-
Titre
How to configure a Member Server Scenario -
Description
How to configure a Member Server Scenario in KACE Desktop Authority
Installing a Member Server scenario simply means that you are installing KDA (KACE Desktop Authority) and all its services to a single server setup. You would also be creating shares on that same server for replication. In this type of scenario, there is no need to deploy any services or do any replication to the Domain Controllers.
-
Résolution
When setting up a member server scenario the installation procedure would be the same as when installing it to a standard setup, except for when it gets to the point where the install asks to install the Desktop Authority Administrative Service and the Update Service.
At this point in the installation, make sure that only the member server that Desktop Authority is being installed on is shown under Deployment Settings | Server Manager | Service Management.
NOTE: If Domain Controllers are also showing, then they would need to be removed.
Make sure that the DA Administrative Service and Update Service are set to install and proceed with the configuration.
A share needs to be created on the Desktop Authority server for purpose of replication. In a default installation of Desktop Authority replication takes place to two different locations on the Domain Controller.
The User Based Management (UBM) files get replicated to the Netlogon share on the Domain Controller.
The Computer Based Management (CBM) files get replicated to SYSVOL\Domain_Name\Policies\Desktop Authority\Device Policy Master.
At this point one share can be created and have both the UBM and CBM files replicate to it, or two shares can be created and replicate the UBM and the CBM to different shares. When the shares are created provide R/X (Read/Execute) NTFS permissions for Authenticated Users.
In the Desktop Authority Manager click on the member server listed in Service Management and then click on Properties to configure the server properties.
The server properties screen will come up. At this point click on Edit properties:
In the next screen, in Deployment Settings | Server Manager | Service management | Server Properties, click over the User replication target and the Computer replication target box, then enter the share name of the folder(s) that were created and click Save:
Once that is configured: Do a Force an update of the local Desktop Authority folder on clients, to do this go to the left bottom corner and click the DropDown menu arrow and click Force an update of the local Desktop Authority folder on clients. And Replicate all files, to do this go to the left bottom corner and click the DropDown menu arrow and click Replicate all files.
Once Desktop Authority is ready to start being deployed to users on the network you would need to create a batch file with the name CALLSL.BAT. Place that batch file in the Netlogon of the Domain Controllers and assign it as a logon script in the user’s profile in Active Directory or use the KDA Manager Console to assign the script. This batch file redirects the user to get the KACE Desktop Authority settings from the member server, instead of the Domain Controllers.
The following line would be put into the batch file and then saved as “CALLSL.BAT”:
Call \\DAServerName\ShareName\slogic.bat
This file can only contain one line with the direct call to slogic.bat
Important: As of version 11.3.1, the allowed path for this file was limited for security reasons.
The batch file must be named exactly CALLSL.BAT and placed in the root of the NETLOGON folder. If the batch file has a different name or location that will cause a profile validation error.
By default for the CBM setting, the CBM service will automatically look at the SYSVOL directory on the Domain Controllers for the CBMConfig.xml file unless otherwise specified. An alternate location needs to be specified on the client machines so that the CBM service looks to the member server for the CBMConfig.xml. Create the following registry value on the client machine:
Hive: HKLM
Key: SOFTWARE\WOW6432Node\ScriptLogic\Device Agent\Global Settings
Value: Machine_Sysvol_Path
Type: REG_SZ
Data: \\MemberServerName\Sharename
NOTE: THE REGISTRY VALUE NAME IS CASE SENSITIVE
IMPORTANT:
IF YOU DO NOT WANT ALL YOUR MACHINES TO GET UPGRADED AT THE SAME TIME DO NOT APPLY THE KACE DESKTOP AUTHORITY GPO OBJECT TO YOUR DOMAIN. THIS WILL CAUSE ALL OF YOUR MACHINES TO GET UPGRADED TO THE VERSION RUNNING ON THE MEMBER SERVER.
IF A PREVIOUS VERSION OF THE KACE DESKTOP AUTHORITY GPO OBJECT WAS PUSHED OUT TO YOUR DOMAIN, REMOVE IT BEFORE INSTALLING THE KACE DESKTOP AUTHORITY MEMBER SERVER. IF IT IS NOT REMOVED, IT WILL CAUSE MACHINES TO DOWNGRADE BACK TO THE PREVIOUS VERSION.
