About the KACE Systems Management Appliance (K1000)
About K1000 components
About the Administrator Console
Getting started
Components available in Admin mode without the Organization component
Components available in Admin mode with the Organization component enabled
Components available in System mode with the Organization component enabled
Using the Home component
About Dashboards
View the Dashboard in Admin mode
View the Dashboard in System mode
Customize Dashboard pages
About Dashboard widgets
View Dashboard details
View the K1000 version, model, and license information
View K1000 license information
About appliance software updates
About labels
Searching for information and filtering lists
Search at the Admin level
Search at the page level
Searching at the page level with advanced options
Log in to the Administrator Console: First login following initial network configuration
Example: Search for managed devices using Advanced Search criteria
Add Smart Labels and Notifications using Advanced Search criteria
Load Smart Labels from the Advanced Search tab
Create Custom Views using Advanced Search criteria
Access product documentation
Configuring the appliance
Managing inventory
Requirements and specifications
Power-on the appliance and log in to the Administrator Console
Access the Command Line Console
Tracking configuration changes
Configuring System-level and Admin-level General Settings
Setting up and using labels to manage groups of items
Configure appliance General Settings with the Organization component enabled
Configure Admin-level or organization-specific General Settings
Configure appliance General Settings without the Organization component
Configure appliance date and time settings
Verifying port settings, NTP service, and website access
Verify port settings
Verifying the status of the NTP service
Make necessary websites accessible to the K1000 appliance
Configuring network and security settings
Changing appliance network settings
Configure local routing tables
Configure local web server settings and whitelist hosts
Configure security settings for the appliance
Configure Active Directory as the single sign on method
Configure Quest Identity Broker as the single sign on method
Generate an SSL certificate
Configuring Agent settings
Configuring session timeout and auto-refresh settings
Configuring locale settings
How locale settings are applied
Configure locale settings for the Administrator Console and the Command Line Console
Configure locale settings for the User Console
Configure locale settings for organizations
Configure locale settings for users
Configure data sharing preferences
About DIACAP compliance requirements
Configuring Mobile Device Access
Enable Mobile Device Access for the appliance
Enable Mobile Device Access for users
Download and use KACE GO
Disable Mobile Device Access on the appliance
Disable Mobile Device Access for users
Enable fast switching for organizations and linked appliances
Linking Quest KACE appliances
Enable appliance linking
Add Names and Keys to appliances
Enable access to Federation API settings
Disable appliance linking
Configuring history settings
About history settings
Managing settings history
Configure settings history subscriptions for organizations
Configure System-level settings history subscriptions with the Organization component enabled
View settings history
Managing asset history
Managing object history
Using change history information
About labels
Tracking changes to label settings
Managing manual labels
Managing Smart Labels
Configuring user accounts, LDAP authentication, and SSO
Add Smart Labels
Example: Combine Smart Labels to identify devices
Edit Smart Labels
Setting up labels for user accounts
Using Smart Labels for patching
Using Smart Labels with Discovery Results
Adding Smart Labels for devices
Assign the Smart Label run order
Delete Smart Labels
Managing label groups
Add, view, or edit label groups
Assign labels to or remove labels from label groups
Delete label groups
Managing LDAP Labels
About user accounts and user authentication
About locale settings
Managing System-level user accounts
Using Replication Shares
Managing credentials
Add or edit System-level user accounts
Manage appliance administrator email notifications
Delete System-level user accounts
Managing organization user accounts
Add or edit User Roles
Delete User Roles
Add or edit organization user accounts
Customize user details
View or edit user profiles
Using an LDAP server for user authentication
Importing users from an LDAP server
About single sign on (SSO)
Enabling and disabling single sign on
Using Active Directory for single sign on
Configure Active Directory as the single sign on method
Configuring browser settings for single sign on
Using Quest Identity Broker for single sign on
Configure Internet Explorer browser settings
Configure Firefox browser settings
Use Active Directory single sign on to access the Administrator Console or User Console
Unjoin the domain and disable Active Directory single sign on
Tracking changes to Credentials Management settings
Add and edit User/Password credentials
Add and edit Google OAuth credentials
Add and edit SNMP credentials
View credential usage
