Chat now with support
Chat with Support

KACE as a Service 7.1 - Administrator Guide

About the KACE Systems Management Appliance (K1000) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations
Setting up License Compliance Managing License Compliance Setting up Service Desk Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the K1000 Agent Manually deploying the K1000 Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the K1000
Appendixes Glossary About us Legal notices

Delete devices from inventory

Delete devices from inventory

If you have unused or obsolete devices in inventory, you can delete them manually. This deletion prevents the devices from being counted toward the number of devices you are allowed to manage through your Quest KACE license.

1.
Go to the Devices list:
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Inventory, then click Devices.
3.
Select Choose Action > Delete, then click Yes to confirm.

Provisioning the K1000 Agent

Provisioning the K1000 Agent

Agent provisioning is the task of installing the K1000 Agent on devices you want to add to K1000 inventory using the Agent.

About the K1000 Agent

The K1000 Agent is an application that can be installed on devices to enable inventory reporting and other device management features.

Agents that are installed on managed devices communicate with the K1000 appliance through AMP (Agent Messaging Protocol). Agents perform scheduled tasks, such as collecting inventory information from, and distributing software to, managed devices. Agentless management is available for devices that cannot have Agent software installed, such as printers and devices with operating systems that the Agent does not support. See Using Agentless management.

Tracking changes to Agent settings

If History subscriptions are configured to retain information, you can view the details of the changes made to settings, assets, and objects.

This information includes the date the change was made and the user who made the change, which can be useful during troubleshooting. See About history settings.

Methods for provisioning the K1000 Agent

You have a number of ways to deploy the K1000 Agent to the devices you want to manage.

Provision using the Agent Provisioning Assistant: You can use the Agent Provisioning Assistant to perform provisioning for devices with Windows, Mac OS X, and Linux operating systems. Within the Assistant, you can choose between using the K1000 GPO Provisioning Tool for deploying the Agent to Windows devices, or using Onboard Provisioning for deploying the Agent to Windows, Mac OS X, or Linux devices.

The GPO Provisioning Tool is recommended for Windows devices because using the tool minimizes the pre-configuration that must happen on the target device. It requires an Active Directory environment. The onboard provisioning approach requires you to perform client-side configuration on the devices to be managed before you can start provisioning.

Provision using manual deployment: Manual deployment is useful when automated Agent provisioning is not practical or when you want to deploy the K1000 Agent using email or logon scripts.

Enabling file sharing

Enabling file sharing

To provision Agent software, you must enable file sharing.

If the Organization component is enabled on your appliance, see Enable file sharing at the System level. Otherwise, see Enable file sharing without the Organization component enabled.

Enable file sharing at the System level

If the Organization component is enabled on your appliance, you must enable file sharing at the System level to provision the Agent.

1.
Go to the Security Settings page:
a.
Log in to the K1000 System Administration Console, http://K1000_hostname/system, or select System from the drop-down list in the top-right corner of the page.
c.
On the Control Panel, click Security Settings.
2.
In the Samba section, specify the following settings:

Option

Description

For appliances with the Organization component enabled:

Enable Organization File Shares

Use the appliance's client share to store files, such as files used to install applications on managed devices.

The appliance’s client share is a built-in Windows file server that the provisioning service can use to assist in distributing the Samba client on your network. Quest recommends that this file server only be enabled when you perform application installations on managed devices.

Require NTLMv2 authentication to appliance file shares

Enable NTLMv2 authentication for the K1000 files shares. When this setting is enabled, managed devices connecting to the K1000 File Shares require support for NTLMv2 and authenticate to the K1000 using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the K1000 Agent. See Manually deploying the K1000 Agent.

Require NTLMv2 to off-board file shares

Force certain K1000 functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions.

3.
Click Save.

When the appliance restarts, enable file sharing at the organization level. See Enable organization-level file sharing with the Organization component enabled.

