0% found this document useful (0 votes)

929 views

K1000 AdminGuide

Uploaded by

jt_bak

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

929 views

K1000 AdminGuide

Uploaded by

jt_bak

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 328

K1000 Management Appliance Administrator Guide

Release 5.2

2004-2011 Dell, Inc. All rights reserved. Information concerning third-party copyrights and agreements, hardware and software warranty, hardware replacement, product returns, technical support terms and product licensing is in the KACE End User License agreement accessible at: http://www.kace.com/license/standard_eula

Revision Date: January 28, 2011

Contents
1: Getting Started 1
About this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 About this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Understanding the KACE K1000 Appliance components . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Hardware specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Software deployment components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 To set up your K1000 Management Appliance server . . . . . . . . . . . . . . . . . . . . . . . . . . 3 DNS Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Configuring network settings from the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Logging in to the Administrative Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Using the KACE K1000 Appliance components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Using Home. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Guided Tours . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Node Check-In Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Software Threat Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 License Compliance Gauge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Clients Connected Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Managed Operating Systems Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Tasks in Progress Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 To view the Summary Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 To Find Your Software Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Updating Your Appliance Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 To upgrade software without using Organizational Management . . . . . . . . . . . . . 17 To upgrade software for Organizational Management users . . . . . . . . . . . . . . . . 17 Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Whats Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2: Configuring your Appliance

19
19 19 23 23 24 25 26 28 29 29 31 31 31 32 32

Key configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure general settings for the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . List of open ports required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Network Settings for the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure the Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Security Settings for the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To generate an SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Agent Messaging Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Agent Messaging Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring date and time Settings of the appliance server . . . . . . . . . . . . . . . . . . . . . . . . To configure Date & Time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Single Sign-on for multiple appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To enable linking of appliances for single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . To link appliances for single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.2

Contents

To disable appliance links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To access the K1000 Troubleshooting Tools page . . . . . . . . . . . . . . . . . . . . . . . . . . . To use Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

33 33 33 34

3: Labels and Smart Labels

35
35 36 36 37 38 38 39 39 40 41 41 42 42 42 43 44 44

About Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Computer Details by Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view label details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add or edit a new label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About Label Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view Label Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About Smart Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To change the Smart Label Run Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Whats Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4: Agent Provisioning

45
45 46 47 47 47 48 48 48 49 52 55 58 58 58 59 60 61 61 61 61

Overview of first time agent provisioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System requirements for agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing to provision the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling file sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing for Windows Platform provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Single Machine Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To deploy the agent on a single machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advanced Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a new item using Auto Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a new item using Manual Provisioning by IP . . . . . . . . . . . . . . . . . . . . . . . . . . To add a new item using Manual Provisioning by Hostname . . . . . . . . . . . . . . . . . . . To run provisioned configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To duplicate a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Deploying Agents from a Network Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Provisioned Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To enable a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To disable a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.2

Contents

Using the Provisioning Results Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view Provisioning Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing K1000 Agent Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view agent tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K1000 Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure an agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To troubleshoot nodes that fail to appear in Inventory . . . . . . . . . . . . . . . . . . . . . . . . . K1000 Agent Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To update the agent automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upload platform-specific agent patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating with a client bundle. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To update agents using a client bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To troubleshoot the SMMP Management Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . AMP Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view AMP Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a message queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

62 62 63 64 64 64 66 68 68 69 69 70 70 71 71 72 72

5: Managing Software and Hardware Inventories

75
75 76 77 77 77 78 78 79 79 81 81 81 82 83 83 83 84 84 84 85 85 87 87 87 87 87 88

Inventory Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Searching for Computers in Your Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Advanced Search for Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating Smart Labels for Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . Searching for Computers by Creating Computer Notifications . . . . . . . . . . . . . . . Filtering Computers by Organizational Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Computer Inventory Detail Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Appliance Agent Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Advanced Search for Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Software to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding software automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add software to Inventory manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create software assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Custom Data Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Attaching a Digital Asset to a Software Item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To attach a digital asset to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To remove a label from a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To categorize a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.2

iii

Contents

To set threat level to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your Processes Inventory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view process details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To disallow processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To remove a label from a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To categorize a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To set threat level to a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To meter a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your Startup Program Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view Startup detail information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To remove a label from a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To categorize a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To set threat level to a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your Service Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view service detail information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To remove a label from a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To categorize a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To set a threat level to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your MIA (Out-Of-Reach Computer) Inventory . . . . . . . . . . . . . . . . . . . . . . . . . Configuring the MIA Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure the MIA settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete an MIA computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to an MIA computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the AppDeploy Live Application Information Clearinghouse . . . . . . . . . . . . . . . . . . . Enabling AppDeploy Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing AppDeploy Live content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view AppDeploy Live information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

88 88 88 89 89 89 89 90 90 90 90 90 91 91 91 91 92 92 92 93 93 93 93 93 93 94 94 94 94 94 95 95 95 95

6: Importing and Exporting Appliance Resources

About importing and exporting resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Transferring resources using a SAMBA share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Export resources from one appliance to another using SAMBA shares . . . . . . . . . . . 98 Transferring resources between Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Exporting resources to Other Organizations on an appliance . . . . . . . . . . . . . . . . . . 102 Importing resources from another organization on your appliance . . . . . . . . . . . . . . 103 Import software components from another organization . . . . . . . . . . . . . . . . . . . 103

Administrator Guide, Version 5.2

Contents

7: Scanning for IP Addresses

105
105 105 105 106 106 106 108 108 108 109

IP Scan Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Scheduled Scans list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an IP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an IP scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To search network scan results on the basis of status fields . . . . . . . . . . . . . . . . . . . IP Scan Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To dynamically identify the network scan results . . . . . . . . . . . . . . . . . . . . . . . . To edit the order value of IP Scan Smart Labels . . . . . . . . . . . . . . . . . . . . . . . . .

8: Distributing Software from Your K1000 Management Appliance

111
111 112 113 113 113 114 114 115 115 115 116 116 119 120 120 123 123 123 124 125 128 128 129 129 129 129 132 132 132 132 133 133 134

Distribution Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Distribution Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributing Packages from the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ensuring that Inventory item package names match . . . . . . . . . . . . . . . . . . . . . . Distributing Packages from an Alternate Location . . . . . . . . . . . . . . . . . . . . . . . . . . . When to use a replication share or an alternate download location. . . . . . . . . . . . . . Managed Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installation parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To determine supported parameters for the .msi file . . . . . . . . . . . . . . . . . . . . . . Creating a managed installation for the Windows platform . . . . . . . . . . . . . . . . . . . . To create a managed installation for Windows platforms . . . . . . . . . . . . . . . . . . Examples of common deployments on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard MSI example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for an .msi file . . . . . . . . . . . . . . . . . . . . . . . . . Standard EXE Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard ZIP Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for a .zip file . . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for an .rpm file . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard TAR.GZ Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for a tar.gz file: . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Mac OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . File Synchronizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a file synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a file synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wake-on-LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wake-on-LAN feature overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Issuing a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To issue a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To schedule a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting Wake-on-LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.2

Contents

Preparing to create a replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Working with your replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view replication share details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Dell Systems with Dell Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding the Differences between Patching and Dell Updates . . . . . . . . . . . . Dell Client and Server Upgrade workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Dell OpenManage Catalog Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

135 135 137 138 138 139 139 140

9: Using the Scripting Features

143
143 145 145 146 147 148 148 152 154 154 154 154 154 155 155 156 156 157 157 157 158 158 158 159 160 160 161 161 161 161 162 162 162 162 163 163

Scripting Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Order of downloading script dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Appliance Default Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Token Replacement Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add an Offline KScript or Online KScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add an Online Shell Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Editing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a script from the Scripts page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a script from the Scripts Edit page . . . . . . . . . . . . . . . . . . . . . . . . . . . . Importing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To import an existing script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Duplicate an existing Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Run Now function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run scripts using the Run Now tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run Now from the Script Detail page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To use the Run Now function from the Scripts Lists Page . . . . . . . . . . . . . . . . . Monitoring Run Now Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run Now Detail Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Searching the Scripting Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To search scripting logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About the Configuration Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Windows-based Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Registry Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Desktop Control Troubleshooter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To troubleshoot remote behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a policy to enforce Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . Desktop Shortcuts Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create scripts to add shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Event Log Reporter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an Event Log query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MSI Installer Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create the MSI Installer policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.2

Contents

UltraVNC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Un-Installer Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an uninstaller script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Automatic Update Settings policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To modify Windows Automatic Update settings . . . . . . . . . . . . . . . . . . . . . . . . . To start the Automatic Windows Update on a node . . . . . . . . . . . . . . . . . . . . . . Power Management Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About monitoring power use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Mac OS Configuration-based Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Power Management Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce VNC Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Active Directory Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

165 166 166 167 167 167 168 168 168 169 169 170 171

10: Maintaining Your K1000 Management Appliance

173
173 174 174 174 174 175 175 175 176 176 176 176 176 176 177 177 177 178 178 178 179 179 179 179 179 180 180 180 180 181 181

K1000 Management Appliance maintenance overview. . . . . . . . . . . . . . . . . . . . . . . . . . . Upgrading your appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upgrade your K1000 Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . Backing up K1000 Management Appliance data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run the appliance backup manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downloading backup files to another location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To change backup file location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To access the backup files through ftp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restoring K1000 Management Appliance settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restoring from most recent backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To restore from the most recent backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Uploading files to restore settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upload backup files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restoring to factory settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To restore to factory settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating K1000 Management Appliance software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To verify the minimum server version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating the license key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating your Dell KACE K1000 Management Appliance license key . . . . . . . . Applying the server update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply the server update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To verify the upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating patch definitions from KACE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To update the patch definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete patch files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Reboot and shut down KACE K1000 Appliances . . . . . . . . . . . . . . . . . . . . . . Updating OVAL definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To update the OVAL and patch definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting K1000 Management Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accessing K1000 Management Appliance logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downloading log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.2

vii

Contents

To download Dell KACE K1000 Management Appliance logs . . . . . . . . . . . . . . Windows debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To log on to the AMP service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Disk Status log data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

181 182 182 183

11: LDAP

187
About LDAP Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an LDAP Label Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an LDAP Label with the Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using LDAP Easy Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the LDAP Browser Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To use the LDAP Browser Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Automatically Authenticating LDAP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure the appliance for user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . To schedule a User Import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 188 189 190 191 191 193 193 195

12: Running the K1000 Appliance Reports

199
199 200 200 200 202 204 204 205 206 206 207 207 207 207 208 208

Reporting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report using the table presentation type . . . . . . . . . . . . . . . . . . . . . To create a new report using the chart presentation type . . . . . . . . . . . . . . . . . . To duplicate an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report from scratch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a report using SQL Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Scheduling Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a report schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run a schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Alert Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Create a Broadcast Alert Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-mail Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an e-mail Alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

13: Using Organizational Management

209
209 209 209 210 211 213 214 215 215

Overview of Organizational Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Default Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and editing Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To troubleshoot nodes that fail to show up in Inventory . . . . . . . . . . . . . . . . . . . To edit an organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete an organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing System Admin Console users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

viii

Administrator Guide, Version 5.2

Contents

To delete a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To change the password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organizational Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Default role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and editing Organizational Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To duplicate a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organizational Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Organizational Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a data filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a LDAP filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advanced Search. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Test and Organization Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To test an organization filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Refiltering Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To refilter computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Redirecting Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To redirect computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

216 216 217 217 217 217 218 219 219 220 220 220 221 222 223 223 223 223 224 224 224 225 225 225 225

A: Administering Mac OS Nodes

229
229 230 230 230 234

Mac OS Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributing Software to Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Mac OS . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for Mac OS nodes . . . . . . . . . . . . . . . . . . . . . Patching Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B: Adding Steps to a Script

235

Adding Steps to Task Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

C: Writing Custom Inventory Rules

241
241 241 242 243 244 244 244
ix

Understanding Custom Inventory Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a Custom Inventory rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How Custom Inventory Rules are implemented. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding rule syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Function syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Argument syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for conditions (Conditional rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administrator Guide, Version 5.2

Contents

Conditional rule reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying if a Condition exists (Exists rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Evaluating node settings (Equals rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Comparing node values (Greater and Less Than rules) . . . . . . . . . . . . . . . . . . . Testing for multiple conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for multiple true conditions (AND) . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for one true condition (OR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting values from a node (Custom Inventory Field) . . . . . . . . . . . . . . . . . . . . . . . . . . . . Value Return rule reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting File Information values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting Registry key values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting PLIST values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting multiple values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Matching file names with Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Regular Expression Rule Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining rule arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Finding a path or file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Finding a registry key and entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying a version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying environment or user variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying a file attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Windows file attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Testing for Linux and Mac file attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying the datatype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying values to test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying the name of a registry entry (Windows only) . . . . . . . . . . . . . . . . . . . Specifying a PLIST key (Mac only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using a regular expression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

245 247 248 249 250 250 251 251 252 252 253 253 254 254 255 255 257 257 258 258 258 258 258 259 260 261 261 261 261 262 262

D: Database Tables

263

K1000 Management Appliance Database Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

E: Manually Deploying Agents

269
269 269 269 270 270 270 271 272

Overview of manual deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manually installing the 5.1 Agent on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manually install the 5.1 Agent on Windows using the Install wizard . . . . . . . . . . . . . Installing the 5.1 Agent on Windows using command lines . . . . . . . . . . . . . . . . . . . . Manually installing the 5. 2 Agent on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manually install the 5.2 Agent on Windows using the Install wizard . . . . . . . . . . . . . Manually install the 5.2 Agent on Windows using command lines. . . . . . . . . . . . . . . Installing and Configuring the 5.1 Agent on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.2

Contents

To upgrade the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To remove the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Additional options for the 5.2 Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying Deployment of the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To start and stop the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check whether the agent is running . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check the version of the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To perform an Inventory check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Linux Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To log on to the AMP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Edit the SMMP configuration file: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Install and Configure the 5.1 Agent on Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . To upgrade the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To remove the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying deployment of the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To start or stop the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check if the agent is running . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check the version of the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To perform an Inventory check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Macintosh Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Edit the SMMP configuration file: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using shell scripts to install the 5.2 Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

272 273 273 273 273 273 273 274 274 274 274 275 276 276 276 276 276 277 277 277 277 278

F: Understanding the Daily Run Output G: Warranty, Licensing, and Support

279 285
285 285 285 288 289 289 293 297 298 298 298 299 300 301 302 306

Warranty And Support Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Third Party Software Notice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EZ GPO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FreeBSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preamble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Knoppix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NO WARRANTY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Microsoft Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OpenSSL License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Original SSLeay License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preamble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.2

Contents

Index

309

xii

Administrator Guide, Version 5.2

1
Getting Started

This chapter starts with an overview of this guide and the Dell KACE K1000 Management Appliance interface components. The chapter then explains how to install and set up your K1000, and finally it provides an overview of the K1000 Management Appliance Administrator Console Home page features.

About this guide, on page 1. About this chapter, on page 1. Understanding the KACE K1000 Appliance components, on page 1. Using the KACE K1000 Appliance components, on page 6. Using Home, on page 8. Whats Next, on page 18.

About this guide

This guide explains how to install, set up, configure, and use the Dell KACE K1000 Management Appliance.

About this chapter

This chapter explains how to install and set up your K1000 Management Appliance from unpacking through Initial Konfiguration. When finished, you will see the appliance Administrator Portal, the web page from which you configure and use your appliance. At that point, this chapter provides an overview of the Administrator Portal. Before you can use your appliance, you need to configure it. This section provides an introduction to your appliance and an overview of the total system management workflow. This section also lists the basic administrative procedures and the best practices for system management.

Understanding the KACE K1000 Appliance components

Your appliance includes of the following components:
Administrator Guide, Version 5.2 1

Getting Started

Administrator ConsoleIt is used by administrators to control the K1000 Management Appliance. It is accessible by browsing to http://k1000_hostname/ admin. This portal is a web-based interface to access and direct the functionality and capabilities within your company. The administrator console provides access to the following components: Inventory Management Software Distribution Reporting K1000 Settings Asset Management Scripting Security Service Desk

2. 3.

System ConsoleAn interface designed primarily to enforce the policies across organizations. AgentThe K1000 Management Appliance technology that sits on each desktop that the appliance manages. It includes an application component that manages downloads, installations, and desktop inventory. The agent also includes the appliance Agent Management Service that initiates scheduled tasks such as inventory or software updates. Service DeskIt makes software titles available to users on a self-service basis. The Service Desk doesnt replace traditional push software distribution (as is handled by the Administrator Console and the agent). You can change or customize the Service Desk name. The Service Desk provides: A repository for software titles that are not required for all users. A way for users to submit and track Service Desk (or Service Desk tickets). Assistance for users in routine tasks like software installation and getting help from the Knowledge Base.

Service Desk is accessible by browsing to http://k1000_hostname.

Hardware specifications
The K1000 Management Appliance include a high-performance server with the following hardware configuration: Hardware Form Factor Dimensions (inches) CPU in Gigahertz (K1000 Management Appliance) K1100 19 in 1U Rack mount chassis 1.7 X 17.2 X 19.8 2 Xeon Quad Core (2 GHz) K1200 19 in 1U Rack mount chassis 1.7 X 17.2 X 25.6 2 Xeon Quad Core (2 GHz)

Administrator Guide, Version 5.2

Getting Started

Hardware Memory in Gigabyte (GB) Ethernet Ports Redundant Disk Array Hot-swappable Hard Drives Power Supply 4 GB

K1100 8 GB

K1200

Dual Gigabit Ethernet Ports RAID 5 configuration

3 X 250 GB ATA (SATA) 7.2K RPM 5 X 300 GB Serial Attached SCSI (SAS) 10K RPM 520 Watts, 100 - 240 VAC Dual Redundant 650 Watts, 100 - 240 VAC

Software deployment components

This section describes the packages that can be deployed by the server on the agents. The K1000 Management Appliance supports several types of distribution packages, and this section lists the components used for deployment of packages:

Managed Installations can be configured by the administrator to run silently or with user interaction. Within a Managed Installation Definition the administrator can define install, uninstall, or command-line parameters. See Managed Installations, on page 115 for more information. File Synchronization is another way to distribute content to computers with the agent software. Unlike Managed Installations, File Synchronization is used to distribute files that need to be copied to a users machine without running an installer. See File Synchronizations, on page 129 for more information. Service Desk Packages are earmarked by administrators for user self-service. Many Dell customers use the portal for handling occasional user applications, print drivers, and so on. You also can use the Service Desk to resolve installation issues by allowing users to download and install fixes. See the Service Desk Administrator Guide for detailed information. Agent is a special tab to manage the appliance agent. See Chapter 4: Agent Provisioning, starting on page 45, for details on how to configure and perform these tasks. MSI Installer Wizard creates a policy and helps you set the basic command line arguments for running MSI based installers. The wizard generates a script used for installing or removing the software. See MSI Installer Wizard, on page 163, for more details.

The package types are mostly setup.msi or setup.exe files. The sections that follow describe how to configure the K1000 Management Appliance to meet the needs of your company.

To set up your K1000 Management Appliance server

This section describes how to set up the K1000 Management Appliance after the appliance has been properly installed in its rack.

Administrator Guide, Version 5.2

Getting Started

DNS Considerations
The K1000 Management Appliance requires its own unique static IP address. By default its hostname is kbox. Whatever name used should be specified in the appropriate A record created in your internal Domain Name System (DNS) server. An MX record containing the hostname defined by the A record is required so that the users can e-mail tickets to the Service Desk. A Split DNS is required if the appliance is connected to the Internet using a reverse proxy or by being placed in the DMZ (demilitarized zone or Screened Subnet). A DMZ adds an additional layer of security to a LAN (Local Area Network).

Configuring network settings from the console

1. 2. To access the console, connect a monitor and keyboard directly to the appliance, but do not connect a network cable at this time. Power on the appliance. The appliance requires 5 to 10 minutes to start up for the first time.

At the login prompt, enter: Login ID: konfig Password: konfig Modify the following settings using the Up and Down arrow keys to move between fields. Field Description Enter the host name of the appliance. The default setting is kbox. (Recommended) Enter the fully-qualified domain name (FQDN) of the appliance on your network. This is the value of Hostname concatenated with Domain (for example, appliance.kace.com). Clients connect to the K1000 using the Web Server Name. We recommend adding a DNS host record matching the K1000 Web Server Name chosen during this setup. (Required) Enter the IP address of the appliance server. Enter the domain that the appliance is on. Enter your subnet mask. Enter the network gateway for the appliance server. Enter the IP address of the primary DNS server the appliance uses to resolve hostnames. Enter the IP address of the secondary DNS server if needed.

K1000 Server (DNS) Hostname K1000 Web Server Name

Static IP Address Domain Subnet mask Default gateway Primary DNS Secondary DNS

Administrator Guide, Version 5.2

Getting Started

Field Network Speed SMTP Server SSH Enabled Proxy 4.

Description User the Right arrow key to select from the available speeds if you need to change the default. To enable email notifications, specify an SMTP server, enclosing the IP address with square brackets []. Permits console access to the K1000. Use the Right arrow key to enable. Enter any necessary proxy information.

Press the Down arrow to move the cursor to Save, and then press Enter or Return. The appliance restarts.

While your appliance reboots, connect an Ethernet cable into the port labeled Gb 1 and to a switch on your network.

Logging in to the Administrative Console

After the basic network configuration is complete, you can log in to the Administrative Console from any computer on the Local Area Network (LAN) using a web browser. 1. 2. Open a web browser. Enter the appliance Administrative Console URL: http://k1000_hostname/admin The Initial Konfiguration page appears.

Enter the license key (including dashes) that you in received in the welcome email from Dell KACE.

Administrator Guide, Version 5.2

Getting Started

If you cannot find your license key, contact Dell KACE Customer support at www.kace.com/support. 4. 5. 6. 7. Enter a secure and unique password for the admin account. Enter the name of your company or organization. Select the timezone for your K1000 location. Click Apply Settings and Reboot. The appliance restarts. 8. 9. When the appliance has restarted, refresh the browser page. After accepting the EULA, log in using the username admin and the password you chose.

You are now ready to start using the Administrator Interface. The following sections explain the various K1000 Management Appliance feature components. You can restore the factory settings of the appliance. For more information, refer to Restoring to factory settings, on page 176.

Using the KACE K1000 Appliance components

Depending upon your options, these components are available on your appliance:

Administrator Guide, Version 5.2

Getting Started

The components are illustrated above, and the tabs are as follows: Component Home Sub-tabs Guided Tour Summary Labels Search Used to... Manage labels, which are a method for grouping machines, software, people, and so on. You can also have labels dynamically assigned by using Smart Labels. Provide overview statistics of your running processes. Also includes guided tours for learning more about your K1000 Management Appliance. Administer the hardware and software managed by your appliance.

Inventory

Computers Software Processes Startup Service IP Scan MIA Assets Asset Types Asset Import Metering

Asset (Asset Management)

Track computers and other physical assets, such as software, printers, and so on. Also used to: Determine software compliance. Establish relationships between assets (using logical assets). Meter actual software usage. For more information, see Asset Management Guide.

Distribution

Remote software distribution and administration, Managed Installation including iPhones and Dell OpenManage updates. File Synchronization Wake-on-LAN Replication iPhone (optional iPhone Management) Dell Updates Scripts Run Now Run Now Status Search Logs Configuration Policy Security Policy Patching OVAL Secure Browsers. Automate system administration tasks.

Scripting

Security

Reduce the risks from malware, spyware, and viruses. For more information about patching and security, see Patching and Security Guide.

Administrator Guide, Version 5.2

Getting Started

Component Service Desk (Can be renamed)

Sub-tabs Tickets Software Library Knowledge Base Users Roles Configuration Reports Schedule Reports Alerts Email Alerts Control Panel K1000 Agent Resources Support N/A

Used to... Provide a repository for software resources and documentation for your users to access and download. Provides a full-featured service desk system for creating and tracking Service Desk tickets. Run pre-packaged reports and report-creating tools to monitor your appliance implementation.

Reporting

Settings

Administer your appliance implementation.

Organization (Organizational Management) Global Search

Divide your appliance implementation into different logical organizations that you administer separately. Search your appliance for terms you enter.

N/A

Using Home
The Home component includes tabs for:

Guided Tours, on page 8 Summary, on page 8 Label, on page 17 Search, on page 18

Guided Tours
Tutorials that help you learn the appliance by walking you through some of basic tasks. The Guided Tours supplement, but dont replace, Boot Kamp and documentation.

Summary
The K1000 Summary page provides information about the configuration and operation of your appliance. When you log on to the Administrator Console, the Home component displaying the Summary tab appears by default.

Administrator Guide, Version 5.2

Getting Started

The top of the K1000 Summary page provides updated news and popular FAQ information about your Dell KACE K1000 Management Appliance:

Below the Summary are dashboard meters and graphs to give you a quick view of your appliance status:. The scales on the Summary page gauges adjust automatically.

Administrator Guide, Version 5.2

Getting Started

Node Check-In Rate

Displays the total number of nodes that have checked into the server in the past 60 minutes.

Distributions
Displays the number of managed installations, scripts, and file synchronizations that are enabled. This also displays the number of alerts that you have configured.

Administrator Guide, Version 5.2

Getting Started

Software Threat Level

Displays the various threat levels for software installed on various machines.

License Compliance Gauge

Displays the number of machines that use a particular licensed software. For example, the following figure displays a licensed software Adobe flash player 9, which can be installed on 1000 machines. In this example, this software is used by 12 machines. This display can use different colors for license types that are ignored (for example, freeware) and licenses that are approaching or at 100% usage. For general information about assets and license compliance, see Asset Management Guide. To change this configuration, see To configure general settings for the server, on page 19.

Administrator Guide, Version 5.2

Getting Started

Clients Connected Meter

Displays the percentage of nodes connected to the server.

Managed Operating Systems Chart

Displays various operating systems present in the inventory in percentage as a pie chart.

Administrator Guide, Version 5.2

Getting Started

Tasks in Progress Chart

Displays the total number of tasks in progress on server.

To view the Summary Details

1. Click Home > Summary. The Summary page appears. 2. Scroll down, and then select the View Details button at the bottom of the page:

Administrator Guide, Version 5.2

Getting Started

The K1000 Summary Details page appears:

The following sections describe summary details sections. Each organization has its own summary details. Summary Section Computer Statistics Description The computers on your network, including a breakdown of the operating systems in use. In addition, if the number of computers on your network exceeds the number allowed by your Dell KACE K1000 Management Appliance license key, you are notified of it here. The software in Inventory. The summary the number of software titles that have been uploaded to the appliance. The packages that have been distributed to the computers on your network, separated out by distribution method. The summary also indicates the number of packages that are enabled and disabled.

Software Statistics Software Distribution Summary

Administrator Guide, Version 5.2

Getting Started

Summary Section Alert Summary

Description The alerts that have been distributed to the computers on your network, separated by message type. This also indicates the number of alerts that are active and expired. The IT Advisory refers to the number of Knowledge Base articles in Service Desk. The patches received from Microsoft, Apple, and so on. The summary includes the date and time of the last patch (successful and attempted), total patches, and total packages downloaded. The OVAL definitions received and the number of vulnerabilities detected on nodes in your network. The summary includes the date and time of the last OVAL download (successful and attempted) and the number of OVAL tests in the appliance, in addition to the numbers of computers scanned. The results of Network Scans run on the network, including the number of IP addresses scanned, the number of services discovered, the number of devices discovered, and the number of detected devices that are SNMP-enabled. As this page is refreshed, the record count information is refreshed. New K1000 Management Appliance installations mostly contain zero or no record counts.

Patch Bulletin Information OVAL Information

Network Scan Summary

To Find Your Software Version

The About K1000 link in the lower-left side of the K1000 Management Appliance window brings up KACE software information including:

The software revision level.

Administrator Guide, Version 5.2

Getting Started

A list of all of the appliance components that are running:

Updating Your Appliance Software

Your K1000 Management Appliance checks in with the servers at Dell KACE daily to find out if more recent appliance software is available. If a software update is available, an alert like this one is displayed on the Home page the next time you log in as Administrator:

This section explains how to accept the latest appliance server upgrade. For details on how to find your current appliance version, see To Find Your Software Version, on page 15.

Administrator Guide, Version 5.2

Getting Started

To upgrade software without using Organizational Management

1. 2. In the Organization menu, click System. Click K1000 Settings > Server Maintenance. The K1000 Server Maintenance page appears. 3. 4. Click Edit Mode at the top left of the page. Click the Check for upgrade button. The Logs tab displays the latest updated files from Dell.

To upgrade software for Organizational Management users

Label
You can find the Label tab by going to Home > Label. However, you can also create labels and smart labels within the other components of the Dell KACE K1000 Management Appliance that use labels.

LabelsProvide ad-hoc organization of users, computers, software, managed installations, and more according to your needs. For information on labels see, About Labels, on page 35. Smart LabelsEnable you to dynamically group users, computers, software, and more by organization based on saved criteria. Smart Labels work much like Search Folders in Outlook or Smart Folders in Mac OS X. For information, see About Smart Labels, on page 42. LDAP LabelsAutomatic labeling based on LDAP or Active Directory lookup. See About LDAP Labels on page 187. LDAP BrowserAutomatically discover information via the agent or to interface with Active Directory or LDAP organizational units. See Creating an LDAP Label with the Browser, on page 189.

Administrator Guide, Version 5.2

Getting Started

Search
You can perform a global search for terms through out the appliance on this tab.

Whats Next
Now that your appliance is installed and running, you need to configure it to fit your companys needs. For the rest of the setup instructions, see Chapter 2: Configuring your Appliance, starting on page 19.

Administrator Guide, Version 5.2

2
Configuring your Appliance

This chapter explains the configuration settings necessary to set up and use your Dell KACE K1000 Management Appliance.

To configure general settings for the server, on page 19. Configuring Network Settings for the Server, on page 23. Configuring Security Settings for the Server, on page 25. Configuring Agent Messaging Protocol Settings, on page 29. Configuring date and time Settings of the appliance server, on page 31. Configuring Single Sign-on for multiple appliances, on page 31. Troubleshooting Tools, on page 33.

Key configuration settings

It is important to properly configure the server settings on the agent before you begin inventorying and actively managing the software on your network. For details on agent connection settings, refer to Chapter 4: Agent Provisioning, starting on page 45.

To configure general settings for the server

To access some General Settings, you need to select System on the Organization dropdown list. 1. 2. Click Settings > Control Panel. Click General Settings. The General Settings page appears. 3. 4. CompanyInstitution Name Click Edit Mode to edit the field values. Enter the following settings: Enter the name of your company. This name appears in every pop-up window or alerts displayed to your users. For example, Dell.

Administrator Guide, Version 5.2

Configuring your Appliance

User Email Suffix System Administrator Email Login Organization Drop-down

Enter the domain to which your users send email. For example, dell.com. Enter the email address of the appliance administrator. This address receives system-related alerts, including any critical messages. Click the check box to enable the Login Organization drop-down. By enabling the Login Organization drop-down, the empty Organization: field on the Welcome login page will be replaced by a drop-down of the configured organizations. For information about Organizational Management, see Chapter 13: Using Organizational Management, starting on page 209. Note: The organization field or drop-down only appears if more than one organization is configured. Click the check box to enable Organization Fast Switching. By enabling Organization Fast Switching, the static Organization: field at the top right corner of every page is replaced with a drop-down of organizations to which the user has access. Only those organizations that have the same user name and password appear in the drop-down. For information about Organizational Management, see Chapter 13: Using Organizational Management, starting on page 209. Crash reports Click the check box to send a report in the event of a appliance crash. This option is recommended because it provides additional information to the Dell KACE Technical Support team in case you need assistance. Click the check box to enable your appliance to share data with the AppDeploy Live! web site.

Organization Fast Switching

Send to Kace

Enable AppDeploy Live! Session Timeout:

Set the number of inactive hours to allow all users before closing their session and requiring another login. The default is 1. Service Desk windows have Timeout Session counters to alert users of this time limit. This time limit only counts periods of inactivity. Users restart this timer with any action that causes the appliance interface to interact with the appliance server (refresh a window, save changes, change windows, etc.). If the session times out, any unsaved changes are lost, and the users is presented with the login screen again. 5. Specify the following Agent-Server Task settings: To access these settings, select System on the Organization drop-down list. Current K1000 Load Average Last Task Throughput Update The value in the field depicts the load on an appliance server at any given point of time. For the server to run normally, the value in this field must be between 0.0 and 10.0. This value indicates the date and time when the appliance Task Throughput was last updated.

Administrator Guide, Version 5.2

Configuring your Appliance

K1000 Task Throughput

At any given point, the appliance has multiple tasks scheduled like Inventory Updates, Scripting Updates, patching updated and execution of scripts. The value in this field decides how the scheduled multiple tasks are balanced by the appliance. Note: The value of the task throughput can be increased only if the value in the field Current K1000 Appliance load Average is not more than 10.0 and the Last throughput update time is more than 15 minutes. This value determines the maximum number of agents that can download packages simultaneously. If that number of agents is reached, an agent must finish communicating with the server before an additional agent can start.

Agent "Download Throttle"

Specify the following User Portal settings if required to customize the User Portal page: Enter a title for the User Portal page. Enter a description of the User Portal page. Enter a title for the user portal page when accessed through an iPhone. Enter a description of the User Portal page when accessed through an iPhone.

Portal Title Portal Text iPhone Portal Title iPhone Portal Text 7. 8.

Click Set Options, to save your changes. Specify the following Logo Override settings to use your custom logo: a. Click Edit Mode to edit the field values:

User Portal (.jpg)

Displayed at the top of the User Portal page. 224x50 pixels is the normal size. 104x50 pixels is shorter and doesn't clip the blue highlight around the Log Out link. 300x75 pixels is maximum size that does not impact the layout.

Report (.jpg)

Displayed at the top of reports generated by the appliance. The report image dimensions are 120x32 pixels, which are specified in the auto-generated XML layout. You can adjust the xml report if you need a different layout size. Displayed in the agent. The client bmp image is scaled to 20x20 pixels only and cannot be customized to any other size. It is displayed on snooze pop-ups, install progress pop-ups, alerts, and message windows created by scripts. Displays on the User Portal login page.

K1000Client (.bmp)

Login User Portal (.jpg)

Administrator Guide, Version 5.2

Configuring your Appliance

Custom Report Logo (.jpg)

Displayed at the top of reports generated by the appliance. The report image dimensions are 120x32 pixels, which is specified in the auto-generated XML layout. You can adjust the xml report to change the layout size.

b. Click Upload Logo. 9. Machine Actions allow setting up of a scripted action that you can perform against individual machines in your environment. They are used to connect to machines remotely, so you can access or execute a specified task on the target machine directly from the user interface. You can configure two actions by selecting them from the Action Item menu. The actions can execute two different tasks. The default Machine Action is mstsc.exe (Remote Desktop Connection). Under the Machine Actions section, associate the appropriate actions and then click Set Actions. For example: Select ping.exe -t KACE_HOST_IP from the Action #1 drop-down. .

Specify http://KACE_HOST_IP in command line field for Action #2 Click Set Actions. Click Inventory > Computers.

Click besides target machine IP to ping the machine and click besides target machine IP to launch a web browser. The appliance substitutes the KACE_HOST_IP variable with the target machine IP address and open a new browser window with that URL. There are 16 pre-programmed actions available. The Machine Actions can also be programmed for other tasks. If the machine action does not include the string .exe, then your appliance assumes it as a URL, and opens a new browser window for it.

Some of the actions listed in the Machine Actions drop-down list require Internet Explorer, because ActiveX is required to launch these programs on the local machine. Firefox does not support this feature. Most actions in the Action Icon drop-down list require you to install additional software for them to function. For example, using DameWare requires you to install TightVNC on your machine as well as on the machine you want to access. Click Action #1 or Action #2 next to the target machine on the Inventory > Computers tab to execute the Machine Action. 10. In the Optional Ignore Client IP Settings section, enter IP addresses you would like ignored as the node IP and then click Save List.

Administrator Guide, Version 5.2

Configuring your Appliance

This might be appropriate in cases where multiple machines could report themselves with the same IP address, like a proxy address. 11. In the License Usage Warning Configurations section, enter the new values. 12. Click Override Configuration to save. This changes when the alert colors are used in the License Compliance Gauge, on page 11. For information about setting up license assets, see K1000 Asset Management Guide. 13. In the Data Retention section, click Edit Mode, and select the amount of time you want to save machine uptime data. Machine uptime data refers to information about the number of hours each day your nodes are running. You can retain this data forever, never save it (None), or select 1 month, 3 month, 6 month (default), 9 month, or 12 month settings. For more information about power management, see About monitoring power use, on page 168. 14. Click Save Settings to save.

List of open ports required

Ensure that following ports are not blocked by your firewall. These ports are required to access the server. Port Number 21 25 80 443 3306 8080 8443 52230 Use To access backup files through FTP If the KACE K1100 Appliance SMTP Server is to be used HTTP SSL To access an appliance database Connects directly to Tomcat Connects directly to Tomcat For agents to connect to the server through AMP

Configuring Network Settings for the Server

The key KACE K1100 Appliance network settings are mostly configured when you log in for the first time, using the konfig/konfig credentials. An administrator can verify or change these settings at any time. Saving any changes to the Network settings on this page forces the Appliance to reboot. Total reboot downtime is 1 to 2 minutesprovided that the changes result in a valid configuration.

Administrator Guide, Version 5.2

Configuring your Appliance

To configure the Network Settings

1. 2. 3. From the Organization drop-down list, select System. Click K1000 Settings > Control Panel. Click Network Settings. The K1000 Network Settings page appears. 4. 5. If fields are grayed out, click Edit Mode to edit the field values. Specify the following settings: We recommend adding a static IP entry for K1000 to your DNS, and using the default Hostname and Web Server Name. The fully-qualified domain name of the appliance on your network is the value of Hostname concatenated with Domain. For example, K1000.kace.com. Nodes connect to the appliance using the Web Server Name, which can be the hostname, fully-qualified domain name, or IP address. For example, K1100. The IP address of the appliance server. Caution: Be careful when changing this setting. If the IP address is entered incorrectly, refer to the appliance Administrative Console, and use the konfig login to correct it. The domain that the appliance is on. The default value is corp.kace.com The domain that the appliance is on. The default value is 255.255.255.0 The default gateway. The primary DNS server the appliance uses to resolve hostnames. (Optional) The secondary DNS server the appliance uses to resolve hostnames. The network speed. The network speed setting should match the setting of your local LAN switch. When set to auto negotiate the system automatically determines the best value. This requires the switch to support auto-negotiate. Otherwise contact your network administrator for the exact setting to be used. To set Network Server Options, perform the following steps: a. Set the external SMTP Server, to enable email notifications through this SMTP server. To set SMTP Server, click the Use SMTP Server check box, and then enter the SMTP Server name in the SMTP Server box. The server named here must allow anonymous (non-authenticated) outbound mail transport. Ensure that your companys network policies allow the appliance to contact the SMTP server directly. The mail server must be configured to allow relaying of email from the appliance without authentication. You can test the email service by using Network utilities. For more information on how to use Network Utilities, refer to Troubleshooting Tools, on page 33.

K1000 Server (DNS) Hostname K1000 Web Server Name

Static IP Address

Domain Subnet mask Default gateway Primary DNS Secondary DNS Network Speed

Administrator Guide, Version 5.2

Configuring your Appliance

b. To set the proxy server, click the Use Proxy Server check box, and then specify the following proxy settings, if necessary: Proxy Type Proxy Server Proxy Port Proxy (Basic) Auth Proxy Username Proxy Password Enter the proxy type, either HTTP or SOCKS5. Enter the name of the proxy server. Enter the port for the proxy server. The default port is 8080. Click the check box to use the local credentials for accessing the proxy server. Enter the user name for accessing the proxy server. Enter the password for accessing the proxy server.

The appliance includes support for a proxy server, which uses basic, realm-based authentication, which prompts for a user name and password:

If your proxy server uses some other kind of authentication, you must add the IP address of the appliance on the exception list of the proxy server. For information about the Enable Service Desk POP3 Server setting, see the Service Desk Administrator Guide. 7. Click Set Options to set the Network Server options.

Configuring Security Settings for the Server

Security Settings are not mandatory but are required to enable certain functionalities like Samba Share, SSL, SNMP, SSH, Offbox DB Access, and FTP access on the appliance server. To use any of the Security Settings features, you must enable them. If you change any security settings, you must reboot the appliance to make the changes take effect.

Administrator Guide, Version 5.2

Configuring your Appliance

To configure Security Settings

To enable SSL, you need the correct SSL Private Key file and a signed SSL Certificate. If your private key has a password, it will prevent the appliance from restarting automatically. Contact KACE support if you have this issue. 1. 2. From the Organization drop-down list, select System. Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears. 3. Click Security Settings. The K1000 Security Settings page appears. 4. 5. Click Edit Mode to edit the security settings fields. In the General Security Settings area, specify the following security settings: a. Click the SSH Enabled check box. Click the check box to permit someone to login to the appliance using SSH. b. Clear the Enable backup via ftp check box. Nightly the appliance creates a backup of the database and the files stored on it. You access these files using a read-only FTP server, which allows you to create a process on another server that pulls this information off the appliance. If you do not need this feature, you can turn off this option, and disable the FTP server. c. Clear the Enable SNMP monitoring check box. SNMP is a network/appliance monitoring protocol that is supported by many thirdparty products. If you do not want to expose the appliance SNMP data, turn off this option. d. Clear the Enable database access check box. The appliance database is accessible via port 3306 to allow you to run reports using an off board tool, like Access or Excel. If you do not want to expose the database in this way, turn off this option. e. Clear the Make FTP Writable check box. Enable this feature to upload backup files using FTP. This feature is useful if your backup files are too large for the default HTTP mechanism (browsers timing out). 6. In the Samba Share Settings area, select the Enable Organization File Shares check box to allow each organization to leverage the appliance's client share as an install location for the node. The appliance has a built-in windows file server that can be used by the provisioning service to assist in distributing the samba client on your network. Dell recommends that this file server only be enabled when performing node software installs. 7. In the Optional SSL Settings area, specify the following SSL settings, if required: a. Clear the Enable port 80 access check box.

Administrator Guide, Version 5.2

Configuring your Appliance

When you activate SSL, port 80 continues to be active, unless Enable port 80 access check box is cleared. By default, the standard Agent installers attempt to contact the appliance via port 80, and then switch to SSL over port 443, after getting the server configuration. If you disable port 80, contact KACE Support to adjust the agent deployment scripts to handle SSL. For ease of agent deployment, leave port 80 active. b. Select the SSL Enabled on port 443 check box to have nodes check in to the appliance server using https. A properly signed SSL Certificate is required to enable SSL. Certificates should be supported by a valid Certificate Authority. SSL settings should only be adjusted after you have properly deployed the appliance on your LAN in non-SSL mode. If you are enabling SSL, you will need to identify the correct SSL Private Key File and SSL Certificate File. The files must be in Privacy Enhance Mail (PEM) format, similar to those used by Apache-based Web servers and not in the PCKS-12 format used by some Web servers. It is possible to convert a PCKS-12 certificate into a PEM format using software like the OpenSSL toolkit. Contact Dell KACE Technical Support if you want to enable SSL on your appliance. You can load SSL certificates into the appliance by any of these two methods: You can click SSL Certificate Wizard and follow the step by step procedure to load the SSL certificates. Refer To generate an SSL Certificate, on page 28. If you have your own SSL certificate and SSL private key, click Edit Mode to edit the field values. In the Set SSL Private Key File field, browse to the SSL Private Key file and browse to the signed SSL Certificate, in the Set SSL Certificate File field 8. Click Set Security Options, to save the changes and reboot the appliance. Once you switch over to SSL, this is a one-way automatic shift for the nodes. They must be reconfigured manually if you later decide not to use SSL. 9. In the Download New Patch Definitions area, click Edit Mode to edit the fields and specify as follows: Select to disable download of new patches. Select to download the patches on specified day of the week or daily at the specified time. Select to download the patches on the specified date or monthly at the specified time.

Disable download of new patches Download Every day/specific day at HH:MM AM/PM Download on the nth of every month/specific month at HH:MM AM/PM

Administrator Guide, Version 5.2

Configuring your Appliance

10. In the Stop Download Of Patch Definitions area, click Edit Mode to edit the field values and specify the following: Allow download of patch definitions to complete Stop patch download process by at HH:MM AM/PM Select to allow download of the patch definitions to complete. Select to stop the download the patches at the specified time.

11. Click Set Patching Options to save the changes and reboot the appliance.

To generate an SSL Certificate

Generate an SSL certificate using the wizard as follows: 1. 2. From the Organization drop-down list, select System. Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears. 3. Click Security Settings. The K1000 Security Settings page appears. 4. Click Open SSL Certificate Wizard. The K1000 Advanced SSL Settings page appears. 5. Click Edit Mode to edit the fields and specify the following: Enter the name of your country. Enter the name of your State or Province. Enter your locality name. Enter the name of your organization. Enter the name of unit your organization belongs to. Enter a common name of the appliance you are creating the SSL certificate for. Enter your email address.

Country Name State or Province Name Locality Name Organization Name Organization Unit Name Common Name e-mail 6.

Click Set CSR Options. Your Certificate Signing Request is displayed in the field below the Set CSR Options button. You need to copy the text between the lines ----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- along with these lines, and then send it to the person who provides your company with web server certificates.

Administrator Guide, Version 5.2

Configuring your Appliance

Your Private Key is displayed under Private Key field. It will be deployed to the appliance when you upload a valid certificate and subsequently click Deploy. Do not send the private key to anyone. It is displayed here in case you want to deploy this certificate to another web server. The certificate and private key for SSL are not included in the appliances nightly backups for security reasons. Retain these two files for your own records. Click Create Self Signed Certificate and for Deploy to be displayed. 7. Click Create Self Signed Certificate. The SSL certificate is generated. This certificate will not be accepted by any nodes until it is added into the trusted certificate database on every machine running the client. 8. Click Deploy to deploy the certificates and turn on SSL on the appliance. Click OK to reboot the appliance.

Configuring Agent Messaging Protocol Settings

Agent Messaging Protocol (AMP) is the appliance Communications Protocol used by the server with its respective agents. AMP includes server, client, and communications components to perform optimized realtime communications for control of systems management operations. AMP provides:

Persistent connection between the appliance Server Server driven inventory updates Higher scalability in terms of number of nodes supported on one K1000 Server Better scheduling control and reliability

These settings are specific to the AMP infrastructure and do not affect other appliance configuration settings or runtime operations. These settings control both the runtime state of the AMP server and also the operational state of the agent. Changing these settings will temporarily interrupt communications between the appliance and the agents. Exercise caution when changing these settings and contact Dell KACE Technical Support for any questions regarding these parameters.

To configure Agent Messaging Protocol Settings

1. 2. From the Organization drop-down list, select System. Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears.

Administrator Guide, Version 5.2

Configuring your Appliance

Click Agent Messaging Protocol Settings. The K1000 Agent Messing Protocol Settings page appears.

4. Server Port

Specify the General Settings: Specify the Server Port. The AMP Server on the appliance SERVER will listen on port 52230 (default). For the Agents to connect to the appliance SERVER using AMP, you must have the AMP Protocol Port 52230 open and available OUTBOUND. (That is, the agent must be able to connect through this port number OUTBOUND without restriction from any OUTBOUND filter/firewall.) Example of an OUTBOUND restriction: Windows XP Firewall blocking outbound port 52230. Allow outbound Protocol Port 52230. This can be configured in your Filter/Firewall Software or Hardware as an allowed OUTBOUND Exception. For the SERVER to accept connections via AMP, it must have the AMP Protocol Port 52230 open and available INBOUND to the appliance IP ADDRESS. (That is, the appliance SERVER must be able to accept connections through this port number INBOUND without restriction from an INBOUND filter/firewall.) Example of an INBOUND restriction: A NAT Firewall such as Cisco or SonicWall blocking INBOUND port 52230 to the K1000 IP ADDRESS. Allow inbound Protocol Port 52230 to the appliance server. This can be allowed through a One-to-One Inbound NAT Policy. Note: If you change the default AMP Port of 52230, you must update the ALLOWED OUTBOUND/INBOUND port on your filter/firewall.

Enable Click the check box to enable different levels of server debug/logging to the server's Server Debug log file. Enable SSL for AMP Click the check box to enable SSL for AMP. The activation of SSL is for AMP Only. The check box must be selected to activate SSL over AMP even though the general appliance settings may have SSL enabled already. This allows the separate configuration of AMP traffic to be un-encrypted even though all other appliance communication is SSL encrypted. Note: Before you can choose this setting, you must enable SSL as described in step b on page 27. Click Save and Restart AMP Server to the save the settings and restart the AMP server. You can click Restart AMP Server to restart the AMP server without saving the settings. Restarting the AMP Server will not restart the appliance.

5. 6.

Administrator Guide, Version 5.2

Configuring your Appliance

Configuring date and time Settings of the appliance server

Keep the time of the appliance accurate as most time calculations are made on the server. When updating the time zone, the appliance web server will be restarted in order for it to reflect the new zone information. Active connections may be dropped during the restart of the web server. After saving changes, this page will automatically refresh after 15 seconds.

To configure Date & Time settings

1. 2. From the Organization drop-down list, select System. Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears. 3. Click Date & Time Settings. The K1000 Date & Time Settings page appears. 4. 5. Click Edit Mode to edit the field values. Specify the following information: Select the appropriate time zone from the drop-down list. Click the check box to automatically synchronize the appliance time with an internet time server. Enter the time server in the text box. For example: time.kace.com Click the check box to manually set the appliance clock. Select the appropriate time and date from the drop-down lists.

