Tchater maintenant avec le support
Tchattez avec un ingénieur du support

KACE Desktop Authority 11.3 - Administrator Guide

Administrator's Guide
Product Improvement Program Installation Help Concepts User Interface Validation Logic Configuration Computer Management User Management Reference File Paths
Setup Tool

Local Account Management

The Local Account Management profile object provides the ability to manage the local built-in user accounts on client workstations. The local user accounts that can be managed are the Administrator and Guest local accounts. You can change the name of the account, change the password of the account, and disable either of these accounts. You can also remove local user profiles that have not been used for a specified period of time.

The Local Account Management profile object also provides the ability to manage local built-in groups on client workstations. It allows these built-in groups to be managed by adding and/or removing domain and local user and domain groups.

Users

Options for Built-in Users
Built-in User Account Name

Select a built-in user account from the drop down list. This is the account that the following options apply to.

Disable this account

Select this check box, , to disable the selected built-in account. Clear the check box, , to enable the selected built-in account. Gray the check box, , to preserve the built-in account's current setting.

The default setting is to preserve the built-in account's current setting.

Account Settings
Change existing name

Select this option to change the name of the selected Built-in User Account.

Change existing password

Select this option to change the password of the selected Built-in User Account. Password strength is based on a level of 1 (weakest) to 5 (strongest). Take into account the following password guidelines for a strong password:

  • Contains at least one lower case character
  • Contains at least one upper case character
  • Contains at least one numerical character
  • Contains at least one special character
  • Has at least 12 characters with no character repetition
Options for User profiles
Remove any Domain User Profiles not used in the last XX day(s)

User profiles are created and saved on the local workstation for every user that logs in. Select this option to remove any user profiles from the local computer when they have not been accessed (user has not logged in) for a certain amount of days. This can be any value from 30 and above. A profile will be removed only if it is stored on the local machine. Only domain user profiles will be removed. If any part of a profile is stored externally (outside of the profiles folder directory) will not be removed; this includes Roaming user profiles and Mandatory user profiles. The default value is 30 days.

Groups

Options for Built-in Groups

Select a built-in group to manage. Accounts may be added to or removed from this selected group.

Accounts to add or remove
Domain Accounts

From the drop down selection, choose either Add Domain Accounts or Remove Domain Accounts. From the popup resource browser, select one or more Domain Users, Domain Groups or Domain Computers to manage in the selected built-in group. Both of these selections will add an account to the Account list, each with the selected action, Add or Remove.

The Account list will show the desired Action (Add/Remove), Account Type (Domain/Local), Name (Domain/User Name), and Status. The status will confirm the users' or groups' SID was resolved or not. If the status is "Failed", it was not found (in Active Directory) and will not be able to be added to the built-in group. If the status is "Resolved", it was found (in Active Directory) in the Users/Groups SID and can be used.

To the right of each account in the Account list there will be an Edit link. Click the Edit link to modify the Action type. To remove one or more entries from the list, select each one and then click the Remove button.

Local Accounts

From the drop down selection, choose either Add Local User Accounts or Remove Local User Accounts. In the Account list, select the appropriate action and enter the local user name into the entry provided. Local accounts do not get resolved for a SID, therefore no status will be given in the status column. To the right of each account in the Account list there will be Edit and Remove options. Click the Edit link to modify the Action type. Click Remove to delete the account from the Account list.

Remove any domain users or domain groups from the local administrators group on the client that are not defined here

This setting is only available when the Administrators (built-in) group is the selected Built-in group list. It will be disabled for all other selected groups.

Select this option to remove all domain users and/or domain groups from the built-in local Administrators group unless the user or group is defined in the Account list.

Timing 

Select the Timing tab to configure when this element will be executed. Computer Management objects can execute at computer Startup, Shutdown, defined Refresh intervals or based on customized Schedules.

Validation Logic

Select the Validation Logic tab to set the validation rules for this element.

Notes

Select the Notes tab to create any additional notes needed to document the profile element.

Description

When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.

*This feature is not a standard part of Desktop Authority Essentials. To obtain this feature, Desktop Authority Essentials must be upgraded to the full version of Desktop Authority.

MSI Packages

MSI Packages*

The MSI Packages object is used to configure the deployment of applications throughout the enterprise. The MSI Packages object supports the deployment of Windows Installer MSI, MST and MSP packages. Using a Windows Installer package ensures that applications are installed, updated and uninstalled in a consistent manner throughout the enterprise.

The MSI Packages settings tab provides the interface to select a previously published package and one or more transfer files, and add desired Windows Installer command line options. In addition, you can choose to distribution server that will serve the package to the desktops that validate for this configuration element.

Packages may be installed/uninstalled asynchronously or synchronously and they may be installed without user notification (silent), if desired.

Note: All MSI Packages are installed using the per-machine installation context. This makes the installed application available to all users of the computer and will be placed in the All Users Windows profile.

