Chatee ahora con Soporte
Chat con el soporte

KACE Systems Management Appliance 14.0 Common Documents - KACE Service Desk Administrator Guide

About the KACE Service Desk Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Managing user notifications Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings Configuring Content Security Policy
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Deploying the KACE Agent to managed devices Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Managing Linux package upgrades Manage quarantined file attachments
Using reports and scheduling notifications Monitoring devices
Getting started with monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

Manage KACE Agent tokens

Manage KACE Agent tokens

KACE Agent tokens enable the appliance to authenticate and register Agents, allowing them to access the appliance resources.

Each token can be associated with one or more Agents. Use the Agent Token Detail page to create or modify Agent tokens. This page also identifies all devices that used a specific token to connect to the appliance, and allows you to download Agent installers that include the selected token.

Any Agents that do not have a valid token must be approved by the appliance administrator in order to establish a successful connection. For more information, see Review quarantined KACE Agents.

Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if Show organization menu in admin header is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
Log in to the appliance System Administration Console, https://appliance_hostname/system, or select System from the drop-down list in the top-right corner of the page.
The Dashboard or System Dashboard page appears.
2.
Go to the Agent Token Detail page:
a.
On the left navigation bar, click Settings, then click Agent Tokens.
The Agent Tokens page appears, displaying the list of all Agent tokens. For each token, it shows a token status, the name of the user who created it, expiration date (if applicable), the number of times the token is used to register an Agent device with the appliance, and the usage limit (if applicable).
3.
On the Agent Tokens list page that appears, complete one of the following steps:
Tip:
 
TIP: To delete or revoke one or more tokens, select them in the list, and use the applicable commands from the Choose Action menu. You can also perform this action on the Agent Token Detail page.
4.
On the Agent Token Detail page that appears, under Configuring, provide the following information:

Option

Description

Name

The name of the Agent token. Choose a name that you can easily recognize and associate with a specific agent, platform, or purpose.

Expires

If you want this token to be valid for a limited time, select Enable Expiration, and specify the expiration date and time, as required.

To change the specified date and time, click Clear, and provide the new expiration deadline.

Organization

The name of the organization that uses this token. You can select one specific organization, or apply to all organizations by selecting All Orgs.

NOTE: This field only appears if you are using the System Administration Console.
5.
If you want to specify the number of times the token can be used to register one or more agents with the appliance, under Use Limit, select Enable Use Limit, and in the field that appears, specify the maximum use count.
6.
Click Save.
If you created a new Agent token, the page displays some additional sections: Information, Agent Token Bundle Installers, Token Usage by Machines, and Token Usage by Provisioning Schedules.
7.
Optional. Review the contents of the following sections:

Section

Description

Information

General information about the Agent token, such as when it was created, last modified, the name of the user who created it, its status, and the token string.

To copy the token string to clipboard, in the Token field, click the icon. You can specify the token string while installing the KACE Agent on a target device. For more information about agent installation, see Manually deploying the KACE Agent.

Agent Token Bundle Installers

Links to KACE Agent installers for each supported operating system. Each installer bundle includes this Agent token.

Token Usage by Machines

A list of devices in the appliance inventory that use this Agent token, and the date and time the appliance administrator approved access for each device.

Token Usage by Provisioning Schedules

A list of provisioning schedules that use this Agent token. For each entry, the list indicates the IP range and whether the schedule is enabled.

Review quarantined KACE Agents

Review quarantined KACE Agents

The appliance keeps track of any agents that request a connection to the appliance.

In a default view, the Quarantine list page only shows the Agents that are waiting for registration. You can use it to review and register applicable Agents. To display already connected Agents, simply change the list filter.

NOTE: On the Quarantine list page, the Zone column shows each agent as Internal or External. If you configure your firewall to map port 443 externally to port 52230 of the appliance, Agents that connect through the firewall to port 443 show up as External on this page. Agents that connect directly to the appliance's port 443 appear as Internal. This feature is optional, but you can use it, for example, if the appliance is hosted in a perimeter network. For more details. see https://go.kace.com/to/k1000-external-agent-port.

Agents that include a valid token are automatically connected. For more information about tokens, see Manage KACE Agent tokens.

1.
Go to the Quarantine list page by doing one of the following:

Log in to the appliance System Administration Console, https://appliance_hostname/system, or select System from the drop-down list in the top-right corner of the page. Then select Organizations > Quarantine.

A System-level quarantine list includes the Agents associated with all organizations managed by the appliance.

If your appliance does not have the Organization component enabled, or if you want to access an organization-level quarantine list, log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. Then select Inventory > Quarantine.

An organization-level quarantine list includes only the Agents associated with the selected organization.

The Quarantine list page appears. By default, the list uses the Awaiting Action filter, showing only those Agents that require approval. You can apply different filters to display All Items, and Approved or Blocked Agents. When you display the Approval Status column you can see which agents are Approved, Blocked, and Awaiting Action.
To approve one or more Agents, select them in the list, and click Choose Action > Approve. You can also block or delete Agents, as required. Blocking a quarantined agent only removes it from the Awaiting Action view on the Quarantine list page. You can block an agent that you do not want to consider approving, in general. To remove a blocked agent from all views, you may want to delete it. A blocked agent reappears on the Awaiting Action view if it attempts a re-connection. For example, if you see a suspicious host name coming from an external agent, you can either block or delete that agent. Blocked status is intended to be a permanent list of blocked devices that stay hidden from Awaiting Action view, that are not intended to be approved at any point.
b.
On the Quarantine Detail page that appears, review the Agent's details.
c.
4.
System-level Agents only. If you want to associate a System-level Agent with a specific organization, select it in the list and click Choose Action > Assign to Organization > <organization name>
The selected Agent record now appears in the organization-level Quarantine list page, allowing the organization's administrator to review and register this Agent, as applicable. If an Agent is approved without being assigned to an organization, Organization filters are used to assign the agent to an organization after its first inventory.

Provisioning the KACE Agent

Provisioning the KACE Agent

Agent provisioning is the task of installing the KACE Agent on devices you want to add to appliance inventory using the Agent.

About the KACE Agent

The KACE Agent is an application that can be installed on devices to enable inventory reporting and other device management features.

Agents that are installed on managed devices communicate with the appliance through an agent messaging protocol. Agents perform scheduled tasks, such as collecting inventory information from, and distributing software to, managed devices. Communication between an Agent and the appliance occurs over a proprietary KACE tunnel which is encrypted using the TLS 1.3 protocol. The agent sends and receives unencrypted data through the TLS 1.3-encrypted KACE tunnel.

Agentless management is available for devices that cannot have Agent software installed, such as printers and devices with operating systems that the Agent does not support. See Using Agentless management.

Tracking changes to Agent settings

If History subscriptions are configured to retain information, you can view the details of the changes made to settings, assets, and objects.

This information includes the date the change was made and the user who made the change, which can be useful during troubleshooting. See About history settings.

Methods for provisioning the KACE Agent

You have a number of ways to deploy the KACE Agent to the devices you want to manage.

Provision using the Agent Provisioning Assistant: You can use the Agent Provisioning Assistant to perform provisioning for devices with Windows, Mac OS X, and Linux operating systems. Within the Assistant, you can choose between using the appliance GPO Provisioning Tool for deploying the Agent to Windows devices, or using Onboard Provisioning for deploying the Agent to Windows, Mac OS X, or Linux devices.

The GPO Provisioning Tool is recommended for Windows devices because using the tool minimizes the pre-configuration that must happen on the target device. It requires an Active Directory environment. The onboard provisioning approach requires you to perform client-side configuration on the devices to be managed before you can start provisioning.

Provision using manual deployment: Manual deployment is useful when automated Agent provisioning is not practical or when you want to deploy the KACE Agent using email or logon scripts.

Enabling file sharing

Enabling file sharing

To provision Agent software, you must enable file sharing.

If the Organization component is enabled on your appliance, see Enable file sharing at the System level. Otherwise, see Enable file sharing without the Organization component enabled.

Enable file sharing at the System level

If the Organization component is enabled on your appliance, you must enable file sharing at the System level to provision the Agent.

1.
Go to the Security Settings page:
a.
Log in to the appliance System Administration Console, http://appliance_hostname/system, or select System from the drop-down list in the top-right corner of the page.
b.
On the left navigation bar, click Settings, then click Control Panel.
c.
On the Control Panel, click Security Settings.
2.
In the Samba tab, specify the following settings:

Option

Description

For appliances with the Organization component enabled:

Enable Organization File Shares

Use the appliance's client share to store files, such as files used to install applications on managed devices.

The appliance’s client share is a built-in Windows file server that the provisioning service can use to assist in distributing the Samba client on your network. Quest recommends that this file server only be enabled when you perform application installations on managed devices.

Require NTLMv2 authentication to appliance file shares

Enable NTLMv2 authentication for the appliance files shares. When this setting is enabled, managed devices connecting to the appliance File Shares require support for NTLMv2 and authenticate to the appliance using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the KACE Agent. See Manually deploying the KACE Agent.

Require NTLMv2 to off-board file shares

Force certain appliance functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions.

3.
Click Save.

When the appliance restarts, enable file sharing at the organization level. See Enable organization-level file sharing with the Organization component enabled.

Enable organization-level file sharing with the Organization component enabled

If the Organization component is enabled on your appliance, you must enable file sharing at the organization level to provision the Agent.

Verify that organization file shares are enabled. For instructions, see Enable file sharing at the System level.

1.
Go to the Admin-level General Settings page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Control Panel.
c.
On the Control Panel, click General Settings.
2.
Select Enable File Sharing in the File Sharing tab.
3.
Optional: Enter a password for the File Share User.
4.
Click Save.
Enable file sharing without the Organization component enabled

If the Organization component is not enabled on your appliance, you must enable file sharing in the appliance security settings to provision the Agent.

1.
Go to the Security Settings page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Control Panel.
c.
On the Control Panel, click Security Settings.
2.
In the File Sharing tab, select Enable File Sharing.
3.
Optional: Select authentication options:

Option

Description

Require NTLMv2 to authenticate appliance file shares

Enable NTLMv2 authentication for the appliance files shares. When this setting is enabled, managed devices connecting to the appliance File Shares require support for NTLMv2 and authenticate to the appliance using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the KACE Agent. See Manually deploying the KACE Agent.

Require NTLMv2 authentication to off-board file shares

Force certain appliance functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions.

4.
Click Save.
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación