Chat now with support

Live-Hilfe anfordern
Registrierung abschließen

Anmelden

Preisinformationen anfragen

Vertrieb kontaktieren

KACE Systems Deployment Appliance 9.2 Common Documents - Administrator Guide

Inhaltsnavigation

About the KACE Systems Deployment Appliance Getting started

Tasks for getting started using the appliance About the appliance components Log in to the Administrator Console Filter lists and search for information Access product documentation Configure the language settings Change a default theme for the appliance

Using the Dashboard

Customize the Dashboard

Configuring the appliance

Configure the initial network settings Modify the initial network settings Changing the default passwords

Use the Command Line Console to reset the Administrator's password Change the Samba share password Set the VNC® password Enable Boot Manager authentication

Add custom background image to iPXE console Configuring the appliance date and time settings

Configure the date and time

Manage files on the appliance Configure email notifications Configure User Interface notifications Enabling link aggregation

Create an aggregate link

Configuring the data sharing preferences

Share basic appliance data usage Share detailed usage data

Participate in KACE Beta program Linking Quest KACE appliances

Enable appliance linking Generate KACE Linking Hash Add Names and Keys to appliances Disable linked appliances

Migrating appliances

Migrate appliance data

Setting up user accounts and user authentication

Add or edit local administrator accounts Configure an LDAP server for user authentication Test the LDAP server Delete user accounts Reviewing user sessions

Install and configure the location database View a list of user sessions

Configuring security settings

Enable SSH Root Login (KACE Support) Enable SNMP monitoring Set session timeout Enable database access Prevent brute-force login attacks Enable SSL using an existing certificate Generate private key for new SSL certificate Disable SSL Enable Two-Factor Authentication

Preparing for deployment

Set up the deployment environment Enable the on-board DHCP server Configure the offboard DHCP server Download and install the KACE Media Manager

About the Media Manager

Download and install Windows ADK Upload files using the KACE Media Manager Upload files from shared directory View source media details Fingerprint source media OS View or update source media metadata Choosing the type of deployment Supported images types

Managing device inventory

Configure and run a network scan Add network inventory to the appliance Scan active and non-active devices on the network Add devices manually Join devices to a domain Issue a Wake-on-LAN request Deploy to devices in the KACE Systems Management Appliance inventory View device details from a network scan Apply a KUID to the KACE Agent Delete devices from Device Inventory Delete devices from Network Inventory Unregister devices About the device action icons Run device actions Access remote devices using a VNC session

Create and apply labels Remove components from a label Delete a label from the appliance View the components assigned to a label

Creating a Windows or Linux Boot Environment

Create a Windows boot environment Create a Linux boot Environment Update Windows drivers Set new KBE as default for the appliance Hide boot environments from the PXE boot menu Best practices: Create a KACE Boot Environment (KBE) for Windows

Managing drivers

Add drivers to system images Adding drivers to scripted installation deployments

Enable Driver Feed to automate driver updates Install driver packages to the appliance Disable Driver Feed Create folders to add device-specific drivers Generate appliance package to import large driver files Import driver packages to the appliance Understanding KACE Boot Environment drivers Add network and storage drivers manually Re-cache the network and storage driver directory Add drivers as a post-installation task View list of missing drivers

Managing network drivers

Download network and storage drivers Import driver packages Display device compatibility View driver compatibility details Export drivers Re-cache drivers

Managing operating system drivers

Enable Driver Feed for scripted installations Enable Driver Feed for system images Disable Driver Feed Download operating system driver packages Add drivers to OS as a post-installation task

Capturing images

Preparing for capture Capture system images Create a single partition Format C drive as NTFS Create a UEFI partition Apply a UEFI partition Capture System-provided WIM images Edit a system image Import WIM images Managing answer files for Sysprepped images

Create answer files for Sysprepped images View and edit answer file configurations

Best practices for creating Windows system images

Capturing user states

Upload USMT software from the appliance Upload USMT software from Media Manager Create USMT Scan Template Scan user states Scan user states offline Deploy user states to target devices automatically Deploy user states to target devices manually

Creating scripted installations

Create a scripted installation Edit a scripted installation Create a configuration file Registration Data settings Administrator Account settings General settings Network settings Windows Components setting Modify a scripted installation to change the source media Specify deployment options Modify scripted installation setup configuration file Install Vista MBR Install XP 2003 MBR

Creating a task sequence

Add Application Add BAT Script Add Custom HAL Replacement Add DiskPart Script

Common DiskPart command-line options

Adding Managed Installation tasks

Link appliances View and import Managed Installations Edit Managed Installation task

Add Naming Rule Add PowerShell Script Add Provisioning Package Add Service Pack Add Shell Script Add KACE Agent Installer Add Windows Script

Working with task groups

About uploading files About runtime environments Set task error handling option Assign tasks to system deployment Assign tasks to scripted installation deployment Assign tasks to custom deployment Edit deployment tasks

Automating deployments

Create a boot action Run deployment on next network boot Modify a boot action Set default boot action Configure new WIM images to stream directly from or to the server Specify deployment options Schedule a deployment Delete a boot action Create a multicast WIM image deployment Edit the default multicast settings View automated deployments in progress View completed automated deployments Edit failed tasks View the automated deployment image details

Performing manual deployments

Download the boot environment as bootable ISO Network boot a target device Deploy the image manually View the manual deployments in progress View the completed manual deployments

Managing custom deployments

Create or modify a custom deployment

Managing offline deployments

Create an offline deployment

About the Remote Site Appliance

Remote Site Appliance setup requirements Install the RSA on a host device Configure the RSA network settings Link the KACE Systems Deployment Appliance to an RSA Set default KBE for the RSA Review RSA settings Next steps