Settings

MSI Packages
Select Package

Click the Select Package button to select a package to install/uninstall on client computers within the enterprise. A package can be selected from a list of packages that are known and published by Desktop Authority within Software Distribution.

Once a package is selected, detailed information about the package will be displayed above the Select Package button. The detailed information includes the product name, file name, manufacturer, version, product code, file size and the published status of the package.

If a package is unpublished but is used in an existing MSI package element, click the Publish button to return it to published status.

Action

Select Install or Uninstall from the Action list to define the action for the MSI Packages element.

Asynchronous

Select this box to run the MSI installation asynchronously. In asynchronous mode, the installation will run at the same time as others. If this check box is cleared, applications will install one after another. Each installation must complete before the next one will begin.

Note: The "Reboot after element executes" execution option will have no effect on the computer if the Asynchronous option is checked on.

Continue execution after xx hours, xx minutes, if the application has not closed

When launching an application, Desktop Authority may stop its processing if the application does not finish processing and close successfully. A machine reboot will allow Desktop Authority to complete. Select this checkbox to allow Desktop Authority to continue processing even if the Application launcher action does not complete. Enter the amount of time, in hours and minutes, for Desktop Authority to wait for the application completion.

If the application is still processing after the time has elapsed, Desktop Authority will execute the profile object element, leaving the current application process started.

Silent

All packages being installed from a Computer Management profile will automatically be installed silently, i.e. without displaying any user interface to the end user. This box will always be selected and cannot be unselected.

Packages
Published transform files

Transform files provide configuration settings to be used during the installation of a package. One use of a Transform file is to automatically provide responses to prompts during the installation, for example, to provide an installation path or serial number, so the end user does not have to.

To enable the use of Transform files, there must be at least one published MST. MST files are published within the Software Distribution global object. Both the Add and Delete buttons will be disabled if there are no published MST files in the software repository.

Click Add Files to select one or more transform files to add to the Transform Files list. Click Delete to remove selected transform files from the Transform Files list.

Additional command line options

MSIEXEC, the Windows Installer executable program installs packages and products, is called to deploy Windows Installer files. Based on the configurations for the MSI Packages object, specific command line options are passed to MSIEXEC. To use additional command line options, enter the switches in this box. For example, entering /norestart will not allow the computer to restart following the install/uninstall, even if the MSI calls for it. All switches entered into this box will be passed to MSIEXEC in addition to any command options that are part of the MSI Packages configurations.

Note: Using additional command line options will prevent reporting on the Installer file.

Distribution servers

Select Automatic selection to copy the Windows Installer packages to the client from an auto-selected server. Select Use specific server to define a specific server to copy the Windows Installer package file from. Separate multiple server names using a semicolon (;).

For configuration information on the Update Service, see What is the Update Service?

Execution Options 

Balloon
Show Balloon message to users before element executes

Check this box to show a pop up message from the system tray before each Desktop Authority element is executed on the computer. Enter the message text into the Text box.

Permission
Ask user's permission to execute element

Select this box to pause execution and request permission via a message box to execute an element on the desktop. Enter a message into the Text box. This text will be used on the on permission message box.

Message box will timeout after xx seconds

When permission is requested from the user, the message box will be displayed for the number of seconds specified here.

Default answer if message box times out

If there is no response during the timeout period, the message box will be accepted or dismissed based on the specified default answer.

Authorized by

Optionally enter then name of the person who authorized the specified configuration to take place.

Reboot
Reboot after element executes

Select this option to determine the timing in which a reboot will take place, if required, by the executed element.

Note: This Reboot option will have no effect on the computer if used in conjunction with the Asynchronous option.

Reboot type
Reboot immediately without user interaction

Allow the required reboot to happen immediately following the element configuration.

Remind user that a reboot is required (will not reboot unless user approves)

Select this option to delay the reboot to a time that the user deems acceptable.

Reboot with count down (machine will reboot when countdown dialog comes out, unless postponed)

The user will be provided a countdown timer before the reboot event occurs. Specify the number of seconds for the countdown in the Seconds until reboot box.

Reboot timeout
Seconds until reboot

Enter the number of seconds to count down until reboot occurs.

Allow users to postpone reboot

Select this box to allow the user to postpone the impending reboot.

Timing 

Select the Timing tab to configure when this element will be executed. Computer Management objects can execute at computer Startup, Shutdown, defined Refresh intervals or based on customized Schedules.

Validation Logic

Select the Validation Logic tab to set the validation rules for this element.

Notes

Select the Notes tab to create any additional notes needed to document the profile element.

Description

When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.

Note: This feature is not a standard part of the Desktop Authority Essentials or Standard editions. This is only available to customers who use Desktop Authority Professional.

