KACE Systems Management Appliance 9.1 Common Documents - Administrator Guide

About the KACE Systems Management Appliance (SMA) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the KACE SMA Agent Manually deploying the KACE SMA Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the KACE SMA
Appendixes Glossary About us Legal notices

Create Managed Installations for Mac OS X devices

Create Managed Installations for Mac OS X devices

You can create Managed Installations for Mac OS X devices as needed.

To distribute applications to managed devices, you must attach the digital assets, which are the files required for installation, to the application. In addition, you must select the supported operating systems for the application. See Attach digital assets to applications and select supported operating systems.

1.
Go to the Managed Installation Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
c.
Select Choose Action > New.
2.
Select the application in the Software drop-down list.

If you have selected a ZIP, TGZ, or TAR.GZ file, the contents are unpacked and the root directory is searched for all PKG files. The installation command runs against each of these PKG files and processes them in alphabetical order.

Next, the appliance searches for all plain applications (APP) on the top level of the archive and copies them to the Applications folder using the following command:

To run a script or change any of these command lines, you can specify the appropriate script invocation as the Full Command Line. You can specify wildcards in the filenames you use. Enclose the filename in single or double quotation marks if it contains spaces. The files are extracted into a directory in /tmp, and that becomes the current working directory of the command.

Option

Description

Name

A name that identifies the Managed Installation. This name appears on the Managed Installations page.

Execution

The package deployment setting. Options include:

Disabled: Do not deploy the package.
Anytime: Deploy the package at the next opportunity, such as the next time the KACE SMA Agent reports inventory information to the appliance.
At bootup: Deploy the package the next time the device starts up.
After login: Deploy the package after the user logs in but before the desktop loads.
While user logged in: Deploy the package while the user is logged on.
While user logged off: Deploy the package only when the device is running and the user is logged off.

Inventory

Indicate if you want to deploy the software title from Cataloged Software or all Software by selecting one of these options.

To search for a specific title, begin typing in the Software or Cataloged Software field.
NOTE: Reclaiming unused software licenses only. The name of the software that you want to uninstall appears in this field by default. For more information, see Reclaim unused software licenses.

Associated File

A Software and Cataloged Software title can have one or more files attached to them, as needed. Indicate if you want to select a specific file associated with the selected software title.

Choose associated file: Select this option if you want to associate a file. You can select a file in the list. If you know the file name, start typing it in the box, and select it from the available entries in the list.
Do not associate file: Select this option if you do not want to associate a file.

Alternate Location

Specify a location from which files can be downloaded for a specific Managed Installation.

Path: Enter the location where the KACE SMA Agent can retrieve digital installation files.

Checksum: Enter an alternate checksum (MD5) that matches the MD5 checksum on the remote file share. If no checksum is entered, the digital asset on the file share must match the digital asset associated with the deployment package on the appliance. Also, the target path must include the complete filename (for example, \\fileserver_one\software\adobe.exe). You can create the checksum using any tool, including KDeploy.exe, which is installed with the KACE SMA Agent.

To create the checksum using KDeploy.exe:

Windows 32-bit devices: C:\Program Files\Quest\KACE

Windows 64-bit devices: C:\Program Files (x86)\Quest\KACE

Mac OS X devices: /Library/Application Support/Quest/KACE/bin

c.
Enter the following command: KDeploy -hash=filename

Where filename is the UNC path to the file. If the path contains spaces, enclose the entire path in double quotation marks.

d.
Press Ctrl C or Command C to copy the MD5 checksum. You can then paste it into other files, such as Notepad.

Credential: The details of the service account required to connect to the device and run commands. Select existing credentials from the drop-down list, or select Add new credential to add credentials not already listed. See Add and edit User/Password credentials.

See Distributing packages from alternate download locations and Replication Shares and Add or edit manual labels.

Default Installation

You do not need to specify an installation command. The server runs the installation command by itself. The Mac OS X device tries to install the package using this command:

installer -pkg packagename.pkg -target / [Run Parameters]

or

ditto -rsrc packagename.app /Applications/theapp

If you have specified an archive file, this command runs against all of the PKG files or APP files it can find.

Override Default Installation

Specify the full command-line parameters. See the MSI Command Line documentation for available runtime options.

Uninstall: Uninstall the application from the command line.
Run Command Only (do not download file): Run the command line only.
Don’t Prepend msiexec.exe: Prevent the appliance from adding msiexec.exe to the beginning of the file.

Delete Downloaded Files

Delete the files when the deployment is complete.

ITNinja

Deployment tips from ITNinja. These tips are available only if you share usage data. See Configure data sharing preferences.

Option

Description

All Devices

Deploy to all devices. Clear the check box to limit the deployment to specific labels or devices.

Labels

Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save.

If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.

Devices

Limit deployment to specific devices. In the drop-down list, select the devices to which you want to deploy the application. To filter the list, type a few characters in the Devices field. The number next to the field indicates the number of devices available.

NOTE: Reclaiming unused software licenses only. Any devices from which you want to remove the applicable software are listed. You can edit the list of devices, as needed. To remove the software from all devices, simply select , as described above. For more information, see Reclaim unused software licenses.

Option

Description

Deployment Window

Start

End

The time, in 24-hour clock format, for package deployment to start and end. The Deployment Window time affects all Action options. Also, the run intervals defined in the appliance Settings interact with or override the deployment window of specific packages.

Order

The order in which to install or uninstall applications. The lowest value is deployed first. If an install action and an uninstall action both have the same order value, the uninstall action is performed first.

