Chat now with support
Chat with Support

KACE Desktop Authority 11.1 - ExpertAssist User Guide

User Guide
Copyright TOC Overview User Interface Home Remote Control File Transfer Help Desk Chat Computer Management Computer Settings Server Functions Scheduling and Alerts Performance Monitoring Security Preferences Custom Pages WAP and PDA Interface About Us

Network

Here you can configure your ExpertAssist connection settings, your SMTP settings, and even Dynamic IP Support.

General Settings

The General Settings group allows you to change various connection and data transport related options.

TCP/IP port to listen on

Specify the port you want ExpertAssist to use. This takes effect when the service is restarted.

TCP/IP address to listen on

Specify the IP address you want ExpertAssist to use for incoming connections. Your machine can have several IP addresses assigned to it, and ExpertAssist can listen on all of those addresses or just the one you specify here. This takes effect when the service is restarted.

IP filter profile to use

Here you can select from a drop-down list of specified IP addresses. You will first need to set this up under Security > IP Filtering

You must restart the ExpertAssist service before the changes take effect.

Accept unsecured HTTP connections (non-SSL)

If this checkbox is unchecked and SSL transport has been set up (Security > SSL Setup) then only HTTPS connections will be allowed.

Broken proxy server mask

This is a rather obscure name for a setting provided to work around a rather obscure problem.

Some proxy servers request pages from web servers using several IP addresses. This can cause ExpertAssist to bounce you back to the login page after you click the Login button. If you are not affected by this problem, you should not change this setting. However, if you experience this problem, please read the following section carefully.

When you log in, your browser is assigned a session identifier in a cookie. For security reasons, this cookie is only valid when sent from the IP address from which the login originated. Were it not so, an eavesdropping attacker would be able to copy your cookie and gain access to all ExpertAssist resources to which you have access.

Some proxy servers use several IP addresses when requesting data from a remote computer. If this is the case with your proxy server, ExpertAssist sees the original IP address and session identifier as valid, but requests originating from other IP addresses (even if accompanied by a valid cookie) are replied to with the login page. The login page breaks out of frames, and displays itself in your browser - and you are prompted to log in again. A possible workaround is to keep logging in as many times as necessary - most proxy servers only use a few - maybe half a dozen - IP addresses. Once all the IP addresses are logged in, you will no longer be bounced to the login page.

ExpertAssist has had a setting called Proxy Problem Fixer. This is essentially a mask that can be applied to IP addresses. Suppose your proxy server uses the following IP addresses to request pages from servers:

192.168.0.33, 192.168.0.34, 192.168.0.35, 192.168.0.36, 192.168.0.37, 192.168.0.38

In this scenario, if you look at the IP addresses in binary form, you can see that only the last three bits are different:

11000000.10101000.00000000.00100001

11000000.10101000.00000000.00100010

11000000.10101000.00000000.00100011

11000000.10101000.00000000.00100100

11000000.10101000.00000000.00100101

11000000.10101000.00000000.00100110

This means that the largest number that can be represented on three bits (111 binary = 7 decimal) has to be masked from the IP addresses when checking them against each other to verify the validity of the session identifier cookie.

ExpertAssist provides a subnet mask-like setting for this purpose. By default, it is set to 255.255.255.255 - this means that no bits are masked off. Given the above scenario, we need to mask off the three least significant bits, thus we subtract 7 (binary form: 111) from 255.255.255.255, which leaves us with 255.255.255.248. By entering this value in the Proxy Problem Fixer field, we are telling ExpertAssist to ignore the last three bits.

This is a rather tedious way of getting around the problem, but short of reconfiguring the proxy server to use only one IP address, there is no easier solution. The latter is the recommended solution, since allowing several IP addresses to share the same session identifier can be a security risk. It is not really significant when you only mask off a few (three or four) bits, but if you need to decrease more and more significant bits of the IP addresses, you are putting yourself in a risky situation.

Of course, the risk can be decreased by protecting the cookie with SSL - but this requires that you request the login page with the HTTPS protocol and do not rely on the Use SSL switch that appears when it is requested via unsecured HTTP.

Maximum number of servicing threads

Here you can specify the maximum number of threads ExpertAssist can spawn to service client connections. You must restart the ExpertAssist service before the changes take effect.

Idle time allowed

Here you can specify the idle time allowed on a connection before the user is automatically logged out.

ExpertAssist is a highly configurable tool, meaning that you can change its settings to suit your individual remote administration needs and desires.