Registry

The Registry object provides a single point of control over changing values in the registry of a computer. This object will modify Windows 2008/7/8.1/10/2008 R2/2012/2012 R2/2016/2019 registry key/value under the context of the Local System account.

NOTE: The Registry object is extremely versatile and, if used improperly, can cause computers not to function properly. The Registry object is designed for use by experienced administrators only. Always use caution when manipulating the registry on any computer, and extreme caution when using a product such as Desktop Authority to make a network-wide change to a group of computers at once. It is highly recommended to first test any registry modification on a specific user or computer (using Validation Logic) prior to rolling the change out to an entire group, subnet or domain.

Settings

Registry action list

Instead of configuring a single registry setting per profile element, the Registry profile object lets you configure multiple registry actions within a single Registry profile element. Click Add from the Registry profile object to create a Registry profile element. This Registry implementation will save you time when implementing multiple registry settings. Group all registry settings together that will use the same Timing and Validation Logic settings. If you prefer, you can stick to the old way of doing things by adding one element to the Registry action list and create several Registry profile elements.

Add

Click Add to add a new entry to the Registry action list.

Import

Click Import to import existing registry (.reg) files.

Edit

Select Edit to modify the currently selected registry action.

Delete

Select Delete to remove the currently selected registry action.

Cut/Copy/Paste

Registry actions can be managed by using the standard Windows Cut/Copy/Paste actions to maneuver them into child profiles or parent profiles. Drag and Drop actions may also be used for this purpose.

Move up/Move down

Registry actions will be evaluated on a client in the order they appear in the Registry action list, from the first Registry element to the last. The order of the Registry actions can be modified by using the Move Up and Move Down buttons. To move a registry action, you must first select it, by clicking on it. Once it is selected (it will be highlighted), press the Move Up or Move Down button based on which way you want to move the setting.

The order in which the Registry actions are displayed in the list is the order they will get processed in. For example, if there are 2 registry elements and they each have a registry action list, all actions for the first registry element will be processed and then all actions for the second registry actions list will be processed.

Configuring a registry action

Once you have configured the registry action, click Confirm to save the settings or Cancel to abort the setting changes.

Action

Select an action from the list to define how the registry setting is to be updated. Registry keys can be created and removed. Available actions are:

  • Write Value
    Store the specified data to the specific Hive\Key\Value. If the key does not already exist, it will be created.
  • Delete Value
    Remove the specified value from the specific hive\key.
  • Add Key
    Create a key in the specified hive.
  • Delete Key
    When the Delete Key is selected you have the option of deleting the key regardless of whether subkeys exist or not using the Delete Key even if subkeys exist option. Selection this option to delete the key and any associated subkeys. If this option is not selected, the key will not be deleted if any subkeys exist.

    This option cannot be performed on the Software\Microsoft or Software\Classes keys.
Hive

Select the hive on which to perform the action from the list. The following hives can be selected:

  • HKEY_LOCAL_MACHINE
    Contains computer specific information about the type of hardware, software, and other preferences on a given PC.
  • HKEY_CLASSES_ROOT
    Contains all file associations, OLE information and shortcut data.
  • HKEY_USERS/.DEFAULT
    Contains default profile preferences.
  • HKEY_CURRENT_CONFIG
    Represents the currently used computer hardware profile.
Key

Enter the specific key to be added or updated in the registry. Keys are subcomponents of the registry hives. Dynamic variables are available for use in defining the key.

Type

Select the value type to be stored in the registry key.

Valid types are:

  • REG_BINARY
    The entry field for binary data is similar to the entry field in RegEdit. Use the actual hex values as entry.
  • REG_DWORD
  • REG_DWORD_BIG_ENDIAN
  • REG_DWORD_LITTLE_ENDIAN
  • REG_EXPAND_SZ
  • REG_FULL_RESOURCE_DESCRIPTOR
  • REG_MULTI_SZ
    Enter each piece of data or expression on a new line.
  • REG_NONE
  • REG_QWORD
    Select the type of data to be entered, Decimal or Hex.
  • REG_RESOURCE_LIST
  • REG_SZ

The Type list is not applicable when the Action field is set to either Add Key or Delete Key.

Value

Enter the name of the value for the registry key that will be written. Value is not applicable when the Action field is set to either Add Key or Delete Key.

A value is not required when the Action field is set to Write Value. If no value is specified, the data will be written to the key's default value.

Data/expression

Type the data you would like stored in the specified value. This field may contain static text, Desktop Authority Dynamic Variables, KiXtart macros or any combination of the three. Press the F2 key to select a dynamic variable from the list.

If you want to create a new value with no data, or to erase an existing registry value’s data, leave this field blank. The value will be created with no data.

Force use of 32 bit registry locations on 64 bit operating systems

Check this box to force the 32 bit registry location to be used instead of the 64 bit location when executing on 64 bit operating systems.

Timing

Select the Timing tab to configure when this element will be executed. Computer Management objects can execute at computer Startup, Shutdown, defined Refresh intervals or based on customized Schedules.

Validation Logic

Select the Validation Logic tab to set the validation rules for this element.

Notes

Select the Notes tab to create any additional notes needed to document the profile element.

Description

When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.

Service Pack Deployment

The Service Pack Deployment object allows you to deploy service packs for all 7/2008/2008 R2 clients and servers (64-bit operating systems included).

A few items to note regarding service pack deployment:

  • Computer Management Service Pack Deployment will only install service packs to 7/2008/2008 R2 clients and servers if connected over a LAN connection.
  • Computer Management Service Pack Deployment will never downgrade the currently installed service pack on a computer.
  • Computer Management Service Pack Deployment will only install the requested service pack if the client/server has an older or no service pack installed.
  • Computer Management Service Pack Deployment will not attempt to install the requested service pack if the client/server does not have enough available disk space on the drive that hosts the %temp% folder. The engine determines the amount of available disk space before the service pack is installed. By default, 1.4G (1400mb) of disk space must be available to install any service pack. This default can be overridden by defining a value in the global or profile definition file.

The variable $ServicePackFreeSpaceNeededInMB is used to override the available disk space amount. Select Global Options > Definitions or select the Definitions tab on the profile's settings.

Example:

$ServicePackFreeSpaceNeededInMB="1000"

  • Computer Management Service Pack Deployment will run all service packs in unattended mode, will force the computer to close other programs when it shuts down, and will not back up files for uninstall purposes.
  • Computer Management Service Pack Deployment will not install service packs on any Windows Embedded operating system.

Desktop Authority can bypass the automatic installation of service packs on specific computers. If you have specific computers that you would never like Desktop Authority to install a service pack on (such as a development station), create a file called SLNOCSD in the root directory of the System Drive. This allows you to generally apply service packs based on Validation Logic, while providing for special-case exemptions based on individual systems.

Settings

Service Packs settings
Operating system version

Select an Operating System version from the list. Valid selections are Windows 2008, Windows 2008 x64 and Windows 7.

Operating system language

Select a language from the list. This language should specify the dialect of the operating system installed on the client/server as well as the service pack. If the languages do not match, the service pack will not be installed.

Update to

From the list, select the service pack to be deployed. Service Packs displayed in the list are filtered based on the OS Version selected.

Location of Update.exe /Spinstall.exe

Enter the complete path and filename where the installation executable exists or click Browse to locate the executable’s path. The installation executable may be called either spinstall.exe or update.exe based on the operating system being installed. The service pack install file is called spinstall.exe in Windows 2008.

Example: 

     \\server1\installs\W2KSP1\Update.exe

The executable file downloaded from Microsoft is an archive that must be extracted at a command line by using the -x switch. This will extract the service pack into multiple folders among which you will find the update.exe or spinstall.exe executable.

The following parameters are used when installing service packs from the Computer Management Service Pack object:

Execution Options 

Balloon
Show Balloon message to users before element executes

Check this box to show a pop up message from the system tray before each Desktop Authority element is executed on the computer. Enter a message into the text box to be shown in the popup message.

Permission
Ask user's permission to execute element

Select this box to pause execution and request permission via a message box to execute an element on the desktop. Enter a message into the text box. This text will be used on the on permission message box.

Message box will timeout after xx seconds

When permission is requested from the user, the message box will be displayed for the number of seconds specified here.

Default answer if message box times out

If there is no response during the timeout period, the message box will be accepted or dismissed based on the specified default answer.

Authorized by

Optionally enter then name of the person who authorized the specified configuration to take place.

Reboot
Reboot after element executes

Select this option to determine the timing in which a reboot will take place, if required, by the executed element.

Reboot type
Reboot immediately without user interaction

Allow the required reboot to happen immediately following the element configuration.

Remind user that a reboot is required (will not reboot unless user approves)

Select this option to delay the reboot to a time that the user deems acceptable.

Reboot with count down (machine will reboot when countdown dialog comes out, unless postponed)

The user will be provided a countdown timer before the reboot event occurs. Specify the number of seconds for the countdown in the Seconds until reboot box.

Reboot timeout
Seconds until reboot

Enter the number of seconds to count down until reboot occurs.

Allow users to postpone reboot

Select this box to allow the user to postpone the impending reboot.

Timing  

Select the Timing tab to configure when this element will be executed. Computer Management objects can execute at computer Startup, Shutdown, defined Refresh intervals or based on customized Schedules.

Validation Logic

Select the Validation Logic tab to set the validation rules for this element. Service Packs may only be applied to computers classified as a Desktop, Portable Tablet PC, Member Server and Domain Controller. Operating System and Connection type are disabled.

Notes

Select the Notes tab to create any additional notes needed to document the profile element.

Description

When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation