Chat now with support
Tchattez avec un ingénieur du support

KACE Systems Management Appliance 9.1 Common Documents - Administrator Guide

About the KACE Systems Management Appliance (SMA) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the KACE SMA Agent Manually deploying the KACE SMA Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the KACE SMA
Appendixes Glossary About us Legal notices

Add Security scripts

Using Mac security policy templates

You can use security policy templates to create scripts that configure security settings on Mac devices.

The following sections explain how to use the policies available to Mac OS X devices.

NOTE: If you edit a template-based policy, keep the Run As setting as local system.
Add Application Layer Firewall scripts

Use this template to create scripts that configure the Application Layer Firewall (ALF) on Mac devices.

In Mac OS X, ALF is located in Mac System Preferences.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Application Layer Firewall to display the Mac Application Layer Firewall page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Application Layer Firewall Mode

The level of security to use for the firewall.

Enable Firewall Logging

Enable the firewall to log information about the unsolicited requests, blocked requests, and successful requests.

Enable Stealth Mode

Enable the firewall to drop packages that are denied without sending error messages to requesters.

Trusted Applications

The full path to the application binaries, for example:

/Applications/Safari.app/Contents/MacOS/

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Add Parental Controls scripts

Use this template to create scripts that configure the parental control options available on Mac OS X.

Some of the options are set using Managed Client for Mac OS X (MCX) on a local device. This method of setting options takes the place of network-based policy settings on an Open Directory server. Mixing network-based policy settings with local node settings might lead to unpredictable results.

Most of these settings require a reboot or logout and login to take effect.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Parental Controls to display the Mac Parental Controls page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Hide Profanity in Dictionary

Prevent words identified as profanity from being displayed in the dictionary on target devices.

Prohibit actions

Prevent actions from being performed on target devices.

Website Restrictions

Select the access restrictions for websites.

URLs of approved websites

If you select Allow access only to these websites, provide the URLs of the websites you want to approve. Users on target devices can only access approved websites.

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Add Security scripts

Use this template to create scripts that configure security options on Mac OS X devices.

Security options are available in Mac System Preferences.

Some of the options are set using Managed Client for Mac OS X (MCX) on a local device. This method of setting options takes the place of network-based policy settings on an Open Directory server. Mixing network-based policy settings with local node settings might lead to unpredictable results.

Most of these settings require a reboot or log out and log in to take effect.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Security Policies to display the Mac Security Policy page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Actions to enforce

The actions to perform on target devices.

Timeout

The period, in minutes, after which actions are performed.

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.

Resolve Windows security issues that prevent Agent provisioning

Resolve Windows security issues that prevent Agent provisioning

If Windows security settings prevent the KACE SMA from provisioning the Agent to Windows devices, you can reconfigure settings through a command prompt.

To allow provisioning, you must open the firewall and configure security settings.

reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v ForceGuest /t REG_DWORD /d 0 /f

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v FdenyTSConnections /t REG_DWORD /d 0 /f

netsh.exe firewall set service type=FILEANDPRINT mode=ENABLE scope=ALL

netsh.exe firewall set service type=REMOTEADMIN mode=ENABLE scope=ALL

Maintaining appliance security

Maintaining appliance security

To maintain appliance security, review daily security reports, and apply appliance software updates as they become available.

When appliance software updates are available, they are advertised on the appliance Dashboard.

Security run output

Security run output

The appliance security status is provided in the security run output email.

The KACE SMA security run output is automatically emailed to the system administrator every day at 02:00.

The following example shows the content of the security run output.

Documents connexes