Time Zone Automatically synchronize with an Internet time server Set the clock on the K1000 manually 6.

Click Set Options to set the date and time settings.

Configuring Single Sign-on for multiple appliances

The Single Sign-On feature (appliance linking) enables users to authenticate once and gain access to and run multiple appliances. Once appliances are linked, you can sign on to one of them and gain access to the others without having to re-login into each appliance individually. You can link all Dell KACE K1000 Management Appliances. You can run multiple appliances from the same appliance console, but you cannot transfer resources or information between them using this feature. To link appliance so you can run them from the same console.

Administrator Guide, Version 5.2

Configuring your Appliance

Start by enabling linking on each appliance with the instructions in To enable linking of appliances for single sign-on, on page 32. Enabling linking creates appliance names and linking keys. Copy the appliance names and linking keys between the appliances to link using the instructions in To enable linking of appliances for single sign-on.

To enable linking of appliances for single sign-on

1. 2. From the Organization drop-down list, select System. Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears. 3. Click Linking Dell KACE Appliances Settings. The K1000 Linking Dell KACE Appliances Settings page appears. 4. 5. Click Edit Mode. Click the Enable Dell KACE Appliance Linking check box to enable the linking. Enter a unique, logical name for this appliance. Other appliances use this name to select this appliance. Enter the number of minutes to keep the link open. When this time period expires, you need to provide login credentials when switching to a linked appliance. The default is 120 minutes. Enter the number of minutes this server waits for a remote appliance to respond to a linking request. The default is 10 seconds.

Friendly Name (this server) Remote Login Expiration Request Timeout

Click Set Options to save link settings. Once linking is enabled, return to the Control Panel page and select Manage Linked K1000 Appliances to configure remote appliances.

To link appliances for single sign-on

This procedure involves copying the K1000 Friendly Names and linking keys from one appliance to another. To save time, copy these to a central location. Optionally, you can make the link an SSL connection for added security. An SSL connection is only available if you have enabled SSL on all K1000 Management Appliance you are linking. The Manage Linked Appliances page appears after you enable linking. If appliance linking is not enabled, you are redirected to the Linking K1000 Appliances Settings page when you click the Manage Linked K1000 Appliances link. 1. 1. Follow the instructions in To enable linking of appliances for single sign-on, on page 32, on each appliance that you want to link with. From the Organization drop-down list, select System.

Administrator Guide, Version 5.2

Configuring your Appliance

Click K1000 Settings > Control Panel > Manage Linked Dell KACE Appliances. The Linking K1000 Appliances page appears.

In the Choose Action menu, click Add New Item. The K1000 Settings: Add Linked Appliance page appears.

4. 5.

Enter the K1000 Friendly Name and the Linking Key of the appliance that you are establishing the link to. Click Set Options. If the settings are configured correctly, the Connection Successful message is displayed.

Log on to the other appliance you are creating the link for, and repeat these steps to add the Host Name and Linking Key to it. After you click Save, the Test Connection option appears.

Click Test Connection to verify the connection between the two linked appliances.

When you re-login into the first appliance, the newly updated linked appliances appear on the Organization drop-down list of the Home tab. You can now switch among the linked appliance consoles using the Org: drop-down menu on the upper right side of the appliance user interface.

To disable appliance links

After a appliance link is deleted, you can still switch to and control that appliance until you log off and log in again from the appliance Server.

Troubleshooting Tools
The Troubleshooting Tools page contains tools to help administrators and Dell KACE Technical Support to troubleshoot problems with this appliance.

To access the K1000 Troubleshooting Tools page

Click Settings > Support > Troubleshooting Tools.
Administrator Guide, Version 5.2 33

Configuring your Appliance

The Troubleshooting Tools page appears.

To use Network Utilities

You can use Network Utilities to test various aspects of this appliances network connectivity. 1. 2. From the Organization drop-down list, select System. Click K1000 Settings > Support. The K1000 Settings: KACE Support page appears. 3. Click Troubleshooting Tools. The Troubleshooting Tools page appears. 4. 5. 6. 7. Click Edit Mode. Enter the IP Address in the text box. Select the appropriate network utility from the drop-down list. Click Test. You can download K1000 Troubleshooting Logs. Dell KACE Technical Support may request the troubleshooting logs to help in troubleshooting some issues. Click the click here link to download troubleshooting logs. Click the Enable Tether check box under the KACE Support Tether to allow Dell KACE Technical Support to access your appliance. Enter the key supplied by Dell KACE in the text box. Dell KACE Technical Support will provide you a key when this type of support is required.

Administrator Guide, Version 5.2

3
Labels and Smart Labels

This chapter gives an overview of labels and Smart Labels, and how your Dell KACE K1000 Management Appliance uses them. For information on LDAP Labels and the LDAP Browser, see Chapter 11: LDAP, starting on page 187.

About Labels, on page 35. About Smart Labels, on page 42. Whats Next, on page 44.

About Labels
Labels can be used to organize and categorize computers, software, people, and locations. Labels are intended to be used in a flexible manner, and how you use labels is completely customizable. The label types are:

Computer inventory IP Scan inventory Processes /Startup Items / Services Software Patches Dell Update packages Users

Once included in a label, items can be managed on a per label basis. All items that support labeling can have none, one, or multiple labels. You can use labels, for example, with patching, distribution packages, categorizing computers, setting up the geographic relationships, and setting permission levels of users. Labels can be manually or automatically applied, through LDAP or Smart Labels. You can organize labels in Label Groups. Label Groups pass on their usage restrictions to the labels they contain. You can find the Label tab by going to Home > Label. You can also create labels and Smart Labels in the other components of the appliance that use labels. In many areas of the appliance user interface, you can see a labels select list, which you use to constrain an action to a one or more labels. For example, you can restrict the deployment of a script to nodes that belong to particular labels.

Administrator Guide, Version 5.2

Labels and Smart Labels

Managing Labels
In Label Management, you can:

Create labels (which is also done in other parts of the interface) Create Label Groups (or nested labels) Edit Label Groups Delete or Hide Label Groups

Viewing Labels
Select Label Management to view labels created. You can click on the numbers under the categories to see what the members are. For example, in the following screenshot:

The FrameMaker 7.2 label belongs to the Licenses Label Group. FrameMaker 7.2 is a software label, and there are two items in the label. The associated with a Smart Label. icon means that the label is

Administrator Guide, Version 5.2

Labels and Smart Labels

The laptop label is a machine label that contains only one item. The label is associated with a Smart Label that adds any computer with the chassis type laptop to the Smart Label. If any more laptops are purchased, they will be added to the label. Licenses contains one label so it is a Label Group. MemberOfBuildingA and MemberOfFinancesGroup have the icon for an LDAP Label. For information about LDAP labels, see About LDAP Labels, on page 187. Microsoft Office Proof is also associated with a Smart Label. It is also in the Label Group, Licenses. Microsoft Office Proof has four membersuntil more copies of Office Proof are purchased.

Viewing Computer Details by Label

After youve created a label a computer, for example, you can view details about the computers on your network that belong to that label. From the Label Detail view you can see:

The IP addresses and machine names of the computers in the label The number of Managed Installations and File Synchronizations deployed to the label The number of network scans and scripts run on the machines in the label The number of alerts, portal packages, and users associated with the label The number of filters and replication shares associated with the label.

Administrator Guide, Version 5.2

Labels and Smart Labels

To view label details

1. 2.

Click Home > Label, and click Label Management. Click the linked name of the label you want to view. The Labels: Edit Detail page appears.

In the Labeled Items section, click the + sign beside the section headers to expand or collapse the view.

To add or edit a new label

You can add or edit labels from most places in the user interface. You can also add or edit them under Label Management. 1. Click Home > Label, and click Label Management.

Administrator Guide, Version 5.2

Labels and Smart Labels

2. 3.

In the Choose Action menu, click Add New Label. On the Label : Edit Detail page, enter a descriptive title. If you have large numbers of labels, you can use Label Groups for organization. See To create a Label Group, on page 41

(Optional and for Computer labels) Enter a value for KACE_ALT_LOCATION. Typically, this value is not used. If KACE_ALT_LOCATION is used, scripts check here for dependencies.

5. 6. 7.

If you defined KACE_ALT_LOCATION, specify the Username and Password for it. (Optional) Under Restrict Label Usage To, select an appropriate category. For example, if the label is for software, restrict it to that. (Optional) Select a Label Group. If you have large numbers of labels, consider putting them in a Label Group. For example, include the labels of your licensed software in a software Label Group named Licenses. See To create a Label Group, on page 41.

8. 9.

Click OK. Click Save.

For an another example on how to manually apply labels, refer to Adding Computers to Inventory, on page 81.

To delete a label
You can delete a label in its edit page, you can also: 1. 2. 3. 4. Click Home > Label and select Label Management. Click the check box for the label. From the Choose Action menu, click Delete Selected Item(s). Click OK in the confirmation window.

About Label Groups

You can organize long lists of labels by putting them in Label Groups. As well as organizing labels, Label Groups share their types with the labels they contain. Not only can a Label Group include multiple labels, a label can be associated more than one Label Group.

Administrator Guide, Version 5.2

Labels and Smart Labels

The following illustration shows the Label Group type inherited by the label from the Label Group.

To view Label Groups

1. Click Home > Label, and click Label Management. If you see Label Name [groups hidden], do the following: 2. In the Choose Action menu, click Show Label Groups. You can hide Label Groups by clicking Hide Label Groups.

Administrator Guide, Version 5.2

Labels and Smart Labels

To create a Label Group

You organize labels by putting them in Label Groups: 1. 2. Click Home > Label, and click Label Management. In the Choose Action menu, click Add Label Group. To include existing the labels in the group, click their check boxes before selecting Add Label Group. The labels are included as part of creating the Label Group. 3. 4. 5. 6. 7. 8. In the Add Label Group pop-up window, enter the name of the new group, and click Save. In the Label Management page, select the name of the new Label Group. On the Label : Edit Detail page, enter a descriptive title. Ignore KACE_ALT_LOCATION. (Optional) Under Restrict Label Usage To, select an appropriate category. For example, if the label is for software, restrict it to that. (Optional) Select a Label Group. You can put Label Groups within other Label Groups. 9. Click Save.

To apply a label to a Label Group

1. 2. Click Home > Label, and click Label Management. Click the check box for the label you want to work with. In this example, the Smart Label MS Office Home is selected. 3. In the Choose Action menu, click Apply Label Group. In this example, the MS Office Home Smart Label is associated with the Licenses Label Group.

Administrator Guide, Version 5.2

Labels and Smart Labels

To delete a Label Group

Before you delete a Label Group, delete its member labels. 1. 2. Click Home > Label, and click Label Management. Click the name of the Label Group. The Label Group : Edit Detail page appears. 3. 4. 5. 6. 7. 8. 9. Expand the Labels under Label Items. Click the name of the label to open its edit detail page. In the Assign to Label Group section, click Edit. In the Label Selection window, select the name of the Label Group from step 2. Click the recycle bin and OK Click Save. When you have removed all labels from Label Items of the Label Group, click Delete.

About Smart Labels

Smart Labels enable you to dynamically apply a label based on a search criteria. Your appliance allows you to create specific types of Smart Labels. You can view the list of available Smart Labels from the Home > Label > Smart Labels tab. The types of Smart Labels are:

Dell Package Smart Label IP Scan Smart Label Machine Smart Label Patch Smart Label Software Smart Label

You can also change the order of your smart labels or delete them from the Smart Labels page.

To create a Smart Label

You can also create a Smart Label in every component where you use them. 1. 2. Go to Home > Label, and click Smart Labels. From the Choose Action menu, click the type of Smart Label you want to create. The Create Smart Label sub-tab appears for the type of label that you selected. For example, if you selected Software Smart Label, the criteria just apply to software. The tab location is Software under Inventory. 3. 4. Specify the search criteria. Click Test Smart Label, to view the results.

Administrator Guide, Version 5.2

Labels and Smart Labels

5. 6.

Choose or enter the label to associate with the Smart Label. Click Create Smart Label.

Now, whenever machines with software that meets the specified criteria check into your appliance, the software automatically assigned to the associated Smart Label. You can also add a new software smart label or change the order of Smart Labels from Home > Label > Smart Labels. Deleting a Smart Label does not delete the label associated with it.

Software Smart Labels are applied in the following ways:

If a specific software Smart Label is edited using Home > Label > Smart Labels, it is reapplied to all software. All Smart Labels are reapplied to a software item when it is updated on Inventory > Software.

For more examples of using Smart Labels, see, Creating Smart Labels for Computer Inventory, on page 78, and To dynamically identify the network scan results, on page 108.

To edit a Smart Label

You can find all Smart Labels in the Home component. You can also edit Smart Labels within the components that they belong to. 1. Go to Home > Label, and click Smart Labels. The Smart Labels page appears. 2. Select a Smart Label Name. The Smart Label : Edit Detail page shows the following information, depending on the type of Smart Label, Item Type Assigned Label Label Notes SQL Specifies the type of Smart Label, for example, software. From the drop-down list, choose the label you want to assign. Click Details to edit label details. For more information on editing labels, refer to Managing Labels, on page 36. Displays notes relevant to the label, if entered in the Notes field. This field displays the query in SQL (Structured Query Language). Click on Duplicate to create a new Smart Label with same SQL code. This field does not show when the Details link is clicked.

Administrator Guide, Version 5.2

Labels and Smart Labels

Click Save. When you click on Duplicate to create a new Smart Label with the SQL code, you can only reassign it to a new label.

To change the Smart Label Run Order

To change the order in which Smart Labels: 1. Go to Home > Label, and click Smart Labels. The Smart Labels page appears. 2. Select one of these options from the Choose Action menu: Order Machine Smart Labels Order Software Smart Labels Order Patch Smart Labels Order Dell Package Smart Labels

The order Smart Labels page appears for the type of Smart Label, listing all of that type. 3. To change a Smart Labels order value, click the icon beside it.

Smart Labels with smaller values execute before those with larger values. Smart Labels have a default order value of 100. 4. Click Save.

Whats Next
Many organizations use labeling with their software and hardware inventories. For more examples of using labeling, see Chapter 5: Managing Software and Hardware Inventories, starting on page 75.

Administrator Guide, Version 5.2

4
Agent Provisioning

The Agent Provisioning feature enables you to directly install the Dell KACE K1000 Management Appliance agent onto machines in your environment.

Overview of first time agent provisioning, on page 45. System requirements for agents, on page 46. Preparing to provision the agent, on page 47. Single Machine Provisioning, on page 48. Advanced Provisioning, on page 48. Deploying Agents from a Network Share, on page 59. Provisioned Configurations, on page 60. Using the Provisioning Results Page, on page 62. Managing K1000 Agent Tasks, on page 63. K1000 Agent Settings, on page 64. K1000 Agent Update, on page 68. Updating with a client bundle, on page 69. AMP Message Queue, on page 71.

Overview of first time agent provisioning

Agent Provisioning helps you to easily deploy the K1000 Management Appliance agent software on your network. You can deploy the agent on multiple machines simultaneously by creating a configuration that identifies a range of IPs to target. The procedure for agent provisioning varies for Windows and other operating systems. 1. 2. 3. 4. File share must be enabled. See Enabling file sharing on page 47. A provisioning configuration identifies one or more IP addresses for the first time deployment or removal of the agent. The target IP address is tested for the existence of an agent. If the agent is not detected, then it will remotely install the agent directly from the appliance.

The provisioning installers are located on the appliance in the following network share:

Administrator Guide, Version 5.2

Agent Provisioning

\\appliance\client\agent_provisioning where appliance represents the hostname of your appliance. The provisioning files are located in the subdirectories for their operating system. (For example, Windows files are located in the windows_platform directory.) For information on manually deploying the agent on Windows, Linux, and Macintosh platforms, refer to Appendix E: Manually Deploying Agents, starting on page 269.

System requirements for agents

System requirements to install the agent are:

Windows: Windows 7 (32-bit and 64-bit) Windows Vista (32-bit and 64-bit) Windows XP (32-bit and 64-bit) Windows Server 2008 (32-bit and 64-bit) Windows Server 2008 R2 (64-bit) Windows Server 2003 (32-bit and 64-bit) Windows 2000 Server (32-bit)

All Windows platforms require: Microsoft Internet Explorer 5.01 or greater Microsoft .NET Framework 1.1/2.0, 90 MHz or faster processor 28 MB RAM and 10MB free disk space (minimum)

Linux: Red Hat Enterprise Linux (RHEL) 3, 4, and 5 (32-bit and 64-bit) Macintosh: Mac OS X v10.6 Intel Mac OS X 10.5 Intel and PowerPC Mac OS X 10.4 Intel and PowerPC

Upgrades supported: Supports upgrading from agent version 4.3.20024 or later to 5.1.

Administrator Guide, Version 5.2

Agent Provisioning

Preparing to provision the agent

You must perform the steps in this section before provisioning the agent.

Enabling file sharing

To activate the provisioning functionality you must enable K1000 Management Appliance file share. 1. 2. Go to Settings > Control Panel. Click General Settings. The K1000 Settings: General page appears. 3. 4. In the Samba Share Settings section, click Edit Mode. Select the File Share Enabled checkbox.

Click Save Samba Settings.

Preparing for Windows Platform provisioning

For Windows platform installations, the following configuration settings are required:

K1000 Agent 5.1: For Windows Platforms (32-bit and 64-bit), you must use Microsoft .NET version 1.1 SP1. (K1000 Agent 5.2 does not require Microsoft .NET.) Windows XP: Turn off Simple File Sharing. Appliance Provisioning requires standard file sharing with its associated security model. Having Simple File Sharing enabled can cause a LOGON FAILURE because simple file sharing does not support administrative file shares and associated access security. Windows Firewall: If turned ON, enable File and Print Sharing in the Exceptions list of the Firewall Configuration.

By default, the appliance verifies the availability of ports 139 and 445 on each target machine before attempting to execute any remote installation procedures. For Vista and Windows 7:

Provide Administrative credentials for each machine. Configure User Account Control (UAC) in one of two ways: Turn UAC off.

Administrator Guide, Version 5.2

Agent Provisioning

Set User Account Control : Run all administrators in Admin Approval Mode to Disabled.

From the Advanced sharing settings page, turn on network discovery and turn on file and printer sharing.

Single Machine Provisioning

Single Machine Provisioning option provides an easy way to deploy the agent technologies for the first time. Single Machine Provisioning assumes some default values for settings such as TCP ports, time outs, appliance server name, and so on.

To deploy the agent on a single machine

1. Go to Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Single Machine Provisioning. The Single Machine Provisioning page appears, including the agent version. 3. 4. 5. 6. 7. 8. 9. Enter the Target IP. Click Install Agent. Click the operating system of the agent. (Windows Only) Enter the domain or workgroup for the user name you enter below. Enter a user name that has the privileges to install the agent. Enter the password for the account. Click Run Now.

The system saves the configuration with a default name as Simple configuration - IP Address and then runs the configuration against the targeted IP. You are redirected to the Provisioned Configurations page where the newly created configuration is displayed.

Advanced Provisioning
Advanced Provisioning has three primary options:

Auto Provisioning, which allows you to provide target IP Range for Provisioning. See To add a new item using Auto Provisioning, on page 49. Manual Provisioning by IP, which allows you to specify IP addresses manually and also pick up machines from IP Scan and Inventory. See To add a new item using Manual Provisioning by IP, on page 52. Manual Provisioning by Hostnames, which allows you to enter hostnames manually. See To add a new item using Manual Provisioning by Hostname, on page 55.

Administrator Guide, Version 5.2

Agent Provisioning

To add a new item using Auto Provisioning

1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Advanced Provisioning. The Advanced Provisioning page appears. 3. 4. Select the Auto Provisioning option under the General Settings section. Enter the following general settings details: Enter a name for your agent provisioning configuration that is specific enough to differentiate between other configuration names. Enter an IP or IP range. Use hyphens to specify individual IP class ranges. For example: 192 168 2-5 1-200. Click to enable the configuration and run scheduled configurations. Enter the name of the server where you want to install the agent from. This field displays the default name of the appliance server. Update this field if you have multiple servers. The share folder name in the appliance, where the agents are located. Click to enable DNS lookup. By default, the field displays the primary DNS Server mentioned under Network Settings. You can change the default DNS Server to the required one and also specify the hostname or IP address. Enter the time period in seconds, after which a DNS lookup will time out.

Config Friendly Name Provisioning IP Range Configuration Enabled K1000 Server Name

K1000 Client Share Name DNS Lookup Enabled Name Server for Lookup

Lookup Time Out

Enter the following details under the Windows Platform Provisioning Settings section if the target machines operate on the Windows platform: Click to enable provisioning .

Provision this platform Agent Identification Port

K1000 Agent Version (Read-only) This field displays the Agent Version number. The agent identification port is the default port currently in use by the agents and indicates that you should not install the agent again. By default that port number is 52230. If you are using a different port number for this, you can change the port number listed here.

Administrator Guide, Version 5.2

Agent Provisioning

Required open TCP Ports Port Scan Time Out Bypass Port checks Enable Debug Info

Enter the list of required open TCP ports separated by commas. These are the ports appliance uses to access the target machine for installation of the agent. Enter time period in seconds, during which the appliance scans the port for response. Click to avoid port checks while the appliance installs the agent. Click to view debug information in the machines provisioning results.

Remove K1000 Agent Click to reverse the logic of the provisioning configuration, that is to remove the agent from machines. This overrides any current provisioning activity. 6. Enter the following details under Windows Network Administrative Credentials section if the target machines operate on the Windows platform: Enter the domain or workgroup name associated with the login credentials you enter below. Enter a user name that has the necessary privileges to install the agent on the targeted machines. Enter the password for the account listed above.

Domain (or Workgroup) User Name (admin level) Password 7.

If the target machines operate on the Linux or Macintosh platform, enter the following details under Unix (Linux or Mac OS X) Platform Provisioning Settings section: Click to enable provisioning on Linux or Macintosh platform. Enter the list of required open TCP ports separated by commas. These are the ports the appliance uses to access the target machine for installation of the Agent. Enter a time period in seconds. Port scan time out indicates the time for which the appliance will scan the port for response. Click to avoid port checks. This indicates that the appliance tries the installation, without checking ports.

Provision this platform Required open TCP Ports Port Scan Time Out Bypass Port Checks

Remove K1000 Agent Select to reverse the logic of the provisioning configuration. Hence, you are using provisioning configuration, to remove the agent from machines rather than installing it. This overrides any current provisioning activity.

Administrator Guide, Version 5.2

Agent Provisioning

Remove /var/kace/ files

The kace folder has two sub folders, SMMP and kagentd. The SMMP folder contains: SMMP.conf, agent.log, pid, and pluginRunProcess.log. The kagentd folder contains: K1000_LOG.txt, kbot_config.yaml, and kuid.txt. Click to remove the complete kace folder. If the check box is not selected, the /var/kace/kagentd/kuid.txt file is not deleted.

Enter the following details under Network Root Credentials section if the target machines operate on the Linux or Macintosh platform: Under Network Root Credentials for the appropriate platform, enter a user name that has the necessary privileges to install the agent on the targeted machines. Enter the password for the account listed above.

User Name Linux or Mac OS Password

K1000 Agent Version (Read-only) This field displays the agent version number. 9. Select the appropriate check box under the Scheduling area, and schedule to run the configuration: Default. Select when you do not want to run the provisioning configuration on a schedule. Select to run the provisioning configuration at the specified interval. Select to run the provisioning configuration daily or specified day of the week at the specified time. Select to run the provisioning configuration monthly or on the specified day of the month at the specified time.

Dont Run on a Schedule Run Every n minutes/ hours Run Every day/specific day at HH:MM AM/PM Run on the nth of every month/specific month at HH:MM AM/PM

By choosing a regular schedule, the appliance periodically checks machines in the specified IP range to make sure that they have the Agent, and install/reinstall/uninstall as required. 10. Click Save to save the provisioned configuration. The Provisioned Configurations page appears. The provisioned configuration you created appears in the list of configurations. 11. Click the saved provisioned configuration. The Advanced Provisioning page appears. 12. You can edit this provisioned configuration. Click Run Now to save the changes and instantly run the current configuration against the defined IP range. To cancel the configuration, click Cancel.

Administrator Guide, Version 5.2

Agent Provisioning

You can also deploy the agent manually. For more information on the manual deployment of the agent on Linux and Macintosh, see Appendix E: Manually Deploying Agents, starting on page 269.

To add a new item using Manual Provisioning by IP

1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Advanced Provisioning. The Advanced Provisioning page appears. 3. 4. Select the Manual Provisioning by IP option under the General Settings section. Enter the General Settings details as shown in the following table: Enter a name for your agent provisioning configuration. Use a specific configuration name to differentiate between two configurations. Enter the IP address of the target machine or click Help me pick machines. Note: Multiple IP addresses should be comma-separated. Provisioning IP Range (Help me pick machines) IP Scan Computer (Help me pick machines) Inventory Computers (Help me pick machines) Configuration Enabled K1000 Server Name K1000 Client Share Name Enter IP or IP range. Use hyphens to specify individual IP class ranges. For example: 192 168 2-5 1-200. Click Add All to add all the IP addresses displayed in the list. Select a machine from the IP Scan Computers drop-down list, to add to the Target IPs list. This list is populated from the Network Scan Results. You can filter the list by entering any filter options. Click Add All to add all machines displayed in the list. Select a machine from Inventory Computers dropdown list, to add to the Target IPs list. This list contains all the computers in the inventory. You can filter the list by entering any filter options. Click Add All to add all machines displayed in the list.

Config Friendly Name Target IPs

Select to enable the configuration. Note: Scheduled configurations will run only if this check box is selected. This field, by default, displays the name of the appliance server. Update this field if you have multiple appliance servers. Enter the name of the server that you want to install the agent from. The share folder name on the appliance, where the agents are located.

Administrator Guide, Version 5.2

Agent Provisioning

DNS Lookup Enabled Name Server for Lookup Lookup Time Out 5.

Select to enable DNS lookup. By default, the field displays primary DNS Server mentioned under Network Settings. You can change the default DNS Server to the required one and also specify the hostname or IP address. Enter the time period in seconds. After this period has lapsed, the DNS lookup will automatically time out.

Provision this platform K1000 Agent Version

Agent The agent identification port is a port that installed agents would Identification Port already have open and in use, indicating that you should not install the agent again. By default that port number is 52230. If you are using a different port number for this, you can change the port number listed here. Required open TCP Ports Port Scan Time Out Bypass Port checks Enter the list of required open TCP ports separated by commas. These are the ports that your appliance uses to access the target machine for installation of the Agent. Enter a time period in seconds. Port scan time out indicates the time for which the appliance will scan the port for response. Select to avoid port checks. This indicates that the appliance tries the installation, without checking ports.

Enable Debug Info Select to display more debug information in the machines provisioning results. Remove K1000 Agent Select to reverse the logic of the provisioning configuration. Hence, you are using provisioning configuration, to remove the agent from machines rather than installing it. This overrides any current provisioning activity.

Enter the following details under Windows Network Administrative Credentials section if the target machines operate on the Windows platform: Enter the domain or workgroup name associated with the login credentials you enter below. Enter a user name with the necessary privileges to install the agent on the targeted machines. Enter the password for the account listed above.

Domain (or Workgroup) User Name (admin level) Password

Administrator Guide, Version 5.2

Agent Provisioning

If the target machines operate on the Linux or Macintosh platform, enter the following details under Unix (Linux or Mac OS X) Platform Provisioning Settings section: Select to enable provisioning on Linux or Macintosh platform. Enter the list of required open TCP ports separated by commas. These are the ports the appliance uses to access the target machine for installation of the agent. Enter a time period in seconds. Port scan time out indicates the time for which the appliance scans the port for response.

Provision this platform Required open TCP Ports Port Scan Time Out

Bypass Port checks Select to avoid port checks. This indicates that the appliance tries the installation, without checking ports. Remove K1000 Agent Select to reverse the logic of the provisioning configuration. Thus, you are using provisioning configuration, to remove the agent from machines rather than installing it. This overrides any current provisioning activity. The kace folder has two sub folders, SMMP and kagentd. The SMMP folder contains: SMMP.conf, agent.log, pid, and pluginRunProcess.log. The kagentd folder contains: K1000_LOG.txt, kbot_config.yaml, and kuid.txt. Select to remove the complete kace folder. If the check box is not selected, the /var/kace/kagentd/kuid.txt file is not deleted. 8. Enter the following details under Network Root Credentials section if the target machines operate on the Linux or Macintosh platform: Under Network Root Credentials for the appropriate platform, enter a user name that has the necessary privileges to install the agent on the targeted machines. Enter the password for the account listed above. (Read-only) This field displays the agent version number.

Remove /var/ kace/ files

User Name (Linux/Mac OS) Password K1000 Agent Version 9.

Select the appropriate check box under the Scheduling area, and schedule to run the configuration: Default. Select when you do not want to run the provisioning configuration on a schedule. Select to run the provisioning configuration at the specified interval. Select to run the provisioning configuration on specified day at the specified time.

Dont Run on a Schedule Run Every n minutes/ hours Run Every day/specific day at HH:MM AM/PM

Administrator Guide, Version 5.2

Agent Provisioning

Run on the nth of every month/specific month at HH:MM AM/PM

Select to run the provisioning configuration on the specified time on every month or only the selected month.

By choosing a regular schedule, the appliance periodically checks machines in the specified IP range to make sure that they have the Agent, and install/reinstall/uninstall as required. 10. Click Save to save the provisioned configuration. The Provisioned Configurations page appears. The provisioned configuration you just created, appears in the list of configurations. 11. Click the saved provisioned configuration. The Advanced Provisioning page appears. 12. You can edit this provisioned configuration. Click Run Now to save the changes and instantly run the current configuration against the defined IP range. To cancel the configuration, click Cancel.

To add a new item using Manual Provisioning by Hostname

Config Friendly Name Target Hostnames Configuration Enabled K1000 Server Name

K1000 Client Share Name DNS Lookup Enabled

Administrator Guide, Version 5.2

Agent Provisioning

Name Server for Lookup

By default, the field displays primary DNS Server mentioned under Network Settings. You can change the default DNS Server to the required one and also specify the hostname or IP address. Enter the time period in seconds, after this period has lapsed the DNS lookup will automatically time out.

Lookup Time Out

Enter the following details under Windows Platform Provisioning Settings section if the target machines operate on the Windows platform: Select to enable provisioning on Windows platform. This field displays the agent version number. The agent identification port is a port that installed agents would already have open and in use, indicating that you should not install the agent again. By default that port number is 52230. If you are using a different port number for this, you can change the port number listed here. Enter the list of required open TCP ports separated by commas. These are the ports the appliance uses to access the target machine for installation of the agent. Enter a time period in seconds. Port scan time out indicates the time for which the appliance will scan the port for response. Select to avoid port checks so that the appliance attempts to install the agent, without checking the ports. Select to display more debug information in the machines provisioning results. Select to reverse the logic of the provisioning configuration. Thus, you are using provisioning configuration, to remove the agent from machines rather than installing it. This overrides any current provisioning activity.

Provision this platform K1000 Agent Version Agent Identification Port

Required open TCP Ports Port Scan Time Out Bypass Port checks Enable Debug Info Remove K1000 Agent

Enter the following details in the Windows Network Administrative Credentials section if the target machines operate on the Windows platform: Enter the domain or workgroup name associated with the login credentials you enter below. Enter a user name with the necessary privileges to install the agent on the targeted machines. Enter the password for the account listed above.

Domain (or Workgroup) User Name (admin level) Password

Administrator Guide, Version 5.2

Agent Provisioning

Enter the following details under Unix (Linux, Mac OS X) Platform Provisioning Settings section, if the target machines operate on the Linux or Macintosh platform: Select to enable provisioning on Linux or Macintosh platform. Enter the list of required open TCP ports. These are the ports the appliance will use to access the target machine for installation of the Agent. Enter a time period in seconds. Port scan time out indicates the time for which the appliance will scan the port for response. Select to avoid port checks. This indicates that the appliance tries the installation, without checking ports. Select to reverse the logic of the provisioning configuration. Hence, you are using provisioning configuration, to remove the agent from machines rather than installing it. This overrides any current provisioning activity. The kace folder has two sub folders, SMMP and kagentd. The SMMP folder contains: SMMP.conf, agent.log, pid, and pluginRunProcess.log. The kagentd folder contains: K1000_LOG.txt, kbot_config.yaml, and kuid.txt. Select to remove the complete kace folder. If the check box is not selected, the /var/kace/kagentd/kuid.txt file is not removed.

Provision this platform Required open TCP Ports Port Scan Time Out Bypass Port checks Remove K1000 Agent

Remove /var/ kace/ files

Enter the following details under Network Root Credentials section, if the target machines operate on the Linux or Macintosh platform: Under Network Root Credentials for the appropriate platform, enter a user name that has the necessary privileges to install the agent on the targeted machines. Enter the password for the account listed above. (Read-only) This field displays the agent version number.

User Name (Linux/ Mac OS) Password K1000 Agent Version 9.

Dont Run on a Schedule Run Every n minutes/ hours Run Every day/specific day at HH:MM AM/PM

Administrator Guide, Version 5.2

Agent Provisioning

Run on the nth of every month/specific month at HH:MM AM/PM

Select to run the provisioning configuration monthly or the specified day of the month at the specified time.

By choosing a regular schedule, the appliance periodically checks machines in the specified IP range to make sure that they have the agent, and install/reinstall/uninstall as required. 10. Click Save to save the provisioned configuration. The Provisioned Configurations page appears. The provisioned configuration you just created appears in the list of configurations. 11. Click the saved provisioned configuration. The Advanced Provisioning page appears. 12. You can edit this provisioned configuration. Click Run Now to save the changes and instantly run the current configuration against the defined IP range. To cancel the configuration, click Cancel.

To run provisioned configurations

1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears. 3. 4. Click the check box beside the configurations you want to run. In the Choose Action menu, click Run Selected Configuration(s) Now.

To duplicate a configuration
1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears. 3. Click the configuration you want to duplicate. The Advanced Provisioning page appears. 4. Scroll down and click Duplicate.

To delete a configuration
1. Click Settings > K1000 Agent.

Administrator Guide, Version 5.2

Agent Provisioning

The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears. 3. Click the configuration you want to delete. The Advanced Provisioning page appears. 4. Scroll down and click Delete. Deleting a configuration will delete all associated target machines in the provisioning inventory list. Altering or updating a configuration will reset the data in the associated target machines list to the default settings until the subsequent provisioning run.

Deploying Agents from a Network Share

You can install agents using the installer files for all supported platforms on the K1000 Management Appliance at: \\k1000_name\client\agent_provisioning\ Ensure that you have enabled the file share to access this folder.

You can deploy agents through email or with scripts:

E-mail: An e-mail notification can be sent to your users containing either: Install file Link to the appliance Other Web location to retrieve the required installation file

Users can click on the link and install the appropriate file.

Log-in Script: Some companies use login scripts that provide a great mechanism to deploy the Agent while you log onto a machine. If you use login scripts, simply post the appropriate file in an accessible directory and create a login script for the Agents to retrieve it. The following sample Windows login script: Checks for the presence of the Microsoft .NET framework on the node. Installs the appropriate components to deploy the Agent:

@echo off if not exist "%windir%\microsoft.net" goto neednet echo .NET already installed.
Administrator Guide, Version 5.2 59

Agent Provisioning

goto end :neednet start /wait \\location\ dotnetfx.exe /q:a /c:"install /l /q" :end if not exist "C:\Program Files\KACE\K1000" goto needk1000 echo K1000 Agent already installed. goto end :needk1000 MsiExec.exe /qn /l* kbmsi.log /I \\location\KInstallerSetupSilent.msi ALLUSERS=2 :end

Provisioned Configurations
The Provisioned Configurations page displays:

Field Config Name Total Target Running

A list of computers that match Agent Provisioning configurations established in Advanced Provisioning. All the provisioning configurations created and their statuses.

The Provisioned Configurations page contains the following fields: Description Displays the configuration name. Click the config name displays the Advanced Provisioning page. Indicates the total number of target machines. Click the total number of target machines to display the Provisioning Results page. Indicates the total number of target machines on which provisioning is currently running. Click the total number of target machines to display the Provisioning Results page. Indicates the total number of target machines on which provisioning has not yet started. Click the total number of target machines to display the Provisioning Results page. Indicates the total number of target machines on which provisioning has succeeded. Click the total number of target machines to display the Provisioning Results page. Indicates the total number of target machines on which provisioning has failed. Click the total number of target machines to display the Provisioning Results page. Indicates in percentage the total number of target machines on which provisioning has succeeded. Indicates the IP range of the target machine. Indicates the provisioning schedule run as specified. For example: Every n minutes, Every n hours, or Never. Indicates a blank or a green check in the check box for the configuration name depending on the provisioning success.

Not Started Succeeded Failed % Succeeded IP Range Schedule Enabled

Administrator Guide, Version 5.2

Agent Provisioning

To create a new configuration

1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears. 3. In the Choose Action menu, click Create New Configuration. The Single Machine Provisioning page appears. For more information, see section Appendix 4: To deploy the agent on a single machine, starting on page 48.

To delete a configuration
1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears. 3. 4. 5. Select the check box beside the configurations you want to delete. In the Choose Action menu, select Delete Selected Item(s). Click OK.

To enable a configuration
1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears. 3. 4. Click the check box beside the configurations you want to enable. In the Choose Action menu, click Enable Selected Item(s).

To disable a configuration
1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears. 3. Click the check box beside the configurations you want to enable.
61

Administrator Guide, Version 5.2

Agent Provisioning

In the Choose Action menu, select Disable Selected Item(s).

Using the Provisioning Results Page

Provisioning Results page displays a list of computers that match the current Agent Provisioning Configurations. This list includes all the machines discovered by the configurations created in Advanced Provisioning and Single Machine Provisioning. You can view target provisioning and configuration information. The targets information results from the most recent provisioning run or execution on that target. Execution of a Provisioning Configuration targets the IP addresses and for each target (node) the execution evaluates the availability of IP addresses, agent status, port configuration, and so on. The results and logs of each provisioning step are displayed.

To view Provisioning Results

1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears. 3. Click Total Target/Running/Not Started/ Succeeded/ Failed/IP Range in the Provisioned Configurations list. The Provisioning Results page appears. 4. Click the IP Address of the required machine to view the provisioning target information and provisioning configuration information. The K1000 Agent Provisioning page appears. 5. Click Printer Friendly Version to see a print view of the page. You can print this page. You can also view computer inventory by clicking computer inventory under Provisioning Target Info section. The provisioning process collects the MAC address of the target machine and compares to the data associated with the current K1000 Computer Inventory. If a match is found, a link to Computer Inventory for that association is displayed next to the MAC Address. For more information on computer inventory, see Adding Computers to Inventory, on page 81. 6. Click the required DNS Lookup Enabled on the Provisioning Results page to view the DNS lookup details. When selected, live addresses are checked against the DNS Server to see if they have Agent Provisioning configured. The Provisioning Results page contains the following fields about the node:

IP Address (of the target machine)

Administrator Guide, Version 5.2

Agent Provisioning

MAC Address Host Name (from DNS) Suspected OS (from Scan) Action (for example, Agent Install) Provisioning Status K1000 Agent Installed (for example, yes) Error Category (if applicable) Record Last Modified Record Created

Managing K1000 Agent Tasks

The K1000 Agent Tasks option displays a list of all the tasks that are currently running or are scheduled for a machine connected to the appliance. Each machine displays the computer inventory information. Nodes with an active AMP (port: 52230) connection to the server are indicated with the icon on the Inventory list page.

You can view the K1000 Agent Tasks and Task Types from the View By: drop-down list, which are described in the table below: Tasks In Progress All Tasks Ready to Run (connected) Ready to Run Longer than 10 minutes Task Type inventory krash upload patchpatchname scripting update Organiz ation Agent tasks that are in progress. Agent tasks. Agent tasks that are about to run. Tasks that will run once an AMP connection exists. Agent tasks that have been waiting longer than 10 minutest for a connection. The server requests the node to update the computer inventory. The server requests the node to upload the dump file to the server (Windows only). Shows any of the nodes patching tasks, if running (Windows and Mac only). Updates the current status of the scripting tasks.

organization_n Lists the organizations that your company uses. ame

Administrator Guide, Version 5.2

Agent Provisioning

To view agent tasks

1. Click Settings > Support. The K1000 Settings: KACE Support page appears. 2. Click Troubleshooting Tools. The K1000 Troubleshooting Tools page appears. 3. Click the tasks link in See status of K1000 Agent tasks, under the K1000 Agent Messaging area. The K1000 Agent Tasks page appears. 4. Click the Machine Name from the K1000 Agent Tasks list to view the computer inventory information. The Computers: Detail Item page appears. 5. Click Printer Friendly Version to see a print view of the page and print it.

The K1000 Agent Tasks page contains the fields described in the table below: Field Machine Name Task Type Started Completed Next Run Timeout Priority Description The machine name on which some tasks are scheduled/running/in progress. The type of agent task. The start time of the task type. The time when the task type is completed. The next schedule or run time of the agent task type. When the task type has to be timed out. The importance or the priority value of the task type.

K1000 Agent Settings

The agent settings options configure the appliance to operate in your computing environment. These options specify:

How often the node runs on the user desktop. How often a full desktop computer inventory is performed.

The K1000 Agent options specify how often an agent checks into the appliance and how often the agent performs a full computer inventory. For example, a default Run Interval of 30 minutes means that computers with agents installed check into the appliance every 30 minutes.

To configure an agent
1.
64

Click Settings > K1000 Agent Settings.

Administrator Guide, Version 5.2

Agent Provisioning

The K1000 Agent Settings page appears. 2. To edit agent settings, click Edit Mode. The K1000 Organization: Edit Detail page appears in edit mode with the current agent setting details. These are the settings that control the schedule and frequency of your checked-in agents. 3. Field Communications Window Specify the following agent options under the K1000 Agent Settings For This Organization area: Suggested Setting 12:00 am to 12:00 am Notes The time interval when the agent can communicate with the appliance. For example, to allow the agent to connect between 1 am and 6 am only, select 1:00 am from the first drop-down list, and 6:00 am from the second. The interval that the agent checks into the appliance. Each time an agent connects, it resets its connect interval based on this setting. The default setting is once per hour. The interval (in hours) that the appliance will perform an inventory the nodes on your network. If set to zero, the appliance will inventory nodes at every Run Interval. The Download Throttle decides the maximum number of desktop agents that can download packages at one point in time. Packages will not be deployed on machines after the Download Throttle has been reached. For example, if the throttle is set to 100 and 100 agents are connected and receiving a deployment, the 101st agent will be deferred until any of the 100 agents has finished communicating with the appliance. The message that appears to users when communicating with the appliance.

Agent Run interval

1 hours

Agent Inventory Interval

Agent Download Throttle

100

Agent Splash Page Text

The appliance is verifying your PC Configuration and managing software updates. Please Wait... 15 minutes

Scripting Update Interval Scripting Ping Interval

The agent downloads new script definitions after scripting update interval is over. The default interval is 15 minutes. The agent tests the connection to the appliance after scripting ping interval is over. The default interval is 600 seconds.

600 seconds

Administrator Guide, Version 5.2

Agent Provisioning

Field Agent Log Retention

Suggested Setting

Notes The Agent Log Retention disallows the server to store the scripting result information that arises from the agents. By default, this stores all the results generated and can affect the performance of K1000 Management Appliance. Turn off the Agent Log Retention to allow the agent checkins to process faster.

Click Save to save the agent settings configuration. The K1000 Agent Settings page appears in read-only mode. These changes are reflected the next time agent checks into the appliance. The agent normally checks in using the Run Interval schedule specified in K1000 Agent Settings page. For debugging and testing purposes, KACE provides ways that can be used to force a check-in outside this normal schedule. You can run the file KBScriptRunner located in C:\Program Files\KACE\KBOX to force the agent to check in with the appliance. The KBScriptRunner.exe only forces a check-in (bypassing the Run Interval) but does not force an inventory if you have set a non-zero Inventory Interval. You must change the inventory interval to zero while debugging/ testing package deployments.

To troubleshoot nodes that fail to appear in Inventory

By default, the agent communicates with the appliance using http: over port 80. Assuming network connectivity is in place, the most common reason newly-installed agents fail to connect to the appliance during first-time setup is a problem with the default K1000 host name in DNS. If your machine does not show up in Inventory after installing the Agent, try the following. 1. If you set up the appliance in your DNS using a host name other than the default, k1000, or you need agents to reach the appliance by IP address instead of the DNS name, you must install the agent specifying the SERVER property. For example: Windows: c:\>KInstallerSetup.exe -server=myk1000 -display_mode=silent or c:\>KInstallerSetup.exe -server=192.168.2.100 -display_mode=silent Macintosh:

Administrator Guide, Version 5.2

Agent Provisioning

/Library/K1000Agent/Home/bin/setk1000 myk1000 or /Library/k1000Agent/Home/bin/setk1000 192.168.2.100 Linux: /K1000/bin/setk1000 myk1000 or /KACE/bin/setk1000 192.168.2.100 2. To correct the server name for an already-installed node: Windows: a. Verify host=myk1000 in smmp.conf. The path varies for 64-bit Windows: c:\Program Files\kace\k1000\smmp.conf c:\Program Files(x86)\kace\k1000\smmp.conf b. For further debugging and troubleshooting, add the following line to smmp.conf: debug = true c. Verify that the connection text in smmp.log indicates a connection established between the agent and server. After a successful connection, the smmp_connected file is generated. Macintosh: /var/kace/kagentd/kbot_config.yaml Linux: /var/kace/kagentd/kbot_config.yaml 3. 4. Verify that you are able to ping the appliance and reach it through a web browser at http://k1000. Verify that Internet Options are not set to use proxy, or proxy is excluded for the local network or the K1000 Management Appliance.

Administrator Guide, Version 5.2

Agent Provisioning

Verify that firewall or anti-spyware software is not blocking communication between the appliance and any of agent components, including: K1000Client.exe KUpdater.exe kagentd (OS X / UNIX)

Verify that the following processes are running: Windows: K1000SMMPManagementService OS X / Unix: kagentd processes. The agent will show up as perl in the OS X Activity Monitor.

If after verifying these items, you are unable to get the agent to connect to the appliance, contact KACE Support at [email protected].

K1000 Agent Update

The K1000 Agent Update feature allows you to automatically update the agent software for some or all machines that are checking in your appliance. Agent deployments are automatically updated as new agent updates are posted to this area. The Agent package that you post to the server from this page should be an official agent release received from KACE directly. Before updating the agent, ensure that you have downloaded and locally saved the following files. (XXXX refers to build number.)

Windows: update_4.3.XXXX.bin Mac OS: update_mac_4.3.XXXX.bin Linux: update_linux_4.3.XXXX.bin

To update the agent automatically

1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Agent Updates from KACE. The Agent Updates from KACE page appears. 3. 4. Click Edit Mode under the section that you want to edit. Specify the agent updates as shown in the following table: Select to upgrade the Agent the next time machines check into the appliance.

Enabled

Administrator Guide, Version 5.2

Agent Provisioning

Update Broken Agents

Select to update those machines that are running checking in with the appliance for new agent versions, but are unable to successfully report inventory information to the appliance. This setting overrides the Limit Update to settings. For such a broken agent check for a new version of the Agent software by running kupdater.exe manually. Enter a label for automatic upgrades. The upgrades will only be distributed to machines assigned to those labels, except if they are identified as a broken client above. Click Remove to limit the listed machines. To add more machines, select the machines from the Select machine to add drop-down list. Enter the value to verify machine by filter. Enter release notes about the agent.

Limit Updates to

Limit Update To Listed Machines Filter Notes 5.

To save the new agent updates, click Save.

You can see the version numbers of agent patches currently uploaded to the appliance under the Loaded K1000 Agent Updates area. Click Delete All Updates to delete all patches that are uploaded to the appliance.

To upload platform-specific agent patches

1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Agent Updates from KACE. The Agent Updates from KACE page appears. 3. 4. 5. 6. Click Edit Mode under the Upload K1000 Agent Update Files area. Scroll down and select the Load specific OS.bin file(s) check box. Click the button beside the platform name to upload the patch file for that platform.

Click Browse and locate the patch file (.bin). The Update Version ID text box displays the version number of the patch file you are uploading.

Click Save Windows Patch File to upload the patch file.

You can update agents on all platforms using a client bundle. The client bundle is designed to update the Agent deployment files that are stored on the appliance server via a single file.

Updating with a client bundle

Updating with a client bundle affects two areas of the K1000 Management Appliance:

Administrator Guide, Version 5.2

Agent Provisioning

K1000 Agent Update Advanced Provisioning

When you apply this bin file to your server, older versions of the agents are removed and replaced with the files contained in this bin file. The K1000 Agent Update settings will be disabled after applying the file. View the settings and confirm the label and settings and enable it again if you want the agents to deploy to your network. All the provisioning setups will also be disabled and will need to be reenabled to deploy the new version of the agent to your network.

To update agents using a client bundle

1. Download the k1000_patch_agents_xxx.bin file, and save it locally. After you register on the KACE web site, you can download the latest client bundle using the login credentials from the following link: http://www.kace.com/support/customer/downloads.php 2. Click Settings > K1000 Agent. The Agent Provisioning page appears. 3. Click Agent Updates from KACE. The Agent Updates from KACE page appears. 4. 5. 6. Click Edit Mode under the Upload K1000 Agent Update Files area. Click Browse beside Bundled Agents File, and locate the update file you have downloaded. Click Load Bundle File. Once the file is uploaded and applied: Go to the Agent Updates from KACE page, and verify if the correct labels have been selected. Select the Enabled check box to enable this upgrade. Go to the Advanced Provisioning page, and verify if the correct setups have been selected. Select the Configuration Enabled check box to enable this upgrade.

