The Local Account Management profile object provides the ability to manage the local built-in user accounts on client workstations. The local user accounts that can be managed are the Administrator and Guest local accounts. You can change the name of the account, change the password of the account, and disable either of these accounts. You can also remove local user profiles that have not been used for a specified period of time.
The Local Account Management profile object also provides the ability to manage local built-in groups on client workstations. It allows these built-in groups to be managed by adding and/or removing domain and local user and domain groups.
Select a built-in user account from the drop down list. This is the account that the following options apply to.
Select this check box, , to disable the selected built-in account. Clear the check box, , to enable the selected built-in account. Gray the check box, , to preserve the built-in account's current setting.
The default setting is to preserve the built-in account's current setting.
Select this option to change the name of the selected Built-in User Account.
Select this option to change the password of the selected Built-in User Account. Password strength is based on a level of 1 (weakest) to 5 (strongest). Take into account the following password guidelines for a strong password:
User profiles are created and saved on the local workstation for every user that logs in. Select this option to remove any user profiles from the local computer when they have not been accessed (user has not logged in) for a certain amount of days. This can be any value from 30 and above. A profile will be removed only if it is stored on the local machine. Only domain user profiles will be removed. If any part of a profile is stored externally (outside of the profiles folder directory) will not be removed; this includes Roaming user profiles and Mandatory user profiles. The default value is 30 days.
Select a built-in group to manage. Accounts may be added to or removed from this selected group.
From the drop down selection, choose either Add Domain Accounts or Remove Domain Accounts. From the popup resource browser, select one or more Domain Users, Domain Groups or Domain Computers to manage in the selected built-in group. Both of these selections will add an account to the Account list, each with the selected action, Add or Remove.
The Account list will show the desired Action (Add/Remove), Account Type (Domain/Local), Name (Domain/User Name), and Status. The status will confirm the users' or groups' SID was resolved or not. If the status is "Failed", it was not found (in Active Directory) and will not be able to be added to the built-in group. If the status is "Resolved", it was found (in Active Directory) in the Users/Groups SID and can be used.
To the right of each account in the Account list there will be an Edit link. Click the Edit link to modify the Action type. To remove one or more entries from the list, select each one and then click the Remove button.
From the drop down selection, choose either Add Local User Accounts or Remove Local User Accounts. In the Account list, select the appropriate action and enter the local user name into the entry provided. Local accounts do not get resolved for a SID, therefore no status will be given in the status column. To the right of each account in the Account list there will be Edit and Remove options. Click the Edit link to modify the Action type. Click Remove to delete the account from the Account list.
This setting is only available when the Administrators (built-in) group is the selected Built-in group list. It will be disabled for all other selected groups.
Select this option to remove all domain users and/or domain groups from the built-in local Administrators group unless the user or group is defined in the Account list.
Select the Timing tab to configure when this element will be executed. Computer Management objects can execute at computer Startup, Shutdown, defined Refresh intervals or based on customized Schedules.
Select the Validation Logic tab to set the validation rules for this element.
Select the Notes tab to create any additional notes needed to document the profile element.
When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.
*This feature is not a standard part of Desktop Authority Essentials. To obtain this feature, Desktop Authority Essentials must be upgraded to the full version of Desktop Authority.
The MSI Packages object is used to configure the deployment of applications throughout the enterprise. The MSI Packages object supports the deployment of Windows Installer MSI, MST and MSP packages. Using a Windows Installer package ensures that applications are installed, updated and uninstalled in a consistent manner throughout the enterprise.
The MSI Packages settings tab provides the interface to select a previously published package and one or more transfer files, and add desired Windows Installer command line options. In addition, you can choose to distribution server that will serve the package to the desktops that validate for this configuration element.
Packages may be installed/uninstalled asynchronously or synchronously and they may be installed without user notification (silent), if desired.
|
Note: All MSI Packages are installed using the per-machine installation context. This makes the installed application available to all users of the computer and will be placed in the All Users Windows profile. |
Click the Select Package button to select a package to install/uninstall on client computers within the enterprise. A package can be selected from a list of packages that are known and published by Desktop Authority within Software Distribution.
Once a package is selected, detailed information about the package will be displayed above the Select Package button. The detailed information includes the product name, file name, manufacturer, version, product code, file size and the published status of the package.
If a package is unpublished but is used in an existing MSI package element, click the Publish button to return it to published status.
Select Install or Uninstall from the Action list to define the action for the MSI Packages element.
Select this box to run the MSI installation asynchronously. In asynchronous mode, the installation will run at the same time as others. If this check box is cleared, applications will install one after another. Each installation must complete before the next one will begin.
|
Note: The "Reboot after element executes" execution option will have no effect on the computer if the Asynchronous option is checked on. |
When launching an application, Desktop Authority may stop its processing if the application does not finish processing and close successfully. A machine reboot will allow Desktop Authority to complete. Select this checkbox to allow Desktop Authority to continue processing even if the Application launcher action does not complete. Enter the amount of time, in hours and minutes, for Desktop Authority to wait for the application completion.
If the application is still processing after the time has elapsed, Desktop Authority will execute the profile object element, leaving the current application process started.
All packages being installed from a Computer Management profile will automatically be installed silently, i.e. without displaying any user interface to the end user. This box will always be selected and cannot be unselected.
Transform files provide configuration settings to be used during the installation of a package. One use of a Transform file is to automatically provide responses to prompts during the installation, for example, to provide an installation path or serial number, so the end user does not have to.
To enable the use of Transform files, there must be at least one published MST. MST files are published within the Software Distribution global object. Both the Add and Delete buttons will be disabled if there are no published MST files in the software repository.
Click Add Files to select one or more transform files to add to the Transform Files list. Click Delete to remove selected transform files from the Transform Files list.
MSIEXEC, the Windows Installer executable program installs packages and products, is called to deploy Windows Installer files. Based on the configurations for the MSI Packages object, specific command line options are passed to MSIEXEC. To use additional command line options, enter the switches in this box. For example, entering /norestart will not allow the computer to restart following the install/uninstall, even if the MSI calls for it. All switches entered into this box will be passed to MSIEXEC in addition to any command options that are part of the MSI Packages configurations.
|
Note: Using additional command line options will prevent reporting on the Installer file. |
Select Automatic selection to copy the Windows Installer packages to the client from an auto-selected server. Select Use specific server to define a specific server to copy the Windows Installer package file from. Separate multiple server names using a semicolon (;).
For configuration information on the Update Service, see What is the Update Service?
Check this box to show a pop up message from the system tray before each Desktop Authority element is executed on the computer. Enter the message text into the Text box.
Select this box to pause execution and request permission via a message box to execute an element on the desktop. Enter a message into the Text box. This text will be used on the on permission message box.
When permission is requested from the user, the message box will be displayed for the number of seconds specified here.
If there is no response during the timeout period, the message box will be accepted or dismissed based on the specified default answer.
Optionally enter then name of the person who authorized the specified configuration to take place.
Select this option to determine the timing in which a reboot will take place, if required, by the executed element.
|
Note: This Reboot option will have no effect on the computer if used in conjunction with the Asynchronous option. |
Allow the required reboot to happen immediately following the element configuration.
Select this option to delay the reboot to a time that the user deems acceptable.
The user will be provided a countdown timer before the reboot event occurs. Specify the number of seconds for the countdown in the Seconds until reboot box.
Enter the number of seconds to count down until reboot occurs.
Select this box to allow the user to postpone the impending reboot.
Select the Timing tab to configure when this element will be executed. Computer Management objects can execute at computer Startup, Shutdown, defined Refresh intervals or based on customized Schedules.
Select the Validation Logic tab to set the validation rules for this element.
Select the Notes tab to create any additional notes needed to document the profile element.
When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.
|
Note: This feature is not a standard part of the Desktop Authority Essentials or Standard editions. This is only available to customers who use Desktop Authority Professional. |
The Registry object provides a single point of control over changing values in the registry of a computer. This object will modify Windows 2008/7/8.1/10/2008 R2/2012/2012 R2/2016/2019 registry key/value under the context of the Local System account.
|
NOTE: The Registry object is extremely versatile and, if used improperly, can cause computers not to function properly. The Registry object is designed for use by experienced administrators only. Always use caution when manipulating the registry on any computer, and extreme caution when using a product such as Desktop Authority to make a network-wide change to a group of computers at once. It is highly recommended to first test any registry modification on a specific user or computer (using Validation Logic) prior to rolling the change out to an entire group, subnet or domain. |
Instead of configuring a single registry setting per profile element, the Registry profile object lets you configure multiple registry actions within a single Registry profile element. Click Add from the Registry profile object to create a Registry profile element. This Registry implementation will save you time when implementing multiple registry settings. Group all registry settings together that will use the same Timing and Validation Logic settings. If you prefer, you can stick to the old way of doing things by adding one element to the Registry action list and create several Registry profile elements.
Click Add to add a new entry to the Registry action list.
Click Import to import existing registry (.reg) files.
There are two ways to import an existing registry file:
- Import registry entries into a single Registry profile element
- Import registry entries into multiple Registry profile elements
Figure 37: Import registry entries into a single Registry profile element
Figure 38: Import registry entries into multiple Registry profile elements
Clicking the Import button from the Registry profile object will import all entries within the selected .reg file as multiple elements in the Registry profile object. This will result in multiple Registry profile elements.
Select Edit to modify the currently selected registry action.
Select Delete to remove the currently selected registry action.
Registry actions can be managed by using the standard Windows Cut/Copy/Paste actions to maneuver them into child profiles or parent profiles. Drag and Drop actions may also be used for this purpose.