Create reports from the Credentials Management list
Export credentials information
Delete credentials
Configuring assets
About the Asset Management component
About managing assets
Setting up License Compliance
How asset information differs from inventory information
Identifying the assets to track
View assets and search for asset information
Add barcodes to assets
Change device owners
Adding and customizing Asset Types and maintaining asset information
About Asset Types
Customizing Asset Types
Managing Software assets
Managing physical and logical assets
Maintaining and using manual asset information
Managing locations
About renaming fields and changing field types in Asset Types
About adding and deleting asset fields
Add or customize Asset Types
About customizing the Device Asset Type
Example: Add custom fields to the Device Asset Type
Establishing relationships between asset fields
Delete Asset Types
About Asset Subtypes, custom fields, and device detail preferences
Workflow for using Asset Subtypes with SNMP devices
Add Asset Subtypes and select Device Detail page preferences
Edit Asset Subtypes
Set an Asset Subtype as the default
View subtypes available to Asset Types
View Asset Subtypes on the Assets page
Assign or change Device Asset Subtypes from the Devices page
Assign assets to subtypes or change subtype assignments from the Assets page
Update custom asset fields manually
Delete Asset Subtypes
About License Compliance for Software Catalog applications
Customize the License Asset Type
Add License assets for Software Catalog inventory
Add License assets for Software page inventory
Importing license data in CSV files
Managing License Compliance
View License Compliance information for Software Catalog applications
Update software License Compliance information manually
Customize license usage warning thresholds
View License Compliance and Configuration information
Setting up Service Desk
Setting up roles for user accounts
Creating and managing organizations
About default roles
Create a Service Desk staff role
Assign user roles
Apply labels and roles to Service Desk staff
Create the DefaultTicketOwners account
Configuring email settings
About email notifications
About Ticket Rules
About POP3 email accounts
Create and configure POP3 email accounts
Configuring email triggers and email templates
Configure CC lists for ticket categories
Automatically add email addresses to ticket CC List fields
Exclude addresses from ticket CC List fields
Prevent email loops
About organizations
Tracking changes to organization settings
Managing Organization Roles and User Roles
Adding, editing, and deleting organizations
Importing and exporting appliance resources
Add or edit organizations
Delete organizations
Customizing the logos used for the User Console and organization reports
Managing user accounts for organizations
Managing organization filters
How organization filters work
Add or edit organization Data Filters
Add or edit organization LDAP Filters
Test organization filters
Delete organization filters
Managing devices within organizations
Understanding device details
Running single organization and consolidated reports
Using Device Discovery
Deploying packages to managed devices
About Device Discovery and device management
Tracking changes to Discovery settings
Discovering devices on your network
Managing device inventory
Add a Discovery Schedule to perform a quick "what and where" scan of your network
Add a Discovery Schedule for a thorough scan of managed Windows, Mac, Linux, and UNIX computers
Obtain a Client ID and Client Secret for use in discovering Chrome devices
Add a Discovery Schedule for a G Suite device
Add a Discovery Schedule for a Dell Mobility Management (DMM) device
Add a Discovery Schedule for SNMP-enabled non-computer devices
Add a Discovery Schedule for an AirWatch device
About Discovery Results
View and search Discovery Results
Provision the Agent using the discovered IP address or hostname
Stop a running discovery scan
Delete Discovery Schedules
About managing devices
Features available for each device management method
About inventory information
Tracking changes to inventory settings
Managing inventory information
Managing applications on the Software page
Add custom data fields
Schedule inventory data collection for managed devices
View device inventory and details
Groups and sections of items in device details
About Dell Data Protection | Encryption (DDP|E) and encryption information in device details
Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices
Finding and managing devices
Add the DumpXmlInventory registry key to an Agent-managed Windows device
Add the DumpXmlInventory registry key to an Agentless-managed Windows device
About Intel AMT information in device details
Finding devices in inventory
Labeling devices to group them
Run actions on devices
View devices that have been added manually
Delete devices from inventory
Provisioning the K1000 Agent
Enabling file sharing
Manually deploying the K1000 Agent
Enable file sharing at the System level
Enable organization-level file sharing with the Organization component enabled
Enable file sharing without the Organization component enabled
Provisioning the K1000 Agent using the GPO Provisioning Tool for Windows devices
Prepare to use the GPO Provisioning Tool for Agent deployment
Provision K1000 Agents using the K1000 GPO Provisioning Tool
Provisioning the K1000 Agent using onboard provisioning
Managing provisioning schedules
View, run, edit, or duplicate provisioning schedules
Delete provisioning schedules
View provisioning results
Managing Agent communications
Configure Agent communication and log settings
View Agent task status
View the Agent Command Queue
Delete messages from the Agent command queue
Updating the K1000 Agent on managed devices
Obtaining Agent installation files
Manually deploying the K1000 Agent on Windows devices
Using Agentless management
Manually deploy the K1000 Agent on Windows devices using the installation wizard
Manually deploy the K1000 Agent on Windows devices using the Command line
Manually deploying and upgrading the K1000 Agent on Linux devices
Manually deploy the K1000 Agent on Linux devices
Deploy the K1000 Agent on Linux devices at startup or login
Upgrade the K1000 Agent on Linux devices
Performing Agent operations on Linux devices
Start and stop the Agent on Linux devices
Manually remove the Agent from Linux devices
Verify that the Agent is running on Linux devices
View the Agent version on Linux devices
Collecting inventory information
Manually deploying and upgrading the K1000 Agent on Mac devices
Deploy or upgrade the K1000 Agent to Mac devices using the Agent installer
Deploy the Agent to Mac devices using the terminal window
Use shell scripts to deploy the K1000 Agent
Performing other Agent operations on Mac devices
Start or stop the Agent on Mac devices
Manually remove the Agent from Mac devices
Verify that the Agent is running on Mac devices
Verify the version of the Agent on Mac devices
Collecting inventory information from Mac devices
Viewing information collected by the Agent
About Agentless device management
Adding devices manually in the Administrator Console or by using the API
Operating systems supported by Agentless management
About enabling Agentless management on Agent-managed devices
Managing Agentless devices
Enable Agentless management using Discovery information
Enable Agentless management by entering device information manually
Shell support for SSH and Telnet connections
Edit Agentless device connection details or delete Agentless devices
Using SNMP Inventory Configurations to identify specific SNMP objects and non-computer devices to add to inventory
About managing devices
Tracking changes to inventory settings
Add devices manually with the Administrator Console
Adding devices manually using the API
Forcing inventory updates
Force inventory updates from the appliance
Force inventory updates from Windows devices
Force inventory updates from Mac OS X devices
Force inventory updates from Linux devices
Managing MIA devices
Configure MIA settings
Apply labels to MIA devices
Delete MIA devices manually
Troubleshoot devices that fail to appear in inventory
Obtaining Dell warranty information
About the Software page
Tracking changes to inventory settings
Adding and deleting applications in Software page inventory
Creating Software assets
Managing Software Catalog inventory
Add Software assets in the Inventory section
Add Software assets in the Assets section
Attach digital assets to applications and select supported operating systems
Copy files to the K1000 Client Drop location
Using software threat levels and categories
Finding and labeling applications
About finding applications using Advanced Search
Add manual software labels
Apply manual labels to or remove labels from software
Add software Smart Labels
Managing the ITNinja feed
About the Software Catalog
Managing process, startup program, and service inventory
Application classifications
About cataloged applications
About Locally Cataloged applications
About Not Allowed applications
Application categories
How Software Catalog information is collected
How the Software Catalog is used with the Organization component
How Software Catalog information is localized
How you can help improve the Software Catalog
Differences between the Software page and the Software Catalog page
Viewing Software Catalog information
View lists of Discovered and Not Discovered applications
View the list of Uncataloged applications
View the list of Locally Cataloged applications
View details of Software Catalog applications
Adding applications to the Software Catalog
Submitting cataloging requests automatically adds applications to the local Software Catalog
How Locally Cataloged applications change to Cataloged applications
How custom names are resolved when Locally Cataloged applications are added to the Software Catalog
Submit cataloging requests
Cancel cataloging requests and remove local cataloging
Managing License assets for Software Catalog applications
Add License assets for Software Catalog inventory
Migrate License assets to applications in the Software Catalog
Using software metering
About software metering
About metering information
Enabling and configuring metering for devices and applications
Using Application Control
Choosing the devices and applications to meter
Enabling metering on devices
Enable metering on devices using manual labels
Enable metering on devices using Smart Labels
Enable metering for Software Catalog applications
Configure options for metering Software Catalog applications
Viewing Software Catalog metering information
View metering information on the Software Catalog Detail page
View metering information on the Device Detail page
Disabling metering for Software Catalog applications and managed devices
Managing metering and scheduling inventory collection
Requirements for blacklisting applications
How applications are blacklisted
About blacklisting application editions that share executable files
Applications that cannot be blacklisted
Apply the Application Control label to devices
Mark applications and suites as Not Allowed
View applications and suites that are marked as Not Allowed
Create reports showing applications marked as Not Allowed
Remove the Not Allowed designation from applications
Update or reinstall the Software Catalog
Managing process inventory
Writing custom inventory rules
View and edit process details
Add labels for processes
Apply labels to or remove labels from processes
Categorize processes
Assign threat levels to processes
Delete processes
Managing startup program inventory
View and edit startup program details
Add labels for startup programs
Apply labels to or remove labels from startup programs
Categorize startup programs
Assign threat levels to startup programs
Delete startup programs
Managing service inventory
Distributing software and using Wake-on-LAN
Patching devices and maintaining security
About software distribution
Tracking changes to distribution settings
Types of distribution packages
Distributing packages from the appliance
Distributing packages from alternate download locations and Replication Shares
Distributing applications to Mac OS X devices
Using Managed Installations
Broadcasting alerts to managed devices
Running scripts on managed devices
Adding applications to inventory
About creating Managed Installations
About installation parameters
Identify parameters that are supported by installer files
Create Managed Installations for Windows devices
Examples of common deployments on Windows
Create Managed Installations for ZIP files
Create Managed Installations for RPM files
Create Managed Installations for TAR.GZ files
Create Managed Installations for Mac OS X devices
Create and use File Synchronizations
Using Wake-on-LAN
Exporting Managed Installations
About scripts
Tracking changes to scripting settings
About default scripts
Adding and editing scripts
Managing Mac profiles
Token replacement variables
Add offline KScripts or online KScripts
Edit scripts
Delete scripts from the Scripts page
Delete scripts from the Script Detail page
Structure of importable scripts
Import scripts
Duplicate scripts
Using the Run and Run Now commands
Run scripts from the Run Now page
Run scripts from the Script Detail page
Run scripts from the Scripts page
Monitor Run Now status and view script details
About configuration policy templates
Using Windows configuration policies
About starting Windows Automatic Updates on Windows devices
Add Automatic Update scripts
About Dell Command | Monitor
Add Dell Command | Monitor scripts
Add Desktop Wallpaper scripts
Add Desktop Shortcuts scripts
Add Event Log Reporter scripts
Add MSI Installer scripts
About power management and power consumption
Add power management scripts for Windows devices
Add Registry scripts
Add Remote Desktop Control Troubleshooter scripts
Add UltraVNC scripts
Add Uninstaller scripts
Using Mac OS X configuration policies
Edit policies and scripts
Search the scripting logs
Exporting scripts
Tracking changes to Mac profile settings
Adding, editing, and uploading Mac profiles
Add or edit Mac user profiles
Add or edit Mac system profiles
Add Mac profiles using existing profiles as templates
Upload Mac profiles to the K1000 appliance
Installing and managing Mac profiles
Distribute Mac profiles on a schedule
Install Mac profiles on devices using the Run option
Identify devices that have Mac profiles installed
View Mac profiles
Export the Mac profiles list
Removing and deleting Mac profiles
About patch management
Using reports and scheduling notifications
Patching workflow
About patch signature files
About patch packages
About patch testing and security
About the patch quality assurance process
Best practices for patching
Subscribing to and downloading patches
About patch subscription and downloads
Websites that must be accessible to the K1000 appliance
Overview of first-time patch-subscription workflow
View details about operating systems and applications
Subscribing to patches and configuring download settings
Viewing available patches and download status
Creating and managing patch schedules
About scheduling critical OS patches for desktops and servers
About scheduling critical patches for laptops
About scheduling non-critical patches
Configuring patch schedules
Managing patch inventory
Configure Detect-only patch schedules
Configure Detect and Deploy patch schedules
Configure Deploy-only patch schedules
Configure Detect and Rollback patch schedules
Configure Rollback-only patch schedules
Viewing patch schedules, status, and reports
View patch schedules
View patch status
View patch status by device
View files within patches
View patch reports
Managing patch rollbacks
Prerequisites for managing patch inventory
Viewing patch information
Managing Dell devices and updates
View downloaded patches
View patch details
Resetting the number of patch deploy attempts
Viewing patch statistics and logs
Mark patches as inactive
Patch Mac OS X devices
Reset the number of patch deploy attempts from the patch Catalog
Reset the number of patch deploy attempts from the patch detail page
View patch information for devices in inventory
View devices missing patches
Managing Dell devices with Dell Updates
Differences between patching and Dell Updates
Configuring Dell Updates
Maintaining device and appliance security
Testing device security
About OVAL security checks
Understanding OVAL tests and definitions
Maintaining appliance security
View OVAL tests and definitions
Running OVAL tests
Using labels to restrict OVAL tests
Understanding OVAL updates
Configure OVAL Settings
View the OVAL vulnerability report
Apply labels to affected devices
View the OVAL Report
About SCAP
SCAP supported versions and platforms
How the K1000 conducts SCAP scans
Definitions of SCAP standards
About benchmarks
How a SCAP scan works
Access SCAP Scan information
View and manage benchmarks
Import and modify benchmarks
Configure SCAP schedules
Editing SCAP scan schedules
View the resolved XCCDF files
View the OVAL timestamp
View script tasks
View SCAP scan results
Download benchmarks from the archive
About security policy templates
Using Windows security policy templates
Add Internet Explorer scripts
Add XP SP3 Firewall scripts
Add McAfee AntiVirus scripts
Add McAfeeSuperDAT scripts
Add Symantec AntiVirus scripts
Using Mac security policy templates
Resolve Windows security issues that prevent Agent provisioning
About reports and notifications
Creating and modifying reports
Monitoring servers
Creating reports
Scheduling reports and notifications
Create reports using the report wizard
Create reports using SQL queries
Create reports from list pages
Duplicate reports
Edit SQL statements on reports created with the report wizard
Create reports from history lists
Modifying reports
Customizing logos used for reports
Create or modify linked reports
Getting started with server monitoring
Using the Service Desk
Enable monitoring for a device
Working with monitoring profiles
Enable monitoring for one or more servers from the Devices inventory list
Enable monitoring for a server from its Device Detail page
Obtain a new license key to increase server monitoring capacity
Apply a new license key to increase server monitoring capacity
Edit a profile
Configure SNMP trap messages and alerting criteria
Create a new profile using a default profile as a template
Profile log paths for MySQL and Apache
Upload a profile that was created by another user
Download a profile so that it can be used by others
Bind an additional profile to a device
Define nonstandard log date format
Configuring application and threshold monitoring with Log Enablement Packages
Managing monitoring for devices
Install one or more LEPs on monitored devices
Set up a Windows Server 2003 device with an ITNinja monitoring Log Enablement Package (LEP)
Edit the monitoring Log Enablement Package (LEP) for a Windows Server 2008 or higher device
Edit the monitoring Log Enablement Package (LEP) for a Windows Server 2003 device
Pause monitoring for a device
Pause or resume monitoring for multiple devices
Set the polling interval and any automatic dismissal or deletion of alerts
Disable ping probe
Receive alerts when device configurations change
Schedule a Maintenance Window during which time alerts are not collected from a device
Create and assign monitoring-specific roles
Disable monitoring for one or more devices
Enable monitoring for one or more devices
Working with alerts
Add notification schedules from the Monitoring Alerts list page
Create a Service Desk ticket from an alert
Search for alerts using Advanced Search criteria
Filtering alerts using the Include Text and Exclude Text capability
Filter alerts using the Include Text and Exclude Text capability from the Profile Details page
Filter alerts using the Exclude Text capability from the Monitoring Alerts list page
Examples of Include Text and Exclude Text for monitoring profiles
Dismiss an alert
Retrieve and review alerts that have been dismissed from the alerts list
Delete alerts
Configuring Service Desk
Maintenance and troubleshooting
System requirements
About Service Desk
Overview of setup tasks
Configuring Service Desk business hours and holidays
Configuring Service Level Agreements
Configuring Service Desk ticket queues
Managing Service Desk tickets, processes, and reports
Configure ticket queues
Rename Service Desk titles and labels
Enable or disable the conflict warning
Configuring ticket settings
Customizing the User Console home page
Change the User Console logo and text at the System level
Change the User Console logo and login text at the Admin-level
Show or hide action buttons and widgets on the User Console home page
Show or hide links to Knowledge Base articles on the User Console home page
Add, edit, hide, or delete User Console announcements
Prioritize User Console announcements or mark an announcement as urgent
Add, edit, or delete custom links on the User Console home page
Add ticket links to the User Console home page
Add a quick-action link for reporting problems on the User Console home page
About the session timeout period
Using the Satisfaction Survey
Enable or disable security for Service Desk attachments
Overview of Service Desk ticket lifecycle
Creating tickets from the Administrator Console and User Console
Managing Service Desk ticket queues
Create tickets from the User Console
Create tickets from the Administrator Console Ticket page
Create tickets from the Device Detail page
Create tickets from the Asset Detail page
Create a Service Desk ticket from an alert
Creating and managing tickets by email
About attachments to tickets created through email
Enable email ticket creation
Modifying ticket attributes using email
Clearing a ticket field using email
Changing ticket fields using email
Changing ticket approval fields using email
Viewing tickets and managing comments, work, and attachments
Navigate among tickets, related devices, and assets
Add work information for tickets
Use default views for tickets
Create custom views for tickets
Set a view as the default view for tickets
Add comments to tickets
Add owner-only comments to tickets
View ticket comments
Add or delete screenshots and attachments to Service Desk tickets
View ticket activity history
Send ticket information through email
Run Device Actions from tickets
Using the ticket escalation process
Understanding ticket states
Understanding the escalation time limit
Understanding escalation
Changing ticket escalation settings
Change the list of escalation email recipients
Change the escalation time limits
Change the default escalation email message
Using Service Desk processes
Add, edit, and enable process templates
Define process types
Create process tickets to manage related tasks
View process information
Cancel or complete process tickets
Delete process templates
Convert process tickets to regular tickets
Convert regular tickets to process tickets
Using Ticket Rules
Using and configuring system Ticket Rules
Understanding and customizing system Ticket Rules
Create custom Ticket Rules
Duplicate a custom Ticket Rule
Delete a custom Ticket Rule
Move a Ticket Rule from one queue to another
Run Service Desk reports
Archiving, restoring, and deleting tickets
Enable ticket archival
Configure queue archive settings
Archive selected tickets
Restore archived tickets
Delete archived tickets
Managing ticket deletion
About Service Desk ticket queues
Adding and deleting queues
Viewing tickets in queues
Setting the default queue
Set the default fields for the All Queues ticket list
Move tickets between queues
About User Downloads and Knowledge Base articles
Managing User Downloads
Customizing Service Desk ticket settings
Add User Downloads
Apply labels to User Downloads
Remove labels from User Downloads
Delete User Downloads
Managing Knowledge Base articles
About customizing Service Desk ticket settings
Create ticket categories and subcategories
Customizing ticket values
Customizing ticket layout
Configuring SMTP email servers
Customize Layout and Related Ticket Fields
Configure Comment Field Options
Define custom ticket fields
Preview ticket layout
Customize the ticket list layout
Using parent-child ticket relationships
Enable parent-child ticket relationships for a queue
Enable parent tickets to close child tickets
Create child tickets for any ticket
Designate tickets as parents and add existing tickets as their children
Use a parent ticket as a to-do list
Use parent tickets to organize duplicate tickets
Using ticket approvers
Maintaining the appliance
Appendixes
Glossary
About us
Tracking changes to settings
About appliance backups
Troubleshooting the K1000
Set the daily backup schedule and the number of backups to retain
Back up the appliance manually
Download backup files from the Administrator Console
Access backup files through FTP
About deleting appliance backup data
Restoring the appliance
Restore the appliance using the most recent backup
Upload backup files to the appliance
Restore the appliance from backups
Restore the appliance to factory settings
Updating appliance software
Check for and apply advertised appliance updates
Upload an update file to the appliance manually
Verify updates
Update the appliance license key
Reboot or shut down the appliance
Update OVAL definitions from KACE
Understanding the daily run output
Using Troubleshooting Tools
Troubleshooting appliance issues
Troubleshooting and debugging the K1000 Agent
Resolve Windows security issues that prevent Agent provisioning
Enabling debugging on Windows devices
Testing and troubleshooting email communication
Enable Windows debugging by editing the amp.conf file
Enable Windows debugging from the command line
Enable debugging on Linux devices
Enable debugging on Mac OS X devices
Test outgoing email
Test incoming email
Use Telnet to test incoming email
Access appliance logs to view Microsoft Exchange Server errors
Troubleshooting email errors
About Two-Factor Authentication
We are more than just a name
Our brand, our vision. Together.
Contacting Quest
Technical support resources
Legal notices
Configure local routing tables
Configure local routing tables
|
1. |
|
◦ |
If the Organization component is not enabled on the appliance, log in to the K1000 Administrator Console, http://K1000_hostname/admin, then click Settings. |
|
◦ |
If the Organization component is enabled on the appliance, log in to the K1000 System Administration Console, http://K1000_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings. |
|
2. |
|
3. |
. |
Enter the subnet mask of the specified network. For example: 24, 255.255.240.0. This is applied to the host. | |
|
5. |
|
6. |
|
7. |
Configure local web server settings and whitelist hosts
Configure local web server settings and whitelist hosts
You can configure local web server settings to specify a whitelist of hosts that are allowed to access the Administrator Console, System Administration Console, and the User Console. After you create the whitelist, access is restricted to the hosts on the whitelist.
|
NOTE: After an IP address or domain name is whitelisted (added to the Allow List), only that IP address or domain has access. All others are blocked. |
|
1. |
|
◦ |
If the Organization component is not enabled on the appliance, log in to the K1000 Administrator Console, http://K1000_hostname/admin, then click Settings. |
|
◦ |
If the Organization component is enabled on the appliance, log in to the K1000 System Administration Console, http://K1000_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings. |
|
2. |
|
Select this option to restrict access to web addresses on the Allow List. To whitelist IP addresses on the appliance’s subnet in addition to the specified destinations, select Allow all IP addresses in the same subnet as the appliance. |
|
4. |
| |||||||
|
6. |
|
7. |
|
8. |
|
NOTE: After an IP address or domain name is added to the Allow List, only that IP address or domain can access that page. All others are blocked. |
Configure security settings for the appliance
Configure security settings for the appliance
To enable SSL, you need to have the correct SSL private key file and a signed SSL certificate. If your private key has a password, the appliance cannot restart automatically. If you have this issue, contact Quest Support at https://support.quest.com/contact-support.