To troubleshoot the SMMP Management Service

1. Go to the following folder: C:\Program Files\kace\k1000 2. 3. Delete the *.InstallState files. Verify that the K1000 SMMP Management Service is listed in the services control panel.

Administrator Guide, Version 5.2

Agent Provisioning

If K1000 SMMP Management Service is not listed, run the following command to reconfigure it:

sc create K1000ManagementService binPath= "c:\program files\KACE\K1000\K1000SMMPManagementService.exe" type= interact type= own start= auto DisplayName= "K1000 SMMP Management Service" 5. You can now uninstall the agent from the Add or Remove Programs again.

If you continue to receive error messages, contact Dell KACE Support at [email protected] for assistance.

AMP Message Queue

The AMP (Agent Messaging Protocol) Message Queue page displays the list of pending communications with the agents, such as pending alerts, patches, scripts, or deleting crash dumps.

To view AMP Message Queue

1. Click K1000 Settings > Support or click The K1000 Settings: KACE Support page appears. 2. Click Troubleshooting Tools. The K1000 Troubleshooting Tools page appears. 3. Under the K1000 Agent Messaging area, click the message queue link. The AMP Message Queue page appears. The pending communications are displayed in this queue only if there is a constant connection between the Agent and the appliance. For Alerts, the pending communications are displayed in the AMP Message Queue even if there is no continuous connection between the Agent and the appliance. These messages are displayed till the Keep Alive time interval has elapsed. These messages are then deleted from the queue and the alerts expire. .

Administrator Guide, Version 5.2

Agent Provisioning

The Agent Message Queue page contains the following fields: Field Machine Name Description Indicates the machine name that contains the computer inventory information. Click the machine name to view the Computers Inventory page. Message Type [ID, Src ID] Expires Status icon indicates a successful AMP connection. icon indicates a failed AMP connection.

Indicates the message type. For example, Run Process or Builtin.

Message Payload Indicates the message payload. Indicates the date and time when the alert expired. Indicates the status of the AMP message. For example, Completed or Received.

To view alerts
1. Click K1000 Settings > Support or click The K1000 Settings: KACE Support page appears. 2. Click Troubleshooting Tools. The K1000 Troubleshooting Tools page appears. 3. In the K1000 Agent Messaging, click the message queue. The AMP Message Queue page appears. 4. In the Choose Action menu, click View Alerts. A list of Alerts is displayed under the Message field. The View Alerts option is available in the Choose Action menu only if AMP Message Queue has pending or displays alerts. For creating alerts, see To Create a Broadcast Alert Message, on page 207. .

To delete a message queue

1. Click K1000 Settings > Support or click The K1000 Settings: KACE Support page appears. 2. Click Troubleshooting Tools. The K1000 Troubleshooting Tools page appears. .

Administrator Guide, Version 5.2

Agent Provisioning

Click the message queue link in See list of pending communications in the K1000 Agent message queue, under the K1000 Agent Messaging area. The AMP Message Queue page appears.

4. 5. 6.

Click the check box for the message you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click OK to confirm deleting the message. This removes the message queue from the Agent.

Administrator Guide, Version 5.2

Agent Provisioning

Administrator Guide, Version 5.2

5
Managing Software and Hardware Inventories

The Dell KACE K1000 Management Appliance Inventory tab enables you to identify and manage the hardware and software on your network and organize these assets using labels and filters.

Inventory Feature Overview, on page 75. Managing Your Computer Inventory, on page 76. Managing Your Software Inventory, on page 83. Managing Your Processes Inventory, on page 88. Managing Your Startup Program Inventory, on page 90. Managing Your Service Inventory, on page 92. Managing Your MIA (Out-Of-Reach Computer) Inventory, on page 93. Using the AppDeploy Live Application Information Clearinghouse, on page 95.

Inventory Feature Overview

The agent collects Inventory information from each node. The information is uploaded and displayed on your K1000 Management Appliance after the nodes check in. The data is then listed on one of the Inventory tabs:

Computers Software Processes Startup Services IP Scan MIA Label

The inventory data is collected automatically according to the Agent Inventory Interval schedule specified in the Settings > K1000 Agent Settings. If the Agent inventory Interval is set to zero, the inventory is performed as per the Agent Run Interval on the same page.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

Although it is listed under the Inventory tab, the IP Scan feature is discussed in Chapter 7: Scanning for IP Addresses, starting on page 105. This figure illustrates some of the Inventory features using the Computers sub-tab. Figure 5-1: Inventory - Computers Tab

Managing Your Computer Inventory

The Computer Search & Filter page displays the computers IP address and the user connected to it. Clicking Action #1 Machine Action if specified. or Action #2 beside the IP address, invokes an

For more details on Machine Actions, refer to Chapter 2: Configuring your Appliance, starting on page 19.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

From the Computers tab you can:

Search by keyword or invoke an Advanced Search Create a Filter to apply labels to computers automatically Create Notifications based on computer attributes Add/delete new computers manually Filter the Computer Listing by label Apply or remove labels Show or hide labels

To view details about a computer, click its name.

Searching for Computers in Your Inventory

This section explains the various options you have for searching for computers in your inventory.

Using Advanced Search for Computer Inventory

Although you can search computer inventory using keywords like Windows XP or Acrobat, those types of searches might not specific enough. Advanced search, on the other hand, allows you to specify values for each field present in the inventory record and search the entire inventory listing for that value. This is useful for example, if you needed to list computers with a particular version of BIOS installed.

To specify advanced search criteria

1. 2. Click the Advanced Search tab. Select an attribute from the drop-down list. For example: IP Address 3. Select a condition from the drop-down list. For example: contains 4. Enter the attribute value. For example, to search machines in an IP range: XXX.XX.* Note: You can add more than one criteria. 5. To add more criteria, select a conjunction operator from the drop-down list. The options are AND or OR. 6. Click Search. The search results are displayed.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

Creating Smart Labels for Computer Inventory

Smart Labels enable you to dynamically apply a label based on a criteria. Smart Labels work well with Inventory attributes. For example, to track laptops that travel, create a label called San Francisco Office, and create a Smart Label based on the IP range or subnet for machines located at the San Francisco office. Whenever a machine that meets the IP range is checked in, it is labeled as San Francisco. The table below lists some examples of useful Smart Labels that can be applied to a machine based on its inventory attributes: Filter Examples Sample Label Name XP_Low_Disk XP_No_HF182374 Building 3 CN_sales Sample Condition Windows XP Machine with less than 1 GB of free hard disk at last connection. Windows XP Machine without Hotfix 18237 installed at last connection. Machine connecting to the K1000 Management Appliance is detected in a specified IP range known to originate in building 3. Computers connecting where computer name contains the letters sales. For more information about Smart Labels, see About Smart Labels, on page 42.

Searching for Computers by Creating Computer Notifications

You can also use the Notification feature to search the inventory for computers that meet certain criteria, such as disk capacity or OS version, and then send an e-mail automatically to an administrator. For example, to know when computers have a critically low amount of disk space left, you can: 1. 2. Specify the search criteria to look for a value of 5 MB or smaller in the Disk Free field Notify an administrator to take appropriate action.

To create a notification
1. 2. 3. 4. 5. 6. Click Inventory > Computers, and then click the Create Notification tab. Specify the search criteria and the constraints. Specify a title for the search. Enter the mail address of the recipient of the notification. To see whether the filter produces the desired results, click Test Notification. Click Create Notification to create the notification.

Now, whenever machines that meet the specified notification criteria check into the K1000 Management Appliance, an e-mail is automatically sent to the specified recipient. You can modify or delete a notification after it has been created on the Reporting > Email Alerts tab.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

Filtering Computers by Organizational Unit

To filter computers based on an Organizational Unit found in LDAP or AD, you can create LDAP Labels to do this from the Home > Label > LDAP Labels tab. For more information on how to create LDAP Labels, refer to About LDAP Labels, on page 187.

Using the Computer Inventory Detail Page

From the Computers tab, you can select a computer in inventory and view its details. The Computer Detail page provides details about a computers hardware, software, install, patch, Service Desk, and OVAL vulnerability history, among other attributes.

The following sections describe each of the detail areas on this page. To expand or collapse the sections, click the + sign next to the section headers.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

Inventory Heading Summary

Description Contains basic computer identification information. Most of this is self-explanatory. The only appliance-specific information in this section is the AMP connection and the agent software level. Some appliance features work only if there is a constant connection between the agent and the appliance: A icon indicates a constant connection between the agent and the appliance.

A icon indicates that the agent and the appliance are not connected. For more details on the AMP connection, see AMP Message Queue, on page 71. Use the Force Inventory Update button to immediately update all computer inventory information. Click Force Inventory Update to synchronize the computer with the server. It requests that the node send an inventory to the appliance. Inventory Information Software Activities This section provides more detail on some of the categories in the Summary section. This section provides details on the software programs the computer has installed, including patching level information, running processes, and startup programs. The Labels section displays the labels assigned to this computer. Labels are used to organize and categorize machines. The Failed Managed Installs section displays a list of Managed Installations that failed to install on this machine. To access details about the Managed Installations, click the Managed Software Installation detail page link. The To Install List section lists the Managed Installations that are sent to the machine the next time it connects. The Help Tickets section provides a list of the Service Desk Tickets (if any) associated with this machine. These can either be Tickets assigned to the machine owner or Tickets submitted by the machine owner. To view a Service Desk Tickets details, click the Ticket ID (for example, TICK:0032). Security The Patching Detect/Deploy Status section displays a list of patches detected and deployed on the computer. Click the appropriate link, for example, Failed, Not Patched, Patched, and All to sort the list of patches.You can review your patch schedules by clicking the Patch Schedules link. The Threat Level 5 list section displays the items that have been marked with the threat level as 5. A threat that is harmful to any software, process, startup item, and services associated with this machine is considered as threat level 5. The OVAL Vulnerabilities section displays the results of OVAL Vulnerability tests run on this machine. Only tests that failed on this computer are listed by the OVAL ID and marked as Vulnerable. Tests which passed are grouped together and marked as Safe. The Portal Install Logs section provides details about the User Portal packages installed on this machine. See Appliance Agent Logs, on page 81, for details on this section. The Scripting Logs section lists the Configuration Policy scripts that have been run on this computer, along with the status of any scripts in progress.

Logs

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

Inventory Heading Asset

Description This section displays the details of the Asset associated with that machine. Details such as the date and time when the Asset record was created, the date and time when it was last modified, type of the asset and name of the asset are displayed. Click the [Edit] link to edit the asset information. For more information about Assets, see the Asset Management Guide.

Appliance Agent Logs

This section displays logs for K1000 Management Appliance Management Service, boot strap, Client, and Scripting Updater.

Management Service Logs: The primary role of appliance Management Service is to execute the Offline KScripts. The Management Service logs display the steps performed by Management Service to execute the Offline KScripts. These steps include, dependencies downloads and validating the KBOTS file. Any error in the execution of Offline KScript is logged in the Management Service logs.

Boot Strap Logs: The appliance sends a boot strap request to get inventory information for a node that has checked in for the first time. The logs related to this request are displayed in Boot Strap logs.

Client Logs: The appliance sends a request to the agent to get inventory information periodically. A script is executed on the node after which it sends the inventory information to the appliance. On successful execution of K1000Client.exe, inventory is uploaded to the appliance. The agent logs display these actions.

Scripting Updater: A request is initiated periodically from the node to get the latest information related to the changes in Offline KScripts. Scripting Updater logs displays this information.

Adding Computers to Inventory

The appliance provides the convenience of automatically adding computers to inventory. This is especially useful when you maintain a large number of computers on your network. However, the appliance also provides the flexibility to manually add computers to inventory. For example, you can track computers that currently do not have agent support or computers that are not available on your LAN.

Adding Computers Automatically

Computers are automatically added to Inventory by provisioning the agent on the computers on your network. The computers on which the agent is installed will check into the appliance

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

and upload all the available inventory data. For more information on agent provisioning, refer to Chapter 4: Agent Provisioning, starting on page 45.

Adding Computers Manually

You can use the K1000 to maintain inventory data of all the machines on your network, including those not connected to your LAN. This might be a good practise if you want to maintain Inventory on computers in dark networks. The number of computer or machine records in Inventory affects your license count even if the computer is no longer in use.

To add a computer to inventory manually

1. 2. Click Inventory > Computers . In the Choose Action menu, click Add New Item. The Computer: Edit Computer Detail page appears. 3. Complete the information required by: Entering by hand: For example data, view the computer record of a machine that is already listed in the inventory. Importing the machine.xml file for this computer.

The K1000Client.exe can take an optional command line parameter-inventory. To configure this, type: K1000 Agent/exe-inventory The appliance agent collects the inventory data and generates a file called machine.xml, which you can upload here. If you choose this option, the appliance ignores all other field values on this screen.

To delete a computer
1. 2. 3. 4. Click Inventory > Computers. Click the check box beside the computers you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click Yes to confirm deleting the computer.

To apply a label to a computer

1. 2. 3. Click Inventory > Computers. Select the computer you want to apply a label to. In the Choose Action menu, you can: Select Apply Label and the appropriate label to apply Select Add Label, enter the New Label name, and click Save.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

To remove a label from a computer

1. 2. 3. Click Inventory > Computers. Click the check box beside the computers you want to remove the label from. In the Choose Action menu, click the appropriate label under Remove Label .

Managing Your Software Inventory

The Inventory feature also collects and displays an inventory of the software items installed on each of the computers listed in the inventory. From the Inventory > Software tab you can see all the software installed across your network. By default, the software list alphabetically lists only the first 100 software items detected. To view all software installed, click the Show All link. From the Software List page, you can:

Add or delete software Add or remove labels Categorize the Software Set Threat Level to Software

To view the details of a software title, click the software name link.

Using Advanced Search for Software Inventory

You can search your software inventory using keywords like Adobe Flash Player or ActivePerl. For more refined search results use the Advanced Search. This feature allows you to specify values for each field present in the software inventory and search the entire inventory for that particular value or combination of values. For example, if you need a list of computers that have a specific application installed on a specific operating system.

To specify advanced search criteria

1. 2. Click the Advanced Search tab. Select an attribute and a condition from the drop-down lists For example, Display Name (Title) and contains. 3. Enter the Attribute Value. For example, ActivePerl causes all the machines having ActivePerl software to be searched. 4. To add more than one criteria, select the Conjunction Operator from the drop-down list. For example: AND. 5. Select an attribute and a condition from the drop-down lists. For example, Supported OS and contains.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

Enter the Attribute Value. For example, XP.

Click Search. The combination of XP and ActivePerl returns all machines that have Windows XP OS and ActivePerl software installed.

Adding Software to Inventory

You can add software inventory items automatically or manually. Automatically capturing software inventory items is especially useful when it is difficult to determine and maintain lists of all the software titles installed on your network nodes. Thus, the K1000 Management Appliance also provides you with the flexibility to manually add software titles to the inventory. For example, you can add a software item that is not yet been installed on your network, create a managed installation from it, and then deploy it to your other nodes.

Adding software automatically

Software items are added to Inventory automatically when the agent checks in. The nodes on which the appliance agent is installed check in to your appliance and upload all the available software inventory data. For more information on agent provisioning, refer to Chapter 4: Agent Provisioning, starting on page 45.

To add software to Inventory manually

The appliance automatically creates inventory records for the software titles found on the network. If you dont see a software package in Inventory, the package probably isnt installed on a node in your K1000 Management Appliance. Usually, its better to install the package on a node and run inventory, than to manually install. You may want o include a custom rule so that information about the software is current and the package is not reinstalled each time that the agent check in, for example. See Appendix C: Writing Custom Inventory Rules, starting on page 241. 1. 2. Click Inventory > Software. In the Choose Action menu, click Add New Item. The Software : Edit Software Details page appears. 3. Enter the general software details. Enter the Display Version, Vendor, and Software Title information consistently across software inventory to ensure proper downstream reporting. 4. 5. 6. 7. Upload or specify links to available information files associated with the software. In the Assign To Label field, select the labels to assign. (Optional) Enter any other information in the Notes field. Specify the Custom Inventory ID (rule), for example:

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

RegistryValueGreaterThan(HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx,szDatVersion,4.0.44) Before deploying a software item to a remote node, your appliance first verifies whether that file is present on the that node. If it is detected, it is not sent to the machine a second time. In some instances, installed programs do not register in Add/Remove Programs or in standard areas of the registry. In such cases, the appliance may not be able to detect the presence of the application without additional information from the administrator. Therefore, the appliance may repeat the install each time the node connects. For more information on Custom Inventory ID (rule), refer to Appendix C: Writing Custom Inventory Rules, starting on page 241. 8. 9. Select the supported operating systems in the Supported Operating Systems field. In the Custom Inventory ID (rule) field, enter the Custom Inventory ID.

10. Beside Upload & Associate File, click Browse, and then click Open. 11. Under Metadata, specify the following information: Category Threat Level Hide from Software Lookup Service Select the desired category. Select the threat level. Click this check box to hide this information from the Software Lookup Services. (Use for proprietary information.)

12. Click Save. The software detail page displays license information for the software. You can also view the license asset detail by clicking on the license link.

To create software assets

1. 2. 3. Click Inventory > Software. Click the check box for the appropriate software. In the Choose Action menu, click Create Asset. The Assets page appears. For more information about using Assets, see the Asset Management Guide.

Custom Data Fields

You can create custom data fields to read information from a target machine and report it in the Computer Inventory certificate. This is useful for reading and reporting on information

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

in the registry and elsewhere on the target machine. For example, DAT file version number from the registry, file created date, file publisher, or other data.

To create a custom data field

1. 2. 3. 4. Click Inventory > Software. In the Choose Action menu, click Add New Item. Enter a Display Name for the field. In the Custom Inventory (ID) rule area, enter the appropriate syntax according to the information you want returned: To return a Registry Value, enter the following, replacing valueType with either TEXT, NUMBER, or DATE. NUMBER is an integer value: RegistryValueReturn(string absPathToKey, string valueName, string valueType), Example: RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Viruss can Online,SourceDisk, TEXT) To return File Information, enter: FileInfoReturn(string fullPath, string attributeToRetrieve, string valueType) Example: FileInfoReturn(C:\Program Files\Internet Explorer\iexplore.exe, Comments,TEXT) You can retrieve the following attributes from the FileInfoReport() function: Comments CompanyName FileBuildPart FileDescription FileMajorPart FileMinorPart FileName FilePrivatePart FileVersion InternalName IsDebug IsPatclhed IsPreRelease IsPrivateBuild IsSpecialBuild Language LegalCopyright LegalTrademarks OriginalFilename PrivateBuild ProductBuildPart ProductMajorPart ProductMinorPart ProductName ProductPrivatePart ProductVersion SpecialBuild CreatedDate ModifiedDate AccessedDate

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

Attaching a Digital Asset to a Software Item

Whether you add the software to inventory automatically or manually, you need to associate the files required to install the software before distributing a package to users for installation. To associate multiple files, create a .zip file, and associate the resulting archive file.

To attach a digital asset to a software item

1. 2. Click Inventory > Software. Click the linked name of the software title. The Software: Edit Software Detail page appears. 3. 4. 5. Beside Upload & Associate File, click Browse. Locate the file to upload, and then click Open. Modify other details as necessary, and then click Save. The Software-To-Computer Deployment Detail table at the bottom of the Software > Edit Software Detail page shows which computers have the software title installed.

To delete a software item

1. 2. 3. 4. Click Inventory > Software. Click the check box beside the software to delete. In the Choose Action menu, click Delete Selected Item(s). Click Yes to confirm deleting the software.

To apply a label to a software item

If you want your label to include all copies of this software, the ones you have now and any you might purchase in the future, use a Smart Label. See Creating Smart Labels for Computer Inventory, on page 78. 1. 2. 3. Click Inventory > Software. Click the check box beside the software to apply a label to. In the Choose Action menu, click Apply Label and then the appropriate label to apply. You can also click Add Label in the Choose Action menu to create and apply a new label.

To remove a label from a software item

1. 2. 3. Click Inventory > Software. Click the check box beside the software to remove the label from. In the Choose Action menu, click Remove Label and the appropriate label.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

To categorize a software item

1. 2. 3. Click Inventory > Software. Click the check box beside the software you want to categorize. In the Choose Action menu, click Set Category and the category.

To set threat level to a software item

1. 2. 3. Click Inventory > Software. Click the check box beside the software. In the Choose Action menu, click the appropriate threat level.

Managing Your Processes Inventory

The K1000 Management Appliance Processes feature allows you to keep track of processes that are running on all agent machines across your enterprise. The Processes feature records and reports the processes details information. You can record and view software usage for the last 1, 2, 3, 6, or 12 months. Detail pages provide information on individual processes, including the name of the computer running those processes, system description, and the last user. Using Processes feature, you can:

View Process details Delete selected processes Disallow selected processes Meter selected processes Apply labels Remove labels

The processes are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet, Malware, Security, and System Tool.

To view process details

1. Click Inventory > Processes. The Processes page appears. 2. Select the process name to view details. The Process Details page appears. 3. 4. 5. 6.
88

Select labels to assign to process in the Assign To Label box. Enter any notes that further describe this process in the Special Notes box. Select the category of the process in the Category drop-down list. Select the threat level of the process in the Threat Level drop-down list.
Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

Click Save. You can read comments on the process submitted by other users by clicking [Read Comments] on the Process Details page. You can also ask for help from KACE about the processes by clicking [Ask For Help.] You need a KACE user name and password to log in to the Dell KACE database.

You can also see computers with running the selected process. You can view and print a printer friendly version of this page.

To delete a process
1. To delete processes, do one of the following: 2. From the Processes List view, click the check box beside the process, and then in the Choose Action menu, click Delete Selected Item(s). From the Process detail page, click Delete.

Click OK to confirm deleting the selected process.

To disallow processes
1. Click Inventory > Processes. The Processes page appears. 2. 3. Click the check box beside the processes to disallow. In the Choose Action menu, click Disallow Selected Item(s). The Script : Edit Detail page appears. 4. Enter the script configuration details, and then click Run Now to run Disallowed Programs Policy. For more detailed information on scripting and Disallowed Programs Policy, refer to Chapter 9: Using the Scripting Features, starting on page 143.

To apply a label to a process

1. 2. 3. Click Inventory > Processes. Click the check box beside the processes you want to apply a label to. In the Choose Action menu, click the appropriate label to apply.

To remove a label from a process

1. 2. 3. Click Inventory > Processes. Click the check box beside the processes you want to remove the label from. In the Choose Action menu, click the appropriate label under Remove Label.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

To categorize a process
1. 2. 3. Click Inventory > Processes. Click the check box beside the processes you want to categorize. In the Choose Action menu, click the appropriate category.

To set threat level to a process

1. 2. 3. Click Inventory > Processes. Click the check box beside the processes. In the Choose Action menu, click the appropriate threat level.

To meter a process
1. 2. 3. Click Inventory > Processes. Click the check box beside the processes. In the Choose Action menu, click Meter Selected Items(s). The process are added to the list of processes to be monitored in the Metering tab. For more information on Software Metering, refer to Asset Management Guide.

Managing Your Startup Program Inventory

The K1000 Management Appliance Startup feature allows you to keep track of startup programs on all agent machines across your enterprise. The Startup feature records and reports the startup program detail information. Detail pages provide information on startup programs, including the name of the computer running those startup programs, system description, and the last user. Using Startup feature, you can:

View startup program details Delete selected startup programs Apply or remove labels

The startup programs are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet, Malware, Security, and System Tool.

To view Startup detail information

1. Click Inventory > Startup. The Startup Programs page appears. 2. Click the startup program name to view details. The Startup Programs : Edit Startup Programs Detail page appears.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

3. 4. 5. 6. 7.

Select labels to assign to startup program in the Assign To Label box. (Optional) Enter notes that further describe this startup program in the Notes box. Select the category of the startup program in the Category drop-down list. Select the threat level of the startup program in the Threat Level drop-down list. Click Save to save the startup program details. You can read comments on the startup program submitted by other users by clicking [Read Comments]. You can also ask for help from KACE about the startup programs by clicking [Ask For Help.] You need a KACE user name and password to log in to the Dell KACE database.

You can also see computers with running the selected startup program. You can view a printer friendly version of this page and take print outs of the report.

To delete a startup program

1. To delete startup programs, do one of the following: 2. From the Startup Programs List view, click the check box beside the startup program, and then in the Choose Action menu, click Delete Selected Item(s). From the Startup Program : Edit Startup Program Detail page, click Delete.

Click OK to confirm deleting the selected startup program.

To apply a label to a startup program

1. 2. 3. Click Inventory > Startup. Click the check box beside the startup programs you want to apply a label to. Select the appropriate label to apply from the Choose Action menu.

To remove a label from a startup program

1. 2. 3. Click Inventory > Startup. Click the check box beside the startup programs you want to remove from the label. In the Choose Action menu, click the appropriate label under Remove Label.

To categorize a startup program

1. 2. 3. Click Inventory > Startup. Click the check box beside the startup programs you want to categorize. In the Choose Action menu, click the appropriate category.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

To set threat level to a startup program

1. 2. 3. Click Inventory > Startup. Click the check box beside the startup programs. In the Choose Action menu, click the appropriate threat level.

Managing Your Service Inventory

The K1000 Management Appliance Service feature allows you to keep track of services running on all agent machines across your enterprise. The Service feature records and reports the services information in detail. Detail pages provide information on services, including the name of the computer running those services, system description, and the last user. Using Services feature, you can:

View services details Delete selected services Apply or delete labels

The services are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet, Malware, Security, and System Tool.

To view service detail information

1. Click Inventory > Service. The Services page appears. 2. Click the service name to view details. The Service : Edit Service Detail page appears. 3. 4. 5. 6. 7. Select labels to assign to service in the Assign To Label box. Enter any notes that further describe this service in the Notes box. Select the category of the service in the Category drop-down list. Select the threat level of the service in the Threat Level drop-down list. Click Save to save the service details. You can read comments on the service submitted by other users by clicking [Read Comments]. You can also ask for help from Dell KACE about the service by clicking [Ask For Help.] You need a KACE username and password to log in to the Dell KACE database. You can also see computers with running the selected startup program. You can view a printer friendly version of this page and take print outs of the report.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

To delete a service
1. To delete services, do one of the following: 2. From the Services List view, click the check box beside the service, and then in the Choose Action menu, click Delete Selected Item(s). From the Process detail page, click Delete.

Click OK to confirm deleting the selected service.

To apply a label to a service

1. 2. 3. Click Inventory > Service. Click the check box beside the services you want to apply a label to. In the Choose Action menu, click the appropriate label to apply.

To remove a label from a service

1. 2. 3. Click Inventory > Service. Click the check box beside the services you want to remove the label from. In the Choose Action menu, click the appropriate label under Remove Label.

To categorize a service
1. 2. 3. Click Inventory > Service. Click the check box beside the services you want to categorize. In the Choose Action menu, click the appropriate category.

To set a threat level to a service

1. 2. 3. Click Inventory > Service. Click the check box beside the services. In the Choose Action menu, click the appropriate threat level.

Managing Your MIA (Out-Of-Reach Computer) Inventory

The K1000 Management Appliance MIA tab offers a list of the nodes that have not checked in to the appliance in some time. You can filter the MIA view by computers that have missed the last first, fifth, or tenth syncs, or which have not communicated with appliance in the last 1-90 days. The MIA tab also displays the IP and MAC Addresses of these computers.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

From the MIA tab, you can remove the computers from the appliance Inventory and assign them to labels to group them for management action.

Configuring the MIA Settings

You can configure the MIA Settings to enable the appliance to automatically delete computers from the inventory after they have not checked in for a specified number of days. This eliminates the need to manually delete the computers from the Computers - MIA page.

To configure the MIA settings

1. 2. Click Inventory > MIA. In the Choose Action menu, click Configure Settings. The MIA Settings page appears. 3. Enter the following information: Click the check box to enable automatic deleting of MIA computers. Enter the period in number of days. Computers that do not communicate with the appliance for the number of days specified are automatically deleted.

Automatically delete MIA computers Days

Click Save.

To delete an MIA computer

1. 2. 3. 4. Click Inventory > MIA. Click the check box beside the computers you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click Yes to confirm deleting the computer.

To apply a label to an MIA computer

1. 2. 3. Click Inventory > MIA. Click the check box beside the computers you want to apply a label to. In the Choose Action menu, select the appropriate label to apply .

To create a new label

For example, you can create a label on any tab in Inventory: 1. 2. 3. Click Inventory, and click the tab you want to work with, for example, Software. In the Choose Action menu, click Add Label . In the Add Label window, enter a name for the new label.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

Click Save.

Using the AppDeploy Live Application Information Clearinghouse

AppDeploySM (or AppDeploy.com) contains information on installation, deployment, and systems management automation. (However, it does not tie directly into the appliance.) By centralizing relevant information in one place, AppDeploy.com reduces the need for searching answers through vendor sites, discussion boards, and technical publications. This website provides computer administrators an easier way to search for answers and solutions.

Enabling AppDeploy Live

The AppDeploy Live! website is both a platform for product forums and a source of up-todate news and announcements. Enabling AppDeploy Live! integrates community submitted information directly from this web site. 1. 2. 3. 4. Click Settings > General. Click Edit Mode. Click the Enable AppDeploy Live! check box. Click Set Options to save your changes.

For more information on how to change K1000 General Settings, refer to To configure general settings for the server, on page 19.

Viewing AppDeploy Live content

You can view AppDeploy Live contents of your appliance. From Inventory, you can view AppDeploy Live information on software, processes, startup programs, and services. AppDeploy Live information can also be viewed from the Distribution > Managed Installations and Distribution > File Synchronization. You can visit www.AppDeploy.com for more information. If you have not enabled AppDeploy Live, you cannot view AppDeploy Live information. Refer to Using the AppDeploy Live Application Information Clearinghouse, on page 95.

To view AppDeploy Live information

1. Go to Inventory > Software. The Software page appears, which lists the software installed on nodes. 2. Select the software title to see the associated information from AppDeploy Live. The Software : Edit Software Detail page appears. 3. Scroll Down to view AppDeploy Live information.

Administrator Guide, Version 5.2

Managing Software and Hardware Inventories

Administrator Guide, Version 5.2

6
Importing and Exporting Appliance Resources

This chapter explains how to transfer K1000 Management Appliance resources between organizations within an appliance and between separate appliances.

About importing and exporting resources, on page 97. Transferring resources using a SAMBA share, on page 97. Transferring resources between Organizations, on page 102.

About importing and exporting resources

The Administrator Portal offers you the ability to import and export these resources components between separate K1000 Management Appliance or between different organizations within an appliance:

Email alerts Managed Installations Reports Scripts Smart labels Software components from Inventory Ticket rules

All K1000 Management Appliance have built-in SAMBA share directories, allowing you to import and export appliance resources among them. For details, see the Transferring resources using a SAMBA share section. If you use the Organizational Management component of the K1000 Management Appliance, you also can transfer resources between organizations within an appliance. For details, see Transferring resources between Organizations, on page 102. If you dont use Organizational Management, its options are not displayed.

Transferring resources using a SAMBA share

Any appliance can export the resources listed in About importing and exporting resources to another appliance using their SAMBA share directories as staging areas.

Administrator Guide, Version 5.2

Importing and Exporting Appliance Resources

Export resources from one appliance to another using SAMBA shares

1. 2. Open the Administrator Portal of the appliance to export resources from. Go to Settings > Resources. The Resource Management Panel appears.

Click Export K1000 Resources. The Export K1000 Resources page appears, listing all of the resources available to export.

By default, all available resources on the appliance are listed. You can limit the resources to view using the drop-down list and search field on the right side of the screen. Select a resource from the list to display just that resource category. Enter a

Administrator Guide, Version 5.2

Importing and Exporting Appliance Resources

term in the search field to limit the resources list even further. In this example, only Reports with the term Closed in the description are listed:

4. 5.

Click the check boxes of the resources to export. In the Choose Action menu, click Export to SAMBA Share. The Annotate Exported Resource(s) splash screen appears.

Enter a description of the components to export, and click Save. Your exported resources first appear on the Resource Manager Queue page with a Status of New Request. Click the Refresh button to update this page. When finished, the Status changes to Completed. Most import/export tasks only take a moment, but very large resources take longer. This screen does not refresh by itself for several minutes. The resources you exported are now available on your SAMBA share for other K1000 Management Appliance to import.

Go to Settings > Control Panel, and note the location of the SAMBA share directory in the SAMBA Share Settings section. You need to copy the appliance resources from this directory to the SAMBA share of the appliance importing the software.

On the importing appliance, go to the Administrator Portal > Settings > Control Panel, and click General Settings. The K1000 Settings: General page appears.

In the SAMBA Share Settings section, note the location of the SAMBA share directory.

10. Using a third-party file copying utility, copy the resources from the exporting appliance SAMBA share to the importing appliance the SAMBA share. 11. On the importing appliance, navigate to the K1000 Settings > Resources page.

Administrator Guide, Version 5.2

Importing and Exporting Appliance Resources

The Resource Management Panel appears:

12. Click Import K1000 Resources. The Import K1000 Resources page appears, listing all of the appliance resources available to import. 13. From Choose Action menu, click Import Resource(s) from SAMBA Share. The Import Resources from SAMBA Share Directory page appears. 14. Select the resources to import, and click Import Resources.

100

Administrator Guide, Version 5.2

Importing and Exporting Appliance Resources

The Import Resources From SAMBA Directory page appears:

15. Select the resource files to import, and click Import Resources. Your imported resources first appear on the Resource Manager Queue page with a Status of New Request. Click Refresh to update this page. When finished, the Status changes to Completed. Most import/export tasks only take a moment, but very large resources take longer. This screen does not refresh by itself for several minutes. Once you see a Status of Completed, the resources you imported are available and listed on their respective tabs (Reports, Inventory > Software, Scripting, Distribution > Managed Installations) for your organization to use.

Administrator Guide, Version 5.2

101

Importing and Exporting Appliance Resources

Transferring resources between Organizations

You transfer resources between KACE K1000 Appliance organizations by exporting them from one organization and then importing them into another. The sections below explain how. To use the features provided for organizations, you must enable Organizational Management. The options used for this feature are not displayed on K1000 Management Appliance without it.

Exporting resources to Other Organizations on an appliance

The first step in transferring any of the resources listed in About importing and exporting resources is exporting them from one organization, which is explained in this section. 1. Go to Organizations: organization_name > K1000 Settings > Resources. The Resource Management Panel appears.

To export resources from one organization to the others, click Export K1000 Resources. The Export K1000 Resources page appears, listing all of the resources on the appliance available to export.

Click the check boxes for the resources to export.

102

Administrator Guide, Version 5.2

Importing and Exporting Appliance Resources

In the Choose Action menu, click Export to Local K1000. The Annotate Exported Resource(s) splash screen appears.

Enter a brief comment describing the exported resources, and then click Save. Your exported resources first appear on the Resource Manager Queue page with a Status of New Request. In a few minutes, the export will complete, and the Status changes to Completed. Click the Refresh button to update this page.

The resources you exported are now available for other organizations on your appliance to import. For details on importing these resources into another organization, see the Importing resources from another organization on your appliance section.

Importing resources from another organization on your appliance

Once resources are exported from an organization, they are available to the other organizations on that appliance to import and use. If you have not yet exported the appliance resources you need, follow the instructions in the Exporting resources to Other Organizations on an appliance section. To import appliance resources from another appliance, follow the instructions in the Transferring resources using a SAMBA share section.

Import software components from another organization

1. Click Settings > K1000 Settings > Resources. The Resource Management Panel appears.

Click Import K1000 Resources.

Administrator Guide, Version 5.2

103

Importing and Exporting Appliance Resources

The Import K1000 Resources page appears, listing all of the resources available to import:

3. 4.

Click the check boxes for the resources to import. In the Choose Action menu, click Import Selected Resource(s). The Resource Manager Queue page appears. Your imported resources first appear on the Resource Manager Queue page with a Status of New Request. Click the Refresh button to update this page. When finished, the Status changes to Completed. Most import/export tasks only take a moment, but very large resources take longer. This screen does not refresh by itself for several minutes.

Once you see a Status of Completed, the resources you imported are available on the respective pages (Reports, Inventory > Software, Scripting, Distribution > Managed Installations) for your organization.

104

Administrator Guide, Version 5.2

7
Scanning for IP Addresses

IP scan allows you to scan a range of IP addresses to detect the existence and attributes of various devices on a network.

IP Scan Overview, on page 105. Viewing Scheduled Scans list, on page 105. Creating an IP Scan, on page 106.

IP Scan Overview
The K1000 Management Appliance can scan a range of IP addresses for SNMP enabled machines, allowing you to retrieve information about machines connected to your network. Although IP Scans have their own server-side scheduling, you can invoke a scan on-demand or schedule an IP scan to run at a specific time. IP scan reports a variety of inventory data that lets you monitor the availability and service level of a target machine. IP scan scans ports in addition to IP addresses. You can collect data even without knowing the IP addresses of the target machines. It can scan any type of device (as long as the device has an IP address on the network) including computers, including virtual machines, printers, network devices, servers, wireless access points, routers, and switches.

Viewing Scheduled Scans list

By default, the IP Scan tab displays the available scans. From this page, you can also:

Schedule a new scan. Delete scans.

About scan results

On the scan results page, you can:

Schedule new scan. Apply a label or a Smart Label or delete a label. Create a remote connection to the machine. (This can be done only if configured under Machine Action.)
105

Administrator Guide, Version 5.2

Scanning for IP Addresses

To view scan results

There are other ways to get to scan results. The following is an example: 1. 2. Go to Inventory > IP Scan. In the Choose Action menu, click View Scan Inventory. The Network Scan Results page opens.

Creating an IP Scan
You can create a network scan that will look for DNS, Socket, and SNMP across a subnet or subnets. You also define a network scan to look for devices listening on a particular port (for example, Port 80). This allows you to view devices that are connected to your network even when the agent is not installed on those devices. When defining a network scan, balance the scope of the scan (number of IP addresses you are scanning) with the depth of the probe (number of attributes you are scanning for) so that you do not overwhelm your network or the appliance. For example, if you need to scan a large number of IP addresses frequently, keep the number of ports, TCP/IP connections, and so on, relatively small. As a general rule, scan a particular subnet no more than once every few hours. The agent listens to port 52230. To determine which machines on your network are running an agent, define a network scan to report which machines are listening on that port.

To create an IP scan
1. Go to Inventory > IP Scan. The Network Scan Settings page appears. 2. In the Choose Action menu, click Add New Item. The Network Scan Setting page appears. 3. 4. 5. Enter a name for the scan in the Network Friendly Scan Name field. Enter the IP range to scan in the Network Scan IP Range field. Specify the DNS lookup test details: Check live addresses against the DNS server to see if they have an associated name. This can help you identify known nodes on your network. Enter the time out interval (in seconds).

DNS Lookup Enabled

Name Server for lookup Enter hostname or IP address. Lookup time out 6.

Click the Ping Test Enabled check box.

106

Administrator Guide, Version 5.2

Scanning for IP Addresses

If the Ping and Socket tests are disabled, you cannot run the other tests. The Ping or Socket tests determine if the address is alive. If it is, you can run an SNMP or a Port Scan against it. 7. Specify the Connection test details: Click the check box to perform connection testing during network scan. Enter the protocol to use. Enter the port to use for testing the connection. Enter the time out interval (in seconds).

Connection Test Enabled Connection Test Protocol Connection Test Port Connection Time Out 8.

Specify SNMP test details: Click the check box to enable SNMP scanning. Enter the community string to query. (Public is the default.) The query only runs if authentication is not required. When authentication is required, the scan returns SNMP enabled with no system data.

SNMP Enabled SNMP Public String

Specify Port scan test details: Click the check box to enable port scanning of device ports. Enter a comma-separated list of TCP ports to scan. Enter a comma-separated list of UDP ports to scan. Enter the time out interval (in seconds).

Device Port Scan Enabled TCP Port List UDP Port List Port Scan Time Out

10. Specify the scan schedule: Dont Run on a Schedule Run Every n minutes/hours Run Every day/specific day at HH:MM AM/PM Select to run the tests in combination with an event rather than on a specific date or at a specific time. Select to run the tests at a specified interval. Select to run the tests daily or on a specified day of the week at a specified time.

Run on the nth of every month/ Select to run the tests on the specified date or day of the month at a specified time. specific month at HH:MM AM/PM 11. Click Save or Scan Now to run scan immediately. Deleting a Scan Configuration also deletes all associated scan inventory items. If you want to maintain the scan inventory, but do not want to rescan, set the schedule of the scan configuration to not run.

Administrator Guide, Version 5.2

107

Scanning for IP Addresses

To search network scan results on the basis of status fields

1. Click Inventory > IP Scan. The Network Scan Settings page appears. 2. In the Choose Action menu, click View Scan Inventory. The Network Scan Results page appears. 3. 4. Click the Advanced Search tab. Select an attribute from the drop-down list. For example: Ping Status 5. Select a condition from the drop-down list. For example: = 6. Enter the attribute value. For example, to search machines that have a successful ping status, enter 1. 7. 8. Click Search. The search results are displayed below. Clicking the IP address of a network device displays the values for Ping Status, Connection Status, and SNMP Status as Succeeded or Failed. However, the underlying database fields actually contain a 0 for Failed and 1 for Succeeded. Therefore, when using these fields as criteria for advanced search, Smart Labels, or notifications, you must enter the numeric values.

IP Scan Smart Label

The IP Scan Smart Label searches for all devices that are detected in the Network Scan, including DNS, Socket, and SNMP across a subnet or subnets. Smart Labels enable you to dynamically identify based on a search criteria.

To dynamically identify the network scan results

1. Click Home > Label. The Labels page appears. 2. 3. On the Labels page, click Smart Labels. In the Choose Action menu, Click Add New IP Scan Smart Label. The Network Scan Results page appears. 4. 5. 6. Specify the search criteria. Choose or enter the label to associate with the Smart Label. To see whether the Smart Label produces the desired results, click Test Smart Label.

108

Administrator Guide, Version 5.2

Scanning for IP Addresses

Click Create Smart Label.

When devices that meet the specified criteria are detected in the network scan, they are automatically assigned to the associated Smart Label. You can modify or delete a Smart Label after it has been created from the Home > Label > Smart Labels page. You can specify the order in which IP Scan Smart Labels are run by changing their Order value.

To edit the order value of IP Scan Smart Labels

1. 2. 3. Click Home > Label. On the Labels page, click Smart Labels. In the Choose Action menu, click Order IP Scan Smart Labels. The Order IP Scan Smart Labels page appears. 4. 5. Click the icon beside an order value to modify it.

Enter the appropriate order value, and click Save. IP Scan Smart Labels with lower order values are run before those with higher order values. The default order value for a new IP Scan Smart Label is 100.

Administrator Guide, Version 5.2

109

Scanning for IP Addresses

110

Administrator Guide, Version 5.2

8
Distributing Software from Your K1000 Management Appliance

The K1000 Management Appliances software distribution features offer various methods for deploying software, updates, and files to the computers on your network.

Distribution Feature Overview, on page 111. Types of Distribution Packages, on page 112. Managed Installations, on page 115. Examples of common deployments on Windows, on page 119. Examples of Common Deployments on Linux, on page 124. Examples of Common Deployments on Mac OS, on page 129. File Synchronizations, on page 129. Wake-on-LAN, on page 132. Replication, on page 134. Managing Dell Systems with Dell Updates, on page 138. Configuring Dell OpenManage Catalog Updates, on page 140.

Distribution Feature Overview

Dell recommends that customers follow a predefined set of procedures before deploying any software on their network. The following illustration represents a high-level example of a generic distribution process. This process can be modified to meet the needs of your organization. However, to avoid distribution problems, it is important to test various deployment scenarios prior to deployment.

Administrator Guide, Version 5.2

111

Distributing Software from Your K1000 Management Appliance

Figure 8-1: Basic Deployment procedure

Inventory & Assess

Test

Target

Deploy

Report

One of the most important concepts in the deployment procedure is to test each deployment before rolling it out to a large number of users. The appliance verifies that a package is designated for a particular system, machine, or operating system. However, the appliance cannot access the compatibility with other software on the target machine. Therefore, establish procedures for testing each piece of software before deploying it on your network. For example, develop a test group of target machines, and deploy the required software using your appliance. This practice helps you to verify the compatibility of the software with the operating system and other applications within your test group. You can create a test label and perform a test distribution before you go live in your environment. You can create a test label from the Home > Labels tab. This chapter focuses primarily on the test, target, and deploy portions of this flow diagram. For more details on creating an inventory of computers and software packages in use on your network, see Chapter 8: Distributing Software from Your K1000 Management Appliance, starting on page 111.

Types of Distribution Packages

The primary types of distribution packages that can be deployed on the nodes in the network are:

Managed installations File synchronizations Appliance agents

Distribution packages (whether for managed installation, file synchronization, or user portal packages) cannot be created until a digital file is associated with an Inventory item. This rule applies even if you are:

112

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

Sending a command, rather than an installation or a digital file, to target machines. Redirecting the appliance agents to retrieve the digital asset (for example, .exe, .msi) from an alternate download location.

To create a distribution
1. 2. 3. Install the package manually on a machine. Take an inventory of that machine. For more information on how to take an inventory, see Managing Your Software Inventory, on page 83. Use the item listed in the Software Inventory list for the Managed Installation.

To create packages with different settings, such as parameters, labels, or deployment definitions, you can create multiple distribution packages for a single Inventory item. However, the Managed Installation (MI) cannot be verified against more than one inventory item because the MI checks for the existence of only one inventory item. Although the K1000 Agent tab is listed under the Distribution tab, Deploying K1000 Agent is discussed as part of the installation and setup process in Chapter 1: Getting Started, starting on page 1. For information about updating an existing version of the appliance agent, see K1000 Agent Update, on page 68.

Distributing Packages from the appliance

Packages distributed through the appliance are only deployed to target nodes if the Inventory item is designated to run on the targets operating system. For example, if the Inventory item is defined for Windows XP Professional only, the Inventory item does not deploy to targets with Windows 2000. Also the package does not deploy to nodes that are not included in the machine label. For example, if the deployment package is set to deploy to a label called Office A, the package does not deploy to machines that are not in Office A. When an appliance creates a software inventory item, it only records the operating systems on which the item was installed in the Inventory detail record. A managed installation must be enabled by selecting a managed action and a deployment window.

Ensuring that Inventory item package names match

If the display name of the Software Inventory item does not exactly match the name that the software registers in Add/Remove programs, the appliance may attempt to deploy a package repeatedly even though it is already there. To ensure that the Inventory item display name exactly matches: 1. 2. Install the package on a target machine. Take an automatic inventory of that machine using the appliance. The newly installed package appears in the Inventory list.

Administrator Guide, Version 5.2

113

Distributing Software from Your K1000 Management Appliance

You can then associate a digital file and create one or more deployment packages.

Distributing Packages from an Alternate Location

The K1000 Management Appliance supports software distribution from alternate locations. The agent can retrieve digital installation files from remote locations, including a UNC address, DFS source, or an HTTP location. The CIFS and SMB protocols, SAMBA servers, and file server appliances are supported by your K1000 Management Appliance. The alternate download feature addresses administrative issues, such as:

Supporting remote sites with restricted bandwidth, which might result in difficulties accessing the appliance. Avoiding storing large packages on the appliance.

An alternate download location can be any path on the network. Ensure that the alternate location has the required files for installing the application. To activate this capability, you must enter an alternate checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). You may use any tool to establish your checksum. To create the MD5 checksum, enter: K1000Client -hash=filename This displays the MD5 hash for the file. If no checksum is entered, the digital asset on the file share must exactly match the digital asset associated with the Deployment Package on the K1000 Management Appliance. Also, the target path must include the complete filename (for example, \\fileserver_one\software\adobe.exe). When the appliance fetches files, it uses these priorities: 1. Alternate download location 2. Replication share 3. Appliance If a replication share is specified in the label, the replication share is always used instead of an alternate download location. If there is no replication share, the agent fails over to the appliance.

When to use a replication share or an alternate download location

The difference between a replication share and an alternate download location is:

Replication share is a full replication of all digital assets and is managed automatically by the appliance.

114

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

Alternate download location can be any path on the network. You make sure that the alternate location has the files that might be needed for installs of a particular application.

Whenever a replication share is specified for a label, nodes in that label go to that replication share to get files until you remove them from the label or stop using the replication item. If a replication share is specified, that is always be used instead of any other alternate location. The agent always fails over to appliance in following scenarios:

There is no replication share specified for any label it is a member of There are more than one possible replication shares identified

For more information on replication shares, refer to Replication, on page 134.

Managed Installations
Managed installations enable you to deploy software that requires an installation file to run to the computers on your network. You can create a Managed Installation package from the Distribution > Managed Installation page. From the Managed Installations tab, you can:

Create or delete Managed Installations Execute or disable Managed Installations Specify a Managed Action Apply or remove a label Search Managed Installations by keyword

Installation parameters
Your K1000 Management Appliance allows packaged definitions to contain .msi, .exe, .zip, and other file types for software deployment. If an administrator installs the file on a local machine, either by running a single file or BAT file or VBScript, the package can be installed remotely by the appliance. To simplify the distribution and installation process, the package definition can also contain parameters that are passed to the installer at run time on the local machine. You can use parameters as custom installation settings, for example, a standard install or to bypass auto-restart.

To determine supported parameters for the .msi file

To identify which parameters are supported by your .msi or other any installer, follow these steps: 1. 2. Open an MS-DOS command prompt. Go to the directory that contains the target installer. For example:

Administrator Guide, Version 5.2

115

Distributing Software from Your K1000 Management Appliance

c:\...\adobe.exe 3. Enter: filename /? For example: adobe.exe /? If that package supports parameters, they are displayed. For example: /quiet, / norestart. 4. Use the parameter definitions identified to update your package definition.

If these steps do not succeed, refer to the software vendors documentation.

Creating a managed installation for the Windows platform

When creating a managed installation, you can specify whether you want to interact with the users using a custom message before or after the installation. You can also indicate whether to deploy the package when the user is logged in or not and limit deployment to a specific label. The following section provides general steps for creating a managed installation. For specific details on creating a managed installation for an .msi, .exe, or .zip file, refer to the subsequent sections.

To create a managed installation for Windows platforms

1. 2. Click Distribution > Managed Installations. Select Add New Item in the Choose Action menu. The Managed Software Installation: Edit Detail page appears. 3. 4. Select the software from the Select software drop-down list. You can filter the list by entering any filter options. Enter the following information: Click the check box to display any software without an associated executable uploaded. You can upload a file to the software record directly from this Managed Installation page. Upload & Associate New File: Click Browse and navigate to the location that contains the new executable of any software selected or to associate an executable to a software without an associated file.

Also show software without an Associated File

116

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

Installation Command Select Default option or Configure Manually option. Default Run Parameters: Specify the installation behavior as follows: The maximum field length is 256 characters. If your path exceeds this limit, on the command line, point to a BAT file that contains the path and the command. If your Parameters file path includes spaces, enclose the complete path in quotes. For example: \\kace_share\demo files\share these files\setup.bat. Configure Manually Full Command Line: If desired, specify full command-line parameters. Refer to the MSI Command Line documentation for available runtime options. Un-Install using Full Command Line: Click the check box to uninstall software. Run Command Only: Click the check box to run the command line only. Delete Downloaded Files Use Alternate Download Click the check box to delete the package files after installation. Click the check box to specify details for alternate download. When you click this check box, the following fields appear: Alternate Download Location: Enter the location where the K1000 Agent can retrieve digital installation files. Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User: Enter a user name that has the necessary privileges to access the alternate download location. Alternate Download Password: Enter the password for the user name. Note: If the target machine is part of a replication label, the appliance does not fetch software from the alternate download location. For more information, refer to Distributing Packages from an Alternate Location, on page 114. Specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. Because that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information, refer to To add or edit a new label, on page 38. Notes (Optional) Enter additional information in this field.

Administrator Guide, Version 5.2

117

Distributing Software from Your K1000 Management Appliance

Managed Actions

Managed Action allows you to select an appropriate time for this package to be deployed. Available options are: Disabled Execute anytime (next available) Execute before logon (before machine boot) Execute after logon (before desktop loads) Execute while user logged on Execute while user is logged off

Specify the deployment details:

Deploy to All Machines Click the check box to deploy the software to all machines. Limit Deployment To Selected Labels Select a label to limit deployment only to machines belonging to the selected label. Press CTRL to select multiple labels. If you have selected a label that has a replication share or an alternate download location, the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from the appliance. Note: The appliance always uses a replication share in preference over an alternate location. You can limit deployment to one or more machines. Select the machines from the drop-down list to add to the list. You can filter the list by entering filter options. Select the order to install the software. The lower value deploys first. Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the K1000 Management Appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Specify the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, overrides and/or interact with the deployment window of a specific package.

Limit Deployment To Listed Machines Deploy Order Max Attempts

Deployment Window (24H clock)

118

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

6. Allow Snooze

Set user interaction details: Click the check box to allow snooze. When you click the check box, the following additional fields appear: Snooze Message: Enter a snooze message. Snooze Timeout: Enter the timeout, in minutes, for which the message is displayed. Snooze Timeout Action: Select a timeout action that take places at the end of the timeout period. For example, if the installation is being carried out when there currently no active users accessing their desktop. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction.

Custom Pre-Install Message

Click the check box to display a message to users prior to installation. When you click the check box, the following additional fields appear: Pre-Install User Message: Enter a pre-install message. Pre-Install Message Timeout: Enter a timeout, in minutes, for which the message is displayed. Pre-Install Timeout Action: Select a timeout action from the dropdown list, this action takes place at the end of the timeout period. Options include Install later or Install now. For example, if the installation is being carried out when there currently no active users accessing their desktop. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction.

Custom Post-Install Message

Click the check box to display a message to users after the installation is complete. When you click the check box, the following additional fields appear: Post-Install User Message: Enter a post install message. Post-Install Message Timeout: Enter a timeout, in minutes, for which the message is displayed.

Click Save.

Examples of common deployments on Windows

This section provides examples of the three most common package deployments, which contain .msi, .exe, and .zip files. This section provides examples for each type of deployment. For each of these examples, you must upload the file to the appliance before creating the Managed Installation package. We recommend that you install the software on a QA machine, wait till the appliance agent connects to the appliance and creates an Inventory item for the software, and then creates the Managed Installation package.

Administrator Guide, Version 5.2

119

Distributing Software from Your K1000 Management Appliance

Standard MSI example

Using .msi files is an easy, self-contained way to deploy software on Windows-based machines. If your .msi file requires no special transformation or customization, the deployment is simple. MSI files require a /i switch when using other switches with an install. The appliance parameter line does not require the file name or msiexec syntax. The only the /* input is required: /qn /I (Correct) msiexec /I /qn (Incorrect)

To use parameters with .msi files, all your target machines must have the same version of Windows Installer (available from Microsoft). Some switches may not be active on older versions. The most up-to-date version of Windows Installer can be distributed to nodes with the appliance.

If you are using Windows Installer 3.0 or later, you can identify the supported parameters by selecting the Run program available from the Start menu. Enter msiexec in the popup window. A window displays, which includes the supported parameters list.

To create a managed installation for an .msi file

1. Click Distribution > Managed Installations. The Managed Installations page appears. 2. In the Choose Action menu, click Add New Item. The Managed Installation: Edit Detail page appears. 3. Select the software from the Select software drop-down list. You can filter the list by entering any filter options. 4. Set the following installation details: Click the check box to display any software without an associated executable uploaded. You can upload a file to the software record directly from this Managed Installation page. Upload & Associate New File: Click Browse and navigate to the location that contains the new executable of any software selected or to associate an executable to a software without an associated file.

Also show software without an Associated File

120

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

Installation Command

Select Default option or Configure Manually option. Default Run Parameters: Specify the installation behavior as follows: The maximum field length is 256 characters. If your path exceeds this limit, on the command line, point to a BAT file that contains the path and the command. If your Parameters file path includes spaces, enclose the complete path in quotes. For example: \\kace_share\demo files\share these files\setup.bat. Configure Manually Full Command Line: If desired, specify full command-line parameters. Refer to the MSI Command Line documentation for available runtime options. Uninstall using Full Command Line: Click the check box to uninstall software. Run Command Only: Click the check box to run the command line only.

Delete Downloaded Files Click this check box to delete the package files after installation. Use Alternate Download Click this check box to specify details for alternate download. When you click this check box, the following fields appear: Alternate Download Location Enter the location from where the K1000 Agent can retrieve digital installation files. Alternate Checksum Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User Enter a user name that has necessary privileges to access the Alternate Download Location. Alternate Download Password - Enter the password for the user name specified above. Note: If the target machine is part of a replication label, the appliance does not fetch software from the alternate download location. For more information on using an alternate location, refer to Distributing Packages from an Alternate Location, on page 114. Here you specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. But since that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information on how to create or edit labels, refer to To add or edit a new label, on page 38. Notes (Optional) Enter any additional information in this field.

Administrator Guide, Version 5.2

121

Distributing Software from Your K1000 Management Appliance

Managed Actions

Select the most appropriate time for this package to be deployed. Options are: Disabled Execute anytime (next available) Execute before logon (before machine boot) Execute after logon (before desktop loads) Execute while user logged on Execute while user logged off

Specify the deployment details: Click the check box to deploy the software to all the machines. Select a label to limit deployment only to machines belonging to the label. Press CTRL and click labels to select multiple labels. If you have selected a label that has a replication share or an alternate download location, the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from appliance. Note: The appliance always uses a replication share in preference to an alternate location. You can limit deployment to one or more machines. Select the machines from the drop-down list to add to the list. You can filter the list by entering filter options. Select the order to install the software. The lower value deploys first. Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the K1000 Management Appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Specify the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, overrides and/or interact with the deployment window of a specific package.

Deploy to All Machines Limit Deployment To Selected Labels

Limit Deployment To Listed Machines Deploy Order Max Attempts

Deployment Window(24H clock)

6. Allow Snooze

Set user interaction details: When you click this check box, the following additional fields appear: Snooze Message: Enter a snooze message. Snooze Timeout: Specify a timeout, in minutes, for which the message is displayed. Snooze Timeout Action: Select a timeout action that takes place at the end of the timeout period. For example, select Install now because you are installing at a time when you know that the users are away from their desktops. Select Install later if the installer needs some user interaction and the users are not at their desktops.

122

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

Custom Pre-Install Message

Click this check box to display a message to users prior to installation. When you click this check box, additional fields appear: Pre-Install User Message: Enter a pre-install message. Pre-Install Message Timeout: Enter a timeout in minutes for which the message is displayed. Pre-Install Timeout Action: Select a timeout action that takes place at the end of the timeout period. For example, select Install now to install at a time when you know that the users are away from their computers. Select Install later if the installer needs some user interaction, and the users are not at their computers.

Custom Post-Install Message

Click Save.

Standard EXE Example

The standard executable example is identical to the MSI example above with one exception: / I is not required in the run parameters line when using an .exe file. When using an executable file, it is often helpful to identify switch parameters for a quiet or silent installation. To do this, specify /? in the run parameters field.

Standard ZIP Example

Deploying software using a .zip file is a convenient way to package software when multiple files are required to deploy a particular software title (for example, setup.exe, plus required configuration and data files). For example, if you have a CD-ROM containing a group of files required to install a particular application, you can package them together in a .zip file and upload them to the appliance for deployment. The appliance agent automatically runs deployment packages with .msi and .exe extensions. However, K1000 Management Appliance also provide a capability for administrators to zip many files together and direct the appliance to unpack the ZIP file and run a specific file within. If you intend to deploy a .zip file, you must place the name of the file within the .zip that you would like to run in the Command (Executable) field within the Deployment Package (for example, runthis.exe).

To create a managed installation for a .zip file

1. 2. Browse to the location that contains the necessary installation files. Select all files, and create a .zip file using WinZip or another utility.

Administrator Guide, Version 5.2

123

Distributing Software from Your K1000 Management Appliance

Create an inventory item for the target deployment. You can do this manually from the Inventory > Software tab or by installing the package on a node that regularly connects to the appliance.

4. 5.

Associate the .zip file with the inventory item and upload it to the appliance. Click Distribution > Managed Installation. The Managed Installations page appears.

Select Add New Item in the Choose Action menu. The Managed Software Installation : Edit Detail page appears.

7. 8.

Select the software title that the .zip file is associated with from the Select software drop-down list. In the Full Command Line field, specify the complete command with arguments. For example: setup.exe /qn

Enter other package details as described in the Creating a Managed Installation procedures.

10. Click Save. When attempting to deploy a ZIP file created using WinZip maximum compression, the package may fail to uncompress and you may see an error in the application event viewer or kbxlog.txt with the message: Unsupported compression mode 9 The appliance agent uses a library called SharpZipLib to uncompress zip files. This library supports Zip files using both stored and deflate compression methods and also supports old (PKZIP 2.0) style encryption, tar with GNU long filename extensions, gzip, zlib and raw deflate, as well as BZip2. However, Zip64 and deflate64 are not supported. Compression mode 9 is deflate64, which in WinZip is called maximum compression. To resolve the issue, recreate the zip file using WinZip normal compression.

Examples of Common Deployments on Linux

This section provides examples of the supported package deployments: .rpm, .zip, .bin, .tgz, and tar.gz files. For each of these examples, you must have already uploaded the file to the appliance prior to creating the Managed Installation package. We recommend installing the software on a QA machine, waiting a sufficient amount of time for the appliance agent to connect to the K1000 Management Appliance and create an inventory item for the software, and then creating the Managed Installation package.

124

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

To create a managed installation for an .rpm file

You can deploy software on Linux-based machines using .rpm files. 1. Click Distribution > Managed Installations. The Managed Installations page appears. 2. In the Choose Action menu, click Add New Item. The Managed Installation: Edit Detail page appears. 3. Select the software from the Select software drop-down list. You can filter the list by entering any filter options. 4. By default, the appliance agent attempts to install the .rpm file using the following command. In general, this is sufficient to install a new package or update an existing one to a new version: rpm -U packagename.rpm If you have selected a zip/tgz/tar.gz file, the content is unpacked, and the root directory searched for all .rpm files. The installation command is run against each of these files. The appliance finds all rpm files at the top level of an archive automatically, so you can install more than one package at a time. You can also create an archive containing a shell script and then specify that script name as the full command. The appliance runs that command if it is found, and logs an error if is not. To change the default parameters, you have to specify the Full Command Line. You can specify wildcards in the filenames you use. If the filename contains spaces, enclose it in single or double quotation marks. The files are extracted into a directory in /tmp, and it becomes the current working directory of the command. On Red Hat Linux, you do not need to include any other files in your archive other than your script if that is all you want to execute. If the PATH environment variable of your root account does not include the current working directory, and you want to execute a shell script or other executable that you have included inside an archive, specify the relative path to the executable in the Full Command Line field. The command is executed inside a directory alongside the files that have been extracted. For example, to run a shell script called installThis.sh, package it alongside an .rpm file, and then enter the command: ./installThis.sh in the Full Command Line field. If you archived it inside another directory, the Full Command Line field is: ./dir/filename.sh Both these examples, as well as some other K1000 Management Appliance functions, assume that sh is in the root's PATH. If you're using another scripting language, you may need to specify the full path to the command processor you want to run in the Full Command Line, like /bin/sh ./filename.sh.

Administrator Guide, Version 5.2

125

Distributing Software from Your K1000 Management Appliance

Include appropriate arguments for an unattended, batch script. If you click the uninstall check box in the MI detail, the agent runs the following command on either your standalone rpm file or each rpm file it finds in the archive, removing the packages automatically: //usr/sbin/rpm -e packagename.rpm Removing software in this way is performed only if the archive or package is downloaded to the node. If you click the check box for Run Command Only, specify a full command line to ensure the correct removal command is run on the correct package. Because no package is downloaded in this case, specify the path in the installation database where the package receipt is stored. 5. If your package requires additional options, you can enter the following installation details: (Optional) You do not need to specify parameters if you have an .rpm file. Enter a value to override (Default -U default). For example, if you set Run Parameters to: -ivh --replacepkgs, then the command that runs on the computer is: rpm -ivh replacepkgs package.rpm You do not need to specify a full command line if you have an .rpm file. The appliance executes the installation command by itself. The Linux node tries to install this via: rpm [-U | Run Parameters] "packagename.tgz If you do not want to use the default command, you can replace it completely by specifying the complete command line here. If you have specified an archive file, this command is run against all of the .rpm files it can find. Click the check box to uninstall software. If a Full Command Line above is entered, it is run. Otherwise, by default the agent attempts the command, which is generally expected to remove the package. Click the check box to run the command line only. This does not download the actual digital asset. (Optional) Enter additional information in this field. Managed Action allows you to select the most appropriate time for this package to be deployed. Execute anytime (next available) and Disabled are the only options available for Linux platform.

Run Parameters

Full Command Line

Un-Install using Full Command Line

Run Command Only Notes Managed Action

Specify the deployment details: Click the check box to deploy to all the machines.

Deploy to All Machines

126

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

Limit Deployment To Selected Labels

Select a label to limit deployment only to machines belonging to the selected label. Press CTRL to select multiple labels. If you have selected a label that has a replication share or an alternate download location, then the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from appliance. Note: The appliance always uses a replication share in preference over an alternate location. You can limit deployment to one or more machines. Select the machines from the drop-down list to add to the list. You can filter the list by entering filter options. The order in which software is installed. The lower value deploys first. Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the K1000 Management Appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Specify the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, override and/or interact with the deployment window of a specific package.

Limit Deployment To Listed Machines Deploy Order Max Attempts

Deployment Window(24H clock)

7. Allow Snooze

Set user interaction details: This option is not available for Linux platform. This option is not available for Linux platform. This option is not available for Linux platform.

Custom Pre-Install Message Custom Post-Install Message

Delete Downloaded Files Click the check box to delete the package files after installation.

Administrator Guide, Version 5.2

127

Distributing Software from Your K1000 Management Appliance

Use Alternate Download

Click the check box to specify details for alternate download. When you click the check box, the following fields appear: Alternate Download Location: Enter the location from where the K1000 Agent can retrieve digital installation files. Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User: Enter a user name that has the necessary privileges to access the Alternate Download Location. Alternate Download Password: Enter the password for the user name specified above. Note: If the target machine is part of a replication label, then the appliance does not fetch software from the alternate download location. For more information on using an alternate location, refer to Distributing Packages from an Alternate Location, on page 114. Here you specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. But since that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information on how to create or edit labels, refer to About Labels, on page 35.

Click Save.

Standard TAR.GZ Example

Deploying software using a tar.gz file is a convenient way to package software when more than one file is required to deploy a particular software title (for example, packagename.rpm, configuration, and data files). If you have a CD-ROM containing a group of files required to install a particular application, you can package them together in a tar.gz file, and upload them to your appliance for deployment.

To create a managed installation for a tar.gz file:

1. Use the following two commands to create tar.gz file: a. tar cvf filename.tar packagename.rpm b. gzip filename.tar This creates filename.tar.gz 2. Create an inventory item for the target deployment. You can do this manually from the Inventory > Software tab, or by installing the package on a K1000 Agent machine that regularly connects to the K1000 Management Appliance. 3. 4. Associate the tar.gz file with the Inventory item, and upload it to the appliance. Click Distribution > Managed Installation.

128

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

The Managed Installations page appears. 5. In the Choose Action menu, click Add New Item. The Managed Software Installation: Edit Detail page appears. 6. Select the software title with which the tar.gz file is associated from the Select software drop-down list. This file is uncompressed and searched for all .rpm files. The installation command is run against each of them. If no Run Parameters are filled in, -U is used by default. You do not need to specify a full command line. The server executes the installation command by itself. The Linux node tries to install this using: rpm [-U | Run Parameters] "packagename.tgz 7. 8. Enter other package details as described in the Managed Installations, on page 115 procedures for .rpm file above. Click Save.

The agent automatically runs deployment packages with .rpm extensions. However, the appliance also provides a capability for administrators to zip many files together and direct the K1000 Management Appliance to unpack the zip and run a specific file within.

Examples of Common Deployments on Mac OS

For information on common deployments on Macintosh, refer to Appendix A: Administering Mac OS Nodes, starting on page 229.

File Synchronizations
File synchronizations enable you to distribute software files to the computers on your network. These can be any type of file, such as PDF, ZIP files, or EXE files, which are simply downloaded to the users machine, but not installed.

Creating a file synchronization

Using file synchronizations, you can push out any type of file to the computers on your network. You can choose to install the files from the appliance, or you can specify an alternate location from where users download the file. The string KACE_ALT_Location in the Alternate Download Location field is replaced with the value assigned by the corresponding label. You should not have a machine in more than one label with an Alternate Download Location specified.

To create a file synchronization

1. Click Distribution > File Synchronization.

Administrator Guide, Version 5.2

129

Distributing Software from Your K1000 Management Appliance

The File Synchronizations page appears. 2. In the Choose Action menu, click Add New Item. The File Synchronization: Edit Detail page appears. 3. 4. Notes Location (full directory path) Location User Location Password Enabled Create Location (if doesnt exists) Replace existing files Do Not Uncompress Distribution Persistent Select the software title to install in the Software Title to Install drop-down list. Set or modify the following installation details: Enter any information related to the software title selected. Enter the location on the users machine where you want to upload this file. If the Location specified above is a shared location, enter the User login name. If the Location specified above is a shared location, enter the login password. Click the check box to download the file the next time the K1000 Agent checks into the appliance. Create the installation location if not has not already been created. Click the check box to overwrite existing files of the same name on the target machines. Click the check box if you are distributing a compressed file and do not want the file uncompressed. Click the check box if you want the appliance to confirm every time that this package does not already exist on the target machine before attempting to deploy it. Click the check box to create a desktop shortcut to the file location. Enter a display name for the shortcut. Click the check box to delete temporary installation files.

Create shortcut (to location) Shortcut name Delete Temp Files 5.

Specify the deployment details: Enter a label for the package. The file is distributed to the users assigned to the label, such as the operating system affected by the synchronization.

Limit Deployment to

130

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

Set user interaction details: Click the check box to display a message to users prior to installation. When you click this check box, additional fields appear: Pre-Install User Message: Enter a pre-install message. Pre-Install Message Timeout: Enter a timeout in minutes for which the message is displayed. Pre-Install Timeout Action: Select the action to occur at the end of the timeout period. For example, if the installation occurs when users are active, you can select Install now to install the software without any interaction to the users. Or, Install later if the installer requires user interaction.

Pre-Install User Message

Post-Install User Message

Click the check box to display a message to users after the installation completes. When you click this check box, message field and timeout options appear. Enter a message and a timeout value in minutes. Enter the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, overrides and/or interact with the deployment window of a specific package. Click this check box to specify details for alternate download. When you click this check box, the following fields appear: Alternate Download Location: Enter the location from where the K1000 Agent can retrieve digital installation files. Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User: Enter a user name that has necessary privileges to access the Alternate Download Location. Alternate Download Password: Enter the password for the user name specified above. Note: If the target machine is part of a replication label, then the appliance does not fetch software from the alternate download location. For more information on using an alternate location, refer to Distributing Packages from an Alternate Location, on page 114. Here you specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. But since that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information on how to create or edit labels, refer to Managing Labels, on page 36.

Deployment Window

Use Alternate Download

Click Save. To distribute files previously deployed after the deployment window has closed, click the Resend Files button.

Administrator Guide, Version 5.2

131

Distributing Software from Your K1000 Management Appliance

Wake-on-LAN
The K1000 Management Appliance Wake-on-LAN feature provides the ability to wake up computers equipped with network cards that are Wake-on-LAN compliant.

Wake-on-LAN feature overview

The Wake-on-LAN feature enables you to remotely power-on device on your network, even if those machines do not have the agent installed. Wake-on-LAN can target a label or a specific MAC-addressed machine. . This feature only supports machines that are equipped with a Wake-On-LANenabled network interface card (NIC) and BIOS. Using the Wake-on-LAN feature on the K1000 Management Appliance will cause broadcast UDP traffic on your network on port 7. This traffic should be ignored by most computers on the network. The K1000 Management Appliance sends 16 packets per Wake-on-LAN request because it must guess the broadcast address that is required to get the Magic Packet to the target computer. This amount of traffic should not have a noticeable impact on the network.

Issuing a Wake-on-LAN request

You can wake multiple devices at once by specifying a label to which those devices belong, or you can wake computers or network devices individually. To wake devices on a regular basis, for example, to perform monthly maintenance, you can schedule a Wake-on-LAN to go out a specific time. If the device you want to wake is not inventoried by the K1000 Management Appliance but you still know the MAC (Hardware) address and its last-known IP address, you can manually enter the information to wake the device.

To issue a Wake-on-LAN request

1. Click Distribution > Wake-on-LAN. The Wake-on-LAN page appears. 2. 3. To wake multiple devices, select a label from the Labels drop-down list. To wake computers individually: a. Click them from the Wake a Computer list. b. Press CTRL, and then select multiple computers. You can filter the list by entering any filter options. 4. To wake a network device, specify the devices IP address in the Devices field. You can filter the list by entering any filter options. 5. 6. Specify the MAC address of the device in the MAC Address field. Specify the IP address of the device in the IP Address field.

132

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

Click Send Wake-on-LAN. After you send the Wake-on-LAN request, the results at the top of the page indicate the number of machines that received the request and to which label, if any, those machines belong.

To schedule a Wake-on-LAN request

1. 2. Click Distribution > Wake-on-LAN. Click the Schedule a routine Wake-on-LAN event link. The Wake-on-LAN page appears. 3. In the Choose Action menu, click Add New Item. The Wake-on-LAN Settings page appears. 4. In the Labels to Wake-on-LAN box, select the labels to include in the request. Press CTRL, then click to select multiple labels. 5. 6. In the Limit by Operating Systems box, select the operating systems to include in the request. Select the appropriate radio button to schedule Wake-on-LAN scan, in the Scheduling area: (Default) Select to run the tests in combination with an event rather than on a specific date or at a specific time.

Dont Run on a Schedule

Run Every day/specific Select to run the tests every day or only the selected day of the day at HH:MM AM/PM week at the specified time. Run on the nth of every month/specific month at HH:MM AM/PM 7. Click Save. The Wake-on-LAN tab appears with the scheduled request listed. From this view you can edit or delete any scheduled requests. Select to run the tests on a specific date or the same day every month at the specified time.

Troubleshooting Wake-on-LAN
When a Wake-on-LAN request fails to wake devices, it might be due inappropriate configuration of network devices. For example:

The device does not have a WOL-capable network card or is not configured properly. The K1000 Management Appliance has incorrect information about the subnet to which the device is attached. UDP traffic is not routed between subnets or is being filtered by a network device. Broadcast traffic is not routed between subnets or is being filtered by a network device. Traffic on Port 7 is being filtered by a network device.

Administrator Guide, Version 5.2

133

Distributing Software from Your K1000 Management Appliance

For more assistance with troubleshooting Wake-on-LAN, see: http://support.intel.com/support/network/sb/cs-008459.htm.

Replication
Using a replication share is a method to handle managed installations, patching, or Dell Updates where network bandwidth and speed are issues. In those situations, using a replication share is a good alternative to downloading directly from an appliance. A replication share allows an appliance to replicate software installers, patches, node upgrades, and script dependencies to a shared folder on a node. If any replication item is deleted from the appliance server, it is marked for deletion in the replication share and deleted in the replication task cycle.

134

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

In creating a replication share, identify one node at each remote location to act as a replication machine. The server copies all the replication items to the replication machine at the specified destination path. The replication process automatically restarts if stopped due to a network failure or replication schedule. If stopped, the replication process restarts at the point it was stopped. Sneaker net share You can create a new folder and copy the contents of an existing replication folder to it. You can then specify this folder as the new replication folder in the appliance. The appliance checks if the new folder has all the replication items present and replicates only the new ones. This results in conserving the bandwidth by not copying the files twice. You can manually copy the contents of replication folder to a new folder. The replication folder created in a machine follows following hierarchy: \\machinename\foldername\repl2\replicationitems folder The machine name and folder name is user defined while repl2 is automatically created by appliance server. The replication items folder includes the folder for patches, kbots, upgrade files, and software. All the replication items are first listed in the replication queue and then copied one at a time to the destination path. Any new replication item is first listed in the replication queue and then copied after a default interval of 10 minutes. Replication items are copied in this order: 1. 2. 3. 4. Script dependencies Software Agent upgrades Patches

Preparing to create a replication share

You can create replication shares only on the machines listed in the Inventory > Computers tab. To create a share on a machine that is not listed in Inventory, you need to first create an inventory record for the machine. For information, see Adding Computers to Inventory, on page 81. Also, confirm or do the following:

The replication share needs to have write permissions of the destination path to write the software files. The K1000 agent needs to be installed on the replication share. Create a computer label for your target nodes before starting the process.

To create a replication share

1. Click Distribution > Replication. The Replication Shares page appears. 2. In the Choose Action menu, click Add New Item.

Administrator Guide, Version 5.2

135

Distributing Software from Your K1000 Management Appliance

The Replication Share: Edit Detail page appears. 3. 4. Click the Replication Enabled check box. Click Failover to K1000 (optional). While you are testing the replication setup, dont enable this setting so that you can confirm that the replication is successful. 5. Select the node in the Replication Machine drop-down list. The replication share is created on this node. The replication share can be created by two methods: 6. 7. Locally Shared network drive

Specify the replication share destination details: Select the label for the nodes you want to get files from the replication share. Verify that the selected computer label does not have KACE_ALT_LOCATION specified. The replication share gets preference over the KACE_ALT_LOCATION while downloading files to the node.

Writers comment -

Specify the replication share download details: Enter the path for nodes in the replication label to copy items from the replication drive. For example, a UNC path: \\fileservername\directory\k1000\ Other nodes need read permission to copy replication items from this shared folder. Enter the login name for accessing the download path. We recommend you use only letters and numbers. Some other characters, for example, @, dont work. Enter the password for accessing the download path. We recommend you use only letters and numbers.

Download Path

Download Path User

Download Path Password 9.

Specify the following:

Limit Patch O/S Files

Click the OS patches to replicate from the patch subscription settings page. Default: Replicate all displayed. (Only active patches are available.) For information about patching, see Patching and Security Guide. Click the language patches to replicate from the patch subscription settings page. Default: Replicate all displayed. For information about patching, see Patching and Security Guide. Click to replicate the application patches to the replication share.

Limit Patch Language Files Replicate App Patches

136

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

Replicate Dell Packages Hi Bandwidth Lo Bandwidth Replication Schedule

Click to replicate Dell packages to the replication share. Enter the maximum bandwidth to use for replication. If this field is left blank, the maximum bandwidth available for replication is used. Enter the restricted bandwidth to use for replication. If this field is left blank, the maximum bandwidth available for replication is used. Select the bandwidth used for different time slots and/or days. The colors represent: White Replication Off Light Blue Replication on with low bandwidth Blue Replication on with high bandwidth

In the replication schedule, as well as clicking the individual cells, you can:

Select hours (columns) by clicking the hour number. Select days (rows), by clicking the day of the week.

Copy Schedule From Notes

Select an existing replication schedule from the drop-down list to replicate items according to that schedule. (Optional) Enter comments in the text box.

10. Click Save. When you have completed testing, you might want to return to step 4 and check Failover to K1000.

Working with your replication share

From the Replication tab, you can:

Add or delete replication shares Enable or disable replication shares

Administrator Guide, Version 5.2

137

Distributing Software from Your K1000 Management Appliance

Start or restart a halted replication task Halt a running replication task Perform a share inventory for the replication share

To view replication share details

After creating a replication share and clicking Save, the Replication Shares page opens. 1. Click Distribution > Replication. The Replication Shares page appears. 2. Click a replication share. The Replication Share: Edit Detail page appears. 3. At the bottom of the Replication Share: Edit Detail page, you can also view the following: Replication Queue: Click Replication Queue to see a list of replication files that are going to be replicated with their status. Share Inventory: Click Show Share Inventory to see a list of replication items that have been copied. Delete Queue: Click Show Delete Queue to see a list of replication items that are marked for deletion.

Managing Dell Systems with Dell Updates

The Dell Updates tab offers Dell customers the Dell Client Updates and Dell Server Updates features. You use these features to keep your Dell computers updated with the latest software patches and upgrades. Dell provides catalogs (lists) of software upgrades and patches, which you can choose to install on the Dell computers in your appliance implementation. The catalogs provide updates for:

Software and firmware for servers and workstations. Some Dell-supplied applications.

The Dell Updates tab is similar features and workflow to the appliance patching features on the Security tab. The two tabs are so similar that you can use the Patching and Security Guide document for all the Dell Client Updates and Server updates except for the differences listed in the next section. Patching and Security Guide is available from the www.kace.com website, Support tab, under Documentation (your Support login is required).

138

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

Understanding the Differences between Patching and Dell Updates

The K1000 Management Appliance patching and Dell Update features are nearly identical. Read Patching and Security Guide for most patching/updating procedures. The exceptions are:

The Dell Update subscription process is different from the K1000 Management Appliance patch subscription process. For instructions on subscribing to Dell Updates, see the Configuring Dell OpenManage Catalog Updates section below. The names used for these actions are different: Patching Term Detection Dell Updates Term Inventory Term Used in: Patching and Security Guide This chapter and the Dell documentation.

Action Probe your computers to determine whether they have or need a specific patch or update.

Install the patch or update on the Deployment computers in your appliance implementation.

Update

You manage and execute Dell Updates and Patching from different appliance interface pages: K1000 Management Appliance Interface Page Administrator Portal > Distribution > Dell Updates Administrator Portal > Organization: System > K1000 Settings > Dell Client and Server Update Settings Administrator Portal > Security > Detect and Deploy patches Administrator Portal > Security > Patching > Subscription Settings

Action Execute Dell Update schedules Manage Dell Updates Execute Patching Schedules Manage Patching

Dell Client and Server Upgrade workflow

This section explains the general steps you use upgrade your Dell clients and servers. Unless otherwise noted, see the Patching and Security Guide for details on these steps. Follow these steps to use Dell client and server updates on an appliance: 1. 2. (If needed) Upgrade your nodes and servers to the latest K1000 Management Appliance release. Configure the Dell Updates. This includes deciding when to update your catalogs of Dell updates for Dell hardware that you own. Once Dell OpenManage is set up on your appliance, it automatically probes for and determines what updates your system requires. You do need to set up a schedule for these updates and configure this process. This step is different than the patching subscription. For details, see the Configuring Dell OpenManage Catalog
Administrator Guide, Version 5.2 139

Distributing Software from Your K1000 Management Appliance

Updates section below. You configure Dell updates from the Administrator Portal > Organization: System > K1000 Settings > Control Panel > Dell Client and Server Update Settings page. All other Dell Updates settings and feature are available on the Administrator Portal > Organization: Default > Distribution > Dell Updates tab. 3. Filter out the updates that you do not want to apply to your servers and clients. You may not want to install all of the patches from the catalog. Mark these patches as inactive to prevent them from being automatically installed. 4. Group the updates by applications or software families in patch labels that your schedules use to run the inventory and update actions. For example, a label can specify patches for all Microsoft Windows systems. 5. Group your Dell systems together in machine labels that your schedules use to run the inventory and update actions. For example, you can collect all Dell servers running Microsoft XP into a single label and then run a patch schedule to inventory and update them. 6. Perform an update inventory to discover which of your nodes have updates available. You can perform this step independently, or as part of an inventory and update patch schedule that also installs the updates. Normally, you perform the inventory automatically as part of a patch schedule. Patching and Security Guide uses the term detect or detection instead of inventory. 7. Install the updates on the nodes that need them. This is known as patch update, and you can also perform it automatically part of an update schedule. Patching and Security Guide uses the term deploy or deployment instead of update. 8. Bring all these pieces together into patch schedules that automatically run inventory/ update actions for the updates in your update labels, on the corresponding computers in your machine labels. Patching and Security Guide walks you through the process of creating a schedule that automatically inventories your hardware and updates it with the critical software updates it needs. You can run schedules at any interval that you choose. Normally, you create different schedules for the laptops, workstations, and servers in your appliance implementation, because these three types of computers have very different usage characteristics. 9. Test your schedules on a small subset of the computers you administer to make sure everything is working the way you expect.

Configuring Dell OpenManage Catalog Updates

Follow these steps to configure the Dell update process for the operating systems and applications that your appliance implementation uses. Dell updates its hardware patches in Catalogs; one for serves and one for workstations.

140

Administrator Guide, Version 5.2

Distributing Software from Your K1000 Management Appliance

1. 1.

In the Organization menu, click System. Click K1000 Settings > Control Panel > Dell Client and Server Update Settings page. The Dell Client and Server Update Settings page appears:

Scroll to the bottom the page and click Edit Mode link. The Dell Client and Server Update Settings page buttons and check boxes are enabled for changes. The Download Status table shows you the current status of the Dell catalogs that your appliance uses.

3. 4.

Click Disable import of Dell Client and Server Update Catalogs to stop the Dell updates. Click one of the Check for Changes options to set up a schedule for updating the Dell catalogs. The first option of these two is intended for weekly updates and the second for monthly.

Use the Stop Download section options to limit the amount of time you allow the Dell updates to run.

Administrator Guide, Version 5.2

141

Distributing Software from Your K1000 Management Appliance

You may want to enforce a hard stop at a specific time, for example, when your users start working. 6. The Package Download Options buttons to specific whether to limit the Dell updates to just the ones that apply to your appliance implementation now, or keep all of the Dell updates available. If you change operating systems or bring on new Dell equipment frequently, its probably best to keep all Dell updates handy.

7. 8.

Click Refresh Catalog Now to update the catalogs immediately. Click Delete All Files or Delete Unused Files to remove all or some of the Dell catalog files. These options can free disk space.

Click Save Dell Update Settings at the bottom of the page to make your changes take effect.

This completes the process of configuring your Dell OpenManage catalog updates.

142

Administrator Guide, Version 5.2

9
Using the Scripting Features

The Dell KACE K1000 Management Appliance Policy and Scripting component provides a point-and-click interface to perform tasks that typically require you to use a manual process or advanced programming.

Scripting Overview, on page 143. Using the Appliance Default Scripts, on page 145. Creating and Editing Scripts, on page 146. Using the Run Now function, on page 156. Searching the Scripting Log Files, on page 158. About the Configuration Policies, on page 159. Using the Windows-based Policies, on page 160. Using the Mac OS Configuration-based Policies, on page 169.

Scripting Overview
With Policy and Scripting, you can more easily and automatically perform a variety of tasks. You can perform these tasks across your network through customized scripts that run according to your preferences.

Administrator Guide, Version 5.2

143

Using the Scripting Features

Figure 9-1: The Scripting tabs

Scripts automate tasks like:

Power management Installing software Checking antivirus status Changing registry settings Scheduling deployment to the endpoints on your network

Each script consists of: Metadata Dependencies (any supporting executable files that are necessary to run a script, for example, .zip and .bat files) Rules to obey (Offline Kscripts and Online Kscripts) Tasks to complete (Offline Kscripts and Online Kscripts). Each script can have any number of tasks, and you can configure whether each task must complete successfully before the next is executed Deployment settings Schedule settings

You can create these types of scripts:

144

Administrator Guide, Version 5.2

Using the Scripting Features

Offline KScripts: These scripts can execute even when nodes are not connected to the appliance server, such as at the time of Machine Boot Up and User Login. Or, they execute at a scheduled time based on the node clock. You can create these scripts using the K1000 Management Appliance scripting wizard. Online KScripts: These scripts can execute only when the node is able to ping the appliance server. They execute at scheduled times based on the appliance clock. You can create these scripts using the K1000 Management Appliance scripting wizard. Online Shell Scripts: These scripts can execute only when the node is connected to the appliance server. They execute at scheduled time based on the server clock. The online shell scripts are built using simple text-based scripts (bash, perl, batch, etc.) supported by the target operating system. Batch files are supported on Windows, along with the different shell script formats supported by the specific operating system of the targeted machines.

Order of downloading script dependencies

The order of downloading script dependencies: 1. 2. 3. 4. Local machine (checks if the dependency is present on the node). KACE_ALT_LOCATION (Alternate Download Location if specified). Replication server (if replication is enabled). K1000 Server.

Using the Appliance Default Scripts

Your K1000 Management Appliance includes these ready-made scripts: Script Name Defragment the C: drive Force Checkin Description Defragments the c: drive on the computer. Runs KBScriptRunner on a node to force a checkin. WARNING: Do not run this with more than 50 nodes selected as it can overload the server with requests. On some machines, a missing registry entry causes all the contents of the system32 directory to be reported as the Startup Programs. This script fixes the registry entry if it is missing. Issues the DOS-DIR command on a Windows system. Used as an example for how to run a DOS command. Issues the AppDir.txt command to list the contents of the Mac OS applications directory. Used as an example of how to run a command on a Mac OS system. Disables the appliance Remote Control functionality on Windows XP Professional by configuring Terminal Services properly.

Inventory Startup Programs Fix Issue a DOS Command Example Issue a Mac Command Example K1000 Remote Control Disabler

Administrator Guide, Version 5.2

145

Using the Scripting Features

Script Name K1000 Remote Control Enabler K1000Client debug logs Disable K1000Client debug logs Enable Make Removable Drives Read-Only Make Removable Drives Read-Write Message Window Script Example

Description Enables the appliance Remote Control functionality on Windows XP Professional by configuring Terminal Services properly. Disables the debug switch used with the appliance Client debug logs Enable. Enables client debug and send the debug log back to the appliance. This script turns on debug only for the inventory and deployment part of the node. It does not enable debugging of the scheduling service. Allows removable drives to be mounted only as read-only (a method of controlling unauthorized access to data). Removable drives can be mounted read-write. Illustrates use of message window. Your script must have properly paired create/destroy message window commands to work properly. Message Windows remain displayed until one of the following occurs: User dismisses the message. Script finishes executing. Timeout is reached.

Put a Mac to sleep Reset KUID

Puts a Mac OS system in sleep mode. Deletes the registry keys that identify a node so that a new key can be generated. Will only execute one time per node due to the ResetKUIDRunOnce registry flag. Powers-off a Mac OS system. An example Online KScript that uses the Alert User Before Run feature to allow the console user to snooze the shutdown. Specifies delay (in seconds) while the message in quotes is displayed to the user. Omit the -t parameter to silently and immediately shutdown nodes. An example Online KScript that uses the Alert User Before Run feature to allow the console user to snooze the shutdown. Disables usage of USB Drives. Enables usage of USB Drives.

Shutdown a Mac Shutdown a Mac with snooze Shutdown a Windows system Shutdown a Windows system with Snooze USB Drives Disable USB Drives Enable

Creating and Editing Scripts

There are three ways to create scripts, which you can perform from the Scripting > Scripts tab.

By importing an existing script (in XML format). By copying and modifying an existing script.

146

Administrator Guide, Version 5.2

Using the Scripting Features

By creating a new script from scratch.

The process of creating scripts is an iterative one. After creating a script, deploy the script to a limited number of machines to verify that the script runs correctly before deploying it to all the machines on your network. (You can create a test label to do this.) Leave a script disabled until you have tested and edited the script and are ready to run it.

Token Replacement Variables

You can use the following token replacement variables anywhere in the XML of a K1000 Management Appliance script. They are replaced at runtime on the node with appropriate values:

$(KACE_DEPENDENCY_DIR) expands to: Windows: $(KACE_INSTALL)\packages\kbots\xxx Mac OS and Linux: /var/kace/SMMP/kbots_cache/packages/kbots/xxx

Any script dependencies for this script are downloaded to the node in this folder.

$(KBOX_INSTALL_DIR) agent installation directory: Windows: C:\Program Files\KACE\KBOX Mac OS: /Library/KBOXAgent/Home/bin/ Linux: /KACE/bin/

$(KBOX_SYS_DIR) agent machine's system directory: Windows: C:\Windows\System32 Mac OS and Linux: /

$(KACE_INSTALL) same as KBOX_INSTALL_DIR. $(KBOX_EXECUTE_EVENT) event causing KBOT to run, [BOOTUP|LOGON|null]. $(MAC_ADDRESS) agent machine's primary MAC address. $(KACE_SERVER) hostname of the appliance server. $(KACE_SERVER_PORT) port to use when connecting to KACE_SERVER (80/ 443). $(KACE_SERVER_URLPREFIX) http/https. $(KACE_COMPANY_NAME) agent's copy of the setting from server's configuration page. $(KACE_SPLASH_TEXT) agent's copy of the setting from server's configuration page. $(KACE_LISTEN_PORT) agent's port that server can use for Run Now. $(KACE_SERVER_URL) combination of server, port, and URL prefix (http:// k1000_hostname:80).

Administrator Guide, Version 5.2

147

Using the Scripting Features

$(KBOX_IP_ADDRESS) agent's local IP address (corresponds with network entry of MAC_ADDRESS). $(KBOX_MAC_ADDRESS) same as MAC_ADDRESS.

Adding Scripts
Offline and Online KScripts include one or more Tasks. Within each Task section, there are Verify and Remediation sections where you can further define the script behavior. If a section is left blank, it defaults to success. For example, if you leave the Verify section blank, it ends in On Success.

To add an Offline KScript or Online KScript

1. 2. Click Scripting > Scripts. In the Choose Action menu, click Add New Item . The Script: Edit Detail page appears. 3. Script Type Name Description Status In the Configuration area, enter the requested details: Use this field to select the Offline Kscript or Online Kscript types. (Optional) Enter a meaningful name for the script to make it easier to distinguish from others listed on the Scripts tab. (Optional) Enter a brief description of the actions the script performs. This information helps you to distinguish one script from another on the Scripts tab. Select a value to indicate whether the script is in development (Draft) or has been rolled out to your network (Production). Use the Template status if you are building a script that is used as the basis for future scripts. Select to run the script on the target machines. Do not enable a script until you are finished editing and testing it and are ready to run it. Enable the script on a test label before you enable it on all machines. (Optional) Enter notes for yourself and other appliance administrators. 4. Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines Pick Specific OS Versions: Specify the deployment options: Select to deploy the script to all the machines. Select a label to limit deployment only to machines grouped by that label. Press CTRL and click labels to select more than one label. Select to limit deployment to one or more machines. From the drop-down list, select the machines to add to the list. You can filter the list by entering filter options. Select to limit the script to specific operating system versions. (Otherwise, the script runs on all versions of the operating systems you pick.)

Enabled

Notes

148

Administrator Guide, Version 5.2

Using the Scripting Features

Supported Operating Systems

Select the operating systems to run the script on, or leave blank to run on all operating systems. The operating systems you select determine choices available to you in the Task options menus. The options are different for different operating systems. If you pick more than one operating system, only the options available for all of the operating systems are offered. If you select a label as well, the script only runs on machines with that label if they are also running the selected operating system. Alert User Before Run Provide the user the option of delaying or canceling the script before it runs. (For example, choose to enable this for scripts that reboot or shut down computers.) If no user is logged in to the console, the script runs immediately. Dialog Options: OK - The script runs immediately. Cancel - The script is cancelled until its next scheduled run. Snooze - The user is prompted again after the Snooze Duration. If the time specified by Dialog Timeout elapses without the user pressing a button, the script runs at that time. When the user presses the snooze button, the dialog reappears after the Snooze Duration. Interaction With Run As: Only the console user can see the alert dialog (and therefore choose to snooze or cancel) regardless of the Run As setting. Enabling an alert prompts the console user even if the script is set to run as all users or another user. Dialog Timeout (Minutes): Snooze Duration (Minutes): Alert Message: Enter the number of minutes. Enter the number of minutes: Enter the message you want displayed to users. Run with administrative privileges on local machine. Use this setting for all scripts created with a wizard. Affect that users profile.

Alerts: Online KScripts Only Agents 5.1 (and higher) Windows and Mac OS agents

Run As: Online KScripts Only

Run As Local System

Run As User logged in to console Run As User:

Run As All Logged in Users Affect all users profiles. Handle network-wide tasks. Usually admin, but you can run as any user.

Administrator Guide, Version 5.2

149

Using the Scripting Features

Scheduling

In the Scheduling area, specify when and how often the script is run. Dont Run on a Schedule Runs in combination with an event rather than on a specific date or at a specific time. Use this option in combination with one or more of the Also choices below. For example, use this option in conjunction with Also Run at User Login to run whenever the user logs in. Runs on every hour and minutes as specified. Runs on the specified time on the specified day. Allows you to set an arbitrary schedule using standard cron format. For example, 1,2,3,5,2025,30-35,59 23 31 12 * * means: On the last day of year, at 23:01, 23:02, 23:03, 23:05, 23:20, 23:21, 23:22, 23:23, 23:24, 23:25, 23:30, 23:31, 23:32, 23:33, 23:34, 23:35, 23:59. The appliance doesnt support the extended cron format. Runs the Offline KScript once when new scripts are downloaded from the appliance. To set the time interval for downloading scripts, click Scripting Update Interval in the help area on this page. Runs the Offline KScript at machine boot time. Beware that this causes the machine to boot up slower than it might normally. Runs the Offline KScript after the user has entered their Windows login credentials. Allows the Offline KScript to run even if the target machine cannot contact the appliance to report results. In such a case, results are stored on the machine and uploaded to the appliance until the next contact. Allows the Offline KScript to run even if a user is not logged in. To run the script only when the user is logged into the machine, clear this option.

Run Every nth minutes/hours Run Every day/specific day at HH:MM AM/PM Custom Schedule

Also Run Once at next Client Checkin (Only for Offline KScript)

Also Run at Machine Boot Up (Only for Offline KScript) Also Run at User Login (Only for Offline KScript) Allow Run While Disconnected (Only for Offline KScript)

Allow Run While Logged Off (Only for Offline KScript)

Click Run Now to immediately push the script to all machines. Use this option with caution. For more information about Run Now, refer to Using the Run Now function, on page 156. To browse for and upload files required by the script, click Add new dependency, click Browse, and then click Open to add the new dependency file. If a Replication Share is specified and enabled at Distribution > Replication, the dependencies are downloaded from the specified replication share.