Importing and exporting appliance components

Schedule the export of components Use Off-Board Package Transfer Upload packages for import Import appliance components Package components to export Package file names

Managing disk space

Verify available disk space Delete images not associated with devices Delete images associated with devices Delete unassigned scripted installations Delete unassigned boot environments Delete source media Delete unassigned pre-installation tasks Delete unassigned post-installation tasks Enabling offboard storage Add a virtual disk for offboard storage Revert offboard data to onboard storage Configure an off-board storage device Best practices for using external storage

Troubleshooting appliance issues

Test device connections on the network Enable a tether to Quest KACE Technical Support Open a support ticket Troubleshooting the Boot Manager

Test whether a target device can network boot Set the Boot Manager timeout Select the local hard disk boot method

Recovering devices

Recover corrupted devices Downloading the appliance log files

Download all appliance log files View the appliance log files Appliance log types and descriptions

Shutting down and rebooting the appliance

Power off the appliance Reboot the appliance

Best practices for backing up appliance data

Updating appliance software

View the appliance version Check for and apply automatic updates Update the appliance manually

A B C D H I G K L M O P R S T U V W

Technical support resources

Configure an LDAP server for user authentication

Configure an LDAP server for user authentication

LDAP authentication requires creating a login account for the appliance on your LDAP server. The appliance uses this account to read and import user information from the LDAP server. The account needs read-only access to the Search Base DN field on the LDAP server. The account does not require write access, because the appliance does not write to the LDAP server.

For information on adding user accounts to the appliance, see Add or edit local administrator accounts.

NOTE: When LDAP is enabled, all local accounts become inactive except for the administrator account.

When logging in, the appliance automatically queries the listed external servers. The timeout for a server is approximately 10 seconds. To decrease login delays, Quest KACE recommends deleting the sample LDAP server.

1.

On the left navigation pane, click Settings, then click User Authentication to display the Authentication Settings.

2.

Select External LDAP Server Authentication and click Add New Server.

All servers must have a valid IP address or host name; otherwise, the appliance times out, resulting in login delays when using LDAP authentication.

3.

Provide the following information to add a server:

Server Friendly Name

The name to identify the server.

Server Host Name (or IP)

The IP address or the host name of the LDAP server. If the IP address is not valid, the appliance waits to timeout, resulting in login delays during LDAP authentication.

NOTE: To connect through SSL, use an IP address or host name. For example: ldaps://hostname.

If you have a non-standard SSL certificate installed on your LDAP server, such as an internally-signed certificate or a chain certificate that is not from a major certificate provider such as VeriSign, contact Quest KACE Technical Support at https://support.quest.com/contact-support for assistance.

LDAP Port Number

The LDAP port number. The default is 636 (secure LDAP). The non-secure LDAP port 389 can also be used, however keep in mind that such connections can easily expose user names and passwords to malicious parties, and as such should be avoided.

The area of the LDAP tree that the appliance should start to search for users. For example to search for the IT group, specify

OU=it,DC=company,DC=com.

The search filter, for example:LDAP_attribute=KBOX_USER, where LDAP_attribute is the name of the attribute containing a unique user ID and KBOX_USER is a variable that the appliance replaces at runtime with the login ID that you enter. For example when using Active Directory, enter samaccountname=KBOX_USER. For most other LDAP servers, enter UID=KBOX_USER.

The credentials of the account that the appliance uses to log in to the LDAP server to read accounts. For example: LDAP Login:CN=service_account,CN=Users, DC=company,DC=com. If no username is provided, an anonymous bind is attempted.

LDAP Password (if required)

The password of the account that the appliance uses to log in to the LDAP server.

User Permissions

The user permissions.

•

Admin: Read/write access to the Administrator Console.

•

ReadOnly Admin: View all pages; no change access.

Test User Password

The LDAP username and password to test on the LDAP server. See Test the LDAP server.

Record the Search Base DN and the Search Filter criteria because you use this same information to import user data and to schedule user imports.

4.

Recommended: Click the Remove icon next to any external servers that are not configured to actual servers in your environment.

5.

Click Save.

The next time users log in, they are authenticated against the LDAP servers in the order listed.

NOTE: The administrator account always authenticates against the internal database, even when an account with the same name exists in an external LDAP.

Test authentication on an external LDAP. See Test the LDAP server.

Test the LDAP server

Test the LDAP server

You can test authentication on the LDAP server using a valid username and password to determine if the server is able to perform a successful authentication.

1.

Select an LDAP profile.

2.

In Search Filter, replace the KBOX_USER variable with a valid login ID to test. The syntax is samaccountname=username.

3.

Enter the corresponding password for the LDAP account.

4.

Click Test Settings.

If the test is successful, the authentication setup is complete for this user, and other users in the same LDAP container.

5.

Change the username in Search Filter back to the system variable KBOX_User.

Delete user accounts

Delete user accounts

You can delete user accounts.

1.

On the left navigation pane, click Settings > Control Panelto display the Control Panel, then click Users to display the Users page.

2.

Select the check box next to one or more accounts.

3.

Select Choose Action > Delete.

4.

Click Yes to confirm.

Reviewing user sessions

Reviewing user sessions

Install and configure the location database

View a list of user sessions

The KACE Systems Deployment Appliance and the Remote Site Appliance keep track of your user sessions. You can review a list of the most recent sessions, or see all sessions for a specific appliance.

To allow the appliance to display the location associated with the logged-in user's public IP address, you must install a location database. See Install and configure the location database.

You can see all of your user sessions on the Recent Sessions page. For a quick list of the latest sessions, use the My Recent Sessions pane. See View a list of user sessions.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center