Maximum Attempts

The maximum number of attempts, between 0 and 99, to indicate the number of times the appliance tries to install the package. If you specify 0, the appliance attempts to install the package indefinitely.

6.
Click Save.

For more information, see:

Create and use File Synchronizations

Create and use File Synchronizations

Using File Synchronizations, you can push out any type of file to Agent-managed devices.

File Synchronizations enable you to distribute files to managed devices. Unlike Managed Installations, however, File Synchronizations do not install files; they simply distribute files. Use File Synchronizations to copy files of any type to managed devices.

The string KACE_ALT_Location in the Alternate Location field is replaced with the value assigned by the corresponding label. You should not have a device in more than one label with an Alternate Location specified.

1.
Go to the File Synchronizations list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Distribution, then click File Synchronizations.
c.
Select Choose Action > New.
2.
In the Configure section, provide the following information:

Option

Description

Enabled

Enable the File Synchronization. When the KACE SMA Agents on selected devices check in to the appliance, the file is distributed.

Name

A name that identifies the File Synchronization. This name appears on the File Synchronizations page.

Path

The directory location, on target devices, to which you want to save the file.

Create Path

Create the location specified in the Path field if it does not already exist.

Credentials

The details of the service account required to connect to the device and run commands. Select existing credentials from the drop-down list, or select Add new credential to add credentials not already listed. See Add and edit User/Password credentials.

File

The file to be distributed to target devices. To appear on the list, applications must have associated files in inventory. See Attach digital assets to applications and select supported operating systems.

Do Not Uncompress Distribution

Prevent the appliance from uncompressing files.

Persist

Confirm that the file does not already exist on target devices before attempting to distribute it.

Create Shortcut

Create a desktop shortcut to the file location on the device.

Name

The display name for the desktop shortcut.

Delete Temporary Files

Delete the files when the deployment is complete.

ITNinja

Deployment tips from ITNinja. These tips are available only if you share usage data. See Configure data sharing preferences.

Option

Description

All Devices

Deploy to all devices. Clear the check box to limit the deployment to specific labels or devices.

Labels

Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save.

If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.

Devices

Limit deployment to specific devices. In the drop-down list, select the devices to which you want to deploy the application. To filter the list, type a few characters in the Devices field. The number next to the field indicates the number of devices available.

Initial Message

Display a message on devices before installation.

Completion Message

Display a message on devices after the installation is complete.

Blackout Window

The time during which Agents on managed devices are prevented from performing File Synchronizations.

Alternate Location

Specify a location from which files can be downloaded for a specific Managed Installation.

Path: Enter the location where the KACE SMA Agent can retrieve digital installation files.

Checksum: Enter an alternate checksum (MD5) that matches the MD5 checksum on the remote file share. If no checksum is entered, the digital asset on the file share must match the digital asset associated with the deployment package on the appliance. Also, the target path must include the complete filename (for example, \\fileserver_one\software\adobe.exe). You can create the checksum using any tool, including KDeploy.exe, which is installed with the KACE SMA Agent.

To create the checksum using KDeploy.exe:

Windows 32-bit devices: C:\Program Files\Quest\KACE

Windows 64-bit devices: C:\Program Files (x86)\Quest\KACE

Mac OS X devices: /Library/Application Support/Quest/KACE/bin

c.
Enter the following command: KDeploy -hash=filename

Where filename is the UNC path to the file. If the path contains spaces, enclose the entire path in double quotation marks.

d.
Press Ctrl C or Command C to copy the MD5 checksum. You can then paste it into other files, such as Notepad.

Credential: The details of the service account required to connect to the device and run commands. Select existing credentials from the drop-down list, or select Add new credential to add credentials not already listed. See Add and edit User/Password credentials.

See Distributing packages from alternate download locations and Replication Shares and Add or edit manual labels.

4.
Click Save.
TIP: To distribute files previously deployed after the deployment window has closed, go to the File Synchronization Detail page for the File Synchronization, then click Save and Resend Files at the bottom of the page.

Using Wake-on-LAN

Using Wake-on-LAN

Wake-on-LAN enables you to power-on devices remotely from the KACE SMA regardless of whether the devices have the KACE SMA Agent installed.

For Wake-on-LAN, the KACE SMA broadcasts UDP traffic on your network on port 7. The KACE SMA sends 16 packets per Wake-on-LAN request because it must guess the broadcast address that is required to get the “Magic Packet” to the target device. This traffic is ignored by devices that are not being powered-on remotely, and the traffic should not have a noticeable impact on the network.

You can power on devices belonging to the same subnet as the KACE SMA, or on different subnets. To power on a device associated with a different subnet, you must designate a KACE SMA agent as a Wake-on LAN Relay.

Issue Wake-on-LAN requests

Issue Wake-on-LAN requests

To wake multiple devices at once, you can specify a label to which those devices belong, or you can wake devices individually.

If the device you want to wake is not inventoried by the appliance but you know the MAC (hardware) address and the device’s last-known IP address, you can manually enter the information to wake the device.

1.
Go to the Wake-on-LAN Schedules list.
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Distribution, then click Wake-on-LAN.
2.
Select Choose Action > New > Simple.
To wake individual devices, select devices the Managed Devices field. To search the list, begin typing in the field.
To wake Discovered devices, select devices in the Discovered Devices field. To search the list, begin typing in the field.
In the IP Address field, specify the IP address of a device.
In the Manual Entry section, specify the MAC address of a device.
5.
Click Run Now.

The results at the top of the page indicate the number of devices that received the request and the labels, if any, to which those devices belong.

Documents connexes