for example. To determine which machines on your network are running an agent. In the Choose Action menu. Version 5. In the Choose Action menu. The agent listens to port 52230. As a general rule. The Network Scan Setting page appears. 120 Administrator Guide. The Network Scan Results page opens.7 Scanning for IP Addresses To view scan results To perform these steps. Enter the IP range to scan in the Network Scan IP Range field. Enter a name for the scan in the Network Scan Friendly Name field. There are other ways to get to scan results. Socket. keep the number of ports. 1. so that you do not overwhelm your network or the appliance. 4. To create an IP scan To perform these steps. and so on. For example. TCP/IP connections. scan a particular subnet no more than once every few hours. Creating an IP Scan You can create a network scan that will search for DNS. The Network Scan Settings page appears. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.3 . Go to Inventory > IP Scan. click View Scan Inventory. Specify the connection test details: Select this check box to perform connection testing during network scan. Version 5. Administrator Guide. This can help you identify known nodes on your network. (Public is the default. 8. If the Ping and Socket tests are disabled. Connection Time Out Enter the time out interval (in seconds). Specify the DNS lookup test details: Check live addresses against the DNS server to see if they have an associated name. Specify SNMP test details: Select this check box to enable SNMP scanning.3 121 . Enter a comma-separated list of UDP ports to scan. Enter the host name or IP address. Connection Test Enabled Connection Test Protocol Connection Test Port Enter the port to use for testing the connection. Device Port Scan Enabled TCP Port List UDP Port List Port Scan Time Out 10.) The query only runs if authentication is not required. If it is. Enter the time out interval (in seconds). Specify port scan test details: Select this check box to enable port scanning of device ports. When authentication is required. Enter a comma-separated list of TCP ports to scan. SNMP Enabled SNMP Public String 9. Enter the time out interval (in seconds). Run the scan at a specified interval. Enter the community string to query. Enter the protocol to use. Specify the scan schedule: Don’t Run on a Schedule Run Every n minutes/ hours Run in combination with an event rather than on a specific date or time. you cannot run the other tests. Select the Ping Test Enabled check box. 7. DNS Lookup Enabled Name Server for Lookup Lookup Time Out 6. The Ping or Socket tests determine if the address is alive. the scan returns SNMP enabled with no system data.Scanning for IP Addresses 7 5. you can run an SNMP or a Port Scan against it. to search machines that have a successful ping status. Smart Labels. when using these fields as criteria for advanced search.” set the schedule of the scan configuration to not run. Click the Advanced Search tab. However. Select a condition from the drop-down list.3 . The Network Scan Settings page appears. or run on a designated day of the week at a specified time. or notifications. Click Inventory > IP Scan. Enter the attribute value. For example. Therefore. In the Choose Action menu. 122 Administrator Guide. Click Search. you must enter the numeric values. To search network scan results on the basis of status fields To perform these steps. 6. Version 5. enter 1. 7. click View Scan Inventory. For example: Ping Status. 3. Deleting a scan configuration also deletes all associated scan inventory items. If you want to maintain the scan inventory. 4. but do not want to “rescan. Connection Status. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Click Save. and SNMP Status as Succeeded or Failed. Clicking the IP address of a network device displays the values for Ping Status. Run the schedules daily at a specified time.7 Scanning for IP Addresses Run Every day/specific day at HH:MM AM/PM Run on the nth of every month/specific month at HH:MM AM/PM 11. Run either monthly at a specified time and day or run at a designated time and day on a specified month. Select an attribute from the drop-down list. For example: =. 2. 1. The Network Scan Results page appears. the underlying database fields actually contain a 0 for Failed and 1 for Succeeded. The search results are displayed below. 5. To see whether the Smart Label produces the desired results. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Version 5.3 123 . 7. IP Scan Smart Labels with lower order values are run before those with higher order values. On the Labels page. Click the icon next to an order value to modify it. 6. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. they are automatically assigned to the associated Smart Label. click Test Smart Label. In the Choose Action menu. 5. including DNS.Scanning for IP Addresses 7 IP Scan Smart Label The IP Scan Smart Label searches for all devices that are detected in the Network Scan. Click Create Smart Label. 3. 2. 4. 1. 4. In the Choose Action menu. Enter the appropriate order value. Smart Labels enable you to dynamically identify based on a search criteria. The Labels page appears. On the Labels page. The Network Scan Results page appears. Socket. and SNMP across a single subnet or multiple subnets. click Add New IP Scan Smart Label. 5. Administrator Guide. 3. click Smart Labels. click Order IP Scan Smart Labels. Specify the search criteria. Choose or enter the label to associate with the Smart Label. click Smart Labels. and click Save. Click Home > Label. The default order value for a new IP Scan Smart Label is 100. To dynamically identify the network scan results To perform these steps. The Order IP Scan Smart Labels page appears. 2. When devices that meet the specified criteria are detected in the network scan. To edit the order value of IP Scan Smart Labels To perform these steps. Click Home > Label. You can specify the order in which IP Scan Smart Labels are run by changing their order value. 1. You can modify or delete a Smart Label after it has been created from the Home > Label > Smart Labels page. Version 5.7 Scanning for IP Addresses 124 Administrator Guide.3 . File Synchronizations. on page 143. on page 133. Distribution Feature Overview Dell recommends that customers follow a predefined set of procedures before deploying any software on their network. and files to the computers on your network. Wake-on-LAN. on page 125. on page 129. to avoid distribution problems. Managing iPhone Profiles. on page 155. Managing Dell Systems with Dell Updates. • • • • • • • • • • • • Distribution Feature Overview. However. on page 145. Examples of Common Deployments on Linux. on page 143.8 Distributing Software from Your K1000 Management Appliance The K1000 Management Appliances software distribution features offer various methods for deploying software. Configuring Dell OpenManage Catalog Updates. This process can be modified to meet the needs of your organization. updates. Version 5. Types of Distribution Packages. on page 126. on page 148. Examples of common deployments on Windows. Examples of Common Deployments on Mac OS. on page 158. Replication. on page 153. The following illustration represents a high-level example of a generic distribution process. it is important to test various deployment scenarios prior to deployment. Managed Installations. Administrator Guide. on page 139.3 125 . machine. and deploy portions of this flow diagram. starting on page 125. You can create a test label and perform a test distribution before you go live in your environment. This chapter focuses primarily on the test. This rule applies even if you are: 126 Administrator Guide. and deploy the required software using your appliance. Types of Distribution Packages The primary types of distribution packages that can be deployed on the nodes in the network are: • • • Managed installations File synchronizations Appliance agents Distribution packages (whether for managed installation. or operating system. establish procedures for testing each piece of software before deploying it on your network. For more details on creating an inventory of computers and software packages in use on your network. see Chapter 8: Distributing Software from Your K1000 Management Appliance. target. Version 5.3 . This practice helps you to verify the compatibility of the software with the operating system and other applications within your test group. or user portal packages) cannot be created until a digital file is associated with an Inventory item. Therefore. file synchronization. the appliance cannot assess the compatibility with other software on the target machine. develop a test group of target machines. For example.8 Distributing Software from Your K1000 Management Appliance Figure 8-1: Basic Deployment procedure Inventory & Assess Test Target Deploy Report One of the most important concepts in the deployment procedure is to test each deployment before rolling it out to a large number of users. The appliance verifies that a package is designated for a particular system. However. You can create a test label from the Home > Labels tab. or deployment definitions. For example. labels. . 2. the Inventory item does not deploy to targets with Windows 2000. the Managed Installation (MI) cannot be verified against more than one inventory item because the MI checks for the existence of only one inventory item. it only records the operating systems on which the item was installed in the Inventory detail record. starting on page 15. Ensuring that Inventory item package names match If the display name of the Software Inventory item does not exactly match the name that the software registers in Add/Remove programs. 3.Distributing Software from Your K1000 Management Appliance 8 • • Sending a command. see Managing Your Software Inventory. Install the package manually on a machine. To ensure that the Inventory item display name exactly matches: 1. Install the package on a target machine. on page 78. Also the package does not deploy to nodes that are not included in the machine label. if the Inventory item is defined for Windows XP Professional only. For information about updating an existing version of the appliance agent. To create a distribution 1. 2. To create packages with different settings. However. A managed installation must be enabled by selecting a managed action and a deployment window. Use the item listed in the Software Inventory list for the Managed Installation. you can create multiple distribution packages for a single Inventory item. rather than an installation or a digital file. to target machines. Take an inventory of that machine. Version 5. the package does not deploy to machines that are not in ‘Office A’.exe. For more information on how to take an inventory. Although the K1000 Agent tab is listed under the Distribution tab. “Deploying K1000 Agent” is discussed as part of the installation and setup process in Chapter 1: Getting Started. Distributing packages from the appliance Packages distributed through the appliance are only deployed to target nodes if the Inventory item is designated to run on the target’s operating system. such as parameters. Take an automatic inventory of that machine using the appliance. if the deployment package is set to deploy to a label called ‘Office A’. Redirecting the appliance agents to retrieve the digital asset (for example. When an appliance creates a software inventory item. For example. The newly installed package appears in the Inventory list.msi) from an alternate download location. see K1000 Agent Update. on page 91. the appliance may attempt to deploy a package repeatedly even though it is already there.3 127 . Administrator Guide. . To activate this capability. or an HTTP location. To create the MD5 checksum. You may use any tool to establish your checksum. enter: K1000Client -hash=filename This displays the MD5 hash for the file.8 Distributing Software from Your K1000 Management Appliance You can then associate a digital file and create one or more deployment packages. 128 Administrator Guide. Avoiding storing large packages on the appliance. Distributing Packages from an Alternate Location The K1000 Management Appliance supports software distribution from alternate locations. Version 5. The CIFS and SMB protocols.3 . Ensure that the alternate location has the required files for installing the application. the digital asset on the file share must exactly match the digital asset associated with the Deployment Package on the K1000 Management Appliance.exe). The agent can retrieve digital installation files from remote locations. SAMBA servers. When the appliance fetches files. the replication share is always used instead of an alternate download location. An alternate download location can be any path on the network. the target path must include the complete filename (for example. Appliance If a replication share is specified in the label. When to use a replication share or an alternate download location The difference between a replication share and an alternate download location is: • Replication share is a full replication of all digital assets and is managed automatically by the appliance. and file server appliances are supported by your K1000 Management Appliance. \\fileserver_one\software\adobe. If no checksum is entered. it uses these priorities: 1. you must enter an alternate checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Replication share 3. The alternate download feature addresses administrative issues. such as: • • Supporting remote sites with restricted bandwidth. If there is no replication share. DFS source. Alternate download location 2. which might result in difficulties accessing the appliance. the agent fails over to the appliance. including a UNC address. Also. for example. You make sure that the alternate location has the files that might be needed for installs of a particular application. and other file types for software deployment. either by running a single file. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. Managed installations enable you to deploy software that requires an installation file to run to the computers on your network. Managed Installations To perform these steps. If a replication share is specified. or VBScript. the package can be installed remotely by the appliance. To determine supported parameters for the . on page 148. The agent always fails over to appliance in following scenarios: • • There is no replication share specified for any label it is a member of There are more than one possible replication shares identified For more information on replication shares. Version 5.msi.3 129 . you can: • • • • • Create or delete Managed Installations Execute or disable Managed Installations Specify a Managed Action Apply or remove a label Search Managed Installations by keyword Installation parameters Your K1000 Management Appliance allows packaged definitions to contain . You can use parameters as custom installation settings.msi or other any installer.zip.msi file To identify which parameters are supported by your . that is always be used instead of any other alternate location. a standard install or to bypass auto-restart. To simplify the distribution and installation process. the package definition can also contain parameters that are passed to the installer at run time on the local machine. Whenever a replication share is specified for a label.Distributing Software from Your K1000 Management Appliance 8 • Alternate download location can be any path on the network. nodes in that label go to that replication share to get files until you remove them from the label or stop using the replication item. . From the Managed Installation tab. If an administrator installs the file on a local machine. refer to Replication. BAT file. follow these steps: Administrator Guide..exe. You can create a Managed Installation package from the Distribution > Managed Installation page. msi. The following section provides general steps for creating a managed installation. Creating a managed installation for the Windows platform When creating a managed installation. / norestart. In the Choose Action menu. 2. Use the parameter definitions identified to update your package definition. Upload & Associate Click the Browse button and navigate to the location that contains the new New File executable of any software selected or to associate an executable to a software without an associated file. 2. 1. 4.exe.8 Distributing Software from Your K1000 Management Appliance 1. Open an MS-DOS command prompt.3 . 1. The Managed Software Installation: Edit Detail page appears.\adobe.. Select Distribution > Managed Installations.zip file. they are displayed.exe /? If that package supports parameters. To create a managed installation for Windows platforms To perform these steps. . For example: /quiet. Version 5. 130 Administrator Guide. Enter the following information: Also show software Select this check box to display any software without an associated executable without an uploaded. Go to the directory that contains the target installer. select Add New Item. refer to the subsequent sections. You can upload a file to the software record directly from this Associated File Managed Installation page. refer to the software vendor’s documentation. You can filter the list by entering any filter options. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. For specific details on creating a managed installation for an . Enter: filename /? For example: adobe. 3. you can specify whether you want to interact with the users using a custom message before or after the installation. You can also indicate whether to deploy the package when the user is logged in or not and limit deployment to a specific label. or .exe 3. Select the software from the Software drop-down list. For example: c:\. 4. If these steps do not succeed.. specify full command-line e parameters in the provided field. you cannot specify an alternate checksum for matching the checksum on the remote file share. point to a BAT file that contains the path and the command. • Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Delete Downloaded Files Use Alternate Download Select this check box to delete the package files after installation. the appliance does not fetch software from the alternate download location. For example: \\kace_share\demo files\share these files\setup. the following fields appear: • Alternate Download Location: Enter the location where the K1000 Agent can retrieve digital installation files. Run Command Only: Select this check box to run the command line only. • Alternate Download Password: Enter the password for the user name. • If your Parameters file path includes spaces.Distributing Software from Your K1000 Management Appliance 8 Installation Command Select the Use Default or Configure Manually option. Administrator Guide. For more information. Because that label cannot be specific to any managed installation. Un-Install using Full Command Line: Select this check box to uninstall software. on the command line. Version 5. • Alternate Download User: Enter a user name that has the necessary privileges to access the alternate download location. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. refer to Distributing Packages from an Alternate Location. Specify an alternate download location only for a specific managed installation. on page 57.bat Configur Installation Command: If desired. Select this check box to specify details for alternate download. enclose the complete path in quotes. refer to To add or edit a new label.3 131 . Use Default Run Parameters: Specify the installation behavior as follows: • The maximum field length is 256 characters. on page 128. Refer to the MSI Command Line Manually documentation for available runtime options. When you select this check box. Notes (Optional) Enter additional information in this field. For more information. If your path exceeds this limit. Note: If the target machine is part of a replication label. You can limit deployment to one or more machines. overrides and/or interact with the deployment window of a specific package. Select a label to limit deployment only to machines belonging to the selected label. between 0 and 99. Select the order to install the software. Deploy to All Machines Specify the deployment details: Select this check box to deploy the software to all machines.3 . Specify the time (using a 24-hour clock) to deploy the package. Press CTRL to select multiple labels. If you have selected a label that has a replication share or an alternate download location. If you specify 0. You can filter the list by entering filter options. Also. the run intervals defined in the System Console. The lower value deploys first. under K1000 Settings for this specific organization. the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from the appliance. Available options are: • Disabled • Execute anytime (next available) • Execute before logon (at machine bootup) • Execute after logon (before desktop loads) • Execute while user logged on • Execute while user is logged off 5. The Deployment Window times affects any of the Managed Action options. Version 5. Select the machines from the drop-down list to add to the list. Limit Deployment To Selected Labels Limit Deployment To Listed Machines Deploy Order Max Attempts Deployment Window (24H clock) 132 Administrator Guide. to indicate the number of times the K1000 Management Appliance tries to install the package. Note: The appliance always uses a replication share in preference over an alternate location. Enter the maximum number of attempts.8 Distributing Software from Your K1000 Management Appliance Managed Actions Managed Action allows you to select an appropriate time for this package to be deployed. the appliance enforces the installation forever. Custom Post-Install Select this check box to select a message to users after the installation is Message complete. • Snooze Timeout: Enter the timeout. if the installation is being carried out when there currently no active users accessing their desktop. the following additional fields appear: • Pre-Install User Message: Enter a pre-install message. When you click the check box. This section provides examples for each type of deployment. in minutes. • Post-Install Message Timeout: Enter a timeout. For example. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction. • Pre-Install Message Timeout: Enter a timeout. For each of these examples. Version 5.exe. for which the message is displayed. if the installation is being carried out when there currently no active users accessing their desktop. We recommend that you install the software on a QA machine. for which the message is displayed. For example. and . When you click the check box. in minutes. When you select the check box. Custom Pre-Install Message Select this check box to display a message to users prior to installation. you must upload the file to the appliance before creating the Managed Installation package.Distributing Software from Your K1000 Management Appliance 8 6. in minutes.msi. • Pre-Install Timeout Action: Select a timeout action from the dropdown list. Click Save. wait till the appliance agent connects to the appliance and creates an Inventory item for the software. and then creates the Managed Installation package. • Snooze Timeout Action: Select a timeout action that take places at the end of the timeout period. the following additional fields appear: • Post-Install User Message: Enter a post install message.zip files. . which are . this action takes place at the end of the timeout period. Allow Snooze Set user interaction details: Click the check box to allow snooze.3 133 . Options include Install later or Install now. 7. Administrator Guide. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction. the following additional fields appear: • Snooze Message: Enter a snooze message. for which the message is displayed. Examples of common deployments on Windows This section provides examples of the three most common package deployments. 8 Distributing Software from Your K1000 Management Appliance Standard MSI example Using . 1. If you are using Windows Installer 3. If your .0 or later. Select the software from the Software drop-down list. The appliance parameter line does not require the file name or msiexec syntax. The most up-to-date version of Windows Installer can be distributed to nodes with the appliance. To create a managed installation for Windows platforms To perform these steps. the deployment is simple. which includes the supported parameters list. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. self-contained way to deploy software on Windows-based machines. In the Choose Action menu. 2. Enter the following information: Select this check box to display any software without an associated executable uploaded. Also show software without an Associated File Upload & Associate New File 134 Administrator Guide. You can filter the list by entering any filter options. MSI files require a /i switch when using other switches with an install.msi files. The only the /* input is required: /qn /I (Correct) msiexec /I /qn (Incorrect) To use parameters with . Select Distribution > Managed Installations.msi file requires no special transformation or customization.3 . Enter msiexec in the popup window. you can identify the supported parameters by selecting the Run program available from the Start menu. You can upload a file to the software record directly from this Managed Installation page. 4. Some switches may not be active on older versions. Click the Browse button and navigate to the location that contains the new executable of any software selected or to associate an executable to a software without an associated file. 1. 3.msi files is an easy. Version 5. select Add New Item. The Managed Software Installation: Edit Detail page appears. all your target machines must have the same version of Windows Installer (available from Microsoft). A window displays. Because that label cannot be specific to any managed installation. refer to To add or edit a new label. Notes (Optional) Enter any additional information in this field. • Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes).Distributing Software from Your K1000 Management Appliance 8 Installation Command Select the Use Default or Configure Manually option. you cannot specify an alternate checksum for matching the checksum on the remote file share. Use Default Run Parameters: Specify the installation behavior as follows: • The maximum field length is 256 characters. specify full commande line parameters in the provided field. on page 57.3 135 . For more information. on the command line. For example: “\\kace_share\demo files\share these files\setup. Specify an alternate download location only for a specific managed installation. the following fields appear: • Alternate Download Location: Enter the location where the K1000 Agent can retrieve digital installation files. • Alternate Download Password: Enter the password for the user name.bat”. enclose the complete path in quotes. Version 5. When you select this check box. Refer to the MSI Manually Command Line documentation for available runtime options. Administrator Guide. Configur Installation Command: If desired. point to a BAT file that contains the path and the command. For more information. the appliance does not fetch software from the alternate download location. • If your Parameters file path includes spaces. Un-Install using Full Command Line: Select this check box to uninstall software. Run Command Only: Select this check box to run the command line only. If your path exceeds this limit. refer to Distributing Packages from an Alternate Location. • Alternate Download User: Enter a user name that has the necessary privileges to access the alternate download location. on page 128. Delete Downloaded Files Select this check box to delete the package files after installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. Use Alternate Download Select this check box to specify details for alternate download. Note: If the target machine is part of a replication label. Specify the time (using a 24-hour clock) to deploy the package. Select the machines from the drop-down list to add to the list. overrides and/or interact with the deployment window of a specific package. If you specify 0. Enter the maximum number of attempts. between 0 and 99. the run intervals defined in the System Console. to indicate the number of times the K1000 Management Appliance tries to install the package. Press CTRL to select multiple labels.3 . The Deployment Window times affects any of the Managed Action options. the appliance enforces the installation forever. Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines Deploy Order Max Attempts Deployment Window(24H clock) 136 Administrator Guide. Note: The appliance always uses a replication share in preference over an alternate location.8 Distributing Software from Your K1000 Management Appliance Managed Actions Managed Action allows you to select an appropriate time for this package to be deployed. You can filter the list by entering filter options. If you have selected a label that has a replication share or an alternate download location. Version 5. under K1000 Settings for this specific organization. Also. Specify the deployment details: Select this check box to deploy the software to all machines. You can limit deployment to one or more machines. the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from the appliance. The lower value deploys first. Select a label to limit deployment only to machines belonging to the selected label. Select the order to install the software. Available options are: • Disabled • Execute anytime (next available) • Execute before logon (at machine bootup) • Execute after logon (before desktop loads) • Execute while user logged on • Execute while user is logged off 5. zip file is a convenient way to package software when multiple files are required to deploy a particular software title (for example. For example. plus required configuration and data files). Version 5. When you select the check box. • Pre-Install Timeout Action: Select a timeout action from the drop-down list. Standard EXE Example The standard executable example is identical to the MSI example above with one exception: / I is not required in the “run parameters” line when using an . specify /? in the run parameters field. if the installation is being carried out when there currently no active users accessing their desktop. the following additional fields appear: • Pre-Install User Message: Enter a pre-install message. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction. Click Save. • Snooze Timeout: Enter the timeout.Distributing Software from Your K1000 Management Appliance 8 6. for which the message is displayed. When using an executable file. setup. 7. the following additional fields appear: • Post-Install User Message: Enter a post install message. for which the message is displayed.3 137 . Options include Install later or Install now. the following additional fields appear: • Snooze Message: Enter a snooze message.exe. • Post-Install Message Timeout: Enter a timeout. To do this. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction. • Snooze Timeout Action: Select a timeout action that take places at the end of the timeout period. it is often helpful to identify switch parameters for a quiet or silent installation. in minutes. • Pre-Install Message Timeout: Enter a timeout. Standard ZIP Example Deploying software using a . Allow Snooze Set user interaction details: Click the check box to allow snooze. if the installation is being carried out when there currently no active users accessing their desktop. When you click the check box. Custom Pre-Install Message Select this check box to display a message to users prior to installation. if you have a CD-ROM containing a group of files Administrator Guide. When you click the check box. Custom Post-Install Message Select this check box to select a message to users after the installation is complete. this action takes place at the end of the timeout period. in minutes. for which the message is displayed.exe file. For example. For example. in minutes. as well as BZip2.zip file using WinZip or another utility. Click Distribution > Managed Installation.” 138 Administrator Guide. specify the complete command with arguments.zip files. which in WinZip is called “maximum compression.exe /qn 9.zip file. Version 5. you can package them together in a . zlib and raw deflate. However.3 . You can do this manually from the Inventory > Software tab or by installing the package on a node that regularly connects to the appliance. Select all files and create a . To create a managed installation for a . This library supports .zip file created using WinZip maximum compression. the package may fail to uncompress and you may see an error in the application event viewer or kbxlog.zip file and upload them to the appliance for deployment. Compression mode 9 is deflate64. 4.exe extensions.exe).8 Distributing Software from Your K1000 Management Appliance required to install a particular application. For example: setup. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page.zip file with the inventory item and upload it to the appliance. 1. tar with GNU long filename extensions. 5.0) style encryption.zip files using both stored and deflate compression methods and also supports old (PKZIP 2. gzip.zip that you would like to run in the Command (Executable) field within the Deployment Package (for example. If you intend to deploy a . Select the software title that the . Zip64 and deflate64 are not supported. When attempting to deploy a .zip file To perform these steps. 6. The Managed Software Installation : Edit Detail page appears. 3.zip file is associated with from the Software dropdown list.msi and . Browse to the location that contains the necessary installation files. you must place the name of the file within the . K1000 Management Appliance also provide a capability for administrators to zip many files together and direct the appliance to unpack the ZIP file and run a specific file within. The appliance agent automatically runs deployment packages with . 2. 8. Associate the . click Add New Item. runthis. 7. In the Choose Action menu. Click Save. The Managed Installations page appears.txt with the message: Unsupported compression mode 9 The appliance agent uses a library called SharpZipLib to uncompress . However. Create an inventory item for the target deployment. In the Run Parameters field. If the filename contains spaces. and logs an error if is not. 4. the content is unpacked. so you can install more than one package at a time. Click Distribution > Managed Installations. To change the default parameters. You can specify wildcards in the filenames you use.zip. You can also create an archive containing a shell script and then specify that script name as the full command.3 139 . you must have already uploaded the file to the appliance prior to creating the Managed Installation package. and then creating the Managed Installation package.gz files.Distributing Software from Your K1000 Management Appliance 8 To resolve the issue. You can deploy software on Linux-based machines using .gz file. 2.rpm If you have selected a . On Red Hat Linux. We recommend installing the software on a QA machine. recreate the zip file using WinZip “normal compression.bin. By default. and tar. you have to specify this in the Run Parameters field. . To create a managed installation for an .rpm files. The installation command is run against each of these files. The appliance runs that command if it is found. The Managed Installation: Edit Detail page appears. The files are extracted into a directory in /tmp and it becomes the current working directory of the command. and the root directory searched for all . Select the software from the Software drop-down list. waiting a sufficient amount of time for the appliance agent to connect to the K1000 Management Appliance and create an inventory item for the software. For each of these examples. You can filter the list by entering any filter options.rpm files. The Managed Installations page appears.rpm file To perform these steps.rpm file using the following command. the appliance agent attempts to install the . 3. this is sufficient to install a new package or update an existing one to a new version: rpm -U packagename. Version 5. In general. 1. The appliance finds all rpm files at the top level of an archive automatically. Administrator Guide. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page.tgz/tar.rpm .zip/.tgz. you do not need to include any other files in your archive other than your script if that is all you want to execute. In the Choose Action menu.” Examples of Common Deployments on Linux This section provides examples of the supported package deployments: . enclose it in single or double quotation marks. . click Add New Item. sh Both these examples. and you want to execute a shell script or other executable that you have included inside an archive. If you select the Uninstall Using Full Command Line check box. Enter a value to override (Default -U default).rpm file. Version 5. specify a full command line in the Installation Command field to ensure the correct removal command is run on the correct package. to run a shell script called installThis. package it alongside an .3 .rpm Removing software in this way is performed only if the archive or package is downloaded to the node. If you archived it inside another directory. batch script.sh in the Installation Command field. Run Parameters Installation Command 140 Administrator Guide. as well as some other K1000 Management Appliance functions.rpm file. If you're using another scripting language. the agent runs the following command on either your standalone rpm file or each rpm file it finds in the archive. you can enter the following installation details: (Optional) You do not need to specify parameters if you have an . removing the packages automatically: //usr/sbin/rpm -e packagename. the Installation Command field is: . then the command that runs on the computer is: rpm -ivh –replacepkgs package. If you select the uninstall check box in the MI detail. you may need to specify the full path to the command processor you want to run in the Installation Command. assume that “sh” is in the root's PATH. if you set Run Parameters to: -ivh --replacepkgs.tgz” If you do not want to use the default command.rpm file. The Linux node tries to install this via: rpm [-U | Run Parameters] "packagename. and then enter the command: . this command is run against all of the . The appliance executes the installation command by itself. If you have specified an archive file.sh.8 Distributing Software from Your K1000 Management Appliance If the PATH environment variable of your root account does not include the current working directory./dir/filename. For example. 5./filename. specify the relative path to the executable in the Full Command Line field. like /bin/sh . specify the path in the installation database where the package receipt is stored. For example./installThis. Because no package is downloaded in this case. The command is executed inside a directory alongside the files that have been extracted.rpm files it can find.rpm You do not need to specify a full command line if you have an . If your package requires additional options. you can replace it completely by specifying the complete command line here.sh Include appropriate arguments for an unattended. Otherwise. Press CTRL to select multiple labels. Also. If you specify 0. override and/or interact with the deployment window of a specific package. Select a label to limit deployment only to machines belonging to the selected label. Administrator Guide. Select the machines from the drop-down list to add to the list. Click the check box to run the command line only. (Optional) Enter additional information in this field. The order in which software is installed. If you have selected a label that has a replication share or an alternate download location. to indicate the number of times the K1000 Management Appliance tries to install the package. Note: The appliance always uses a replication share in preference over an alternate location. Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines Deploy Order Max Attempts Deployment Window(24H clock) 7. This does not download the actual digital asset. it is run. between 0 and 99. Execute anytime (next available) and Disabled are the only options available for Linux platform. This option is not available for Linux platform. under K1000 Settings for this specific organization. Managed Action allows you to select the most appropriate time for this package to be deployed. Specify the deployment details: Click the check box to deploy to all the machines. by default the agent attempts to run the command. Run Command Only Notes Managed Action 6. You can filter the list by entering filter options. This option is not available for Linux platform. If a Full Command Line above is entered. then the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from appliance. The Deployment Window times affects any of the Managed Action options. The lower value deploys first.3 141 . Custom Pre-Install Message Custom Post-Install Message Delete Downloaded Files Select this check box to delete the package files after installation. which is generally expected to remove the package. Enter the maximum number of attempts. the run intervals defined in the System Console. Specify the time (using a 24-hour clock) to deploy the package.Distributing Software from Your K1000 Management Appliance 8 Un-Install using Full Command Line Click the check box to uninstall software. Version 5. Allow Snooze Set user interaction details: This option is not available for Linux platform. the appliance enforces the installation forever. You can limit deployment to one or more machines. refer to About Labels. the following fields appear: • Alternate Download Location: Enter the location from where the K1000 Agent can retrieve digital installation files. 8. • Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes).gz file To perform these steps.gz file: a.gz file. gzip filename. Standard TAR. 1. Click Save. Create an inventory item for the target deployment. and data files). Here you specify an alternate download location only for a specific managed installation. refer to Distributing Packages from an Alternate Location. • Alternate Download Password: Enter the password for the user name specified above.8 Distributing Software from Your K1000 Management Appliance Use Alternate Download Select this check box to specify details for alternate download. To create a managed installation for a tar. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. on page 53.GZ Example Deploying software using a tar. Note: If the target machine is part of a replication label. and upload them to your appliance for deployment.tar. on page 128. If you have a CD-ROM containing a group of files required to install a particular application. tar –cvf filename. configuration.tar This creates filename. Use the following two commands to create tar. then the appliance does not fetch software from the alternate download location. For more information on using an alternate location. you cannot specify an alternate checksum for matching the checksum on the remote file share.rpm. For more information on how to create or edit labels.gz file is a convenient way to package software when more than one file is required to deploy a particular software title (for example.rpm b.tar packagename. When you select this check box. you can package them together in a tar. But since that label cannot be specific to any managed installation. 142 Administrator Guide. packagename.gz 2. Version 5.3 . You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. • Alternate Download User: Enter a user name that has the necessary privileges to access the Alternate Download Location. 3. such as PDF. The string KACE_ALT_Location in the Alternate Download Location field is replaced with the value assigned by the Administrator Guide. refer to Appendix A: Administering Mac OS Nodes. or EXE files. In the Choose Action menu. These can be any type of file. You do not need to specify a full command line.rpm file above. the appliance also provides a capability for administrators to zip many files together and direct the K1000 Management Appliance to unpack the zip and run a specific file within. The Managed Installations page appears. or you can specify an alternate location from where users download the file. and upload it to the appliance.rpm files.rpm extensions. 5. Select the software title with which the tar. Version 5. on page 129 procedures for .Distributing Software from Your K1000 Management Appliance 8 You can do this manually from the Inventory > Software tab. you can push out any type of file to the computers on your network. Creating a file synchronization Using file synchronizations.gz file is associated from the Software dropdown list. Click Save. The installation command is run against each of them.gz file with the Inventory item. You can choose to install the files from the appliance. Enter other package details as described in the Managed Installations. Associate the tar. Examples of Common Deployments on Mac OS For information on common deployments on Macintosh. If no Run Parameters are filled in. 4. which are simply downloaded to the user’s machine. This file is uncompressed and searched for all . or by installing the package on a K1000 Agent machine that regularly connects to the K1000 Management Appliance. The Managed Software Installation: Edit Detail page appears. 8.3 143 . The agent automatically runs deployment packages with . 6.tgz” 7. The Linux node tries to install this using: rpm [-U | Run Parameters] "packagename. ZIP files. Click Distribution > Managed Installation. starting on page 259. but not installed. However. The server executes the installation command by itself. File Synchronizations File synchronizations enable you to distribute software files to the computers on your network. click Add New Item. -U is used by default. such as the operating system affected by the synchronization. If the Location specified above is a shared location. enter the User login name. Create shortcut (to location) Shortcut name Delete Temp Files 5. Click the check box to download the file the next time the K1000 Agent checks into the appliance. 2. Click the check box to create a desktop shortcut to the file location. 4. If the Location specified above is a shared location. Specify the deployment details: Enter a label for the package. Click the check box to delete temporary installation files. To create a file synchronization To perform these steps.3 . The File Synchronization: Edit Detail page appears. In the Choose Action menu. Notes Location (full directory path) Location User Location Password Enabled Create Location (if doesn’t exists) Replace existing files Do Not Uncompress Distribution Persistent Select the software title to install in the Software Title to Install drop-down list. click Add New Item. Click Distribution > File Synchronization. Set or modify the following installation details: Enter any information related to the software title selected. Click the check box if you are distributing a compressed file and do not want the file uncompressed. You should not have a machine in more than one label with an Alternate Download Location specified. The file is distributed to the users assigned to the label. Enter a display name for the shortcut. Version 5.8 Distributing Software from Your K1000 Management Appliance corresponding label. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. Create the installation location if not has not already been created. Limit Deployment to Labels 144 Administrator Guide. The File Synchronizations page appears. Enter the location on the users machine where you want to upload this file. 3. Click the check box if you want the appliance to confirm every time that this package does not already exist on the target machine before attempting to deploy it. enter the login password. 1. Click the check box to overwrite existing files of the same name on the target machines. Pre-Deploy User Message Post-Deploy User Message Enter a post-deployment message to be sent to the user after deployment. Here you specify an alternate download location only for a specific managed installation. To distribute files previously deployed after the deployment window has closed. Note: If the target machine is part of a replication label. Enter a pre-deployment message to be sent to the user prior to deployment.Distributing Software from Your K1000 Management Appliance 8 Limit Deployment to Listed Machines Select a machine for deployment. For more information on how to create or edit labels. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. under K1000 Settings for this specific organization. you can use the Filter field to filter the list by entering a few characters of the machine name. Use Alternate Download Wake-on-LAN The K1000 Management Appliance Wake-on-LAN feature provides the ability to “wake up” computers equipped with network cards that are Wake-on-LAN compliant. Also. When you click this check box. 6. The Deployment Window times affects any of the Managed Action options. refer to Distributing Packages from an Alternate Location. If your list of machines is long. on page 54.3 145 . Version 5. Deployment Window (24H clock) Enter the time (using a 24-hour clock) to deploy the package. then the appliance does not fetch software from the alternate download location. For more information on using an alternate location. But since that label cannot be specific to any managed installation. on page 128. • Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). refer to Managing Labels. • Alternate Download User: Enter a user name that has necessary privileges to access the Alternate Download Location. Click Save. Administrator Guide. click the Resend Files button. Click this check box to specify details for alternate download. • Alternate Download Password: Enter the password for the user name specified above. the run intervals defined in the System Console. overrides and/or interact with the deployment window of a specific package. you cannot specify an alternate checksum for matching the checksum on the remote file share. the following fields appear: • Alternate Download Location: Enter the location from where the K1000 Agent can retrieve digital installation files. for example. The K1000 Management Appliance sends 16 packets per Wake-on-LAN request because it must guess the broadcast address that is required to get the “Magic Packet” to the target computer. select a label from the Labels drop-down list. b. 7. This feature only supports machines that are equipped with a Wake-On-LANenabled network interface card (NIC) and BIOS. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 3. 1. to perform monthly maintenance. Specify the MAC address of the device in the MAC Address field. You can filter the list by entering any filter options. even if those machines do not have the agent installed. Click Distribution > Wake-on-LAN. You can filter the list by entering any filter options. To issue a Wake-on-LAN request To perform these steps. Specify the IP address of the device in the IP Address field. Issuing a Wake-on-LAN request You can wake multiple devices at once by specifying a label to which those devices belong. specify the device’s IP address in the Devices field. Using the Wake-on-LAN feature on the K1000 Management Appliance will cause broadcast UDP traffic on your network on port 7. 2. you can schedule a Wake-on-LAN to go out a specific time. This traffic should be ignored by most computers on the network. you can manually enter the information to wake the device. 5. The Wake-on-LAN page appears.8 Distributing Software from Your K1000 Management Appliance Wake-on-LAN feature overview The Wake-on-LAN feature enables you to remotely power-on device on your network. If the device you want to wake is not inventoried by the K1000 Management Appliance but you still know the MAC (Hardware) address and its last-known IP address. 146 Administrator Guide. 4. Version 5. 6. or you can wake computers or network devices individually. Click them from the Wake a Computer list. To wake computers individually: a. Wake-on-LAN can target a label or a specific MAC-addressed machine. This amount of traffic should not have a noticeable impact on the network. Click Send Wake-on-LAN. and then select multiple computers.3 . To wake multiple devices. To wake a network device. To wake devices on a regular basis. . Press CTRL. 4.Distributing Software from Your K1000 Management Appliance 8 After you send the Wake-on-LAN request. To schedule a Wake-on-LAN request To perform these steps. Click the Schedule a routine Wake-on-LAN event link. For more assistance with troubleshooting Wake-on-LAN. Click Distribution > Wake-on-LAN. Traffic on Port 7 is being filtered by a network device. 5. it might be due inappropriate configuration of network devices. Version 5. The K1000 Management Appliance has incorrect information about the subnet to which the device is attached. In the Choose Action menu. those machines belong.3 147 . Run on the nth of every month/specific month at HH:MM AM/PM 7. 3. 2. Select the appropriate radio button to schedule Wake-on-LAN scan. The Wake-on-LAN tab appears with the scheduled request listed. For example: • • • • • The device does not have a WOL-capable network card or is not configured properly. if any. Select to run the tests on a specific date or the same day every month at the specified time. Don’t Run on a Schedule Run Every day/specific Select to run the tests every day or only the selected day of the day at HH:MM AM/PM week at the specified time. in the Scheduling area: (Default) Select to run the tests in combination with an event rather than on a specific date or at a specific time. In the Labels to Wake-on-LAN box. the results at the top of the page indicate the number of machines that received the request and to which label. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. UDP traffic is not routed between subnets or is being filtered by a network device. From this view you can edit or delete any scheduled requests. Troubleshooting Wake-on-LAN When a Wake-on-LAN request fails to wake devices. Broadcast traffic is not routed between subnets or is being filtered by a network device. select the labels to include in the request. 1. click Add New Item. The Wake-on-LAN page appears. Click Save. The Wake-on-LAN Settings page appears. see: Administrator Guide. 6. Version 5. Replication Using a replication share is a method to handle managed installations.htm.com/support/network/sb/cs-008459. patches. or Dell Updates where network bandwidth and speed are issues. If any replication item is deleted from the appliance server. In creating a replication share. and script dependencies to a shared folder on a node. A replication share allows an appliance to replicate software installers. patching. using a replication share is a good alternative to downloading directly from an appliance.intel. In those situations.3 . identify one node at each remote location to act as a replication machine. The server copies all the replication items to the replication machine at 148 Administrator Guide. it is marked for deletion in the replication share and deleted in the replication task cycle. node upgrades.8 Distributing Software from Your K1000 Management Appliance http://support. Create a computer label for your target nodes before starting the process. To create a replication share To perform these steps. Script dependencies Software Agent upgrades Patches Preparing to create a replication share You can create replication shares only on the machines listed in the Inventory > Computers tab.Distributing Software from Your K1000 Management Appliance 8 the specified destination path. The Replication Shares page appears. The replication process automatically restarts if stopped due to a network failure or replication schedule. Administrator Guide. the replication process restarts at the point it was stopped. Also. kbots. and software. Click Distribution > Replication. you need to first create an inventory record for the machine. see Adding Computers to Inventory. 4. The replication items folder includes the folder for patches. 3. Any new replication item is first listed in the replication queue and then copied after a default interval of 10 minutes. Sneaker net share – You can create a new folder and copy the contents of an existing replication folder to it. You can then specify this folder as the new replication folder in the appliance. upgrade files. 1.3 149 . The K1000 agent needs to be installed on the replication share. This results in conserving the bandwidth by not copying the files twice. Replication items are copied in this order: 1. on page 89. The replication folder created in a machine follows following hierarchy: \\machinename\foldername\repl2\replicationitems folder The machine name and folder name is user defined while repl2 is automatically created by appliance server. To create a share on a machine that is not listed in Inventory. confirm or do the following: • • • The replication share needs to have write permissions of the destination path to write the software files. Version 5. 2. You can manually copy the contents of replication folder to a new folder. If stopped. All the replication items are first listed in the replication queue and then copied one at a time to the destination path. For information. The appliance checks if the new folder has all the replication items present and replicates only the new ones. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. for example \KaceRep\e$. In the Choose Action menu. other characters don’t work. Enter the login name for accessing the download path. Some other characters.3 . Verify that the selected computer label does not have KACE_ALT_LOCATION specified. for example: C:\k1000share • For a network drive. Destination Path Password 8. Use only letters and numbers. Version 5. The replication share is created on this node. The login account should have full access (including write) to the location. Not required for local drives.8 Distributing Software from Your K1000 Management Appliance 2. for example: \\kaceRep\k1000hare Note: $ notation. use local drive syntax. For example. for example. The replication share can be created by two methods: • • Locally Shared network drive 6. We recommend you use only letters and numbers. don’t work. Click the Replication Enabled check box. Specify the replication share destination details: Select the label for the nodes that you want to get files from the replication to share Enter the path for the replication machine to use for the replication share. a UNC path: \\fileservername\directory\k1000\ Other nodes need read permission to copy replication items from this shared folder. Not required for local drives. don’t enable this setting so that you can confirm that the replication is successful. such as @. While you are testing the replication setup. @. Select the node in the Replication Machine drop-down list. KACE_ALT_LOCATION has precedence over the replication share while downloading files to the node. 4. Download Path Download Path User 150 Administrator Guide. Enter the password for the replication share. 5. is not supported Destination Path Destination Path User Enter the login name for the replication drive (destination path). 3. • For a local drive. 9. Specify the replication share download details: Enter the path for nodes in the replication label to copy items from the replication drive. Use only letters and numbers. Click Failover to K1000 (optional). 7. use UNC format. The Replication Share: Edit Detail page appears. click Add New Item. the maximum bandwidth available for replication is used. (Only active patches are available. For information about patching. Administrator Guide. the maximum bandwidth available for replication is used. If this field is left blank. Click to replicate Dell packages to the replication share. see Patching and Security Guide.) For information about patching. The colors represent: • White – Replication Off • Light Blue – Replication on with low bandwidth • Blue – Replication on with high bandwidth Limit Patch Language Files Replicate App Patches Replicate Dell Packages Hi Bandwidth Lo Bandwidth Replication Schedule In the replication schedule. Enter the maximum bandwidth to use for replication. Click the language patches to replicate from the patch subscription settings page. Specify the following: Limit Patch O/S Files Click the OS patches to replicate from the patch subscription settings page. as well as clicking the individual cells. you can: • • Select hours (columns) by clicking the hour number. Select the bandwidth used for different time slots and/or days. If this field is left blank. Click to replicate the application patches to the replication share. 10. Default: Replicate all displayed.Distributing Software from Your K1000 Management Appliance 8 Download Path Password Enter the password for accessing the download path. see Patching and Security Guide. Enter the restricted bandwidth to use for replication. by clicking the day of the week. Default: Replicate all displayed. We recommend you use only letters and numbers. Select days (rows).3 151 . Version 5. Working with your replication share From the Replication tab. At the bottom of the Replication Share: Edit Detail page. 2. you can also view the following: • Replication Queue: Click Replication Queue to see a list of replication files that are going to be replicated with their status. To view replication share details To perform these steps. After creating a replication share and clicking Save. Version 5. Click Save.8 Distributing Software from Your K1000 Management Appliance Copy Schedule From Notes Select an existing replication schedule from the drop-down list to replicate items according to that schedule. the Replication Shares page opens. 11. The Replication Share: Edit Detail page appears. you can: • • • • • • • Add or delete replication shares Enable or disable replication shares Start or restart a halted replication task Halt a running replication task Perform a share inventory for the replication share Interrupt the current replication Export to CSV format Opening a CSV file containing multibyte characters with Microsoft Excel may yield "garbage characters" in the resulting worksheet. Click Distribution > Replication. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. When you have completed testing.3 . (Optional) Enter comments in the text box. The Replication Shares page appears. you might want to return to step 4 and check Failover to K1000. 1. 152 Administrator Guide. Click a replication share. See Dell KACE Support for the steps to import the CSV file into an Excel worksheet. 3. Click Distribution > iPhone. on page 53. click Add New Item.Distributing Software from Your K1000 Management Appliance 8 • • Share Inventory: Click Show Share Inventory to see a list of replication items that have been copied. You can edit an existing profile with the K1000 iPhone page. 2. You can: • • Email profiles to the appropriate users.apple. Think about how you want to organize iPhone profiles in the Software Library of your K1000 user portal. (This name is overwritten if you upload the . In the Profile Name field. enter a profile name. a name from the . The iPhone Profile : Edit Detail page appears. iPhone profiles are configuration files in XML (. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page.mobileconfig file is used. 3. 1. Create labels for your users. you might need to perform the following: 1.com for information on creating and editing them. Delete Queue: Click Show Delete Queue to see a list of replication items that are marked for deletion. Also. Click Browse and select your profile. Managing iPhone Profiles Dell KACE K1000 Management Appliances can manage your company’s iPhone profiles. For information about creating labels.) 4. Have your users download their authorized profile. Create a profile. Administrator Guide. you may also want to restrict a profile to a test user label. Version 5. 2. If your implementation involves multiple profiles. Before you use K1000 iPhone profile support Depending on whether you have already worked with profiles. If you don’t already have profiles.3 153 . 3. see www.mobileconfig file again. the Apple tools are handier. consider creating user labels for the profiles. see About Labels. If you don’t enter a name. but if you have extensive editing.mobileconfig) generated by Apple tools. In the Choose Action menu. To add an iPhone profile To perform these steps. 6. 9. Use the Limit Deployment to Selected Labels option to select a label to limit deployment to only machines belonging to the selected label. click Delete Selected Item(s).3 . 8. 1. To send the profile to your users by email. 2. Press CTRL to select multiple labels. Select the Enabled check box to enable deployment. enter any attributes for the . Click Distribution > iPhone. create a label for those users. click Configure Collection Settings. In the Choose Action menu. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. enter a message and/or instructions for your users. 1. if your profile is designed for users in a specific geography or division. 154 Administrator Guide. You can also delete a profile from the iPhone Profile : Edit Detail page. 10. 4. 3. Click Distribution > iPhone. In the XML field. Click Edit for Limit Access to User Labels to restrict access to specific users. 7. Click Browse to make this profile available to users when you save. Use the Filter field to filter your search for users by name or email address. Select the Deploy to All Machines check box to deploy to all machines. Version 5. You can also enable the profile after saving. 3. To Delete an iPhone profile To perform these steps. In Message field. For example. The iPhone Asset Collection Settings & Schedule page appears. Click the check box for the iPhone profile you want to delete. 2. enter their email addresses in the To field. 5. In the Choose Action menu. 6. click Configure Collection Settings. Click Save. The iPhone Asset Collection Settings & Schedule page appears.8 Distributing Software from Your K1000 Management Appliance 5. In the Choose Action menu. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. To Configure Collection Settings for iPhones To perform these steps.mobileconfig file. You use these features to keep your Dell computers updated with the latest software patches and upgrades.com website. Use the Supported Operating Systems list to select the operating system to include in the deployment. The Dell Updates tab is similar features and workflow to the appliance patching features on the Security tab. Dell provides catalogs (lists) of software upgrades and patches. 8. 7. Select to run the collection every day or on a specific day of the week at a specific time. Don’t Run on a Schedule Run Every nth minutes or hours Run every day or specific day of the week at HH:MM AM/ PM Run on the nth of every month/specific month at HH:MM AM/PM Custom Schedule 9. The catalogs provide updates for: • • Software and firmware for servers and workstations. Patching and Security Guide is available from the www. Administrator Guide. Select to run the collection on a specific date or the same day every month at the specified time. under Documentation (your Support login is required). the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from the appliance. which you can choose to install on the Dell computers in your appliance implementation. Select to create a custom schedule for the collection. Version 5. Managing Dell Systems with Dell Updates The Dell Updates tab offers Dell customers the Dell Client Updates and Dell Server Updates features.kace. Select to run the collection every few minutes or hours depending on your setting.Distributing Software from Your K1000 Management Appliance 8 If you have selected a label that has a replication share or an alternate download location. Support tab. Click Save. Select the appropriate radio button to schedule the collection settings in the Scheduling area: (Default) Select to run the collection in combination with an event rather than on a specific date or at a specific time.3 155 . The two tabs are so similar that you can use the Patching and Security Guide document for all the Dell Client Updates and Server updates except for the differences listed in the next section. Some Dell-supplied applications. Configure the Dell Updates. see the Configuring Dell OpenManage Catalog Updates section below. This includes deciding when to update your catalogs of Dell updates for Dell hardware that you own. (If needed) Upgrade your nodes and servers to the latest K1000 Management Appliance release. You do need to set up a schedule for these updates and configure this process. The names used for these actions are different: Patching Term Detection Dell Updates Term Inventory Term Used in: Patching and Security Guide This chapter and the Dell documentation. This step is different than the patching subscription. Version 5. The exceptions are: • • The Dell Update subscription process is different from the K1000 Management Appliance patch subscription process. see the Configuring Dell OpenManage Catalog 156 Administrator Guide. Read Patching and Security Guide for most patching/updating procedures. Unless otherwise noted.8 Distributing Software from Your K1000 Management Appliance Understanding the Differences between Patching and Dell Updates The K1000 Management Appliance patching and Dell Update features are nearly identical. Update • You manage and execute Dell Updates and Patching from different appliance interface pages: K1000 Management Appliance Interface Page Administrator Portal > Distribution > Dell Updates Administrator Portal > Organization: System > K1000 Settings > Dell Client and Server Update Settings Administrator Portal > Security > Detect and Deploy patches Administrator Portal > Security > Patching > Subscription Settings Action Execute Dell Update schedules Manage Dell Updates Execute Patching Schedules Manage Patching Dell Client and Server Upgrade workflow This section explains the general steps you use upgrade your Dell clients and servers. For details. For instructions on subscribing to Dell Updates.3 . Follow these steps to use Dell client and server updates on an appliance: 1. Once Dell OpenManage is set up on your appliance. see the Patching and Security Guide for details on these steps. 2. Action Probe your computers to determine whether they have or need a specific patch or update. Install the patch or update on the Deployment computers in your appliance implementation. it automatically probes for and determines what updates your system requires. This is known as patch update. 6. or as part of an inventory and update patch schedule that also installs the updates. All other Dell Updates settings and feature are available on the Administrator Portal > Organization: Default > Distribution > Dell Updates tab. Patching and Security Guide uses the term deploy or deployment instead of update. Group your Dell systems together in machine labels that your schedules use to run the inventory and update actions. and you can also perform it automatically part of an update schedule. 7. You can run schedules at any interval that you choose. Normally. You may not want to install all of the patches from the catalog. you create different schedules for the laptops. Group the updates by applications or software families in patch labels that your schedules use to run the inventory and update actions. 3. Patching and Security Guide walks you through the process of creating a schedule that automatically inventories your hardware and updates it with the critical software updates it needs. workstations. because these three types of computers have very different usage characteristics. a label can specify patches for all Microsoft Windows systems. You configure Dell updates from the Administrator Portal > Organization:: System > K1000 Settings > Control Panel > Dell Client and Server Update Settings page. Filter out the updates that you do not want to apply to your servers and clients. Install the updates on the nodes that need them. Patching and Security Guide uses the term detect or detection instead of inventory. Bring all these pieces together into patch schedules that automatically run inventory/ update actions for the updates in your update labels. on the corresponding computers in your machine labels. 5. Mark these patches as inactive to prevent them from being automatically installed. Normally. 8. 4. Administrator Guide. For example. 9. You can perform this step independently.3 157 .Distributing Software from Your K1000 Management Appliance 8 Updates section below. Perform an update inventory to discover which of your nodes have updates available. Test your schedules on a small subset of the computers you administer to make sure everything is working the way you expect. For example. you perform the inventory automatically as part of a patch schedule. and servers in your appliance implementation. you can collect all Dell servers running Microsoft XP into a single label and then run a patch schedule to inventory and update them. Version 5. Version 5. The Dell Client and Server Update Settings page buttons and check boxes are enabled for changes. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. Dell updates its hardware patches in Catalogs. The Dell Client and Server Update Settings page appears: 2. Click Disable import of Dell Client and Server Update Catalogs to stop the Dell updates. 158 Administrator Guide.3 . Follow these steps to configure the Dell update process for the s and applications that your appliance implementation uses. 4. 3. The Download Status table shows you the current status of the Dell catalogs that your appliance uses. one for serves and one for workstations. Click K1000 Settings > Control Panel > Dell Client and Server Update Settings page. Click one of the Check for Changes options to set up a schedule for updating the Dell catalogs. Scroll to the bottom the page and click Edit Mode link. 1.8 Distributing Software from Your K1000 Management Appliance Configuring Dell OpenManage Catalog Updates To perform these steps. Administrator Guide. Click Delete All Files or Delete Unused Files to remove all or some of the Dell catalog files. These options can free disk space. 5. 8. or keep all of the Dell updates available.3 159 . Use the Stop Download section options to limit the amount of time you allow the Dell updates to run. If you change operating systems or bring on new Dell equipment frequently. Click Save Dell Update Settings at the bottom of the page to make your changes take effect. The Package Download Options buttons to specific whether to limit the Dell updates to just the ones that apply to your appliance implementation now. Click Refresh Catalog Now to update the catalogs immediately. 9. This completes the process of configuring your Dell OpenManage catalog updates. for example.Distributing Software from Your K1000 Management Appliance 8 The first option of these two is intended for weekly updates and the second for monthly. 6. when your users start working. You may want to enforce a hard stop at a specific time. it’s probably best to keep all Dell updates handy. Version 5. 7. 3 .8 Distributing Software from Your K1000 Management Appliance 160 Administrator Guide. Version 5. • • • • • • • • Scripting Overview. Using the Run Now function.3 161 . About the Configuration Policies. You can perform these tasks across your network through customized scripts that run according to your preferences. you can more easily and automatically perform a variety of tasks. Using the Windows-based Policies. on page 189. Version 5. on page 164. Searching the Scripting Log Files. Scripting Overview With Policy and Scripting. on page 177. Using the Mac OS Configuration-based Policies. Using the Appliance Default Scripts. Creating and Editing Scripts. on page 163. on page 161. on page 174. on page 179. Administrator Guide. on page 178.9 Using the Scripting Features The Dell KACE K1000 Management Appliance Policy and Scripting component provides a point-and-click interface to perform tasks that typically require you to use a manual process or advanced programming. for example.bat files) Rules to obey (Offline Kscripts and Online Kscripts) Tasks to complete (Offline Kscripts and Online Kscripts). Version 5.9 Using the Scripting Features Figure 9-1: The Scripting tabs Scripts automate tasks such as: • • • • • • • • • • • Power management Installing software Checking antivirus status Changing registry settings Scheduling deployment to the endpoints on your network Each script consists of: Metadata Dependencies (any supporting executable files that are necessary to run a script.3 . Deployment settings Schedule settings You can create these types of scripts: 162 Administrator Guide.zip and . and you can configure whether each task must complete successfully before the next is executed. Each script can have any number of tasks. . The online shell scripts are built using simple text-based scripts (bash. They execute at scheduled times based on the appliance clock. such as at the time of Machine Boot Up and User Login. Disables the appliance Remote Control functionality on Windows XP Professional by configuring Terminal Services properly. Used as an example for how to run a DOS command.txt command to list the contents of the Mac OS applications directory. along with the different shell script formats supported by the specific operating system of the targeted machines. You can create these scripts using the K1000 Management Appliance scripting wizard. KACE_ALT_LOCATION (Alternate Download Location if specified). a missing registry entry causes all the contents of the system32 directory to be reported as the Startup Programs. Batch files are supported on Windows. You can create these scripts using the K1000 Management Appliance scripting wizard. • • Order of downloading script dependencies The order of downloading script dependencies is as follows: 1. Online Shell Scripts: These scripts can execute only when the node is connected to the appliance server. Local machine (checks if the dependency is present on the node). Inventory Startup Programs Fix Issue a DOS Command Example Issue a Mac Command Example K1000 Remote Control Disabler Administrator Guide.3 163 . WARNING: Do not run this with more than 50 nodes selected as it can overload the server with requests.Using the Scripting Features 9 • Offline KScripts: These scripts can execute even when nodes are not connected to the appliance server. Issues the AppDir. Or. 2. 4. and so on) supported by the target operating system. Issues the DOS-DIR command on a Windows system. Replication server (if replication is enabled). On some machines. This script fixes the registry entry if it is missing. K1000 Server. they execute at a scheduled time based on the node clock. 3. perl. Using the Appliance Default Scripts Your K1000 Management Appliance includes these ready-made scripts: Script Name Defragment the C: drive Force Checkin Description Defragments the c: drive on the computer. Version 5. Used as an example of how to run a command on a Mac OS system. Runs KBScriptRunner on a node to force a checkin. They execute at scheduled times based on the server clock. batch. Online KScripts: These scripts can execute only when the node is able to ping the appliance server. Specifies a delay (in seconds) while the message in quotes is displayed to the user. The Message Windows remain displayed until one of the following occurs: • User dismisses the message.3 . Put a Mac to sleep Reset KUID Places a Mac OS system in sleep mode. It does not enable debugging of the scheduling service. An example Online KScript that uses the Alert User Before Run feature to allow the console user to snooze the shutdown. • • By importing an existing script (in XML format). which you can perform from the Scripting > Scripts tab. Illustrates use of the Message Window. An example Online KScript that uses the Alert User Before Run feature to allow the console user to snooze the shutdown. Shutdown a Mac Shutdown a Mac with snooze Shutdown a Windows system Shutdown a Windows system with Snooze USB Drives Disable USB Drives Enable Creating and Editing Scripts There are three ways to create scripts. Will only execute one time per node due to the ResetKUIDRunOnce registry flag. Omit the -t parameter to silently and immediately shut down nodes. Disables usage of USB Drives. • Script finishes executing. • Timeout is reached. 164 Administrator Guide. Deletes the registry keys that identify a node so that a new key can be generated. Enables usage of USB Drives. Allows removable drives to be mounted only as read-only (a method of controlling unauthorized access to data). By copying and modifying an existing script. Powers-off a Mac OS system. Version 5. Your script must have properly paired create/destroy message window commands to work properly. Disables the debug switch used with the appliance client debug logs.9 Using the Scripting Features Script Name K1000 Remote Control Enabler K1000Client debug logs Disable K1000Client debug logs Enable Make Removable Drives Read-Only Make Removable Drives Read-Write Message Window Script Example Description Enables the appliance Remote Control functionality on Windows XP Professional by configuring Terminal Services properly. This script turns on debug only for the inventory and deployment part of the node. Enables client debug and sends the debug log back to the appliance. Removable drives can be mounted read-write. $(KACE_SERVER) – host name of the appliance server. After creating a script. $(KBOX_EXECUTE_EVENT) – event causing KBOT to run. deploy the script to a limited number of machines to verify that the script runs correctly before deploying it to all the machines on your network. $(KACE_SERVER_PORT) – port to use when connecting to KACE_SERVER (80/ 443). port. Administrator Guide. $(KACE_SERVER_URLPREFIX) – http/https. $(MAC_ADDRESS) – agent machine's primary MAC address. The process of creating scripts is an iterative one. $(KACE_LISTEN_PORT) – agent's port that the server can use for Run Now. $(KACE_SERVER_URL) – a combination of server. They are replaced at run time on the node with appropriate values: • $(KACE_DEPENDENCY_DIR) expands to: • • Windows: $(KACE_INSTALL)\packages\kbots\xxx Mac OS and Linux: /var/kace/SMMP/kbots_cache/packages/kbots/xxx Any script dependencies for this script are downloaded to the node in this folder.3 165 . $(KACE_COMPANY_NAME) – agent's copy of the setting from the server's configuration page. and URL prefix (http:// k1000_hostname:80). Token Replacement Variables You can use the following token replacement variables anywhere in the XML of a K1000 Management Appliance script. [BOOTUP|LOGON|null]. (You can create a test label to do this. • $(KBOX_INSTALL_DIR) – agent installation directory: • • • Windows: C:\Program Files\KACE\KBOX Mac OS: /Library/KBOXAgent/Home/bin/ Linux: /KACE/bin/ • $(KBOX_SYS_DIR) – agent machine's system directory: • • Windows: C:\Windows\System32 Mac OS and Linux: / • • • • • • • • • • $(KACE_INSTALL) – same as KBOX_INSTALL_DIR.) Leave a script disabled until you have tested and edited the script and are ready to run it.Using the Scripting Features 9 • By creating a new script from scratch. Version 5. $(KACE_SPLASH_TEXT) – agent's copy of the setting from the server's configuration page. Version 5. (Optional) Enter notes for yourself and other appliance administrators. To add an Offline KScript or Online KScript To perform these steps. click Add New Item . (Optional) Enter a brief description of the actions the script performs. Enabled Notes 166 Administrator Guide. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. select the machines to add to the list. Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines Specify the deployment options: Select to deploy the script to all the machines. Use the Template status if you are building a script that is used as the basis for future scripts. The Script: Edit Detail page appears. 3. (Optional) Enter a meaningful name for the script to make it easier to distinguish from others listed on the Scripts tab. Select a label to limit deployment only to machines grouped by that label.9 Using the Scripting Features • • $(KBOX_IP_ADDRESS) – agent's local IP address (corresponds with network entry of MAC_ADDRESS). 2. You can filter the list by entering filter options. 4.3 . For example. Adding Scripts Offline and Online KScripts include one or more Tasks. enter the requested details: Use this field to select the Offline Kscript or Online Kscript types. Script Type Name Description Status In the Configuration area. there are Verify and Remediation sections where you can further define the script behavior. In the Choose Action menu. $(KBOX_MAC_ADDRESS) – same as MAC_ADDRESS. From the drop-down list. Click Scripting > Scripts. Select to limit deployment to one or more machines. it defaults to success. This information helps you to distinguish one script from another on the Scripts tab. Do not enable a script until you are finished editing and testing it and are ready to run it. Within each Task section. it ends in On Success. 1. Press CTRL to select more than one label. Select a value to indicate whether the script is in development (Draft) or has been rolled out to your network (Production). if you leave the Verify section blank. If a section is left blank. Enable the script on a test label before you enable it on all machines. Select to run the script on the target machines. Affect that user’s profile. Dialog Timeout (Minutes): Snooze Duration (Minutes): Alert Message: Enter the number of minutes. Enter the number of minutes: Enter the message you want displayed to users.) Alert User Before Run Allows you to delay or cancel the script before it runs. Interaction With Run As: • Only the console user can see the alert dialog (and therefore choose to snooze or cancel) regardless of the Run As setting.1 (and higher) Windows and Mac OS agents Select to limit the script to specific operating system versions. the dialog reappears after the Snooze Duration. Run As: Online KScripts Only Run As Local System Run As User logged in to console Run As User: Run As All Logged in Users Affect all users’ profiles. • Cancel . Usually admin.Using the Scripting Features 9 Pick Specific OS Versions: Alerts: Online KScripts Only Agents 5. Version 5. the script runs on all versions of the operating systems you pick. Handle network-wide tasks. (Otherwise. If the time specified by Dialog Timeout elapses without the user pressing a button. (For example.The script is cancelled until its next scheduled run. the script runs at that time. Dialog Options: • OK .The script runs immediately. • Snooze . the script runs immediately. Use this setting for all scripts created with a wizard. Run with administrative privileges on local machine. but you can run as any user. choose to enable this for scripts that reboot or shut down computers. • Enabling an alert prompts the console user even if the script is set to run as all users or another user.) If no user is logged in to the console. When the user presses the snooze button.3 167 .The user is prompted again after the Snooze Duration. Administrator Guide. Run Every nth minutes/ hours Run Every day/specific day at HH:MM AM/PM Run on the nth of Every Runs on a particular day of every month or Month or on a Specific particular month at a specified time. 168 Administrator Guide. Runs the Offline KScript at machine boot time. use this option in conjunction with “Also Run at User Login” to run whenever the user logs in. 23:30. 1. Runs the Offline KScript once when new scripts are downloaded from the appliance. 23:22. Don’t Run on a Schedule Runs in combination with an event rather than on a specific date or at a specific time. Beware that this causes the machine to boot up slower than it might normally. Month at HH:MM AM/PM. Allows the Offline KScript to run even if the target machine cannot contact the appliance to report results. Custom Schedule Allows you to set an arbitrary schedule using standard cron format. Runs the Offline KScript after the user has entered their Windows login credentials. To run the script only when the user is logged into the machine. 23:25. click Scripting Update Interval in the help area on this page. Runs on every hour and minutes as specified. Allows the Offline KScript to run even if a user is not logged in.3.3 . 23:59. To set the time interval for downloading scripts. results are stored on the machine and uploaded to the appliance until the next contact. Version 5. on page 174. 23:20. Also Run Once at next Client Checkin (Only for Offline KScript) Also Run at Machine Boot Up (Only for Offline KScript) Also Run at User Login (Only for Offline KScript) Allow Run While Disconnected (Only for Offline KScript) Allow Run While Logged Off (Only for Offline KScript) 5. For example.2. Runs on the specified time on the specified day. For example. 23:23. 23:03. In such a case. clear this option. For more information about Run Now.5. 23:34. refer to Using the Run Now function. 23:33. 23:31. The appliance does not support the extended cron format.30-35. specify when and how often the script is run. 23:05. 23:21. Use this option with caution.59 23 31 12 * * means: On the last day of year. 23:32. 23:02. 23:24. 23:35. Click Run Now to immediately push the script to all machines. Use this option in combination with one or more of the “Also” choices below. at 23:01.9 Using the Scripting Features Scheduling In the Scheduling area.2025. starting on page 265. Attempts Under Policy or Job Rules. If the Verify section fails. starting on page 259. task. set the number of Attempts to 2 or more. This icon appears when your mouse hovers over an item. click Browse. the dependencies are downloaded from the specified replication share. 9. In the On Success and Remediation sections. To do this. 7. Refer to Appendix A: Administering Mac OS Nodes. To enable this setting. and then click Open to add the new dependency file. 11. Version 5. Refer to Appendix A: Administering Mac OS Nodes. Repeat this step to add additional new dependencies as necessary. you may want to run the task again to confirm the remediation step. 10. it is run the number of times mentioned in this field. Refer to Appendix B: Adding Steps to Task Sections. or step. starting on page 259. select the Failover To K1000 check box on the Replication Share : Edit Detail page. • Select Continue to perform remediation steps upon failure. Click Add Task Section to add a new task. The process flow of a task is a script similar to the following: IF Verify THEN Success ELSE IF Remediation THEN Remediation Success ELSE Remediation Failure 8. If the replication share is inaccessible. select one or more steps to perform.Using the Scripting Features 9 6. If a Replication Share is specified and enabled at Distribution > Replication. beside the On Failure Administrator Guide. If the script fails but remediation is successful. click the trash can icon item. set the following options for Task 1: Enter the number of times the script attempts to run. • Select Break to stop running upon failure. In the Verify section. select one or more steps to perform. and then select one or more steps to perform.3 169 . To browse for and upload files required by the script. click Add to add a step. the dependencies are downloaded from the appliance server. To remove a dependency. In the On Remediation Success and On Remediation Failure sections. click Add new dependency. The Script: Edit Detail page appears. Specify the deployment options: Click to deploy the script to all the machines. (Optional) Enter any notes.3 . 2. 1. The variables are replaced at runtime with appropriate values on the node. For more information. Indicate whether the script is in development (Draft) or has been rolled out to your network (Production). In the Choose Action menu.9 Using the Scripting Features Click next to Policy or Job Rules to view the token replacement variables that can be used anywhere in the K1000 Management Appliance script. (Optional) Enter a brief description of the actions the script performs. Select to limit the script to specific operating stem versions. Click to run the script on the target machines. Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines: Pick Specific OS Versions: You can limit deployment to one or more machines. enter the following information: Select the Online Shell Script type. the script runs on all versions of the operating systems you pick. You can filter the list by entering filter options. select machines to add to the list. refer to Token Replacement Variables. Script Type Name Description Status Enabled Notes 4. Otherwise. Enter a meaningful name for the script to make it easier to distinguish from others listed on the Scripts tab. click Add New Item . Click Scripting > Scripts. Use the Template status if you are building a script to use as the basis for future scripts. on page 165. 170 Administrator Guide. Select a label to limit deployment to machines in that label. 3. This field helps you to distinguish one script from another on the Scripts tab. Enable the script on a test label before you enable it on all machines. From the dropdown list. Do not enable a script until you are finished editing and testing it and are ready to run it. Press CTRL and click labels to select more than one label. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Version 5. In the Configuration area. To add an Online Shell Script To perform these steps. Administrator Guide. at 23:01. 23:03. and then click Open to add the new dependency file. 23:20. Files To remove a dependency.2. because Replication is not supported by online shell scripts. The appliance doesn’t support the extended cron format. This option allows you to set an arbitrary schedule using standard cron format. the maximum time. Script Text Specify the following: Enter the relevant script text.30-35. 23:24. For example. 23:33. For more information about the Run Now button. Run Every nth minutes/ hours Run Every day/specific day at HH:MM AM/PM Custom Schedule The test runs on the interval of hour and minutes specified. Specify the directory path and file name.Using the Scripting Features 9 Scheduling In the Scheduling area. Don’t Run on a Schedule The test runs in combination with an event rather than on a specific date or at a specific time. 5. The test runs on the specified time on the specified day. 1. click Browse.59 23 31 12 * * means: On the last day of year. Use this option in combination with one or more of the “Also” choices below. 23:22. 6. 23:34.20-25. on page 174. 23:31.3 171 .3. 7. 23:30. for which the server tries for execution of the script. For example. Version 5. If a Replication Share is specified and enabled at Distribution > Replication. if any. Enter the value in minutes. refer to Using the Run Now function. 23:59. Use this option with caution. 23:25. 23:21. This icon appears when your mouse hovers over an item. 23:23. use this option in conjunction with “Also Run at User Login” to run whenever the user logs in. Repeat this step to add additional new dependencies as necessary.5. click Add new dependency. the dependencies are still downloaded from the appliance server. 23:32. 23:05. Select to upload dependency file. click the trash can icon beside the item. specify when and how often the script runs. Click Run Now to immediately push the script to all machines. 23:02. 23:35. Timeout (minutes) Upload File Delete Downloaded Select to delete the downloaded files from the node. To browse for and upload files required by the script. to the node. Click the check box beside the script you want to delete. The Script: Edit Detail page appears. 3.9 Using the Scripting Features Click next to Policy or Job Rules to view the token replacement variables that can be used anywhere in the K1000 Management Appliance script and are replaced at runtime on the node with appropriate values. To delete a script from the Scripts Edit page To perform these steps. To edit a script To perform these steps. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. In the Choose Action menu. Click OK to confirm deletion. Click Save. Version 5. You can also edit Offline KScripts and Online KScripts by using the wizard or with the XML editor. Click OK to confirm deletion. 2. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.3 . you can edit the three types of scripts: Offline KScripts. and Online Shell Scripts. 2. 1. Click Scripting > Scripts. To use the XML editor. 4. The Script: Edit Detail page appears. Click the name of the script you want to delete. 2. Click Scripting > Scripts. Editing Scripts On the Script: Edit Detail page. 172 Administrator Guide. refer to Token Replacement Variables. 4. Click Delete. Click the name of the script you want to edit. click Delete Selected Item(s). Modify the script as desired. click the View raw XML editor link below the Scheduling option. 1. Online KScripts. 3. 4. To delete a script from the Scripts page To perform these steps. Click Scripting > Scripts. on page 165. 1. 3. For more information. refer to To Duplicate an existing Script. One or more <compliance> elements within each <kbot> element. and how you can change it. Version 5. on page 174. copy the existing script. Be sure that the imported script conforms to the following structure: • • • • • The root element <kbots></kbots> includes the URL of the KACE DTD “kbots xmlns=”http://kace. Exactly one <execute> element within each <config> element. The following is an example of the XML structure for an appliance script: <?xml version=”1. Exactly one <config> element within each <kbot> element.0” encoding=”utf-8” ?> <kbots xmlns=”http://kace. and open it in an XML editor.com/Kbots.com/Kbots. For more information. This is where you specify the name of the policy or job (optional). To import an existing script To perform these steps.. the </config> element corresponds to the Configuration section on the Script: Edit Detail page. The script’s <compliance> element gives you an idea of how the script works. and the script type (policy or job).xsd”>. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. you can upload your finished script to the K1000 Management Appliance. Within this element you can also indicate whether the script can run when the target machine is disconnected or logged off from the appliance. You can specify whether the script is enabled and describe the specific tasks the script is to perform within the <compliance> element.<kbots> One or more <kbot> elements. If you are creating a script that will perform some of the same tasks as an existing script.3 173 .Using the Scripting Features 9 Importing Scripts If you prefer to create your script in an external XML editor.xsd”> <kbot> <config name=”name=”” type=”policy” id=”0” version=”version=”” description=”description=””> <execute disconnected=”false” logged_off=”false”> </execute> </config> <compliance> </compliance> </kbot> </kbots> In the above example of a simple XML script.. Administrator Guide. The Run Now function is available in three locations: • • • Run Now tab—Running Scripts from the Scripting > Run Now tab allows you to run one script at a time on the target machines. Click Scripting > Scripts. Scripts List Page—Running scripts from the Scripts List Page using the Run Now option from the Choose Action menu allows you to run more than one script at the same time on the target machines. 2. Click the linked name of the script you want to copy to open it for editing. If you have already created a script that is similar to a proposed script. Want to test and debug scripts on a specific machine or set of machines during development. Click Scripting > Scripts. you may want to use this function if you: • • Suspect machines on your network are infected with a virus or other vulnerability. Using the Run Now function The Run Now function provides a way for you to run scripts on selected machines immediately without setting a schedule. 174 Administrator Guide. and click Save. Continue by following the steps in Adding Scripts. 2. the duplicate feature makes it easier to copy the script as a start for a new script. To Duplicate an existing Script To perform these steps. where “xxx” is the name of the copied script. and they can compromise the entire network if not resolved right away. which includes a new script named “Copy of xxx”. In the Choose Action menu. Paste the existing script into the space provided. 3. 4. Version 5. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 3.3 . click Import from XML.9 Using the Scripting Features 1. Script : Edit Detail Page—Running Scripts from the Script : Edit Detail page allows you to run one script at a time on the target machines. The Scripts list page appears. on page 166. The Script: Edit Detail page appears. 1. Click Duplicate at the bottom of the page. The Script: Edit Detail page appears. For example. Click the linked name of the copied script to open it for editing. Administrator Guide. At least one machine name is required. for more information. To minimize the risk of deploying to unintended target machines. A confirmation dialog box appears if you have made any changes. 1. 2. 1. Refer to Using the Run Now function.Using the Scripting Features 9 To run scripts using the Run Now tab To perform these steps. The Run Now page appears. Select the script you want to run in the Scripts list. on page 174. You can use the Filter options to filter the Scripts list. Click Scripting > Scripts.3 175 . Select the script you want to run. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Run Now from the Script Detail page To perform these steps. Select the labels that represent the machines on which you want to run the script. Select the machines on which script needs to run from the Inventory Machines list. You can add all the machines by clicking Add All. create a label that represents the machines on which you will perform the Run Now function. 3. 2. • • You can use the Filter options to filter the machine names list. The Script: Edit Detail page appears. 3. Press CTRL to select multiple labels. Version 5. 4. Selected machine names appear in the Machine Names field. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Click Run Now to run the selected script. Click Scripting > Run Now. Scroll to the bottom of the Scheduling section. and then click Run Now. CAUTION: A script is deployed immediately when you click Run Now: • Use this feature cautiously! • Do not deploy unless you are certain that you want to run the script on the target machines. The Run Now Status page is displayed after the script is run. 4. 5. Click OK in the confirmation dialog box to save any unsaved changes before running. When you click Run Now or select Run Now from the Choose Action menu. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 2. for more information. Description Run Now Detail Page For more information on a Run Now item. on page 174. The numbers in these columns increment accordingly as the script runs on all of the selected machines. Icon The script completed successfully.3 . Select the scripts you want to run. Refer to Using the Run Now function. For more information about searching logs. An error occurred while running the script. you can search the scripting logs to determine the cause. • • The Pushed column indicates the number of machines on which the script is attempting to run. The Completed column indicates the number of machines that have finished running the script. 3. therefore its success or failure is unknown. 1. The icons above the right-hand column provide further details of the script status. click the linked start time on the Run Now Status page to display the item’s Run Now Detail page. click Run Now.9 Using the Scripting Features To use the Run Now function from the Scripts Lists Page To perform these steps. on page 177. 176 Administrator Guide. The Run Now function communicates over port 52230. If errors occurred in pushing the scripts to the selected machines. Monitoring Run Now Status To perform these steps. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. refer to Searching the Scripting Log Files. From the Choose Action menu. Click Scripting > Scripts. The script is still being run. Version 5. One reason a script might fail to deploy is if firewall settings are blocking the appliance Agent from listening on that port. the Run Now Status tab appears where you can see a new line item for the script. create a label that represents the machines you want to run the Run Now function on. To minimize the risk of deploying to unintended target machines. You can use the following operators to change how the logs are searched: Operator + * “ Function A leading plus sign indicates the word must be present in the log. 1. instead of running it on a schedule. Administrator Guide. The Push Failures section lists those machines that the server could not contact and therefore did not receive the policy. completed machines. A leading minus sign indicates the word must not be present in the log. Version 5. Searching the Scripting Log Files The Search Logs page allows you to search the logs uploaded to the K1000 Management Appliance by the machines on your network. The Run Now Statistics section displays the results of a script that was pushed. 3. push successes. Each individual computer page also has the results of the Run Now events run on that machine. Machines that have received the policy but have not reported their results. The results are sorted under the appropriate section. it reports either success or failure. 4.3 177 . be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. To search only in logs uploaded by a particular script. the push failures.Using the Scripting Features 9 The Run Now Detail page displays the results of a script that was run manually using the Run Now function. are listed in the Scripts Running section. running machines. The Run Failures section lists those machines that failed to complete the script. 2. it may take some time for the machine to complete a policy. A trailing asterisk can be used to find logs that contain words that begin with the supplied characters. Once pushed. To search scripting logs To perform these steps. choose the script name. The Run Successes section lists those machines that completed the script successfully. Enter keywords for the scripts in the Search for field. Select the log type to search in from the drop-down list. successes and failures in numbers and percentage. A phrase enclosed in double quotes matches only if the log contains the phrase exactly as typed. After the policy is run. Click Scripting > Search Logs. This section includes descriptions of the settings for each of the policies you can create. Power Management Wizard. select a label from the drop-down list to search logs uploaded by machines in a particular label group.3 . on page 180. see Using the Windows-based Policies. go to Scripting > Configuration Policy. Enforce VNC Settings. Desktop Shortcuts Wizard. About the Configuration Policies The Configuration Policy page displays a list of wizards you can use to create policies that manage various aspects of the computers on your network. on page 190. Output Activity Status Debug In the Historical field. The search results display the logs and the machines that have uploaded the logs. Version 5. on page 179. under search results. on page 192. MSI Installer Wizard. 7. on page 186. For details. on page 179. The Windows-based wizards include: • • • • • • • • • • Enforce Registry Settings. Remote Desktop Control Troubleshooter. on page 179. Enforce Desktop Settings. Administrator Guide. You can apply a label to the machines that are displayed by selecting a label from the dropdown list. on page 182. on page 186. In the Labels field. UltraVNC Wizard. Click Search. select whether to search in only the most recent logs or in all logs from the drop-down list. on page 188. To access the list of available Configuration Policy wizards. Event Log Reporter.9 Using the Scripting Features You can choose from the following options: • • • • 5. Windows Automatic Update Settings policy. The Mac OS-based wizards include: • • 178 Enforce Power Management Settings. Un-Installer Wizard. on page 184. on page 181. 6. on page 181. Administrator Guide. Enforce Registry Settings This wizard allows you to create scripts that enforce registry settings: 1. on page 189. 7.exe to locate and export the values from the registry that you are interested in. A new script is created. Use regedit. If you edit a Wizard-based policy. Enable and set a schedule for this policy to take effect. for more information. The following sections explain how to use the default policies available to Windows systems. 4. Version 5. For details.reg file that contains the registry values you want with notepad.3 179 .exe and copy the text. on page 192. 8. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 5. Using the Windows-based Policies To perform these steps. The Script: Edit Detail page appears. Terminal Services must be running. 2. The script that this page generates tests the following: • • Terminal Services: To access a Windows XP Professional machine using Remote Desktop. 3. on page 166. Enter a policy name in the Policy Name field. Open the . 6. Paste the copied registry values into the Registry File field. This script verifies that this is the case. keep the “Run As” setting as local system. Remote Desktop Control Troubleshooter This editor creates a troubleshooting script for the K1000 Management Appliance Remote Control functionality. Refer to Adding Scripts. Any missing or incorrect values are replaced. Select Enforce Registry Settings. several different configurations can affect results in Remote Desktop requests being blocked by the firewall. Click Scripting > Configuration Policy.Using the Scripting Features 9 • Enforce Active Directory Settings. see Using the Mac OS Configuration-based Policies. Click Save. which checks that the values in the registry file matching the values found on the target machines. Firewall Configuration: If the Windows XP SP2 Firewall is running on the machine. The Configuration Policy : Desktop Enforcement page appears. This file must be in bitmap (. Click Save. Click Enforce Desktop Settings. Click Scripting > Configuration Policy. 1. specify the required settings. Enable and set a schedule for this policy to take effect. Refer to Adding Scripts. Click Save. on page 166. 6. The wallpaper bitmap file is distributed to each machine affected by the policy. 4. 1. Click Remote Desktop Control Troubleshooter. Click Scripting > Configuration Policy.9 Using the Scripting Features To troubleshoot remote behavior To perform these steps. 3. • • • 5. Under Firewall Configuration. 1. 180 Administrator Guide. The Script: Edit Detail page appears. Select the Use wallpaper check box. Select a position for the wallpaper image from the Position drop-down list. Version 5. for more information.bmp) format. 2. The Configuration Policy : Remote Control Troubleshooter page appears. Enable and set a schedule for this policy to take effect. 3.bmp file to use for the wallpaper. 1. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. To create a policy to enforce Desktop Settings To perform these steps. 2. Refer to Adding Scripts. Select Stretch to stretch the image so that it covers the entire screen. Click Browse to select and upload the . The Script: Edit Detail page appears. Select Tile to repeat the image over the entire screen. on page 166 for more information. Enforce Desktop Settings This wizard allows you to build policies that affect the user's desktop wallpaper.3 . 4. Select Center to display the image in the center of the screen. For example: Program. For example: /S /IP=123. Enter a name for the desktop shortcut policy in the Policy Name field. The Configuration Policy : Enforce Shortcuts page appears. Refer to Adding Scripts. for more information. hover over a shortcut and click the Trash can icon that appears. Click Add Shortcut to add more shortcuts.4. 5. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Quick Launch.3 181 .Using the Scripting Features 9 Desktop Shortcuts Wizard This wizard allows you to quickly create scripts that add shortcuts to users' Desktop. or Quick Launch bar. Event Log Reporter This wizard creates a script that queries the Windows Event Log and uploads the results to the K1000 Management Appliance. To edit or delete a shortcut. Click Desktop Shortcuts Wizard.exe. Start Menu. Version 5. Name Target Parameter s WorkingDi Enter the changes to the current working directory. 8. Administrator Guide. 4. 9. Click Save Changes to save the new shortcut. Enter the text label that appears below or next to the shortcut. Click Save. on page 166. You can create an Internet shortcut and put a URL to the target with no parameters and working shortcut. Click Scripting > Configuration Policy. Enter any command line parameters. 2. The Script: Edit Detail page appears. Options include: Desktop. Enable and set a schedule for this policy to take effect. 7. For example: r C:\Windows\Temp. Specify the shortcut details. Enter the application or file that is launched when the shortcut is selected. 6. To create scripts to add shortcuts To perform these steps. Location Select the location where the shortcut appears from the drop-down list. 1. 3. Click Add Shortcuts. and Start Menu. 3. Click Scripting > Configuration Policy. Version 5. MSI Installer Wizard This wizard helps you set the basic command line arguments for running MSI-based installers. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. by selecting Inventory > Computers. Refer to the MSDN website (msdn. 5. The Configuration Policy : MSI Wizard page appears.9 Using the Scripting Features To create an Event Log query To perform these steps. and Security. Specify query details: Enter the name of the log file created by the script. and Error. 1. 7. 6.microsoft. Output filename Log file Event Type Source Name 4. Refer to Adding Scripts. The Script : Edit Detail page appears. Click Scripting > Configuration Policy. 2. (Optional) Use this field to restrict the query to events from a specific source. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. To create the MSI Installer policy To perform these steps. Enter the type of event you want to query: Information. You can view the event log in the Computers : Detail page of the particular machine. The Configuration Policy : Event Log Reporter page appears. Click Save. Warning.com) for complete options documentation. Enable and set a schedule for this policy to take effect. on page 166 for more information. Click Event Log Dumper. In Scripting Logs. click the View logs link next to Event Log. 1. Click MSI Installer Wizard. 182 Administrator Guide. Enter the type of log you want to query: Application. under Currently Deployed Jobs & Policies.3 . System. Additional Properties Enter details of any additional properties.msi arguments. • Prompts user for restart. Options include: Default. Options include: • Delete installer file and unzipped files. • Leave installer file.3 183 . Silent. uninstall. and delete unzipped files. Select the behavior after installation. and Full UI. Action Software MSI Filename Enter the following information: Select a task from the drop-down list.msi TARGETDIR=C:\patcher PROP=A PROP2=B Enter the features to install. Restart Options Select the restart behavior. and Reinstall all files. Specify the MSI filename if it is a zip.exe and the /i foo. Options include Install. Version 5. • Always restart after installation. or modify from the drop-down list. • Delete installer file. Options include: • No restart after installation. Basic UI. Uninstall. Enter the installation directory. Separate features with commas.exe /s1 /switch2 /i patch123. Additional Switches are inserted between the msiexe. Select the application you want to install. Reduced UI. For example: msiexec. Repair missing files. Select an option to specify how the installation should appear to end users. and leave unzipped files. You can filter the list by entering any filter options.Using the Scripting Features 9 2. Feature List Store Config per machine After install Administrator Guide. Additional properties are inserted at the end of the command line. Select this box to do per-machine installations only. User Interaction Install Directory Additional Switches Enter details of any additional installer switches. • Default. • Leave installer file and unzipped files. on page 166 for more information. Options include: • None • All Messages • Status Messages • Non-fatal warnings • All error messages • Start up actions • Action-specific records • User requests • Initial UI parameters • Out-of-memory or fatal exit information • Out-of-disk-space messages • Terminal properties • Append to existing file • Flush each line to the log Log File Name 3. Refer to the UltraVNC Web site (www. Enable and set a schedule for this policy to take effect. 184 Administrator Guide.uvnc. UltraVNC is a free software application that allows you to remotely log into another computer (through the Internet or network). 4.3 . Click Save. Select UltraVNC Wizard. The Configuration Policy : Ultra VNC Wizard page appears.9 Using the Scripting Features Logging Select the types of installer messages to log. Press CTRL and click to select multiple message types. 2. Version 5.com) for documentation and downloads. 1. UltraVNC Wizard The UltraVNC Wizard creates a script to distribute UltraVNC to Windows computers on your network. The Script: Edit Detail page appears. Refer to Adding Scripts. To distribute UltraVNC to the computers on your network To perform these steps. Click Scripting > Configuration Policy. Enter the name of the log file. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Select this check box to enable key-based encryption. 6. Install Viewer Authenticatio n VNC Password Require MS Logon Key Based Encryption 4. Select this check box if you do not want to display node options in the tray icon menu on the target computers. Enable and set a schedule for this policy to take effect.3 185 . This option is available if you did not select Disable Tray Icon option. Provide a VNC password for authentication.Using the Scripting Features 9 3. The video driver also makes a direct link between the video driver framebuffer memory and UltraWinVNC server. Review the script that is generated by this wizard to make sure its output is expected. Administrator Guide. Specify UltraVNC miscellaneous options: Select this check box if you do not want to display the UltraVNC tray icon on the target computers. Click Save. You can view the raw script by clicking View raw XML Editor on the Script Detail page. Version 5. To use MS Logon authentication and to export the ACL from your VNC installation.exe /e acl. Select this check box to install the optional UltraVNC Mirror Video Driver. The Mirror Video Driver is a driver that allows faster and more accurate updates. The Script: Edit Detail page appears.txt Copy and paste the contents of the text file into the ACL field. Disable Tray Icon Disable client options in tray icon menu Disable properties panel Forbid the user to close down WinVNC 5. Select this check box to disable the UltraVNC properties panel on the target computers. Using the framebuffer directly eliminates the use of the CPU for intensive screen blitting. on page 166. resulting in a big speed boost and very low CPU load. for more information. Refer to Adding Scripts. use: MSLogonACL. Install Options Specify UltraVNC installation and authentication options: Install Mirror Driver Select this check box to install the optional UltraVNC Mirror Video Driver. Select this check box if you do not want to allow computer users to shut down WinVNC. enter the full name of the directory in the Delete Directory field here. enter the full name of the process in the Kill Process field. This feature allows you to specify how and when Windows updates are downloaded so that you can control the update process for the computers on your network. Refer to Adding Scripts. Verify that the values are correct. Version 5. Click Un-Installer Wizard. and parameters. 3. Click Scripting > Configuration Policy. To have a directory deleted after executing the uninstall command. 5. Job Name Software Item Enter the following information: Enter a name for the uninstaller script. Delete Directory. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. on page 166 for more information. When you select the software item. and Delete a directory. The configuration settings reside under the Scripting > Configuration Policy 186 Administrator Guide. 1. The Configuration Policy : Uninstaller page appears.3 . The wizard attempts to fill in the correct uninstall command. Kill a process.exe. Review the entries to make sure the values are correct. The Script: Edit Detail page appears. 4. the wizard attempts to fill in the uninstall command directory. Select the software item to uninstall from the drop-down list. Uninstall Command Directory Uninstall Command File Uninstall Command Parameters Kill Process To have a process killed before executing the uninstall command.9 Using the Scripting Features Un-Installer Wizard This wizard allows you to quickly build a script to uninstall a software package. The resulting script can perform three actions: Execute an uninstall command. Windows Automatic Update Settings policy The K1000 Management Appliance provides a way for you to control the behavior of the Windows Update feature. For example: C:\Program Files\Example_App\. To create an uninstaller script To perform these steps. For example: notepad. 2. file. Click Save. Enable and set a schedule for this policy to take effect. as a result your network. Turn off Automatic Updates Remove Admin Policy. Select this option to provide users with the control over the updates downloaded. Important: This may make your network more vulnerable to attack if you neglect to retrieve and install the updates on a regular basis. Notify me but don’t automatically download or install them. Enter the details for the SUS Server and SUS Server Statistics. Select this option if you are using the appliance patching feature to manage Microsoft patch updates. Administrator Guide. More detailed information can be found at Microsoft's support site: KB Article 328010. Click Windows Automatic Update Settings. To modify Windows Automatic Update settings To perform these steps. for more information. The Windows Automatic Update Policy page appears.Using the Scripting Features 9 tab. Enter the following information: Select this option to enable automatic downloading of Windows Updates.) Click Save. Automatic (recommended) Download updates for me. install them. Version 5.3 187 . User allowed to configure. Click Scripting > Configuration Policy. Select this option ensure that you receive the latest downloads. Enable and set a schedule for this policy to take effect. Select this option to provide the additional flexibility in the installation of updates. The Script: Edit Detail page appears. Important: This may make end-users. more vulnerable to attack. Select the interval (in minutes) from the Reschedule Wait Time drop-down list to wait before rescheduling an update if the update fails. Refer to Adding Scripts. on page 166. (SUS stands for Windows Server Update Service. 3. but but let me choose when to control their installation. Reschedule Wait Time Do not reboot machine while user logged in 4. 6. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 5. Select to specify no reboot while a user is logged in. To get an overview of your power consumption. Version 5. Power Management Wizard The Power Management Wizard enables you to configure power management settings to determine and/or decrease the amount of time your computers are drawing power. If you are using the patching functionality for automatic deployment of Windows updates on the node. For example.3 . • To enable power management on a Windows XP System. run reports about power management for about a month. to collect information of desktop systems: • • • Create a Smart Label in Inventory for the chassis type. Go to Reporting > Reports to see the available reports in the Power Management category. This is one of the last configuration options. See To configure general settings for the server. see: http://www.gov On Windows 7 and Vista machines. Enable the local policy for automatic deployment of Windows update on the node. but not laptops. you need EZ GPO. power management is configured using the built-in powercfg command. Modify the registry key for automatic deployment of Windows update on the node. Make a Smart Label in Inventory for Uptime since last reboot that contains the number of days that concern you. EZ GPO is a free tool that works in conjunction with Group Policy Objects on Windows XP. Create reports grouping machines by the chassis type. 188 Administrator Guide. You can also configure how long node uptime information is retained.) • About monitoring power use Most power companies are concerned with the consumption of desktop systems.energystar. The Power Management Wizard automatically downloads EZ GPO when run on a Windows XP system. For more information on EZ GPO. (EZ GPO does not work on these platforms. you must disable the automatic deployment of Windows updates on the node by any other process to avoid the conflict between the different deployment processes. Set up the group policy on the domain for automatic deployment of Windows updates on the node. Configure the patching functionality for automatic deployment of the Windows update on the node.9 Using the Scripting Features To start the Automatic Windows Update on a node You can start the Automatic Windows Update on the node using one of the following methods: • • • • • Enable automatic Windows updates settings policy of the Appliance on the node. on page 35. Administrator Guide. Windows XP: Keep the default Run as Local System with any script created in a wizard. (Optional) Alert users before run. Enforce VNC Settings. select your target operating system. if you select Deploy to All Machines. you can use the Pick Specific OS Version option to limit it to a specific version of Windows. 1. use labels to limit the deployment of the script to computers that run the corresponding version of Windows. Click Scripting > Configuration Policy. be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 6. Version 5. Select Power Management Wizard. select the Pick Specific OS version check box and select the supported version of Windows. In the Supported Operating Systems section. 10. • • 4. “Run As” options are offered with Online KScripts like the Windows XP version of the Power Management script. refer to the side bar help. Enforce Active Directory Settings.Using the Scripting Features 9 To configure Power Management To perform these steps. Limit the script to the appropriate version of Windows by doing one or both of the following: • • In the Deployment section. If you handle Windows Vista or Windows 7. on page 192. Click Save. 3. Using the Mac OS Configuration-based Policies The following sections explain how to use the default policies available to Mac OS systems: • • • Enforce Power Management Settings. 2. Select the value for Status.3 189 . (Optional) Change Scheduling options according to your preferences. 8. 9. High Performance. Power Saver. 5. The Script : Edit Detail page opens. On the Configuration Policy : Windows Power Management page. 7. on page 190. (Optional) Enter any Notes. Click Save. on page 192. or Custom. For example. you can select one of standard configurations: Balanced. If you manage Windows XP systems. The policy options are shown below: 190 Administrator Guide. to the Sleep settings.3 . Most of the settings are on/off check boxes to apply or remove options. You can add time periods. Version 5.9 Using the Scripting Features Enforce Power Management Settings This policy offers you these different energy management profiles to configure and use on your Mac OS-based systems: • • • • • • • • Better energy savings Normal Better Performance Custom You can tailor each of the profiles to these power sources: All Battery Charger (Wall Power) UPS Power usage settings are a trade-off between CPU usage and power usage. in numbers. 3 191 . Version 5.Using the Scripting Features 9 Figure 9-2: The Mac Power Management page Administrator Guide. 9 Using the Scripting Features Enforce VNC Settings This configuration policy controls enables/disables the Mac OS built-in VNC server. Entering your administrator credentials. Deciding on the other options you have for this system as shown below. 192 Administrator Guide. The resulting script assumes that you have root access and shows your password unencrypted (clear text). • • Specifying the LDAP domain name and user authentication information. so make sure that anyone using this script is trusted.3 . You can also use this policy to ensure that your Mac OS nodes check into your Active Directory database. Figure 9-3: The Enforce VNC Settings page Enforce Active Directory Settings You use this policy to add or remove a computer from your domain by: • • Choosing to add or remove a system. Version 5. Version 5.Using the Scripting Features 9 Figure 9-4: The Enforce Active Directory Settings page Administrator Guide.3 193 . 3 . Version 5.9 Using the Scripting Features 194 Administrator Guide. on page 198. Restoring K1000 Management Appliance settings. Updating K1000 Management Appliance software. on page 195 Backing up K1000 Management Appliance data. Version 5. on page 203. as well as update appliance license key information. for example: • • • • Access the most recent appliance server backups Upgrade your appliance server to a newer version Retrieve updated OVAL definitions Restore to backed-up versions and also create a new backup of the appliance at any time The Server Maintenance tab also enables you to reboot and shut down the appliance. on page 202. Windows debugging. on page 204. on page 196. Updating OVAL definitions. From the Server Maintenance tab you can: • • • • • • Upgrade the appliance Update OVAL vulnerability definitions Create a backup appliance Enter or update the appliance License Key Restore to most recent backup Restore to factory default settings Administrator Guide.10 Maintaining Your K1000 Management Appliance This chapter describes the most commonly used features and functions for maintaining and administering K1000 Management Appliance. K1000 Management Appliance maintenance overview The Server Maintenance page allows you to perform a variety of functions to maintain and update your K1000 Management Appliance. • • • • • • • K1000 Management Appliance maintenance overview. Troubleshooting K1000 Management Appliance.3 195 . on page 199. Click Edit Mode.gz– containing the database backup k1000_file. 1. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. reboot it to use the latest features. Click Check for Upgrade. Administrator Guide. is displayed. Backing up K1000 Management Appliance data By default. Go to K1000 Settings > Server Maintenance.M. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. the label Your K1000 is up to date. To run a K1000 Management Appliance backup before the nightly backup occurs. To run the appliance backup manually To perform these steps. When the appliance has finished upgrading. Version 5.3 . your K1000 Management Appliance automatically backs up at 3 A. 3. 196 Go to K1000 Settings > Server Maintenance.tgz– containing any files and packages you have uploaded to the appliance. If the upgrade is available. If the upgrade is not available. which you can apply from the server maintenance page. Your appliance checks kace. creating two files on the backup drive: • • k1000 _dbdata. 4. run the backup manually: 1. Click Upgrade Now to upgrade to the available build.com nightly for recommended upgrades. 2. To upgrade your K1000 Management Appliance To perform these steps.10 Maintaining Your K1000 Management Appliance • • • • Restore from uploaded backup files Reboot your appliance Reboot with extended database check Shut down your appliance Upgrading your appliance KACE provides new server software patches on the corporate server. the label Available Upgrade along with the build number is displayed.. Maintaining Your K1000 Management Appliance 10 2. 3. Click Edit Mode. In the K1000 Controls section, click Run Backup. After creating the backup, the Settings > Logs tab appears. Downloading backup files to another location The backup files are used to restore your K1000 Management Appliance configuration in the event of a data loss or during an upgrade or migration to new hardware. The K1000 Management Appliance contains only the most recent full backup of the files. For a greater level of recoverability (for instance if you wanted to keep rolling backups), you can offload the backup files to another location so that they can be restored later if necessary. You can access the backup files for downloading from the Administrator UI as well as through ftp. To change backup file location To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. Go to K1000 Settings > Server Maintenance. In the K1000 Controls section, click the backup links: • • 3. k1000_dbdata.gz– containing the database backup k1000_file.tgz– containing the files and packages you uploaded to the K1000 Management Appliance Click Save in the dialog box that appears. • • In Internet Explorer, use Browse to specify a location for the files and click Save. In Firefox, you must have previously set the download location. To access the backup files through ftp 1. 2. Open a command prompt. At the C:\ prompt, enter: ftp k1000 3. Enter the login credentials: Username: kbftp. Password: getbxf. 4. Enter the following commands: > type binary > get k1000_dbdata.gz > get k1000_file.tgz Administrator Guide, Version 5.3 197 10 Maintaining Your K1000 Management Appliance >close >quit Restoring K1000 Management Appliance settings You use backup files to restore your appliance configuration in the event of a data loss or to transfer the setting during an upgrade or migration to new hardware. Restoring any type of backup file destroys the data currently configured in the appliance server. Dell recommends off-loading any backup files or data that you want to keep before performing a restore. If your backup files are too large to upload using the default HTTP mechanism (the browser times out), you can upload them using FTP. To upload using FTP, enable the Enable backup via FTP and Make FTP writable security settings. For details see Configuring Local HTTPD, on page 42. Restoring from most recent backup The appliance has a built-in ability to restore files from the most recent backup directly from the backup drive. You can access the backup files from the Administrator UI or through ftp. To restore from the most recent backup To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. 3. Go to K1000 Settings > Server Maintenance. Click Edit Mode. Click Restore from Backup. Uploading files to restore settings If you have off-loaded your backup files to another location, you can upload those files manually, rather than restoring from the backup files stored on the K1000 Management Appliance. To upload backup files To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. 3. 4. Go to K1000 Settings > Server Maintenance. Scroll down and click the Edit Mode. In the K1000 Restore section, click Browse and locate the backup file. Click Restore from Upload Files. 198 Administrator Guide, Version 5.3 Maintaining Your K1000 Management Appliance 10 Restoring to factory settings The appliance has a built-in ability to restore the itself back to its factory settings. To view the factory settings refer to To set up your K1000 Management Appliance server, on page 18. To restore to factory settings To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. 3. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode. Click Restore Factory Settings. Updating K1000 Management Appliance software Part of maintaining your Dell KACE K1000 Management Appliance involves updating the software that runs on the K1000 Management Appliance Server. This process also involves: • • Verifying that you are using the minimum required version of the K1000 Management Appliance Updating the license key in the Dell KACE K1000 Management Appliance to obtain the current product functionality. To verify the minimum server version Before applying this update, verify your K1000 Management Appliance Server version meets the minimum version requirement. 1. 2. 3. Open your browser, and go to the URL for the K1000 Management Appliance (http:// k1000/admin). Select the About K1000 link located at the lower left of the screen. The System Management Appliance line (below the license agreement) contains the release number, as shown in Figure 10-1 on page 200. Administrator Guide, Version 5.3 199 10 Maintaining Your K1000 Management Appliance Figure 10-1: About K1000 Updating the license key After installing an upgrade to the Dell KACE K1000 Management Appliance server, you may need to enter a new KACE license key to fully activate the K1000 Management Appliance. You need the new license key to upgrade your appliance. Updating your Dell KACE K1000 Management Appliance license key To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. 3. 4. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode. Under License Information, enter your new license key. Click Save License. 200 Administrator Guide, Version 5.3 Maintaining Your K1000 Management Appliance 10 Applying the server update If you are using a previous version of the Dell KACE K1000 Management Appliance, you must apply the earlier updates separately before continuing. Refer to the release notes for your version of the Dell KACE K1000 Management Appliance to determine the minimum updates. To apply the server update To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. 3. 4. 5. 6. Download the k1000_upgrade_server_XXXX.bin file, and save it locally. Open your browser to http://k1000/admin. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode. Under Update K1000, click Browse, and locate the update file you just downloaded. Click Update K1000. When the file has completed uploading, your K1000 Management Appliance will reboot with the latest features. To verify the upgrade To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. After applying the upgrade, verify successful completion by reviewing the update log. 1. 2. 3. 4. Go to K1000 Settings > Logs. Select Updates from the Current log drop-down list. Review the Update log for any error messages or warnings. Click About K1000 in the upper right corner to verify the current version. Updating patch definitions from KACE Although the definitions for Microsoft patches are updated automatically on a scheduled basis, you can retrieve the latest files manually from the Server Maintenance page. To update the patch definitions To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode. Administrator Guide, Version 5.3 201 10 Maintaining Your K1000 Management Appliance 3. Click Update Patching to update your patch definitions. To delete patch files To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. You can delete all previously downloaded patches: 1. 2. 3. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode. Click Delete Patch Files to delete the patch files. To Reboot and shut down KACE K1000 Appliances To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. You may need to reboot the appliance from time to time when troubleshooting or upgrading its settings. 1. 2. Click K1000 Settings > Server Maintenance. Click Reboot K1000. Before you can perform hardware maintenance, you need to shut down the appliance before unplugging it. You can shut down the appliance either by: • • Pressing the power button once, quickly. Clicking the Shutdown K1000 button on the Settings > Server Maintenance tab. You can use the Reboot and Shutdown buttons after you click the Edit Mode link at the bottom of the page. Updating OVAL definitions Although the definitions for OVAL vulnerabilities are updated automatically on a scheduled basis, you can retrieve the latest files manually from the Server Maintenance page. For more information about OVAL definitions, see the Security and Patching Guide. To update the OVAL and patch definitions To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode. 202 Administrator Guide, Version 5.3 Maintaining Your K1000 Management Appliance 10 3. Click Update OVAL. Troubleshooting K1000 Management Appliance Your appliance offers several log files that can help you detect and resolve errors. The log files are rotated automatically as each grows in size, so no additional administrative log maintenance procedures are required. Log maintenance checks are performed daily. The appliance maintains the last seven days of activity in the logs. KACE Technical Support may request that you send the appliance server logs if they need more information in troubleshooting an issue. To download the logs, click the Download Logs link. For more information, see Downloading log files, on page 204. Accessing K1000 Management Appliance logs You can access the appliance Server logs by going to the Settings > Logs tab. Select the appropriate log to view from the Current log drop-down list. This area also provides a reference for any K1000 Management Appliance informational or exception notices. Log Type Hardware Server Log Name Disk Status K1000 Log Access Server Errors Stats Updates Tomcat Log Description Displays the status of the appliance disk array. Displays the errors generated on the server. Displays the HTTP Server's access information. Displays errors or server warnings regarding any of the onboard server processes. Displays the number of connections the appliance is processing over time. Displays details of any appliance patches or upgrades applied using the Update K1000 function. Displays the Tomcat log information. System Displays system performance log information. Performanc e Konductor Log Opcode Cache Client Client Errors Displays Konductor log information. Displays opcode cache log information. Displays Agent exception logs. AMP Server Displays AMP server errors. AMP Queue Displays AMP Queue errors. Administrator Guide, Version 5.3 203 3. Go to K1000 Settings > Logs. The logs are downloaded in the k1000_logs. SMMP. Click Save.log with basic logging Mac OS X agent. 2. refer to Configuring Agent Messaging Protocol Settings. Dell KACE Technical support might ask you to submit log files. You can enable debug logging by configuring AMP Settings. Run-Now scripts. Open the SMMP configuration file: %PROGRAMFILES%\KACE\K1000\SMMP. you can enable other debug logs on a node: • • K1000 Agent – Enable debug logging on the node to troubleshoot machine inventory. starting on page 301.conf 2.tgz file.10 Maintaining Your K1000 Management Appliance Downloading log files The Dell KACE K1000 Management Appliance provides the ability to directly download the logs into one file from the Admin UI. To help diagnose a problem. and Patching. refer to Appendix E: Manually Deploying Agents. In addition to the standard logging. and file synchronizations. Click Download logs on the right of the Log page. Add the following line: debug=true For more information on debug logging on Linux and Mac OS platforms. managed installs. To download Dell KACE K1000 Management Appliance logs To perform these steps. For information on how to configure the AMP Settings page.log with basic logging 204 Administrator Guide. Version 5. Windows debugging To log on to the AMP service 1. on page 47.log with basic logging Linux agent. K1000 AMP Service – Enable debug logging on the Windows node to troubleshoot the on-demand running of Desktop Alerts.conf without debug=true Windows debug. be sure to select System from the Organization drop-down list in the top-right hand corner of the page.3 . 1. 3 205 .Maintaining Your K1000 Management Appliance 10 SMMP.log with detailed logging Administrator Guide.log with detailed logging Linux agent.conf with debug=true Windows debug. Version 5.log with detailed logging Mac OS X agent. com if you enabled crash reporting on the Settings > General tab. you often work with the Disk Status log. Version 5.10 Maintaining Your K1000 Management Appliance Understanding Disk Status log data When troubleshooting the K1000 Management Appliance. that issue is reflected here. 206 Administrator Guide. If there is a physical problem with the appliance.3 . K1000 Management Appliance server and agent exceptions are reported nightly to kace. but other possible errors can be resolved by following the same steps: Step Step 1: Rebuild Description The disk status log error “Degraded” indicates that you need to rebuild the array. • If an error state still exists after this. Administrator Guide. To do this: • Click Rebuild Disk Array. This section does not describe every possible error message. Version 5. proceed to step 2.3 207 . Rebuilding can take up to 2 hours. this section will be helpful to solve any problems.Maintaining Your K1000 Management Appliance 10 Figure 10-2: Disk Status Log In the cases where the logs display errors. 208 Administrator Guide. Step 3: Call Dell KACE Technical Support If you have performed the previous steps and are still experiencing errors. Version 5.3 .com) or phone (888)522-3638 option 2. • If an error state still exists. contact Dell KACE Technical Support by email at (support@kace. try rebuilding again or proceed to Step 3. In these cases. eject each of the hard-drives and then re-insert them.10 Maintaining Your K1000 Management Appliance Step Step 2: Power Down and Reseat the Drives Description In some cases. the degraded array may be caused by a hard drive that is no longer seated firmly in the drive-bay. making sure that the drive is firmly in the bay. the disk status will usually show “disk missing” for that drive in the log. • Once the appliance is powered off. • Power the machine back on and then look again at the disk status log to see if that has resolved the issue. • Power down the Dell KACE K1000 Management Appliance. Version 5. on page 214. an anonymous bind is attempted. If it finds any entries. on page 215.3 209 . The search filter queries the LDAP server. If no LDAP user name is given.. they are automatically labelled. on page 209. Automatically Authenticating LDAP Users. You can bind to an LDAP query based on the following Dell KACE K1000 Management Appliance variables: • • • • • • • Computer Name Computer Description Computer MAC IP Address User name User Domain Domain User Administrator Guide. on page 213. nonanonymous login). Each LDAP Label can connect to a different LDAP/AD server. • • • • • • About LDAP Labels. on page 210 Creating an LDAP Label with the Browser. supply these credentials. About LDAP Labels LDAP Labels allow the automatic labeling of machine records based on LDAP or Active Directory interaction. Using the LDAP Browser Wizard.e. on page 211. Creating an LDAP Label Manually.11 LDAP The Dell KACE K1000 Management Appliance LDAP feature allows you to browse and search the data located on an LDAP Server. If the LDAP server requires credentials for administrative login (i. Using LDAP Easy Search. DC=kace. contact KACE Support for assistance before proceeding. Enter the LDAP port number. 1. Specify the IP or Host Name of the LDAP Server. use the IP or Host Name. Error example: (!samaccountname=David) Workaround example: (!(samaccountname=David)) 210 Administrator Guide. In the Choose Action menu. Enter a search filter. Negative searches are NOT supported correctly in LDAP search using Microsoft’s recommended method. For example: LDAP Login: CN=Administrator. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. For more information on the LDAP Browser Wizard. Version 5. even if you use the filter builder. You will receive a bad search filter error.DC=kace=com Enter the password for the LDAP login. refer to Service Desk Administrator Guide. Select this only after you have tested the label. you can use the LDAP Browser Wizard.11 LDAP Creating an LDAP Label Manually To perform these steps. LDAP Port Number Search Base DN Search Filter LDAP Login LDAP Password If you are unable to fill in the information for Search Base DN and Search Filter fields.DC=com)) Enter the LDAP login. click Add New Item. CN=Users. 2. Select an existing label to associate with this LDAP label.DC=ka ce. The LDAP Label : Edit Detail page appears. Associated Label Notes Any notes from the label definition are automatically added to this field. Enter the Search Base DN (Distinguished Names). Select the LDAP filter type: Machine or User.DC=com. Click Home > Label > LDAP Labels. Note: For connecting through SSL. which is either 389 or 636 (LDAPS). A non-standard certificate can be an internally-signed or a chain certificate that is not from a major certificate provider such as Verisign. If you have a non-standard SSL certificate installed on your LDAP server. For example: (&(sAMAccountName=admin)(memberOf=CN=financial. Enabled Filter Type Associated Label Name Server Hostname Enter the following information: Select this check box to enable the appliance to run the label each time a system checks in. For example: ldaps://HOSTNAME. 3. Skip the Enabled check box until you have tested the LDAP Label. For example: CN=Users.3 . To test your LDAP label. this query runs against the LDAP server. 1. Change the label parameters and test again as necessary. If a result is returned. You can also create an LDAP Label using the LDAP Browser.) You must have the Bind DN and Password to log on to the LDAP Server. Specify the LDAP Server Details Enter the IP or the Host Name of the LDAP Server. Enter the LDAP port number. The LDAP Browser allows you to browse and search the data located on the LDAP Server (for example.CN=Users. Note: For connecting through SSL. contact KACE Support for assistance before proceeding. If the LDAP label is ready to use. For example: ldaps://HOSTNAME. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 2. a list of possible base DNs (Distinguished Names) available on that directory is displayed. either 389 or 636 (LDAPS). For example: CN=Administrator.DC=com. Each time a machine checks into the K1000 Management Appliance.3 211 . the machine gets the label specified in the Associated Label field. Click the Test LDAP Label button to test your new label. On a successful connection to the LDAP server. Administrator Guide. you can save without enabling.DC=kace. such as an internally-signed certificate or a chain certificate that is not from a major certificate provider such as Verisign. LDAP Port LDAP Login LDAP Password 3. You can use these base DNs as a starting point to browse and search the directory. LDAP Server Go to Home > Labels > LDAP Browser. Creating an LDAP Label with the Browser To perform these steps. The admin value in the Search Filter field is replaced with the name of the user that is logged onto this machine. use the IP or Host Name. Otherwise. click the Test button and review the results. 5. If you have a non-standard SSL certificate installed on your LDAP server. Enter the Bind DN. 6. select the Enabled check box.LDAP 11 4. Click Save. Click Test. the Active Directory Server. Version 5. Enter the password for the LDAP login. AND. Click a Base DN. The LDAP server is not up. The Query Builder is displayed. The login credentials provided are incorrect. Version 5. 8. The search results are displayed in the left panel. 5. (samaccountname=admin). The Search Base DN is populated on the basis of the Base DN that you selected in the previous screen. Note: This field is available for the previous attribute only when you add a new attribute. Enter the attribute name. Enter the attribute value. Specify the following information. Select the relational operator from the drop-down list. Click One level to search at the same level or click Sub-tree level to search at the sub-tree level. The query appears in the Search Filter text area. Click OK. To add more than one attribute: Select the conjunction operator from the drop-down list.11 LDAP If the connection was not established. You can also use the Filter Builder to create complex filters. The attributes are displayed in the right panel. 9. Attribute Name Relational Operator Attribute Value 6. You can modify the Search Base DN and the Search Filter values.3 . For example: samaccountname. 7. the Operation Failed message appears. The IP or Host Name provided is incorrect. Conjunction Operator Add Search Scope Click to add multiple attributes. =. For example. Click Browse to display all the immediate child nodes for the given base DN and search filter. For example. Click Search to display all the direct and indirect child nodes for the given base DN and search filter. Click a child node to view its attributes. or click Next. 212 Administrator Guide. For example. which can be due to one of the following reasons: • • • 4. For example. A new window displays the Search Base DN and the Search Filter fields. Click Filter Builder. admin. To use the LDAP Easy Search 1. or click Next. Specify the LDAP Server Details Enter the IP or the Host Name of the LDAP Server. Note: For connecting through SSL. You can use these base DNs as a starting point to browse and search the directory. For example: ldaps://HOSTNAME. 4. Click a Base DN. The login credentials provided are incorrect. 2. The LDAP server is not up. For example: CN=Administrator.CN=Users. If the connection was not established. and click GO. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. the Operation Failed message appears. You can also specify Other attributes. a list of possible base DNs available on that directory is displayed. Administrator Guide. either 389 or 636 (LDAPS). If you have a non-standard SSL certificate installed on your LDAP server. The LDAP EasySearch page appears. Enter any key word for search. such as an internally-signed certificate or a chain certificate that is not from a major certificate provider such as Verisign. you can click the Indexed field option or Non-Indexed field option. Enter the Bind DN. 7. Click the Go to LDAP Easy Search link. 6. On a successful connection to the LDAP server. Check the following causes: • • • The IP or Host Name provided is incorrect. use the IP or Host Name. contact KACE Support for assistance before proceeding. For more a specific search. Click Test. LDAP Server Go to Home > Label >LDAP Browser. The Search Base DN field is populated on the basis of the Base DN that you selected in the previous screen.LDAP 11 Using LDAP Easy Search To perform these steps. LDAP Port LDAP Login LDAP Password 3. Enter the LDAP port number. You can use LDAP Easy Search to quickly search the data located on the LDAP Server. separated by comma.DC=com Enter the password for the LDAP login. 5. Version 5. You can modify the Search Base DN and Search Filter values.3 213 .DC=kace. A new window displays the Search Base DN and the Search Filter fields. For example: CN=Administrator. On a successful connection to the LDAP server. 2.CN=Users. Check the following causes: • • • The IP or Host Name provided is incorrect. use the IP or the Host Name. you can browse and search the data located on the LDAP Server. You can modify the Search Base DN and Search Filter field values. Using the LDAP Browser Wizard. For example: 389 or 636 (LDAPS). A non-standard certificate can be an internally-signed or a chain certificate that is not from a major certificate provider such as Verisign. Active Directory Server. For example: ldaps://HOSTNAME. 1. For example. If you have a non-standard SSL certificate installed on your LDAP server. Version 5. You must have the Bind DN and the Password to log on to the LDAP Server. 5. LDAP Port LDAP Login LDAP Password 3. Note: For connecting through SSL. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 6. Enter the LDAP Port number.DC=kace.11 LDAP Using the LDAP Browser Wizard The LDAP Browser Wizard enables you to fill in the information for the Search Base DN and the Search Filter fields. the Operation Failed message appears. To create complex filters. you need to contact KACE Support for assistance before proceeding. The login credentials provided are incorrect. The LDAP Server is not up. The Search Base DN is populated on the basis of the Base DN that you selected in the previous screen. You can use these base DNs as a starting point to browse and search the directory. To use the LDAP Browser Wizard To perform these steps. a list of possible base DNs (Distinguished Names) available on that directory is displayed. Click Next or one of the base DNs to advance to the next step. Specify the LDAP Server Details Enter the IP or Host Name for the LDAP Server.DC=com Enter the password for the LDAP login. A new window displays the Search Base DN and Search Filter fields. LDAP Server Go to Home > Label > LDAP Browser.3 . Click Test. If the connection was not established. click Filter Builder. 214 Administrator Guide. Enter the Bind DN. 4. The search results are displayed in the left panel. you can configure the K1000 Management Appliance for local authentication or External LDAP Server authentication. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. For example. 12. The attributes are displayed in the right panel. 10. Automatically Authenticating LDAP Users Instead of setting up users individually on the Users tab. AND. Click One level to search at the same level or click Sub-tree level to search at the sub tree level. Click Next to use the displayed settings. Select the Relational Operator from the drop-down list. The query appears in the Search Filter text area. For example: admin. Note: This field is available for the previous attribute only when you add a new attribute. Conjunction Operator Add Search Scope 9. Administrator Guide. Click Next to confirm the LDAP configuration. To add more than one attribute: Select the Conjunction Operator from the drop-down list. Specify the following information: Enter the attribute name. (samaccountname=admin). Version 5. 11. without having to add users individually from the Users tab. For example: =. Click to add multiple attributes. Click OK. For example. Click Browse to display all the immediate child nodes for the given base DN and search filter or click Search to display all the direct and indirect child nodes for the given base DN and Search Filter. To configure the appliance for user authentication To perform these steps. 13. Click a child node to view its attributes. Attribute Name Relational Operator Attribute Value 8. This allows users to log into the appliance Administrator portal using their domain user name and password. The appliance can then access a directory service (such as LDAP) for user authentication.LDAP 11 The Query Builder is displayed. Enter the attribute value. 7.3 215 . For example: samaccountname. the appliance will timeout. Click User Authentication. Removes the server. Click Edit Mode to edit External LDAP Server Authentication fields. Changes the order of the server in the list of servers. (This is the default. 4. All servers must have a valid IP address or Hostname. 6. If External LDAP Server Authentication is enabled. the password is authenticated against the External LDAP Server. If the External LDAP Server Authentication is enabled. Contact KACE customer support if you need assistance with this process.3 . The Settings: Control Panel page appears. 7. Specify the authentication method you want to use: K1000 (local) Select this option to enable local authentication. You can have more than one LDAP Server/Directory configured. Click Add New Server to add a new LDAP Server. 5. 3. provide credentials for administrative login. Click Edit Mode. Click Settings > Control Panel. Modifies the server definition. 2. resulting in login delays when using LDAP authentication. the password is authenticated against the existing entries in the local database at Service Desk > Users. You can use external authentication against an LDAP server or Active Directory server. External LDAP Server Authentication Select this option to enable external user authentication.) Authentication) If local authentication is enabled. 216 Administrator Guide. an anonymous bind is attempted. Version 5. The LDAP user configured should at least have READ access to the “search base” area.11 LDAP 1. Click the appropriate icons next to the server name to perform described actions: Icon Description Schedules a user import for this server. If you do not specify an LDAP user name. The K1000 Settings: Authentication page appears. Otherwise. 10. • Login Not Allowed: This user cannot log on to the Service Desk.DC=com LDAP Password (if required) Role Enter the password for the LDAP login. refer to Using the LDAP Browser Wizard. Server Friendly Name Server Host Name (or IP) LDAP Port Number Search Base DN Search Filter Enter the Search Filter.CN=Users.DC=corp.DC=k ace. If you have a non-standard SSL certificate installed on your LDAP server. Click Apply to save your changes. on page 214. Enter the IP or Host Name of the LDAP server.DC=kace. LDAP Login Enter the LDAP login. either 389 or 636 (LDAPS). and then click Test LDAP Settings. refer to the Service Desk Administrator Guide.3 217 .DC=hq. For example: CN=Administrator.DC=corp. you can use the LDAP Browser Wizard. Version 5. • User Role: This user can log on only to the Service Desk.DC=com.DC=hq. For example: ldaps://HOSTNAME. A non-standard certificate can be an internallysigned or a chain certificate that is not from a major certificate provider such as Verisign. For example: CN=Users. Enter the Search Base DN. Enter the user’s role: • Admin Role: This user can log on to and access all features of the administrator UI and Service Desk. To test the LDAP settings. If you are unable to fill in the information for Search Base DN and Search Filter. Enter the LDAP Port number. For more information on how to use the LDAP Browser Wizard.LDAP 11 8. For example: (samaccountname=admin). Required. Note: For connecting through SSL. The Admin Role is the default role. Administrator Guide. use the IP or the Host Name. Note: The roles listed above are system provided roles and are not editable. enter a password in the Test User password. • Read-Only Admin Role: This user can log on but cannot modify any settings in the administrator UI or Service Desk. Complete the LDAP server definition by specifying the following information: Enter a name for the server. contact KACE Support for assistance before proceeding. 9. To create a new role. The union of all the label attributes will form the list of labels you can import.11 LDAP To schedule a User Import 1. The Search Base DN. it retrieves all attributes. In Email Notification section. Specify the attributes to retrieve. The LDAP Port number. or choose Select user to add from the drop-down list.3 . and is not recommended. mail. Attributes to retrieve Label Attribute Label Prefix Binary Attributes Max # Rows Debug Output 4. For example: OU=users. 218 Administrator Guide. Specify the attributes to import. objectguid.DC=com The Search Filter. Version 5. For example: samaccountname. displayname. which is either 389 (LDAP) or 636 (LDAPS). For example: memberof. The LDAP Server Details are displayed. For more information on how to use the LDAP Browser Wizard. 2. Label Attribute is the attribute on a customer item that returns a list of groups this user is a member of. sn. The User Import : Schedule – Choose attributes to import: Step 1 of 3 page appears. Click Edit Mode to edit the External LDAP Server Authentication fields. you can use the LDAP Browser Wizard. Click the icon next to the server name in the list of servers to schedule a user import. Enter the Binary Attributes. This may make the import process slow. which are read-only: LDAP Server LDAP Port Search Base DN Search Filter LDAP Login LDAP Password 3. cn.DC=domain. name. If you are unable to complete the information for Search Base DN and Search Filter. This limits the result set that is returned in the next step. refer to Using the LDAP Browser Wizard. The LDAP login password. For example: ldap_ The Label Prefix is a string that is added to the front of all the labels. Enter the label prefix. Enter a label attribute. The LDAP login. For example: objectsid. Enter the maximum rows. on page 214. Click the check box to view the debug output in the next step. memberof. Binary Attributes indicates which attributes should be treated as binary for purposes of storage. userPrincipalName. description If you leave this field blank. click to enter the recipient’s e-mail address. The IP or Host Name of the LDAP Server. 3 219 . The Existing Users table and the Existing Labels table display the list of Users and Labels that are currently on the appliance. Click Import Now to save the schedule information and load the user information into the appliance. 13. This list displays a list of all the Label Attribute values that were discovered in the search results.Import data into the K1000: Step 3 of 3 page opens.Define mapping between User attributes and LDAP attributes: Step 2 of 3 page opens. where you can edit the imported user records. 9. Click Save to save schedule information. Click Next to start the import.LDAP 11 5. Version 5. Select the value from the drop-down list next to each LDAP attribute to map the values from your LDAP server into the User record on the appliance. Only users with a LDAP UID. 11. 7. 10. The fields in red are mandatory. specific day at HH:MM AM/PM Run on the nth of every month/ specific month at HH:MM AM/ PM 6. After importing. Review the information displayed in the tables below: • • • • The Users to be Imported table displays list of users reported. Click Next. In Scheduling section. (Default) Don’t Run on a Schedule Run Every day/ Run daily or a specific day of the week at the specified time. 12. Run on a specific date or day of the month at the specified time. Click Next. the User list page appears. The User Import : Schedule . The LDAP Uid must be a unique identifier for the user record. Press CTRL and click to select more than one label. Administrator Guide. Select a label to add to the appliance. 8. The Labels to be Imported table displays the list of labels reported. Any records that do not have these values are listed in the Users with invalid data table. specify the scan schedule: Select this to not have the user import run on a schedule. User Name. and E-mail value will be imported. The User Import : Schedule . 220 Administrator Guide.11 LDAP The Settings: Authentication page opens. Version 5.3 . The imported user can log on to and access all features of the administrator UI and Service Desk depending on the role assigned. the previous Reports and the reporting engine are still available. The K1000 Management Appliance 5. CSV. on page 223 Scheduling Reports.3 includes a new reporting engine. If you are upgrading from an earlier version. starting on page 321. To view the list. select Reporting > Reports. contains instructions for using this deprecated feature.3 221 . Version 5. on page 234 Reporting Overview The K1000 Management Appliance is shipped with many stock reports. Appendix G: K1000 Classic Reports.12 Running the K1000 Appliance Reports The Dell KACE K1000 Management Appliance provides a variety of reporting and alert features that enable you get a detailed view of the activity on your organizations’ implementation. By default. on page 222 Creating and Editing Reports. the appliance provides reports in the following general categories: • • • • • Compliance Dell Updates Dell Warranty Hardware Service Desk Administrator Guide. These Reports are listed under the Classic Reports tab. on page 229 Using Alert Messages. on page 233 E-mail Alerts. The reporting engine generate reports in HTML. and TXT formats. • • • • • • Reporting Overview. on page 221 Running Reports. The View by menu allows you to filter which reports are displayed by category. Opening a CSV file containing multi byte characters with Microsoft Excel may yield “garbage characters" in the resulting worksheet. See Dell KACE Support for instructions on how to import the CSV file into an Excel worksheet. Running Reports The K1000 Reports page displays a list of the available reports.12 Running the K1000 Appliance Reports • • • • • • • • • • iPhone Inventory K1000 Network Patching Power Management Security Software Template Virtual Kontainers You can duplicate and modify these reports as necessary. delete or modify Reports. CSV. a strong knowledge of SQL is required to successfully change a report. 222 Administrator Guide. you can open the file or save it to your computer.3 . be sure to select your organization from the Organization drop-down list in the top-right hand corner of the page. To run any of the K1000 Management Appliance reports. or TXT. For other formats. To use. click the desired format type: HTML. For the HTML format. create. Version 5. the report is displayed in a new window. However. See To create a new SQL report on page 228. Create a new report using the Report Wizard. The following graphic shows an example of grouping rows. the K1000 Management Appliance can lay out reports by: • • • • Column and row order. Report Layout To make the analysis of your data easier. In this example.3 223 . See To duplicate an existing report on page 229. suppose you want to create a list of Windows machines that have Adobe Illustrator installed. Prioritize row sorting. Order rows by ascending or descending alphanumeric sequence. Group rows under a subheading row. See To create a new report using the Report Wizard on page 225. you can: • • • Duplicate an existing report and modify the copy to suit your needs. Version 5. you want them separated by operating system.Running the K1000 Appliance Reports 12 Creating and Editing Reports If you have other reporting needs not covered by default reports. Create an SQL report. The report criteria looks for Illustrator and makes the operating system (OS_Name) the break column (displayed as a Administrator Guide. and for license reasons. and shows the number of machines in each group. The report returns a list of machines divided into Windows XP. 224 Administrator Guide.12 Running the K1000 Appliance Reports subheading). Version 5. Windows 7.3 . Windows Vista. Click Reporting > Reports. The K1000 Reports page appears.3 225 . Enter the report details as shown: Display name for the report.Running the K1000 Appliance Reports 12 The following graphics shows an example of sorting using two criteria. The Define a New Report page is displayed. 3. Version 5. The sort criteria first groups the computers by the type of operating system and then by the domain: To create a new report using the Report Wizard 1. Report Title Administrator Guide. In the Choose Action menu. The Sort on fields selection is: The report returns a list of computers first sorted by operating system and then domain. so you can distinguish this report from others. 2. click Add New Report. In this example. suppose that you want to create a list of the last time the agent was synced sorted by operating system and domain. Make this as descriptive as possible. 5. If the category does not already exist. For example. 10. it will be added to the drop-down list on the Reports list page and displayed in the Report list on the K1ooo Reports page. Clicking a Section title toggles the fields in the section. Information that the report will provide. Adds number column for each row. which you define in step 6. Description Show Line Number Column Report Topic 4. 8. place the fields in the order you want the columns to appear on the Report. Using drag and drop. Configure how the rows are arranged. 7. The Define a New Report: Sort on fields page is displayed. This sets which fields are available for the report.3 . The available topics are displayed in the menu. Click Next. Select the fields that you want to include in your report. Click Next.12 Running the K1000 Appliance Reports Report Category Category for the report. Click Next. software. The Define a New Report: Fields to include page is displayed. Click the appropriate topic name from the Available Topics list. 9. 6. The Define a New Report: Fields order page is displayed. 226 Administrator Guide. Version 5. see Report Layout. Report data is organized by the selection in the first field. For example. click or to add a nested group b. This rule filters the data and displays only Windows machines. Administrator Guide. Click Next. e. 12. f. and then by the third field. Select the AND/OR operator from the and/or drop-down list. c. Windows. Select the appropriate operator from the Operator drop-down list. Break Header: Groups results under a subheading using the name of the field selected in the Order by column. To add a filter. For an example.Running the K1000 Appliance Reports 12 • Order By: Specify how the results are sorted based on the fields defined in step 6. (Optional) Use filter criteria if you don't want to return the entire data set in your report: a. and then by the second field. enter the appropriate value. d. Click Save. These fields organize the data by priority with the top field having the highest priority. Version 5. contains. g. In the Value field. Select the appropriate field from the Field Name list. For example. Supported Operating Systems. Save the filter. • • Sequence: Orders the results in either ascending or descending alphanumeric order. 11. To add another filter. OR: Match any of the following fields. on page 223. AND: Match all of the following fields.3 227 . For example. The Define a New Report: Filters page is displayed. repeat the preceding steps. 13. The query statement that will generate the report data. click the desired format. Category for the report. The View by field is automatically set to the category of the new report. Information that the report will provide. 14. 2. so you can distinguish this report from others. A comma-separated list of SQL column names. The report will generate break headers and sub totals for these columns. The K1000 Reports page appears. The K1000 Management Appliance checks the syntax for your report and reports any errors. If the category does not already exist. Version 5. click the desired format. To run the new report. For reference. consult the MYSQL documentation. Make this as descriptive as possible. you can open the file or save it to your computer. In the Choose Action menu. Title Category Description Output Types SQL Select Statements Break on Columns Show Line Number Column 4. Adds number column for each row. 5. The K1000 Report : Edit Report page is displayed. To create a new SQL report 1. you can open the file or save it to your computer. If you select CSV or TXT.3 . If you select CSV or TXT. 3. Enter the report details as shown: Display name for the report.12 Running the K1000 Appliance Reports The K1000 Reports page is displayed with the new report listed. Click Save. 228 Administrator Guide. Click Reporting > Reports. To run the new report. click Add New SQL Report. it will be added to the drop-down list on the Reports list page and displayed in the Report list on the K1ooo Reports page. The formats that you want available for this report. Version 5. The K1000 Reports page appears.3 229 . 3. one of the following pages is displayed: • • 3. To duplicate the report. Click the report that you want to edit. either the The K1000 Reports : Edit Report page is displayed. To edit an SQL report. Click Reporting > Reports. The K1000 Reports page appears. where you can modify the report for your needs. use the same steps as described in To create a new SQL report. or the Reporting wizard is started where you can modify the duplicated report. • • Wizard Report: Define a New Report page SQL Report: The K1000 Reports : Edit Report page Depending on the type of report. To duplicate an existing report You cannot duplicate a report made with the Report Wizard. Define a New Report page. Scheduling Reports Reports schedules allow you to specify a specific time to run reports and send email notifications of the results to one or more recipients. click Duplicate. 4. either of the following pages are displayed. Click Save. Modify the report details as necessary. Click the report title you want to duplicate. The K1000 Reports : Edit Report page. if the report was created by the Report Wizard. Depending on the type of report. on page 228. if the Report is an SQL report. 5. 4. The Reports Schedules page displays a list of scheduled reports Administrator Guide. on page 225. 1. use the same steps as described in To create a new report using the Report Wizard. 2. 2. To edit a report using the Report Wizard.Running the K1000 Appliance Reports 12 To edit an existing report 1. Click Reporting > Reports. Depending on the type of report. If you accessed the Schedule Reports : Edit Detail page starting from the Schedule icon . TXT. and then on the K1000 Reports page click the report’s Schedule icon . specify the details for the report schedule. select Create a New Schedule. The Schedule Reports : Edit Detail page is displayed. Make this as descriptive as possible. Description: The information that the schedule provides. If you accessed the Schedule Reports : Edit Detail page starting from the Schedule Reports tab. or HTML) for the scheduled report. 2. To select a report if starting from the Schedule Reports tab 1.3 . This determines which of reports are listed in the Select report to schedule drop-down list. and then from the Choose Action menu. specify the following schedule details: 230 Administrator Guide. Version 5. specify the following schedule details: • • • Schedule Title: The display name for the schedule. Report Output Formats: The available output formats (CSV. • • 2. on page 231.12 Running the K1000 Appliance Reports To create a report schedule Reports are scheduled on the Schedule Reports : Edit Detail page. Go to Reporting > Schedule Reports. • • • • To select a report if starting from the Schedule icon To select a report if starting from the Schedule Reports tab To define email notifications To schedule the time the report runs To select a report if starting from the Schedule icon 1. 1. On the Schedule Reports : Edit Detail page. Continue to To define email notifications. so you can distinguish this schedule from others. as described in the following sections. Select the Reports or Classic Reports radio button based on the type of report you are scheduling. Report to Schedule: The name of the report is already selected. Go to the Schedule Reports : Edit Detail page in one of two ways: • • Go to Reporting > Reports. Administrator Guide. so you can distinguish this schedule from others. This determines which of reports are listed in the Select report to schedule drop-down list. TXT. or HTML) for the scheduled report. (Required) Define the email notifications by clicking . Make this as descriptive as possible. • 2. Use the Filter to limit the number of reports displayed in the Select report to schedule menu. To define email notifications 1.3 231 . entering “dell” displays report titles containing dell. Continue to To define email notifications. Select the Reports or Classic Reports radio button based on the type of report you are scheduling. on page 231. • The Filter filters by character. Report Output Formats: The available output formats (CSV. Description: The information that the schedule provides. For example. Version 5. Report to Schedule: From the Select report to schedule drop-down list.Running the K1000 Appliance Reports 12 • • • Schedule Title: The display name for the schedule. select the report that you want to schedule. The Filter filters by character. Run monthly at the specified time. Click Save. Version 5. If desired. 2. 232 Administrator Guide. To schedule the time the report runs 1. Run daily at a specified time. The subject can help the reader to quickly identify what the report is about. Don’t Run on a Schedule Run Every n hours Run Every day/specific day at hour:minute Run on the nth of every month/specific month at hour:minute 2. 3. enter the message text in the notification. Run at a specified hour interval.12 Running the K1000 Appliance Reports The Recipients field and Select user to add drop-down list are displayed. -orRun on a specified day of the month at a specified time.com. enter the subject of the schedule. 5. Select the appropriate radio button and time under Scheduling: (Default) Select when you do not want to run the report on a schedule.com. -orRun on specified day of the week at a specified time. Use the Filter to limit the number of email address displayed in the Select user to add menu. In the Subject field. Enter the email addresses in following ways: • • Enter a comma-separated list of email addresses in the Recipients field. and so on. In the Message Text field. 4. leo@mgt-kace. For example. entering “mgt” would display email addresses jessie@mgt-kace. select Only send when results are present.3 . create new alerts. Select the check box for the schedules that you want to delete. From the Choose Action menu. Version 5. refer to Configuring Agent Messaging Protocol Settings. you can create new schedules or delete them. 3. Use keywords to search schedules. To delete a scheduled report 1. See the information about alerts in To add an Offline KScript or Online KScript. You can also search messages using keywords. In the Choose Action menu. From the Report Schedules List page. Administrator Guide. on page 166. The Alerts feature works only if there is a constant connection between the appliance agent and the appliance. The Report Schedules page appears.3 233 .Running the K1000 Appliance Reports 12 The Report Schedules page is displayed listing the newly scheduled report. you can: • • • Click a report to open it. From the Alerts List page you can open existing alerts. Click OK to confirm deleting the schedules. For information on how to set up the constant connection. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 4. you can add this to online KScripts. The Alerts List page displays the messages you have distributed to users. 2. To alert users before you run a script on their computer. Using Alert Messages Alert messages provide a way for you to interact with your users by displaying a message in a pop-up window. To Create a Broadcast Alert Message To perform these steps. Click Reporting > Schedule Reports. on page 47. click Delete Selected Item(s). or delete alerts. 12 Running the K1000 Appliance Reports If you have information that you want to distribute to your network. To create an e-mail Alert To perform these steps. 4. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. specify the length of time the message will be valid. E-mail Alerts E-mail Alerts differ from Alerts (broadcast messages) in an e-mail alert you can send out messages to administrators based on more detailed criteria. you can review and modify previous messages you have deployed.3 . In the Limit Broadcast To area. 1. If a notification query results in one or more machine records. In the Choose Action menu. Messages will be broadcast to users until either the user's desktop has received the message or the specified time interval has elapsed. go to: Settings >K1000 Agent >K1000 Agent Settings. Click Reporting > Alerts. To set the time interval for downloading scripts. type the text of your message. The E-mail Alert feature relies on the Inventory > Computers engine to create a notification that will be sent to administrators when computers meet the criteria you specify. 6. Notifications are processed every 60 minutes. 7. The alert messages remain in the queue until the target machine checks in. then a message is sent to the administrators specified in the alert details. Press CTRL and click to select multiple labels. Select the appropriate day and time from the drop-down lists. This is true even if the Keep Alive time interval elapses or if the connection between the appliance Agent and the appliance has been lost or interrupted. Select the Enable Scheduled Run check box to specify the alert schedule. 5. Click Reporting > Email Alerts. The Email Alerts page appears. 234 Administrator Guide. The Alerts: Edit Detail page appears. a notification e-mail is automatically sent to the specified recipient. Version 5. 2. The K1000 Management Appliance checks the computers listed in the inventory against the criteria in the E-mail Alert once in every hour until one or more computers meet the criteria. click Add New Item. In the Message Content field. select the recipient labels to send this message to. Click Save. The pending alert messages are displayed in the AMP Message Queue until they are pushed to the target machine. 3. or you can create a new message. 1. In the Keep Alive field. In the Title field. Administrator Guide. enter the e-mail address(es) of the message recipient. The Title will appear in the Subject field. click Add New Computer Notification. Click the Create Notification tab. Enter the search criteria. Version 5. In the Choose Action menu.Running the K1000 Appliance Reports 12 2. The Inventory > Computers tab appears with the Create Email Notification fields exposed. The recipient’s address can be a single e-mail address or a list of addresses separated by commas. The e-mail addresses must be fully qualified e-mail addresses. In the Recipient field. 6. 4.3 235 . enter a title for the alert. 5. 3. 12 Running the K1000 Appliance Reports 236 Administrator Guide.3 . Version 5. on page 249 Computers.13 Using Organizational Management The Organizational Management component allows you to create different organizations within your appliance that you administer separately. The system administrator creates these organizations and assigns them roles to limit access to specific tabs. You can assign roles within each organizations to limit user access to specific tabs. then the machine will go to the default organization. on page 245 Creating and editing Organizational Roles. on page 248 Creating and Editing Organizational Filters. Creating and editing Organizations You can create new organizations or edit the existing organizations from the Organizations page by going to the Organizations > Organizations tab. and then create the organizations. on page 237 Creating and editing Organizations. This feature is accessible to the system administrator through the System Administrative Console. • • • • • • • Overview of Organizational Management. on page 245 Organizational Filters. Create the roles.3 237 . on page 252 Overview of Organizational Management The K1000 Management Appliance organization feature enables you to group machines to allow for a high level of separation between logical areas of responsibility within a company. If a machine is not set in a filter. because you must specify the role while creating an organization. The administrators of each organization cannot view or perform activities on machines that belong to other organizations other than their own. on page 237 Organizational Roles. The default organization will allow the administrator to view or perform activities on machines in all organizations. Default Organization The default organization will have everything coming into the appliance. These groups are referred to as Organizations. Administrator Guide. Version 5. click Add New Item. In the Choose Action menu. Role Organization Filters Computer Count Database Name 238 Administrator Guide. Note: First.3 . 1. 3. Then. Enter the following information: Enter a name for the organization. This field retains the information you specified in the previous page. You can modify the description if required. (Read-only) Displays the number of computers checking in to the organization. This field retains the role you selected in the previous page. 4. You can modify the name if required. Select the appropriate role from the drop-down list. This field is mandatory. 2. Select the filter that will be used to direct a new machine that is checking into the appliance to the this organization. Click Save. Press CTRL and click to select more than one filter. Note: You must first create the role by going to Organizations > Roles. Note: Create the filter by going to Organizations > Filters. Select the appropriate role from the drop-down list. The K1000 Organization: Edit Detail page appears. Select Organizations. Enter the description for the organization.13 Using Organizational Management To create an organization To perform these steps. before you can select that specific role from this list. Name Description Role Enter Organization information as follows: Enter a name for the new organization. You can modify this selection if required. create the role by going to Organizations > Roles. you can select that specific filter from this list. Name Description Scroll down and click the Edit Mode link. 6. Enter a description for the new organization. This field retains the information you specified in the previous page. (Read-only) Displays the name of the database the organization is using. The K1000 Organizations page appears. The K1000 Organization: Edit Detail page appears with more content. Version 5. 5. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. before you can select that specific role from this list. the appliance will inventory nodes at every Run Interval. newly-installed agents may fail to connect to the appliance during the first-time setup due to problems with the default “KBOX” host name in DNS. Report User Password 7. select 1:00 am from the first dropdown list. The interval (in hours) during which the appliance will inventory the computers on your network. the Agent communicates with the appliance using http: over port 80. This option disallows the server to store the scripting result information that comes up from the agents. Agent “Run interval” Agent “Inventory Interval” Agent “Splash Page Text” 1 hours 0 The appliance is verifying your PC Configuration and managing software updates. The default setting is once every hour. The frequency with which the agent checks into the appliance. The message that appears to users when communicating with the appliance.. For example. Turning this off provides less information about each node but enables faster agent check-ins. The default interval is 15 minutes. 15 minutes Scripting Update Interval Agent Log Retention The frequency with which the agent downloads new script definitions.Using Organizational Management 13 Report User Displays the report user name used to generate all reports in the specific organization. Each time an agent connects. it resets its connect interval based on this setting. Assuming network connectivity is in place. if your machine does not show up in Inventory after installing the Agent. Field Communications Window Specify the agent settings for the organization: Suggested Setting 12:00 am to 12:00 am Notes The interval during which the agent is allowed to communicate with the appliance. If set to zero.. 8. to allow the Agent to connect between 1 AM and 6 AM only. By having a report user name. Click Save. which can impact performance.3 239 . Enter the report user password. and 6:00 am from the second drop-down list. but not give write access to anyone. By default. you can provide access to the organizational database (for additional reporting tools). The default is to store all the results. Please Wait. Administrator Guide. To troubleshoot nodes that fail to show up in Inventory You can perform troubleshooting tasks. Version 5. exe kagentd (OS X/ Unix) 6. 4. including: • • • • KBOXManagementService. you must install the agent specifying the SERVER property. Verify that you are able to ping the appliance. Verify that the KBOXManagementService.3 .168. To correct the server name for a node that is already installed.yaml 3.exe (Windows) or the kagentd (OS X/ Unix) processes are running.168. Verify that proxy is excluded for the local network or k1000_hostname.exe -server=myk1000 -display_mode=silent or c:\>KInstallerSetup. Verify that Internet Options are not set to use proxy.exe KUpdater.100 display_mode=silent Mac OS: /Library/KBOXAgent/Home/bin/setkbox myk1000 or /Library/KBOXAgent/Home/bin/setkbox 192.yaml Linux: /var/KACE/kagentd/kbot_config. For example: Windows: c:\>KInstallerSetup.13 Using Organizational Management 1. 240 Administrator Guide. edit the host= value in: Windows: c:\program files\KACE\KBOX\smmp. Version 5. 5.168.conf Mac OS: /var/kace/kagentd/kbot_config. If you set up the appliance in your DNS using a host name other than the default name “kbox” or if you need agents to reach the appliance by using the IP address rather than the DNS name.2.100 2.exe -server=192.100 Linux: /KACE/bin/setKBOX myk1000 or /KACE/bin/setKBOX 192.2.2. Verify that no firewall or anti-spyware software is blocking communication between the appliance and any of the agent components. The agent shows as perl in the OS X Activity Monitor.exe KBOXClient. and reach it through a Web browser at http://k1000_hostname. Edit the organization details as follows: Enter a name for the organization. To edit an organization To perform these steps. you can provide access to the organizational database (for additional reporting tools). Name Description Scroll down and click the Edit Mode link. Click the linked name of the organization. Select the appropriate role from the drop-down list. 1. 2. You can modify this selection if required. By having a report user name. Press CTRL and click to select more than one filter. Enter the report user password. Role Organization Filters Computer Count Database Name Report User Report User Password Administrator Guide. Displays the report user name used to generate all reports in the specific organization. The K1000 Organization : Edit Detail page appears. but not give write access to anyone. Then. Note: You must first create the role by going to Organizations > Roles. you are still unable to get the agent to connect to the appliance. Version 5. (Read-only) Displays the number of computers checking in to the organization. The K1000 Organizations page appears. You can modify the name if required. This field retains the information you specified in the previous page. 3.Using Organizational Management 13 If. This field retains the information you specified in the previous page. 4. Enter the description for the organization. Select Organizations.3 241 . contact KACE Support. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. This field retains the role you selected in the previous page. you can select that specific filter from this list. You can modify the description if required. Note: Create the filter by going to Organizations > Filters. (Read-only) Displays the name of the database the organization is using. Select the filter that will be used to direct a new machine that is checking into the appliance to the this organization. before you can select that specific role from this list. after verifying these items. Version 5. The default credentials admin/admin are automatically created when you create an organization. Scroll down and click Edit Mode. 2. 1.. If set to zero. the appliance will inventory nodes at every Run Interval.3 . The interval (in hours) during which the appliance will inventory the computers on your network.. Click Delete to delete the organization. The frequency with which the agent checks into the appliance. Select Organizations.13 Using Organizational Management 5. 15 minutes Scripting Update Interval Agent Log Retention The frequency with which the agent downloads new script definitions. Click the linked name of the organization. Each time an agent connects. 6. The K1000 Organization: Edit Detail page appears. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. This option disallows the server to store the scripting result information that comes up from the agents. The K1000 Organizations page appears. to allow the Agent to connect between 1 AM and 6 AM only. The message that appears to users when communicating with the appliance. which can impact performance. and 6:00 am from the second drop-down list. 242 Administrator Guide. Field Specify the agent settings for the organization: Suggested Setting 12:00 am to 12:00 am Notes The interval during which the agent is allowed to communicate with the appliance. 4. Please Wait. The default is to store all the results. select 1:00 am from the first dropdown list. Turning this off provides less information about each node but enables faster agent check-ins. To delete an organization To perform these steps. 3. it resets its connect interval based on this setting. The default interval is 15 minutes. Click Save. Communications Window Agent “Run interval” 1 hours Agent “Inventory Interval” Agent “Splash Page Text” 0 The appliance is verifying your PC Configuration and managing software updates. For example. The default setting is once every hour. To add a user To perform these steps. (Optional) Enter the user’s pager phone number. (Optional) Enter the financial department code. Click OK to confirm deleting the organization. Click Users. Version 5. 2. 5. User Name Full Name Email Domain Budget Code Location Work Phone Home Phone Mobile Phone Pager Phone Enter a user name for accessing the system administrator console.3 243 . be sure to specify the correct user permission level. Administrator Guide. Enter the necessary user details. (Optional) Enter the user’s mobile phone number. The K1000 System Admin Users page appears. To set up users for a specific organization. you can add users to access the System Administrator Console. Managing System Admin Console users When logged in as a system administrator. 3. log into that organization. (Optional) Enter the user’s work phone number. 4. (Optional) Enter the name of a site or building. Do not specify legal characters in any field. The K1000 Organizations page appears. 1. In the Choose Action menu.Using Organizational Management 13 A confirmation message appears. Select Organizations. Enter the user’s email address. The K1000 System Admin: Edit Detail page appears. When adding users. (Optional) Enter an active directory domain. 5. Select K1000 Settings > Control Panel. select Add New Item. Enter the user’s full name. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. (Optional) Enter the user’s home phone number. 3. 244 Administrator Guide. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. The K1000 Organizations page appears. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. Version 5.3 . Select Organizations. 5. You can also delete users from the K1000 System Admin: Edit Detail page. (Optional) Enter additional information in the custom fields as necessary. Click Save. Select Organizations. 6. The user will be created but cannot be activated without a valid password. In the Choose Action menu. 1. To change the password To perform these steps. Click K1000 Settings > Control Panel. The K1000 System Admin Users page appears. Click OK to confirm deleting the selected user. 1. 6. The K1000 Settings : Control Panel page appears. Re-enter the user’s password. 2. click Delete Selected Item(s). Specify the user’s logon permissions: • Admin—This user can log on to and access all features in the system administrator console. • ReadOnly Admin—This user can log on but cannot modify any settings in the system administrator console. Click the check boxes for the users you want to delete. Confirm Password Permissions To delete a user To perform these steps. 4. Null passwords are not valid for new users.13 Using Organizational Management Custom 1 Custom 2 Custom 3 Custom 4 Password Enter the password for the new user. Click Users. Click Save to save the changes. Hide — The tab will be hidden and the administrator or user will not be able to view that tab. The following are the permissions that can be applied for each tab. Click the user name whose password you want to change. 3. since it is mandatory to specify the role while creating an organization. This field is mandatory. The administrator or user will be not be able to edit the fields present on the page. This field is mandatory. You can restrict what tabs an organization is allowed to see when the administrator logs in to the Administrator Console and the user logs in to the User Portal. The administrator or user will be able to edit the fields present on the page. Read — The organization will have only read access for the tab. Administrator Guide. • • • Write — The organization will have write access for the tab. Re-enter the user’s password. Default role The default role has access to all tabs in the Administrator Console and the User Portal. Null passwords are not valid. 2. edit. Organizational Roles Roles are assigned to each organization to limit access to different tabs in the Administrator Console and the User Portal. or delete any item present in the list.Using Organizational Management 13 The K1000 Organizations page appears. The administrator or user will be able to edit the fields present on the page. 4. Password Confirm Password 6. The K1000 System Admin: Edit Detail page appears. Modify the password as follows: Enter the password for the user. 5. The K1000 System Admin Users page appears. Creating and editing Organizational Roles It is recommended that you first create the roles and then create the organizations. Click K1000 Settings > Control Panel. Click Users.3 245 . Version 5. The default role will have write access for all tabs. The administrator or user will be not be able to add. click the Custom option. Click Roles. 3.3 . To assign the same access level to all areas of a component. 4. click Add New Item. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 6. In the Permissions ADMIN Console. You can also click the Expand All link to expand all component sections. click the UserUI link to expand it. 246 Administrator Guide. select the appropriate permission from the dropdown menu next to the names of each tab. The Organizational Roles page appears. Select Organizations. Under Permissions USER Console. click one of the following: • • • All Write All Read All Hide 7. 8. 1. 9. Version 5. Enter the role information as follows: Enter a name for the new role. click one of the following: • • • All Write All Read All Hide 10. To assign the same access level to all areas of a the User Console. click a component link to expand it. To assign different permission levels to different areas of the component. 2. In the Choose Action menu. The Organizational Role : Edit Detail page appears. click the Custom option. If you clicked the Custom option. (Optional) Enter a description for the new role. Role Name Description 5. To assign different permission levels to different areas of the User Console.13 Using Organizational Management To create a role To perform these steps. This field is mandatory. The K1000 Organizations page appears. 3. select the Custom option to assign custom permissions to individual sub tabs. Click Roles.3 247 . select the Custom option to assign custom permissions to individual sub tabs. Edit the role details: Enter the name for the new organization. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. if you assign HIDE permission to all tabs other than Logs and Server Maintenance under K1000 Settings. Or. Click Save. If you select the Custom option. 4. Under each tab. Version 5. Click Save. the K1000 Settings tab gets hidden from the Administrator console. select the appropriate permission from the drop-down list next to each tab. (Optional) Enter the description for the new organization. 6. 10. click the UserUI link to expand it. Then after upgrading to 1200. Select Organizations. Name Description 5. click the individual tab link to expand it. To edit a role To perform these steps. The Organizational Roles page appears. If you assign HIDE permission to General Settings and User Authentication under K1000 Settings. Or. select All Write. Under each tab. 2. Under Permissions ADMIN Console. select the appropriate permission from the drop-down list next to each tab. the Control Panel tab is hidden. All Read. 11. If you select the Custom option. All Read. 7. 8. 9. or All Hide to assign the respective permission to all the sub tabs. For users upgrading from 1100 to 1200: When using 1100. Under Permissions USER Console. Or.Using Organizational Management 13 11. click the Expand All link to expand all the tabs. 1. The K1000 Organizations page appears. Administrator Guide. Click the linked name of the role. or All Hide to assign the respective permission to all the sub tabs. This field is mandatory. The Organizational Role: Edit Detail page appears. select All Write. The Organizational Role : Edit Detail page appears. An organization can be assigned more than one filter. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. Click OK. click Delete. Click Duplicate to duplicate the organization details. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. Enter the role information as follows: Enter a name for the role. Select Organizations. To delete a role. 2. From the Organizational Role: Edit detail page. The K1000 Organizations page appears. This is a mandatory field. Version 5. Organizational Filters Filters are used to direct a new machine checking into the appliance to the appropriate organization. Enter a description for the role. Click Save. Role Name Description 6. 1. The Organizational Roles page appears. 2. Click the role you want to duplicate. 5. 4. do one of the following: • • 4. Select Organizations. The page refreshes. To duplicate a role To perform these steps. The K1000 Organizations page appears. 3. 1.3 . The filters are executed 248 Administrator Guide.13 Using Organizational Management To delete a role To perform these steps. 3. and then select Delete Selected Item(s) from the Choose Action menu. The Associated Organizations table displays the list of organizations associated with this role. Click Roles. Select the check box beside the role. Click Roles. click Add New Data Filter.3 249 . LDAP Filter — The LDAP label allows the automatic organization of machines based on LDAP or Active Directory interaction.Using Organizational Management 13 according to the ordinal specified when the filters are created. Click Filters. it will be put into the default organization. and if any entries are returned. they are automatically organized. 2. To add a data filter To perform these steps. Enter the description for the filter. 1. If no filter matches the machine. If a machine is not set in a filter. In the Choose Action menu. Enabled Name Description Administrator Guide. If the LDAP server requires credentials for administrative login (that is. it will go to the default organization. The system administrator can then manually move that machine from the default organization to the appropriate organization. nonanonymous login). If no LDAP user name is given. the machine will be redirected to the correct organization. Enter the filter information as follows: Select to enable this filter. A machine can be directed to the appropriate organizations in the following ways: • • One or more filters will be executed against the machine that is checking in. The K1000 Organization Filter : Edit Detail page appears. Each LDAP filter may connect to a different LDAP/AD server Creating and Editing Organizational Filters You can create new filters or edit existing filters from the Organizational Filters page by going to Organizations > Filters. Version 5. 3. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. Whenever machines that check in meet the criteria. (You have to enable the filter to use it. Two types of filters exist: • • Data Filter — Allows the automatic organization of machines based on a search criteria. If one of the filters is successful. The K1000 Organizations page appears. The filter will be applied to the LDAP server. they will be directed to the specific organization. The K1000 Organization Filters page appears.) Enter a name for the filter. Select Organizations. 4. an anonymous bind is attempted. supply those credentials. ) Enter a name for the filter. 10. The K1000 Organization Filters page appears. Note: To connect through SSL. 8. For example. 4. click Add New LDAP Filter. 3. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. Click Filters. 1. 6. Select the condition from the drop-down list. The filter will be executed according to the evaluation order specified. In the Choose Action menu. Enter a description for the filter. Enter the Machine Filter Criteria. Server Hostname LDAP Port Number 250 Administrator Guide. For example.* You can add multiple criteria. Enabled Name Description Evaluation Order 5. Select Organizations. To add a LDAP filter To perform these steps. 2. Enter the attribute value in the provided field. Enter a number. The K1000 Organizations page appears. contains. Version 5. The filter will be executed according to the evaluation order specified. For example. (You have to enable the filter to use it.3 . use the IP or the Host Name. Enter the LDAP Machine Filter Criteria. to filter machines from the specified IP range and direct them to the organization. Click the Add Criteria link to add more criteria. Click Save. enter: XXX. Specify the IP or Host Name of the LDAP Server. 5.13 Using Organizational Management Evaluation Order Enter a number. Specify the LDAP Port number. IP Address. Select the Conjunction Operator (AND or OR) from the drop-down list to add more criteria.XX. For example: ldaps://HOSTNAME. For example: 389 or 636 (LDAPS). Select an attribute from the drop-down list. 11. Enter the Filter information as follows: Select to enable this filter. 7. 9. K1000 Organization LDAP Filter : Edit Detail page appears. 6. DC=kace. Click the linked name of the filter. Edit the machine filter criteria. XXX. machines from the specified IP range are filtered and directed to the organization to which this filter is applied. Edit the filter details: Select to enable this filter. Click Filters.DC=hq.CN=Users. To edit a filter To perform these steps. For example: LDAP Login: CN=Administrator. Enter the password for the LDAP login if required. Version 5.DC=kace.DC=com. Enter a number. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 3. The K1000 Organizations page appears. Search Filter LDAP Login Specify the Search Filter. Specify the attribute value in the provided field. Enabled Name Description Evaluation Order 5. For example: samaccountname=admin.DC=corp.) Enter a name for the filter. Select Organizations. For example: CN=Users. 8. Enter a description for the filter. The K1000 Organization Filters page appears. 7. The filter will be executed according to the evaluation order specified. Administrator Guide. For example: contains.DC=com LDAP Password 6.Using Organizational Management 13 Search Base DN Enter the Search Base DN. click Test LDAP Filter.DC=hq.DC=corp. 1. 2. Select an attribute from the drop-down list. 7.* In the above example. 4. The K1000 Organization Filter : Edit Detail page appears. Specify the LDAP login. Click Save. Select the condition from the drop-down list. (You have to enable the filter to use it.XX. To test your filter. For example: IP Address.3 251 . For example. Click the Add Criteria link to add more criteria. and then select Delete Selected Item(s) from the Choose Action menu. the Last Sync (when the computer last checked into the appliance).3 . 11. Select Organizations. Select the check box beside the filter. do one of the following: • • 4. To specify advanced search criteria To perform these steps. Computers The K1000 Computers page lists all the nodes that are checking into the appliance. 1. It displays details for each computer such as the Name. the Description. Click Save. Click Filters. click Test Filter. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. The advanced search allows you to specify values for each field present in the inventory record and search the entire inventory listing for that value. 2. Version 5. and the IP Address. To delete a filter To perform these steps. 9. you can search for these. The K1000 Organizations page appears. 252 Administrator Guide. The K1000 Organization Filters page appears. Select a conjunction operator (AND or OR) from the drop-down list to add more criteria. 3. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. try using an advanced search. Click OK. Advanced Search If you need more granularity than keyword searches provide. the Organization the computer is checking into.13 Using Organizational Management Note: You can add multiple criteria. To delete a filter. Click Delete. 12. To test your filter. 10. For example. if you need to know which computers have a particular version of BIOS installed to upgrade only those affected machines. You can edit the machine filter criteria.3 253 . on page 249. no existing computers match the machine filter criteria you set up—or the machine filter criteria is invalid. Version 5. The search results are displayed below. Go to Inventory > Computers. Select the Conjunction Operator from the drop-down list to add more criteria. You can refilter the computers displayed in the list. 5. which will recheck the computers against all filters. For example: XXX. Specify the attribute value in the provided field. 3. 2. For example. 7. For example: IP Address.XX. machines from the specified IP range are searched. Note: You can add more than one criteria. Click Search. Test and Organization Filter You can test an existing organization filter to check whether it is getting applied to the computers. for more information refer to Refiltering Computers. you can check if the filter created by you is applied correctly to the intended computers. For more information on how to edit a filter. Click Test. on page 253. 6. 4. In the Computers page. 2. on page 253. refilter the computers. You can refilter the computers displayed in the list. For more information. refer to Creating and Editing Organizational Filters. To test an organization filter 1. Select the condition from the drop-down list. 3. Select the appropriate filter from the drop-down list. Click Advanced Search. Click the Test Organization Filter tab. The test results will be displayed below. Refiltering Computers You can refilter the computers. For example: contains. The organizations column will display the new Administrator Guide. You first create the new filter by going to Organizations > Filters.Using Organizational Management 13 1. refer to Refiltering Computers. For example: AND.* In the above example. Select an attribute from the drop-down list. Note: If you do not see any computers listed in the test results. You can redirect that computer to organization B. 2.3 . To access computer details. 1. Go to Organizations > Computers. activities and assets. go to Organizations > Computers and click on a computer name in the list.13 Using Organizational Management organization name in red besides the old organization name. Version 5. Redirecting Computers You can redirect a computer to a different organization. Understanding Computer Details The Computer Detail page provides details about a computer’s inventory information. 254 Administrator Guide. click Refilter Selected Computers to recheck the computers against all filters. The K1000 Computers page appears. to redirect the computers to the appropriate organization. 3. The K1000 Computers page appears. Select the check boxes next to the computers that you want to redirect. To redirect computers To perform these steps. from the Choose Action menu. Select the appropriate organization name under Change Sync to Organization. it will check into organization B. a computer checks into organization A. 2. Select the check boxes next to the computers that you want to refilter. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. In the Choose Action menu. To refilter computers To perform these steps. Go to Organizations > Computers. 3. For example. against those computers on which the filter has been applied. The next time the computer checks in. 1. software. be sure to select System from the Organization drop-down list in the top-right hand corner of the page. Computer model. The fields that are displayed depend on the type of computer and its operating system. Number of disk drives. Name of most recent user. K1000 Agent version number. Configuration of drives installed on the computer. and amount of disk space used. Main and peripheral buses. Name of domain. Computer manufacturer. Item Summary Name Model Chassis Type IP Address MAC RAM Total Processors OS Name Service Pack Agent Version User Name AMP Connection Last Inventory Record Created Disk Inventory Information Hardware RAM Total Ram Used Manufacturer Model Domain Motherboard Processors CD/DVD Drives Sound Devices Video Controllers Total amount of RAM. Type of operating system. Amount of Random-access memory. To expand the sections. CPU count. such as desktop or laptop. such as Windows. Service Pack version number (Windows only). type. Time that the inventory record was created.3 255 . Number of CPUs and type.Using Organizational Management 13 The following table describes each of the detail areas on this page. Macintosh. type and size of the file system. or Linux. Type of computer. Description Administrator Guide. Time of last connection to the K1000 Agent. and manufacturer. Version 5. Time of latest inventory. IP address of the computer. select Expand All. Installed audio devices. Installed video controllers Name of the computer. Media Access Control address number. How much RAM is used. Computer model. (Some computers might have multiple users). Version number of the operating system. Version 5. BIOS Description. Time of the last connection to the K1000 Agent.13 Using Organizational Management Item Monitor BIOS Name BIOS Version BIOS Manufacturer BIOS Description BIOS Serial Number Disk Printers Network Interfaces K1000 Agent Agent Version AMP Version AMP Connected KACE ID Database ID Last Inventory Last Sync Last Agent Update User User Logged User Name User Domain Operating System Name Version Build Number Architecture Installed Date Last System Reboot Last System ShutDown Uptime Since Last Reboot Agent Version. BIOS Manufacturer. Time of latest inventory. The domain that the user belongs to. Build number of the operating system. The user currently logged into the computer. Time the computer last checked in to the appliance. IP Address. Last time the operating system was turned off. such as PPC or x64. Date of operating system installation. BIOS version. Last time the operating system was rebooted. How long the operating system has been up. Description Type and manufacturer of the monitor. 256 Administrator Guide. BIOS version. Database ID. Number of disk drives. KACE ID. Build of the operating system. and whether DHCP is enabled or disabled. Operating system architecture. Time when the Agent was updated.3 . The printers that the computer is configured to use. Version of Agent Messaging Protocol. MAC address. BIOS serial number. type and size of file system. Name of the operating system. User name. and amount of disk space used. Type of network interface. Lists any failed managed installs. or service. Labels are used to organize and categorize inventory and assets. process. List of startup programs. List of managed installations that will be sent to the computer the next time it connects with the appliance. along with the field name and value. You use Virtual Kontainers to create virtual versions of supported applications. Lists any Custom Inventory fields created for this machine. List of running processes. Results of FDCC/SCAP Configuration Scans run on this computer. Lists the files that have been uploaded to the K1000 Management Appliance from this computer using the “upload a file” script action. Lists any Service Desk Tickets assigned or submitted by any user of the computer. You can enter any additional information in this field. List any Virtual Kontainers on the computer. Lists any threats that are harmful to any software.Using Organizational Management 13 Item System Directory Registry Size Registry Max Size Notes Software Installed Programs Custom Inventory Fields. Version 5. and deploy and run them on the nodes you administer.3 257 . Installed Patches via Inventory Running Processes Startup Programs Services Activities Labels Failed Managed Installs To Install List Service Desk Tickets Security Patching Detect/Deploy Status Threat Level 5 List OVAL Vulnerabilities FDCC/SCAP Configuration Scans Logs Administrator Guide. Size of the registry. Installed Microsoft Patches. Virtual Application Kontainers Uploaded Files Description Location of the system directory. Managed installations allow deploying software that require installation files. Maximum size of the registry. List of the software and versions installed on the computer. The labels assigned to this computer. List of services. Results of OVAL Vulnerability tests run on this computer. startup item. Lists the patches detected and deployed on the computer. Lists when the record was created and last modified. A question mark indicates that its status is unknown. Details about User Portal packages installed on this machine. the asset type. and the name of the asset. such as computer. 258 Administrator Guide.13 Using Organizational Management Item K1000 Agent Logs Portal Install Logs Scripting Logs Asset Asset Information Related Assets Asset History Description Contains the logs for the K1000 Agent application. Version 5. Lists the changes done to the asset of the computer along with the date and time when each change was done.3 . Lists any related assets. Configuration Policy scripts that have been run on this computer. along with the available status of any scripts in progress. on page 260.A Administering Mac OS Nodes This appendix lists Dell KACE K1000 Management Appliance information and behaviors that are specific to Apple® Mac OS nodes. For more information on how to use the Advanced Search tab. • • • Mac OS Inventory. or software deployments on your Mac OS nodes. You can select the Create Notification tab to set up searches for Mac OS nodes with specific criteria and sends the administrator an email when it finds them. you can create a label called “San Francisco Office” and create a filter based on the IP range or subnet for machines in San Francisco. identify the nodes using attributes such as OS Name. For more information on how to create notifications. on page 91. See the Chapter 5: Managing Software and Hardware Inventories. starting on page 66. You can also create a label to group all your Mac OS nodes. see Searching for Computers by Creating Computer Notifications.3 259 . see Chapter 4: System requirements for Agents. on page 54. For the supported versions of the Mac OS operating system. and then notify an administrator who can take appropriate action. Version 5. For example. Whenever machines check in that meet the criteria you have set up. you could specify the search criteria to look for a value of 5 MB or smaller in the Disk Free field. Distributing Software to Mac OS Nodes. starting on page 83. reports. on page 259. Once grouped by label. You search for Macintosh nodes using Inventory > Computer > Advanced Search. on page 86. on page 263. In the Advanced Search tab. if you wanted to know when computers had a critically low amount of disk space left. Patching Mac OS Nodes. Inventory filtering provides a way to dynamically apply a label based on search criteria. For example. for details. Administrator Guide. It is often helpful to define filters by inventory attribute. For more information on labeling. see Using Advanced Search for Software Inventory. they would receive the San Francisco label. you can more easily manage software. refer to Managing Labels. This is particularly useful if your network includes laptops that often travel to remote locations. Mac OS Inventory Your K1000 Management Appliance manages Mac OS X nodes the same manner it manages Windows nodes. Go to Distribution > Managed Installations. and tar. From the Managed Installations page you can: • • • • • Create or delete managed installations Execute or disable managed installations Specify a Managed Action Apply or remove a label Search managed installations by keyword Examples of Common Deployments on Mac OS® On the Apple Mac OS X platform. and Web browsers cannot handle uploading entire directories.dmg. Dell recommends that you install the software on a test machine. . and files to your nodes.gz. The Managed Software Installation: Edit Detail Page appears. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. the appliance creates an inventory item and a managed installation package for the software. .A Administering Mac OS Nodes Distributing Software to Mac OS Nodes The K1000 Management Appliance Distribution component provides various methods for deploying software. there is a universal installer with the usual . Version 5. since they consist of low-level directories. You can even archive installers along with plain applications. These packages must be archived as well. This section provides examples for each type of deployment.pkg. .tgz. 1.app. the appliance mounts and unmounts it quietly. You cannot upload a .zip. Select Add New Item in the Choose Action menu. just like the installer packages. These are the . .app packages you might normally drag to your Applications folder. To create a managed installation for Mac OS nodes To perform these steps. Managed installations deploy software to the nodes on your network that require an installation file to run.pkg file extension.pkg file directly. If you package the file as a disk image. updates. The Managed Installations page appears. 2. You do not require an installer to install plain packages from the K1000 Management Appliance. You can create a managed installation package by going to Distribution > Managed Installation. The supported package deployments are . you must have already uploaded the file to the appliance prior to creating the Managed Installation package. For each of these examples. 260 Administrator Guide. The K1000 Management Appliance runs installers first and then copies applications into the Applications folder. Once the agent connects to the appliance. as these files consist of low-level directories.3 . If your package requires additional options. The files are extracted into a directory in /tmp. if this is all you want to execute. Version 5. the appliance searches for all plain applications (. Enter additional information in this field. On Mac OS.app) on the top level of the archive and copies them to the Applications folder using the following command: ditto -rscs Application.pkg -target / [Run Parameters] If you have selected a . You can specify wildcards in the filenames you use. the contents are unpacked and the system searches the root directory for all . You do not need to specify an installation command The server executes the installation command by itself. the agent attempts to run the command.app /Applications/Application.pkg files and executes on all of these files in alphabetical order. you do not need to include any other files in your archive other than your script. it is run. Otherwise. This will not download the actual digital asset. if any. Run Parameters Installation Command Un-Install using Full Command Line Run Command Only Notes Administrator Guide. and that becomes the current working directory of the command. Next. If you have specified an archive file.tgz/tar. you can specify the appropriate script invocation as the Full Command Line.pkg -target / [Run Parameters] or ditto -rsrc packagename.app To execute a script or change any of the these command lines. you can replace it completely by selecting the Configure Manually option and specifying the complete command line.pkg file using the following command: installer -pkg packagename. 4. Select the software from the Software drop-down list. by default. this command runs against all of the .app files it can find.gz file.Administering Mac OS Nodes A 3. Select this check box to run the command line only. Select this check box to uninstall software. By default. Enclose the filename in single or double quotation marks if it contains spaces. If the Installation Command field above is filled in.pkg files. which is generally expected to remove the package. The installation command runs against each of these . The Mac OS node tries to install this using: installer -pkg packagename. you can enter the following installation details: You cannot apply “Run Parameters” to the above-mentioned commands.zip/.app /Applications/theapp If you do not want to use the default command at all.pkg files or . the agent attempts to install the .3 261 . Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines Deploy Order Max Attempts Deployment Window(24H clock) 6. This option is not available for Mac OS nodes. Enter the time (using a 24-hour clock) to deploy the package. The lowest deploy number is installed first. and filter the list by entering filter options. override and/or interact with the deployment window of a specific package. Version 5. If you specify 0. Specify the deployment details: Select this check box to deploy to all the machines. You can add more than one machine.A Administering Mac OS Nodes Managed Action Select the most appropriate time for this package to be deployed. under Organizations > Organizations for this specific organization. select a machine to add to the list. 5. Enter the maximum number of attempts. Custom Pre-Install Message Custom Post-Install Message Delete Downloaded Files Select this check box to delete the package files after installation. Select one or more labels to limit deployment only to machines grouped by these label(s) You can limit deployment to one or more machines. Also. the run intervals defined in the System Console.3 . This option is not available for Mac OS nodes. to indicate the number of times the appliance tries to install the package. the appliance enforces the installation forever. From the dropdown list. 262 Administrator Guide. Execute anytime (next available) and Disabled are the only options available for Macintosh platform. Allow Snooze Set user interaction details: This option is not available for Mac OS nodes. between 0 and 99. Deployment Window times affect the Managed Action options. the K1000 Management Appliance does not fetch software from the alternate download location. Or use the Smart Label feature to automatically search the patch list using predefined search criteria. For more information on how to create or edit labels. starting on page 125. Click Save. on page 57. • Alternate Download User—Enter a user name with the necessary privileges to access the Alternate Download Location. see the Patching Strategies document. For details on all patching features.Administering Mac OS Nodes A Use Alternate Download Select this check box to specify details for alternate download. refer to To add or edit a new label. you need to select the appropriate operating system from the Macintosh Platform list in the Patch Subscription Settings page. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. When you select this check box. Note: If the target node is part of a replication label. Use the Patch Listing > View by Operating System listing or Advanced Search feature to find Mac OS patches.3 263 . on page 129. For more information about managed installations. Specify an alternate download location only for a specific managed installation. refer to Chapter 8: Distributing Software from Your K1000 Management Appliance. For more information about distribution. • Alternate Download Password—Enter the password for the user name specified above. To allow the appliance to download Apple Security updates for Macintosh. You can select more than one Macintosh operating system. Administrator Guide. refer to Managed Installations. For more information. Patching Mac OS Nodes Patching enables you to quickly and easily deploy patches to your network. 7. since that label will not be specific to any managed installation. on page 128. you cannot specify an alternate checksum for matching the checksum on the remote file share. refer to Distributing Packages from an Alternate Location. • Alternate Checksum—Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). However. the following fields appear: • Alternate Download Location—Enter the location from where the Agent can retrieve digital installation files. Version 5. 3 .A Administering Mac OS Nodes 264 Administrator Guide. Version 5. On Remediation Success. Steps for Windows Systems The following table shows the steps that are available in Tasks for Windows systems. and On Remediation drop-down lists. These steps are available from the Verify. Delete "%{key}!%{name}" from the registry. Create a message window named "%{name}" with title "%{title}". see Chapter 9: Using the Scripting Features. • Adding Steps to Task Sections. OS. X Description V X X X X X X X OS R X X X X X X ORS ORF X X X X X X X X Administrator Guide. Step Always fail Call a custom DLL function Create a custom DLL object Create a message window Delete a registry key Delete a registry value Destroy a message window Call function "%{procName}" from "%{path}\%{file}". Create object "%{className}" from "%{path}\%{file}". Remediation. Destroy the message window named "%{name}". On Success. The other column headings V. Version 5. For details on scripting. R. starting on page 161. message "%{message}" and timeout "%{timeout}" seconds. and ORF indicate whether a particular step is available in the corresponding Task sections. Adding Steps to Task Sections Refer to the following table when adding steps to a Policy or Job task.3 265 .B Adding Steps to a Script The steps documented here are available on the Scripting component. Delete "%{key}" from the registry. ORS. Kill the process "%{name}". Verify that the directory "%{path}" exists. see Adding Software to Inventory. Log “%{key}!%{name}”.3 . on page 92. X Set a registry key Set a registry value Start a service Stop a service Unzip a file Update message window text Update policy and job schedule Upload a file Verify a directory exists Verify a file exists Verify a file version is exactly X X X X X X X X X X X X X X X X X X X X 266 Administrator Guide. You create the batch file by pasting the script in the space provided. Set "%{key}!%{name}" to "%{newValue}". Note: In this step. Restart service “%{name}” Run the batch file "%{_fake_name}" with params "%{parms}". you do not need to upload the batch file. Update policy and job schedule from the appliance. Restart service “%{name}”. Log “%{attrib}” from “%{path}\%{file}”. Version 5. Launch "%{path}\%{program}" with params "%{parms}". For more information. Note: This step requires you to choose from a list of software packages already uploaded using the functionality in the Inventory/ Software tab. V OS X R X ORS ORF Kill a process Launch a program Log a registry value Log file information Log message Restart a service Run a batch file X X X X X X X X X X X X X X X X X X X Search file system Search for "%{name}" in "%{startingDirectory}" on "%{drives}" and "%{action}". Verify that the file "%{path}\%{file}" exists. Set "%{key}". Log “%{message}” to “%{type}”. Set the text in the message window named "%{name}" to "%{text}".B Adding Steps to a Script Step Install a software package Description Install "%{name}" with arguments "%{install_cmd}". Stop service “%{name}” Unzip "%{path}\%{file}" to "%{target}". Verify that the file "%{path}\%{file}" has version "%{expectedValue}". Upload "%{path}\%{file}" to the server. Verify that the product "%{path}\%{file}" has version greater than "%{expectedValue}". V X X OS R ORS ORF X X X X X X X X Verify a process is not Verify the process "%{name}" is not running. Verify that the file "%{path}\%{file}" has version greater than or equal to "%{expectedValue}”. Verify that "%{key}" does not exist. Verify that the product "%{path}\%{file}" has version less than "%{expectedValue}". Verify a product version is not Verify a registry key does not exist Verify a registry key exists Verify a registry key’s subkey count is exactly Verify that the product "%{path}\%{file}" does not have version "%{expectedValue}". Verify that the file "%{path}\%{file}" was modified since "%{expectedValue}". X X X Verify a product Verify that the product "%{path}\%{file}" has version is less than or version less than or equal to equal to "%{expectedValue}”.Adding Steps to a Script B Step Verify a file version is greater than Verify a file version is greater than or equal to Verify a file version is less than Verify a file version is less than or equal to Verify a file version is not Verify a file was modified since Description Verify that the file "%{path}\%{file}" has version greater than "%{expectedValue}". X X X X Administrator Guide. Verify that the file "%{path}\%{file}" has version less than or equal to "%{expectedValue}. Verify that the product "%{path}\%{file}" has version greater than or equal to "%{expectedValue}”. Verify that "%{key}" exists. Verify that the product "%{path}\%{file}" has version "%{expectedValue}".3 267 . Version 5. running Verify a process is running Verify a product version is exactly Verify a product version is greater than Verify a product version is greater than or equal to Verify a product version is less than Verify the process "%{name}" is running. Verify that the file "%{path}\%{file}" does not have version "%{expectedValue}". Verify that the file "%{path}\%{file}" has version less than "%{expectedValue}". Verify that "%{key}" has exactly "%{expectedValue}" subkeys. Verify that "%{key}" has greater than or equal to "%{expectedValue}" subkeys.B Adding Steps to a Script Step Verify a registry key’s subkey count is greater than Verify a registry key’s subkey count is greater than or equal to Verify a registry key’s subkey count is less than Verify a registry key’s subkey count is less than or equal to Verify a registry key’s subkey count is not Verify a registry key’s value count is exactly Verify a registry key’s value count is greater than Verify a registry key’s value count is greater than or equal to Verify a registry key’s value count is less than Verify a registry key’s value count is less than or equal to Verify a registry key’s value count is not Verify a registry pattern doesn’t match Verify a registry pattern match Description Verify that "%{key}" has greater than "%{expectedValue}" subkeys. X X X X X X X X X X X Verify a registry value Verify that "%{key}!%{name}" does not exist. exists X X 268 Administrator Guide. V X OS R ORS ORF X Verify that "%{key}" has less than "%{expectedValue}" subkeys. Verify that "%{key}" has less than "%{expectedValue}" values. Verify that "%{key}" has exactly "%{expectedValue}" values. Verify that "%{key}!%{name}=%{expectedValue}" doesn't match. Verify that "%{key}!%{name}=%{expectedValue}" matches.3 . Verify that "%{key}" has greater than "%{expectedValue}" values. Verify that "%{key}" has greater than or equal to "%{expectedValue}" values. Verify that "%{key}" has less than or equal to "%{expectedValue}" values. Verify that "%{key}" does not have exactly "%{expectedValue}" subkeys. Verify that "%{key}" does not have exactly "%{expectedValue}" values. Version 5. Verify that "%{key}" has less than or equal to "%{expectedValue}" subkeys. does not exist Verify a registry value Verify that "%{key}!%{name}" exists. to Verify a registry value Verify that "%{key}!%{name}" is not equal to is not "%{expectedValue}". Launch "%{path}\%{program}" with params "%{parms}". Description V X X X OS R X X X X ORS ORF X X X X X X X X X X X X X X X Administrator Guide. Destroy the message window named "%{name}". Kill the process "%{name}". Verify a service exists Verify the service "%{name}" exists. Verify a registry value Verify that "%{key}!%{name}" is less than or is less than or equal equal to "%{expectedValue}". Verify a registry value Verify that "%{key}!%{name}" is greater than is greater than or or equal to "%{expectedValue}" . Verify a service is running Verify the service "%{name}" is running.3 269 . X Create a message window named "%{name}" with title "%{title}". X X X X X Steps for Mac OS X Systems The following table shows the steps that are available in Tasks for Mac OS X systems.Adding Steps to a Script B Step Description V X X X OS R ORS ORF Verify a registry value Verify that "%{key}!%{name}" is equal to is exactly "%{expectedValue}". Step Always fail Create a message window Destroy a message window Kill a process Launch a program Log a plist value Log an environment variable Log file attribute Log filenames matching regex Log message Log “%{message}” to “%{type}”. equal to Verify a registry value Verify that "%{key}!%{name}" is less than is less than "%{expectedValue}". Version 5. Verify a registry value Verify that "%{key}!%{name}" is greater than is greater than "%{expectedValue}". message "%{message}" and timeout "%{timeout}" seconds. 270 Administrator Guide. Set the text in the message window named "%{name}" to "%{text}". Verify that the file "%{path}\%{file}" was modified since "%{expectedValue}". Unzip "%{path}\%{file}" to "%{target}". Upload "%{path}\%{file}" to the server.B Adding Steps to a Script Step Search file system Description Search for "%{name}" in "%{startingDirectory}" on "%{drives}" and "%{action}". Update policy and job schedule from the appliance. V X OS R ORS ORF Unzip a file Update message window text Update policy and job schedule Upload a file Verify a directory exists Verify a file exists Verify a file was modified since X X X X X X X X X X X X X X X X Verify a process is not Verify the process "%{name}" is not running. Verify that the file "%{path}\%{file}" exists. Version 5. Verify that the directory "%{path}" exists.3 . running Verify a process is running Verify a plist value equals Verify a plist value exists Verify a plist value greater than Verify a plist value less than Verify an environment variable equals Verify an environment variable exists Verify an environment variable greater than Verify an environment variable less than Verify at least one file matching regex exists Verify the process "%{name}" is running. Update policy and job schedule from the appliance. Version 5.Adding Steps to a Script B Step Verify count of filenames matching regex is greater than Verify count of filenames matching regex is less than Verify count of filenames matching regex Verify file info equals Verify file info greater than Verify file info less than Description V OS R ORS ORF Steps for Red Hat Enterprise Linux Systems The following table shows the steps that are available in Tasks for RHEL (Red Hat Enterprise Linux) systems. Unzip "%{path}\%{file}" to "%{target}". X X X Kill the process "%{name}". Upload "%{path}\%{file}" to the server. Description V X X X X X OS R X X X X X X X ORS ORF Unzip a file Update policy and job schedule Upload a file Verify a directory exists X X X X X X X Administrator Guide. Launch "%{path}\%{program}" with params "%{parms}". Verify that the directory "%{path}" exists. Step Always fail Kill a process Launch a program Log an environment variable Log file attribute info Log filenames matching regex Log message Search file system Log “%{message}” to “%{type}”. Search for "%{name}" in "%{startingDirectory}" on "%{drives}" and "%{action}".3 271 . V X X X X OS R ORS ORF Verify a process is not Verify the process "%{name}" is not running. 272 Administrator Guide. Version 5. running Verify a process is running Verify an environment variable equals Verify an environment variable exists Verify an environment variable greater than Verify an environment variable less than Verify at least one file matching regex exists Verify count of filenames matching regex is greater than Verify count of filenames matching regex is less than Verify count of filenames matching regex Verify file info equals Verify file info greater than Verify file info less than Verify the process "%{name}" is running.3 . Verify that the file "%{path}\%{file}" was modified since "%{expectedValue}".B Adding Steps to a Script Step Verify a file exists Verify a file was modified since Description Verify that the file "%{path}\%{file}" exists. Custom Inventory rules allow you to automatically detect software and other items on a node. scripts. Scripting. Creating a Custom Inventory rule You add Custom Inventory rules to the Custom Inventory field of the Inventory > Software > Custom_Item: Details page. the item does not appear as an Installed Program. When a rule returns true. and include additional details in Reports. There are two types of rules: • • Conditional rules that test whether or not a condition exists on the node. Administrator Guide. the agent reports the item as an Installed Program. either with incorrect or incomplete “Display Version” information. system properties. and the output of commands. Version 5. environment variables.C Writing Custom Inventory Rules This chapter describes how to inventory items that are not appearing in Software list by default. files. reports based on the presence of a Software Item or value that is not reported by the agent. Different versions of the same software have the same entry in Add/Remove Programs. Use the Custom Inventory rules if: • • • The software or item you want to inventory is not listed in Add/Remove Programs. Understanding Custom Inventory Rules Custom Inventory rules test or get the value of registry keys and entries. To write deployment rules. when the rule returns false. Distribution and Managed Installations.3 273 . Value Return rules that get data from the node and if the value exists the agent reports the item as an Installed Program and sets a corresponding Custom Inventory field. Capturing this information allows you to manage your custom Software items with Smart Labels. scripts. program. After the agent reports the results. Therefore. starting on page 93 for details. once the agent checks in. Version 5. 