Enable organization-level file sharing with the Organization component enabled

If the Organization component is enabled on your appliance, you must enable file sharing at the organization level to provision the Agent.

Verify that organization file shares are enabled. For instructions, see Enable file sharing at the System level.

1.
Go to the Admin-level General Settings page:
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
c.
On the Control Panel, click General Settings.
2.
Select Enable File Sharing in the Samba Share Settings section.
3.
Optional: Enter a password for the File Share User.
4.
Click Save Samba Settings.
Enable file sharing without the Organization component enabled

If the Organization component is not enabled on your appliance, you must enable file sharing in the appliance security settings to provision the Agent.

1.
Go to the Security Settings page:
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
c.
On the Control Panel, click Security Settings.
2.
In the Samba section, select Enable File Sharing.
3.
Optional: Select authentication options:

Option

Description

Require NTLMv2 to authenticate appliance file shares

Enable NTLMv2 authentication for the K1000 files shares. When this setting is enabled, managed devices connecting to the K1000 File Shares require support for NTLMv2 and authenticate to the K1000 using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the K1000 Agent. See Manually deploying the K1000 Agent.

Require NTLMv2 authentication to off-board file shares

Force certain K1000 functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions.

4.
Click Save.

Enable file sharing at the System level

Enabling file sharing

To provision Agent software, you must enable file sharing.

If the Organization component is enabled on your appliance, see Enable file sharing at the System level. Otherwise, see Enable file sharing without the Organization component enabled.

Enable file sharing at the System level

If the Organization component is enabled on your appliance, you must enable file sharing at the System level to provision the Agent.

1.
Go to the Security Settings page:
a.
Log in to the K1000 System Administration Console, http://K1000_hostname/system, or select System from the drop-down list in the top-right corner of the page.
c.
On the Control Panel, click Security Settings.
2.
In the Samba section, specify the following settings:

Option

Description

For appliances with the Organization component enabled:

Enable Organization File Shares

Use the appliance's client share to store files, such as files used to install applications on managed devices.

The appliance’s client share is a built-in Windows file server that the provisioning service can use to assist in distributing the Samba client on your network. Quest recommends that this file server only be enabled when you perform application installations on managed devices.

Require NTLMv2 authentication to appliance file shares

Enable NTLMv2 authentication for the K1000 files shares. When this setting is enabled, managed devices connecting to the K1000 File Shares require support for NTLMv2 and authenticate to the K1000 using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the K1000 Agent. See Manually deploying the K1000 Agent.

Require NTLMv2 to off-board file shares

Force certain K1000 functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions.

3.
Click Save.

When the appliance restarts, enable file sharing at the organization level. See Enable organization-level file sharing with the Organization component enabled.

Enable organization-level file sharing with the Organization component enabled

If the Organization component is enabled on your appliance, you must enable file sharing at the organization level to provision the Agent.

Verify that organization file shares are enabled. For instructions, see Enable file sharing at the System level.

1.
Go to the Admin-level General Settings page:
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
c.
On the Control Panel, click General Settings.
2.
Select Enable File Sharing in the Samba Share Settings section.
3.
Optional: Enter a password for the File Share User.
4.
Click Save Samba Settings.
Enable file sharing without the Organization component enabled

If the Organization component is not enabled on your appliance, you must enable file sharing in the appliance security settings to provision the Agent.

1.
Go to the Security Settings page:
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
c.
On the Control Panel, click Security Settings.
2.
In the Samba section, select Enable File Sharing.
3.
Optional: Select authentication options:

Option

Description

Require NTLMv2 to authenticate appliance file shares

Enable NTLMv2 authentication for the K1000 files shares. When this setting is enabled, managed devices connecting to the K1000 File Shares require support for NTLMv2 and authenticate to the K1000 using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the K1000 Agent. See Manually deploying the K1000 Agent.

Require NTLMv2 authentication to off-board file shares

Force certain K1000 functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions.

4.
Click Save.
Related Documents