Stalled transfer timeout

In the ExpertAssist File Transfer applet, files can be copied to and from the remote computer. If the file transfer is halted for the duration of the timeout value the file transfer will be canceled.

File Transfer Download Bandwidth Limit

Enter the download bandwidth to be used for file transfers. This is entered in the form of kbits/sec. A bandwidth limit of 0 will disable this setting.

File Transfer Upload Bandwidth Limit

Enter the download bandwidth to be used for file transfers. This is entered in the form of kbits/sec. A bandwidth limit of 0 will disable this setting.

Force HTTP Tunneling

Force all java applets to use HTTP protocol instead of a direct socket connection.

SMTP Settings

If you want to configure ExpertAssist to send you email alerts you need to enter your SMTP server settings here.

SMTP server address

The IP address of the SMTP server that email will be sent through.

SMTP user name 

If the SMTP server requires authentication, enter the user name here. Leave this field blank if the SMTP server does not require authentication.

SMTP password

If the SMTP server requires authentication, enter the password here. Leave this field blank if the SMTP server does not require authentication.

Default sender address

Enter a default email address for the SMTP server to use.

Test email recipient

To test the SMTP server settings, enter a test message here and click Send test message. An email will be sent through the SMTP server.

Dynamic IP Support

ExpertAssist can send you an email message pointing to the IP address of your remote host every time it starts up. Use this if your host has a dynamic IP address.

Email recipient

Enter the email address of the user who will receive the IP address change email. To disable this feature, leave this field blank.

Check every

Enter the time interval for when IP addresses should be checked for change.

Colors

Here you can modify the colors used by ExpertAssist.

This is done using the standard hexadecimal code used by HTML.

Simply enter the ‘#' symbol followed by the appropriate six-digit code and click Apply to see the change.
For example, the pale blue color used for backgrounds in the default color settings for ExpertAssist is #8abdf0.

Predefined color schemes can be selected from the options in the Scheme drop down menu at the bottom of the screen. Click Apply after selecting a theme.

You can restore the default colors by clicking Restore at the bottom of the page.

Log Settings

ExpertAssist's log settings are fully configurable. Here you can modify the general settings for ExpertAssist, ODBC and the Syslog settings. In order to view the logs themselves you would go to Security > EA Logs.

General Settings

Keep log files for this many days

At midnight ExpertAssist rotates its log files and deletes old, unneeded ones. The value you enter here determines how old log files can grow before they are deleted. If you set this to zero, the files will never be deleted, unless you do it manually.

Directory for log files

You can also specify the directory for storing these log files. If you leave this blank, they will be stored in ExpertAssist's installation folder, by default.

ODBC Messages

Send log events to ODBC data source

Set this checkbox to use the specified ODBC data source to send events to. Click the Click here to configure the ODBC data source link to configure the data source.

Syslog Settings

With ExpertAssist you can also modify the syslog settings. Here you can modify the syslog settings and specify the syslog hostname or IP address, transport protocol (UDP or TCP), syslog port numbers for UDP and TCP, as well as the facility code to report. Click Apply to update your settings.

User Management Log

Use the option to set the number of days within which theUser Management Log will be stored on an EA host machine - 30 days by default. Once the time specified elapses, logs will be deleted from the EA host.

You must Reboot before the changes take effect.

 

ODBC Messages

ODBC Messages 

Specify an ODBC Data Source and table to write messages to. The messages are written to this database via a script defined on Scripting and System Monitoring pages.

Data Source

Enter the Data Source name that will enable the database connection.

User Name

Enter the User Name that is used to access the tables using the specified DSN.

Password

Enter the Password that is used to access the tables using the specified DSN.

Table Name

Enter the Table that the script will write messages to.

Time Stamp

Enter the name of the timestamp or text field from the database that will be used for the time stamp. Maximum 20 characters.

Computer Name

Enter the name of the text field from the database that will be used to hold the computer name. Maximum 16 characters.

Message

Enter the name of the text field from the database that will be used message. Maximum 250 characters.

Log Level

Enter the name of the text field from the database that will be used for the severity of the message. Maximum 10 characters.

Module

Enter the name of the text field from the database that will be used for the originating module. Maximum 20 characters.

Facility

Enter the name of the text field from the database that will be used for the originating facility. Maximum 20 characters.

Client

Enter the name of the text field from the database that will be used to hold the address and name of the client. Maximum 100 characters.

Write test message

Enter a message to send to the ODBC data source in order to test the data source connection. Click the Write test message button to send the test message.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating