Chat now with support
Chat with Support

KACE Desktop Authority 10.1 - Installation and Upgrade Guide

Registration

 If no license information was entered at the time Desktop Authority was installed, you must register your product to remove the evaluation time period or if the evaluation has expired. A registration code is provided at the time of purchase. All configurations made during the evaluation period are still available after the product is registered. You can continue using all features immediately following the registration process.

Enter the provided registration key code by clicking the Registration link on the bottom of the Desktop Authority console.

The following dialog opens within the Desktop Authority Manager.

The Registration dialog provides product information including version, registration and license information.

Product

The name of the installed product.

Evaluation

If evaluating the product, this is the date the evaluation version will expire. The evaluation is valid for 30 days from the installation date.

Version

The version of the installed product.

Operations Master

The Operations Master designates the computer to which Desktop Authority is installed to.

Registered to

The name of the company the product is registered to.

Licensed seats

Displays the number of seats purchased. In evaluation mode, this will display the number of days remaining in the evaluation period.

Managed devices

The number of active computers that have the Desktop Authority client installed on it, thus it is managed by Desktop Authority. A terminal server is counted as one licensed seat.

License information

Fill in the following entries on the registration dialog box:

Note: If you have been supplied with a copy of a register.ini file, click Import License to locate it. If chosen, the register.ini file will automatically fill in the, Company and Registration Key entries.

Name

Enter the Name that Desktop Authority is registered with. Make sure to type this information carefully. This entry is case-sensitive and must be the same name it was purchased with.

Company

Enter the Company that Desktop Authority is registered with. Make sure to type this information carefully. This entry is case-sensitive and must be the same company name it was purchased with.

Key

Enter the registration key supplied at the time of purchase.

Register

Click Register after entering the above information. If any of the above fields are incorrect, you will be prompted with an appropriate message.

If all registration data is entered and verified to be correct, you are prompted to replicate the change to the domain controllers. Click Yes to replicate the registration data or No to replicate the data at a later time. The registration process does not become effective until the data is replicated.

Once the product is registered and the information is replicated, Desktop Authority Manager will display the registered owner’s name and license information.

Updated registration information is not displayed on the Desktop Authority Manager dashboard or on client machines until the users log back onto the network following the time that the registration information is entered and replicated through the system.

Desktop Authority ports and configurations

Please refer to the File Paths appendix for the correct path(s) based on the version of Desktop Authority you are using.

Installs
  • .NET Framework 3.5 SP1
  • IIS (IIS 7 will be installed to 2008 servers, IIS 7.5 will be installed to 2008 R2 servers, IIS 8 will be used on 2012 servers, IIS 8.5 will be used on 2012 servers, IIS 10 will be used on 2016 servers)
  • MS Visual C++ 2005 Redistributable Package
SQL

User has a choice of

  • Installing MS SQL 2014 Server Express Edition
  • Using an existing instance of MS SQL (2008, 2008 R2, 2012, 2014, 2016)
Databases

There are two databases created by the installation of Desktop Authority.

  • DAConfiguration
  • DAReporting
Super Users
  • Active Directory User or group account. No special permissions needed.
Paths
  • SQL Server 2014 Express Database - C:\Program Files (x86)\Quest\Desktop Authority\Desktop Authority Manager\Database
  • Desktop Authority Manager - C:\Program Files (x86)\Quest\Desktop Authority\Desktop Authority Manager
  • Data collection repository - %programfiles%\Quest\Desktop Authority\ETL Cache
  • Download cache folder - %programfiles%\Quest\Desktop Authority\Update Service\Cache\
  • DA virtual directory – DesktopAuthorityConsole
  • Web Service virtual directory - DesktopAuthorityComponentWebServices
  • IIS metabase backup – DABackup[ddmmyyyy]
Firewall exceptions
  • File and printer sharing
  • Desktop Authority Update Service
  • Installer creates 2 inbound firewall exception rules
  • Desktop Authority Update Service
Enabled,
Allow connection,
Program: C:\Program Files (x86)\Quest\Desktop Authority\Update Service\Daupdsvc.exe,
All computers,
All users,
Protocol: TCP,
All ports,
Any IP Address,
Domain profile
  • Desktop Authority Update Service
Enabled,
Allow connection,
Program: C:\Program Files (x86)\Quest\Desktop Authority\Update Service\Daupdsvc.exe,
All computers,
All users,
Protocol: UDP,
All ports,
Any IP Address,
Domain profile
Security certificate

Desktop Authority uses a security certificate for use with the DesktopAuthorityConsole web site in IIS.

Desktop Authority defaults to creating and installing its own secure self-signed server certificate during the installation process. A self-signed certificate is one that is signed and verified legitimate by the creator of the certificate. You can, however, choose to select a certificate that already exists on the server. This may be the case during an upgrade of Desktop Authority. In most cases, it is recommended to allow Desktop Authority to create a self-signed certificate.

Services installed by DA
  • Operations Service – (Formerly known as the DA OpsMaster Service) The Operations Service is a background service that is used to manage and configure Desktop Authority's plugins. The ETLProcessor and ReportScheduler plugins are used to manage collected data and execute scheduled reports.
This service requires the credentials for a user account that is local admin of OpsMaster server and any other servers that that host the DA Administrative services in order to collect data.
This service moves files from the server that hosts the DA Administrative service (default path - C:\Program Files\Quest\Desktop Authority\etl cache) to the OpsMaster server where Desktop Authority is installed to (default path - C:\Program Files\Quest\Desktop Authority\Desktop Authority Manager\OpsMasterService\ETLFileRepository). Since the ETLProcessor plugin connects to the "\\ServerName\slETL$ (file://servername/slETL$)" share, the user account configured for the Operations Service must have access to that share where the DA Administrative service is installed to.
The Operations service is given SA access to the SQL database server during the installation of Desktop Authority.
The installation defaults this service to port 8017, but it can be changed during the install, to suit the specific environment. This port can also be changed using the Desktop Authority Setup Tool.
  • DA Manager Service – (New service introduced in DA 9.0) The Manager Service is used to manage the Web based Manager, replication, and connectivity and communication between the Manager and the database.
This service requires the credentials for a user account that is local administrator of OpsMaster server and any other servers that will host Desktop Authority services.
The Manager Service is given SA access to the SQL database server during the installation of Desktop Authority.
The installation defaults this service to port 8085, but it can be changed during the install to suit the specific environment. This port can also be changed using the Desktop Authority Setup Tool.
  • DA Administrative Service – The DA Administrative service enables Desktop Authority to perform tasks that require administrative rights without sacrificing user-level security at the workstation. This service helps Desktop Authority perform these specialized tasks by installing a client version of the DA Administrative service to each client machine and a complementary version of the DA Administrative service to one or more Domain Controllers within the domain.
This service requires two unique user accounts. The Server user account (server side service) must have Local Admin rights to all workstations. In most circumstances, this account will be one that is a member of the Domain Admins group.
The Client User account (client side service) is used on each workstation to make registry changes, install software, add printers, synchronize time and perform any other task that may require elevated privileges during the logon, logoff or shutdown events. The Client User account (client side service) should be a member of the Domain Users group.
  • Update Service – The Update Service is used for the Software Management. The Update Service offers an encrypted and secure connection to Quest owned websites.
The user account configured for this service must be a member of the Local Administrators group on the server in which the service is being installed to. This account must have Local Administrator access to the Operations Master server share (\\Servername\slogic$ (file://servername/slogic$) in order to read the Register.ini file for licensing purposes, as well as for access to the Internet.
  • IIS Application Pool – Desktop Authority’s web based Console uses IIS to host the application. The IIS Application pool identity is used to allow IIS to host web applications/virtual folders as standalone processes to avoid application crashes. Port 443 is required for IIS.
Domain user credentials are required so it can log information to the database. If Windows Authentication is chosen for the SQL database authentication, the account selected for the IIS Application pool will need to have login access to the database.
What Desktop Authority relies on/Windows Built-in

Desktop Authority makes use of HTTPS along with a digital certificate to ensure secure communication via the Console. During the DA installation, the DAInstaller has the option to create a new certificate or use an existing certificate. The certificate is used by IIS HTTPS to encrypt the data.

Service communication within Desktop Authority makes use of WCF (Windows Communication Foundation). This also makes use of the digital certificate for encryption of data.

Ports

Desktop Authority Manager relies on the following ports to be opened for inbound access.

