Chat now with support
Chat with Support

KACE as a Service 7.1 - Administrator Guide

About the KACE Systems Management Appliance (K1000) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations
Setting up License Compliance Managing License Compliance Setting up Service Desk Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the K1000 Agent Manually deploying the K1000 Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the K1000
Appendixes Glossary About us Legal notices

Workflow for critical patches for laptops

Workflow for critical patches for laptops

The workflow for applying critical patches to laptops includes identifying devices, identifying patches, scheduling actions, and deploying patches.

Setting up automatic detect and deploy actions consists of the following workflow:

Identify critical patches: Create a patch Smart Label to automatically identify critical patches for laptops. See Using Smart Labels for patching.
Schedule Detect actions: Create and run a schedule to periodically detect critical patches on laptops. See Configuring patch schedules.
Schedule Deploy actions: Create and run a schedule to periodically deploy critical patches on laptops. See Configuring patch schedules.
Check patching status: Periodically check patching status using reports and the patch. See Viewing patch schedules, status, and reports.
Notify users: Notify users of the patching schedule. You can notify users by sending email and other messaging services outside the appliance Administrator Console. See "Notify users when devices are being patched" in Best practices for patching.

About scheduling non-critical patches

About scheduling non-critical patches

You can configure the appliance to install non-critical patches according to a schedule.

To schedule non-critical patches:

Detect patches: Create a patching schedule to detect patches on all devices to determine the size of the patching job. See Configuring patch schedules.
Inactivate patches: If there are patches you do not want to deploy, mark them as Inactive.
Test patches: Create a schedule to detect and deploy patches to your test devices. See Configuring patch schedules.
Identify patches for desktops and servers: Create a patch Smart Label to automatically capture the patches to deploy on servers. See Using Smart Labels for patching.
Check patching status: Periodically check the patching status. See Viewing patch schedules, status, and reports.

Configuring patch schedules

Configuring patch schedules

You can create and configure patch schedules and set a time for them to run. Patch schedules do not interfere with Managed Installations or other distributions.

You can create and edit the following types of patch schedules:

Configure Detect-only patch schedules

Configure Detect-only patch schedules

You can create and edit Detect-only patch schedules for managed devices. This is useful when you want to detect patches that are installed on, or missing from, managed devices.

Detect-only actions are recommended when the Patch Download Settings are configured to download only Files detected as missing. Running a detect-only action before the deploy creates a list of patch files to download before deployment begins.

1.
Go to the Patch Schedule Detail page:
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
c.
On the Patch Management panel, click Schedules.
d.
Display the Patch Schedule Detail page by doing one of the following:
Select Choose Action > New.
2.
In the Configure section, specify options for the Detect-only schedule.

Option

Description

Name

A name that identifies the schedule. This name appears on the Patch Schedules page.

Action

Select Detect. The page updates to the appropriate options.

The patch action behavior is dependent on the combination of reboot, detect, deploy, and rollback selections you make. Whenever a patch action does both a Detect pass and something else, as is the case with Detect and Deploy and Detect and Rollback, the action is repeated cyclically until the Detect action finds no further patches to deploy or roll back. This behavior might result in multiple Reboot actions for a single scheduled run. In addition, the type of device you are patching affects the type of patch action to use.

All Devices

Run the schedule on all devices. If the Organization component is enabled on your appliance, this schedule includes all devices in the selected organization.

Use this setting with caution. It is usually better to test patch actions on a limited number of devices, and to limit patch actions to selected devices or device labels. This limitation ensures that patch actions are applied appropriately.

NOTE: This option only appears if the Hide All Devices check box on the General Settings page is not selected.

Device Labels

Restrict the patch actions to the devices in the labels that you select. Limiting the run to labels, especially Smart Labels, helps to ensure that patches are applied appropriately.

For example, some application patches have the ability to install applications as well as update applications that are already installed. To prevent the appliance from installing the application on devices that do not already have the application installed, you can create a Smart Label to identify devices that have the application. You can then limit the patch action to devices that have that label. The patch is then applied only to devices that already have the application installed.

To use this option, you must already have created labels or Smart Labels. See Using Smart Labels for patching.

Devices

Run detect and deploy patch actions on the devices that you select. To search for devices, begin typing in the field.

Operating Systems

Select the operating systems of the devices on which you want to run the actions. The default is all operating systems.

3.
In the Detect section, specify options for the Detect-only schedule.

Option

Description

All Patches

Detect all available patches. This process can take a long time. Also, it might detect patches for software that is not installed on, or required by, managed devices. For example, if managed devices use anti-virus applications from only one vendor, you might not need to detect patches for all anti-virus vendors. All Patches, however, detects all missing patches regardless of whether they are required by managed devices. To refine patch detection, set up labels for the patches you want to detect, then use the Patch Labels option.

Patch Labels

Restrict the action to the patches in the labels that you select. This is the most commonly used patch detection option. To select labels, click Edit. To use this option, you must already have labels or Smart Labels for the patches you want to detect. See Using Smart Labels for patching.

4.
In the Schedule section, specify options for the Detect-only schedule.

Option

Description

None

Run in combination with an event rather than on a specific date or at a specific time. This option is useful if you want to patch servers manually, or perform patch actions that you do not want to run on a schedule.

Every _ hours

Run at a specified interval.

Every day/specific day at HH:MM

Run daily at a specified time, or run on a designated day of the week at a specified time.

Run on the nth of every month/specific month at HH:MM

Run on the nth day every month, (for example, the first or the second) day of every month, or a specific month, at the specified time.

Custom

Run according to a custom schedule.

Use standard 5-field cron format (extended cron format is not supported):

Use the following when specifying values:

Spaces ( ): Separate each field with a space.
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour.
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday.
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday.
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk (*) specifies every hour, but /3 restricts this to hours divisible by 3.

Examples:

Timezone

The timezone to use when scheduling the action. Select Server to use the timezone of the appliance. Select Agent to use the timezone of the managed device.

Run on next connection if offline

Run the action the next time the managed device connects to the appliance, if the device is currently offline. This option is useful for laptops and other devices that are periodically offline. If this option is not selected, and the device is offline, the action does not run again until the next scheduled time.

Delay run after reconnect

Delay the schedule by a specified amount of time. The time delay period begins when the patch action is scheduled to run.

End after

The time limit for patching actions.

For example, if you schedule patches to run at 04:00, you might want all patching actions to stop at 07:00 to prevent bandwidth issues when users start work. To do so, you could specify 180 in the minutes box.

When this time limit is reached, any patching tasks that are in progress are suspended, and their status on Security logs is Suspended.

These patching tasks do not resume on the next run and instead start from the beginning with each scheduled patching action.

5.
Click Save.

The Detect-only schedule is created. If you add devices that match the Smart Label criteria, they are automatically included in the patching schedule.

Related Documents