150

Administrator Guide, Version 5.2

Using the Scripting Features

If the replication share is inaccessible, the dependencies are downloaded from the appliance Server. To enable this setting, click the Failover To K1000 check box on the Replication Share : Edit Detail page. Repeat this step to add additional new dependencies as necessary. 7. Click Add Task Section to add a new task. The process flow of a task is a script similar to the following: IF Verify THEN Success ELSE IF Remediation THEN Remediation Success ELSE Remediation Failure 8. Attempts Under Policy or Job Rules, set the following options for Task 1: Enter the number of times the script attempts to run. If the script fails, but remediation is successful, you may want to run the task again to confirm the remediation step. To do this, set the number of Attempts to 2 or more. If the Verify section fails, it is run the number of times mentioned in this field. Select Break to stop running upon failure. Select Continue to perform remediation steps upon failure. 9. In the Verify section, click Add to add a step, and then select one or more steps to perform. Refer to Appendix B: Adding Steps to Task Sections, starting on page 235. 10. In the On Success and Remediation sections, select one or more steps to perform. Refer to Appendix A: Administering Mac OS Nodes, starting on page 229. 11. In the On Remediation Success and On Remediation Failure sections, select one or more steps to perform. Refer to Appendix A: Administering Mac OS Nodes, starting on page 229. To remove a dependency, task, or step, click the trash can icon item. This icon appears when your mouse hovers over an item. beside the

On Failure

Click beside Policy or Job Rules to view the token replacement variables that can be used anywhere in the K1000 Management Appliance script. The variables are replaced at runtime with appropriate values on the node. For more information, refer to Token Replacement Variables, on page 147.

Administrator Guide, Version 5.2

151

Using the Scripting Features

To add an Online Shell Script

1. 2. Click Scripting > Scripts. In the Choose Action menu, click Add New Item . The Script: Edit Detail page appears. 3. In the Configuration area, enter the following information: Select the Online Shell Script type. Enter a meaningful name for the script to make it easier to distinguish from others listed on the Scripts tab. (Optional) Enter a brief description of the actions the script performs. This field helps you to distinguish one script from another on the Scripts tab. Indicate whether the script is in development (Draft) or has been rolled out to your network (Production). Use the Template status if you are building a script to use as the basis for future scripts. Click to run the script on the target machines. Do not enable a script until you are finished editing and testing it and are ready to run it. Enable the script on a test label before you enable it on all machines. (Optional) Enter any notes.

Script Type Name Description

Status

Enabled

Notes 4.

Specify the deployment options: Click to deploy the script to all the machines. Select a label to limit deployment to machines in that label. Press CTRL and click labels to select more than one label.

Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines: Pick Specific OS Versions: Supported Operating Systems

You can limit deployment to one or more machines. From the dropdown list, select machines to add to the list. You can filter the list by entering filter options. Select to limit the script to specific operating stem versions. Otherwise, the script runs on all versions of the operating systems you pick. Select operating systems to run the script on, or leave blank to run it on all. The operating systems you select here determine choices available to you in the Task options menus. The options are different for different operating systems. If you pick more than one operating system, only the options available for all of the operating systems are offered. If you selected a label as well, the script only runs on machines with that label if they are also running the selected operating system.

152

Administrator Guide, Version 5.2

Using the Scripting Features

Scheduling

In the Scheduling area, specify when and how often the script runs. Dont Run on a Schedule The test runs in combination with an event rather than on a specific date or at a specific time. Use this option in combination with one or more of the Also choices below. For example, use this option in conjunction with Also Run at User Login to run whenever the user logs in. Run Every nth minutes/ hours Run Every day/specific day at HH:MM AM/PM Custom Schedule The test runs on the interval of hour and minutes specified. The test runs on the specified time on the specified day. This option allows you to set an arbitrary schedule using standard cron format. For example, 1,2,3,5,20-25,30-35,59 23 31 12 * * means: On the last day of year, at 23:01, 23:02, 23:03, 23:05, 23:20, 23:21, 23:22, 23:23, 23:24, 23:25, 23:30, 23:31, 23:32, 23:33, 23:34, 23:35, 23:59. The appliance doesnt support the extended cron format.

Click Run Now to immediately push the script to all machines. Use this option with caution. For more information about the Run Now button, refer to Using the Run Now function, on page 156. To browse for and upload files required by the script, click Add new dependency, click Browse, and then click Open to add the new dependency file. If a Replication Share is specified and enabled at Distribution > Replication, the dependencies are still downloaded from the appliance server, because Replication is not supported by online shell scripts. Repeat this step to add additional new dependencies as necessary.

7. Script Text

Specify the following: Enter the relevant script text. Enter the value in minutes, the maximum time, for which the server tries for execution of the script. Select to upload dependency file, if any, to the node. Specify the directory path and file name.

Timeout (minutes) Upload File

Delete Downloaded Select to delete the downloaded files from the node. Files To remove a dependency, click the trash can icon beside the item. This icon appears when your mouse hovers over an item.

Administrator Guide, Version 5.2

153

Using the Scripting Features

Click beside Policy or Job Rules to view the token replacement variables that can be used anywhere in the K1000 Management Appliance script, and are replaced at runtime on the node with appropriate values. For more information, refer to Token Replacement Variables, on page 147.

Editing Scripts
On the Script: Edit Detail page, you can edit the three types of scripts: Offline KScripts, Online KScripts, and Online Shell Scripts. You can also edit Offline KScripts and Online KScripts by using the wizard or with the XML editor. To use the XML editor, click the View raw XML editor link below the Scheduling option.

To edit a script
1. 2. Click Scripting > Scripts. Click the name of the script you want to edit. The Script: Edit Detail page appears. 3. 4. Modify the script as desired. Click Save.

To delete a script from the Scripts page

1. 2. 3. 4. Click Scripting > Scripts. Click the check box beside the script you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click OK to confirm deletion.

To delete a script from the Scripts Edit page

1. 2. Click Scripting > Scripts. Click the name of the script you want to delete. The Script: Edit Detail page appears. 3. 4. Click Delete. Click OK to confirm deletion.

Importing Scripts
If you prefer to create your script in an external XML editor, you can upload your finished script to the K1000 Management Appliance. Be sure that the imported script conforms to the following structure:

The root element <kbots></kbots> includes the URL of the KACE DTD kbots xmlns=http://kace.com/Kbots.xsd>...<kbots> One or more <kbot> elements.

154

Administrator Guide, Version 5.2

Using the Scripting Features

Exactly one <config> element within each <kbot> element. Exactly one <execute> element within each <config> element. One or more <compliance> elements within each <kbot> element.

The following is an example of XML structure for an appliance script: <?xml version=1.0 encoding=utf-8 ?> <kbots xmlns=http://kace.com/Kbots.xsd> <kbot> <config name=name= type=policy id=0 version=version= description=description=> <execute disconnected=false logged_off=false> </execute> </config> <compliance> </compliance> </kbot> </kbots> In the above example of a simple XML script, the </config> element corresponds to the Configuration section on the Script: Edit Detail page. This is where you specify the name of the policy or job (optional), and the script type (policy or job). Within this element you can also indicate whether the script can run when the target machine is disconnected or logged off from the appliance. You can specify whether the script is enabled and describe the specific tasks the script is to perform within the <compliance> element. If you are creating a script that will perform some of the same tasks as an existing script, copy the existing script, and open it in an XML editor. The scripts <compliance> element gives you an idea of how the script works, and how you can change it. For more information, refer to To Duplicate an existing Script, on page 155.

To import an existing script

1. 2. Click Scripting > Scripts. In the Choose Action menu, click Import from XML. The Script: Edit Detail page appears. 3. Paste the existing script into the space provided, and click Save.

To Duplicate an existing Script

If you have already created a script that is similar to a proposed script, the duplicate feature makes it easier to copy the script as a start for a new script.

Administrator Guide, Version 5.2

155

Using the Scripting Features

1. 2.

Click Scripting > Scripts. Click the linked name of the script you want to copy to open it for editing. The Script: Edit Detail page appears.

Click Duplicate. The Scripts list page appears, which includes a new script named Copy of xxx, where xxx is the name of the copied script.

Click the linked name of the copied script to open it for editing. Continue by following the steps in Adding Scripts, on page 148.

Using the Run Now function

The Run Now function provides a way for you to run scripts on selected machines immediately without setting a schedule. For example, you may want to use this function if you:

Suspect machines on your network are infected with a virus or other vulnerability, and they can compromise the entire network if not resolved right away. Want to test and debug scripts on a specific machine or set of machines during development.

The Run Now function is available in three locations:

Run Now tabRunning Scripts from the Scripting > Run Now tab allows you to run one script at a time on the target machines. Script: Edit Detail PageRunning Scripts from the Script : Edit Detail page allows you to run one script at a time on the target machines. Scripts List PageRunning scripts from the Scripts List Page using the Run Now option from the Choose Action menu allows you to run more than one script at the same time on the target machines.

To run scripts using the Run Now tab

CAUTION: A script is deployed immediately when you click Run Now: Use this feature cautiously! Do not deploy unless you are certain that you want to run the script on the target machines. 1. Click Scripting > Run Now. The Run Now page appears. 2. Select the Script you want to run in the Scripts list.

156

Administrator Guide, Version 5.2

Using the Scripting Features

You can use the Filters options to filter the Scripts list. 3. Select the machines on which Script needs to run from the Inventory Machines list. Selected machine names appear in the Machine Names field. You can use the Filters to filter the machine names list. You can add all the machines by clicking Add All.

At least one machine name is required. 4. Click Run Now to run the selected script.

Run Now from the Script Detail page

To minimize the risk of deploying to unintended target machines, create a label that represents the machines you want to run the Run Now function on. Refer to Using the Run Now function, on page 156, for more information. 1. 2. Click Scripting > Scripts. Select the script you want to run. The Script: Edit Detail page appears. 3. Select the labels that represent the machines on which you want to run the script. Press CTRL to select multiple labels. 4. Scroll to the bottom of the Scheduling section, and then click Run Now. A confirmation dialog box appears if you have made any changes. 5. Click OK in the confirmation dialog box to save any unsaved changes before running. The Run Now Status page is displayed after the script is run.

To use the Run Now function from the Scripts Lists Page
To minimize the risk of deploying to unintended target machines, create a label that represents the machines you want to run the Run Now function on. Refer to Using the Run Now function, on page 156, for more information. 1. 2. 3. Click Scripting > Scripts. Select the scripts you want to run. From the Choose Action menu, click Run Now.

Monitoring Run Now Status

When you click Run Now or select Run Now from the Choose Action menu, the Run Now Status tab appears where you can see a new line item for the script.

The Pushed column indicates the number of machines on which the script is attempting to run. The Completed column indicates the number of machines that have finished running the script.

Administrator Guide, Version 5.2

157

Using the Scripting Features

The numbers in these columns increment accordingly as the script runs on all of the selected machines. The icons above the right-hand column provide further details of the script status. Icon The script completed successfully. The script is still being run, therefore its success or failure is unknown. An error occurred while running the script. If errors occurred in pushing the scripts to the selected machines, you can search the scripting logs to determine the cause. For more information about searching logs, refer to Searching the Scripting Log Files, on page 158. The Run Now function communicates over port 52230. One reason a script might fail to deploy is if firewall settings are blocking the appliance Agent from listening on that port. Description

Run Now Detail Page

For more information on a Run Now item, click the linked start time on the Run Now Status page to display the items Run Now Detail page. The Run Now Detail page displays the results of a script that was run manually using the Run Now function, instead of running it on a schedule. The Run Now Statistics section displays the results of a script that was pushed, the push failures, push successes, completed machines, running machines, successes and failures in numbers and percentage. The Push Failures section lists those machines that the server could not contact and therefore did not receive the policy. Once pushed, it may take some time for the machine to complete a policy. Machines that have received the policy, but have not reported their results, are listed in the Scripts Running section. After the policy is run, it reports either success or failure. The results are sorted under the appropriate section. Each individual computer page also has the results of the Run Now events run on that machine. The Run Failures section lists those machines that failed to complete the script. The Run Successes section lists those machines that completed the script successfully.

Searching the Scripting Log Files

The Search Logs page allows you to search the logs uploaded to the K1000 Management Appliance by the machines on your network.

To search scripting logs

1. 2. Click Scripting > Search Logs. Enter keywords for the scripts in the Search for field.

158

Administrator Guide, Version 5.2

Using the Scripting Features

You can use the following operators to change how the logs are searched: Operator + * Function A leading plus sign indicates the word must be present in the log. A leading minus sign indicates the word must not be present in the log. A trailing asterisk can be used to find logs that contain words that begin with the supplied characters. A phrase enclosed in double quotes matches only if the log contains the phrase exactly as typed. To search only in logs uploaded by a particular script, choose the script name. Select the log type to search in from the drop-down list. You can choose from the following options: 5. 6. 7. Output Activity Status Debug

3. 4.

In the Historical field, select whether to search in only the most recent logs or in all logs from the drop-down list. In the Labels field, select a label from the drop-down list to search logs uploaded by machines in a particular label group. Click Search. The search results display the logs and the machines that have uploaded the logs.

You can apply a label to the machines that are displayed by selecting a label from the dropdown list, under search results.

About the Configuration Policies

The Configuration Policy page displays a list of wizards you can use to create policies that manage various aspects of the computers on your network. To access the list of available Configuration Policy wizards, click the Scripting button, then select the Configuration Policy tab. This section includes descriptions of the settings for each of the policies you can create. The Windows-based wizards include:

Enforce Registry Settings, on page 160. Remote Desktop Control Troubleshooter, on page 161. Enforce Desktop Settings, on page 161.

Administrator Guide, Version 5.2

159

Using the Scripting Features

Desktop Shortcuts Wizard, on page 162. Event Log Reporter, on page 162. MSI Installer Wizard, on page 163. UltraVNC Wizard, on page 165. Un-Installer Wizard, on page 166. Windows Automatic Update Settings policy, on page 167. Power Management Wizard, on page 168.

For details, see Using the Windows-based Policies, on page 160. The Mac OS-based wizards include:

Enforce Power Management Settings, on page 169. Enforce VNC Settings, on page 170. Enforce Active Directory Settings, on page 171.

For details, see Using the Mac OS Configuration-based Policies, on page 169.

Using the Windows-based Policies

The following sections explain how to use the default policies available to Windows systems. If you edit a Wizard-based policy, keep the Run As setting as local system.

Enforce Registry Settings

This wizard allows you to create scripts that enforce registry settings: 1. 2. 3. 4. Use regedit.exe to locate and export the values from the registry that you are interested in. Open the .reg file that contains the registry values you want with notepad.exe and copy the text. Click Scripting > Configuration Policy. Click Enforce Registry Settings. The Configuration Policy : Enforce Registry Settings page appears. 5. 6. 7. 8. Enter a policy name in the Policy Name field. Paste the copied registry values into the Registry File field. Click Save. The Script: Edit Detail page appears. Enable and set a schedule for this policy to take effect.

A new script is created, which checks that the values in registry file match the values found on the target machines. Any missing or incorrect values are replaced. Refer to Adding Scripts, on page 148, for more information.

160

Administrator Guide, Version 5.2

Using the Scripting Features

Remote Desktop Control Troubleshooter

This editor creates a troubleshooting script for the K1000 Management Appliance Remote Control functionality. The script that this page generates tests the following:

Terminal Services: To access a Windows XP Professional machine using Remote Desktop, Terminal Services must be running. This script verifies that this is the case. Firewall Configuration: If the Windows XP SP2 Firewall is running on the machine, several different configurations can affect results in Remote Desktop requests being blocked by the firewall.

To troubleshoot remote behavior

1. 1. Click Scripting > Configuration Policy. Click Remote Desktop Control Troubleshooter. The Configuration Policy : Remote Control Troubleshooter page appears. 2. 3. 4. Under Firewall Configuration, specify the required settings. Click Save. The Script: Edit Detail page appears. Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 148, for more information.

Enforce Desktop Settings

This wizard allows you to build policies that affect the user's desktop wallpaper. The wallpaper bitmap file is distributed to each machine affected by the policy. This file must be in bitmap (.bmp) format.

To create a policy to enforce Desktop Settings

1. 1. 2. 3. 4. Click Scripting > Configuration Policy. Click Enforce Desktop Settings. Click the Use wallpaper check box. Click Browse to select and upload the .bmp file to use for the wallpaper. Select a position for the wallpaper image from the Position drop-down list. 5. Select Stretch to stretch the image so that it covers the entire screen. Select Center to display the image in the center of the screen. Select Tile to repeat the image over the entire screen.

Click Save. The Script: Edit Detail page appears.

Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 148 for more information.

Administrator Guide, Version 5.2

161

Using the Scripting Features

Desktop Shortcuts Wizard

This wizard allows you to quickly create scripts that add shortcuts to users' Desktop, Start Menu, or Quick Launch bar. You can create an Internet shortcut and put a URL to the target with no parameters and working shortcut.

To create scripts to add shortcuts

1. 2. Click Scripting > Configuration Policy. Click Desktop Shortcuts Wizard. The Configuration Policy : Enforce Shortcuts page appears. 3. 4. 5. Enter a name for the desktop shortcut policy in the Policy Name field. Click Add Shortcut. Specify the shortcut details. Enter the text label that appears below or beside the shortcut. Enter the application or file that is launched when the shortcut is clicked, for example, Program.exe. Enter the any command line parameters. For example: /S /IP=123.4 Enter the changes to the current working directory. For example: C:\Windows\Temp Select the location where the shortcut appears from the drop-down list. Options include: Desktop, Quick Launch, and Start Menu.

Name Target Parameters WorkingDir Location

6. 7. 8.

Click Save Changes to save the new shortcut. Click Add Shortcut to add more shortcuts. To edit or delete a shortcut, hover over a shortcut and click the Trash can icon that appears. Click Save. The Script: Edit Detail page appears.

Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 148, for more information.

Event Log Reporter

This wizard creates a script that queries the Windows Event Log and uploads the results to the K1000 Management Appliance.

To create an Event Log query

1. 2. Click Scripting > Configuration Policy. Click Event Log Reporter. The Configuration Policy : Event Log Reporter page appears.

162

Administrator Guide, Version 5.2

Using the Scripting Features

Specify query details: Enter the name of the log file created by the script. Enter the type of log you want to query: Application, System, and Security. Enter the type of event you want to query: Information, Warning, and Error. (Optional) Use this field to restrict the query to events from a specific source.

Output filename Log file Event Type Source Name

Click Save. The Script : Edit Detail page appears.

Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 148 for more information.

6. 7.

You can view the Event log in the Computers : Detail page of the particular machine, by selecting Inventory > Computers. In Scripting Logs, under Currently Deployed Jobs & Policies, click the View logs link beside Event Log.

MSI Installer Wizard

This wizard helps you set the basic command line arguments for running MSI-based installers. Refer to the MSDN website (msdn.microsoft.com) for complete options documentation.

To create the MSI Installer policy

1. 1. Click Scripting > Configuration Policy. Click MSI Installer Wizard. The Configuration Policy : MSI Wizard page appears. 2. Action Software MSI filename User Interaction Installation Directory Additional Switches Enter the following information: Select a task from the drop-down list. Options include Install, Uninstall, Repair missing files, and Reinstall all files. Select the application you want to install, uninstall, or modify from the drop-down list. You can filter the list by entering any filter options. Specify the MSI filename if it is a zip. Select an option to specify how the installation should appear to end users. Options include: Default, Silent, Basic UI, Reduced UI, and Full UI. Enter the installation directory. Enter details of any additional installer switches. Additional Switches are inserted between the msiexe.exe and the /i foo.msi arguments.

Administrator Guide, Version 5.2

163

Using the Scripting Features

Additional Properties

Enter details of any additional properties. Additional Properties are inserted at the end of the command line. For example: msiexec.exe /s1 /switch2 /i patch123.msi TARGETDIR=C:\patcher PROP=A PROP2=B Enter the features to install. Separate features with commas. Select this box to do per-machine installations only. Select the behavior after installation. Options include: Delete installer file and unzipped files Delete installer file, and leave unzipped files Leave installer file, and delete unzipped files Leave installer file and unzipped files

Feature List Store Config per machine After install

Restart Options

Select the restart behavior. Options include: No restart after installation Prompts user for restart Always restart after installation Default

Logging

Select the types of installer messages to log. Press CTRL and click to select multiple message types. Options include: None All Messages Status Messages Non-fatal warnings All error messages Start up actions Action-specific records User requests Initial UI parameters Out-of-memory or fatal exit information Out-of-disk-space messages Terminal properties Append to existing file Flush each line to the log

Log File Name 3.

Enter the name of the log file. Click Save. The Script: Edit Detail page appears.

164

Administrator Guide, Version 5.2

Using the Scripting Features

Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 148 for more information.

UltraVNC Wizard
The UltraVNC Wizard creates a script to distribute UltraVNC to Windows computers on your network. UltraVNC is a free software application that allows you to remotely log into another computer (through the Internet or network). Refer to the UltraVNC website (www.uvnc.com) for documentation and downloads. To distribute UltraVNC to the computers on your network 1. 2. Click Scripting > Configuration Policy. Click UltraVNC Wizard. The Configuration Policy : Ultra VNC Wizard page appears. 3. Install Options Specify UltraVNC installation and authentication options: Install Mirror Driver Check the Mirror Driver box to install the optional UltraVNC Mirror Video Driver. The Mirror Video Driver is a driver that allows faster and more accurate updates. The video driver also makes a direct link between the video driver framebuffer memory and UltraWinVNC server. Using the framebuffer directly eliminates the use of the CPU for intensive screen blitting, resulting in a big speed boost and very low CPU load. Check the Viewer box to install the optional UltraVNC Mirror Video Driver. Provide a VNC password for authentication. To use MS Logon authentication, and to export the ACL from your VNC installation, use: MSLogonACL.exe /e acl.txt Copy and paste the contents of the text file into the ACL field. Review the script that is generated by this wizard to make sure its output is expected. You can view the raw script by clicking View raw XML Editor on the Script Detail page.

Install Viewer Authentication VNC Password Require MS Logon

4. Disable Tray Icon

Specify UltraVNC miscellaneous options: Select this box if you do not want to display the UltraVNC tray icon on the target computers. Select if you do not want to display node options in the tray icon menu on the target computers. Available if you did not select Disable Tray Icon.

Disable client options in tray icon menu

Administrator Guide, Version 5.2

165

Using the Scripting Features

Disable properties panel Forbid the user to close down WinVNC 5. Click Save.

Select to disable the UltraVNC properties panel on the target computers. Select if you do not want to allow computer users to shut down WinVNC.

The Script: Edit Detail page appears. 6. Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 148, for more information.

Un-Installer Wizard
This wizard allows you to quickly build a script to uninstall a software package. The resulting script can perform three actions: Execute an uninstall command, Kill a process, and Delete a directory.

To create an uninstaller script

1. 2. Click Scripting > Configuration Policy. Click Un-Installer Wizard. The Configuration Policy : Uninstaller page appears. 3. Job Name Software Item Enter the following information: Enter a name for the uninstaller script. Select the software item to uninstall from the drop-down list. The wizard attempts to fill in the correct uninstall command. Verify that the values are correct. Uninstall Command Directory Uninstall Command File Uninstall Command Parameters Kill Process To have a process killed before executing the uninstall command, enter the full name of the process in the Kill Process field. For example: notepad.exe To have a directory deleted after executing the uninstall command, enter the full name of the directory in the Delete Directory field here. For example: C:\Program Files\Example_App\. Click Save. The Script: Edit Detail page appears. 5. Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 148 for more information. When you select the software item, the wizard attempts to fill in the uninstall command directory, file, and parameters. Review the entries to make sure the values are correct.

Delete Directory.

166

Administrator Guide, Version 5.2

Using the Scripting Features

Windows Automatic Update Settings policy

The K1000 Management Appliance provides a way for you to control the behavior of the Windows Update feature. This feature allows you to specify how and when Windows updates are downloaded so that you can control the update process for the computers on your network. The configuration settings reside under the Scripting > Configuration Policy tab. More detailed information can be found at Microsoft's support site: KB Article 328010.

To modify Windows Automatic Update settings

1. 2. Click Scripting > Configuration Policy. Click Windows Automatic Update Settings. The Windows Automatic Update Policy page appears. 3. Enter the following information: Select this option to enable automatic downloading of Windows Updates. Select to ensure that you receive the latest downloads, but control their installation. Select to provide the additional flexibility in installation of updates. Important: This may make your network more vulnerable to attack if you neglect to retrieve and install the updates on a regular basis. Select if you are using the appliance patching feature to manage Microsoft patch updates. Select to provide users with the control over the updates downloaded. Important: This may make end-users, and as a result your network, more vulnerable to attack. Select the interval (in minutes) from the Reschedule Wait Time drop-down list to wait before rescheduling an update if the update fails. Select to specify no reboot while a user is logged in.

Automatic (recommended) Download updates for me, but let me choose when to install them. Notify me but dont automatically download or install them. Turn off Automatic Updates Remove Admin Policy. User allowed to configure. Reschedule Wait Time

Do not reboot machine while user logged in 4. 5.

Enter the details for the SUS Server and SUS Server Statistics. Click Save. The Script: Edit Detail page appears.

Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 148, for more information.

To start the Automatic Windows Update on a node

You can start the Automatic Windows Update on the node using one of these methods:

Administrator Guide, Version 5.2

167

Using the Scripting Features

Enabling automatic windows updates settings policy of the appliance on the node. Enabling local policy for automatic deployment of windows update on the node. Modifying the registry key for automatic deployment of windows update on the node. Setting up the group policy on the domain for automatic deployment of windows update on the node. Configuring the patching functionality for automatic deployment of windows update on the node. If you are using the patching functionality for automatic deployment of Windows updates on the node, you must disable the automatic deployment of Windows updates on the node by any other process to avoid the conflict between the different deployment processes.

Power Management Wizard

The Power Management Wizard enables you to configure power management settings to determine and/or decrease the amount of time your computers are drawing power.

To enable power management on a Windows XP System, you need EZ GPO. The Power Management Wizard automatically downloads EZ GPO when run on a Windows XP system. EZ GPO is a free tool that works in conjunction with Group Policy Objects on Windows XP. For more information on EZ GPO, see: http://www.energystar.gov On Windows 7 and Vista machines, power management is configured using the built-in powercfg command. (EZ GPO does not work on these platforms.)

About monitoring power use

Most power companies are concerned with the consumption of desktop systems, but not laptops. For example, to collect information of desktop systems:

Create a Smart Label in Inventory for the chassis type. Create reports grouping machines by the chassis type. Make a Smart Label in Inventory for Uptime since last reboot that contains the number of days that concern you.

To get an overview of your power consumption, run reports about power management for about a month. Go to Reporting > Reports, to see the available reports in the Power Management category. You can also configure how long node uptime information is retained. See To configure general settings for the server, on page 19. This is one of the last configuration options.

To configure Power Management

1. 2. 3. Click Scripting > Configuration Policy. Select Power Management. On the Windows Configuration Policy page, select your target operating system.

168

Administrator Guide, Version 5.2

Using the Scripting Features

If you manage Windows XP systems, refer to the side bar help. If you handle Windows Vista or Windows 7, you can select one of standard configurations: Balanced, High Performance, Power Saver, or Custom.

Click Save. The Script : Edit Detail page opens.

5. 6. 7.

Select the value for Status. (Optional) Enter any Notes. Limit the script to the appropriate version of Windows by doing one or both of the following: In the Deployment section, use labels to limit the deployment of the script to computers that run the corresponding version of Windows. In the Supported Operating Systems section, click Pick Specific OS version and select the supported version of Windows.

For example, if you select Deploy to All Machines, you can use click the check box for Pick Specific OS Version to limit it to a specific version of Windows. Windows XP: Keep the default Run as Local System with any script created in a wizard. Run As options are offered with Online KScripts like the Windows XP version of the Power Management script. 8. 9. (Optional) Alert users before run. (Optional) Change Scheduling to your preferences.

10. Click Save.

Using the Mac OS Configuration-based Policies

The following sections explain how to use the default policies available to Mac OS systems:

Enforce Power Management Settings, on page 169. Enforce VNC Settings, on page 170. Enforce Active Directory Settings, on page 171.

Enforce Power Management Settings

This policy offers you these different energy management profiles to configure and use on your Mac OS-based systems:

Better energy savings Normal Better Performance Custom

Administrator Guide, Version 5.2

169

Using the Scripting Features

You can tailor each of the profiles to these power sources:

All Battery Charger (Wall Power) UPS

Power usage settings are a trade-off between CPU usage and power usage. Most of the settings are on/off check boxes to apply or remove options. You can add time periods, in numbers, to the Sleep settings. The policy options are shown below: Figure 9-2: The Mac Power Management page

Enforce VNC Settings

This configuration policy controls enables/disables the Mac OS built-in VNC server.

170

Administrator Guide, Version 5.2

Using the Scripting Features

Figure 9-3: The Enforce VNC Settings page

Enforce Active Directory Settings

You use this policy to add or remove a computer from your domain by:

Choosing to add or remove a system. Entering your administrator credentials. The resulting script assumes that you have root access and shows your password unencrypted (clear text), so make sure that anyone using this script is trusted.

Specifying the LDAP domain name and user authentication information. Deciding on the other options you have for this system as shown below.

You can also use this policy to ensure that your Mac OS nodes check into your Active Directory database.

Administrator Guide, Version 5.2

171

Using the Scripting Features

Figure 9-4: The Enforce Active Directory Settings page

172

Administrator Guide, Version 5.2

10
Maintaining Your K1000 Management Appliance

This chapter describes the most commonly used features and functions for maintaining and administering K1000 Management Appliance.

K1000 Management Appliance maintenance overview, on page 173 Backing up K1000 Management Appliance data, on page 174. Restoring K1000 Management Appliance settings, on page 176. Updating K1000 Management Appliance software, on page 177. Updating OVAL definitions, on page 180. Troubleshooting K1000 Management Appliance, on page 180. Windows debugging, on page 182.

K1000 Management Appliance maintenance overview

The Server Maintenance page allows you to perform a variety of functions to maintain and update your K1000 Management Appliance, for example:

Access the most recent appliance server backups Upgrade your appliance server to a newer version Retrieve updated OVAL definitions Restore to backed-up versions and also create a new backup of the appliance at any time

The Server Maintenance tab also enables you to reboot and shut down the appliance, as well as update appliance license key information. From the Server Maintenance tab you can:

Upgrade the appliance Update OVAL vulnerability definitions Create a backup appliance Enter or update the appliance License Key Restore to most recent backup Restore to factory default settings

Administrator Guide, Version 5.2

173

Maintaining Your K1000 Management Appliance

Restore from uploaded backup files Reboot your appliance Reboot with extended database check Shut down your appliance

Upgrading your appliance

KACE provides new server software patches on the corporate server. Your appliance checks kace.com nightly for recommended upgrades, which you can apply from the server maintenance page.

To upgrade your K1000 Management Appliance

1. 2. 3. 4. From the Organization drop-down list, select System. Go to K1000 Settings > Server Maintenance. Click Edit Mode. Click Check for Upgrade. If the upgrade is available, the label Available Upgrade along with the build number is displayed. Click Release Notes to view the release notes of the available build. If the upgrade is not available, the label Your K1000 is up to date, is displayed. 5. Click Upgrade Now to upgrade to the available build. When the appliance has finished upgrading, reboot it to use the latest features.

Backing up K1000 Management Appliance data

By default, your K1000 Management Appliance automatically backs up at 3 A.M., creating two files on the backup drive:

k1000_dbdata.gz, containing the database backup k1000_file.tgz, containing any files and packages you have uploaded to the appliance.

To run the appliance backup manually

To run a K1000 Management Appliance backup before the nightly backup occurs, run the backup manually: 1. 2. 3. 4. From the Organization drop-down list, select System. Go to K1000 Settings > Server Maintenance. Click Edit Mode. In the K1000 Controls section, click Run Backup. After creating the backup, the Settings > Logs tab appears.

174

Administrator Guide, Version 5.2

Maintaining Your K1000 Management Appliance

Downloading backup files to another location

The backup files are used to restore your K1000 Management Appliance configuration in the event of a data loss or during an upgrade or migration to new hardware. The K1000 Management Appliance contains only the most recent full backup of the files. For a greater level of recoverability (for instance if you wanted to keep rolling backups), you can offload the backup files to another location so that they can be restored later if necessary. You can access the backup files for downloading from the Administrator UI as well as through ftp.

To change backup file location

1. 2. 3. From the Organization drop-down list, select System. Go to K1000 Settings > Server Maintenance. In the K1000 Controls section, click the backup links: 4. k1000_dbdata.gz contains the database backup k1000_file.tgz contains the files and packages you uploaded to the K1000 Management Appliance

Click Save in the dialog box that appears. In Internet Explorer, use Browse to specify a location for the files and click Save. In Firefox, you must have previously set the download location.

To access the backup files through ftp

1. 2. Open a command prompt. At the C:\ prompt, enter:

ftp k1000 3. Enter the login credentials: Username: kbftp, password: getbxf 4. Enter the following commands:

> type binary > get k1000_dbdata.gz > get k1000_file.tgz

Administrator Guide, Version 5.2

175

Maintaining Your K1000 Management Appliance

>close >quit

Restoring K1000 Management Appliance settings

You use backup files to restore your appliance configuration in the event of a data loss, or to transfer the setting during an upgrade or migration to new hardware. Restoring any type of backup file destroys the data currently configured in the appliance server. Dell recommends off-loading any backup files or data that you want to keep before performing a restore. If your backup files are too large to upload using the default HTTP mechanism (the browser times out), you can upload them using FTP. To upload using FTP, enable the Enable backup via FTP and Make FTP writable security settings. For details see Configuring Security Settings for the Server, on page 25.

Restoring from most recent backup

The appliance has a built-in ability to restore files from the most recent backup directly from the backup drive. You can access the backup files from the Administrator UI or through ftp.

To restore from the most recent backup

1. 2. 3. 4. From the Organization drop-down list, select System. Go to K1000 Settings > Server Maintenance. Click Edit Mode. Click Restore from Backup.

Uploading files to restore settings

If you have off-loaded your backup files to another location, you can upload those files manually, rather than restoring from the backup files stored on the K1000 Management Appliance.

To upload backup files

1. 2. 3. 4. Go to Settings > Server Maintenance. Scroll down and click the Edit Mode. In the K1000 Restore section, click Browse and locate the backup file. Click Restore from Upload Files.

Restoring to factory settings

The appliance has a built-in ability to restore the itself back to its factory settings. To view the factory settings refer to To set up your K1000 Management Appliance server, on page 3.

176

Administrator Guide, Version 5.2

Maintaining Your K1000 Management Appliance

To restore to factory settings

1. 2. 3. Go to Settings > Server Maintenance. Scroll down and click Edit Mode. Click Restore Factory Settings.

Updating K1000 Management Appliance software

Part of maintaining your Dell KACE K1000 Management Appliance appliance involves updating the software that runs on the K1000 Management Appliance server. This process also involves:

Verifying that you are using the minimum required version of the K1000 Management Appliance Updating the license key in the Dell KACE K1000 Management Appliance to obtain the current product functionality.

To verify the minimum server version

Before applying this update, verify your K1000 Management Appliance server version meets the minimum version requirement. 1. 2. 3. Open your browser, and go to the URL for the K1000 Management Appliance appliance (http://k1000/admin). Select the About K1000 link located at the lower left of the screen. The System Management Appliance line (below license agreement) contains the release number, as shown in Figure 10-1 on page 178.

Administrator Guide, Version 5.2

177

Maintaining Your K1000 Management Appliance

Figure 10-1: About K1000

Updating the license key

After installing an upgrade to the Dell KACE K1000 Management Appliance server, you may need to enter a new KACE license key to fully activate the K1000 Management Appliance. You need the new license key to upgrade your appliance.

Updating your Dell KACE K1000 Management Appliance license key

1. 2. 3. 4. Go to Settings > Server Maintenance. Scroll down and click Edit Mode. Under License Information, enter your new license key. Click Save License.

Applying the server update

If you are using a previous version of the Dell KACE K1000 Management Appliance, you must apply the earlier updates separately before continuing. Refer to the release notes for

178

Administrator Guide, Version 5.2

Maintaining Your K1000 Management Appliance

your version of the Dell KACE K1000 Management Appliance to determine the minimum updates.

To apply the server update

1. 2. 3. 4. 5. 6. Download the k1000_upgrade_server_XXXX.bin file, and save it locally. Open your browser to http://k1000/admin. Go to Settings > Server Maintenance. Scroll down and click Edit Mode. Under Update K1000, click Browse, and locate the update file you just downloaded. Click Update K1000. When the file has completed uploading, your K1000 Management Appliance will reboot with the latest features.

To verify the upgrade

After applying the upgrade, verify successful completion by reviewing the update log. 1. 2. 3. 4. Go to Settings > Logs. Select Updates from the Current log drop-down list. Review the Update log for any error messages or warnings. Click About K1000 in the upper right corner to verify the current version.

Updating patch definitions from KACE

Although the definitions for Microsoft patches are updated automatically on a scheduled basis, you can retrieve the latest files manually from the Server Maintenance page.

To update the patch definitions

1. 2. 3. Go to Settings > Server Maintenance. Scroll down and click Edit Mode. Click Update Patching to update your patch definitions.

To delete patch files

You can delete all previously downloaded patches: 1. 2. 3. Go to Settings > Server Maintenance. Scroll down and click Edit Mode. Click Delete Patch Files to delete the patch files.

Administrator Guide, Version 5.2

179

Maintaining Your K1000 Management Appliance

To Reboot and shut down KACE K1000 Appliances

You may need to reboot the appliance from time to time when troubleshooting or possibly upgrading its settings. 1. 2. Click Settings > Server Maintenance. Click Reboot K1000.

Before you can perform hardware maintenance, you need to shut down the appliance before unplugging it. You can shut down the appliance either by:

Pressing the power button once, quickly. Clicking the Shutdown K1000 button on the Settings > Server Maintenance tab. You can use the Reboot and Shutdown buttons after you click the "Edit Mode" link at the bottom of the page.

Updating OVAL definitions

Although the definitions for OVAL vulnerabilities are updated automatically on a scheduled basis, you can retrieve the latest files manually from the Server Maintenance page. For more information about OVAL definitions, see K1000 Security and Patching Guide.

To update the OVAL and patch definitions

1. 2. 3. Go to Settings > Server Maintenance. Scroll down and click Edit Mode. Click Update OVAL.

Troubleshooting K1000 Management Appliance

Your appliance offers several log files that can help you detect and resolve errors. The log files are rotated automatically as each grows in size so no additional administrative log maintenance procedures are required. Log maintenance checks are performed daily. The appliance maintains the last seven days of activity in the logs. KACE Technical Support may request that you send the appliance Server logs if they need more information in troubleshooting an issue. To download the logs, click the Download Logs link. For more information, see Downloading log files, on page 181.

180

Administrator Guide, Version 5.2

Maintaining Your K1000 Management Appliance

Accessing K1000 Management Appliance logs

You can access the appliance Server logs by going to the Settings > Logs tab. Select the appropriate log to view from the Current log drop-down list. This area also provides a reference for any K1000 Management Appliance informational or exception notices. Log Type Hardware Appliance Log Name Disk Status K1000 Log Access Server Errors Stats Updates Node Client Errors AMP Server AMP Queue Description Displays the status of the appliance disk array. Displays the errors generated on the server. Displays the HTTP Server's access information. Displays errors or server warnings regarding any of the onboard server processes. Displays the number of connections the appliance is processing over time. Displays details of any appliance patches or upgrades applied using the Update K1000 function. Displays Agent exception logs. Displays AMP server errors. Displays AMP Queue errors.

Downloading log files

The Dell KACE K1000 Management Appliance provides the ability to directly download the logs into one file from the Admin UI. To help diagnose a problem, Dell KACE Technical support might ask you to submit log files.

To download Dell KACE K1000 Management Appliance logs

1. 2. Go to Settings > Logs. Click Download logs on the right of the Log page. The logs are downloaded in the k1000_logs.tgz file. 3. Click Save.

In addition to the standard logging, you can enable other debug logs on a node:

K1000 Agent Enable debug logging on the node to troubleshoot machine inventory, managed installs and file synchronizations. K1000 AMP Service Enable debug logging on the Windows node to troubleshoot the on-demand running of Desktop Alerts, Run-Now scripts, and Patching. You can enable debug logging by configuring AMP Settings. For information on how to configure the AMP Settings page, refer to Configuring Agent Messaging Protocol Settings, on page 29.

Administrator Guide, Version 5.2

181

Maintaining Your K1000 Management Appliance

Windows debugging
To log on to the AMP service
1. Open the SMMP configuration file: %PROGRAMFILES%\KACE\K1000\SMMP.conf 2. Add the following line: debug=true For more information on debug logging on Linux and Mac OS platforms, refer to Appendix E: Manually Deploying Agents, starting on page 269.

SMMP.conf without debug=true with debug=true

Windows debug.log with basic logging debug.log with detailed logging

Mac OS X agent.log with basic logging agent.log with detailed logging

Linux agent.log with basic logging agent.log with detailed logging

182

Administrator Guide, Version 5.2

Maintaining Your K1000 Management Appliance

Understanding Disk Status log data

When troubleshooting K1000 Management Appliance, you often work with the Disk Status log. If there is a physical problem with the appliance, that issue is reflected here.

K1000 Management Appliance server and agent exceptions are reported nightly to kace.com if you enabled crash reporting on the Settings > General tab.

Administrator Guide, Version 5.2

183

Maintaining Your K1000 Management Appliance

Figure 10-2: Disk Status Log

In the cases where the logs display errors, this section will be helpful to solve any problems. This section does not describe every possible error message, but other possible errors can be resolved by following the same steps: Step Step 1: Rebuild Description The disk status log error Degraded indicates that you need to rebuild the array. To do this: Click Rebuild Disk Array. Rebuilding can take up to 2 hours. If an error state still exists after this, proceed to step 2. Step 2: Power Down and Reseat the Drives In some cases, the degraded array may be caused by a hard-drive that is no longer seated firmly in the drive-bay. In these cases, the disk status will usually show disk missing for that drive in the log. Power down the Dell KACE K1000 Management Appliance. Once the appliance is powered off, eject each of the hard-drives and then re-insert them, making sure that the drive is firmly in the bay. Power the machine back on and then look again at the disk status log to see if that has resolved the issue. If an error state still exists, try rebuilding again or proceed to Step 3.

184

Administrator Guide, Version 5.2

Maintaining Your K1000 Management Appliance

Step Step 3: Call Dell KACE Technical Support

Description If you have performed the previous steps and are still experiencing errors, contact Dell KACE Technical Support by e-mail ([email protected]) or phone (888) 522-3638 option 2.

Administrator Guide, Version 5.2

185

Maintaining Your K1000 Management Appliance

186

Administrator Guide, Version 5.2

11
LDAP

The Dell KACE K1000 Management Appliance LDAP feature lets you to browse and search the data located on an LDAP Server.

About LDAP Labels, on page 187. Creating an LDAP Label Manually, on page 188 Creating an LDAP Label with the Browser, on page 189. Using LDAP Easy Search, on page 190. Using the LDAP Browser Wizard, on page 191. Automatically Authenticating LDAP Users, on page 193.

About LDAP Labels

LDAP Labels allow the automatic labeling of machine records based on LDAP or Active Directory interaction. The search filter queries the LDAP server. If it finds any entries they are automatically labelled. If the LDAP server requires credentials for administrative login (aka nonanonymous login), supply these credentials. If no LDAP user name is given, an anonymous bind is attempted. Each LDAP Label may connect to a different LDAP/AD server. You may bind to an LDAP query based on the following Dell KACE K1000 Management Appliance variables:

Computer Name Computer Description Computer MAC IP Address User name User Domain Domain User

Administrator Guide, Version 5.2

187

LDAP

Creating an LDAP Label Manually

1. 2. Click Home > Label > LDAP Labels. In the Choose Action menu, click Add New Item. The LDAP Label : Edit Detail page appears. Skip the Enabled check box until you have tested the LDAP Label. 3. Enabled Filter Type Associated Label Name Server Hostname Enter the following information: Check this box to enable the appliance to run the label each time a system checks in. Check this box after you have tested the label. Select the LDAP filter type, either Machine or User. Select an existing label to associate with this LDAP label.

Associated Label Notes Any Notes from the label definition are automatically added to this field. Specify the IP or the Host Name of the LDAP Server. Note: For connecting through SSL, use the IP or the Host Name, as ldaps://HOSTNAME If you have a nonstandard SSL certificate installed on your LDAP server you need to contact KACE Support for assistance before proceeding. A nonstandard certificate can be an internally-signed or a chain certificate that is not from a major certificate provider such as Verisign. Enter the LDAP Port number, which is either 389 or 636 (LDAPS). Enter the Search Base DN (Distinguished Names). For example: CN=Users,DC=kace,DC=com Enter the Search Filter. For example: (&(sAMAccountName=admin)(memberOf=CN=financial,DC=ka ce,DC=com)) Enter the LDAP login. For example: LDAP Login: CN=Administrator, CN=Users,DC=kace=com Enter the password for the LDAP login.

LDAP Port Number Search Base DN Search Filter

LDAP Login LDAP Password

If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP Browser Wizard. For more information on the LDAP Browser Wizard, refer to Service Desk Administrator Guide. 4. 5. Click the Test LDAP Label button to test your new label. Change the label parameters and test again as necessary. If the LDAP Label is ready to use, click Enabled. Otherwise, you can save without enabling. 6. Click Save.

Each time a machine checks into the K1000 Management Appliance, this query runs against the LDAP server. The admin value in the Search Filter is replaced with the name of the user

188

Administrator Guide, Version 5.2

LDAP

that is logged onto this machine. If a result is returned, the machine gets the label specified in the Associated Label field. To test your LDAP label, click the Test button and review the results.

You can also create an LDAP Label using the LDAP Browser.

Creating an LDAP Label with the Browser

The LDAP Browser allows you to browse and search the data located on the LDAP Server. For example, Active Directory Server. You must have the Bind DN and Password to log on to the LDAP Server. 1. 2. LDAP Server Go to Home > Labels > LDAP Browser. Specify the LDAP Server Details Enter the IP or the Host Name of the LDAP Server. Note: For connecting through SSL, use the IP or the Host Name, as ldaps://HOSTNAME If you have a nonstandard SSL certificate installed on your LDAP server, such as an internally-signed or a chain certificate not from a major certificate provider such as Verisign, contact KACE Support for assistance before proceeding. Enter the LDAP Port number, either 389 or 636 (LDAPS). Enter the Bind DN. For example: CN=Administrator,CN=Users,DC=kace,DC=com Enter the password for the LDAP login.

LDAP Port LDAP Login LDAP Password 3.

Click Test. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names) available on that directory is displayed. You can use these base DNs as a starting point to browse and search the directory. If the connection was not established, the Operation Failed message appears, which can be due to one of the following reasons: The IP or Host Name provided is incorrect. The LDAP server is not up. The login credentials provided are incorrect.

Click a Base DN, or click Next. A new window displays the Search Base DN and the Search Filter. The Search Base DN is populated on the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN and the Search Filter.

Administrator Guide, Version 5.2

189

LDAP

You can also use the Filter Builder to create complex filters. Click Filter Builder. The Query Builder is displayed. Specify the following information. Enter the Attribute Name. For example, samaccountname. Select the relational operator from the drop-down list. For example, =. Enter the attribute value. For example, admin.

Attribute Name Relational Operator Attribute Value 6.

To add more than one attribute: Select the conjunction operator from the drop-down list. For example, AND. Note: This field is available for the previous attribute only when you add a new attribute.

Conjunction Operator

Add Search Scope

Click Add. You can add multiple attributes. Click One level to search at the same level or click Sub-tree level to search at the sub-tree level. Click OK. The query appears in the Search Filter text area. For example, (samaccountname=admin). 8. Click Browse to display all the immediate child nodes for the given base DN and search filter. Click Search to display all the direct and indirect child nodes for the given base DN and search filter. The search results are displayed in the left panel. 9. Click a child node to view its attributes. The attributes are displayed in the right panel.

Using LDAP Easy Search

You can use LDAP Easy Search to quickly search the data located on the LDAP Server. To use the LDAP Easy Search 1. 2. LDAP Server Go to Home > Label >LDAP Browser. Specify the LDAP Server Details Enter the IP or the Host Name of the LDAP Server. Note: For connecting through SSL, use the IP or the Host Name, as ldaps://HOSTNAME If you have a nonstandard SSL certificate installed on your LDAP server you need to contact KACE Support for assistance before proceeding. A nonstandard certificate can be an internally-signed or a chain certificate that is not from a major certificate provider such as Verisign.

190

Administrator Guide, Version 5.2

LDAP

LDAP Port LDAP Login LDAP Password 3. 4.

Enter the LDAP Port number, either 389 or 636 (LDAPS). Enter the Bind DN. For example: CN=Administrator,CN=Users,DC=kace,DC=com Enter the password for the LDAP login.

Click Test. On a successful connection to the LDAP server, a list of possible base DNs available on that directory is displayed. You can use these base DNs as a starting point to browse and search the directory. If the connection was not established, the Operation Failed message appears. Check the following causes: The IP or Host Name provided is incorrect. The LDAP server is not up. The login credentials provided are incorrect.

Click the Go to LDAP Easy Search link. The LDAP EasySearch page appears.

Enter any key word for search, and click GO. For more specific search you can click the Indexed field option or Non-Indexed field option. You can also specify Other attributes, separated by comma.

Using the LDAP Browser Wizard

The LDAP Browser Wizard enables you to fill in the information for Search Base DN and Search Filter. Using the LDAP Browser Wizard you can browse and search the data located on the LDAP Server. For example, Active Directory Server. You must have the Bind DN and the Password to log on to the LDAP Server.