274 Administrator Guide. In the session the agent executes the rule and reports the finding back to the appliance.C Writing Custom Inventory Rules See Chapter 5: To add software to Inventory manually. add a Custom Inventory rule. The agent runs all rules as well as any other processes scheduled for that session. How Custom Inventory Rules are implemented You create a custom Software Item. the node’s Inventory > Computer Details page shows the results under Software in Installed Programs and/or Custom Inventory field. it could take several minutes to run all the rules and other processes before the agent reports the results. and save the item. The agent receives the new rule during the first checkin after you created it.3 . argument.Writing Custom Inventory Rules C The Installed Program and Custom Inventory Field name.. enclose the arguments with a closing parentheses.. Administrator Guide. The Software Items with Value Return rules that set a Custom Inventory Field also appear as Installed Programs. Version 5. Commas are not allowed anywhere else in the string. The check in time is shown in the Last Inventory field of the Inventory > Computers Detail page. For example BIOSDATE. If the results you expect don’t appear. is the custom Software Item’s Display name (Title): BIOSDATE. verify that the node recently checked in. on page 287 Function syntax Enter the functionName followed by an opening parentheses.3 275 . on page 276 Getting values from a node (Custom Inventory Field). No spaces are allowed between the name of the function and the opening parentheses.. on page 283 Matching file names with Regular Expressions.) For specific information on functions and their arguments see: • • • Checking for conditions (Conditional rules). Understanding rule syntax Conditional and Value Return rules use the following syntax: functionName(argument. Argument syntax Enter argument syntax for all rules except command and regex (regular expression) as follows: • • Separate arguments by commas. You can also display a list of nodes that have the item installed from the Inventory > Software > Custom_item: Details page.C Writing Custom Inventory Rules • • Do not include single or double quotes.IE. For example. White space is trimmed from the front and back of each argument. 276 Administrator Guide. When using a conditional rule. 6.000) Checking for conditions (Conditional rules) This section explains how to write Custom Inventory rules that identify whether or not (true/ false) a Software Item is installed. The following sections describe the rules that test for conditions: • • • • • Conditional rule reference Verifying if a Condition exists (Exists rules) Evaluating node settings (Equals rules) Comparing node values (Greater and Less Than rules) Testing for multiple conditions When the rule returns false. A1 IE custom inventory 7 . if the rule returns true the Display name (Title) of the custom Software Item displays in the node’s inventory list under Installed Programs (Inventory > Details > Software > Installed Programs). The following screen shows a node with a custom Software Item. the following syntaxes are the same: RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector. the Software Item does not appear in Installed Programs in the node’s inventory list.3 . Version 5.6. IE.000) RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector. installed. Verifies that the Version > File Version property of the file specified in the path matches the NUMBER value you entered. value) FileInfoLessThan(fullpath.Writing Custom Inventory Rules C Conditional rule reference The following table provides a list of all available conditional rules with links to specific details on how to specify the arguments: Syntax Windows OS Mac OS X Linux Description DirectoryExists(path) FileExists(path) X X X X X X Checks for a directory at the specified path on the node. version) X Verifies that the Version > File Version property of the file you specified is higher than the NUMBER value you entered.3 277 . Checks for a file at the specified path on the node. Verifies that the Version > Product Version property of the executable or installation file you specified is lower than the NUMBER value you entered. Verifies that the Version > File Version property of the file you specified as the path is lower than the NUMBER value you entered. Verifies that the File Info property of the executable or installation file you specified is lower than the value you entered. Include the name of the file and extension in the path. version) X FileInfoGreaterThan(fullpath. FileVersionEquals(path. type. attribute. type. X X Verifies that the File Info property of the executable or installation file you specified is higher than the value you entered. value) X X X X Administrator Guide. version) X ProductVersionGreaterThan(path. version) X FileVersionLessThan(path. version) FileVersionGreaterThan(path. attribute. Version 5. Verifies that the Version > Product Version property of the executable or installation file you specified matches the NUMBER value you entered. Verifies that the Version > Product Version property of the executable or installation file you specified is higher than the NUMBER value you entered. X ProductVersionLessThan(path. version) ProductVersionEquals(path. All three types are valid. EnvironmentVariableLessThan(var. type. and NUMBER. valueName. Only DATE (in the full format mm/dd/ yyyy hh:mm:ss) and NUMBER are valid types. value) EnvironmentVariableExists(var) EnvironmentVariableGreaterThan(var . Only DATE (in the full format mm/dd/ yyyy hh:mm:ss) and NUMBER are valid types. value) RegistryValueGreaterThan(registryP ath. Verifies that the environment variable definition exactly matches the value you specify. value) X X 278 Administrator Guide. value) RegistryValueLessThan(registryPath . DATE (in the full format mm/dd/yyyy hh:mm:ss).C Writing Custom Inventory Rules Syntax Windows OS Mac OS X Linux Description FileInfoEquals(fullpath. type. X X X X X X X X Verifies that an environment variable with the name you specify exists. Value is compared as TEXT. Verifies that the environment variable definition is higher than the value you specify. Verifies that a named value exists in a PLIST file. valueName. Version 5. Verifies that the named value is a DATE (in the full format mm/dd/yyyy hh:mm:ss) or NUMBER higher than the value you specified. Value is a NUMBER. entry. type. TEXT. Verifies that a registry key exists. Verifies that the registry entry is lower than the value you specify. valueName. Verifies that a registry entry exactly matches the value you specify.3 . type. Value is a NUMBER. EnvironmentVariableEquals(var. value) X X X Verifies that the attribute of the executable or installation file you specified matches the value you entered. value) X X PlistValueExists(fullpath. value) RegistryKeyExists(registryPath) RegistryValueEquals(registryPath. entry) PlistValueGreaterThan(fullpath. Verifies that the registry entry is higher than the value you specify. attribute. value) X X Verifies that the environment variable definition is lower than the value you specify. type. type. directory. Version 5.Writing Custom Inventory Rules C Syntax Windows OS Mac OS X Linux Description PlistValueLessThan(fullpath. registry key. value) X Verifies that the named value is a DATE (in the full format mm/dd/yyyy hh:mm:ss) or NUMBER lower than the value you specified. type. entry) FilenamesMatchingRegexExist(fullpath. or other item. the rule returns true. If the agent locates the item on the node. Use any of the following Exists rules: • • • • • • DirectoryExists(path) FileExists(path) RegistryKeyExists(registryPath) EnvironmentVariableExists(var) PlistValueExists(fullpath. You can specify a colon separated list of entries to match the value. and the item appears as an Installed Program. Arrays and other valid PLIST datatypes are not supported. entry. or NUMBER that exactly matches the value you specified. value) X Verifying if a Condition exists (Exists rules) Rules whose name ends with Exists check for the presence of a file. Verifies that the named value is a TEXT.regex) Example—Check for a directory (folder) The following example tests to see if the Windows directory exists on the node: DirectoryExists(C:\WINDOWS\) Example—Check for a file The following example verifies that the Notepad executable file exists on the node: Administrator Guide. PlistValueEquals(fullpath.3 279 . entry. DATE (in the full format mm/dd/yyyy hh:mm:ss). entry. Version 5.0_02) Example—Testing McAfee Registry Entry setting To check the setting use the same format as the date in the entry: RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\McAfee\AVEngine. attribute. value) EnvironmentVariableEquals(var. type. type.3 . even if you specify the character in the argument. For example version is a NUMBER and therefore cannot match a value that includes an alpha or special character.C Writing Custom Inventory Rules FileExists(C:\WINDOWS\notepad.218 returns false.0.2180. 1. value) FilenamesMatchingRegexEqual(fullpath.value) Example—Testing JAVA_HOME setting To verify that the JAVA_HOME setting is C:\Program Files\Java\jdk1. type.0. value) PlistValueEquals(fullpath. Specifying the version as 6. the value argument for RegistryValueEquals compares the values as TEXT. C:\Program Files\Java\jdk1.0_02: EnvironmentVariableEquals(JAVA_HOME.regex. so a whole number such as 1 does not match a value of 1.exe) Evaluating node settings (Equals rules) Rules whose name ends with Equals compare the value set on the node to the value you specify in the rule.0. valueName. version) FileInfoEquals(fullpath.0. Use any of the following Equals rules: • • • • • • • FileVersionEquals(path. value) RegistryValueEquals(registryPath. it matches 1 only.2900. and so forth. TEXT. Likewise. Rules that use arguments with set datatypes can only compare values of the same type.0. version) ProductVersionEquals(path. AVDatDate.6. 2010/03/01) Example—Testing Internet Explorer version To verify that the Internet Explorer is version 6.2900.6. 280 Administrator Guide. The rules return true if the values exactly match. 2900. value) and PlistValueLessThan(fullpath. version) and ProductVersionLessThan(path.0 To verify that the product version is higher than 6.2180) Example—Detecting Windows XP Service Pack 2 Windows XP Service Pack 2 appears in Add/Remove programs for machines that were originally on SP1 then upgraded to SP2 only. value) EnvironmentVariableGreaterThan(var.0: Administrator Guide.value) and FilenamesMatchingRegexLessThan(fullpath. entry. valueName. entry. version) ProductVersionGreaterThan(path.regex. Therefore. When using the appliance to deploy Windows XP Service Pack 2 create the following Custom Inventory rule for a custom Software Item: RegistryValueEquals(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT \CurrentVersion. as well as machines originally imaged with SP2). value) and RegistryValueLessThan(registryPath. The default Software inventory for this item does not reflect machines that are already on SP2 because they were originally imaged at the SP2 level. type. such as versions that contain a letter (1.CSDVersion.regex. 6. attribute. type.value) Example—Testing if the Product Version is higher than 6. valueName. Comparing node values (Greater and Less Than rules) Functions whose names end with GreaterThan and LessThan compare NUMBER (integer) values only.Writing Custom Inventory Rules C FileVersionEquals(C:\Program Files\Internet Explorer\iexplore. type. Use any of the following Greater Than and Less Than rules: • • • • • • • FileVersionGreaterThan(path. value) PlistValueGreaterThan(fullpath. value) and FileInfoLessThan(fullpath. value) and EnvironmentVariableLessThan(var. Version 5. do not compare correctly with this function.exe.2. type. value) FilenamesMatchingRegexGreaterThan(fullpath.Service Pack 2) You can then exclude nodes with this item installed to prevent the appliance from trying to deploy the SP2 to nodes that are already at that level (that is.3B). SP1 machines that have been upgraded. value) RegistryValueGreaterThan(registryPath. version) and FileVersionLessThan(path.3 281 . type. version) FileInfoGreaterThan(fullpath. a value that contains an alpha or special character.0. type. attribute. 3 . Joining conditional rules produces the following results: • • AND operator: All the rules must return true in order for the results to return true and report the Software Item as an Installed Program.exe.exe. 8.C Writing Custom Inventory Rules ProductVersionGreaterThan(C:\Program Files\Internet Explorer\iexplorer.exe.0) AND ProductVersionLessThan(C:\Program Files\Internet Explorer\iexplorer. 6.0) To verify that the production version is 6 (that is equal to 6.0) or higher.) AND Function(arguments) AND .. enter the following: ProductVersionEquals(C:\Program Files\Internet Explorer\iexplorer. In the Custom Inventory field.0) OR ProductVersionGreaterThan(C:\Program Files\Internet Explorer\iexplorer. Using both AND and OR operators in the same Custom Inventory rule is not supported. Version 5.0) Example—Testing for a Product Version range To test if the product version is within a range. 6. 6.exe.. 6.. Set up separate Software Items.0) Testing for multiple conditions You can join rules using AND and OR operators to test for multiple conditions. Checking for multiple true conditions (AND) Use the AND operator to join conditional rules in the Custom Inventory field when you want the item to be reported as an Installed Program only if all the rules are true. combine less than and greater than rules: ProductVersionGreaterThan(C:\Program Files\Internet Explorer\iexplorer.. Example—Checking for a Registry Key and comparing values To check for a registry key and a registry entry value on a Windows system use AND to combine the rules as shown below: 282 Administrator Guide.exe. join rules using the following syntax: Function(arguments. OR operator: Only one rule must return true for the Software Item to be reported as an Installed Program. Separate the conditional statements from the operator with spaces. This section covers the following topics: Administrator Guide. Version 5. Getting values from a node (Custom Inventory Field) The rules that end with ValueReturn allow you t gather information from the node. value) OR RegistryValueEquals(registryPath. Separate the function statements and operator using a space. and Smart Label search criteria. value) To specify a range it use RegistryValueGreaterThan and RegistryValueLessThan rules joined by the AND operator.Writing Custom Inventory Rules C RegistryKeyExists(registryPath) AND RegistryValueEquals(registryPath. Use the Custom Inventory Field values to manage installs and distribute software as well as in reports. or any other process that can be performed with a automatically detected setting. go to Inventory > Details > Software > Custom Inventory Fields..3 283 .. the software appears in the Installed Program list of the node. value) Checking for one true condition (OR) When you join rules using the OR operator. In the Custom Inventory field. Use these rules to get information that the agent normally does not. Example—Checking for either Registry value To check that a registry entry is one value or another: RegistryValueEquals(registryPath. valueName. valueName. The returned values are set with the custom Software Item Display name (Title) in the node’ inventory. valueName. join the rules using the following syntax: Function(arguments) OR Function(arguments) OR . To display the list. if any of the rules in the Custom Inventory field are true. View by filtering. NUMBER. and sets the datatype to NUMBER. and sets the datatype to the one you specified. Returns the value of a file attribute.C Writing Custom Inventory Rules • • • • • Value Return rule reference Getting Registry key values Getting command output Getting PLIST values Getting multiple values Value Return rule reference The following table shows all available value return rules that you can use to set a Custom Inventory Field. and sets the datatype to DATE. Version 5. type) X X Returns the value of a registry entry. and sets the datatype to the one your specified. valueName. and sets the datatype to TEXT. X type) EnvironmentVariableReturn(var. Returns the output of the command. Returns the value of an environment variable. Example—Getting Windows Internet Explorer Product Version The following example sets the Custom Inventory Field for the Internet Explorer Product Version as a NUMBER. Returns the output of the command. enter the following: 284 Administrator Guide. Returns the output of the command. or DATE. attribute. type) X X X ShellCommandTextReturn(command) ShellCommandDateReturn(command) ShellCommandNumberReturn(command) PlistValueReturn(fullpath. entry. type) X X X X X X X X X X Getting File Information values You can set the Custom Inventory Field to any of the Windows File Information attributes using the FileInfoReturn rule.3 . see valid types in Specifying a file attribute. FileInfoReturn(path. Returns the value of the PLIST key. In the Custom Inventory field. and sets the datatype to TEXT. Syntax Windows OS Mac OS X Linux Description RegistryValueReturn(registryPath. on page 290. specify the TEXT as the type. For example. Getting Registry key values Set the Custom Inventory Field to a registry key using the RegistryValueReturn rule.exe. but not Cygwin-style UNIX commands unless Cygwin is installed and available in the default path for all users. Use any of the following rules to set the output of the command to a Custom Inventory Field: • • • ShellCommandTextReturn(command) ShellCommandDateReturn(command) ShellCommandNumberReturn(command) Administrator Guide. The command depends on the command interpreter and executable path on the node. ProductId.3 285 . TEXT limits the operators you can use in queries in other features. TEXT) Getting command output Command rules allow you to set the output of a command to a Custom Inventory Field. Example—Getting the Internet Explorer ProductID key To set the ProductID registry key as a Custom Inventory Field. Where the registryPath (on left) is the path to the entry.ProductVersion.NUMBER) However.Writing Custom Inventory Rules C FileInfoReturn(C:\Program Files\Internet Explorer\iexplore. on Windows systems you can write MS-DOS commands. RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration. the valueName (on right) is the key you want to return. Version 5. such as Smart Label Search Criteria. if the value contained a special or alpha character. AppleLocale. 286 Administrator Guide. ValueReturn rules joined by the: • • AND operator: All the values are reported in the Custom Inventory Field.3 . filters. The joined values are all set in the same Custom Inventory Field separated by the operator and therefore are technically considered for the purposes of Search Criteria.plist. reports.C Writing Custom Inventory Rules Example—Getting uptime on a Mac OS X To set the uptime as a Custom Inventory Field: ShellCommandTextReturn(/usr/bin/uptime averages://' | awk '{print $1}') | sed -e 's/. Getting PLIST values PlistValueReturn rules allow you to set a Property List (PList) key as a Custom Inventory Field. The rule shows the software item as an Installed Program.*load The Uptime Return custom Software Item displays in the Custom Inventory Field. enter the following rule to get computer locale and then create corresponding Smart Label that is applied to the machine based on the language code reported by the agent in the Custom Inventory Field: PlistValueReturn(~/Library/Preferences/GlobalPreferences. if any of the values are not empty. Version 5. and other appliance processes as TEXT. TEXT) Getting multiple values Join ValueReturn rules using either the AND or OR operator. Example—Getting the system locale To distribute software using Managed Installations based on the native language. OR operator: All values are reported in the Custom Inventory Field. Example Expression abc Matches Myabc.jpg File.. The K1000 agent only provides functions that compare file names using regular expressions.aspx. enter: .txt abcFile.jpg File.. .) AND Function(arguments) AND .doc Myabc.doc Myabc. Dot matches any single character. Do not join AND and OR operators in the same rule.doc Myabc. For example.abc From File. Separate the conditional statements from the operator with spaces.jpg \ Backslash escapes a special character. Regular expressions match a character or the specified string to the file names in the directory you specified.txt abcFile.xls MyFile. Administrator Guide. to match all text files.xls MyFile. When entered alone it matches all files.txt abcFile.*\.txt$ \. The following table provides an overview of basic regular expression syntax you can use to match file names: Character (any string) Description Entering non-special characters only matches any file name that contains the string. For more information on writing regular expressions go to: http://msdn. join rules using the following syntax: Function(arguments.abc Example.txt abcFile.jpg File.txt abcFile. Understanding Regular Expressions The purpose of this section is to provide a high-level introduction to regular expressions.abc Example..Writing Custom Inventory Rules C In the Custom Inventory field.abc Example.xls MyFile. Matching file names with Regular Expressions This section describes the Regular Expression rules that match file names in Conditional and Value Return rules using a regular expression.microsoft.doc Myabc. Version 5.com/en-us/library/az24scfc.jpg .txt abcFile. suppressing the special regular expression quantifier meaning..xls MyFile. File.xls MyFile.abc Example.doc Myabc.xls MyFile.abc Example.3 287 . txt3 () appconf.log10 a.log appconf.bat kinstaller.log appconf.3 .txt app.log12 mylog.exe kinstaller.log12 mylog.log10?$ a.bat $ ? \.log12 [] [123] Brackets enclose a character class and matches any character within the brackets.log10 a.log appconf.exe runkbot.log app. Dollar (and \Z or \z) matches the characters your specify to the end of the file name.bat MyStartupBat.log10 a.C Writing Custom Inventory Rules Character ^ Description Caret (and \A) matches the characters you specify to the start of the file name.exe From install. Pipe separates a list of options to match.log12 a.log10 app. \. Version 5.log appconf. Question mark makes the preceding character optional in matches.doc MyStartup.log11 afile.log11 afile.log11 afile.log11 afile.txt3 * Asterisk matches the preceding character zero or more times.log10 a.bat | run|installer kinstaller.txt3 app.log11 afile. Parentheses enclosing characters creates a back reference and matches the preceding characters and/or the enclosed characters.txt3 app.log1*$ app.exe install.log11 + Plus matches the preceding character one or more times.txt app. Example Expression ^k Matches kinstaller. ap+.log appconf.log appconf.(log) [123]$ appconf.bat bat$ MyStartup.log12 mylog.exe runkbot.*\. ap?+\.log10 a.log10 a.exe runkbot.log12 mylog.log11 afile.log12 a. Note that character class special character rules differ from normal regular expressions.log11 mylog.log2 mylog.log11 288 Administrator Guide.log12 mylog.log appconf. Getting values from a node (Custom Inventory Field). Sets the Custom Inventory Field to the matching file names (includes path).log12 From app.regex. And the file name is specified as a separate argument using a regular expression. X value) FilenamesMatchingRegexReturn(fullpath. (log)[123]$ Matches appconf.rege x. True if the number of files that match is the same as the value. and Matching file names with Regular Expressions for more details on the specific rules they can be used in.re X gex.txt3 Regular Expression Rule Reference The syntax of a regular expression rule varies slightly from the other File rules. The following table provides a list of rules that allow you to use regular expressions.value) FilenamesMatchingRegexEqual(fullpath. on page 276. where n is greater than or equal to 1. True if the number of files that match is less than the value. Administrator Guide.log appconf.log12 mylog.{3}?+\. Where the fullpath argument is a string that matches the absolute path to the file location. but does not include name of the file.log11 afile. For rule syntax see the tables in Checking for conditions (Conditional rules).regex) X X X Returns true if any files in the specified directory match the file name you entered using a regular expression. Version 5.value) X X X X X X X X X FilenamesMatchingRegexLessThan(fullpath.3 289 .regex. Syntax Windows OS Mac OS X Linux Description FilenamesMatchingRegexExist(fullpath.Writing Custom Inventory Rules C Character {n} Description Curly brackets repeats the preceding character the number of specified times. Example Expression a. FilenamesMatchingRegexGreaterThan(fullpat h. True if the number of files that match is more than the value.log10 a.type) X Defining rule arguments This section provides details on defining the arguments in a rule. 8. a file or folder property.00) Specifying environment or user variables var is a string that matches the actual name of the environment variable on the system. C:\Program Files) Specifying a file attribute attribute is a system property. to test that the Program Files directory variable is correctly set: EnvironmentVariableEquals(ProgramFiles.3 . and FileInfoEquals functions to test a file property on Windows in the following syntax: 290 Administrator Guide. for example: HKEY_LOCAL_MACHINE/software/kace Specifying a version version is an integer (datatype is NUMBER) that the agent compares to the version of the item being tested on the node.exe. Finding a registry key and entry registryPath is a string that specifies the absolute path in the registry to a registry key.99) AND FileVersionLessThan(C:\Program Files\Adobe\Acrobat\7. Using Windows file attributes You can use the FileInfoGreaterThan. the FileVersionGreaterThan test returns ‘true’ if the value you specify is higher than the version number of the file or folder and otherwise returns ‘false’.exe The agent locates the directory or file and performs the specific test. For example. For example. The appliance provides operating system dependent argument types. To test a range.exe. FileInfoLessThan. TEXT.0\Acrobat\Acrobat. 6.0\Acrobat\Acrobat. or an agent assigned property on the node. Version 5.C Writing Custom Inventory Rules Finding a path or file path and fullpath are a string that specifies the absolute path to a directory or file on the node. join a Less Than and Greater Than rule as follows: FileVersionGreaterThan(C:\Program Files\Adobe\Acrobat\7. for example: C:\Program Files\Mozilla Firefox\firefox. 3=Build. Returns True (1) if the file contains debugging information or was compiled with debugging enabled. and FileVersionLessThan TEXT Internal name of the file. otherwise returns False (0). otherwise returns False (0). Returns True (1) if the provider marked the file as modified and it is not identical to the original shipped version. NUMBER/ Second position of the File Version. FileVersionGreatThan. NUMBER/ Third position of the File Version.2. TEXT TEXT Current name of the file. attribute. InternalName IsDebug TEXT/ NUMBER TEXT/ NUMBER IsPatched IsPreRelease TEXT/ NUMBER Administrator Guide.Writing Custom Inventory Rules C FunctionName(fullpath. for example in version 1. Returns True (1) if the provider marked the file as a development version. without an extension. otherwise returns False (0). it is equal to the original filename. NUMBER/ First position of the File Version. 2=Minor. such as the module name. not a commercially released product. Version 5.3.2. 4=Private. If the file has no internal name. 1=Major.2. for example TEXT in version 1. NUMBER/ Complete File Version shown on the file TEXT properties Details tab. Also see FileVersionEquals.3. value) You can specify any type but the datatype indicated in the table below shows the Windows supported type: AccessedDate Comments CompanyName CreatedDate FileBuildPart FileDescription FileMajorPart FileMinorPart FileName FilePrivatePart FileVersion DATE TEXT TEXT DATE Last date and time the file was accessed. Also see FileExists.3.3.4. Name of the company that produced the file. TEXT File Description of the Windows file properties Details tab. When the file was created. Fourth position of the File Version.3 291 .2. Additional information provided for diagnostic purposes. type. for TEXT example in version 1. for example TEXT in version 1. if one exists. for example in version 1. NUMBER/ Second position of the Product Version. for TEXT example in version 1. 4=Private. displays corresponding name on the File Properties Details tab. Fourth position of the Product Version. Provides the full name of the file when it was put or installed on the node.C Writing Custom Inventory Rules IsPrivateBuild TEXT/ NUMBER Returns True (1) if the provider marked the file as not built using standard release procedures. ProductPrivatePart NUMBER ProductVersion NUMBER/ The full production version. Number of hard links to the file. TEXT Also see ProductVersionEquals. Copyright notices that apply to the file. Trademarks and registered trademarks that apply to the file. for TEXT example in version 1. When True. Version 5. 3=Build. IsSpecialBuild TEXT/ NUMBER Language LegalCopyright LegalTrademarks ModifiedDate OriginalFilename PrivateBuild ProductBuildPart ProductMajorPart ProductMinorPart ProductName TEXT TEXT TEXT DATE TEXT TEXT NUMBER/ Third position of the Product Version. NUMBER/ First position of the Product Version.3. file also has a SpecialBuild string.2. 2=Minor. When True. otherwise returns False (0).3. file also has a PrivateBuild string. Information about the version of the file. 292 Administrator Guide.3. inode number. otherwise returns False (0).2.3. for TEXT example in version 1. TEXT Additional information about the build. SpecialBuild Testing for Linux and Mac file attributes On Linux and Mac nodes you can use the following arguments to test file attributes: device_number inode number_links owner ID of device (disk) containing the file. Language code.3 .4. Last day and time the file was modified.2. User name of the person who owns the file. Returns True (1) if the provider marked the file as built by the original company using standard release procedures but is a variation of the standard file of the same version number. ProductVersionGreaterThan. TEXT String that matches the Product Name of the Windows property.2. 1=Major. and ProductVersionLessThan. In the entry argument. Specifying a PLIST key (Mac only) entry is either NUMBER. The number of blocks used by the file. The value you specify must match the type. Time stamp of the last time the user or system accessed the file.Writing Custom Inventory Rules C group size access_time modification_time creation_time block_size blocks Group name of the file owner. you can specify a colon separated list of keys to match. Time is required. or DATE and matches a key in a PLIST file on a Mac OS X computer. NUMBER an integer. Specifying the name of a registry entry (Windows only) valueName is a string that matches the name of the registry entry you want to test. on page 287 for more details. In ValueReturn rules. Specifying the datatype type identifies the type of data you are testing or returning. Only valid for exactly matching in conditional rules such as Equals.3 293 . sets the Custom Inventory Field type to string and therefore limits search criteria and filtering to matching operators. Used only in registry tests for Windows systems. Last time a change that was mode to the file was saved. Using a regular expression regex is a regular expressions that matches a file name in a Conditional or Value Return rule. Administrator Guide. When the file was created. File size. on page 293. Valid in all conditional rules. The agent supports the following types: • • • TEXT a string. Specifying values to test value typically follows type except in a rule where the datatype is known. for example in a comparison such as greater than you must at least specify the time as 00:00:00. Version 5. TEXT. allows you to specify a whole number for comparison. for more information see Specifying the datatype. DATE must be in the format of MM/dd/yyyy HH:mm:ss for example 09/28/2006 05:03:51. See Matching file names with Regular Expressions. The block size of the file. such as in a version rule. However white space after the opening parentheses and immediately before the closing one is stripped from the command. Version 5. The guidelines for writing rule arguments do not apply to command. 294 Administrator Guide.C Writing Custom Inventory Rules Defining commands The shell command functions allow you to specify the command you want to run on the computer.3 . Table ADVISORY ADVISORY_LABEL_JT ASSET ASSET_ASSOCIATION ASSET_DATA_1 ASSET_DATA_2 ASSET_DATA_3 ASSET_DATA_4 ASSET_DATA_5 ASSET_DATA_6 ASSET_DATA_7 ASSET_FIELD_DEFINITION ASSET_FILTER ASSET_HIERARCHY ASSET_HISTORY ASSET_TYPE AUTHENTICATION CLIENTDIST_LABEL_JT CLIENT_DISTRIBUTION Component Service Desk Service Desk Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Appliance Administration Appliance Administration Appliance Administration Administrator Guide. see Chapter 12: Running the K1000 Appliance Reports. For more information. K1000 Management Appliance Database Tables Refer to the following table when creating custom reports. Version 5.D Database Tables This appendix contains a list of the table names used in the Dell KACE K1000 Management Appliance database. on page 295. starting on page 221. • K1000 Management Appliance Database Tables.3 295 . Version 5.D Database Tables Table CUSTOM_FIELD_DEFINITION CUSTOM_VIEW DELL_INVENTORY DELL_INVENTORY_APPLICATION _DEVICE_JT DELL_INVENTORY_DEVICE_JT DELL_INVENTORY_LOG DELL_MACHINE_PKG_UPDATE_S TATUS DELL_MACHINE_STATUS DELL_PKG_LABEL_JT DELL_PKG_STATUS DELL_PKG_UPDATE_HISTORY DELL_SCHEDULE DELL_SCHEDULE_LABEL_JT DELL_SCHEDULE_OS_JT DELL_SCHEDULE_UPDATE_LABE L_JT FILTER FS FS_LABEL_JT FS_MACHINE_JT GLOBAL_OPTIONS HD_ATTACHMENT HD_CATEGORY HD_EMAIL_EVENT HD_FIELD HD_IMPACT HD_MAILTEMPLATE HD_PRIORITY HD_QUEUE HD_QUEUE_APPROVER_LABEL_J T HD_QUEUE_OWNER_LABEL_JT Component Custom Fields Custom Fields Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Labeling File Synchronization File Synchronization File Synchronization Appliance Administration Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk 296 Administrator Guide.3 . Database Tables D Table HD_QUEUE_SUBMITTER_LABEL_ JT HD_SERVICE HD_SERVICE_TICKET HD_SERVICE_USER_LABEL_JT HD_STATUS HD_TICKET HD_TICKET_CHANGE HD_TICKET_CHANGE_FIELD HD_TICKET_FILTER HD_TICKET_RELATED HD_TICKET_RULE HD_WORK IM_CRON IPHONE_PROFILE IPHONE_PROFILE_LABEL_JT KBOT KBOT_CRON_SCHEDULE KBOT_DEPENDENCY KBOT_EVENT_SCHEDULE KBOT_FORM KBOT_FORM_DATA KBOT_LABEL_JT KBOT_LOG KBOT_LOG_DETAIL KBOT_LOG_LATEST KBOT_OS_FAMILY_JT KBOT_OS_JT KBOT_RUN KBOT_RUN_MACHINE KBOT_RUN_TOKEN KBOT_SHELL_SCRIPT KBOT_UPLOAD KBOT_VERIFY Component Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Appliance Administration iPhone iPhone Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Administrator Guide.3 297 . Version 5. D Database Tables Table KBOT_VERIFY_STEPS LABEL LABEL_LABEL_JT LDAP_FILTER LDAP_IMPORT_USER MACHINE MACHINE_CUSTOM_INVENTORY MACHINE_DAILY_UPTIME MACHINE_DISKS MACHINE_LABEL_JT MACHINE_NICS MACHINE_NTSERVICE_JT MACHINE_PROCESS_JT MACHINE_REPLITEM MACHINE_SOFTWARE_JT MESSAGE MESSAGE_LABEL_JT METER METER_COUNTER MI MI_ATTEMPT MI_LABEL_JT MSP_MI_TEMPLATE NODE NODE_LABEL_JT NODE_PORTS NODE_SNMP_IF NODE_SNMP_SYSTEM NOTIFICATION NTSERVICE NTSERVICE_LABEL_JT OBJECT_HISTORY Component Scripting Labeling Labeling Labeling User Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Alerts Alerts Software Metering Software Metering Managed Installs Managed Installs Managed Installs Patching Network Scan Network Scan Network Scan Network Scan Network Scan Alerts Inventory Inventory Appliance Administration MACHINE_STARTUPPROGRAM_JT Inventory 298 Administrator Guide.3 . Version 5. 3 299 .Database Tables D Table OPERATING_SYSTEMS OVAL_STATUS PATCHLINK_MACHINE_STATUS PATCHLINK_PATCH_LABEL_JT PATCHLINK_PATCH_STATUS PATCHLINK_SCHEDULE PATCHLINK_SCHEDULE_DEPLOY _LABEL_JT PATCHLINK_SCHEDULE_DETECT _LABEL_JT PATCHLINK_SCHEDULE_LABEL_ JT PATCHLINK_SCHEDULE_OS_JT PATCHLINK_SCHEDULE_ROLLBA CK_LABEL_JT PATCH_FILTER PORTAL PORTAL_LABEL_JT PROCESS PROCESS_LABEL_JT PROVISION_CONFIG PROVISION_NODE REPLICATION_LANGUAGE REPLICATION_PLATFORM REPLICATION_SCHEDULE REPLICATION_SHARE REPORT REPORT_FIELD REPORT_FIELD_GROUP REPORT_JOIN REPORT_OBJECT REPORT_SCHEDULE SAVED_SEARCH SCAN_FILTER SCAN_SETTINGS Component Inventory OVAL Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Labeling Service Desk Service Desk Inventory Inventory Appliance Administration Appliance Administration Replication Replication Replication Replication Reporting Reporting Reporting Reporting Reporting Reporting Appliance Administration Labeling Network Scan Administrator Guide. Version 5. Version 5.3 .D Database Tables Table SETTINGS SOFTWARE SOFTWARE_LABEL_JT SOFTWARE_OS_JT STARTUPPROGRAM STARTUPPROGRAM_LABEL_JT THROTTLE USER USERIMPORT_SCHEDULE USER_HISTORY USER_KEYS USER_LABEL_JT USER_ROLE USER_ROLE_PERMISSION_VALU E Component Appliance Administration Inventory Inventory Inventory Inventory Inventory Appliance Administration Service Desk Service Desk Service Desk Service Desk Service Desk Appliance Administration Appliance Administration 300 Administrator Guide. and Red Hat Linux in the following directory: \\k1000_hostname\client\agent_provisioning File share must be enabled to access the installers. Link to the appliance.3 301 . Administrator Guide. you can send an email to your users that contains one of the following: • • • Install file. Other Web location to retrieve the required installation file. Version 5. Overview of manual deployment Manually deploying or upgrading the Agent is useful when you have problems with provisioning or want to use other means. Using this method. Macintosh. simply post the appropriate file in an accessible directory and create a logon script for the Agents to retrieve it. and Group Policy/Active Directory: • Email To deploy Agents through email. install the Agent as described in this chapter for your platform. Updating the Agent Manually updating the Agent depends on which version of the K1000 Agent that is installed on the target computer: • For 5.1 or later.E Manually Deploying Agents This appendix explains how to manually deploy the Dell KACE K1000 Management Appliance Agent on nodes using a command-line or terminal. See Enabling file sharing on page 67. If you use logon scripts. scripting. such as email. • Logon Scripts Logon scripts provide a great mechanism to deploy the Agent when you log onto a computer. You can find the installers for Windows. your users can click a link and install the Agent. 3. Resources for troubleshooting If you have one or more computers that don’t install or show up in Inventory: • • Go to Dell KACE Support. Version 5.msi file to your local computer. The Agent executable files are installed in: • • • • Windows XP or earlier: C:\Program Files\Dell\KACE\ Window Vista and Windows 7: C:\Program Files (x86)\Dell\KACE\ The Agent configuration files. on page 309. on page 304 Windows debugging.3 . logs. on page 307 Mac OS X: Macintosh Debugging. Go to the shared directory of the appliance server: \\k1000_hostname\client\agent_provisioning\windows_platform 2. Windows platforms: • • Windows security issues. you must first uninstall the Agent on each target computer. and a Knowledge Base that can help you with this issue and many other issues. on page 304 • • • Linux (Red Hat): • Linux Debugging.0 or earlier. Be sure to enter the name of your K1000 server. Manually installing the Agent on Windows You can install the Agent on Windows using the Install Wizard or command lines.E Manually Deploying Agents • For 5. 302 Administrator Guide.3. See the documentation included with your version of the K1000 Management Appliance. Double-click the file to start the installation and follow the instructions in the install wizard. and other data are stored in: Window Vista and Windows 7: C:\ProgramData\Dell\KACE Windows XP or earlier: C:\Documents and Settings\All Users\Dell\KACE To manually install the Agent on Windows using the Install wizard 1. Copy the ampagent-5. articles.buildnumber-x86. Support contains whitepapers. 12345-x86 /qn Example: msiexec /qn /i ampagent-5.3.kace.) Example: msiexec /qn /i ampagent-5. you can force a check in using the following command line: runkbot 4 0 To manually install the Agent on Windows using command lines The options listed in Table E-1 on page 303 provide several different ways for installing the Agents on Windows Platforms.) Example: msiexec /qn /i ampagent-5. This method provides the following parameters: Table E-1: Command line parameters for the Agent Description Windows Installer Tool Install flag Uninstall flag Silent install Log verbose output Auto set host name msiexec or msiexec. For example: • • • In a batch file.3.32941-x86.3 303 .com.3.12345-x86 /L*v log.msi_hostname. Although the Agent automatically checks in.txt rename agent_installer. such as the value of the host.12345-x86 /x Example: msiexec /x ampagent-5. Version 5. Change name of the installer. which runs the installer (msiexec) and sets various parameters. which automatically sets the server name during the install.kace.msi HOST=k1000.msi PROPERTY=value (Must use ALL CAPS.msi (Renames the install file to the name of the server name. Set an environment variable for the server name and then run the installer. which automatically sets the host name.exe /i Example: msiexec /i ampagent-5.3. as part of a logon script.com Parameter Set properties Administrator Guide.32941x86_k1000.3.Manually Deploying Agents E The node information appears in the appliance Inventory within a few minutes. Add the following line to the amp.exe firewall set service type=REMOTEADMIN mode=ENABLE scope=ALL • • • Windows debugging 1. use that. Windows security issues Windows security may prevent the initial provisioning from the K1000. If KACE_SERVER is set.3 . Otherwise. 2. If smmp. To allow provisioning.conf has a server. use the following command lines to open up the firewall and configure settings. If amp. If the installer contains the name of host. the agent will NOT connect to the server.) Example: set KACE_SERVER=kbox msiexec /i ampagent-5.conf has a server.1). Do not set to kbox. Version 5. (Windows Vista and Windows 7 require Run as administrator privileges. Do not leave empty.) Stop the Agent: net stop ampagent 3.12345-x86 The ordering of setting the host is as follows: 1.E Manually Deploying Agents Table E-1: Command line parameters for the Agent Description Set server name Parameter set KACE_SERVER=k1000name (Must be followed by an msiexec call to install. 4. Open a command window. use that.conf file: debug=true This file is located in: Window Vista and Windows 7: C:\ProgramData\Dell\KACE 304 Administrator Guide. 2.exe firewall set service type=FILEANDPRINT mode=ENABLE scope=ALL netsh. use that. 3. • • reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v ForceGuest /t REG_DWORD /d 0 /f reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system / v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v FdenyTSConnections /t REG_DWORD /d 0 /f netsh. use that (when updating from 5.2. you can force a check in outside of the normal schedule by going to C:\Program Files\Dell\KACE\ or C:\Program Files (x86)\Dell\KACE\ and entering: runkbot 4 0 Installing and Configuring the Agent on Linux This section provides information for installing and configuring the Agent on Linux. If the installer contains the name of host. use that. use that. 3. Administrator Guide. 1.rpm The ordering of setting the host is as follows: 1. 2. If KACE_SERVER is set. At the command prompt. logs.i386.2. You can set the name by adding the following command to the root directory: export KACE_SERVER=k1000name The export call must precede the call to the installer. Open a terminal from Applications > System Tools. and other data is stored. Version 5. use that. To force the Agent to check in. For example: export KACE_SERVER=k1000name rpm -ivh k1000agent-12345. /var/dell/kace/ where the Agent configuration.Manually Deploying Agents E Windows XP or earlier: C:\Documents and Settings\All Users\Dell\KACE 4. The Agent normally checks in using the “Run Interval” schedule specified in the K1000 Agent Settings page.conf has a server. enter: sudo /opt/dell/kace/bin/runkbot 2 0 To install from startup or login You can install the Agent for any user starting or logging in to a Linux system.i386. However. To install the Agent You must have the K1000 Agent installation file on your computer. If amp.3 305 . set the name of the server and install the Agent: sudo KACE_SERVER=k1000name rpm -ivh ampagent-5. /opt/dell/kace/bin/ where the Agent executable files are installed.35800-1.rpm The Agent is installed in the following directories: • • 3. 2. Start the Agent: net start ampagent The output is recorded in various K1000 Agent logs. At the command line prompt. Otherwise.d/AMPctl start • To stop the Agent. Perform the following: • To start the Agent.E Manually Deploying Agents 4. Open a terminal from Applications > System Tools. 2. At the command line prompt. Open a terminal from Applications > System Tools. Open a terminal from Applications > System Tools. 1. If smmp. To check that the Agent is running 1. Do not set to kbox. enter: sudo rpm -e ampagent 3. 2.d/init. enter: sudo /etc/rc. 2. To upgrade the Agent You must have the K1000 Agent installation file on your computer.d/AMPctl stop To manually remove the Agent 1. the agent will NOT connect to the server.3 . Do not leave empty. Open a terminal from Applications > System Tools.d/init. use that (when updating from 5. Version 5. enter: rpm -uvh k1000agent-linux_buildnumber.conf has a server. enter: sudo /etc/rc. 2. enter: ps aux | grep AMPAgent This output indicates that the process is running: 306 Administrator Guide.rpm To start and stop the Agent 1. At the command line prompt. (Optional) Remove the kace directory: rm -rf /var/dell/kace/ Other Agent operations This section describes the various tasks you can perform to manage the Agent using a terminal.1). Manually Deploying Agents E root 6100 0. 2. To save the inventory results to a file. Start the Agent: sudo /etc/rc.d/AMPctl start The output is recorded in various K1000 Agent Logs. Version 5.3 307 . Linux Debugging 1. To manually run an inventory: sudo ./runkbot 2 0 4. enter: sudo /opt/dell/kace/bin/inventory > `hostname`./inventory 5. 2.conf debug=true eof 4. Go to the following folder: /opt/dell/kace/bin/ 3. Set debug to true in the amp. Stop the Agent: sudo /etc/rc.9 3110640 20384 ? opt/dell/kace/bin/AMPAgent --daemon Ssl Mar03 0:00 / To check the version of the Agent 1. Open a terminal from Applications > System Tools. enter: rpm -q ampagent The version number is reported.conf file in /var/dell/kace/data: cat<<eof/var/dell/kace/data/amp. The Agent normally checks in using the “Run Interval” schedule specified in K1000 Agent Settings page.d/init. To run an Inventory check 1. you can force a check in outside the normal schedule by going to /Library/Application Support/Dell/ KACE/bin/ and running: runkbot 2 0 Administrator Guide.txt This command saves the inventory results to a file that is based on the name of your computer. Open a terminal from Applications > System Tools. To run an inventory and send to the K1000: sudo . 2.d/init. At the command line prompt. However.d/AMPctl stop 3. Open a terminal from Applications > System Tools.0 3. Proceed with su or sudo as required. Be sure to enter the name of your K1000 server. Go to the following folder: cd Library/Application Support/Dell/KACE/bin 3. 2./AMPctl stop To manually remove the Agent 1. /Library/Application Support/Dell/KACE/data/ where the Agent configuration. Open a terminal from Applications > Utilities. Use su or sudo: SystemStarter stop AMPAgent rm -rf /Library/Application\ Support/Dell rm -rf /Library/StartupItems/AMPAgent rm -rf /Library/LaunchDaemons/kace.3. Some commands must be run as root. To start or stop the Agent 1. Double-click AMPAgent. Double-click ampagent-5. enter: . logs. Perform the following: • To start the Agent. To install or upgrade the Agent You must have the K1000 Agent installation file on your computer. Follow the instructions in the installer. 2. 3. The installer creates the following directories on your computer: • • /Library/Application Support/Dell/KACE/ where the Agent executable files are installed.pkg. Additional options are described in Using shell scripts to install the Agent.E Manually Deploying Agents To Install and Configure the Agent on Mac OS Nodes This section provides information for installing the Agent on Mac OS. enter: . 1.ampagent. Version 5.3 . on page 310.dmg. and other data is stored.bootup./AMPctl start • To stop the Agent. Open a terminal from Applications > Utilities.plist 308 Administrator Guide.buildnumber. 2. kace. Go to the following folder: cd /Library/Application\ Support/Dell/KACE/bin/ 3. Enter: cat /Library/Application\ Support/Dell/KACE/data/version The version number is reported.1 94408 12044 p2 S 3:26PM 0:10. 2. Open a terminal from Applications > Utilities. Open a terminal from Applications > Utilities. Enter the following command: ps aux | grep AMPAgent This output indicates that the process is running: root 2159 0. 2. To check that the Agent is running 1.txt This command saves the inventory results to a file named computer_name./runkbot 2 0 4./inventory To save the inventory results to a local file: sudo .3 309 . Open a terminal from Applications > Utilities. Administrator Guide. To run an Inventory check 1. Open a terminal from Applications > Utilities. To manually run an inventory: sudo .Manually Deploying Agents E pkgutil --forget com. where computer_name is the computer name that you specified. Other Agent operations This section describes the various tasks you can perform to manage the Agent using a terminal. 5.0 1.ampagent The agent is removed. Macintosh Debugging 1.94 /Library/ Application Support/Dell/KACE/AMPAgent To check the version of the Agent 1./inventory > computer_name. Version 5.txt. To run an inventory and send to the K1000: sudo . 