Registry actions will be evaluated on a client in the order they appear in the Registry action list, from the first Registry element to the last. The order of the Registry actions can be modified by using the Move Up and Move Down buttons. To move a registry action, you must first select it, by clicking on it. Once it is selected (it will be highlighted), press the Move Up or Move Down button based on which way you want to move the setting.
The order in which the Registry actions are displayed in the list is the order they will get processed in. For example, if there are 2 registry elements and they each have a registry action list, all actions for the first registry element will be processed and then all actions for the second registry actions list will be processed.
Once you have configured the registry action, click Confirm to save the settings or Cancel to abort the setting changes.
Select an action from the list to define how the registry setting is to be updated. Registry keys can be created and removed. Available actions are:
Select the hive on which to perform the action from the list. The following hives can be selected:
Enter the specific key to be added or updated in the registry. Keys are subcomponents of the registry hives. Dynamic variables are available for use in defining the key.
Select the value type to be stored in the registry key.
Valid types are:
The Type list is not applicable when the Action field is set to either Add Key or Delete Key.
Enter the name of the value for the registry key that will be written. Value is not applicable when the Action field is set to either Add Key or Delete Key.
A value is not required when the Action field is set to Write Value. If no value is specified, the data will be written to the key's default value.
Type the data you would like stored in the specified value. This field may contain static text, Desktop Authority Dynamic Variables, KiXtart macros or any combination of the three. Press the F2 key to select a dynamic variable from the list.
If you want to create a new value with no data, or to erase an existing registry value’s data, leave this field blank. The value will be created with no data.
Check this box to force the 32 bit registry location to be used instead of the 64 bit location when executing on 64 bit operating systems.
Select the Timing tab to configure when this element will be executed. Computer Management objects can execute at computer Startup, Shutdown, defined Refresh intervals or based on customized Schedules.
Select the Validation Logic tab to set the validation rules for this element.
Select the Notes tab to create any additional notes needed to document the profile element.
When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.
The Service Pack Deployment object allows you to deploy service packs for all 7/2008/2008 R2 clients and servers (64-bit operating systems included).
A few items to note regarding service pack deployment:
The variable $ServicePackFreeSpaceNeededInMB is used to override the available disk space amount. Select Global Options > Definitions or select the Definitions tab on the profile's settings.
Example:
$ServicePackFreeSpaceNeededInMB="1000"
Desktop Authority can bypass the automatic installation of service packs on specific computers. If you have specific computers that you would never like Desktop Authority to install a service pack on (such as a development station), create a file called SLNOCSD in the root directory of the System Drive. This allows you to generally apply service packs based on Validation Logic, while providing for special-case exemptions based on individual systems.
Select an Operating System version from the list. Valid selections are Windows 2008, Windows 2008 x64 and Windows 7.
Select a language from the list. This language should specify the dialect of the operating system installed on the client/server as well as the service pack. If the languages do not match, the service pack will not be installed.
From the list, select the service pack to be deployed. Service Packs displayed in the list are filtered based on the OS Version selected.
Enter the complete path and filename where the installation executable exists or click Browse to locate the executable’s path. The installation executable may be called either spinstall.exe or update.exe based on the operating system being installed. The service pack install file is called spinstall.exe in Windows 2008.
Example:
\\server1\installs\W2KSP1\Update.exe
The executable file downloaded from Microsoft is an archive that must be extracted at a command line by using the -x switch. This will extract the service pack into multiple folders among which you will find the update.exe or spinstall.exe executable.
The following parameters are used when installing service packs from the Computer Management Service Pack object:
Server 2008 = ' /quiet /norestart'
Check this box to show a pop up message from the system tray before each Desktop Authority element is executed on the computer. Enter a message into the text box to be shown in the popup message.
Select this box to pause execution and request permission via a message box to execute an element on the desktop. Enter a message into the text box. This text will be used on the on permission message box.
When permission is requested from the user, the message box will be displayed for the number of seconds specified here.
If there is no response during the timeout period, the message box will be accepted or dismissed based on the specified default answer.
Optionally enter then name of the person who authorized the specified configuration to take place.
Select this option to determine the timing in which a reboot will take place, if required, by the executed element.
Allow the required reboot to happen immediately following the element configuration.
Select this option to delay the reboot to a time that the user deems acceptable.
The user will be provided a countdown timer before the reboot event occurs. Specify the number of seconds for the countdown in the Seconds until reboot box.
Enter the number of seconds to count down until reboot occurs.
Select this box to allow the user to postpone the impending reboot.
Select the Timing tab to configure when this element will be executed. Computer Management objects can execute at computer Startup, Shutdown, defined Refresh intervals or based on customized Schedules.
Select the Validation Logic tab to set the validation rules for this element. Service Packs may only be applied to computers classified as a Desktop, Portable Tablet PC, Member Server and Domain Controller. Operating System and Connection type are disabled.
Select the Notes tab to create any additional notes needed to document the profile element.
When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.
© ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center