To use the LDAP Browser Wizard

1. Go to Home > Label >LDAP Browser.

Administrator Guide, Version 5.2

191

LDAP

2. LDAP Server

Specify the LDAP Server Details Enter IP or Host Name of the LDAP Server. Note: For connecting through SSL, use the IP or the Host Name, as ldaps://HOSTNAME If you have a nonstandard SSL certificate installed on your LDAP server you need to contact KACE Support for assistance before proceeding. A nonstandard certificate can be an internally-signed or a chain certificate that is not from a major certificate provider such as Verisign. Enter the LDAP Port number, either 389 or 636 (LDAPS). Enter the Bind DN. For example: CN=Administrator,CN=Users,DC=kace,DC=com Enter the password for the LDAP login.

LDAP Port LDAP Login LDAP Password 3. 4.

Click Test. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names) available on that directory is displayed. You can use these base DNs as a starting point to browse and search the directory. If the connection was not established, the Operation Failed message appears. Check the following causes: The IP or Host Name provided is incorrect. The LDAP Server is not up. The login credentials provided are incorrect.

Click Next or one of the base DNs to advance to the next step. A new window displays the Search Base DN and the Search Filter. The Search Base DN is populated on the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN and the Search Filter.

To create complex filters, click Filter Builder. The Query Builder is displayed.

Specify the following information: Enter the Attribute Name. For example, samaccountname. Select the Relational Operator from the drop-down list. For example, =. Enter the Attribute Value. For example, admin.

Attribute Name Relational Operator Attribute Value 8.

To add more than one attribute: Select the Conjunction Operator from the drop-down list. For example, AND. Note: This field is available for the previous attribute only when you add a new attribute.

Conjunction Operator

192

Administrator Guide, Version 5.2

LDAP

Add Search Scope

Click to add multiple attributes. Click One level to search at the same level or click Sub-tree level to search at the sub tree level. Click OK. The query appears in the Search Filter text area. For example, (samaccountname=admin).

10. Click Browse to display all the immediate child nodes for the given base DN and search filter or click Search to display all the direct and indirect child nodes for the given base DN and Search Filter. The search results are displayed in the left panel. 11. Click a child node to view its attributes. The attributes are displayed in the right panel. 12. Click Next to confirm the LDAP configuration. 13. Click Next to use the displayed settings.

Automatically Authenticating LDAP Users

Instead of setting up users individually on the Users tab, you can configure the K1000 Management Appliance for local authentication or External LDAP Server Authentication. The appliance can then access a directory service (such as LDAP) for user authentication. This allows users to log into the appliance Administrator portal using their domain user name and password, without having to add users individually from the Users tab.

To configure the appliance for user authentication

1. Click Settings > Control Panel. The Settings: Control Panel page appears. 2. Click User Authentication. The K1000 Settings: Authentication page appears. 3. 4. Click the Edit Mode link. Specify the Authentication method you want to use:

K1000 (local Select this option to enable local authentication. (Default) Authentication) If local authentication is enabled, the password is authenticated against the existing entries in the local database at Service Desk > Users.

Administrator Guide, Version 5.2

193

LDAP

External LDAP Server Authentication

Select this option to enable external user authentication. You can use external authentication against an LDAP server or Active Directory server. If External LDAP Server Authentication is enabled, the password is authenticated against the External LDAP Server. Contact KACE customer support if you need assistance with this process.

If the External LDAP Server Authentication is enabled, provide credentials for administrative login. The LDAP user configured should at least have READ access to the search base area. If you do not specify an LDAP user name, an anonymous bind is attempted. 5. 6. Click Edit Mode to edit External LDAP Server Authentication fields. Click the appropriate icons next to the server name to perform described actions: Icon Description Schedules a user import for this server Modifies the server definition Removes the server Changes the order of the server in the list of servers 7. Click Add New Server to add a new LDAP Server. You can have more than one LDAP Server/Directory configured. All servers must have a valid IP address or Host Names entered in the Server Host Name field. Otherwise, the appliance will wait to timeout on an invalid IP address, resulting into login delays when using LDAP Authentication. 8. Complete the LDAP server definition by specifying the following information: Enter a name for the server. Enter IP or Host Name of the LDAP Server. Note: For connecting through SSL, use the IP or the Host Name, as ldaps://HOSTNAME If you have a nonstandard SSL certificate installed on your LDAP server, contact KACE Support for assistance before proceeding. A nonstandard certificate can be an internallysigned or a chain certificate that is not from a major certificate provider such as Verisign. Enter the LDAP Port number, either 389 or 636 (LDAPS).

Server Friendly Name Server Host Name (or IP)

LDAP Port Number

194

Administrator Guide, Version 5.2

LDAP

Search Base DN

Enter the Search Base DN. For example: CN=Users,DC=hq,DC=corp,DC=kace,DC=com

Search Filter

Enter the Search Filter. For example: (samaccountname=admin)

LDAP Login

Enter the LDAP login. For example: CN=Administrator,CN=Users,DC=hq,DC=corp,DC=k ace,DC=com

LDAP Password (if required) Role

Enter the password for the LDAP login. Required. Enter the users role: Admin Role: This user can log on to and access all features of the administrator UI and Service Desk. Admin role is the default role. ReadOnly Admin Role: This user can log on, but cannot modify any settings in the administrator UI or Service Desk. User Role: This user can log on only to the Service Desk. Login Not AllowedThis user cannot log on to the Service Desk. Note: The roles listed above are system provided roles and are not editable. To create a new role, refer to the Service Desk Administrator Guide.

Click Apply to save your changes.

10. To test LDAP settings, enter a password in the Test User password, and then click Test LDAP Settings. If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP Browser Wizard. For more information on how to use the LDAP Browser Wizard, refer to Using the LDAP Browser Wizard, on page 191.

To schedule a User Import

1. 2. Click Edit Mode to edit External LDAP Server Authentication fields. Click the icon next to the server name in the list of servers to schedule a user import.

The User Import : Schedule Choose attributes to import: Step 1 of 3 page appears. The LDAP Server Details are displayed, which are read-only: LDAP Server LDAP Port The IP or Host Name of the LDAP Server. The LDAP Port number, which is either 389 (LDAP) or 636 (LDAPS).

Administrator Guide, Version 5.2

195

LDAP

Search Base DN Search Filter LDAP Login LDAP Password 3.

The Search Base DN. For example: OU=users,DC=domain,DC=com The Search Filter. The LDAP login. The LDAP login password.

Specify the attributes to import. Specify the attributes to retrieve. For example: samaccountname, objectguid, mail, memberof, displayname, sn, cn, userPrincipalName, name, description If you leave this field blank, it retrieves all attributes. This may make the import process slow, and is not recommended. Enter a label attribute. For example: memberof. Label Attribute is the attribute on a customer item that returns a list of groups this user is a member of. The union of all the label attributes will form the list of labels you can import. Enter the label prefix. For example: ldap_ The Label Prefix is a string that is added to the front of all the labels. Enter the Binary Attributes. For example: objectsid. Binary Attributes indicates which attributes should be treated as binary for purposes of storage. Enter the maximum rows. This limits the result set that is returned in the next step. Click the check box to view the debug output in the next step. If you are unable to complete the information for Search Base DN and Search Filter, you can use the LDAP Browser Wizard. For more information on how to use the LDAP Browser Wizard, refer to Using the LDAP Browser Wizard, on page 191.

Attributes to retrieve

Label Attribute

Label Prefix Binary Attributes

Max # Rows Debug Output

4. 5.

In Email Notification section, click to enter the recipients e-mail address, or choose Select user to add from the drop-down list. In Scheduling section, specify the scan schedule: Select this to not have the user import run on a schedule. (Default)

Dont Run on a Schedule

Run Every day/ Run daily or a specific day of the week at the specified time. specific day at HH:MM AM/PM Run on the nth of every month/ specific month at HH:MM AM/ PM Run on a specific date or day of the month at the specified time.

196

Administrator Guide, Version 5.2

LDAP

Click Next. The User Import : Schedule - Define mapping between User attributes and LDAP attributes: Step 2 of 3 page opens.

Select the value from the drop-down list next to each LDAP attribute to map the values from your LDAP server into the User record on the appliance. The fields in red are mandatory. The LDAP Uid must be a unique identifier for the user record.

Select a label to add to the appliance. Press CTRL and click to select more than one label. This list displays a list of all the Label Attribute values that were discovered in the search results.

Click Next.

10. Review the information displayed in the tables below: The Users to be Imported table displays list of users reported. The Labels to be Imported table displays the list of labels reported. The Existing Users table and the Existing Labels table display the list of Users and Labels that are currently on the appliance. Only users with a LDAP UID, User Name, and E-mail value will be imported. Any records that do not have these values are listed in the Users with invalid data table.

11. Click Next to start the import. The User Import : Schedule - Import data into the K1000: Step 3 of 3 page opens. 12. Click Import Now to save the schedule information and load the user information into the appliance. After importing, the User list page appears, where you can edit the imported user records. 13. Click Save to save schedule information. The Settings: Authentication page opens. The imported user can log on to and access all features of the administrator UI and Service Desk depending on the role assigned.

Administrator Guide, Version 5.2

197

LDAP

198

Administrator Guide, Version 5.2

12
Running the K1000 Appliance Reports

The Dell KACE K1000 Management Appliance provides a variety of alerts and reporting features that enable you get a detailed view of the activity on your companys implementation.

Reporting Overview, on page 199 Running Reports, on page 200 Creating and Editing Reports, on page 200 Scheduling Reports, on page 206 Using Alert Messages, on page 207 E-mail Alerts, on page 208

Reporting Overview
The K1000 Management Appliance is shipped with many stock reports; select Reporting > Reports to view the list. The reporting engine utilizes XML-based report layouts to generate reports in HTML, PDF, CSV, TXT, and XSL formats. By default, the appliance provides reports in the following general categories:

Compliance Dell updates Hardware Service Desk iPhone K1000 Network Patching Power Management Security Software Template

Administrator Guide, Version 5.2

199

Running the K1000 Appliance Reports

You can duplicate and modify these reports as necessary. However, a strong knowledge of SQL is required to successfully change a report.

Running Reports
To run any of the K1000 Management Appliance reports, click the desired format type (HTML, PDF, CSV, XLS, or TXT). For the HTML format, the report is displayed in a new window. If you select PDF, CSV, XLS, or TXT formats, you can open the file or save it to your computer.

Creating and Editing Reports

If you have other reporting needs not covered by default reports, you can:

Create a new report from scratch. Modify one of the templates provided in the K1000 Management Appliance Template category. Duplicate an existing reportanother way to create a report is to open an existing report and create a copy of it. You can modify the copy to suit your needs. Create a new report using the Report Wizard.

You can create a report using the Table or Chart presentation type:

The Table presentation type is a tabular report with optional row groupings and summaries. The Chart presentation type is a bar, line, or pie chart.

To create a new report using the table presentation type

1. Click Reporting > Reports. The K1000 Reports page appears. 2. 3. In the Choose Action menu, click Add New Report. Enter the report details as shown: Enter a display name for the report. Make this as descriptive as possible, so you can distinguish this report from others. Enter the category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page. Describe the information that the report will provide.

Report Title Report Category Description 4.

Click the appropriate topic name from the Available Topics list. For example, software.

200

Administrator Guide, Version 5.2

Running the K1000 Appliance Reports

5. 6. 7.

Click the Table presentation type icon. Click Next. Choose table columns: a. Click the Appropriate column name from the Available columns list. b. Click to add that column to the Display Columns list. You can change the column order by clicking or . c. To remove a column from the Display list, click the appropriate column and click .

8. 9.

Click Next. To define the criteria for displaying records in the report: a. Click the appropriate field name from the Available Fields list. Columns that you chose in the previous step appear under display fields. You can also choose a field from among all fields available for that topic. For example, Threat Level. b. Click Add. c. Select the appropriate operator from the comparison drop-down list. For example, Greater Than. d. Enter the appropriate value in the text field, for example, 3. This rule will filter the data and display only software that has Threat Level greater than 3. e. Click OK. The rule is added in the list of Current Rules. You can add more than one rule. f. Click to remove a rule from the list of Current Rules.

g. Select the Use Expanded logic check box to use expanded logic. Expanded logic enables you to define a syntactic structure for your rules to override operator precedence. h. Click Check Syntax to check whether the rule syntax is valid. i. Once you add more than one rule, you can click Move Up or Move Down to change the order of rules. 10. Click Next. 11. To choose columns to be displayed in the report: a. Click the Appropriate column name from the Available columns list. b. Click to add that column to the Display Columns list. You can change the column order by clicking or . c. To remove a column from the Display list, click the appropriate column and click 12. Click Next. 13. (Optional) Customize the report layout. You can drag to set column order, width and add spacers. You can drag and drop between columns as well as between columns and .

Administrator Guide, Version 5.2

201

Running the K1000 Appliance Reports

spacer. Click on the column and report headings for further menu of labels, grouping, summary, and other options. The available options are: Title Spacer Column Click the title displayed before spacer to display the field name of spacer, Add as a group and Add as a column options. Click spacer to display the field name of spacer and Add as a column options. Click column to display the column name, change label, switch to group, remove column, summaries and move to right or left depending upon the column alignment options.

14. Click Save to save the report. The K1000 Reports page is displayed with the new report in the list. To run the new report, click the desired format (HTML, PDF, CSV, XLS, or TXT). For the HTML format, the report is displayed in a new window. If you select PDF, CSV, XLS, or TXT formats, you can open the file or save it to your computer. You can jump to steps 1-5 of the Reporting Wizard. Step 1 and Step 2 are mandatory and cannot be left blank.

To create a new report using the chart presentation type

1. Click Reporting > Reports. The K1000 Reports page appears. 2. 3. In the Choose Action menu, click Add New Report. Enter the report details as shown below: Enter a display name for the report. Make this as descriptive as possible, so you can distinguish this report from others. Enter the category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page. Describe the information that the report will provide.

Report Title Report Category Description 4. 5. 6. 7.

Click the appropriate topic name from the Available Topics list. For example, software. Click the Chart presentation type icon. Click Next. To choose table columns: a. Click the Appropriate column name from the Available columns list. b. Click to add that column to the Display Columns list. You can change the column order by clicking or . c. To remove a column from the Display list, click the appropriate column and click .

202

Administrator Guide, Version 5.2

Running the K1000 Appliance Reports

8. 9.

Click Next. To define the criteria for displaying records in the report: a. Click the Appropriate field name from the Available Fields list. Columns that you chose in the previous step appear under display fields. You can also choose a field from among all fields available for that topic. For example, Threat Level. b. Click Add. c. Select the appropriate operator from the comparison drop-down list. For example, Greater Than. d. Enter the appropriate value in the text field. For example, 3. This rule will filter the data and display only software that has Threat Level greater than 3. e. Click OK. The rule is added in the list of Current Rules. You can add more than one rule. f. Click to remove a rule from the list of Current Rules.

g. Select the Use Expanded logic check box to use expanded logic. Expanded logic enables you to define a syntactic structure for your rules to override operator precedence. h. Click Check Syntax to check whether the rule syntax is valid. i. Once you add more than one rule, you can click Move Up or Move Down to change the order of rules. 10. Click Next. 11. Select the appropriate chart type from the following: Simple 3-D Bar: Displays categories along the X-axis, values along the Y-axis. 3-D Pie: Displays a slice for each category. The corresponding value determines the size of the slice. Line: Displays categories or dates along the X-axis, values along the Y-axis.

12. Select the appropriate category field from the Category Field drop-down list. 13. Select the summary from the Summary drop-down list, beside appropriate Value field name. If you have more than one Value field, you can change the value field order by clicking or . 14. Select the Show legend check box to display a legend in the chart. 15. Specify the Chart width and Chart height in pixels, in the text fields. 16. Click Save to save the report. The K1000 Reports page is displayed with the new report in the list. You can jump to steps 1-5 of the Reporting Wizard. Step 1 and Step 2 are mandatory and cannot be left blank.

Administrator Guide, Version 5.2

203

Running the K1000 Appliance Reports

To duplicate an existing report

The steps for duplicating a regular report and a SQL report are similar. However, regular reports have a report wizard. 1. Click Reporting > Reports. The K1000 Reports page appears. 2. Click the report title you want to duplicate. Depending on the type of report, the K1000 Report: Edit Detail page or the Report Wizard page appears. 3. 4. 5. Click Duplicate. Modify the report details as necessary. Click Save.

Refer to Appendix B: Adding Steps to a Script, starting on page 235.

To create a new report from scratch

1. Click Reporting > Reports. The K1000 Reports page appears. 2. In the Choose Action menu, click Add New SQL Report. The K1000 Report: Edit Detail page appears. 3. Title Report Category Output File Name Description Output Types SQL Select Statement Break on Columns Specify the following report details: A display name for the report. Make this as descriptive as possible to distinguish this report from others. The category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page. The name for the file generate when this report is run. Describe the information that the report provides. Select the appropriate formats that should be available for this report. The query statement that will generate the report data. For reference, consult the MYSQL documentation. A comma-separated list of SQL column names. The report will generate break headers and sub totals for these columns. This setting refers to the autogenerated layout. Click this check box to regenerate the XML Report Layout using new columns. If you changed only a sort order or a where clause, you don't need to recreate the layout. If you changed the columns that the query returns, the XML Report Layout is regenerated based on your SQL.

XML Report Layout

204

Administrator Guide, Version 5.2

Running the K1000 Appliance Reports

Click Save. The K1000 Management Appliance reports use JasperReports open source JRXML format. Use the JasperReports iReports tool to change the way your reports are formatted. Information and documentation are available at: http://jasperforge.org/. Once you click Save, the report wizard is disabled for that report.

To edit a report using SQL Editor

1. Go to Reporting > Reports. The K1000 Reports page appears. 2. Click the report you want to edit. The Report Wizard page appears. 3. 4. Click Edit SQL. Click OK to proceed. The K1000 Report: Edit Detail page appears. 5. Title Report Category Output File Name Description Output Types SQL Select Statement Break on Columns Edit the following report details: Edit the display name for the report, if required. Make the title as descriptive as possible to distinguish this report from others. Edit or enter the category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page. Edit or enter the name for the file generate when this report is run. Describe the information that the report will provide. Select the appropriate formats that should be available for this report. Edit or enter the query statement that will generate the report data. For reference, consult the MYSQL documentation. A comma-separated list of SQL column names. The report will generate break headers and sub totals for these columns. This setting refers to the autogenerated layout. Click this check box to regenerate the XML Report Layout using new columns. If you changed only a sort order or a where clause, you don't need to recreate the layout. If you changed the columns that the query returns, the XML Report Layout is regenerated based on your SQL. Click Save. If you manually change a reports SQL statement, you cannot use the Report Wizard to change it later.

XML Report Layout

Administrator Guide, Version 5.2

205

Running the K1000 Appliance Reports

Scheduling Reports
Reports can be scheduled from the Schedule Reports tab. From the Report Schedules List page you can open existing schedules, create new schedules, or delete them. You can also search schedules using keywords.

To create a report schedule

1. Click Reporting > Schedule Reports. The Report Schedules page appears. 2. In the Choose Action menu, click Create a New Schedule. The Schedule Reports : Edit Detail page appears. 3. Schedule Title Description Report to Schedule Report Output Formats Email Notification Specify the following schedule details: Enter a display name for the schedule. Make this as descriptive as possible, so you can distinguish this schedule from others. Enter the information that the schedule would provide. Select the appropriate report you would like to schedule. You can filter the list by entering any filter options. Click the desired output report format (PDF, Excel, CSV, or TXT) that should be available for this scheduled report. Recipients Click the icon to enter the recipients e-mail address, or choose Select user to add from the drop-down list. This is a mandatory filed. Enter the subject of the schedule. The subject can help to quickly identify what the schedule is about. Enter the message text in the notification.

Subject Message Text 4. Specify scan schedule:

Dont Run on a Schedule Run Every n hours Run Every day/specific day at HH:MM AM/PM Run on the nth of every month/specific month at HH:MM AM/PM 5.

Select to run in combination with an event rather than on a specific date or at a specific time. Select to run the scan at a specified interval. Select to run the schedules daily or on a specified day of the week at the specified time. Select to run the tests on the specified date or day of the month at a specified time.

Click Save or Run Now to run the schedule reports immediately.

206

Administrator Guide, Version 5.2

Running the K1000 Appliance Reports

To run a schedule
1. Click Reporting > Schedule Reports. The Report Schedules page appears. 2. 3. Click the check boxes for the schedules you want to run. In the Choose Action menu, click Run Selected Schedules Now.

To delete a schedule
1. Click Reporting > Schedule Reports. The Report Schedules page appears. 2. 3. 4. Click the check box for the schedules you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click Yes to confirm deleting the schedules.

Using Alert Messages

Alert messages provide a way for you to interact with your users by displaying a message in a pop-up window. The Alerts List page displays the messages you have distributed to users. From the Alerts List page you can open existing alerts, create new alerts, or delete alerts. You can also search messages using keywords. To alert users before you run a script on their computer, you can add this to online KScripts. See the information about alerts in To add an Offline KScript or Online KScript, on page 148. The Alerts feature works only if there is a constant connection between the appliance agent and the appliance. For information on how to set up the constant connection, refer to Configuring Agent Messaging Protocol Settings, on page 29.

To Create a Broadcast Alert Message

If you have information that you want to distribute to your network, you can review and modify previous messages you have deployed, or you can create a new message. 1. 2. Click Reporting > Alerts. In the Choose Action menu, click Add New Item. The Alerts: Edit Detail page appears. 3. 4. In the Message Content field, type the text of your message. In the Keep Alive field, specify the length of time the message will be valid. Messages will be broadcast to users until either the user's desktop has received the message or the specified time interval has elapsed. To set the time interval for downloading scripts, go to: Settings >K1000 Agent >K1000 Agent Settings.
Administrator Guide, Version 5.2 207

Running the K1000 Appliance Reports

In the Limit Broadcast To area, select the recipient labels to send this message to. Press CTRL and click to select multiple labels.

6. 7.

Select the Enable Scheduled Run check box to specify the alert schedule. Select the appropriate day and time from the drop-down lists. Click Save. The pending alert messages are displayed in the AMP Message Queue until they are pushed to the target machine. The alert messages remain in the queue until the target machine checks in. This is true even if the Keep Alive time interval elapses or if the connection between the appliance Agent and the appliance has been lost or interrupted.

E-mail Alerts
E-mail Alerts differ from Alerts (broadcast messages) in an e-mail alert you can send out messages to administrators based on more detailed criteria. The E-mail Alert feature relies on the Inventory > Computers engine to create a notification that will be sent to administrators when computers meet the criteria you specify. The K1000 Management Appliance checks the computers listed in the inventory against the criteria in the E-mail Alert once in every hour until one or more computers meet the criteria; then a message is sent to the administrators specified in the alert details.

To create an e-mail Alert

Notifications are processed every 60 minutes. If a notification query results in one or more machine records, a notification e-mail is automatically sent to the specified recipient. 1. Click Reporting > Email Alerts. The Email Alerts page appears. 2. In the Choose Action menu, click Add New Computer Notification. The Inventory > Computers tab appears with the Create Email Notification fields exposed. 3. 4. Enter the search criteria. In the Title field, enter a title for the alert. The Title will appear in the Subject field. 5. In the Recipient field, enter the e-mail address(es) of the message recipient. The e-mail addresses must be fully qualified e-mail addresses. The recipients address can be a single e-mail address or a list of addresses separated by commas. 6. Click the Create Notification tab.

208

Administrator Guide, Version 5.2

13
Using Organizational Management

The Organizational Management component allows you to create different organizations within your appliance that you administer separately. You can assign roles within each organizations to limit user access to specific tabs.

Overview of Organizational Management, on page 209 Creating and editing Organizations, on page 209 Organizational Roles, on page 217 Creating and editing Organizational Roles, on page 217 Organizational Filters, on page 220 Creating and Editing Organizational Filters, on page 220 Computers, on page 223

Overview of Organizational Management

The K1000 Management Appliance organization feature enables you to group machines to allow for a high level of separation between logical areas of responsibility within a company. These groups are referred to as Organizations. This feature is accessible to the system administrator through the System Administrative Console. The system administrator creates these organizations and assigns them roles to limit access to specific tabs. The administrators of each organization cannot view or perform activities on machines that belong to other organizations other than their own.

Default Organization
The default organization will have everything coming into the appliance. The default organization will allow the administrator to view or perform activities on machines in all organizations. If a machine is not set in a filter, then the machine will go to the default organization.

Creating and editing Organizations

You can create new organizations or edit the existing organizations from the Organizations page by going to the Organizations > Organizations tab. Create the roles, and then create the organizations, because you must specify the role while creating an organization.

Administrator Guide, Version 5.2

209

Using Organizational Management

To create an organization
1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. In the Choose Action menu, click Add New Item. The K1000 Organization: Edit Detail page appears. 3. Name Description Role Enter Organization information as follows: Enter the name for the new organization. This field is mandatory. Enter the description for the new organization. Select the appropriate role from the drop-down list. Note: First, create the role by going to Organizations > Roles tab, before you can select that specific role from this list. 4. Click Save. The K1000 Organization: Edit Detail page appears with more content. 5. 6. Name Scroll down and click the Edit Mode link. Enter the following information: (Mandatory) Enter a name for the organization. This field retains the information you specified in the previous page. You can modify the name if required. Enter the description for the organization. This field retains the information you specified in the previous page. You can modify the description if required. Select the appropriate role from the drop-down list. This field retains the role you selected in the previous page. You can modify this selection if required. Note: You must first create the role by going to Organizations > Roles tab, before you can select that specific role from this list. Select the filter that will be used to direct a new machine checking into the appliance, to the this organization. Press CTRL and click to select more than one filter. Note: Create the filter by going to Organizations > Filters tab. Then, you can select that specific filter from this list. (Read-only) Displays the number of computers checking in to the organization. (Read-only) Displays the name of the database the organization is using. Displays the report user name used to generate all reports in the specific organization. By having a report user name, you can provide access to the organizational database (for additional reporting tools), but not give write access to anyone.

Description

Role

Organization Filters

Computer Count Database Name Report User

210

Administrator Guide, Version 5.2

Using Organizational Management

Report User Password 7. Field Communications Window

Enter the report user password.

Specify the agent settings for the organization: Suggested Setting 12:00 am to 12:00 am Notes The interval during which the agent is allowed to communicate with the appliance. For example, to allow the Agent to connect between 1 AM and 6 AM only, select 1:00 am from the first dropdown list, and 6:00 am from the second drop-down list. How frequently the agent checks into the appliance. Each time an agent connects, it resets its connect interval based on this setting. The default setting is once every hour. The interval (in hours) that the appliance will inventory the computers on your network. If set to zero, the appliance will inventory nodes at every Run Interval. The message that appears to users when communicating with the appliance.

Agent Run interval Agent Inventory Interval Agent Splash Page Text

1 hours

The appliance is verifying your PC Configuration and managing software updates. Please Wait... 15 minutes 600 seconds

Scripting Update Interval Scripting Ping Interval

Set the frequency that the agent downloads new script definitions. The default interval is 15 minutes. How frequently the agent tests the connection to the appliance. The default interval is 600 seconds. To view historical connection information, go to Settings > Logs. Select Current log: Stats.

Agent Log Retention

Agent Log Retention disallows the server to store the scripting result information that comes up from the agents. The default is to store all the results, which can impact performance. Turning this off, provides less information about each node, but enables faster agent check-ins. 8. Click Save.

To troubleshoot nodes that fail to show up in Inventory

If your machine does not show up in Inventory after installing the Agent. By default the Agent communicates with the appliance using http: over port 80. Assuming network connectivity is in place, newly-installed agents to fail to connect to the appliance during the first-time setup due to the problems with the default KBOX host name in DNS. 1. If you set up the appliance in your DNS using a host name other than the default name kbox, or need agents to reach the appliance by using the IP address instead of the DNS name, you must install the agent specifying the SERVER property.
211

Administrator Guide, Version 5.2

Using Organizational Management

For example: Windows: c:\>KInstallerSetup.exe -server=myk1000 -display_mode=silent or c:\>KInstallerSetup.exe -server=192.168.2.100 display_mode=silent Mac OS: /Library/KBOXAgent/Home/bin/setkbox myk1000 or /Library/KBOXAgent/Home/bin/setkbox 192.168.2.100 Linux: /KACE/bin/setKBOX myk1000 or /KACE/bin/setKBOX 192.168.2.100 2. To correct the server name for an already-installed node, edit the host= value in: Windows: c:\program files\KACE\KBOX\smmp.conf Mac OS: /var/kace/kagentd/kbot_config.yaml Linux: /var/KACE/kagentd/kbot_config.yaml 3. 4. 5. Verify that you are able to ping the appliance, and reach it through a web browser at http://k1000_hostname. Verify that Internet Options are not set to use proxy, or proxy is excluded for the local network or k1000_hostname. Verify that no firewall or anti-spyware software is blocking communication between the appliance and any of the agent components, including: 6. KBOXManagementService.exe KBOXClient.exe KUpdater.exe kagentd (OS X/ Unix)

Verify that the KBOXManagementService.exe (Windows) or the kagentd (OS X/ Unix) processes are running. The agent shows as perl in the OS X Activity Monitor.

If after verifying these items, you are still unable to get the agent to connect to the appliance, contact KACE Support.

212

Administrator Guide, Version 5.2

Using Organizational Management

To edit an organization
1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. Click the linked name of the organization. The K1000 Organization : Edit Detail page appears. 3. 4. Scroll down and click the Edit Mode link. Edit the organization details: You can modify the name if required. This field is mandatory. You can modify the description if required. Select the appropriate role from the drop-down list. This field retains the role you selected in the previous page. You can modify this selection if required. If the role doesnt exist, see To create a role, on page 217. Select the filter that will be used to direct a new machine checking into the appliance, to this organization. Press CTRL and click to select more than one filter. If the filter doesnt exist, see To add a data filter, on page 220, or To add a LDAP filter, on page 221.

Name Description Role

Organization Filters

Computer Count (Read-only) Displays the number of computers checking in to the organization. Database Name Report User (Read-only) Displays the name of the database the organization is using. Displays the report user name used to generate all reports in the specific organization. By having a report user name, you can provide access to the organizational database (for additional reporting tools), but not give write access to anyone. Enter the report user password.

Report User Password 5. Field Communicatio ns Window

Administrator Guide, Version 5.2

213

Using Organizational Management

Field Agent Run Interval Agent Inventory Interval Agent Splash Page Text

Suggested Setting 1 hours

Notes The interval that the agent checks into the appliance. Each time an agent connects, it resets its connect interval based on this setting. The default setting is once every hour. The interval (in hours) that the appliance performs an inventory on the nodes on your network. If set to zero, the appliance performs the inventory at every Run Interval. The message that appears to users when communicating with the appliance.

The appliance is verifying your PC Configuration and managing software updates. Please Wait... 15 minutes

Scripting Update Interval Scripting Ping Interval

Set the frequency with which the agent downloads new script definitions. The default interval is 15 minutes. Set the frequency with which the agent tests the connection to the appliance. The default interval is 600 seconds. To view historical connection information, go to Settings > Logs. Select Current log: Stats.

600 seconds

Agent Log Retention

Agent Log Retention disallows the server to store the scripting result information that comes up from the agents. The default is to store all the results. This can have a performance impact on the appliance. Turning this off, gives you less information about what each node is doing, but will allow the agent check-ins to process faster. 6. Click Save. The default credentials admin/admin are automatically created when you create an organization.

To delete an organization
1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. Click the linked name of the organization. The K1000 Organization: Edit Detail page appears. 3. 4. Scroll down and click Edit Mode. Click Delete to delete the organization. A confirmation message appears. 5. Click OK to confirm deleting the organization.

214

Administrator Guide, Version 5.2

Using Organizational Management

Managing System Admin Console users

When logged in as a system administrator, you can add users to access the System Administrator Console. When adding users, be sure to specify the correct user permission level. To set up users for a specific organization, log into that organization.

To add a user
1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. 3. Select K1000 Settings > Control Panel. Click Users. The K1000 System Admin Users page appears. 4. In the Choose Action menu, select Add New Item. The K1000 System Admin: Edit Detail page appears. 5. Enter the necessary user details. Do not specify legal characters in any field. User Name Full Name Email Domain Budget Code Location Work Phone Home Phone Mobile Phone Pager Phone Custom 1 Custom 2 Custom 3 Custom 4 Password Enter the password for the new user. Blank or empty passwords are not valid for new users. The user will be created, but cannot be activated without a valid password. (Optional) Enter information in the custom fields if necessary. Enter the name the user types to enter the system administrator console. Enter users full name. Enter users email address. (Optional) Enter an active directory domain. (Optional) Enter the financial department code. (Optional) Enter the name of a site or building. (Optional) Enter the users work phone number. (Optional) Enter the users home phone number. (Optional) Enter the users mobile phone number. (Optional) Enter the users pager phone number.

Administrator Guide, Version 5.2

215

Using Organizational Management

Confirm Password Permissions

Re-enter the users password. Specify the users logon permissions: AdminThis user can logon to and access all features of the system administrator console. ReadOnly AdminThis user can log on, but cannot modify any settings in the system administrator console.

Click Save.

To delete a user
1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. Click K1000 Settings > Control Panel. The K1000 Settings : Control Panel page appears. 3. Click Users. The K1000 System Admin Users page appears. 4. 5. 6. Click the check boxes for the users you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click OK to confirm deleting the selected user.

You can also delete users from the K1000 System Admin: Edit Detail page.

To change the password

1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. 3. Click K1000 Settings > Control Panel. Click Users. The K1000 System Admin Users page appears. 4. Click the user name whose password you want to change. The K1000 System Admin: Edit Detail page appears. 5. Modify the password as follows: Enter the password for the user. Blank or empty passwords are not valid. This field is mandatory. Re-enter the users password. This field is mandatory.

Password Confirm Password

216

Administrator Guide, Version 5.2

Using Organizational Management

Click Save to save the changes.

Organizational Roles
Roles are assigned to each organization to limit access to different tabs in the Administrator Console and the User Portal. You can restrict what tabs an organization is allowed to see when the administrator logs in to the Administrator Console and the user logs in to the User Portal. Following are the permissions that can be applied for each tab.

Write: The organization will have write access for the tab. The administrator or user will be able to edit the fields present on the screen.

Read: The organization will have only read access for the tab. The administrator or user will be not be able to edit the fields present on the screen. He/she will be not be able to add / edit / delete any item present in the list.

Hide: The tab will be hidden and the administrator or user will not be able to view that tab.

Default role
Default role has access to all tabs in the Administrator Console and the User Portal. The default role will have write access for all tabs. The administrator or user will be able to edit the fields present on the screen.

Creating and editing Organizational Roles

It is recommended that you first create the roles, and then create the organizations, since it is mandatory to specify the role while creating an organization.

To create a role
1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. Click Roles. The Organizational Roles page appears. 3. In the Choose Action menu, click Add New Item. The Organizational Role : Edit Detail page appears. 4. Enter the role information as follows: Enter the name for the new role. This field is mandatory. (Optional) Enter the description for the new role.

Name Description

Administrator Guide, Version 5.2

217

Using Organizational Management

In the Permissions ADMIN Console, click an component link to expand it. You can also click the Expand All link to expand all component sections.

To assign the same access level to all areas of a component, click one of the following: All Write All Read All Hide

To assign different permission levels to different areas of the component, click the Custom option. If you clicked the Custom option, select the appropriate permission from the dropdown menu next to the names of each tab.

8. 9.

Under Permissions USER Console, click the UserUI link to expand it. To assign the same access level to all areas of a the User Console, click one of the following: All Write All Read All Hide

10. To assign different permission levels to different areas of the User Console, click the Custom option. 11. Click Save. If you assign HIDE permission to General Settings and User Authentication under K1000 Settings, the Control Panel tab is hidden. For users upgrading from 1100 to 1200: When using 1100, if you assign HIDE permission to all tabs other than Logs and Server Maintenance under K1000 Settings. Then after upgrading to 1200, the K1000 Settings tab gets hidden from the Administrator console.

To edit a role
1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. Click Roles. The Organizational Roles page appears. 3. Click the linked name of the role. The Organizational Role: Edit Detail page appears. 4. Edit the role details: Enter the name for the new organization. This field is mandatory. (Optional) Enter the description for the new organization.

Name Description

218

Administrator Guide, Version 5.2

Using Organizational Management

5. 6.

Under Permissions ADMIN Console, click the individual tab link to expand it. Or, click the Expand All link to expand all the tabs. Under each tab, click the All Write option, All Read option, or the All Hide option to assign the respective permission to all the sub tabs. Or, click the Custom option to assigned appropriate permission to individual sub tabs. If you click Custom option, select the appropriate permission from the drop-down list next to each tab. Under Permissions USER Console, click the UserUI link to expand it. Under each tab, click the All Write option, All Read option or the All Hide option to assign the respective permission to all the sub tabs. Or click the Custom option to assigned appropriate permission to individual sub tabs.

7. 8. 9.

10. If you click Custom option, select the appropriate permission from the drop-down list next to each tab. 11. Click Save.

To delete a role
1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. Click Roles. The Organizational Roles page appears. 3. To delete a role, do one of the following: 4. Select the check box beside the role, and then select Delete Selected Item(s) from the Choose Action menu. From the Organizational Role: Edit detail page, click Delete.

Click OK.

To duplicate a role
1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. 3. Click Roles. Click the role you want to duplicate. The Organizational Role : Edit Detail page appears. 4. Click Duplicate to duplicate the organization details. The page refreshes. 5. Enter the Role information as follows: Enter a name for the role. This is a mandatory field. Enter the description for the role.

Name Description

Administrator Guide, Version 5.2

219

Using Organizational Management

Click Save. The Associated Organizations table displays the list of organizations associated with this role.

Organizational Filters
Filters are used to direct a new machine checking into the appliance to the appropriate organization. An organization can be assigned more than one filter. The filters are executed according to the ordinal specified when the filters are created. If a machine is not set in a filter, it will go to the default organization. A machine can be directed to the appropriate organizations, in the following ways:

One or more filters will be executed against the machine that is checking in. If one of the filters is successful, the machine will be redirected to the correct organization. If no filter matches the machine, it will be put into the default organization. The system administrator can then manually move that machine from the default organization to the appropriate organization.

Filters are of two types:

Data Filter: Allows the automatic organization of machines based on a search criteria. Whenever machines that check in meet the criteria, they will be directed to the specific organization.

LDAP Filter: LDAP Label allows the automatic organization of machines based on LDAP or Active Directory interaction. The filter will be applied to the LDAP server, and if any entries are returned they are automatic organized. If the LDAP server requires credentials for administrative login (that is, nonanonymous login), supply those credentials. If no LDAP user name is given, an anonymous bind is attempted. Each LDAP filter may connect to a different LDAP/AD server

Creating and Editing Organizational Filters

You can create new filters or edit the existing filters from the Organizational Filters page by going to Organizations > Filters tab.

To add a data filter

1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. Click Filters. The K1000 Organization Filters page appears.

220

Administrator Guide, Version 5.2

Using Organizational Management

In the Choose Action menu, click Add New Data Filter. The K1000 Organization Filter : Edit Detail page appears.

Enter the Filter information as follows: Select to enable this filter. (You have to enable the filter to use it.) Enter a name for the filter. Enter the description for the filter. Enter a number. The filter will be executed according to the evaluation order specified.

Enabled Name Description Evaluation Order

5. 6. 7. 8.

Enter the Machine Filter Criteria. Select an attribute from the drop-down list. For example, IP Address. Select the condition from the drop-down list. For example, contains Enter the Attribute Value. For example, to filter machines from the specified IP range and direct them to the organization, enter: XXX.XX.* You can add multiple criteria.

Select the Conjunction Operator (AND or OR) from the drop-down list to add more criteria.

10. Click the Add Criteria link to add more criteria. 11. Click Save.

To add a LDAP filter

1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. Click Filters. The K1000 Organization Filters page appears. 3. In the Choose Action menu, click Add New LDAP Filter. K1000 Organization LDAP Filter : Edit Detail page appears. 4. Enter the Filter information as follows: Select to enable this filter. (You have to enable the filter to use it.) Enter a name for the filter. Enter the description for the filter. Enter a number. The filter will be executed according to the evaluation order specified.

Enabled Name Description Evaluation Order

Administrator Guide, Version 5.2

221

Using Organizational Management

Enter the LDAP Machine Filter Criteria.

Server Host Name Specify IP or Host Name of the LDAP Server. ( or IP ) Note: To connect through SSL, use the IP or the Host Name, as ldaps://HOSTNAME LDAP Port Number Search Base DN Specify the LDAP Port number. For example, either 389 / 636 (LDAPS). Enter the Search Base DN. For example: CN=Users,DC=hq,DC=corp,DC=kace,DC=com Search Filter LDAP Login Specify the Search Filter, for example: (samaccountname=admin) Specify the LDAP login. For example: LDAP Login: CN=Administrator,CN=Users,DC=hq,DC=corp, DC=kace,DC=com LDAP Password (if required) 6. 7. Enter the password for the LDAP login.

To test your filter, click Test LDAP Filter. Click Save.

To edit a filter
1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. Click Filters. The K1000 Organization Filters page appears. 3. Click the linked name of the filter. The K1000 Organization Filter : Edit Detail page appears. 4. Edit the filter details: Select to enable this filter. (You have to enable the filter to use it.) Enter a name for the filter. Enter the description for the filter. Enter a number. The filter will be executed according to the evaluation order specified.

Enabled Name Description Evaluation Order

5. 6.

Edit the Machine Filter Criteria. Select an attribute from the drop-down list. For example: IP Address

Select the condition from the drop-down list. For example: contains

222

Administrator Guide, Version 5.2

Using Organizational Management

Specify the Attribute Value. For example, XXX.XX.* In the above example, machines from the specified IP range are filtered and directed to the organization to which this filter is applied. Note: You can add multiple criteria.

Select a conjunction operator (AND or OR) from the drop-down list to add more criteria.

10. Click the Add Criteria link to add more criteria. 11. To test your filter, click Test Filter. 12. Click Save.

To delete a filter
1. From the Organization drop-down list, select System. The K1000 Organizations page appears. 2. Click Filters. The K1000 Organization Filters page appears. 3. To delete a filter, do one of the following: 4. Select the check box beside the filter, and then select Delete Selected Item(s) from the Choose Action menu. Click Delete.

Click OK.

Computers
The K1000 Computers page lists all the nodes that are checking into the appliance. It displays details for each computer such as Name, Organization - the computer is currently checking into, Last Sync - when the computer last checked in to the appliance, Description, and the IP Address.

Advanced Search
If you need more granularity than searching on keywords provides, try using Advanced Search. Advanced Search allows you to specify values for each field present in the inventory record and search the entire inventory listing for that value. For example, if you needed to know which computers had a particular version of BIOS installed to upgrade only those affected machines.

To specify advanced search criteria

1. 2. Click Inventory > Computers. Click Advanced Search.

Administrator Guide, Version 5.2

223

Using Organizational Management

Select an attribute from the drop-down list. For example: IP Address

Select the condition from the drop-down list. For example: contains

Specify the Attribute Value. For example: XXX.XX.* In the above example, machines from the specified IP range are searched. Note: You can add more than one criteria.

Select the Conjunction Operator from the drop-down list to add more criteria. For example: AND

Click Search. The search results are displayed below. You can refilter the computers displayed in the list, for more information refer to Refiltering Computers, on page 224. You can redirect the computers displayed in the list, for more information refer to Redirecting Computers, on page 225.

Test and Organization Filter

You can test an existing organization filter to check whether it is getting applied to the computers.

To test an organization filter

1. 2. 3. Click the Test Organization Filter tab. Select the appropriate filter from the drop-down list. Click Test. The test results will be displayed below.

You can refilter the computers displayed in the list. For more information, refer to Refiltering Computers, on page 224. You can redirect the computers displayed in the list. For more information, refer to Redirecting Computers, on page 225. Note: If you do not see any computers listed in the test results, no existing computers match the machine filter criteria you set upor the machine filter criteria is invalid. You can edit the machine filter criteria. For more information on how to edit a filter, refer to Creating and Editing Organizational Filters, on page 220.

Refiltering Computers
You can refilter the computers, which will recheck the computers against all filters. For example, you can check if the filter created by you is applied correctly to the intended

224

Administrator Guide, Version 5.2

Using Organizational Management

computers. You first create the new filter by going to the Organizations > Filters tab. Now in the Computers page, you refilter the computers. The organizations column will display the new organization name in red besides the old organization name, against those computers on which the filter has got applied.

To refilter computers
1. 2. In the Organization menu, click System. Click Organizations > Computers. The K1000 Computers page appears. 3. 4. Click the check boxes for the computers that you want to refilter. In the Choose Action menu, click Refilter Selected Computers to recheck the computers against all filters.

Redirecting Computers
You can redirect a computer to a different organization. For example, a computer checks into organization A. You can redirect that computer to organization B. The next time the computer checks in, it will check into organization B.

To redirect computers
1. 2. In the Organization menu, click System. Click Organizations > Computers. The K1000 Computers page appears. 3. 4. Click the check boxes for the computers that you want to redirect. Select the appropriate organization name under Change Sync to Organization, from the Choose Action menu, to redirect the computers to the appropriate organization.

Understanding Computer Details

The Computer Detail page provides details about a computers hardware, software, install, patch, Service Desk, and OVAL vulnerability history, among other attributes.

Administrator Guide, Version 5.2

225

Using Organizational Management

The following sections describe each of the detail areas on this page. To expand or collapse the sections, click the + sign next to the section headers. Computer Detail Field Computer Identity Information Description This section provides information to help identify the computer on your network, including its name description, IP address, KACE ID, and other attributes. You also can see the last time the computer checked into the appliance, and the last time the computer record was changed. Service Desk Tickets associated with this machine, which can be: Tickets assigned to the machine owner. Tickets submitted by the machine owner. To view a Service Desk Tickets details, click the Ticket ID (for example, TICK:0032). Operating System Information Details about the computers operating system, including installed OS and service packs, OS version number and build, and the date and time of OS installation. The Current Uptime and Last System Reboot fields tell you whether the machine has been rebooted recently, which could indicate whether or not OS updates have been applied. Details about the most recent user of this computer, including his or her user name and domain. (Some computers might have multiple users). The computers make and model as well as its BIOS details, such as name, version, and serial number. For a Dell computer, there is a link to the Dell website where you can view the support record for the computer, including the days left on the support agreement and compare the original with the current system configurations. For an Apple computer, the link goes to the Apple Support website where you can view technical specifications for iMac. For a Gateway computer, the link goes to the MPC Computers Support Site. You can locate your exact system model and original components, as well as drivers, specifications, manuals and installation guides if available. This information is displayed for your BIOS serial number. Processor and Computer Memory Network Interfaces The processor type and speed, total and used RAM, and current and maximum registry size. The type and version of NIC card installed in the computer, as well as the computers MAC and IP addresses, and indicates whether or not DHCP is enabled. Configuration of drives installed on the computer (for example, CD/ DVD-ROM drive) and the total and used disk space amounts for each hard disk installed.

Service Desk

User Information

Manufacturer and BIOS Info

Driver Information

226

Administrator Guide, Version 5.2

Using Organizational Management

Computer Detail Field Motherboard and Related Hardware Process List

Description Information about the computers motherboard as well as other hardware details like sound card and video controllers. All the processes that are currently running on this computer. This list is the same as would be displayed on the computers Task Manager > Processes tab. The titles and versions of software programs installed on this computer. The programs listed here are the same as listed on the computers Add/Remove Programs list. The Microsoft patches that have been installed on this computer. The programs that are configured to launch when this computer starts up. These are the same programs listed in the computers Start > All Programs > Startup menu. The services that are running on this machine. Click a service to display the Service : Edit Service Detail page. The fields on this page represents the service detail information that is automatically discovered and communicated from the agent. The items marked with the threat level as 5. A threat that is harmful to any software, process, startup item, and services associated with this machine is considered as threat level 5. The printers that this computer is configured to use. This is the same information that is located in the computers Start > Printers and Faxes window. A list of the files that have been uploaded to the Dell KACE K1000 Management Appliance from this machine using the upload a file script action. Lists any Custom Inventory fields that were created for this machine, along with the field name and value. The details of the Asset associated with that machine. Details such as the date and time when the Asset record was created, the date and time when it was last modified, type of the asset and name of the asset are displayed. The changes done to the Asset of that machine. It lists all the changes along with the date and time when each change was done. The logs for the agent application, updates to scripts run on this machine, and the current status, if available, of any activity currently in progress on the machine. A question mark (?) in the status column indicates that the agent has not checked in yet. Therefore, its status is unknown. Details about User Portal packages installed on this machine. Configuration Policy scripts that have been run on this computer, along with the status, if available, of any scripts in progress.

Installed Programs

Installed Patches Startup Programs

Services

Harmful Items (Threat Level 5) Printer List

Uploaded Files

Custom Inventory Fields Asset Information

Asset History K1000 Client Logs

Portal Install Logs Scripting Logs

Administrator Guide, Version 5.2

227

Using Organizational Management

Computer Detail Field OVAL Vulnerability Results

Description Results of OVAL Vulnerability tests run on this machine. Only tests that failed on this computer are listed by the OVAL ID and marked as Vulnerable. Tests that passed are grouped together and marked as Safe.

Failed Managed Installs

Managed Installations that failed to install on this machine. To access details about the Managed Installation, click the Managed Software Installation detail page link. The labels assigned to this computer. Labels are used to organize and categorize machines Managed Installations that will be sent to the computer the next time it connects with the appliance.

Labels To Install List

228

Administrator Guide, Version 5.2

A
Administering Mac OS Nodes

This appendix lists Dell KACE K1000 Management Appliance information and behaviors that are specific to Apple Mac OS nodes. For the supported versions of the Mac OS operating system, see Chapter 4: System requirements for agents, starting on page 46.

