Each token can be associated with one or more Agents. Use the Agent Token Detail page to create or modify Agent tokens. This page also identifies all devices that used a specific token to connect to the appliance, and allows you to download Agent installers that include the selected token.
Any Agents that do not have a valid token must be approved by the appliance administrator in order to establish a successful connection. For more information, see Review quarantined KACE Agents.
◦ |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if Show organization menu in admin header is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
◦ |
Log in to the appliance System Administration Console, https://appliance_hostname/system, or select System from the drop-down list in the top-right corner of the page. |
2. |
a. |
3. |
◦ |
TIP: To delete or revoke one or more tokens, select them in the list, and use the applicable commands from the Choose Action menu. You can also perform this action on the Agent Token Detail page. |
4. |
If you want this token to be valid for a limited time, select Enable Expiration, and specify the expiration date and time, as required. To change the specified date and time, click Clear, and provide the new expiration deadline. | |||
|
5. |
If you want to specify the number of times the token can be used to register one or more agents with the appliance, under Use Limit, select Enable Use Limit, and in the field that appears, specify the maximum use count. |
6. |
7. |
Optional. Review the contents of the following sections: |
To copy the token string to clipboard, in the Token field, click the icon. You can specify the token string while installing the KACE Agent on a target device. For more information about agent installation, see Manually deploying the KACE Agent. | |
The appliance keeps track of any agents that request a connection to the appliance.
In a default view, the Quarantine list page only shows the Agents that are waiting for registration. You can use it to review and register applicable Agents. To display already connected Agents, simply change the list filter.
NOTE: On the Quarantine list page, the Zone column shows each agent as Internal or External. If you configure your firewall to map port 443 externally to port 52230 of the appliance, Agents that connect through the firewall to port 443 show up as External on this page. Agents that connect directly to the appliance's port 443 appear as Internal. This feature is optional, but you can use it, for example, if the appliance is hosted in a perimeter network. For more details. see https://go.kace.com/to/k1000-external-agent-port. |
Agents that include a valid token are automatically connected. For more information about tokens, see Manage KACE Agent tokens.
1. |
Log in to the appliance System Administration Console, https://appliance_hostname/system, or select System from the drop-down list in the top-right corner of the page. Then select Organizations > Quarantine.
◦ |
If your appliance does not have the Organization component enabled, or if you want to access an organization-level quarantine list, log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. Then select Inventory > Quarantine. |
b. |
c. |
4. |
System-level Agents only. If you want to associate a System-level Agent with a specific organization, select it in the list and click Choose Action > Assign to Organization > <organization name> |
Agentless management is available for devices that cannot have Agent software installed, such as printers and devices with operating systems that the Agent does not support. See Using Agentless management.
This information includes the date the change was made and the user who made the change, which can be useful during troubleshooting. See About history settings.
You have a number of ways to deploy the KACE Agent to the devices you want to manage.
• |
Provision using the Agent Provisioning Assistant: You can use the Agent Provisioning Assistant to perform provisioning for devices with Windows, Mac OS X, and Linux operating systems. Within the Assistant, you can choose between using the appliance GPO Provisioning Tool for deploying the Agent to Windows devices, or using Onboard Provisioning for deploying the Agent to Windows, Mac OS X, or Linux devices. |
• |
Provision using manual deployment: Manual deployment is useful when automated Agent provisioning is not practical or when you want to deploy the KACE Agent using email or logon scripts. |
To provision Agent software, you must enable file sharing.
If the Organization component is enabled on your appliance, see Enable file sharing at the System level. Otherwise, see Enable file sharing without the Organization component enabled.
1. |
a. |
Log in to the appliance System Administration Console, http://appliance_hostname/system, or select System from the drop-down list in the top-right corner of the page. |
b. |
c. |
2. |
Enable NTLMv2 authentication for the appliance files shares. When this setting is enabled, managed devices connecting to the appliance File Shares require support for NTLMv2 and authenticate to the appliance using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the KACE Agent. See Manually deploying the KACE Agent. | |
Force certain appliance functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions. |
3. |
When the appliance restarts, enable file sharing at the organization level. See Enable organization-level file sharing with the Organization component enabled.
Verify that organization file shares are enabled. For instructions, see Enable file sharing at the System level.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
Optional: Enter a password for the File Share User. |
4. |
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
c. |
2. |
3. |
Optional: Select authentication options: |
Enable NTLMv2 authentication for the appliance files shares. When this setting is enabled, managed devices connecting to the appliance File Shares require support for NTLMv2 and authenticate to the appliance using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the KACE Agent. See Manually deploying the KACE Agent. | |
Force certain appliance functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions. |
4. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center