2. Do not leave empty. use that. 2. use that. you can force a check in outside the normal schedule by going to /Library/Application Support/Dell/ KACE/bin/ and running: runkbot 2 0 Using shell scripts to install the Agent The K1000 Management Appliance provides options that are useful when using shells scripts to install the Agent: 1.3 .com. sudo export KACE_SERVER=k1000name installer -pkg '/Volumes/Dell KACE/ AMPAgent. Add the following line to the end of the amp. see http:// developer./AMPctl start The output is recorded in various K1000 Agent logs. Information collected by the Agent The Computers : Detail Item page displays the information collected by the Agent. 310 Administrator Guide.apple.3. hdiutil attach .pkg -target /' hdiutil detach '/Volumes/Dell KACE' The export call must proceed the install call (for example.conf file in /Library/Application\ Support/Dell/KACE/data: debug=true 5. Stop the Agent: .12345-all. The Agent normally checks in using the “Run Interval” schedule specified in K1000 Agent Settings page. the agent will NOT connect to the server. If KACE_SERVER is set. use that./AMPctl stop 4. Go to the following folder: cd Library/Application Support/Dell/KACE/bin 3. 3. Version 5. 4. Start the Agent: ./ampagent-5. use that (when updating from 5.dmg sudo sh -c 'KACE_SERVER=k1000name installer -pkg /Volumes/Dell_KACE/AMPAgent.E Manually Deploying Agents 2.1).conf has a server. If the installer contains the name of host. However.pkg' -target / The ordering of setting the host is as follows: 1. If smmp. Otherwise. 3. 2. Do not set to kbox.conf has a server. For information about using shell scripts and command lines. If amp. Computer manufacturer. Name of most recent user. such as desktop or laptop. Type of operating system. Time that the inventory record was created. The following table describes each of the detail areas on this page. How much RAM is used. The Computer Inventory page appears. such as Windows. To expand the sections. Macintosh. Number of CPUs and type. type and size of the file system.3 311 . The fields that are displayed depend on the type of computer and its operating system. Number of disk drives. select Expand All. Time of latest inventory. Service Pack version number (Windows only). Type of computer. Time of last connection to the K1000 Agent. or Linux. Description Administrator Guide. Go to Inventory > Computers. Select a computer to view. Computer model. and amount of disk space used. 2. K1000 Agent version number. (Some computers might have multiple users).Manually Deploying Agents E To access the Computers : Detail page 1. The Computers : Detail Item page appears. IP address of the computer. Name of the computer. Computer model. Amount of Random-access memory. Media Access Control address number. Item Summary Name Model Chassis Type IP Address MAC RAM Total Processors OS Name Service Pack Agent Version User Name AMP Connection Last Inventory Record Created Disk Inventory Information Hardware RAM Total Ram Used Manufacturer Model Total amount of RAM. Version 5. Description Main and peripheral buses. 312 Administrator Guide. and whether DHCP is enabled or disabled. The domain that the user belongs to. The printers that the computer is configured to use. Build of the operating system. BIOS version. Name of the operating system. Name of domain. and manufacturer. Time the computer last checked in to the appliance. Configuration of drives installed on the computer. The user currently logged into the computer. BIOS version. Type of network interface. BIOS Manufacturer. and amount of disk space used. Version number of the operating system. KACE ID. Database ID. CPU count.3 . BIOS serial number. type. Version of Agent Messaging Protocol. Time of the last connection to the K1000 Agent. Time of latest inventory. Installed audio devices. Version 5. Time when the Agent was updated.E Manually Deploying Agents Item Domain Motherboard Processors CD/DVD Drives Sound Devices Video Controllers Monitor BIOS Name BIOS Version BIOS Manufacturer BIOS Description BIOS Serial Number Disk Printers Network Interfaces K1000 Agent Agent Version AMP Version AMP Connected KACE ID Database ID Last Inventory Last Sync Last Agent Update User User Logged User Name User Domain Operating System Name Version Build Agent Version. Number of disk drives. type and size of file system. Installed video controllers Type and manufacturer of the monitor. IP Address. BIOS Description. MAC address. User name. such as PPC or x64. You use Virtual Kontainers to create virtual versions of supported applications. Size of the registry. Lists the patches detected and deployed on the computer. You can enter any additional information in this field. Labels are used to organize and categorize inventory and assets. Installed Patches via Inventory Running Processes Startup Programs Services Activities Labels Failed Managed Installs To Install List Service Desk Tickets Security Patching Detect/Deploy Status Administrator Guide. List of running processes. The labels assigned to this computer. Installed Microsoft Patches. Date of operating system installation. along with the field name and value. Managed installations allow deploying software that require installation files. List of services.3 313 .Manually Deploying Agents E Item Number Architecture Installed Date Last System Reboot Last System ShutDown Uptime Since Last Reboot System Directory Registry Size Registry Max Size Notes Software Installed Programs Custom Inventory Fields. Operating system architecture. List any Virtual Kontainers on the computer. Lists any failed managed installs. Lists any Custom Inventory fields created for this machine. Lists the files that have been uploaded to the K1000 Management Appliance from this computer using the “upload a file” script action. List of the software and versions installed on the computer. How long the operating system has been up. Location of the system directory. List of managed installations that will be sent to the computer the next time it connects with the appliance. Virtual Application Kontainers Uploaded Files Description Build number of the operating system. Last time the operating system was turned off. and deploy and run them on the nodes you administer. Maximum size of the registry. Version 5. Last time the operating system was rebooted. Lists any Service Desk Tickets assigned or submitted by any user of the computer. List of startup programs. the asset type.E Manually Deploying Agents Item Threat Level 5 List OVAL Vulnerabilities FDCC/SCAP Configuration Scans Logs K1000 Agent Logs Portal Install Logs Scripting Logs Asset Asset Information Related Assets Asset History Description Lists any threats that are harmful to any software. Contains the logs for the K1000 Agent application.3 . such as computer. and the name of the asset. Lists any related assets. Lists when the record was created and last modified. Lists the changes done to the asset of the computer along with the date and time when each change was done. along with the available status of any scripts in progress. Results of OVAL Vulnerability tests run on this computer. 314 Administrator Guide. Configuration Policy scripts that have been run on this computer. startup item. Results of FDCC/SCAP Configuration Scans run on this computer. Details about User Portal packages installed on this machine. process. A question mark indicates that its status is unknown. or service. Version 5. This appendix contains a sample of the daily run output. The following syntaxes are the standard freebsd maintenance messages: • • • • • • • Filesystem /dev/ twed0s1a devfs /dev/ twed0s1f /dev/ twed0s1e /dev/ twed0s1d /dev/ twed1s1d Removing stale files from /var/preserve: Cleaning out old system announcements: Removing stale files from /var/rwho: Backup password and group files: Verifying group file syntax: Backing up mail aliases: Disk status: 1K-blocks 2026030 1 134105316 10154158 2026030 151368706 Used 36780 1 1003568 6365810 3858 2722542 Avail 1827168 0 122373324 2976016 1860090 136536668 Capacity 2% 100% 1% 68% 0% 2% Mounted on / /dev /kbox /usr /var /kbackup Administrator Guide. Version 5. Your output may differ from the sample shown.3 315 .F Understanding the Daily Run Output The daily run output is automatically sent to the System Administrator by email every night at 2:00 AM. It is generally as full as the / kbox. If this drive starts getting close to full you must remove old unused packages or contact KACE for an upgrade.F Understanding the Daily Run Output The above table reports information about your disks. It is also contains the software packages uploaded to the server.168. you must remove old unused packages or contact KACE for an upgrade. /kbox contains all the software for the appliance server. Those of interest are /kbox and /kbackup.3 . If it is close to full. /kbackup is the drive where /kbox is backed up.2 kboxdev 308055 201832 em0 1500 fe80:1::230:4 fe80:1::230:48ff: 0 4 em1* 1500 00:30:48:73:07:4d 0 0 0 0 0 plip0 1500 0 0 0 0 0 lo0 16384 699 0 699 0 0 lo0 16384 your-net localhost 699 699 lo0 16384 localhost ::1 0 0 lo0 16384 fe80:4::1 fe80:4::1 0 0 316 Administrator Guide. Version 5. Network interface status: Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll em0 1500 00:30:48:73:07:4c 332146 0 204673 0 0 em0 1500 192. Understanding the Daily Run Output F The above table reports information about the network status of the appliance. load averages: 0.15 The above indicates the amount of time the appliance has been up since the last time it was powered off. 0. Other values indicate some sort of network failure.05.3 317 . 0 users.20. 4:12. Make sure the Ierrs/Oerrs are zero. The load averages vary depending on the load on appliance was when this report was run. Mail in local queue: /var/spool/mqueue is empty Total requests: 0 Mail in submit queue: /var/spool/clientmqueue is empty Total requests: 0 Security check: (output mailed separately) Checking for rejected mail hosts: Administrator Guide. Version 5. 0. contact KACE support for assistance. If you notice consistent errors. There will not be any users logged onto the machine. Local system status: 3:04PM up 3 days. 05 312579760 Disk Array REBUILD Status: /c0/u0 is not rebuilding. contact KACE support to address the problem..FILTER OK 318 Administrator Guide. Version 5.% completion listed below Disk Array Detail Status: Unit UnitType Status %Cmpl Port Stripe Size(GB) Blocks ---------------------------------------------------------------------u0 RAID-1 OK 149. ORG. [Thu Mar 17 15:05:31 PST 2005] K1000 RAID Status Disk Array Detail Info not available during a rebuild.CATEGORY OK ORG. # Disconnecting from localhost.3 . [Thu Mar 17 15:05:31 PST 2005] K1000 Database Maintenance Daily routines to maintain database performance. If Rebuild in progress.CLIENT_DISTRIBUTION OK ORG.AUTHENTICATION OK ORG.F Understanding the Daily Run Output Checking for denied zone transfers (AXFR and IXFR): tar: Removing leading /' from member names The messages above are the standard freebsd messages regarding the health of the mail systems.05 312579760 u0-0 DISK OK p0 149...ADVISORY OK ORG. There should not be mail in the queues. available through the ftp interface. its current state is OK The above table indicates the status of your raid drives. DB Table Maintenance Log: # Connecting to localhost.05 312579760 u0-1 DISK OK p1 149. Backup files available for off-box storage via ftp. [Thu Mar 17 15:05:31 PST 2005] K1000 Backup: Backup Complete. If you ever see the disks degraded or not rebuilding properly. However.. if an item still exists. check your SMTP settings from the Settings > Network Settings page. The above message indicates an appliance-specific message telling you that the backups have been successfully completed and are on the /kbackup disk. MESSAGE ORG.FS_LABEL_JT ORG.MACHINE ORG.MESSAGE_LABEL_JT ORG.MACHINE_NICS ORG.LDAP_FILTER ORG.NETWORK_SETTINGS ORG. If you see any failures from this output.USER_HISTORY ORG.End of daily output -- OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK The database is checked every night for any inconsistencies.PRODUCT_LICENSE ORG. Administrator Guide.MACHINE_STARTUP_PROGRAMS ORG.PORTAL ORG.OPERATING_SYSTEMS ORG.MI ORG.SCHEDULE ORG.MACHINE_PROCESS ORG.USER_LABEL_JT -.MACHINE_LABEL_JT ORG. contact Dell KACE Support for assistance.THROTTLE ORG.Understanding the Daily Run Output F ORG. and these are automatically repaired. Version 5.MACHINE_CUSTOM_INVENTORY ORG.LICENSE_MODE ORG.SERVER_LOG ORG.GLOBAL_OPTIONS ORG.MACHINE_DISKS ORG.REPORT ORG.MI_LABEL_JT ORG.SOFTWARE ORG.TIME_ZONE ORG.USER_KEYS ORG.MACHINE_SOFTWARE_JT ORG.LICENSE ORG.NOTIFICATION ORG.SOFTWARE_LABEL_JT ORG.LABEL ORG.PORTAL_LABEL_JT ORG.FS ORG.USER ORG.3 319 .TIME_SETTINGS ORG.SOFTWARE_OS_JT ORG. F Understanding the Daily Run Output 320 Administrator Guide. Version 5.3 . G K1000 Classic Reports The Dell KACE K1000 Management Appliance 5. See Running the K1000 Appliance Reports on page 221. • • • • Reporting Overview.2 version.3 includes a new reporting engine. on page 328 Reporting Overview The K1000 Management Appliance is shipped with many stock reports. PDF. select Reporting > Reports to view the list.3 321 . This appendix contains information on using Reporting from the 5. and XSL formats. TXT. on page 322 Creating and Editing Reports. CSV. The reporting engine utilizes XML-based report layouts to generate reports in HTML. the appliance provides reports in the following general categories: • • • • • • • • • Compliance Dell updates Hardware Service Desk iPhone K1000 Network Patching Power Management Administrator Guide. These reports are listed under the Classic Reports tab. on page 322 Scheduling Reports. on page 321 Running Reports. By default. Version 5. XLS. PDF. the report is displayed in a new window. CSV. You can modify the copy to suit your needs. The K1000 Reports page appears. line. Running Reports To run any of the K1000 Management Appliance reports.G K1000 Classic Reports • • • Security Software Template You can duplicate and modify these reports as necessary. Modify one of the templates provided in the K1000 Management Appliance Template category. you can open the file or save it to your computer. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. Create a new report using the Report Wizard. However. XLS. a strong knowledge of SQL is required to successfully change a report. 322 Administrator Guide. click the desired format type (HTML. CSV. Click Reporting > Reports. you can: • • Create a new report from scratch. or pie chart. Version 5. For the HTML format. 1. To create a new report using the table presentation type To perform these steps. • • Duplicate an existing report—another way to create a report is to open an existing report and create a copy of it. Opening a CSV file containing multibyte characters with Microsoft Excel may yield "garbage characters" in the resulting worksheet. The Chart presentation type is a bar. Creating and Editing Reports If you have other reporting needs not covered by default reports. You can create a report using the Table or Chart presentation type: • • The Table presentation type is a tabular report with optional row groupings and summaries. If you select PDF. See Dell KACE Support for instructions on how to import the CSV file into an Excel worksheet. or TXT formats.3 . or TXT). For example.K1000 Classic Reports G 2. Select the Use Expanded logic check box to use expanded logic. f. software. To define the criteria for displaying records in the report: a. Expanded logic enables you to define a syntactic structure for your rules to override operator precedence. Greater Than. b. Describe the information that the report will provide. 10. you can click Move Up or Move Down to change the order of rules. 8. The rule is added in the list of Current Rules. click Add New Report. Click the appropriate field name from the Available Fields list. 3. for example. Click to add that column to the Display Columns list. Click Add. Click Check Syntax to check whether the rule syntax is valid. Click the Appropriate column name from the Available columns list. Enter the category for the report. h. In the Choose Action menu. To remove a column from the Display list. Click to remove a rule from the list of Current Rules. e. Columns that you chose in the previous step appear under display fields. so you can distinguish this report from others. Report Title Report Category Description 4. c. 5. Make this as descriptive as possible. Click Next. If the category does not already exist. Click Next. 9. You can change the column order by clicking or . For example. c. 7. Choose table columns: a. You can add more than one rule. Once you add more than one rule. 6. it will be added to the drop-down list on the Reports list page. Enter the appropriate value in the text field. click the appropriate column and click . This rule will filter the data and display only software that has Threat Level greater than 3. Click Next. d. i. Threat Level. For example. Click the appropriate topic name from the Available Topics list. Click OK. Administrator Guide. Version 5. You can also choose a field from among all fields available for that topic. 3. g. Enter the report details as shown: Enter a display name for the report. Select the appropriate operator from the comparison drop-down list.3 323 . b. Click the Table presentation type icon. To create a new report using the chart presentation type To perform these steps. Report Title Report Category Description 324 Administrator Guide. Enter the category for the report. it will be added to the drop-down list on the Reports list page. Click on the column and report headings for further menu of labels. the report is displayed in a new window. To remove a column from the Display list. so you can distinguish this report from others. click Add New Report. Make this as descriptive as possible. For the HTML format. To choose columns to be displayed in the report: a. Click the Appropriate column name from the Available columns list. 1. grouping. Click Next. You can jump to steps 1-5 of the Reporting Wizard. 3. Click Save to save the report. You can change the column order by clicking or . The K1000 Reports page is displayed with the new report in the list. In the Choose Action menu. Click to add that column to the Display Columns list. you can open the file or save it to your computer. CSV. b. and other options. PDF. Click column to select various column options. width and add spacers.G K1000 Classic Reports 11.3 . If you select PDF. XLS. 13. click the appropriate column and click 12. click the desired format (HTML. Step 1 and Step 2 are mandatory and cannot be left blank. Enter the report details as shown below: Enter a display name for the report. You can drag and drop between columns as well as between columns and spacer. XLS. . summary. Describe the information that the report will provide. The available options are: Title Spacer Column Click the report title to select title and page options. or TXT). Version 5. or TXT formats. 2. (Optional) Customize the report layout. You can drag to set column order. 14. Click spacer to add an empty column. CSV. Click Reporting > Reports. If the category does not already exist. The K1000 Reports page appears. c. To run the new report. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. Administrator Guide. Click Add. Select the appropriate operator from the comparison drop-down list. 5. For example. For example. To define the criteria for displaying records in the report: a. g. you can click Move Up or Move Down to change the order of rules. 11. Version 5. 8. c. click the appropriate column and click . 6. Click Next. i. Click to add that column to the Display Columns list. c.K1000 Classic Reports G 4. 3. The rule is added in the list of Current Rules. The corresponding value determines the size of the slice. Click the Appropriate field name from the Available Fields list. f. Once you add more than one rule. Threat Level. You can add more than one rule. h. 10. 12. 7. software. Columns that you chose in the previous step appear under display fields. Click the Appropriate column name from the Available columns list. To choose table columns: a. b. Select the appropriate chart type from the following: • • • Simple 3-D Bar: Displays categories along the X-axis. Expanded logic enables you to define a syntactic structure for your rules to override operator precedence. For example. Line: Displays categories or dates along the X-axis. Enter the appropriate value in the text field. 9. This rule will filter the data and display only software that has Threat Level greater than 3. b. d. Click Check Syntax to check whether the rule syntax is valid. e. Click Next. Select the Use Expanded logic check box to use expanded logic. Select the appropriate category field from the Category Field drop-down list. Click the Chart presentation type icon. Click OK. Click Next. Greater Than.3 325 . values along the Y-axis. Click the appropriate topic name from the Available Topics list. Click to remove a rule from the list of Current Rules. You can also choose a field from among all fields available for that topic. 3-D Pie: Displays a slice for each category. You can change the column order by clicking or . values along the Y-axis. For example. To remove a column from the Display list. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. Modify the report details as necessary. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. the K1000 Report: Edit Detail page or the Report Wizard page appears. The steps for duplicating a regular report and a SQL report are similar. 5. The K1000 Reports page appears. 4. beside appropriate Value field name. starting on page 265. in the text fields.G K1000 Classic Reports 13. Refer to Appendix B: Adding Steps to a Script. 14. click Add New SQL Report. Make this as descriptive as possible to distinguish this report from others. The K1000 Reports page is displayed with the new report in the list. 1. 326 Administrator Guide. Click Reporting > Reports. regular reports have a report wizard. You can jump to steps 1-5 of the Reporting Wizard. Click Save to save the report. To create a new report from scratch To perform these steps. Select the summary from the Summary drop-down list. 16. 3. The K1000 Report: Edit Detail page appears. you can change the value field order by clicking or . If you have more than one Value field. Version 5. Title Specify the following report details: A display name for the report. To duplicate an existing report To perform these steps. Step 1 and Step 2 are mandatory and cannot be left blank. Specify the Chart width and Chart height in pixels. Depending on the type of report. 3. 15. Click Duplicate. Click the report title you want to duplicate. In the Choose Action menu.3 . 1. Click Save. The K1000 Reports page appears. Select the Show legend check box to display a legend in the chart. However. 2. 2. Click Reporting > Reports. If the category does not already exist. Administrator Guide. 2. the XML Report Layout is regenerated based on your SQL. Select the appropriate formats that should be available for this report. The report will generate break headers and sub totals for these columns. Title Report Category Edit the following report details: Edit the display name for the report. the report wizard is disabled for that report. This setting refers to the autogenerated layout. If you changed the columns that the query returns. Click OK to proceed. Make the title as descriptive as possible to distinguish this report from others. The K1000 Reports page appears. Go to Reporting > Reports. To edit a report using SQL Editor To perform these steps. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. you don't need to recreate the layout. Click the report you want to edit. Click this check box to regenerate the XML Report Layout using new columns. it will be added to the drop-down list on the Reports list page. If you changed only a sort order or a where clause. The query statement that will generate the report data. Once you click Save.K1000 Classic Reports G Report Category Output File Name Description Output Types SQL Select Statement Break on Columns The category for the report. Information and documentation are available at: http://jasperforge.3 327 . Click Edit SQL. The K1000 Report: Edit Detail page appears. 4. The name for the file generate when this report is run. Click Save. if required.org/. Describe the information that the report provides. The Report Wizard page appears. consult the MYSQL documentation. Use the JasperReports iReports tool to change the way your reports are formatted. XML Report Layout 4. A comma-separated list of SQL column names. If the category does not already exist. 3. Edit or enter the category for the report. 5. Version 5. 1. it will be added to the drop-down list on the Reports list page. For reference. The K1000 Management Appliance reports use JasperReports’ open source JRXML format. 2. consult the MYSQL documentation. Make this as descriptive as possible. Scheduling Reports Reports can be scheduled from the Schedule Reports tab. Enter the information that the schedule would provide. 1. or delete them. For reference. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. Describe the information that the report will provide. 3. Click Save. The report will generate break headers and sub totals for these columns. you cannot use the Report Wizard to change it later. In the Choose Action menu. If you manually change a report’s SQL statement. Version 5. Select the appropriate formats that should be available for this report. This setting refers to the autogenerated layout. You can also search schedules using keywords. Click Reporting > Schedule Reports. The Report Schedules page appears. Edit or enter the query statement that will generate the report data. the XML Report Layout is regenerated based on your SQL.3 . A comma-separated list of SQL column names. You can filter the list by entering any filter options. If you changed the columns that the query returns. If you changed only a sort order or a where clause. create new schedules. click Create a New Schedule. XML Report Layout 6. To create a report schedule To perform these steps. 328 Administrator Guide. Click this check box to regenerate the XML Report Layout using new columns. you don't need to recreate the layout. From the Report Schedules List page you can open existing schedules. The Schedule Reports : Edit Detail page appears.G K1000 Classic Reports Output File Name Description Output Types SQL Select Statement Break on Columns Edit or enter the name for the file generate when this report is run. Schedule Title Description Report to Schedule Specify the following schedule details: Enter a display name for the schedule. Select the appropriate report you would like to schedule. so you can distinguish this schedule from others. Report Output Formats Email Notification Subject Message Text 4.K1000 Classic Reports G Reports Select the Reports or Classic Reports radio button based on the type of report you are scheduling. 2. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. Run the scan at a specified hour interval. Enter the subject of the schedule. The Report Schedules page appears. Recipients Click the icon to enter the recipient’s e-mail address. Click Reporting > Schedule Reports. Enter the message text in the notification. To run a schedule To perform these steps. Click the check boxes for the schedules you want to run. Click Save or Run Now to run the schedule reports immediately. 1. This is a mandatory filed. be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. Excel. Run monthly at the specified time. -orRun on specified day of the week at a specified time. CSV. To delete a schedule To perform these steps. The subject can help to quickly identify what the schedule is about. or choose Select user to add from the drop-down list. -orRun on a specified day of the month at a specified time. Click Reporting > Schedule Reports. 329 Administrator Guide. Click the desired output report format (PDF. 1. In the Choose Action menu.3 . This determines which of reports are listed in the Select report to schedule drop-down list. Version 5. Don’t Run on a Schedule Run Every n hours Run Every day/specific day at hour:minute Run on the nth of every month/specific month at hour:minute 5. Specify the scan schedule as follows: Run in combination with an event rather than on a specific date or time. Run daily at a specified time. 3. or TXT) that should be available for this scheduled report. click Run Selected Schedules Now. 2. In the Choose Action menu. Version 5.G K1000 Classic Reports The Report Schedules page appears. Click the check box for the schedules you want to delete.3 . 3. 4. 330 Administrator Guide. Click Yes to confirm deleting the schedules. click Delete Selected Item(s). KACE. hardware replacement. In addition.apache. Inc. product returns. REPRODUCTION. technical support terms and product licensing can be found in the KACE End User License agreement accessible at: HTTP://WWW.H Warranty. Copyright 2004. and Support Warranty And Support Information Information concerning hardware and software warranty. and other copyrights. • • • • • • • • • Apache EZ GPO FreeBSD Knoppix Microsoft Windows OpenSSL PHP Samba Sendmail Apache This product (Dell KACE K1000 Management Appliance) includes software developed by The Apache Software Foundation (http://www. AND DISTRIBUTION Administrator Guide.0. Dell KACE K1000 Management Appliance includes software redistributed under license from the following vendors. Dell KACE K1000 Management Appliance contains paid licences to MySQL and RLib that have been purchased and embedded within Dell KACE K1000 Management Appliance by KACE.3 331 . Version 5. Apache License Version 2. KACE Networks. January 2004 http://www.org/licenses/ TERMS AND CONDITIONS FOR USE.COM/LICENSE/STANDARD_EULA Third Party Software Notice Dell KACE K1000 Management Appliance TM is licensed per the accompanying Third Party License Agreements in addition to the Dell KACE K1000 Management Appliance license noted above.apache. Licensing.org/). including but not limited to communication on electronic mailing lists. 2. royalty-free. “You” (or “Your”) shall mean an individual or Legal Entity exercising permissions granted by this License. For the purposes of this definition. are controlled by. “Legal Entity” shall mean the union of the acting entity and all other entities that control. and otherwise transfer the Work. “Derivative Works” shall mean any work. elaborations. or are under common control with that entity. or other modifications represent. but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as “Not a Contribution. each Contributor hereby grants to You a perpetual. the Work and Derivative Works thereof. and distribute the Work and such Derivative Works in Source or Object form. Definitions. and Support 1. irrevocable copyright license to reproduce. including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof. and distribution as defined by Sections 1 through 9 of this document. that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. including but not limited to compiled object code. and conversions to other media types. Subject to the terms and conditions of this License. “submitted” means any form of electronic. Grant of Copyright License. “Work” shall mean the work of authorship. If You 3. “control” means (i) the power. whether in Source or Object form. Grant of Patent License. generated documentation. source code control systems. Version 5. worldwide. or (iii) beneficial ownership of such entity. to cause the direction or management of such entity. “Contribution” shall mean any work of authorship. the Licensor for the purpose of discussing and improving the Work. including but not limited to software source code. use. whether in Source or Object form. or (ii) ownership of fifty percent (50%) or more of the outstanding shares. annotations. Derivative Works shall not include works that remain separable from. “Source” form shall mean the preferred form for making modifications. and configuration files. or merely link (or bind by name) to the interfaces of. For the purposes of this License. each Contributor hereby grants to You a perpetual. irrevocable (except as stated in this section) patent license to make. reproduction. 332 Administrator Guide. that is based on (or derived from) the Work and for which the editorial revisions. nocharge. non-exclusive. import. publicly perform. publicly display. or on behalf of.H Warranty.3 . Subject to the terms and conditions of this License. sublicense. as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). Licensing. documentation source. an original work of authorship. direct or indirect. non-exclusive. and issue tracking systems that are managed by. For the purposes of this definition. worldwide. offer to sell. sell. verbal. royalty-free. where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. or written communication sent to the Licensor or its representatives. no-charge. “Licensor” shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. made available under the License. “License” shall mean the terms and conditions for use.” “Contributor” shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. have made. “Object” form shall mean any form resulting from mechanical transformation or translation of a Source form. prepare Derivative Works of. whether by contract or otherwise. as a whole. Unless You explicitly state otherwise. provided that You meet the following conditions: a. excluding those notices that do not pertain to any part of the Derivative Works. Disclaimer of Warranty. and in Source or Object form. The contents of the NOTICE file are for informational purposes only and do not modify the License. if provided along with the Derivative Works. in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works. Unless required by applicable law or agreed to in writing. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND. without any additional terms or conditions. provided that such additional attribution notices cannot be construed as modifying the License. This License does not grant permission to use the trade names. reproduction. Version 5. If the Work includes a “NOTICE” text file as part of its distribution. in the Source form of any Derivative Works that You distribute. You must give any other recipients of the Work or Derivative Works a copy of this License. Submission of Contributions. within a display generated by the Derivative Works. or product names of the Licensor. 7. except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. including. or for any such Derivative Works as a whole. nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. trademark. and attribution notices from the Source form of the Work. provided Your use. Trademarks. without limitation. You must retain. reproduction. then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. Redistribution. trademarks. either express or implied. Notwithstanding the above.3 333 . or. Licensor provides the Work (and each Contributor provides its Contributions) on an “AS IS” BASIS. patent. any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License. within the Source form or documentation. e. 5. You must cause any modified files to carry prominent notices stating that You changed the files. 4. and b. excluding those notices that do not pertain to any part of the Derivative Works. and d. and distribution of the Work otherwise complies with the conditions stated in this License. and c. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use. service marks. or distribution of Your modifications. any warranties or conditions of 6. Administrator Guide. all copyright. Licensing.Warranty. with or without modifications. and Support H institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement. You may add Your own attribution notices within Derivative Works that You distribute. then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file. if and wherever such third-party notices normally appear. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium. alongside or as an addendum to the NOTICE text from the Work. Version 5. Redistribution and use in source and binary forms. computer failure or malfunction. NON-INFRINGEMENT. While redistributing the Work or Derivative Works thereof. * Redistributions in binary form must reproduce the above copyright notice. indemnity. All of the documentation and software included in the EZ GPO PC Monitor Power Management Tool software is copyrighted by the Environmental Protection Agency. INCLUDING. this list of conditions and the following disclaimer. You may act only on Your own behalf and on Your sole responsibility. OR CONSEQUENTIAL DAMAGES (INCLUDING. and hold each Contributor harmless for any liability incurred by. or FITNESS FOR A PARTICULAR PURPOSE. Accepting Warranty or Additional Liability. or other liability obligations and/or rights consistent with this License. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. contract. or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill. Limitation of Liability. Licensing. * Neither the name of the Environmental Protection Agency nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. such Contributor by reason of your accepting any such warranty or additional liability. IN NO EVENT SHALL THE FEDERAL GOVERMENT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT. DATA. OR 334 Administrator Guide. and charge a fee for. and Support TITLE. All rights reserved. INDIRECT. OR PROFITS. not on behalf of any other Contributor. shall any Contributor be liable to You for damages. work stoppage.H Warranty. indirect. are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice. INCIDENTAL. THIS SOFTWARE IS PROVIDED BY THE ENVIRONMENTAL PROTECTION AGENCY AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES. incidental. or any and all other commercial damages or losses). acceptance of support. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. in accepting such obligations. SPECIAL. The Environmental Protection Agency. BUT NOT LIMITED TO.3 . even if such Contributor has been advised of the possibility of such damages. including any direct. whether in tort (including negligence). or otherwise. In no event and under no legal theory. BUT NOT LIMITED TO. LOSS OF USE. 8. unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing. EXEMPLARY. or claims asserted against. EZ GPO Copyright (c) 2003-2007. warranty. with or without modification. MERCHANTABILITY. You may choose to offer. 9. However. defend. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. and only if You agree to indemnify. special. To protect your rights. but changing it is not allowed. we are referring to freedom. we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. June 1991. that you receive source code or can get it if you want it. so that any problems introduced by others will not reflect on the original authors' reputations. For example. Finally. Inc. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses. we want to make certain that everyone understands that there is no warranty for this free software. We protect your rights with two steps: (1) copyright the software. You must make sure that they. FreeBSD This product (Dell KACE K1000 Management Appliance) includes software developed by Free Software Foundation. too. and (2) offer you this license which gives you legal permission to copy. Copyright (C) 1989. To prevent this. we want its recipients to know that what they have is not the original. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish). in effect making the program proprietary. not price. MA 02139. Inc. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. and that you know you can do these things. Version 5. 1991 Free Software Foundation. If the software is modified by someone else and passed on. WHETHER IN CONTRACT. the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. GNU GENERAL PUBLIC LICENSE. These restrictions translate to certain responsibilities for you if you distribute copies of the software. By contrast. any free program is threatened constantly by software patents. When we speak of free software. we have made it clear that any patent must Administrator Guide.Warranty. Preamble The licenses for most software are designed to take away your freedom to share and change it.Everyone is permitted to copy and distribute verbatim copies of this license document. Licensing. Cambridge. too. USA.) You can apply it to your programs. for each author's protection and ours. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead. distribute and/or modify the software.675 Mass Ave. Also. if you distribute copies of such a program. or if you modify it. And you must show them these terms so they know their rights.3 335 . Version 2. you must give the recipients all the rights that you have. receive or can get the source code. and Support H BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. that you can change the software or use pieces of it in new free programs. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. STRICT LIABILITY. whether gratis or for a fee.. You must cause any work that you distribute or publish. to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else. either verbatim or with modifications and/or translated into another language. 2. when started running for such interactive use in the most ordinary way. and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). translation is included without limitation in the term “modification”. refers to any such program or work. in any medium. a work containing the Program or a portion of it. you must cause it. provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty. (Hereinafter. and telling the user how to view a copy of this License. If the modified program normally reads commands interactively when run. If identifiable sections of that work are not derived from the Program. DISTRIBUTION AND MODIFICATION 1. 3. and copy and distribute such modifications or work under the terms of Section 1 above. You may modify your copy or copies of the Program or any portion of it. c. distribution and modification are not covered by this License. Activities other than copying.3 . GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING. (Exception: if the Program itself is interactive but does not normally print such an announcement. and can be reasonably considered independent and separate works in themselves. to be licensed as a whole at no charge to all third parties under the terms of this License. and give any other recipients of the Program a copy of this License along with the Program. Licensing. and Support be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying. and its terms. keep intact all the notices that refer to this License and to the absence of any warranty. that in whole or in part contains or is derived from the Program or any part thereof. below. do 336 Administrator Guide. they are outside its scope.H Warranty. The “Program”. then this License. You may copy and distribute verbatim copies of the Program's source code as you receive it. Whether that is true depends on what the Program does.) Each licensee is addressed as “you”. and a “work based on the Program” means either the Program or any derivative work under copyright law: that is to say. The act of running the Program is not restricted. saying that you provide a warranty) and that users may redistribute the program under these conditions.) These requirements apply to the modified work as a whole. b. thus forming a work based on the Program. You may charge a fee for the physical act of transferring a copy. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. and you may at your option offer warranty protection in exchange for a fee. Version 5. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. provided that you also meet all of these conditions: a. distribution and modification follow. your work based on the Program is not required to print an announcement. unless that component itself accompanies the executable. Accompany it with the information you received as to the offer to distribute corresponding source code. or distribute the Program except as expressly provided under this License. plus the scripts used to control compilation and installation of the executable. it is not the intent of this section to claim rights or contest your rights to work written entirely by you. But when you distribute the same sections as part of a whole which is a work based on the Program. sublicense. and so on) of the operating system on which the executable runs. whose permissions for other licensees extend to the entire whole. modify. the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler. from you under this License will not have their licenses terminated so long as such parties remain in full compliance. the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. in accord with Subsection b above. the distribution of the whole must be on the terms of this License. or. and will automatically terminate your rights under this License. Version 5. parties who have received copies. 5. or rights. 4. Thus. modify. plus any associated interface definition files. as a special exception. and Support H not apply to those sections when you distribute them as separate works. c.) The source code for a work means the preferred form of the work for making modifications to it. Administrator Guide. and thus to each and every part regardless of who wrote it. for a charge no more than your cost of physically performing source distribution. You may not copy. rather. complete source code means all the source code for all modules it contains. Licensing. You may copy and distribute the Program (or a work based on it. However. under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a. For an executable work. even though third parties are not compelled to copy the source along with the object code. b. If distribution of executable or object code is made by offering access to copy from a designated place.Warranty. which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. or. then offering equivalent access to copy the source code from the same place counts as distribution of the source code. However. In addition. to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. Accompany it with the complete corresponding machine-readable source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer.3 337 . to give any third party. a complete machine-readable copy of the corresponding source code. Accompany it with a written offer. kernel. valid for at least three years. sublicense or distribute the Program is void. Any attempt otherwise to copy. and Support 6. 8. If any portion of this section is held invalid or unenforceable under any particular circumstance. then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations. If. the recipient automatically receives a license from the original licensor to copy. agreement or otherwise) that contradict the conditions of this License. If the Program does not specify a version 338 Administrator Guide. conditions are imposed on you (whether by court order. nothing else grants you permission to modify or distribute the Program or its derivative works. since you have not signed it. Each time you redistribute the Program (or any work based on the Program). If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces. it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. you indicate your acceptance of this License to do so. Version 5. 7.H Warranty. Therefore. you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. These actions are prohibited by law if you do not accept this License. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system. the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. For example. as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues). You may not impose any further restrictions on the recipients' exercise of the rights granted herein. they do not excuse you from the conditions of this License. Each version is given a distinguishing version number.3 . so that distribution is permitted only in or among countries not thus excluded. 9. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims. this section has the sole purpose of protecting the integrity of the free software distribution system. but may differ in detail to address new problems or concerns. However. Licensing. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 10. You are not required to accept this License. distributing or modifying the Program or works based on it. If the Program specifies a version number of this License which applies to it and “any later version”. Such new versions will be similar in spirit to the present version. You are not responsible for enforcing compliance by third parties to this License. if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you. the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. by modifying or distributing the Program (or any work based on the Program). In such case. and all its terms and conditions for copying. this License incorporates the limitation as if written in the body of this License. which is implemented by public license practices. then as a consequence you may not distribute the Program at all. distribute or modify the Program subject to these terms and conditions. 3 339 . and Support H number of this License. but changing it is not allowed. BUT NOT LIMITED TO. END OF TERMS AND CONDITIONS Knoppix This product (Dell KACE K1000 Management Appliance) includes the Knoppix software developed by Klaus Knopper. Suite 330. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE. Boston. INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS). are subject to the terms and conditions of the GNU GENERAL PUBLIC LICENSE Version 2. By contrast. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different. 59 Temple Place. write to the Free Software Foundation. Please note that this license does NOT automatically apply to third-party programs included on this CD. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 12. Version 5. OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE. GNU GENERAL PUBLIC LICENSE Version 2. 11. The KNOPPIX software collection and all included programs that are authored by Klaus Knopper. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. For software which is copyrighted by the Free Software Foundation. Inc. write to the author to ask for permission. June 1991 Copyright (C) 1989. TO THE EXTENT PERMITTED BY APPLICABLE LAW. Licensing. Knoppix is a registered trademark of Klaus Knopper.Warranty. Preamble The licenses for most software are designed to take away your freedom to share and change it. MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document. INCLUDING. THERE IS NO WARRANTY FOR THE PROGRAM. EITHER EXPRESSED OR IMPLIED. you may choose any version ever published by the Free Software Foundation. EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SHOULD THE PROGRAM PROVE DEFECTIVE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. INCLUDING ANY GENERAL. as quoted herein. SPECIAL. the GNU General Public License is Administrator Guide. YOU ASSUME THE COST OF ALL NECESSARY SERVICING. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER. REPAIR OR CORRECTION. we sometimes make exceptions for this. Check /usr/share/doc/*/copyright* and other supplied license files of each software package carefully for more information. BE LIABLE TO YOU FOR DAMAGES. 1991 Free Software Foundation. and that you know you can do these things. These restrictions translate to certain responsibilities for you if you distribute copies of the software. (Hereinafter. translation is included without limitation in the term "modification". or if you modify it. we want to make certain that everyone understands that there is no warranty for this free software. We protect your rights with two steps: (1) copyright the software. and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say.H Warranty. The "Program". receive or can get the source code. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). keep intact all the notices that refer to this License and to the absence of any warranty. And you must show them these terms so they know their rights. distribution and modification are not covered by this License. for each author's protection and ours. distribute and/or modify the software. any free program is threatened constantly by software patents. and (2) offer you this license which gives you legal permission to copy. below. Whether that is true depends on what the Program does. For example. The act of running the Program is not restricted. a work containing the Program or a portion of it.) You can apply it to your programs. so that any problems introduced by others will not reflect on the original authors' reputations. we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. in effect making the program proprietary. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses. that you can change the software or use pieces of it in new free programs. and Support intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. To protect your rights. we want its recipients to know that what they have is not the original. Finally. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. You must make sure that they. distribution and modification follow.3 . that you receive source code or can get it if you want it. refers to any such program or work.) Each licensee is addressed as "you". and give any other recipients of the Program a copy of this License along with the Program. in any medium. if you distribute copies of such a program. The precise terms and conditions for copying. we are referring to freedom. DISTRIBUTION AND MODIFICATION. If the software is modified by someone else and passed on. whether gratis or for a fee. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead. too. not price. You may copy and distribute verbatim copies of the Program's source code as you receive it. they are outside its scope. Version 5. You may 340 Administrator Guide. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish). GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING. too. either verbatim or with modifications and/or translated into another language. Also. Activities other than copying. 1. Licensing. To prevent this. provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty. 0. you must give the recipients all the rights that you have. When we speak of free software. Version 5. You may modify your copy or copies of the Program or any portion of it. the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler. unless that component itself accompanies the Administrator Guide. to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. and thus to each and every part regardless of who wrote it. The source code for a work means the preferred form of the work for making modifications to it. to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else. mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition. you must cause it. and copy and distribute such modifications or work under the terms of Section 1 above. it is not the intent of this section to claim rights or contest your rights to work written entirely by you. c) If the modified program normally reads commands interactively when run. which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. c) Accompany it with the information you received as to the offer to distribute corresponding source code.3 341 . complete source code means all the source code for all modules it contains. when started running for such interactive use in the most ordinary way. kernel. However. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer. If identifiable sections of that work are not derived from the Program. your work based on the Program is not required to print an announcement. rather. For an executable work. But when you distribute the same sections as part of a whole which is a work based on the Program. provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. and its terms. a complete machine-readable copy of the corresponding source code. b) You must cause any work that you distribute or publish. and so on) of the operating system on which the executable runs. Thus. or. (Exception: if the Program itself is interactive but does not normally print such an announcement. or. do not apply to those sections when you distribute them as separate works. then this License. to be licensed as a whole at no charge to all third parties under the terms of this License. under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code. and Support H charge a fee for the physical act of transferring a copy.) These requirements apply to the modified work as a whole. 2. the distribution of the whole must be on the terms of this License.Warranty. in accord with Subsection b above. saying that you provide a warranty) and that users may redistribute the program under these conditions. b) Accompany it with a written offer. plus any associated interface definition files. that in whole or in part contains or is derived from the Program or any part thereof. Licensing. to give any third party. for a charge no more than your cost of physically performing source distribution. and can be reasonably considered independent and separate works in themselves. thus forming a work based on the Program.) 3. and you may at your option offer warranty protection in exchange for a fee. valid for at least three years. and telling the user how to view a copy of this License. whose permissions for other licensees extend to the entire whole. You may copy and distribute the Program (or a work based on it. plus the scripts used to control compilation and installation of the executable. as a special exception. by modifying or distributing the Program (or any work based on the Program). sublicense. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. modify. 9. even though third parties are not compelled to copy the source along with the object code. However. distribute or modify the Program subject to these terms and conditions. However. You are not responsible for enforcing compliance by third parties to this License. sublicense or distribute the Program is void. the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims. You may not copy. In such case. 342 Administrator Guide. For example. 4. which is implemented by public license practices. you indicate your acceptance of this License to do so. this License incorporates the limitation as if written in the body of this License. Licensing. 6. then offering equivalent access to copy the source code from the same place counts as distribution of the source code. Version 5. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces. If distribution of executable or object code is made by offering access to copy from a designated place. Therefore. Any attempt otherwise to copy. Such new versions will be similar in spirit to the 5. parties who have received copies. the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. or distribute the Program except as expressly provided under this License. You are not required to accept this License. then as a consequence you may not distribute the Program at all. since you have not signed it. or rights. nothing else grants you permission to modify or distribute the Program or its derivative works. it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. conditions are imposed on you (whether by court order. modify. as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues). If any portion of this section is held invalid or unenforceable under any particular circumstance. These actions are prohibited by law if you do not accept this License. the recipient automatically receives a license from the original licensor to copy. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you. 8. agreement or otherwise) that contradict the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations.H Warranty. distributing or modifying the Program or works based on it.3 . this section has the sole purpose of protecting the integrity of the free software distribution system. Each time you redistribute the Program (or any work based on the Program). and all its terms and conditions for copying. they do not excuse you from the conditions of this License. so that distribution is permitted only in or among countries not thus excluded. If. from you under this License will not have their licenses terminated so long as such parties remain in full compliance. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. 7. and will automatically terminate your rights under this License. and Support executable. To do so. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation. but WITHOUT ANY WARRANTY.Warranty. REPAIR OR CORRECTION. This program is distributed in the hope that it will be useful. attach the following notices to the program. we sometimes make exceptions for this. SHOULD THE PROGRAM PROVE DEFECTIVE. For software which is copyrighted by the Free Software Foundation. write to the author to ask for permission. BUT NOT LIMITED TO. INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS). YOU ASSUME THE COST OF ALL NECESSARY SERVICING. Licensing. 10. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER.> Copyright (C) <year> <name of author> This program is free software. THERE IS NO WARRANTY FOR THE PROGRAM. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different. the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. write to the Free Software Foundation. Version 5. you may choose any version ever published by the Free Software Foundation. See the GNU General Public License for more details. <one line to give the program's name and a brief idea of what it does. You should have received a copy of the GNU General Public License along with this program. BE LIABLE TO YOU FOR DAMAGES. Suite 343 Administrator Guide. 12.. and each file should have at least the "copyright" line and a pointer to where the full notice is found. but may differ in detail to address new problems or concerns. INCLUDING ANY GENERAL. OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE. TO THE EXTENT PERMITTED BY APPLICABLE LAW. you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. 59 Temple Place. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE. INCLUDING. Inc. Each version is given a distinguishing version number. if not. EITHER EXPRESSED OR IMPLIED. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program. without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. and you want it to be of the greatest possible use to the public. or (at your option) any later version. If the Program does not specify a version number of this License. NO WARRANTY 1.3 . SPECIAL. and Support H present version. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. either version 2 of the License. EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. write to the Free Software Foundation. If the Program specifies a version number of this License which applies to it and "any later version". Microsoft Windows 98 Second Edition. Advanced and Datacenter Editions). Of course. Microsoft Windows 2000 Server (Standard. This is free software. MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. you may consider it more useful to permit linking proprietary applications with the library. Inc. the Intel Itanium version may only deploy versions of Microsoft Windows designed for this architecture. President of Vice This General Public License does not permit incorporating your program into proprietary programs. type `show c' for details. Actually both licenses are BSD-style Open Source licenses. make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69. Microsoft Windows XP Professional. In case of any license issues related to OpenSSL please contact openssl-core@openssl. use the GNU Library General Public License instead of this License. if any.g. Microsoft Windows NT Server 4 Service Pack 5 or later. Microsoft Windows This Product is designed for use in supporting the deployment of the following operating systems: Microsoft Windows 95. the commands you use may be called something other than `show w' and `show c'. if necessary. Microsoft Windows XP Tablet PC Edition. OpenSSL License Copyright (c) 1998-2005 The OpenSSL Project. Licensing. to sign a "copyright disclaimer" for the program. See below for the actual license texts. alter the names: Yoyodyne. 1 April 1989 Ty Coon. Boston. or Microsoft Windows Server 2003 (Web. and you are welcome to redistribute it under certain conditions. i. This Product is designed for use on processor architectures supported by the operating system that the Product was built from: e. and Support 330. <signature of Ty Coon>. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. All rights reserved. and the 64-bit extended version may only deploy versions of Microsoft Windows designed for this architecture. Standard.. the x86 32-bit version may only deploy X86 32-bit Microsoft operating systems. for details type `show w'. Version 5. If this is what you want to do.. Microsoft Windows NT Workstation 4 Service Pack 5 or later.H Warranty.e. they could even be mouse-clicks or menu items--whatever suits your program. Microsoft Windows 2000 Professional. You should also get your employer (if you work as a programmer) or your school. Enterprise and Datacenter Editions). Microsoft Windows XP Media Center Edition. If your program is a subroutine library. Here is a sample.3 . hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. 344 Administrator Guide. OpenSSL The OpenSSL toolkit stays under a dual license. Microsoft Windows Millennium Edition. The Product may not function properly with other operating system products or other processor architectures. Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY. If the program is interactive. Microsoft Windows 98.org. OR CONSEQUENTIAL DAMAGES (INCLUDING.com). SPECIAL.com). this list of conditions and the following disclaimer. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 6. OR PROFITS. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. are permitted provided that the following conditions are met: 1. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES.org/)". This product includes software written by Tim Hudson (tjh@cryptsoft. STRICT LIABILITY. The SSL Administrator Guide. (http://www. The implementation was written so as to conform with Netscapes SSL. The following conditions apply to all code found in this distribution.com) All rights reserved. Redistributions of source code must retain the above copyright notice. lhash.Warranty. EXEMPLARY. BUT NOT LIMITED TO. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT. DES. Licensing. etc. Version 5. BUT NOT LIMITED TO.. For written permission. This product includes cryptographic software written by Eric Young (eay@cryptsoft. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. This package is an SSL implementation written by Eric Young (eay@cryptsoft. Original SSLeay License Copyright (C) 1995-1998 Eric Young (eay@cryptsoft. 3. INCLUDING. 2.3 345 .openssl.org. RSA.com). The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. 5. Redistributions in binary form must reproduce the above copyright notice. LOSS OF USE. and Support H Redistribution and use in source and binary forms. not just the SSL code. THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES. please contact openssl-core@openssl. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. INCIDENTAL.openssl. DATA.org/)" 4. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. code. with or without modification. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www. be it the RC4. INDIRECT. WHETHER IN CONTRACT. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. com)". Redistribution and use in source and binary forms. THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. BUT NOT LIMITED TO. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.] PHP This product (Dell KACE K1000 Management Appliance) includes software developed by The PHP Group. with or without modification.com). INCIDENTAL. EXEMPLARY. If this package is used in a product. i. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Version 5.0. 2. Eric Young should be given attribution as the author of the parts of the library used. WHETHER IN CONTRACT. Redistributions in binary form must reproduce the above copyright notice.e. The PHP License. Copyright remains Eric Young's. OR CONSEQUENTIAL DAMAGES (INCLUDING. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. Licensing. INCLUDING. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. STRICT LIABILITY. version 3. 4. 346 Administrator Guide. The licence and distribution terms for any publically available version or derivative of this code cannot be changed. DATA. are permitted provided that the following conditions are met: 1. and Support documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft. this list of conditions and the following disclaimer. LOSS OF USE. Redistributions of source code must retain the copyright notice. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT.H Warranty. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young (eay@cryptsoft. SPECIAL. and as such any Copyright notices in the code are not to be removed. BUT NOT LIMITED TO. Copyright (c) 1999 . All rights reserved. The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-). OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY.2004 The PHP Group. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft. INDIRECT.com)". OR PROFITS. 3.3 . net/>”. STRICT LIABILITY. Redistributions of source code must retain the above copyright notice. LOSS OF USE. Redistributions of any form whatsoever must retain the following acknowledgment: “This product includes PHP.3 347 . INCLUDING.net. Samba GNU GENERAL PUBLIC LICENSE Version 2. BUT NOT LIMITED TO. freely available at <http:// www. Once covered code has been published under a particular version of the license. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. For more information on the PHP Group and the PHP project. Redistributions in binary form must reproduce the above copyright notice. Inc.net>. Products derived from this software may not be called “PHP”. nor may “PHP” appear in their name.net. USA Administrator Guide. Licensing. is permitted provided that the following conditions are met: 1. and Support H Redistribution and use in source and binary forms. 2.zend. Each version will be given a distinguishing version number. SPECIAL. please contact group@php. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. with or without modification. 1991 Free Software Foundation. 3. 675 Mass Ave. This software consists of voluntary contributions made by many individuals on behalf of the PHP Group. 5. You may indicate that your software works in conjunction with PHP by saying “Foo for PHP” instead of calling it “PHP Foo” or “phpfoo”. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. freely available from <http://www. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. MA 02139. OR PROFITS. The PHP Group can be contacted via Email at group@php. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. INDIRECT.Warranty. Cambridge. No one other than the PHP Group has the right to modify the terms applicable to covered code created under this License. you may always continue to use it under the terms of that version. 4. WHETHER IN CONTRACT. BUT NOT LIMITED TO. This product includes the Zend Engine. The name “PHP” must not be used to endorse or promote products derived from this software without prior written permission.php. The PHP Group may publish revised and/or new versions of the license from time to time. without prior written permission from group@php. Version 5. June 1991 Copyright (C) 1989. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. this list of conditions and the following disclaimer. 6.net.com>. OR CONSEQUENTIAL DAMAGES (INCLUDING. please see <http:// www. EXEMPLARY. For written permission. INCIDENTAL.php. THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES. You may also choose to use such covered code under the terms of any subsequent version of the license published by the PHP Group. DATA. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT. and Support Everyone is permitted to copy and distribute verbatim copies of this license document. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. When we speak of free software. we are referring to freedom. for each author's protection and ours. that you can change the software or use pieces of it in new free programs. Also. To prevent this. We protect your rights with two steps: (1) copyright the software. we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. too. For example. but changing it is not allowed. By contrast. Version 5. too. distribution and modification follow.) You can apply it to your programs.H Warranty. the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. Licensing. receive or can get the source code. These restrictions translate to certain responsibilities for you if you distribute copies of the software. any free program is threatened constantly by software patents. Preamble The licenses for most software are designed to take away your freedom to share and change it. Finally. distribute and/or modify the software. And you must show them these terms so they know their rights. The precise terms and conditions for copying. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING. in effect making the program proprietary. and that you know you can do these things. DISTRIBUTION AND MODIFICATION 348 Administrator Guide. and (2) offer you this license which gives you legal permission to copy. To protect your rights. you must give the recipients all the rights that you have. not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish). whether gratis or for a fee. or if you modify it. we want its recipients to know that what they have is not the original. You must make sure that they. we want to make certain that everyone understands that there is no warranty for this free software. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead. that you receive source code or can get it if you want it. if you distribute copies of such a program. so that any problems introduced by others will not reflect on the original authors' reputations.3 . If the software is modified by someone else and passed on. whose permissions for other licensees extend to the entire whole. a work containing the Program or a portion of it. You must cause any work that you distribute or publish. Licensing. to be licensed as a whole at no charge to all third parties under the terms of this License. they are outside its scope. But when you distribute the same sections as part of a whole which is a work based on the Program.Warranty. that in whole or in part contains or is derived from the Program or any part thereof. you must cause it. Version 5. your work based on the Program is not required to print an announcement. and Support H 0. 2. If the modified program normally reads commands interactively when run. to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else. keep intact all the notices that refer to this License and to the absence of any warranty. Administrator Guide. You may charge a fee for the physical act of transferring a copy. You may modify your copy or copies of the Program or any portion of it. thus forming a work based on the Program. translation is included without limitation in the term "modification". saying that you provide a warranty) and that users may redistribute the program under these conditions. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. the distribution of the whole must be on the terms of this License. either verbatim or with modifications and/or translated into another language. c. provided that you also meet all of these conditions: a. If identifiable sections of that work are not derived from the Program. and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). and give any other recipients of the Program a copy of this License along with the Program. Activities other than copying. and its terms. and thus to each and every part regardless of who wrote it. in any medium. (Hereinafter. The act of running the Program is not restricted. when started running for such interactive use in the most ordinary way. and you may at your option offer warranty protection in exchange for a fee. and copy and distribute such modifications or work under the terms of Section 1 above. distribution and modification are not covered by this License. and telling the user how to view a copy of this License. and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say. refers to any such program or work. (Exception: if the Program itself is interactive but does not normally print such an announcement. The "Program". You may copy and distribute verbatim copies of the Program's source code as you receive it.) Each licensee is addressed as "you". and can be reasonably considered independent and separate works in themselves. do not apply to those sections when you distribute them as separate works. 1.) These requirements apply to the modified work as a whole.3 349 . then this License. below. provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty. Whether that is true depends on what the Program does. b. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. H Warranty. Accompany it with a written offer. valid for at least three years. b. you indicate your acceptance of this License to do so. Any attempt otherwise to copy. and will automatically terminate your rights under this License. complete source code means all the source code for all modules it contains. and Support Thus. You are not required to accept this License. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer. nothing else grants you permission to modify or distribute the Program or its derivative works. plus any associated interface definition files.) The source code for a work means the preferred form of the work for making modifications to it. or. by modifying or distributing the Program (or any work based on the Program). 4. In addition. to give any third party. or. Accompany it with the information you received as to the offer to distribute corresponding source code. even though third parties are not compelled to copy the source along with the object code. Accompany it with the complete corresponding machine-readable source code. 350 Administrator Guide. since you have not signed it. from you under this License will not have their licenses terminated so long as such parties remain in full compliance. These actions are prohibited by law if you do not accept this License. under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a. However. modify. plus the scripts used to control compilation and installation of the executable. and so on) of the operating system on which the executable runs. or rights. the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler. kernel. unless that component itself accompanies the executable. for a charge no more than your cost of physically performing source distribution. then offering equivalent access to copy the source code from the same place counts as distribution of the source code. You may copy and distribute the Program (or a work based on it. 5. rather. to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. However. parties who have received copies. c. Version 5. However. distributing or modifying the Program or works based on it. the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. If distribution of executable or object code is made by offering access to copy from a designated place. modify. or distribute the Program except as expressly provided under this License. mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. it is not the intent of this section to claim rights or contest your rights to work written entirely by you. You may not copy. as a special exception. For an executable work. Therefore. which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. sublicense or distribute the Program is void. and all its terms and conditions for copying. in accord with Subsection b above.3 . sublicense. a complete machine-readable copy of the corresponding source code. 3. Licensing. Each version is given a distinguishing version number. If the Program does not specify a version number of this License. write to the author to ask for permission. 10. you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces. 8. For software which is copyrighted by the Free Software Foundation. the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. For example. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 9. it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues). distribute or modify the Program subject to these terms and conditions. you may choose any version ever published by the Free Software Foundation. if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you. this License incorporates the limitation as if written in the body of this License. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. which is implemented by public license practices. agreement or otherwise) that contradict the conditions of this License. then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. Such new versions will be similar in spirit to the present version. but may differ in detail to address new problems or concerns. this section has the sole purpose of protecting the integrity of the free software distribution system. If any portion of this section is held invalid or unenforceable under any particular circumstance. You are not responsible for enforcing compliance by third parties to this License. the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. conditions are imposed on you (whether by court order. Our decision will be Administrator Guide. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system. the recipient automatically receives a license from the original licensor to copy. Licensing. we sometimes make exceptions for this. If the Program specifies a version number of this License which applies to it and "any later version". If.Warranty. 7. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different. In such case. so that distribution is permitted only in or among countries not thus excluded. then as a consequence you may not distribute the Program at all. Each time you redistribute the Program (or any work based on the Program). write to the Free Software Foundation.3 351 . and Support H 6. Version 5. they do not excuse you from the conditions of this License. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER. License Terms: Use. Version 5. EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. USA. END OF TERMS AND CONDITIONS Sendmail This product (Dell KACE K1000 Management Appliance) includes software developed by Sendmail. b. BE LIABLE TO YOU FOR DAMAGES. NO WARRANTY 11. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Redistributions are made at no charge beyond the reasonable cost of materials and delivery. OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE. SENDMAIL LICENSE The following license terms and conditions apply. INCLUDING. TO THE EXTENT PERMITTED BY APPLICABLE LAW.3 . EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND. EITHER EXPRESSED OR IMPLIED. Modification and Redistribution (including distribution of any modified or derived work) in source and binary forms is permitted only if each of the following conditions is met: 1. REPAIR OR CORRECTION.. SPECIAL. Licensing. YOU ASSUME THE COST OF ALL NECESSARY SERVICING. CA 94608. Inc. INCLUDING ANY GENERAL. INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS). and Support guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. 12. or by electronic mail at
[email protected] Warranty. Emeryville. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. THERE IS NO WARRANTY FOR THE PROGRAM. Redistributions are accompanied by a copy of the Source Code or by an irrevocable offer to provide a copy of the Source Code for up to three years at the cost of materials and delivery. Redistributions qualify as “freeware” or “Open Source Software” under one of the following terms: a. Inc. unless a different license is obtained from Sendmail. modification. and redistribution of the Source Code under substantially the same terms as this 352 Administrator Guide. BUT NOT LIMITED TO. Such redistributions must allow further use. SHOULD THE PROGRAM PROVE DEFECTIVE. Fourth Floor. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE.com. 6425 Christie Ave. and Support H license. INC. Inc. and the disclaimer/limitation of liability set forth as paragraph 6 below. EXEMPLARY. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. (iii) Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. these license terms. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. Inc. All redistributions must comply with the conditions imposed by the University of California on certain embedded code. INCLUDING. whose copyright notice and conditions for redistribution are as follows: a. THE REGENTS OF THE UNIVERSITY OF CALIFORNIA OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT. INC. Version 5. 5. For the purposes of redistribution “Source Code” means the complete compilable and linkable source code of sendmail including all modifications. 6. 3. All rights reserved. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. this list of conditions and the following disclaimer. nor the University of California nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission. (ii) Redistributions in binary form must reproduce the above copyright notice. OR CONSEQUENTIAL DAMAGES (INCLUDING. INDIRECT. For the purposes of binary distribution the “Copyright Notice” refers to the following language: “Copyright (c) 1998-2003 Sendmail. Administrator Guide. 2. in the documentation and/or other materials provided with the distribution. BUT NOT LIMITED TO. Licensing. WHETHER IN CONTRACT.3 353 . Redistributions of source code must retain the copyright notices as they appear in each source code file.” Neither the name of Sendmail. and the disclaimer/limitation of liability set forth as paragraph 6 below. STRICT LIABILITY. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY SENDMAIL. b. The name “sendmail” is a trademark of Sendmail. LOSS OF USE. 1993 The Regents of the University of California. DATA. All rights reserved. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. INCIDENTAL.Warranty. Redistribution and use in source and binary forms. Redistributions in binary form must reproduce the Copyright Notice. with or without modification. 4.. BUT NOT LIMITED TO. Copyright (c) 1988. IN NO EVENT SHALL SENDMAIL. are permitted provided that the following conditions are met: (i) Redistributions of source code must retain the above copyright notice. these license terms. OR PROFITS. SPECIAL. AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. Inc. 3 . and Support 354 Administrator Guide.H Warranty. Licensing. Version 5. creating 234 license compliance 39 with scripts 167 alternate download location 128 AMP connection about 80 AMP Message Queue 80 AMP message queue 80 Apache software copyright 331 AppDeploy viewing live content 106 AppDeploy Live 106 enabling for your appliance 106 appliance administration overview 195 appliance agent logs 89 appliance revision level 30 applying the server update 201 Auto Provisioning 69 manual 196 bandwidth. 303 components finding 30 compression mode 9 138 computer detail page 87 computer details appliance agent logs 89 viewing by label 55 computer inventory detail page 87 computer notifications 86 computers 86 adding to inventory 89 inventory 83 searching for in inventory 85 statistics 29 configuration KACE K1200 35 policies 178 configuration polices about 178 configuration settings 35 configuring Dell OpenManage catalog updates 158 creating an LDAP label with the browser 211 creating computer notifications 86 creating IP scans 120 Custom Data Fields 94 Custom Inventory ID (rule) 273 D Daily Run Output 315 data retention 39 database tables 295 debugging logs Mac OS 309 Default Role 245 Delete a configuration 74 Dell Open Manage.3 355 . with Dell Updates tab 155 Dell Updates configuring the OpenManage catalog 158 patching.Index A active directory settings 192 adding software to inventory 92 Administering 259 administering Mac OS nodes 259 administration applying the server update 201 backing up data 196 disk logs. Version 5.tgz file 196 logs. replication replication bandwidth 151 C client bundle 78 clients check-in rate monitor 25 connection meter 27 Clients Connected Meter 27 command line deployment Linux agent 305 Mac OS agent 308 Windows agent 302. understanding 206 k1000_dbdata.gz file 196 k1000_file. accessing 203 restarting your appliance 202 restoring appliance settings 198 restoring factory settings 199 restoring most recent backup 198 troubleshooting 203 troubleshooting your appliance 203 updating appliance software 199 updating OVAL definitions 202 updating the license key 200 upgrading server software 196 verifying minimum server version 199 advanced search using for computer inventory 85 advanced search for software 91 agent running confirmation 309 agents about 16 operating system requirements 66 alert messages to users using 233 alert summary description 30 alerts AMP connection required for 233 broadcast 233 email 234 email. compared 156 replication 151 using to maintain your Dell systems 155 workflow 156 deployments compared with updates 156 desktop settings desktop shortcuts wizard 181 desktops settings enforcement 180 B backing up appliance data 196 backup files downloading 197 backups Administrator Guide. alternate 128 downloading backup files 197 Duplicate a configuration 74 E E-mail Alerts 234 enabling KACE K1000 appliances for switching between KACE K1000 consoles 51 environmental policies Mac OS 190 Windows 188 Event Log Reporter 181 exporting appliance resources 111 exporting resources to other organizations 116 EZ GPO copyright 334 computers. 84 service 102 software. 53 labels. adding 89 computers.3 . Version 5. remote troubleshooting 180 detection inventory term used instead 156 Digital Asset 95 disabling KACE K1000 links 51 disk logs understanding 206 Distribution Distributing Packages from the appliance 127 Distributing Packages through an Alternate Location 128 Types of Distribution Packages 126 distributions monitor 25 download location. creating with the browser 211 LDAP Browser Wizard 214 LDAP Easy Search 213 LDAP Filters 209 licence compliance configuring alerts 39 License Compliance 26 License Compliance Gauge 39 linking KACE K1000 appliances 50 H hardware inventory. creating 83 hardware specifications for KACE K1000 16 Home component 23 I importing KACE K1000 resources 111 inventory advanced search 85 agent logs 89 computer notifications 86 computers 84 computers detail page 87 356 Administrator Guide. searching for 85 creating smart labels 86 detection term used instead 156 overview 83.Index wallpaper 180 desktops. managing 91 startup programs 100 inventory tab using 83 IP addresses scanning for 119 IP scan 119 creating 120 overview 119 scheduling 119 IP scan inventory in the IP Scan chapter 84 IP Scan Smart Label 123 K K1000 software deployment components 17 K1000 Agent Update Update K1000 Agent Automatically 79 KACE K1000 components 15 configuration settings 35 hardware specifications 16 installing 15 server. 53 LDAP labels 32. setting up 18 setting up 15 KACE K1000 appliance linking about 49 configuring 49 KACE K1000 appliances linking 50 KACE K1000 Modules 21 KACE K1200 configuration 35 KNOPPIX copyright 339 KScripts about 162 F file synchronizations 143 creating 143 filters computers by organizational unit 87 data filters 249 organization filter 253 testing 253 for computer inventory 86 FreeBSD copyright 335 FTP making backups writable 44 G getting started 15 L Label Groups 59 Labels 105 Label Groups 59 labels 53 Labels tab overview 32. 3 357 . compared 156 replicating language patches 151 replicating OS patches 151 updating patch definitions from KACE 201 path bulletin information description 30 PHP copyright 346 policies configuration 178 Mac OS-based 189 Windows-based. 42 Network Utilities 52 nodes check-in rate 25 O Offline KScripts 162 Online KScripts 162 alerting users with 167 online shell scripts about 163 Open Manager Dell maintenance 155 OpenSSL copyright 344 operating system requirements 66 Organization File Shares 45 organization filter 253 Organizational Components 17 Organizational Filters 248 LDAP Filter 249 organizational filters data filters 249 Organizational Management 237 upgrading KACE K1000 software with 31 Organizational Roles 245 Organizations 237 organizations transferring KACE K1000 resources between 115 OVAL information (description of field) 30 P packages enabled and disabled 29 patch agent 78 patching Dell Updates. 309 checking into active directory 193 debugging logs 309 manual agent version check 309 manual inventory check 309 manually removing agent 308 verifying agent 309 Mac OS policies enforce active directory settings 192 Mac OS Users Distribution 260 Inventory 259 Patching 263 Macintosh 259 manual deployment of KACE K1000 appliance agent on 308 make FTP writable 44 managed installation 129 managed installations EXE example 137 Linux examples 139 Mac OS nodes 260 Macintosh examples 143 MSI Example 134 parameters 129 standard RPM Example 139 standard TAR.Index disabling links 51 enabling 50. 303 Manual Deployment of KACE K1000 appliance agent 301 MIA inventory 104 MIA Computers 104 MIA Settings 104 Microsoft Windows copyright 344 MSI Installer policy 182 M Mac OS 259 administering 259 distribution tab differences 260 examples of common deployments on 260 inventory tab differences 259 managed installation for 260 patching tab differences 263 policies 189 power management 190 supported OSs 259 supported releases 66 VNC Settings for 192 Mac OS nodes 308.GZ Example 142 Windows platform 130 ZIP example 137 Managed Operating Systems 27 managing your MIA inventory 104 managing your processes inventory 97 managing your service inventory 102 managing your software inventory 91 managing your startup program inventory 100 manual backups 196 manual deployment Linux Agent 305 N network scan summary description 30 Network Settings 40. using 179 Port 443 45 Administrator Guide. 51 Linux manual deployment of KACE K1000 appliance agent on 305 log files script 177 Login Script 301 logs agent logs 89 Mac OS agent 308 Windows agent 302. Version 5. 321 running 221. managing 102 Service Desk overview 16 session timeout about 36 resetting 36 setting up your KACE K1000 series 15 setting up your KACE K1000 server 18 shell scripts 163 single sign-on 51 configuring 49 enabling 50. 86 software R Redirecting computer(s) 254 Refiltering computer(s) 253 registry settings Windows. editing 328 resources exporting 116 transferring 111 restoring appliance settings 198 revision of KACE K1000 software 30 Run As feature 167 run as Wizards 179 Run Now function 174 358 Administrator Guide. 222. 51 Smart Labels creating 60. for 179 remote desktops behavior 180 replication copying schedules replication schedules importing 152 Dell Updates 151 language patches 151 OS patches 151 scheduling 151 stopping 152 replication schedule 151 replication share 148 details 152 procedure to create 149 replication shares deleting 152 Report Wizard limitations 328 reports 221. about 97 Provisioning Results 75 provisioning results page 75 Run Now tab using to run scripts 175 running classic reports 321 running reports 221 S Samba copyright 347 SAMBA share using to transfer resources between KACE K1000 appliances 111 scanning networks for IP addresses 119 scheduling IP scans 119 scripting adding steps to 265 tasks you can automate 162 scripting component Search Logs 177 scripting module overview 161 scripts adding 166 adding steps to 265 alerts with 167 duplicating 174 editing 172 importing 173 log files 177 online shell scripts 163 reusing 174 Run Now function 174 running as local admin 167 running as user 167 running immediately 174 token replacement variables 165 Windows registry settings 179 Windows-based policy Wizards 179 searching for computers in your inventory 85 searching for using computer notifications 86 Security Settings 44 Sendmail copyright 352 servers tasks in progress 28 service inventory. 61 editing 61 IP Scan 123 ordering 62 smart labels 53.Index Port 80 45 Power Management windows 188 Windows configuration 189 power management Mac OS 190 retaining information about 39 processes inventory.3 . Version 5. 321 creating a new SQL report 228 creating and running 223 creating using Report Wizard 225 define email notifications 231 delete a scheduled reports 233 duplicating an existing report 229 editing an existing report 229 format types 222 layout 223 overview 221. 322 schedule time report runs 232 scheduling 229 select a report if starting from the Schedule icon 230 select a report if starting from the Schedule Reports tab 230 SQL. 321. Index inventory. file 143 System Admin Console Users 243 system console 16 System requirements 66 User Authentication 215 users time limit on sessions 36 utility rebates Mac OS 190 Windows 188 V verifying minimum server version 199 viewing computer details by label 55 VNC controlling on Mac OS X 192 VNC settings Mac OS policies 192 W Wake-on-LAN overview 146 request. 321 U UltraVNC Wizard 184 Unpacking the Appliance 18 updates compared with deployments 156 Dell Updates and patching 156 updating OVAL definitions 202 updating the license key 200 upgrades. computer 29 statistics. Version 5. 303 Power Management 188 Windows Debugging 204 Windows operating system requirements 66 Windows policies 179 enforce registry settings 179 WinZip compression levels 138 T Tasks In Progress 28 time limit on open inactive user sessions 36 token replacement variables 165 transferring appliance resources between organizations 115 transferring resources about 111 transferring resources between KACE K1000 appliances 111 troubleshooting remote desktops 180 Wake-on-LAN 147 Troubleshooting Tools 51 troubleshooting your appliance 203 types of reports 221. issuing 146 scheduling requests 147 troubleshooting 147 wallpaper controlling 180 warranty Information 331 Windows Automatic Update Settings 186 configuring Power Management 189 manual deployment of KACE K1000 appliance agent on 302. KACE K1000 31 upgrading your appliance 196 uploading files to restore settings 198 uploading large FTP files troubleshooting 44 user alert messages about 233 Administrator Guide.3 359 . software 29 Steps for Task sections 265 support information AppDeploy 106 synchronizations. managing 100 statistics. creating 83 statistics 29 un-installer 186 Software Asset 94 Software Deployment Components 17 software deployment components 17 software distribution summary 29 software inventory 91 software revision level 30 Software Threat Level 26 software threat level graph 26 SQL editing 328 SSL Certificate File 45 SSL Certificate Wizard 45 start and stop the agent 308 Startup 100 startup inventory. Index 360 Administrator Guide.3 . Version 5.