Mac OS Inventory, on page 229. Distributing Software to Mac OS Nodes, on page 230. Patching Mac OS Nodes, on page 234.

Mac OS Inventory
Your K1000 Management Appliance manages Mac OS X nodes the same manner it manages Windows nodes. See the Chapter 5: Managing Software and Hardware Inventories, starting on page 75, for details. You search for Macintosh nodes using Inventory > Computer > Advanced search. In the Advanced Search sub tab, identify the nodes using attributes like OS Name, and so on. For more information on how to use Advanced Search, see Using Advanced Search for Software Inventory, on page 83. The Create Notification feature also searches for Mac OS nodes with specific criteria, and sends the administrator email when it finds them. For example, if you wanted to know when computers had a critically low amount of disk space left, you could specify the search criteria to look for a value of 5 MB or smaller in the Disk Free field, and then notify an administrator who can take appropriate action. For more information on how to create notifications, see Searching for Computers by Creating Computer Notifications, on page 78. Inventory Filtering provides a way to dynamically apply a label based on search criteria. It is often helpful to define filters by inventory attribute. For example, you could create a label called San Francisco Office and create a filter based on the IP range or subnet for machines in San Francisco. Whenever machines check in that meet that attribute, they would receive the San Francisco label. This is particularly useful if your network includes laptops that often travel to remote locations. You can also create a label to group all your Mac OS nodes. Once grouped by label, software, reports, or software deployments on your Mac OS nodes can all be more easily managed. For more information on labeling, refer to Managing Labels, on page 36.

Administrator Guide, Version 5.2

229

Administering Mac OS Nodes

Distributing Software to Mac OS Nodes

The K1000 Management Appliance Distribution component provides various methods for deploying software, updates, and files to your nodes. Managed Installations deploy software to the nodes on your network that require an installation file to run. You can create a Managed Installation package from the Distribution > Managed Installation page. From the Managed Installations tab you can:

Create or delete Managed Installations Execute or disable Managed Installations Specify a Managed Action Apply or remove a label Search Managed Installations by keyword

Examples of Common Deployments on Mac OS

On the Apple Mac OS X platform, there is a universal installer with the usual .pkg file extension. You cannot upload a .pkg file directly, as these files consist of low level directories and web browsers can't handle uploading entire directories. You do not require an installer to install plain packages from the K1000 Management Appliance. These are the .app packages you might normally drag to your Applications folder. These packages must be archived as well, since they consist of low level directories, just like the installer packages. You can even archive installers along with plain applications. The K1000 Management Appliance runs installers first and then copies applications into the Applications folder. The supported package deployments are .pkg, .app, .dmg, .zip, .tgz, and tar.gz. If you package the file as a disk image, the appliance mounts and unmounts it quietly. This section provides examples for each type of deployment. For each of these examples, you must have already uploaded the file to the appliance prior to creating the Managed Installation package. Dell recommends that you install the software on a test machine. Once the agent connects to the appliance, the appliance creates an inventory item and a Managed Installation package for the software.

To create a managed installation for Mac OS nodes

1. Go to Distribution > Managed Installations. The Managed Installations page appears. 2. Select Add New Item in the Choose Action menu. The Managed Installation: Edit Detail Page appears. 3. Select the software from the Select software drop-down list. You can filter the list by entering any filter options.

230

Administrator Guide, Version 5.2

Administering Mac OS Nodes

By default the agent attempts to install the .pkg file using the following command, which is sufficient to install a new package or update an existing one to a new version:

installer -pkg packagename.pkg -target / [Run Parameters] 5. If you have selected a zip/tgz/tar.gz file, the contents are unpacked and the root directory is searched for all .pkg files. The installation command runs against each of these .pkg files. The K1000 Management Appliance searches for all .pkg files on the top level of an archive and executes that same installer command on all the files in alphabetical order. After that, the appliance searches for all plain applications (.app) on the top level of the archive and copies them to /Applications with the following command:

ditto -rscs Application.app /Applications/Application.app To execute a script or change any of the these command lines, you can specify the appropriate script invocation as the Full Command Line. You can specify wildcard in the filenames you use. Enclose the filename in single or double quotation marks if it contains spaces. The files are extracted into a directory in /tmp, and that becomes the current working directory of the command. On Mac OS, you do not need to include any other files in your archive other than your script if that's all you want to execute. Specify the relative path to the executable in the Full Command Line field, to execute a shell script or other executable that you have included inside an archive. Remember, you'll be executing your command inside a directory alongside the files that have been extracted. For example, to run a file called installThis.sh, package it up alongside a .pkg file, and then put the command ./installThis.sh in the Full Command Line field. If you archived it inside another directory, dir, the Full Command Line field is ./dir/ installThis.sh. Both these examples, as well as some other K1000 Management Appliance functions, assume that sh is in root's PATH. If you're using another scripting language, you may need to specify the full path to the command processor you want to run in the Full Command Line, like /bin/sh ./installThis.sh. Be sure to include appropriate arguments for an unattended, batch script. If you select the uninstall check box in the MI detail, the appliance removes each .app it finds in the top level of your archive from the Applications folder. Thus, if you include two files in your archive named MyApp.app and MyOtherApp.app, those two applications will disappear from your Applications folder if they exist there. Uninstallation in this way will be performed only if the archive or package is downloaded to the node. If you select the check box for Run Command Only, specify a full command line to ensure the correct removal command is run on the correct package. Because no package is downloaded in this case, you should specify the path in the installation database where the package receipt is stored or run the correct file

Administrator Guide, Version 5.2

231

Administering Mac OS Nodes

removal command to delete the files from the Applications folder. In that case, you can download a script inside an archive and run the script on the Full Command Line. 6. Run Parameters Full Command Line If your package requires additional options, you can enter the following installation details: You cannot apply Run Parameters to the above mentioned commands. You do not need to specify a full command line. The server executes the installation command by itself. The Mac OS node tries to install this using: installer -pkg packagename.pkg -target / [Run Parameters] or ditto -rsrc packagename.app /Applications/theapp If you do not want to use the default command at all, you can replace it completely by specifying the complete command line here. If you have specified an archive file, this command runs against all of the .pkg files or .app files it can find. Click this check box to uninstall software. If the Full Command Line above is filled in, it is run. Otherwise, by default the agent attempts to run the command, which is generally expected to remove the package. Click this check box to run the command line only. This will not download the actual digital asset. Enter additional information in this field, if any. Managed Action allows you to select the most appropriate time for this package to be deployed. Execute anytime (next available) and Disabled are the only options available for Macintosh platform. Specify the deployment details: Click this check box to deploy to all the machines. Select a label to limit deployment only to machines grouped by that label. Click Command and click labels to select more than one label. If you have selected a with a replication share or an alternate download location, the K1000 Management Appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from the K1000 Management Appliance. Note: The K1000 Management Appliance always uses a replication share in preference to an alternate location. You can limit deployment to one or more machines. From the dropdown list, select a machine to add to the list. You can add more than one machine, and filter the list by entering filter options. The lowest deploy number is installed first.

Un-Install using Full Command Line Run Command Only Notes Managed Action

Deploy to All Machines Limit Deployment To Selected Labels

Limit Deployment To Listed Machines Deploy Order

232

Administrator Guide, Version 5.2

Administering Mac OS Nodes

Max Attempts

Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Enter the time (using a 24-hour clock) to deploy the package. Deployment Window times affect the Managed Action options. Also, the run intervals defined in the System Console, under Organizations > Organizations for this specific organization, override and/or interact with the deployment window of a specific package.

Deployment Window(24H clock)

8. Allow Snooze

Set user interaction details: This option is not available for Mac OS nodes. This option is not available for Mac OS nodes. Select the check box to delete the package files after installation. Select the check box to specify details for alternate download. When you click this check box, the following fields appear: Alternate Download LocationEnter the location from where the Agent can retrieve digital installation files. Alternate ChecksumEnter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download UserEnter a user name with the necessary privileges to access the Alternate Download Location. Alternate Download PasswordEnter the password for the user name specified above. Note: If the target node is part of a replication label, the K1000 Management Appliance does not fetch software from the alternate download location. For more information, refer to Distributing Packages from an Alternate Location, on page 114. Specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. But since that label will not be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information on how to create or edit labels, refer to To add or edit a new label, on page 38.

Custom Pre-Install Message Delete Downloaded Files Use Alternate Download

Custom Post-Install Message This option is not available for Mac OS nodes.

Click Save.

For more information about Distribution, refer to Chapter 8: Distributing Software from Your K1000 Management Appliance, starting on page 111. For more information about Managed installations, refer to Managed Installations, on page 115.

Administrator Guide, Version 5.2

233

Administering Mac OS Nodes

Patching Mac OS Nodes

Patching enables you to quickly and easily deploy patches to your network. For details on all patching features, see the Patching Strategies document. Use the Patch Listing > View by Operating System listing or Advanced Search feature to find Mac OS patches. Or use the Smart Label feature to automatically search the patch list using predefined search criteria. To allow the appliance to download Apple Security updates for Macintosh, you need to select the appropriate operating system from the Macintosh Platform list in the Patch Subscription Settings page. You can select more than one Macintosh operating system.

234

Administrator Guide, Version 5.2

B
Adding Steps to a Script

The steps documented here are available on the Scripting component. For details on scripting, see Chapter 9: Using the Scripting Features, starting on page 143.

Adding Steps to Task Sections.

Adding Steps to Task Sections

Refer to the following table when adding steps to a Policy or Job task. These steps are available from the Verify, On Success, Remediation, On Remediation Success, and On Remediation drop-down lists. The Column headings V, OS, R, ORS, and ORF indicate whether a particular step is available in the corresponding Task sections. Step Always Fail Call a Custom DLL Function Create a Custom DLL Object Create a message window Call function "%{procName}" from "%{path}\%{file}". Create object "%{className}" from "%{path}\%{file}". Create a message window named "%{name}" with title "%{title}", message "%{message}" and timeout "%{timeout}" seconds. Delete "%{key}!%{name}" from the registry. Destroy the message window named "%{name}". X Description V X X X X X X X OS R X X X X X X ORS ORF

Delete a registry key Delete "%{key}" from the registry. Delete a registry value Destroy a message window

X X X

X X X X X

Administrator Guide, Version 5.2

235

Adding Steps to a Script

Step Install a software package

Description Install "%{name}" with arguments "%{install_cmd}". Note: This step requires you to choose from a list of software packages already uploaded using the functionality in the Inventory/Software tab. For more information, see Adding Software to Inventory, on page 84. Kill the process "%{name}". Launch "%{path}\%{program}" with params "%{parms}". Log %{key}!%{name}. Log %{message}to %{type}. Restart service %{name} Run the batch file "%{_fake_name}" with params "%{parms}". Note: In this step, you do not need to upload the batch file. You create the batch file by pasting the script in the space provided.

OS X X

ORS

ORF

Kill a process Launch a program Log a registry value Log message Restart a service Run a batch file

X X

X X X X X X

X X

Log file information Log %{attrib}from %{path}\%{file}.

Search the file system Set a registry key Set a registry value Start a service Stop a service Unzip a file Update message window text Update Policy and Job schedule Upload a file Upload \ logs Verify a directory exists Verify a file exists

Search for "%{name}" in "%{startingDirectory}" on "%{drives}" and "%{action}". Set "%{key}". Set "%{key}!%{name}" to "%{newValue}". Restart service %{name}. Stop service %{name} Unzip "%{path}\%{file}" to "%{target}". Set the text in the message window named "%{name}" to "%{text}". Update policy and job schedule from the appliance. Upload "%{path}\%{file}" to the server. Upload the agent logs to the appliance. Verify that the directory "%{path}" exists. Verify that the file "%{path}\%{file}" exists.

X X

X X X X

X X X X X X X

X X

X X X X

236

Administrator Guide, Version 5.2

Adding Steps to a Script

Step Verify a file version is exactly Verify a file version is greater than Verify a file version is greater than or equal to... Verify a file version is less than Verify a file version is less than or equal to Verify a file version is not Verify a file was modified since Verify a process is not running Verify a process is running Verify a product version is exactly. Verify a product version is greater than Verify a product version is greater than or equal to... Verify a product version is less than Verify a product version is less than or equal to Verify a product version is not Verify a registry key does not exist Verify a registry key exists

Description Verify that the file "%{path}\%{file}" has version "%{expectedValue}". Verify that the file "%{path}\%{file}" has version greater than "%{expectedValue}". Verify that the file "%{path}\%{file}" has version greater than or equal to "%{expectedValue}. Verify that the file "%{path}\%{file}" has version less than "%{expectedValue}". Verify that the file "%{path}\%{file}" has version less than or equal to "%{expectedValue}. Verify that the file "%{path}\%{file}" does not have version "%{expectedValue}". Verify that the file "%{path}\%{file}" was modified since "%{expectedValue}". Verify the process "%{name}" is not running. Verify the process "%{name}" is running. Verify that the product "%{path}\%{file}" has version "%{expectedValue}". Verify that the product "%{path}\%{file}" has version greater than "%{expectedValue}". Verify that the product "%{path}\%{file}" has version greater than or equal to "%{expected-Value}. Verify that the product "%{path}\%{file}" has version less than "%{expectedValue}". Verify that the product "%{path}\%{file}" has version less than or equal to "%{expectedValue}. Verify that the product "%{path}\%{file}" does not have version "%{expectedValue}". Verify that "%{key}" does not exist. Verify that "%{key}" exists. X X X

ORS

ORF

X X

X X X X X X

X X

X X X

Administrator Guide, Version 5.2

237

Adding Steps to a Script

Step Verify a registry keys subkey count is exactly Verify a registry keys subkey count is greater than Verify a registry keys subkey count is greater than or equal to Verify a registry keys subkey count is less than Verify a registry keys subkey count is less than or equal to Verify a registry keys subkey count is not Verify a registry keys value count is exactly Verify a registry keys value count is greater than Verify a registry keys value count is greater than or equal to Verify a registry keys value count is less than

Description Verify that "%{key}" has exactly "%{expectedValue}" subkeys. Verify that "%{key}" has greater than "%{expectedValue}" subkeys. Verify that "%{key}" has greater than or equal to "%{expectedValue}" subkeys. X

ORS

ORF

Verify that "%{key}" has less than "%{expectedValue}" subkeys. Verify that "%{key}" has less than or equal to "%{expectedValue}" subkeys.

Verify that "%{key}" does not have exactly "%{expectedValue}" subkeys. Verify that "%{key}" has exactly "%{expectedValue}" values. Verify that "%{key}" has greater than "%{expectedValue}" values. Verify that "%{key}" has greater than or equal to "%{expectedValue}" values.

Verify that "%{key}" has less than "%{expectedValue}" values.

Verify a registry Verify that "%{key}" has less than or equal keys value count is to "%{expectedValue}" values. less than or equal to Verify a registry keys value count is not Verify a registry pattern doesnt match Verify that "%{key}" does not have exactly "%{expectedValue}" values. Verify that "%{key}!%{name}=%{expectedValue}" doesn't match.

238

Administrator Guide, Version 5.2

Adding Steps to a Script

Step Verify a registry pattern matches Verify a registry value does not exist Verify a registry value exists Verify a registry value is exactly

Description Verify that "%{key}!%{name}=%{expectedValue}" matches. Verify that "%{key}!%{name}" does not exist. Verify that "%{key}!%{name}" exists. Verify that "%{key}!%{name}" is equal to "%{expectedValue}". X

ORS

ORF

X X X X X

Verify a registry Verify that "%{key}!%{name}" is greater value is greater than than "%{expectedValue}". Verify a registry Verify that "%{key}!%{name}" is greater value is greater than than or equal to "%{expectedValue}" . or equal to Verify a registry value is less than Verify a registry value is less than or equal to Verify a registry value is not Verify a service exists Verify a service is running Verify that "%{key}!%{name}" is less than "%{expectedValue}". Verify that "%{key}!%{name}" is less than or equal to "%{expectedValue}". Verify that "%{key}!%{name}" is not equal to "%{expectedValue}". Verify the service "%{name}" exists. Verify the service "%{name}" is running.

X X

X X X

Administrator Guide, Version 5.2

239

Adding Steps to a Script

240

Administrator Guide, Version 5.2

C
Writing Custom Inventory Rules

This chapter describes how to inventory items that are not appearing in Software list by default. Custom Inventory rules allow you to automatically detect software and other items on a node. Capturing this information allows you to manage your custom Software items with Smart Labels, Distribution and Managed Installations, Scripting, and include additional details in Reports. Use the Custom Inventory rules if:

The software or item you want to inventory is not listed in Add/Remove Programs. Different versions of the same software have the same entry in Add/Remove Programs, either with incorrect or incomplete Display Version information. To write deployment rules, scripts, reports based on the pressense of a Software Item or value that is not reported by the agent.

Understanding Custom Inventory Rules

Custom Inventory rules test or get the value of registry keys and entries, program, files, scripts, environment variables, system properties, and the output of commands. There are two types of rules:

Conditional rules that test whether or not a condition exists on the node. When a rule returns true, the agent reports the item as an Installed Program; when the rule returns false, the item does not appear as an Installed Program. Value Return rules that get data from the node and if the value exists the agent reports the item as an Installed Program and sets a corresponding Custom Inventory Field.

Creating a Custom Inventory rule

You add Custom Inventory rules to the Custom Inventory field of the Inventory > Software > Custom_Item: Details page.

Administrator Guide, Version 5.2

241

Writing Custom Inventory Rules

See Chapter 5: To add software to Inventory manually, starting on page 84 for details.

How Custom Inventory Rules are implemented

You create a custom Software Item, add a Custom Inventory rule, and save the item. The agent receives the new rule during the first checkin after you created it. In the session the agent executes the rule and reports the finding back to the appliance. Conditional rule Appliance
Update Inventory Check in
Upload data

Agent

Value Return rule Appliance Agent

Update Inventory Check in
Upload data

Send Rules

Download

Send Rules

Download

Update Installed Programs

Report results
Results: True

Run rules False

Update Installed Program

Report results
value

Run rules Empty

Add Custom Inventory Field

The agent runs all rules as well as any other processes scheduled for that session. Therefore, once the agent checks in, it takes several minutes to run all the rules and other processes before the agent reports the results.

242

Administrator Guide, Version 5.2

Writing Custom Inventory Rules

After the agent reports the results, the nodes Inventory > Computer Details page shows the results under Software in Installed Programs and/or Custom Inventory Fields.

The Installed Program and Custom Inventory Field name. For example BIOSDATE, is the custom Software Items Display name (Title): BIOSDATE. The Software Items with Value Return rules that set a Custom Inventory Field also appear as Installed Programs. If the results you expect dont appear, verify that the node recently checked in. The check in time is shown in the Last Inventory field of the Inventory > Computers Detail page.

Understanding rule syntax

Conditional and Value Return rules use the following syntax: functionName(argument,argument,...) For specific information on functions and their arguments see:

Checking for conditions (Conditional rules), on page 244 Getting values from a node (Custom Inventory Field), on page 251 Matching file names with Regular Expressions, on page 255

Administrator Guide, Version 5.2

243

Writing Custom Inventory Rules

Function syntax
Enter the functionName followed by an opening parentheses, enclose the arguments with a closing parentheses. No spaces are allowed between the name of the function and the opening parentheses.

Argument syntax
Enter argument syntax for all rules except command and regex (regular expression) as follows:

Separate arguments by commas. Commas are not allowed anywhere else in the string. Do not include single or double quotes. White space is trimmed from the front and back of each argument.

For example, the following syntaxes are the same: RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector, IE, 6.000) RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector,IE,6.000)

Checking for conditions (Conditional rules)

This section explains how to write Custom Inventory rules that identify whether or not (true/ false) a Software Item is installed. When using a conditional rule, if the rule returns true the Display name (Title) of the custom Software Item displays in the nodes inventory list under Installed Programs (Inventory > Details > Software > Installed Programs). The following screen shows a node with a custom Software Item, A1 IE custom inventory 7, installed.

The following sections describe the rules that test for conditions:

Conditional rule reference

244

Administrator Guide, Version 5.2

Writing Custom Inventory Rules

Verifying if a Condition exists (Exists rules) Evaluating node settings (Equals rules) Comparing node values (Greater and Less Than rules) Testing for multiple conditions

When the rule returns false, the Software Item does not appear in Installed Programs in the nodes inventory list. You can also display a list of nodes that have the item installed from the Inventory > Software > Custom_item: Details page.

Conditional rule reference

The following table provides a list of all available conditional rules with links to specific details on how to specify the arguments: Syntax Windows OS Mac OS X Linux Description

DirectoryExists(path) FileExists(path)

X X

Checks for a directory at the specified path on the node. Checks for a file at the specified path on the node. Include the name of the file and extension in the path. Verifies that the Version > File Version property of the file specified in the path matches the NUMBER value you entered. Verifies that the Version > File Version property of the file you specified as the path is lower than the NUMBER value you entered.

FileVersionEquals(path, version)

FileVersionLessThan(path, version)

FileVersionGreaterThan(path, version) ProductVersionEquals(path, version)

Verifies that the Version > File Version property of the file you specified is higher than the NUMBER value you entered. Verifies that the Version > Product Version property of the executable or installation file you specified matches the NUMBER value you entered. Verifies that the Version > Product Version property of the executable or installation file you specified is lower than the NUMBER value you entered.

ProductVersionLessThan(path, version)

Administrator Guide, Version 5.2

245

Writing Custom Inventory Rules

Syntax Windows

OS Mac OS X Linux

Description

ProductVersionGreaterThan(path, version)

Verifies that the Version > Product Version property of the executable or installation file you specified is higher than the NUMBER value you entered. X X Verifies that the File Info property of the executable or installation file you specified is higher than the value you entered. Verifies that the File Info property of the executable or installation file you specified is lower than the value you entered. Verifies that the attribute of the executable or installation file you specified matches the value you entered. Verifies that a registry key exists. Verifies that a registry entry exactly matches the value you specify. Value is compared as TEXT. Verifies that the registry entry is lower than the value you specify. Value is a NUMBER. Verifies that the registry entry is higher than the value you specify. Value is a NUMBER. X X X Verifies that an environment variable with the name you specify exists. Verifies that the environment variable definition is higher than the value you specify. Only DATE (in the full format mm/dd/ yyyy hh:mm:ss) and NUMBER are valid types. X Verifies that the environment variable definition is lower than the value you specify. Only DATE (in the full format mm/dd/ yyyy hh:mm:ss) and NUMBER are valid types.

FileInfoGreaterThan(fullpath, attribute, type, value) FileInfoLessThan(fullpath, attribute, type, value) FileInfoEquals(fullpath, attribute, type, value) RegistryKeyExists(registryPath) RegistryValueEquals(registryPath, valueName, value) RegistryValueLessThan(registryPath , valueName, value) RegistryValueGreaterThan(registryP ath, valueName, value) EnvironmentVariableExists(var) EnvironmentVariableGreaterThan(var , type, value)

X X

EnvironmentVariableLessThan(var, type, value)

246

Administrator Guide, Version 5.2

Writing Custom Inventory Rules

Syntax Windows

OS Mac OS X Linux

Description

EnvironmentVariableEquals(var, type, value)

Verifies that the environment variable definition exactly matches the value you specify. All three types are valid, TEXT, DATE (in the full format mm/dd/yyyy hh:mm:ss), and NUMBER. Verifies that a named value exists in a PLIST file. Verifies that the named value is a DATE (in the full format mm/dd/yyyy hh:mm:ss) or NUMBER higher than the value you specified. Verifies that the named value is a DATE (in the full format mm/dd/yyyy hh:mm:ss) or NUMBER lower than the value you specified. Verifies that the named value is a TEXT, DATE (in the full format mm/dd/yyyy hh:mm:ss), or NUMBER that exactly matches the value you specified. You can specify a colon separated list of entries to match the value. Arrays and other valid PLIST datatypes are not supported.

PlistValueExists(fullpath, entry) PlistValueGreaterThan(fullpath, entry, type, value)

X X

PlistValueLessThan(fullpath, entry, type, value)

PlistValueEquals(fullpath, entry, type, value)

Verifying if a Condition exists (Exists rules)

Rules whose name ends with Exists check for the presence of a file, directory, registry key, or other item. If the agent locates the item on the node, the rule returns true, and the item appears as an Installed Program. Use any of the following Exists rules:

DirectoryExists(path) FileExists(path) RegistryKeyExists(registryPath) EnvironmentVariableExists(var) PlistValueExists(fullpath, entry) FilenamesMatchingRegexExist(fullpath,regex)

Administrator Guide, Version 5.2

247

Writing Custom Inventory Rules

ExampleCheck for a directory (folder)

The following example tests to see if the Windows directory exists on the node: DirectoryExists(C:\WINDOWS\)

ExampleCheck for a file

The following example verifies that the Notepad executable file exists on the node: FileExists(C:\WINDOWS\notepad.exe)

Evaluating node settings (Equals rules)

Rules whose name ends with Equals compare the value set on the node to the value you specify in the rule. The rules return true if the values exactly match. Rules that use arguments with set datatypes can only compare values of the same type. For example version is a NUMBER and therefore cannot match a value that includes an alpha or special character, even if you specify the character in the argument. Likewise, the value argument for RegistryValueEquals compares the values as TEXT, so a whole number such as 1 does not match a value of 1.0, 1.0.0, and so forth; it matches 1 only. Use any of the following Equals rules:

FileVersionEquals(path, version) ProductVersionEquals(path, version) FileInfoEquals(fullpath, attribute, type, value) RegistryValueEquals(registryPath, valueName, value) EnvironmentVariableEquals(var, type, value) PlistValueEquals(fullpath, entry, type, value) FilenamesMatchingRegexEqual(fullpath,regex,value)

ExampleTesting JAVA_HOME setting

To verify that the JAVA_HOME setting is C:\Program Files\Java\jdk1.6.0_02: EnvironmentVariableEquals(JAVA_HOME, TEXT, C:\Program Files\Java\jdk1.6.0_02)

ExampleTesting McAfee Registry Entry setting

To check the setting use the same format as the date in the entry:

248

Administrator Guide, Version 5.2

Writing Custom Inventory Rules

RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\McAfee\AVEngine, AVDatDate, 2010/03/01)

ExampleTesting Internet Explorer version

To verify that te Internet Explorer is version 6.0.2900.2180. Specifying the version as 6.0.2900.218 returns false. FileVersionEquals(C:\Program Files\Internet Explorer\iexplore.exe, 6.0.2900.2180)

ExampleDetecting Windows XP Service Pack 2

Windows XP Service Pack 2 appears in Add/Remove programs for machines that were originally on SP1 then upgraded to SP2 only. The default Software inventory for this item does not reflect machines that are already on SP2 because they were originally imaged at the SP2 level. When using the appliance to deploy Windows XP Service Pack 2 create the following Custom Inventory rule for a custom Software Item: RegistryValueEquals(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT \CurrentVersion,CSDVersion,Service Pack 2) You can then exclude nodes with this item installed to prevent the appliance from trying to deploy the SP2 to nodes that are already at that level (that is, SP1 machines that have been upgraded, as well as machines originally imaged with SP2).

Comparing node values (Greater and Less Than rules)

Functions whose names end with GreaterThan and LessThan compare NUMBER (integer) values only. Therefore, a value that contains an alpha or special character, such as versions that contain a letter (1.2.3B), do not compare correctly with this function. Use any of the following Greater Than and Less Than rules:

FileVersionGreaterThan(path, version) and FileVersionLessThan(path, version) ProductVersionGreaterThan(path, version) and ProductVersionLessThan(path, version) FileInfoGreaterThan(fullpath, attribute, type, value) and FileInfoLessThan(fullpath, attribute, type, value) RegistryValueGreaterThan(registryPath, valueName, value) and RegistryValueLessThan(registryPath, valueName, value) EnvironmentVariableGreaterThan(var, type, value) and EnvironmentVariableLessThan(var, type, value) PlistValueGreaterThan(fullpath, entry, type, value) and PlistValueLessThan(fullpath, entry, type, value)
249

Administrator Guide, Version 5.2

Writing Custom Inventory Rules

FilenamesMatchingRegexGreaterThan(fullpath,regex,value) and FilenamesMatchingRegexLessThan(fullpath,regex,value)

ExampleTesting if the Product Version is higher than 6.0 To verify that the product version is higher than 6.0: ProductVersionGreaterThan(C:\Program Files\Internet Explorer\iexplorer.exe, 6.0) To verify that the production version is 6 (that is equal to 6.0) or higher, enter the following: ProductVersionEquals(C:\Program Files\Internet Explorer\iexplorer.exe, 6.0) OR ProductVersionGreaterThan(C:\Program Files\Internet Explorer\iexplorer.exe, 6.0)

ExampleTesting for a Product Version range

To test if the product version is within a range, combine less than and greater than rules: ProductVersionGreaterThan(C:\Program Files\Internet Explorer\iexplorer.exe, 6.0) AND ProductVersionLessThan(C:\Program Files\Internet Explorer\iexplorer.exe, 8.0)

Testing for multiple conditions

You can join rules using AND and OR operators to test for multiple conditions. Using both AND and OR operators in the same Custom Inventory rule is not supported. Set up separate Software Items. Joining conditional rules produces the following results:

AND operator: All the rules must return true in order for the results to return true and report the Software Item as an Installed Program. OR operator: Only one rule must return true for the Software Item to be reported as an Installed Program.

Checking for multiple true conditions (AND)

Use the AND operator to join conditional rules in the Custom Inventory field when you want the item to be reported as an Installed Program only if all the rules are true. In the Custom Inventory field, join rules using the following syntax: Function(arguments...) AND Function(arguments) AND ... Separate the conditional statements from the operator with spaces.

250

Administrator Guide, Version 5.2

Writing Custom Inventory Rules

ExampleChecking for a Registry Key and comparing values

To check for a registry key and a registry entry value on a Windows system use AND to combine the rules as shown below: RegistryKeyExists(registryPath) AND RegistryValueEquals(registryPath, valueName, value)

Checking for one true condition (OR)

When you join rules using the OR operator, if any of the rules in the Custom Inventory field are true, the software appears in the Installed Program list of the node. In the Custom Inventory field, join the rules using the following syntax: Function(arguments) OR Function(arguments) OR ... Separate the function statements and operator using a space.

ExampleChecking for either Registry value

To check that a registry entry is one value or another: RegistryValueEquals(registryPath, valueName, value) OR RegistryValueEquals(registryPath, valueName, value) To specify a range it use RegistryValueGreaterThan and RegistryValueLessThan rules joined by the AND operator.

Getting values from a node (Custom Inventory Field)

The rules that end with ValueReturn allow you t gather information from the node. Use these rules to get information that the agent normally does not. The returned values are set with the custom Software Item Display name (Title) in the node inventory. To display the list, go to Inventory > Details > Software > Custom Inventory Fields.

Administrator Guide, Version 5.2

251

Writing Custom Inventory Rules

Use the Custom Inventory Field values to manage installs and distribute software as well as in reports, View by filtering, and Smart Label search criteria, or any other process that can be performed with a automatically detected setting. This section covers the following topics:

Value Return rule reference Getting Registry key values Getting command output Getting PLIST values Getting multiple values

Value Return rule reference

The following table shows all available value return rules that you can use to set a Custom Inventory Field. Syntax Windows OS Mac OS X Linux Description

RegistryValueReturn(registryPath, valueName, X type) EnvironmentVariableReturn(var, type) X X

Returns the value of a registry entry, and sets the datatype to the one you specified. Returns the value of an environment variable, and sets the datatype to the one your specified. Returns the value of a file attribute, see valid types in Specifying a file attribute, on page 258. Returns the output of the command, and sets the datatype to TEXT. Returns the output of the command, and sets the datatype to DATE. Returns the output of the command, and sets the datatype to NUMBER. Returns the value of the PLIST key, and sets the datatype to TEXT, NUMBER, or DATE.

FileInfoReturn(path, attribute, type)

ShellCommandTextReturn(command) ShellCommandDateReturn(command) ShellCommandNumberReturn(command) PlistValueReturn(fullpath, entry, type)

X X X

X X X X

Getting File Information values

You can set the Custom Inventory Field to any of the Windows File Information attributes using the FileInfoReturn rule.

252

Administrator Guide, Version 5.2

Writing Custom Inventory Rules

ExampleGetting Windows Internet Explorer Product Version

The following example sets the Custom Inventory Field for the Internet Explorer Product Version as a NUMBER. In the Custom Inventory field, enter the following: FileInfoReturn(C:\Program Files\Internet Explorer\iexplore.exe,ProductVersion,NUMBER) However, if the value contained a special or alpha character, specify the TEXT as the type. TEXT limits the operators you can use in queries in other features, such as Smart Label Search Criteria.

Getting Registry key values

Set the Custom Inventory Field to a registry key using the RegistryValueReturn rule. Where the registryPath (on left) is the path to the entry, the valueName (on right) is the key you want to return.

ExampleGetting the Internet Explorer ProductID key

To set the ProductID registry key as a Custom Inventory Field. RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration, ProductId, TEXT)

Getting command output

Command rules allow you to set the output of a command to a Custom Inventory Field. The command depends on the command interpreter and executable path on the node. For example, on Windows systems you can write MS-DOS commands, but not Cygwin-style UNIX commands unless Cygwin is installed and available in the default path for all users. Use any of the following rules to set the output of the command to a Custom Inventory Field:

ShellCommandTextReturn(command) ShellCommandDateReturn(command)

Administrator Guide, Version 5.2

253

Writing Custom Inventory Rules

ShellCommandNumberReturn(command)

ExampleGetting uptime on a Mac OS X

To set the uptime as a Custom Inventory Field: ShellCommandTextReturn(/usr/bin/uptime averages://' | awk '{print $1}') | sed -e 's/.*load

The Uptime Return custom Software Item displays in the Custom Inventory Field.

Getting PLIST values

PlistValueReturn rules allow you to set a Property List (PList) key as a Custom Inventory Field.

ExampleGetting the system locale

To distribute software using Managed Installations based on the native language, enter the following rule to get computer locale and then create corresponding Smart Label that is applied to the machine based on the language code reported by the agent in the Custom Inventory Field: PlistValueReturn(~/Library/Preferences/GlobalPreferences.plist, AppleLocale, TEXT)

Getting multiple values

Join ValueReturn rules using either the AND or OR operator. The rule shows the software item as an Installed Program, if any of the values are not empty. The joined values are all set in the same Custom Inventory Field separated by the operator and therefore are technically considered for the purposes of Search Criteria, filters, reports, and other appliance processes as TEXT. ValueReturn rules joined by the: AND operator: All the values are reported in the Custom Inventory Field.

254

Administrator Guide, Version 5.2

Writing Custom Inventory Rules

OR operator: All values are reported in the Custom Inventory Field.

In the Custom Inventory field, join rules using the following syntax: Function(arguments...) AND Function(arguments) AND ... Separate the conditional statements from the operator with spaces. Do not join AND and OR operators in the same rule.

Matching file names with Regular Expressions

This section describes the Regular Expression rules that match file names in Conditional and Value Return rules using a regular expression. Regular expressions match a character or the specified string to the file names in the directory you specified. The K1000 agent only provides functions that compare file names using regular expressions.

Understanding Regular Expressions

The purpose of this section is to provide a high-level introduction to regular expressions. For more information on writing regular expressions go to: http://msdn.microsoft.com/en-us/library/az24scfc.aspx. The following table provides an overview of basic regular expression syntax you can use to match file names: Character (any string) Description Entering non-special characters only matches any file name that contains the string. Example Expression abc Matches Myabc.txt abcFile.xls MyFile.abc From File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg

Dot matches any single character. When entered alone it matches all files.

File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg

Administrator Guide, Version 5.2

255

Writing Custom Inventory Rules

Character \

Description Backslash escapes a special character, suppressing the special regular expression quantifier meaning. For example, to match all text files, enter: .*\.txt$ Caret (and \A) matches the characters you specify to the start of the file name. Pipe separates a list of options to match. Dollar (and \Z or \z) matches the characters your specify to the end of the file name. Question mark makes the preceding character optional in matches.

Example Expression \. Matches File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg kinstaller.exe From File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg install.exe runkbot.bat kinstaller.exe install.exe kinstaller.exe runkbot.bat MyStartupBat.doc MyStartup.bat

run|installer kinstaller.exe runkbot.bat bat$ MyStartup.bat

\.log10?$

a.log11 mylog.log10

app.log appconf.log2 mylog.log10 a.log11 afile.txt app.log appconf.log12 mylog.log10 a.log11 afile.txt app.log appconf.log12 mylog.log10 a.log11 afile.txt3 app.log appconf.log12 mylog.log10 a.log11 afile.txt3

Asterisk matches the preceding character zero or more times.

\.log1*$

app.log appconf.log12 a.log11

Plus matches the preceding character one or more times.

ap+.*\.log

app.log appconf.log12

[]

[123] Brackets enclose a character class and matches any character within the brackets. Note that character class special character rules differ from normal regular expressions.

appconf.log12 mylog.log10 a.log11 afile.txt3

256

Administrator Guide, Version 5.2

Writing Custom Inventory Rules

Character ()

Description

Example Expression Matches appconf.log12 a.log11 afile.txt3 From app.log appconf.log12 mylog.log10 a.log11 afile.txt3 app.log appconf.log12 mylog.log10 a.log11 afile.txt3

ap?+\.(log) Parentheses enclosing [123]$ characters creates a backreference and matches the preceding characters and/ or the enclosed characters. Curly brackets repeats the preceding character the number of specified times, where n is greater than or equal to 1. a.{3}?+\. (log)[123]$

{n}

appconf.log12 afile.txt3

Regular Expression Rule Reference

The syntax of a regular expression rule varies slightly from the other File rules. Where the fullpath argument is a string that matches the absolute path to the file location, but does not include name of the file. And the file name is specified as a separate argument using a regular expression. The following table provides a list of rules that allow you to use regular expressions. Syntax Windows OS Mac OS X Linux Description

FilenamesMatchingRegexExist(fullpath,regex)

Returns true if any files in the specified directory match the file name you entered using a regular expression. True if the number of files that match is more than the value. True if the number of files that match is less than the value. True if the number of files that match is the same as the value. Sets the Custom Inventory Field to the matching file names (includes path).

FilenamesMatchingRegexGreaterThan(fullpat h,regex,value)

X X X X

FilenamesMatchingRegexLessThan(fullpath,re X gex,value) FilenamesMatchingRegexEqual(fullpath,regex, X value) FilenamesMatchingRegexReturn(fullpath,rege x,type) X

Defining rule arguments

This section provides details on defining the arguments in a rule.

Administrator Guide, Version 5.2

257

Writing Custom Inventory Rules

For rule syntax see the tables in Checking for conditions (Conditional rules), on page 244, Getting values from a node (Custom Inventory Field), and Matching file names with Regular Expressions for more details on the specific rules they can be used in.

Finding a path or file

path and fullpath are a string that specifies the absolute path to a directory or file on the node, for example: C:\Program Files\Mozilla Firefox\firefox.exe The agent locates the directory or file and performs the specific test.

Finding a registry key and entry

registryPath is a string that specifies the absolute path in the registry to a registry key, for example: HKEY_LOCAL_MACHINE/software/kace

Specifying a version
version is an integer (datatype is NUMBER) that the agent compares to the version of the item being tested on the node. For example, the FileVersionGreaterThan test returns true if the value you specify is higher than the version number of the file or folder and otherwise returns false. To test a range, join a Less Than and Greater Than rule as follows: FileVersionGreaterThan(C:\Program Files\Adobe\Acrobat\7.0\Acrobat\Acrobat.exe, 6.99) AND FileVersionLessThan(C:\Program Files\Adobe\Acrobat\7.0\Acrobat\Acrobat.exe, 8.00)

Specifying environment or user variables

var in is a string that matches the actual name of the environment variable on the system. For example, to test that the Program Files directory variable is correctly set: EnvironmentVariableEquals(ProgramFiles, TEXT, C:\Program Files)

Specifying a file attribute

attribute is a system property, a file or folder property, or an agent assigned property on the node. The appliance provides operating system dependent argument types.

258

Administrator Guide, Version 5.2

Writing Custom Inventory Rules

Using Windows file attributes

You can use the FileInfoGreaterThan, FileInfoLessThan, and FileInfoEquals functions to test a file property on Windows in the following syntax: FunctionName(fullpath, attribute, type, value) You can specify any type but the datatype indicated in the table below shows the Windows supported type: AccessedDate Comments CompanyName CreatedDate FileBuildPart FileDescription FileMajorPart FileMinorPart FileName FilePrivatePart FileVersion DATE TEXT TEXT DATE Last date and time the file was accessed. Additional information provided for diagnostic purposes. Name of the company that produced the file. When the file was created.

NUMBER/ Third position of the File Version, for example TEXT in version 1.2.3, 3=Build. TEXT File Description of the Windows file properties Details tab.

NUMBER/ First position of the File Version, for example TEXT in version 1.2.3, 1=Major. NUMBER/ Second position of the File Version, for TEXT example in version 1.2.3, 2=Minor. TEXT TEXT Current name of the file. Also see FileExists. Fourth position of the File Version, for example in version 1.2.3.4, 4=Private.

NUMBER/ Complete File Version shown on the file TEXT properties Details tab. Also see FileVersionEquals, FileVersionGreatThan, and FileVersionLessThan TEXT Internal name of the file, if one exists, such as the module name. If the file has no internal name, it is equal to the original filename, without an extension. Returns True (1) if the file contains debugging information or was compiled with debugging enabled; otherwise returns False (0). Returns True (1) if the provider marked the file as modified and it is not identical to the original shipped version; otherwise returns False (0).

InternalName

IsDebug

TEXT/ NUMBER TEXT/ NUMBER

IsPatched

Administrator Guide, Version 5.2

259

Writing Custom Inventory Rules

IsPreRelease

TEXT/ NUMBER TEXT/ NUMBER

Returns True (1) if the provider marked the file as a development version, not a commercially released product; otherwise returns False (0). Returns True (1) if the provider marked the file as not built using standard release procedures; otherwise returns False (0). When True, file also has a PrivateBuild string. Returns True (1) if the provider marked the file as built by the original company using standard release procedures but is a variation of the standard file of the same version number; otherwise returns False (0). When True, file also has a SpecialBuild string. Language code, displays corresponding name on the File Properties Details tab. Copyright notices that apply to the file. Trademarks and registered trademarks that apply to the file. Last day and time the file was modified. Provides the full name of the file when it was put or installed on the node. Information about the version of the file.

IsPrivateBuild

IsSpecialBuild

TEXT/ NUMBER

Language LegalCopyright LegalTrademarks ModifiedDate OriginalFilename PrivateBuild ProductBuildPart ProductMajorPart ProductMinorPart ProductName

TEXT TEXT TEXT DATE TEXT TEXT

NUMBER/ Third position of the Product Version, for TEXT example in version 1.2.3, 3=Build. NUMBER/ First position of the Product Version, for TEXT example in version 1.2.3, 1=Major. NUMBER/ Second position of the Product Version, for TEXT example in version 1.2.3, 2=Minor. TEXT String that matches the Product Name of the Windows property. Fourth position of the File Version, for example in version 1.2.3.4, 4=Private.

ProductPrivatePart NUMBER ProductVersion

NUMBER/ The full production version. TEXT Also see ProductVersionEquals, ProductVersionGreaterThan, and ProductVersionLessThan. TEXT Additional information about the build.

SpecialBuild

Testing for Linux and Mac file attributes

On Linux and Mac nodes you can use the following arguments to test file attributes: device_number ID of device (disk) containing the file.

260

Administrator Guide, Version 5.2

Writing Custom Inventory Rules

inode number_links owner group size access_time modification_time creation_time block_size blocks

inode number. Number of hard links to the file. User name of the person who owns the file. Group name of the file owner. File size. Time stamp of the last time the user or system accessed the file. Last time a change that was mode to the file was saved. When the file was created. The block size of the file. The number of blocks used by the file.

Specifying the datatype

type identifies the type of data you are testing or returning. The agent supports the following types:

TEXT a string. Only valid for exactly matching in conditional rules such as Equals. In ValueReturn rules, sets the Custom Inventory Field type to string and therefore limits search criteria and filtering to matching operators. NUMBER an integer. Valid in all conditional rules, allows you to specify a whole number for comparison. DATE must be in the format of MM/dd/yyyy HH:mm:ss for example 09/28/2006 05:03:51. Time is required, for example in a comparison such as greater than you must at least specify the time as 00:00:00.

Specifying values to test

value typically follows type except in a rule where the datatype is known, such as in a version rule. The value you specify must match the type, for more information see Specifying the datatype, on page 261.

Specifying the name of a registry entry (Windows only)

valueName is a string that matches the name of the registry entry you want to test. Used only in registry tests for Windows systems.

Specifying a PLIST key (Mac only)

entry is either NUMBER, TEXT, or DATE and matches a key in a PLIST file on a Mac OS X computer. In the entry argument, you can specify a colon separated list of keys to match. For example to

Administrator Guide, Version 5.2

261

Writing Custom Inventory Rules

Using a regular expression

regex is a regular expressions that matches a file name in a Conditional or Value Return rule. See Matching file names with Regular Expressions, on page 255 for more details.

Defining commands
The shell command functions allow you to specify the command you want to run on the computer. The guidelines for writing rule arguments do not apply to command. However white space after the opening parentheses and immediately before the closing one is stripped from the command.

262

Administrator Guide, Version 5.2

D
Database Tables

This appendix contains a list of the table names used in the Dell KACE K1000 Management Appliance database.

K1000 Management Appliance Database Tables, on page 263.

K1000 Management Appliance Database Tables

Refer to the following table when creating custom reports. For more information, see Chapter 12: Running the K1000 Appliance Reports, starting on page 199. Table ADVISORY ADVISORY_LABEL_JT ASSET ASSET_ASSOCIATION ASSET_DATA_1 ASSET_DATA_2 ASSET_DATA_3 ASSET_DATA_4 ASSET_DATA_5 ASSET_DATA_6 ASSET_DATA_7 ASSET_FIELD_DEFINITION ASSET_FILTER ASSET_HIERARCHY ASSET_HISTORY ASSET_TYPE AUTHENTICATION CLIENTDIST_LABEL_JT CLIENT_DISTRIBUTION Component Service Desk Service Desk Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Appliance Administration Appliance Administration Appliance Administration

Administrator Guide, Version 5.2

263

Database Tables

Table CUSTOM_FIELD_DEFINITION CUSTOM_VIEW DELL_INVENTORY DELL_INVENTORY_APPLICATION _DEVICE_JT DELL_INVENTORY_DEVICE_JT DELL_INVENTORY_LOG DELL_MACHINE_PKG_UPDATE_S TATUS DELL_MACHINE_STATUS DELL_PKG_LABEL_JT DELL_PKG_STATUS DELL_PKG_UPDATE_HISTORY DELL_SCHEDULE DELL_SCHEDULE_LABEL_JT DELL_SCHEDULE_OS_JT DELL_SCHEDULE_UPDATE_LABE L_JT FILTER FS FS_LABEL_JT FS_MACHINE_JT GLOBAL_OPTIONS HD_ATTACHMENT HD_CATEGORY HD_EMAIL_EVENT HD_FIELD HD_IMPACT HD_MAILTEMPLATE HD_PRIORITY HD_QUEUE HD_QUEUE_APPROVER_LABEL_J T HD_QUEUE_OWNER_LABEL_JT

Component Custom Fields Custom Fields Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Labeling File Synchronization File Synchronization File Synchronization Appliance Administration Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk

Service Desk

264

Administrator Guide, Version 5.2

Database Tables

Table HD_QUEUE_SUBMITTER_LABEL_ JT HD_SERVICE HD_SERVICE_TICKET HD_SERVICE_USER_LABEL_JT HD_STATUS HD_TICKET HD_TICKET_CHANGE HD_TICKET_CHANGE_FIELD HD_TICKET_FILTER HD_TICKET_RELATED HD_TICKET_RULE HD_WORK IM_CRON IPHONE_PROFILE IPHONE_PROFILE_LABEL_JT KBOT KBOT_CRON_SCHEDULE KBOT_DEPENDENCY KBOT_EVENT_SCHEDULE KBOT_FORM KBOT_FORM_DATA KBOT_LABEL_JT KBOT_LOG KBOT_LOG_DETAIL KBOT_LOG_LATEST KBOT_OS_FAMILY_JT KBOT_OS_JT KBOT_RUN KBOT_RUN_MACHINE KBOT_RUN_TOKEN KBOT_SHELL_SCRIPT KBOT_UPLOAD KBOT_VERIFY

Component Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Appliance Administration iPhone iPhone Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting

Administrator Guide, Version 5.2

265

Database Tables

Table KBOT_VERIFY_STEPS LABEL LABEL_LABEL_JT LDAP_FILTER LDAP_IMPORT_USER MACHINE MACHINE_CUSTOM_INVENTORY MACHINE_DAILY_UPTIME MACHINE_DISKS MACHINE_LABEL_JT MACHINE_NICS MACHINE_NTSERVICE_JT MACHINE_PROCESS_JT MACHINE_REPLITEM MACHINE_SOFTWARE_JT MESSAGE MESSAGE_LABEL_JT METER METER_COUNTER MI MI_ATTEMPT MI_LABEL_JT MSP_MI_TEMPLATE NODE NODE_LABEL_JT NODE_PORTS NODE_SNMP_IF NODE_SNMP_SYSTEM NOTIFICATION NTSERVICE NTSERVICE_LABEL_JT OBJECT_HISTORY

Component Scripting Labeling Labeling Labeling User Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Alerts Alerts Software Metering Software Metering Managed Installs Managed Installs Managed Installs Patching Network Scan Network Scan Network Scan Network Scan Network Scan Alerts Inventory Inventory Appliance Administration

MACHINE_STARTUPPROGRAM_JT Inventory

266

Administrator Guide, Version 5.2

Database Tables

Table OPERATING_SYSTEMS OVAL_STATUS PATCHLINK_MACHINE_STATUS PATCHLINK_PATCH_LABEL_JT PATCHLINK_PATCH_STATUS PATCHLINK_SCHEDULE PATCHLINK_SCHEDULE_DEPLOY _LABEL_JT PATCHLINK_SCHEDULE_DETECT _LABEL_JT PATCHLINK_SCHEDULE_LABEL_ JT PATCHLINK_SCHEDULE_OS_JT PATCHLINK_SCHEDULE_ROLLBA CK_LABEL_JT PATCH_FILTER PORTAL PORTAL_LABEL_JT PROCESS PROCESS_LABEL_JT PROVISION_CONFIG PROVISION_NODE REPLICATION_LANGUAGE REPLICATION_PLATFORM REPLICATION_SCHEDULE REPLICATION_SHARE REPORT REPORT_FIELD REPORT_FIELD_GROUP REPORT_JOIN REPORT_OBJECT REPORT_SCHEDULE SAVED_SEARCH SCAN_FILTER SCAN_SETTINGS

Component Inventory OVAL Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Labeling Service Desk Service Desk Inventory Inventory Appliance Administration Appliance Administration Replication Replication Replication Replication Reporting Reporting Reporting Reporting Reporting Reporting Appliance Administration Labeling Network Scan

Administrator Guide, Version 5.2

267

Database Tables

Table SETTINGS SOFTWARE SOFTWARE_LABEL_JT SOFTWARE_OS_JT STARTUPPROGRAM STARTUPPROGRAM_LABEL_JT THROTTLE USER USERIMPORT_SCHEDULE USER_HISTORY USER_KEYS USER_LABEL_JT USER_ROLE USER_ROLE_PERMISSION_VALU E

Component Appliance Administration Inventory Inventory Inventory Inventory Inventory Appliance Administration Service Desk Service Desk Service Desk Service Desk Service Desk Appliance Administration Appliance Administration

268

Administrator Guide, Version 5.2

E
Manually Deploying Agents

This appendix explains how to manually deploy the Dell KACE K1000 Management Appliance agent on nodes using a command-line.