|
NOTE: In some cases, the Firefox® browser does not display the Administrator Console login page correctly after you enable access to port 443 and restart the appliance. If that happens, clear the Firefox browser cache and cookies, then try again. |
|
1. |
|
◦ |
If the Organization component is not enabled on the appliance, log in to the K1000 Administrator Console, http://K1000_hostname/admin, then click Settings. |
|
◦ |
If the Organization component is enabled on the appliance, log in to the K1000 System Administration Console, http://K1000_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings. |
|
2. |
|
4. |
Optional: In the Appliance Encryption Key section, click Generate Key to generate a new encryption key. This key is used to enable Quest Support to access your appliance for troubleshooting using a tether. It is not necessary to generate a new key unless you believe that the current key has been compromised. See Enable a tether to Quest Support. |
|
5. |
|
Prevent the K1000 from using single sign on. Single sign on enables users who are logged on to the domain to access the K1000 Administrator Console and User Console without having to re-enter their credentials on the K1000 login page. | |
|
Use Active Directory for authentication. Active Directory uses the domain to authenticate users on the network. See Using Active Directory for single sign on. | |
|
Use Quest Identity Broker (QIB) for authentication. QIB is a cloud-based single sign on (SSO) solution that allows users to securely authenticate using various identity providers. See Using Quest Identity Broker for single sign on. |
|
6. |
|
For appliances with the Organization component enabled: Enable Organization File Shares |
| ||
|
Enable NTLMv2 authentication for the K1000 files shares. When this is enabled, managed devices connecting to the K1000 File Shares require support for NTLMv2 and they authenticate to the K1000 using NTLMv2. Although NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the K1000 Agent. See Manually deploying the K1000 Agent. | |||
|
Force certain K1000 functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to off-board network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions. |
|
Enable access to the appliance over port 80. If you disable port 80 access, contact Quest Support to adjust the Agent deployment scripts to handle SSL. | |
|
Enable managed devices to connect to the appliance using SSL (HTTPS). Enable this setting only after you have properly deployed the appliance on your LAN in non-SSL mode. To enable SSL, you need to load an SSL certificate as described in 8. | |
|
(Displayed only if Enable SSL is selected). Enable managed devices to connect to the appliance using SSLv3, which is an older version of SSL. Because of vulnerabilities associated with SSLv3, this setting should be enabled only if you have Agent-managed devices that are running version 6.3 or earlier of the K1000 Agent. SSLv3 is disabled by default on new K1000 appliances. For more information about SSLv3 vulnerabilities, see https://support.quest.com/kb/136510. |
|
◦ |
Click SSL Certificate Form to generate certificate requests or load self-signed certificates. See Generate an SSL certificate. |
|
◦ |
If you have an SSL certificate and private key, click Browse or Choose File in the SSL Private Key File or SSL Certificate File fields to select them. These files must be in Privacy Enhance Mail (PEM) format, similar to those used by Apache-based web servers. |
|
◦ |
Select Enable Intermediate SSL Certificate to enable and upload intermediate SSL certificates, which are signed certificates provided by certificate issuers as proxies for root certificates. Intermediate SSL certificates must be in PEM format. |
|
◦ |
If your certificate is in PKCS-12 format, click Browse or Choose File in the PKCS-12 File field to select it, then enter the password for the file in the Password for PKCS-12 file field. |
|
9. |
In the Secure Attachments in Service Desk section, choose whether to add security for files that are attached to Service Desk tickets: |
|
◦ |
|
◦ |
Clear the check box to enable users to access files by clicking ticket links from outside the Administrator Console or User Console. |
|
10. |
|
NOTE: In some cases, the Firefox browser does not display the Administrator Console login page correctly after you enable access to port 443 and restart the appliance. If that happens, clear the Firefox browser cache and cookies, then try again. |
Configure Active Directory as the single sign on method
Configure Active Directory as the single sign on method
Active Directory single sign on enables users who are logged on to the domain to access the K1000 Administrator Console and User Console without having to re-enter their logon credentials each time.
Before you connect the K1000 to an Active Directory server, verify that:
|
• |
|
• |
|
1. |
|
◦ |
If the Organization component is not enabled on the appliance, log in to the K1000 Administrator Console, http://K1000_hostname/admin, then click Settings. |
|
◦ |
If the Organization component is enabled on the appliance, log in to the K1000 System Administration Console, http://K1000_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings. |
|
2. |
In the Single Sign On section of the Security Settings page, select Active Directory, then provide the following information: |
|
The hostname of the domain of your Active Directory® server, such as example.com. | |
|
The username of the administrator account on the Active Directory server. For example, username@example.com. | |
|
The password of the administrator account on the Active Directory server. |
|
3. |
A message appears stating the results of the test. To view errors, if any, click Logs, then in the Log drop-down list, select Server Errors.
|
4. |
|
5. |
When users are logged in to devices that are joined to the Active Directory domain, they can access the K1000 User Console without having to re-enter their credentials. If users are on devices that are not joined to the Active Directory domain, the login window appears and they can log in using a local K1000 user account. See Add or edit System-level user accounts.