1433 – Required by SQL Server to communicate over a firewall

443 – HTTPS port used by IIS

http://support.microsoft.com/kb/832017 Article discusses the ports, protocols and services used my MS client and server operating systems.

445 SMB over TCP for shared access to files, printers, serial ports and miscellaneous communication

137, 138, 139 NetBIOS over TCP/IP port

The ports mentioned above for CIFS/SMB are the underlying the protocol ports for Desktop Authority’s services including DA Update Service and the DA Administrative service. The “File and printer sharing” Local Firewall Policy exception configured by the Desktop Authority Installer enables desired communication through the local firewall.

These ports may have been already been opened/configured by the Desktop Authority Installer so there will not be a need to open them explicitly unless these ports are intentionally blocked through other means.

Services

File and Printer Sharing

Active Directory

Computer Browser (requires firewall exception for File and Printer sharing service)

Event Log

Net Logon

WMI

RPC

File Paths

The following table describes the paths that Desktop Authority uses.

Desktop Authority upgrades from 9.x/10.x to 10.1 will use the existing installation paths.

Important: PF stands for %programfiles% in an x86 environment and %programfiles(x86)% in a x64 environment

Server side

Location

Install paths for upgrades from ver 9.x to 10.1

 

Install Path for ver 10.1

Group Policies Admx file location
  • x:\PF\ScriptLogic\Desktop Authority Manager\TemplateFiles
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\TemplateFiles
Remote Mgmt Alternate DesktopAuthority.exe default location (shared as SLDAClient$)
  • x:\Quest\Desktop Authority\Desktop Authority Manager\DesktopAuthority
  • x:\Quest\Desktop Authority\Desktop Authority Manager\DesktopAuthority
Default MS SQL 2014 Server Express installation location
  • x:\PF\ScriptLogic\Desktop Authority Manager
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager
Default MS SQL 2014 Server Express database location
  • x:\PF\ScriptLogic\Desktop Authority Manager\Database
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\Database
Website Configuration DA Virtual Directory
  • x:\PF\ScriptLogic\Desktop Authority Manager\DAConsole\
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\DAConsole\
Desktop Authority Manager location (shared as SLogic$)
  • x:\PF\ScriptLogic\Desktop Authority Manager
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager
DA Manager ProgramData logs
  • x:\ProgramData\ScriptLogic\DAConsole
  • x:\ProgramData\Quest\DAConsole
Website Configuration Web service Virtual Directory
  • x:\PF\ScriptLogic\Desktop Authority Manager\DAComponentWebServices
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\DAComponentWebServices
Default Update Service Download Cache
  • x:\PF\ScriptLogic\Update Service\Cache
  • x:\PF\Quest\Desktop Authority\Update Service\Cache
Update Service Location  
  • x:\PF\ScriptLogic\Update Service\Daupdsvc.exe
  • x:\PF\Quest\Desktop Authority\Update Service\Daupdsvc.exe
Update Service Log File  
  • x:\PF\ScriptLogic\Update Service\Daupdsvc0.log
  • x:\PF\Quest\Desktop Authority\Update Service\Daupdsvc0.log
Update Service Status Reporter Log File  
  • %temp%\DesktopAuthority\DAUpdtSvcStRep.log
  • %temp%\DesktopAuthority\DAUpdtSvcStRep.log

Note: In the temp directory of the Update Service user account.

OpsMaster ETL Repository
  • x:\PF\ScriptLogic\Desktop Authority Manager\OpsMasterService\ETLFileRepository
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\OpsMasterService\ETLFileRepository
Signature Files
  • x:\PF\ScripLogic\Desktop Authority Manager\slsrvmgr.ske
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\slsrvmgr.ske
Admin Service XML file repository (shared as slETL$)
  • x:\PF\ScriptLogic\ETL Cache
  • x:\PF\Quest\Desktop Authority\ETL Cache
Admin Service Log file
  • (32-bit) %SystemRoot%\System32\DAAdminSvc_%ComputerName%.log
  • (32-bit) %SystemRoot%\System32\DAAdminSvcStRep.log
  • (64-bit) %SystemRoot%\SysWow64\DAAdminSvc_%ComputerName%.log
  • (64-bit) %SystemRoot%\SysWow64\DAAdminSvcStRep.log
  • (32-bit) %SystemRoot%\System32\DAAdminSvc_%ComputerName%.log
  • (32-bit) %SystemRoot%\System32\DAAdminSvcStRep.log
  • (64-bit) %SystemRoot%\SysWow64\DAAdminSvc_%ComputerName%.log
  • (64-bit) %SystemRoot%\SysWow64\DAAdminSvcStRep.log
Admin Service StatusGateway log
  • %temp%\DesktopAuthority\DAStatusGateway.log
  • %temp%\DesktopAuthority\DAStatusGateway.log

Note: In the temp directory of the Admin Service's user account.