Overview of manual deployment

Manually deploying or upgrading the agent is useful when you have problems with provisioning or want to use other means to install the agent such as shell scripts, batch files, and Group Policy/Active Directory. You can find the installers for Windows, Macintosh, and Red Hat Linux in the following directory: \\k1000_hostname\client\agent_provisioning File share must be enabled to access the installers. See Enabling file sharing on page 47.

Manually installing the 5.1 Agent on Windows

This section describes two methods for installing the 5.1 K1000 Agent on a Windows machine:

Manually install using the Install wizard.

The K1000 Management Appliance provides the following Windows installation files for the K1000 5.1 Agent:

KInstallerSetup.exe: GUI installer without .NET 1.1. Requires user interaction. KInstallerSetupSilent.msi: Silent installer without .NET 1.1. Use for command line installs. KNISetup_v11Silent.msi: Silent installer with .NET 1.1. Use for command line installs.

Manually install the 5.1 Agent on Windows using the Install wizard
Use the KInstallerSetup.exe file for this method.

Administrator Guide, Version 5.2

269

Manually Deploying Agents

Ensure that you have the .NET 1.1 Framework dotnetfx.exe installed on this computer. If this file is not installed, you can get a replacement from the shared directory of the appliance server: \\k1000_name\client\agent_provisioning\windows_platform

Go to the shared directory of the appliance server:

\\k1000_hostname\client\agent_provisioning\windows_platform

3. 4.

Copy the KInstallerSetup.exe file to your local computer. Double-click the file to start the installation and following the instructions in the install wizard. Be sure to enter the name of your K1000 server.

The node information appears in the appliance Inventory within a few minutes. Although the agent automatically checks in, you can force a check in using: C:\Program Files\KACE\KBOX\KBOXClient.exe

Installing the 5.1 Agent on Windows using command lines

You can use any of the installation files listed above. See Manually installing the 5.1 Agent on Windows on page 269. For example, use the following commands to install the 5.1 Agent on Windows Platforms:

KInstallerSetup.exe -server=k1000_hostname -ssl_enabled=0 amp_ssl=0 -display_mode=silent msiexec.exe /qn /I KInstallerSetupSilent.msi KINSTALLER_ARGS="server=k1000_hostname -display_mode=silent -ssl_enabled=0 amp_ssl=0 You can also use the IP address instead of the server hostname.

Manually installing the 5. 2 Agent on Windows

You can install the K1000 5.2 Agent on Windows using the Install Wizard or command lines.

Manually install the 5.2 Agent on Windows using the Install wizard
1. Go to the shared directory of the appliance server:
\\k1000_hostname\client\agent_provisioning\windows_platform

2. 3.

Copy the ampagent-5.2.buildnumber-x86.msi file to your local computer. Double-click the file to start the installation and following the instructions in the install wizard. Be sure to enter the name of your K1000 server.

270

Administrator Guide, Version 5.2

Manually Deploying Agents

The node information appears in the appliance Inventory within a few minutes. Although the agent automatically checks in, you can force a check in using the following command line: runkbot 4 0

Manually install the 5.2 Agent on Windows using command lines

The options listed in Table E-1 on page 271 in provide several different ways for installing the 5.2 Agents on Windows Platforms. For example:

In a batch file as part of logon scripts, which would run the installer (msiexec) and set various parameters, such as the value of the host. Set an environment variable for the server name and then run the installer. Rename the installer name which automatically sets the server name during the install.

This method provides the following parameters: Table E-1: Command line parameters for the 5.2 Agent Description Windows Installer Tool Install flag Uninstall flag Silent install Log verbose output Auto set host name msiexec or msiexec.exe /i Example: msiexec /i ampagent-5.2.12345-x86 /x Example: msiexec /x ampagent-5.2.12345-x86 /qn Example: msiexec /qn /i ampagent-5.2.12345-x86 /L*v log.txt rename agent_installer.msi_hostname.msi (Renames the install file to the name of the server name, which automatically sets the host name.) Example: msiexec /qn /i ampagent-5.1.32941-x86_prime.kace.com.msi PROPERTY=value (Must use ALL CAPS.) Example: msiexec /qn /i ampagent-5.2.32941-x86.msi HOST=prime.kace.com set KACE_SERVER=k1000name (Must be followed by an msiexec call to install.) Example: set KACE_SERVER=kbox msiexec /i ampagent-5.2.12345-x86 The ordering of setting the host is as follows 1. If HOST= passed to MSI, use that. Parameter

Set properties

Set server name

Administrator Guide, Version 5.2

271

Manually Deploying Agents

2. 3. 4. 5. 6.

If installer contains name of host, use that. If KACE_SERVER is set, use that. Use current setting in amp.conf. Use previous setting in smmp.conf. Otherwise default to blank, NOT kbox (will show an error).

Installing and Configuring the 5.1 Agent on Linux

This section provides information for installing the 5.1 Agent on Linux. Additional options are available for the 5.2 Agent. See Additional options for the 5.2 Agent on page 273. 1. 2. Ensure that you have kboxagent-buildnumber.i386.rpm on your computer. At the command line prompt, enter: rpm -ivh k1000agent-buildnumber.i386.rpm The installer creates the following directories on your computer: 3. /kace The base directory where the entire agent is installed on the node. /kace/bin This directory contains all the executable files. /kace/lib This directory contains data, such as version number, default configuration files, and others for the agent. /kace/data This directory contains the application code organized as libraries. /var/kace/kagentd This directory contains the kbot_config.yaml file.

Enter: cd KACE/bin

Set the name of the K1000 Management Appliance server, by entering: ./setkbox k1000server_hostname

Restart all K1000 Management Appliance agent services and connect to the appliance server by entering: ./runkbot 1 0

To upgrade the agent

1. 2. Ensure that you have k1000agent-buildnumber.i386.rpm on your computer. At the command line prompt, enter: rpm -uvh k1000agent-linux_buildnumber.rpm

272

Administrator Guide, Version 5.2

Manually Deploying Agents

To remove the agent

At the command line prompt, enter: rpm -e k1000agent-buildnumber.i386

Additional options for the 5.2 Agent

You can install the 5.2 agent for any user starting or logging in to a Linux system. You can set the name by adding the following command to the root.apospories: export KACE_SERVER=k1000name The export call must proceed the call to the installer. For example: export KACE_SERVER=k1000name rpm -ivh k1000agent-12345.i386.rpm The ordering of setting the host is as follows 1. 2. 3. 4. If installer contains name of host, use that. If KACE_SERVER is set, use that. Use current setting in amp.conf. Use previous setting in smmp.conf.

Otherwise default to blank, NOT box (will show an error).

Verifying Deployment of the Agent

This section describes tasks to manage the agent using the command line interface.

To start and stop the agent

1. At the command line prompt, enter: cd KACE/bin 2. To start the agent, enter: ./SMMPctl start 3. To stop the agent, enter: ./SMMPctl stop

To check whether the agent is running

1. 2. Open the command line interface. Enter the following command: - ps aux | grep SMMPAgent

To check the version of the agent

At the command line prompt, enter: cat /KACE/data/version

Administrator Guide, Version 5.2

273

Manually Deploying Agents

To perform an Inventory check

1. At the command line prompt, enter: sudo /KACE/bin/inventory: 2. To save the inventory results to a file, enter: sudo /KACE/bin/inventory > 'uname -n'.txt This command saves the inventory results to a file named yourcomputer.txt, where yourcomputer is the name of your computer.

Linux Debugging
To log on to the AMP Service
At a command line prompt, enter the following commands: sudo touch /var/kace/kagentd/debug_agent.tag sudo /etc/rc.d/init.d/SMMPctl stop sudo /etc/rc.d/init.d/SMMPctl start The output of this file is part of the KBOT_LOG.txt file. 1. 2. 3. Go to Inventory > Computer, and click on the machine you want to view. On the detail page, go to the Logs section. Click K1000 Agent Logs.

Edit the SMMP configuration file:

1. Add the following line to end of the /var/kace/SMMP/SMMP.conf file: debug=true 2. 3. Save and close the file. Restart the AMP service by entering the following commands:

274

Administrator Guide, Version 5.2

Manually Deploying Agents

sudo /Library/K1000Agent/Home/bin/SMMPctl stop sudo /Library/K1000Agent/Home/bin/SMMPctl start The agent normally checks in using the Run Interval schedule specified in Agent Settings page. For debugging and testing purposes, you can run the file runkbot located in /KACE/bin to force the agent to force a check in with the appliance. For bootstrap: to run the first time after agent installation: /KACE/bin/runkbot 1 0 For Inventory: to run at any other time: /KACE/bin/runkbot 2 0

To Install and Configure the 5.1 Agent on Mac OS Nodes

This section provides information for installing the 5.1 Agent on Mac OS. Additional options are available for the 5.2 Agent. See Using shell scripts to install the 5.2 Agent on page 278. You must run these commands as root. A root is a user with administrator privileges on the node. 1. 2. 3. 4. 5. 6. 7. Double-click K1000 Agent 3.1.buildnumber.dmg. Double-click K1000 Agent.pkg. The Introduction page is displayed. Click Continue. The Read Me page is displayed. Click Continue. The Select Destination page is displayed, select the destination volume where you want to install the agent, and then click Continue. The Installation Type page is displayed. Click Install. The Finish Up page is displayed. Click Close. The installer creates the following directories on your computer: 8. /Library/K1000Agent/Home/bin /Library/K1000Agent/Home/data /Library/K1000Agent/Home/lib /var/kace/kagentd - This directory contains the kbot_config.yaml file.

Enter: cd Library/K1000Agent/Home/bin

Set the name of the appliance server by entering: ./setk1000 k1000server_hostname

Administrator Guide, Version 5.2

275

Manually Deploying Agents

10. Restart all agent services and connect to the appliance server by entering: ./runkbot 2 0

To upgrade the agent

1. 2. 3. 4. 5. 6. 7. Double-click K1000 Agent 3.1.buildnumber.dmg. Double-click K1000 Agent.pkg. The Introduction page is displayed. Click Continue. The Read Me page is displayed. Click Continue. The Select Destination page is displayed, select the destination volume where you want to install the agent, and then click Continue. The Installation Type page is displayed. Click Upgrade. The Finish Up page is displayed. Click Close.

To remove the agent

1. 2. 3. Browse to /Library/K1000Agent. Drag the K1000Agent folder to the Trash Kill the process ID.

Verifying deployment of the agent

This section describes the various tasks you can perform to manage the agent using the command line interface.

To start or stop the agent

1. 2. Open Terminal from Applications > Utilities. Enter the following commands: cd Library/K1000Agent/Home/bin ./SMMPctl start 3. To stop the agent, enter: ./SMMPctl stop

To check if the agent is running

1. 2. Open Terminal from Applications > Utilities. To check if the kagentd process is running, enter the following command: ps aux | grep kagentd This output indicates that the process is running:

276

Administrator Guide, Version 5.2

Manually Deploying Agents

root 2159 0.0 1.1 94408 12044 p2 S 3:26PM 0:10.94 /Library/ K1000Agent/Home/bin/kagentd

To check the version of the agent

1. 2. Open Terminal from Applications > Utilities. Enter: cat Library/K1000Agent/Home/data/version

To perform an Inventory check

1. 2. Open Terminal from Applications > Utilities. Enter: sudo Library/K1000Agent/Home/bin/inventory 3. To save the inventory results to a file, enter: sudo Library/K1000Agent/Home/bin/inventory > computer_name.txt This command saves the inventory results to a file named computer_name.txt, where computer_name is the computer name that you specified.

Macintosh Debugging
To log on to the AMP Service 1. 2. Open Terminal from Applications > Utilities. Enter the following commands: $ $ $ sudo touch /var/kace/kagentd/debug_agent.tag sudo /Library/K1000Agent/Home/bin/SMMPctl stop sudo /Library/K1000Agent/Home/bin/SMMPctl start

The output of this file is part of the KBOT_LOG.txt file. 1. 2. 3. Go to Inventory > Computer, and click the machine you want to view. On the detail page, go to the Logs section. Click K1000 Agent Logs.

Edit the SMMP configuration file:

1. Add the following line to end of the /var/kace/SMMP/SMMP.conf file: debug=true 2. 3. Save and close the file. Restart the AMP service by entering the following commands: sudo /Library/K1000Agent/Home/bin/AMPctl stop sudo /Library/K1000Agent/Home/bin/AMPctl start

Administrator Guide, Version 5.2

277

Manually Deploying Agents

The agent normally checks in using the Run Interval schedule specified in Agent Settings page. For debugging and testing purposes, you can run the file runkbot located in /KACE/bin to force the agent to force a check in with the appliance. For bootstrap: to run the first time after agent installation: ./runkbot 1 0 For Inventory: to run at any other time: ./runkbot 2 0

Using shell scripts to install the 5.2 Agent

The K1000 Management Appliance provides options that are useful when using shells scripts to install the 5.2 Agent:

hdiutil attach ./ampagent-5.2.buildnumber-all.dmg export KACE_SERVER=k1000name sudo installer -pkg '/Volumes/Dell KACE/AMPAgent.pkg' -target / hdiutil detach '/Volumes/Dell KACE' The export call must proceed the install call (for example, sudo export KACE_SERVER=k1000name installer -pkg '/Volumes/Dell KACE/ AMPAgent.pkg' -target /

The ordering of setting the host is as follows 1. 2. 3. 4. If installer contains name of host, use that. If KACE_SERVER is set, use that. Use current setting in amp.conf. Use previous setting in smmp.conf.

Otherwise default to blank, NOT kbox (will show an error). For information about using shell scripts and command lines, see http:// developer.apple.com.

278

Administrator Guide, Version 5.2

F
Understanding the Daily Run Output
The daily run output is automatically sent to the System Administrator by email every night at 2:00 AM. This appendix contains a sample of the daily run output. Your output may differ from the sample shown. The following syntaxes are the standard freebsd maintenance messages:

Filesystem /dev/ twed0s1a devfs /dev/ twed0s1f /dev/ twed0s1e /dev/ twed0s1d /dev/ twed1s1d

Removing stale files from /var/preserve: Cleaning out old system announcements: Removing stale files from /var/rwho: Backup passwd and group files: Verifying group file syntax: Backing up mail aliases: Disk status:

1K-blocks 2026030 1 134105316 10154158 2026030 151368706

Used 36780 1 1003568 6365810 3858 2722542

Avail 1827168 0 122373324 2976016 1860090 136536668

Capacity 2% 100% 1% 68% 0% 2%

Mounted on / /dev /kbox /usr /var /kbackup

Administrator Guide, Version 5.2

279

Understanding the Daily Run Output

The above table reports information about your disks. Of interest are /kbox and /kbackup. /kbox contains all the software for the appliance server. It is also contains the software packages uploaded to the server. If this drive starts getting close to full you must remove old unused packages or contact KACE for an upgrade. /kbackup is the drive where /kbox is backed up. It is generally as full as the / kbox. If it is close to full you must remove old unused packages or contact KACE for an upgrade.

Network interface status: Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll em0 1500 00:30:48:73:07:4c 332146 0 204673 0 0 em0 1500 192.168.2 kboxdev 308055 201832 - - em0 1500 fe80:1::230:4 fe80:1::230:48ff: 0 4 - - em1* 1500 00:30:48:73:07:4d 0 0 0 0 0 plip0 1500 0 0 0 0 0 lo0 16384 699 0 699 0 0 lo0 16384 your-net localhost 699 699 - - lo0 16384 localhost ::1 0 0 - - lo0 16384 fe80:4::1 fe80:4::1 0 0

280

Administrator Guide, Version 5.2

Understanding the Daily Run Output

- The above table reports information about the network status of the appliance. Make sure the Ierrs/Oerrs are zero. Other values indicate some sort of network failure. If you notice consistent errors, contact KACE support for assistance.

Local system status: 3:04PM up 3 days, 4:12, 0 users, load averages: 0.05, 0.20, 0.15 The above indicates the amount of time appliance has been up since the last time it was powered off. There will not be any users logged onto the machine. The load averages vary depending on the load on appliance was when this report was run.

Mail in local queue: /var/spool/mqueue is empty Total requests: 0 Mail in submit queue: /var/spool/clientmqueue is empty Total requests: 0 Security check: (output mailed separately) Checking for rejected mail hosts:

Administrator Guide, Version 5.2

281

Understanding the Daily Run Output

Checking for denied zone transfers (AXFR and IXFR): tar: Removing leading /' from member names The message above are the standard freebsd messages regarding the health of the mail systems. There should not be mail in the queues. However, if an item still exists, check your SMTP settings from the Settings > Network Settings page.

[Thu Mar 17 15:05:31 PST 2005] K1000 Backup: Backup Complete. Backup files available for off-box storage via ftp. The above message indicates an appliance-specific message telling you that the backups have been successfully completed and are on the /kbackup disk, available through the ftp interface.

[Thu Mar 17 15:05:31 PST 2005] K1000 RAID Status Disk Array Detail Info not available during a rebuild. If Rebuild in progress, % completion listed below Disk Array Detail Status: Unit UnitType Status %Cmpl Port Stripe Size(GB) Blocks ---------------------------------------------------------------------- u0 RAID-1 OK 149.05 312579760 u0-0 DISK OK p0 149.05 312579760 u0-1 DISK OK p1 149.05 312579760 Disk Array REBUILD Status: /c0/u0 is not rebuilding, its current state is OK The above table indicates the status of your raid drives. If you ever see the disks degraded or not rebuilding properly, contact KACE support to address the problem.

[Thu Mar 17 15:05:31 PST 2005] K1000 Database Maintenance Daily routines to maintain database performance. DB Table Maintenance Log: # Connecting to localhost... # Disconnecting from localhost... ORG.ADVISORY OK ORG.AUTHENTICATION OK ORG.CATEGORY OK ORG.CLIENT_DISTRIBUTION OK ORG.FILTER OK

282

Administrator Guide, Version 5.2

Understanding the Daily Run Output

ORG.FS ORG.FS_LABEL_JT ORG.GLOBAL_OPTIONS ORG.LABEL ORG.LDAP_FILTER ORG.LICENSE ORG.LICENSE_MODE ORG.MACHINE ORG.MACHINE_CUSTOM_INVENTORY ORG.MACHINE_DISKS ORG.MACHINE_LABEL_JT ORG.MACHINE_NICS ORG.MACHINE_PROCESS ORG.MACHINE_SOFTWARE_JT ORG.MACHINE_STARTUP_PROGRAMS ORG.MESSAGE ORG.MESSAGE_LABEL_JT ORG.MI ORG.MI_LABEL_JT ORG.NETWORK_SETTINGS ORG.NOTIFICATION ORG.OPERATING_SYSTEMS ORG.PORTAL ORG.PORTAL_LABEL_JT ORG.PRODUCT_LICENSE ORG.REPORT ORG.SCHEDULE ORG.SERVER_LOG ORG.SOFTWARE ORG.SOFTWARE_LABEL_JT ORG.SOFTWARE_OS_JT ORG.THROTTLE ORG.TIME_SETTINGS ORG.TIME_ZONE ORG.USER ORG.USER_HISTORY ORG.USER_KEYS ORG.USER_LABEL_JT -- End of daily output --

OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK

The database is checked every night for any inconsistencies, and these are automatically repaired. If you see any failures from this output, contact Dell KACE Support for assistance.

Administrator Guide, Version 5.2

283

Understanding the Daily Run Output

284

Administrator Guide, Version 5.2

G
Warranty, Licensing, and Support

Warranty And Support Information

Information concerning hardware and software warranty, hardware replacement, product returns, technical support terms and product licensing can be found in the KACE End User License agreement accessible at: HTTP://WWW.KACE.COM/LICENSE/STANDARD_EULA

Third Party Software Notice

Dell KACE K1000 Management Appliance TM is licensed per the accompanying Third Party License Agreements in addition to the Dell KACE K1000 Management Appliance license noted above. Dell KACE K1000 Management Appliance includes software redistributed under license from the following vendors. In addition, Dell KACE K1000 Management Appliance contains paid licences to MySQL and RLib that have been purchased and embedded within Dell KACE K1000 Management Appliance by KACE. Copyright 2004, KACE Networks, Inc. and other copyrights.

Apache EZ GPO FreeBSD Knoppix Microsoft Windows OpenSSL PHP Samba Sendmail

Apache
This product (Dell KACE K1000 Management Appliance) includes software developed by The Apache Software Foundation (http://www.apache.org/). Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

Administrator Guide, Version 5.2

285

Warranty, Licensing, and Support

Definitions. License shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. Licensor shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. Legal Entity shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, control means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. You (or Your) shall mean an individual or Legal Entity exercising permissions granted by this License. Source form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. Object form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. Work shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). Derivative Works shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. Contribution shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, submitted means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as Not a Contribution. Contributor shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, nocharge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You

286

Administrator Guide, Version 5.2

Warranty, Licensing, and Support

institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: a. You must give any other recipients of the Work or Derivative Works a copy of this License; and b. You must cause any modified files to carry prominent notices stating that You changed the files; and c. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and d. If the Work includes a NOTICE text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. e. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of

Administrator Guide, Version 5.2

287

Warranty, Licensing, and Support

TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.

EZ GPO
Copyright (c) 2003-2007, The Environmental Protection Agency. All of the documentation and software included in the EZ GPO PC Monitor Power Management Tool software is copyrighted by the Environmental Protection Agency. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the Environmental Protection Agency nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE ENVIRONMENTAL PROTECTION AGENCY AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FEDERAL GOVERMENT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

288

Administrator Guide, Version 5.2

Warranty, Licensing, and Support

BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

FreeBSD
This product (Dell KACE K1000 Management Appliance) includes software developed by Free Software Foundation, Inc. GNU GENERAL PUBLIC LICENSE, Version 2, June 1991. Copyright (C) 1989, 1991 Free Software Foundation, Inc.,675 Mass Ave, Cambridge, MA 02139, USA.Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Preamble
The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must
Administrator Guide, Version 5.2 289

Warranty, Licensing, and Support

be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The Program, below, refers to any such program or work, and a work based on the Program means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term modification.) Each licensee is addressed as you. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b. You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c. If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do

290

Administrator Guide, Version 5.2

Warranty, Licensing, and Support

not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 4. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a. Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b. Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c. Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 5. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

Administrator Guide, Version 5.2

291

Warranty, Licensing, and Support

You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

10. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and any later version, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version
292 Administrator Guide, Version 5.2

Warranty, Licensing, and Support

number of this License, you may choose any version ever published by the Free Software Foundation. 11. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 12. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS

Knoppix
This product (Dell KACE K1000 Management Appliance) includes the Knoppix software developed by Klaus Knopper. Knoppix is a registered trademark of Klaus Knopper. The KNOPPIX software collection and all included programs that are authored by Klaus Knopper, are subject to the terms and conditions of the GNU GENERAL PUBLIC LICENSE Version 2, as quoted herein. Please note that this license does NOT automatically apply to third-party programs included on this CD. Check /usr/share/doc/*/copyright* and other supplied license files of each software package carefully for more information. GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is

Administrator Guide, Version 5.2

293

Warranty, Licensing, and Support

intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow.

GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION. 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may

294

Administrator Guide, Version 5.2

Warranty, Licensing, and Support

charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the

Administrator Guide, Version 5.2

295

Warranty, Licensing, and Support

executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the

296

Administrator Guide, Version 5.2

Warranty, Licensing, and Support

present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

NO WARRANTY
1. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. <one line to give the program's name and a brief idea of what it does.> Copyright (C) <year> <name of author> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite
297

Administrator Guide, Version 5.2

Warranty, Licensing, and Support

330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. <signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License.

Microsoft Windows
This Product is designed for use in supporting the deployment of the following operating systems: Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows 98 Second Edition, Microsoft Windows Millennium Edition, Microsoft Windows NT Workstation 4 Service Pack 5 or later, Microsoft Windows NT Server 4 Service Pack 5 or later, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server (Standard, Advanced and Datacenter Editions), Microsoft Windows XP Professional, Microsoft Windows XP Tablet PC Edition, Microsoft Windows XP Media Center Edition, or Microsoft Windows Server 2003 (Web, Standard, Enterprise and Datacenter Editions). This Product is designed for use on processor architectures supported by the operating system that the Product was built from: e.g., the x86 32-bit version may only deploy X86 32-bit Microsoft operating systems, the Intel Itanium version may only deploy versions of Microsoft Windows designed for this architecture, and the 64-bit extended version may only deploy versions of Microsoft Windows designed for this architecture. The Product may not function properly with other operating system products or other processor architectures.

OpenSSL
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [email protected].

298

Administrator Guide, Version 5.2

Warranty, Licensing, and Support

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. 2. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

5. 6.

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]).

Original SSLeay License

Copyright (C) 1995-1998 Eric Young ([email protected]) All rights reserved. This package is an SSL implementation written by Eric Young ([email protected]). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL

Administrator Guide, Version 5.2

299

Warranty, Licensing, and Support

documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]). Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. 2. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young ([email protected])". The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-). 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson ([email protected])".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed, i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]

PHP
This product (Dell KACE K1000 Management Appliance) includes software developed by The PHP Group. The PHP License, version 3.0. Copyright (c) 1999 - 2004 The PHP Group. All rights reserved.
300 Administrator Guide, Version 5.2

Warranty, Licensing, and Support

Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following conditions are met: 1. 2. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. The name PHP must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. Products derived from this software may not be called PHP, nor may PHP appear in their name, without prior written permission from [email protected]. You may indicate that your software works in conjunction with PHP by saying Foo for PHP instead of calling it PHP Foo or phpfoo. The PHP Group may publish revised and/or new versions of the license from time to time. Each version will be given a distinguishing version number. Once covered code has been published under a particular version of the license, you may always continue to use it under the terms of that version. You may also choose to use such covered code under the terms of any subsequent version of the license published by the PHP Group. No one other than the PHP Group has the right to modify the terms applicable to covered code created under this License. Redistributions of any form whatsoever must retain the following acknowledgment: This product includes PHP, freely available from <http://www.php.net/>. THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This software consists of voluntary contributions made by many individuals on behalf of the PHP Group. The PHP Group can be contacted via Email at [email protected]. For more information on the PHP Group and the PHP project, please see <http:// www.php.net>. This product includes the Zend Engine, freely available at <http:// www.zend.com>.

Samba
GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA

Administrator Guide, Version 5.2

301

Warranty, Licensing, and Support

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

302

Administrator Guide, Version 5.2

Warranty, Licensing, and Support

0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b. You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c. If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

Administrator Guide, Version 5.2

303

Warranty, Licensing, and Support

Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a. Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b. Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c. Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

304

Administrator Guide, Version 5.2

Warranty, Licensing, and Support

Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be
Administrator Guide, Version 5.2 305

Warranty, Licensing, and Support

guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS

Sendmail
This product (Dell KACE K1000 Management Appliance) includes software developed by Sendmail, Inc. SENDMAIL LICENSE The following license terms and conditions apply, unless a different license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor, Emeryville, CA 94608, USA, or by electronic mail at [email protected]. License Terms: Use, Modification and Redistribution (including distribution of any modified or derived work) in source and binary forms is permitted only if each of the following conditions is met: 1. Redistributions qualify as freeware or Open Source Software under one of the following terms: a. Redistributions are made at no charge beyond the reasonable cost of materials and delivery. b. Redistributions are accompanied by a copy of the Source Code or by an irrevocable offer to provide a copy of the Source Code for up to three years at the cost of materials and delivery. Such redistributions must allow further use, modification, and redistribution of the Source Code under substantially the same terms as this

306

Administrator Guide, Version 5.2

Warranty, Licensing, and Support

license. For the purposes of redistribution Source Code means the complete compilable and linkable source code of sendmail including all modifications. 2. Redistributions of source code must retain the copyright notices as they appear in each source code file, these license terms, and the disclaimer/limitation of liability set forth as paragraph 6 below. Redistributions in binary form must reproduce the Copyright Notice, these license terms, and the disclaimer/limitation of liability set forth as paragraph 6 below, in the documentation and/or other materials provided with the distribution. For the purposes of binary distribution the Copyright Notice refers to the following language: Copyright (c) 1998-2003 Sendmail, Inc. All rights reserved. Neither the name of Sendmail, Inc. nor the University of California nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission. The name sendmail is a trademark of Sendmail, Inc. All redistributions must comply with the conditions imposed by the University of California on certain embedded code, whose copyright notice and conditions for redistribution are as follows: a. Copyright (c) 1988, 1993 The Regents of the University of California. All rights reserved. b. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: (i) Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. (ii) Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. (iii) Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY SENDMAIL, INC. AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SENDMAIL, INC., THE REGENTS OF THE UNIVERSITY OF CALIFORNIA OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Administrator Guide, Version 5.2

307

Warranty, Licensing, and Support

308

Administrator Guide, Version 5.2

Index
A
active directory settings 171 adding software to inventory 84 Administering 229 administering Mac OS nodes 229 administration applying the server update 178 backing up data 174 disk logs, understanding 183 k1000_dbdata.gz file 174 k1000_file.tgz file 174 logs, accessing 181 restarting your appliance 180 restoring appliance settings 176 restoring factory settings 176 restoring most recent backup 176 troubleshooting 180 troubleshooting your appliance 180 updating appliance software 177 updating OVAL definitions 180 updating the license key 178 upgrading server software 174 verifying minimum server version 177 administrator portal introduction to 2 advanced search using for computer inventory 77 advanced search for software 83 agent running confirmation 276 agent update agent patches 69 agents about 2 operating system requirements 46 Alert Messages 207 alert messages to users using 207 alert summary description 15 alerts AMP connection required for 207 broadcast 207 email 208 email, creating 208 license compliance 23 with scripts 149 alternate download location 114 AMP connection about 71 indicated by green chain icon 63 AMP Message Queue 71 AMP message queue 71 Apache software copyright 285 AppDeploy viewing live content 95 AppDeploy Live 95 enabling for your appliance 95 appliance administration overview 173 appliance agent logs 81 appliance revision level 15 applying the server update 178 Auto Provisioning 49

B
backing up appliance data 174 backup files downloading 175 backups manual 174 bandwidth, replication replication bandwidth 137

C
Client bundle 70 clients check-in rate monitor 10 connection meter 12 Clients Connected Meter 12 command line deployment Linux agent 272 Mac OS agent 275 Windows agent 269, 270, 271 components finding 15 compression mode 9 124 computer detail page 79 computer details appliance agent logs 81 viewing by label 37 computer inventory detail page 79 computer notifications 78 computers 78 adding to inventory 81 inventory 75 searching for in inventory 77 statistics 14 configuration KACE K1200 19 policies 159 configuration polices about 159 configuration settings 19 configuring Dell OpenManage catalog updates 140 creating an LDAP label with the browser 189 creating computer notifications 78 creating IP scans 106 Custom Data Fields 85 Custom Inventory ID (rule) 241

D
Daily Run Output 279 data retention 23 database tables 263 debugging logs Mac OS 277 Default Role 217 Delete a configuration 58, 61 Dell Open Manage, with Dell Updates tab 138 Dell Updates configuring the OpenManage catalog 140 patching, compared 139 replication 137 using to maintain your Dell systems 138 workflow 139 deployments

Administrator Guide, Version 5.2

309

Index

compared with updates 139 desktop settings desktop shortcuts wizard 162 desktops settings enforcement 161 wallpaper 161 desktops, remote troubleshooting 161 detection inventory term used instead 139 Digital Asset 87 Disable a configuration 61 disabling KACE K1000 links 33 disk logs understanding 183 Distribution Distributing Packages from the appliance 113 Distributing Packages through an Alternate Location 114 Types of Distribution Packages 112 distributions monitor 10 download location, alternate 114 downloading backup files 175 Duplicate a configuration 58

I
importing KACE K1000 resources 97 inventory advanced search 77 agent logs 81 computer notifications 78 computers 76 computers detail page 79 computers, adding 81 computers, searching for 77 creating smart labels 78 detection term used instead 139 overview 75, 76 service 92 software, managing 83 startup programs 90 inventory tab using 75 IP addresses scanning for 105 IP scan 105 creating 106 overview 105 scheduling 105 IP scan inventory in the IP Scan chapter 76 IP Scan Smart Label 108

E
E-mail Alerts 208 Enable a configuration 61 enabling KACE K1000 appliances for switching between KACE K1000 consoles 33 environmental policies Mac OS 169 Windows 168 Event Log Reporter 162 exporting appliance resources 97 exporting resources to other organizations 102 EZ GPO copyright 288

K
K1000 software deployment components 3 K1000 Agent Update Update K1000 Agent Automatically 68 KACE K1000 components 1 configuration settings 19 hardware specifications 2 installing 1 server, setting up 3 setting up 1 KACE K1000 appliance linking about 31 configuring 31 KACE K1000 appliances linking 32 KACE K1000 Modules 6 KACE K1200 configuration 19 KBScriptRunner 66 KNOPPIX copyright 293 KScripts about 144

F
file synchronizations 129 creating 129 filters computers by organizational unit 79 data filters 220 organization filter 224 testing 224 for computer inventory 78 FreeBSD copyright 289 FTP making backups writable 26

G
getting started 1

H
hardware inventory, creating 75 hardware specifications for KACE K1000 2 Home component 8

L
Label Groups 41 Labels 94 Label Groups 41 labels 35 Labels tab overview 17, 35 LDAP labels 17, 35

310

Administrator Guide, Version 5.2

Index

labels, creating with the browser 189 LDAP Browser Wizard 191 LDAP Easy Search 190 LDAP Filters 187 licence compliance configuring alerts 23 License Compliance 11 License Compliance Gauge 23 license compliance graph 11 linking KACE K1000 appliances 32 disabling links 33 enabling 32, 33 Linux manual deployment of KACE K1000 appliance agent on 272 log files script 158 Log-in Script 59 logs agent logs 81

M
Mac OS 229 administering 229 distribution tab differences 230 examples of common deployments on 230 inventory tab differences 229 managed installation for 230 patching tab differences 234 policies 169 power management 169 supported OSs 229 supported releases 46 VNC Settings for 170 Mac OS nodes 276 checking into active directory 172 debugging logs 277 manual agent version check 277 manual inventory check 277 manually removing agent 276 verifying agent 276 Mac OS policies enforce active directory settings 171 Mac OS Users Distribution 230 Inventory 229 Patching 234 Macintosh 229 manual deployment of KACE K1000 appliance agent on 275 make FTP writable 26 managed installation 115 managed installations EXE example 123 Linux examples 124 Mac OS nodes 230 Macintosh examples 129 MSI Example 120 parameters 115 standard RPM Example 125 standard TAR.GZ Example 128 Windows examples 119

Windows platform 116 ZIP example 123 Managed Operating Systems 12 managing your MIA inventory 93 managing your processes inventory 88 managing your service inventory 92 managing your software inventory 83 managing your startup program inventory 90 manual backups 174 manual deployment Linux Agent 272 Mac OS agent 275 Windows agent 269, 270, 271 Manual Deployment of KACE K1000 appliance agent 269 Manual Provisioning 52 MIA inventory 93 MIA Computers 93 MIA Settings 94 Microsoft Windows copyright 298 MSI Installer policy 163

N
network scan summary description 15 Network Settings 23 Network Utilities 34 nodes check-in rate 10

O
Offline KScripts 144 Online KScripts 144 alerting users with 149 online shell scripts about 145 Open Manager Dell maintenance 138 OpenSSL copyright 298 operating system requirements 46 operating systems charted 12 Organization File Shares 26 organization filter 224 Organizational Components 3 Organizational Filters 220 LDAP Filter 220 organizational filters data filters 220 Organizational Management 209 upgrading KACE K1000 software with 16 Organizational Roles 217 Organizations 209 organizations transferring KACE K1000 resources between 102 OVAL information (description of field) 15

P
packages enabled and disabled 14

Administrator Guide, Version 5.2

311

Index

patching Dell Updates, compared 139 replicating language patches 136 replicating OS patches 136 updating patch definitions from KACE 179 path bulletin information description 15 PHP copyright 300 policies configuration 159 Mac OS-based 169 Windows-based, using 160 Port 443 27 Port 80 26 Power Management windows 168 Windows configuration 168 power management Mac OS 169 retaining information about 23 processes inventory, about 88 Provisioned Configurations 58 Provisioning Results 62 provisioning results page 62

Run Now tab using to run scripts 156 running reports 199

S
Samba copyright 301 SAMBA share using to transfer resources between KACE K1000 appliances 97 scanning networks for IP addresses 105 scheduling IP scans 105 scripting adding steps to 235 tasks you can automate 144 scripting component Search Logs 158 scripting module overview 143 scripts adding 148 adding steps to 235 alerts with 149 duplicating 155 editing 154 importing 154 log files 158 online shell scripts 145 reusing 155 Run Now function 156 running as local admin 149 running as user 149 running immediately 156 token replacement variables 147 Windows registry settings 160 Windows-based policy Wizards 160 searching for computers in your inventory 77 searching for using computer notifications 78 Security Settings 25 Sendmail copyright 306 servers tasks in progress 13 service inventory, managing 92 Service Desk overview 2 session timeout about 20 resetting 20 setting up your KACE K1000 series 1 setting up your KACE K1000 server 3 shell scripts 145 single sign-on 33 configuring 31 enabling 32, 33 Smart Labels creating 42 editing 43 IP Scan 108 ordering 44 smart labels 35, 78 software inventory, creating 75

R
Redirecting computer(s) 225 Refiltering computer(s) 224 registry settings Windows, for 160 remote desktops behavior 161 replication copying schedules replication schedules importing 137 Dell Updates 137 language patches 136 OS patches 136 scheduling 137 stopping 137 replication schedule 137 replication share 134 details 138 procedure to create 135 replication shares deleting 137 Report Wizard limitations 205 reports 199 overview 199 running 199, 200 SQL, editing 205 resources exporting 102 transferring 97 restoring appliance settings 176 revision of KACE K1000 software 15 Run As feature 149 run as Wizards 160 Run Now function 156

312

Administrator Guide, Version 5.2

Index

statistics 14 un-installer 166 Software Asset 85 Software Deployment Components 3 software deployment components 3 software distribution summary 14 software inventory 83 software revision level 15 Software Threat Level 11 software threat level graph 11 SQL editing 205 SSL Certificate File 27 SSL Certificate Wizard 28 start and stop the agent 276 Startup 90 startup inventory, managing 90 statistics, computer 14 statistics, software 14 Steps for Task sections 235 support information AppDeploy 95 synchronizations, file 129 System Admin Console Users 215 system console 2 System requirements 46

users time limit on sessions 20 utility rebates Mac OS 169 Windows 168

V
verifying minimum server version 177 viewing computer details by label 37 VNC controlling on Mac OS X 170 VNC settings Mac OS policies 170

W
Wake-on-LAN overview 132 request, issuing 132 scheduling requests 133 troubleshooting 133 wallpaper controlling 161 warranty Information 285 Windows Automatic Update Settings 167 configuring Power Management 168 manual deployment of KACE K1000 appliance agent on 269, 270, 271 Power Management 168 Windows Debugging 182 Windows operating system requirements 46 Windows policies 160 enforce registry settings 160 WinZip compression levels 124

T
Tasks In Progress 13 time limit on open inactive user sessions 20 token replacement variables 147 transferring appliance resources between organizations 102 transferring resources about 97 transferring resources between KACE K1000 appliances 97 troubleshooting remote desktops 161 Wake-on-LAN 133 Troubleshooting Tools 33 troubleshooting your appliance 180 types of reports 199

U
UltraVNC Wizard 165 Unpacking the Appliance 4 updates compared with deployments 139 Dell Updates and patching 139 updating OVAL definitions 180 updating the license key 178 upgrades, KACE K1000 16 upgrading your appliance 174 uploading files to restore settings 176 uploading large FTP files troubleshooting 26 user alert messages about 207 User Authentication 193

Administrator Guide, Version 5.2

313

Index

314

Administrator Guide, Version 5.2

THE LTSPICE XVII SIMULATOR: Commands and Applications
From Everand
THE LTSPICE XVII SIMULATOR: Commands and Applications
Gilles Brocard
5/5 (1)
HP Advance Installation and User Guide V1 R3.0
No ratings yet
HP Advance Installation and User Guide V1 R3.0
1,110 pages
Atoll 3.3.2 Administrator Manual
100% (1)
Atoll 3.3.2 Administrator Manual
262 pages
Worksite Server Administrators Guide 8 5 For Imanage Server
0% (2)
Worksite Server Administrators Guide 8 5 For Imanage Server
382 pages
Programming FPGAs: Getting Started with Verilog
From Everand
Programming FPGAs: Getting Started with Verilog
Simon Monk
3.5/5 (2)
Fritzing for Inventors: Take Your Electronics Project from Prototype to Product
From Everand
Fritzing for Inventors: Take Your Electronics Project from Prototype to Product
Simon Monk
No ratings yet
Dell KACE K1000 Admin Guide
No ratings yet
Dell KACE K1000 Admin Guide
360 pages
K1000 Patching Guide v53
No ratings yet
K1000 Patching Guide v53
110 pages
XOS 9.5.4.0 Xos Configuration Guide
No ratings yet
XOS 9.5.4.0 Xos Configuration Guide
306 pages
Kerio Connect Admin Guide en 7.3.3 7051
No ratings yet
Kerio Connect Admin Guide en 7.3.3 7051
418 pages
HP
No ratings yet
HP
118 pages
SSCM UG (Simple SAN Connection Manager)
No ratings yet
SSCM UG (Simple SAN Connection Manager)
150 pages
232-001497-00 SonicWALL Aventail v10 0 Installation and Administration Guide
No ratings yet
232-001497-00 SonicWALL Aventail v10 0 Installation and Administration Guide
418 pages
Xerox Work Centre Sag
100% (1)
Xerox Work Centre Sag
362 pages
Xerox ColorQube 9201 - 9202) 9203 System Administrator Guide
No ratings yet
Xerox ColorQube 9201 - 9202) 9203 System Administrator Guide
328 pages
IS Admin
No ratings yet
IS Admin
604 pages
8-0-SP1 Developer Users Guide
No ratings yet
8-0-SP1 Developer Users Guide
522 pages
Zebra Enterprise Connector-Guide
No ratings yet
Zebra Enterprise Connector-Guide
126 pages
Worksite Server Administrators Guide 8 5 English
No ratings yet
Worksite Server Administrators Guide 8 5 English
382 pages
Kerio Operator Adminguide en 2.4.0 4222 b1 PDF
No ratings yet
Kerio Operator Adminguide en 2.4.0 4222 b1 PDF
188 pages
PVCS Version Manager 8.4.5
No ratings yet
PVCS Version Manager 8.4.5
94 pages
7-1-1 Developer Users Guide
No ratings yet
7-1-1 Developer Users Guide
498 pages
8-2-SP1 Broker Java Admin Programmers Guide
No ratings yet
8-2-SP1 Broker Java Admin Programmers Guide
464 pages
Guia de Configuracion e Instalacion Ocs Inventory
No ratings yet
Guia de Configuracion e Instalacion Ocs Inventory
108 pages
OpenScape Xpressions V7, Server Installation, Installation Guide
67% (3)
OpenScape Xpressions V7, Server Installation, Installation Guide
610 pages
HP Storage Management Utility User Guide: Active/active Firmware v2.x
No ratings yet
HP Storage Management Utility User Guide: Active/active Firmware v2.x
99 pages
Command View For TL User Guide
No ratings yet
Command View For TL User Guide
190 pages
Cake PHP Cookbook
No ratings yet
Cake PHP Cookbook
750 pages
Cake PHP
No ratings yet
Cake PHP
750 pages
Vyatta Quick Start VC4.1 v02
No ratings yet
Vyatta Quick Start VC4.1 v02
48 pages
Carbon
No ratings yet
Carbon
64 pages
Sms Admin
No ratings yet
Sms Admin
764 pages
Hitachi Unified Storage VM Block Module: Hitachi High Availability Manager User Guide
No ratings yet
Hitachi Unified Storage VM Block Module: Hitachi High Availability Manager User Guide
164 pages
Cie 10 System Administrator en
No ratings yet
Cie 10 System Administrator en
344 pages
LinuxCNC Getting Started
100% (1)
LinuxCNC Getting Started
72 pages
Active Directory Administration Essentials
No ratings yet
Active Directory Administration Essentials
177 pages
Ad - Idm, Netiq, Identity Manager
No ratings yet
Ad - Idm, Netiq, Identity Manager
130 pages
Red Hat Linux 6.2 Reference Guide
No ratings yet
Red Hat Linux 6.2 Reference Guide
375 pages
Quick Start Guide: Vyatta System
No ratings yet
Quick Start Guide: Vyatta System
46 pages
4.0.3-NexentaStor User Guide
No ratings yet
4.0.3-NexentaStor User Guide
265 pages
BBSV 42
No ratings yet
BBSV 42
702 pages
8-2-SP2 Administering Process Engine
No ratings yet
8-2-SP2 Administering Process Engine
72 pages
LSI Nytro MegaRAID Application Acceleration Card QIG
No ratings yet
LSI Nytro MegaRAID Application Acceleration Card QIG
43 pages
Eaton Ipp Users Guide en 1.40
No ratings yet
Eaton Ipp Users Guide en 1.40
72 pages
7 1 1 WebMethods Developer Users Guide
No ratings yet
7 1 1 WebMethods Developer Users Guide
498 pages
Kerio Connect
No ratings yet
Kerio Connect
418 pages
Integration Server
No ratings yet
Integration Server
648 pages
Navigator71 System Admin
No ratings yet
Navigator71 System Admin
180 pages
Gray Hat Hacking the Ethical Hacker's
From Everand
Gray Hat Hacking the Ethical Hacker's
Çağatay Şanlı
5/5 (1)
Programming the Intel Galileo: Getting Started with the Arduino -Compatible Development Board
From Everand
Programming the Intel Galileo: Getting Started with the Arduino -Compatible Development Board
Christopher Rush
5/5 (1)
Programming the Photon: Getting Started with the Internet of Things
From Everand
Programming the Photon: Getting Started with the Internet of Things
Christopher Rush
5/5 (1)
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
From Everand
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
Matthew C. Smith
No ratings yet
Teardowns: Learn How Electronics Work by Taking Them Apart
From Everand
Teardowns: Learn How Electronics Work by Taking Them Apart
Bryan Bergeron
No ratings yet
ChatGPT for Business: Strategies for Success
From Everand
ChatGPT for Business: Strategies for Success
Matthew C. Smith
No ratings yet
Smart Card Applications: Design models for using and programming smart cards
From Everand
Smart Card Applications: Design models for using and programming smart cards
Wolfgang Rankl
No ratings yet
CNC Machining Handbook: Building, Programming, and Implementation
From Everand
CNC Machining Handbook: Building, Programming, and Implementation
Alan Overby
No ratings yet
Programming Arduino Next Steps: Going Further with Sketches, Second Edition
From Everand
Programming Arduino Next Steps: Going Further with Sketches, Second Edition
Simon Monk
3/5 (3)
Software Patterns Made Easy
From Everand
Software Patterns Made Easy
Justice Nanhou
No ratings yet
Programming Arduino Next Steps: Going Further with Sketches
From Everand
Programming Arduino Next Steps: Going Further with Sketches
Simon Monk
3/5 (3)
Programming Arduino: Getting Started with Sketches, Third Edition
From Everand
Programming Arduino: Getting Started with Sketches, Third Edition
Simon Monk
No ratings yet