User Management Replication
  • Source: x:\PF\ScriptLogic\Desktop Authority Manager\scripts
  • Target: %windir%\SYSVOL\sysvol\DomainName\scripts
  • Source: x:\PF\Quest\Desktop Authority\Desktop Authority Manager\scripts
  • Target: %windir%\SYSVOL\sysvol\DomainName\scripts
Computer Management Replication
  • Source: x:\PF\ScriptLogic\Desktop Authority Manager\Device Policy Master
  • Target: %windir%\SysVol\sysvol\DomainName\Policies\Desktop Authority\Device Policy Master
  • Source: x:\PF\Quest\Desktop Authority\Desktop Authority Manager\Device Policy Master
  • Target: %windir%\SysVol\sysvol\DomainName\Policies\Desktop Authority\Device Policy Master
Replication Log
  • x:\PF\ScriptLogic\Desktop Authority Manager\SLRepl.log
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\SLRepl.log

Client side

Prior Paths New or 10.1+ Version Paths
USB/Port Security devices
  • x:\PF\ScriptLogic\Port Security
  • x:\PF\Quest\Desktop Authority\PortSecurity
  • %windir%\system32
User Detailed Trace File
  • %temp%\Desktop Authority
  • %temp%\Desktop Authority
Computer verbose debug mode
  • %windir%\Temp\Desktop Authority
  • %windir%\Temp\Desktop Authority
Client Files and Agents
  • x:\ScriptLogic
  • x:\PF\ScriptLogic\Desktop Authority
  • x:\PF\ScriptLogic\Common
  • x:\PF\ScriptLogic\DA Update Client
  • x:\PF\ScriptLogic\Desktop Authority\Client Files
  • x:\Desktop Authority
  • x:\PF\Quest\Desktop Authority
  • x:\PF\Quest\Desktop Authority\Common
  • x:\PF\Quest\Desktop Authority\DA Update Client
  • x:\PF\Quest\Desktop Authority\Client Files
Expert Assist
  • x:\PF\DesktopAuthority

  • x:\PF\Quest\ExpertAssist

About Us

About Quest

We are more than just a name

We are on a quest to make your information technology work harder for you. That is why we build community driven software solutions that help you spend less time on IT administration and more time on business innovation. We help you modernize your data center, get you to the cloud quicker and provide the expertise, security and accessibility you need to grow your data-driven business. Combined with Quest’s invitation to the global community to be a part of its innovation, and our firm commitment to ensuring customer satisfaction, we continue to deliver solutions that have a real impact on our customers today and leave a legacy we are proud of. We are challenging the status quo by transforming into a new software company. And as your partner, we work tirelessly to make sure your information technology is designed for you and by you. This is our mission, and we are in this together. Welcome to a new Quest. You are invited to Join the Innovation™.

Our brand, our vision. Together.

Our logo reflects our story: innovation, community and support. An important part of this story begins with the letter Q. It is a perfect circle, representing our commitment to technological precision and strength. The space in the Q itself symbolizes our need to add the missing piece — you — to the community, to the new Quest.

Contacting Quest

For sales or other inquiries, visit https://www.quest.com/company/contact-us.aspx or call +1-949-754-8000.

Technical support resources

Technical support is available to Quest customers with a valid maintenance contract and customers who have trial versions. You can access the Quest Support Portal at https://support.quest.com.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. The Support Portal enables you to:

  • Submit and manage a Service Request
  • View Knowledge Base articles
  • Sign up for product notifications
  • Download software and technical documentation
  • View how-to-videos
  • Engage in community discussions
  • Chat with support engineers online
  • View services to assist you with your product
Related Documents