• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• KACE Asset Management Appliance 7.1
• KACE Asset Management Appliance 7.1 - Administrator Guide

KACE Asset Management Appliance 7.1 - Administrator Guide

Table of Contents  

About the KACE Systems Management Appliance (K1000)

About K1000 components About the Administrator Console

Components available in Admin mode without the Organization component Components available in Admin mode with the Organization component enabled Components available in System mode with the Organization component enabled Using the Home component

About Dashboards View the Dashboard in Admin mode View the Dashboard in System mode Customize Dashboard pages About Dashboard widgets View Dashboard details View the K1000 version, model, and license information View K1000 license information About appliance software updates About labels

Searching for information and filtering lists

Search at the Admin level Search at the page level Searching at the page level with advanced options

Example: Search for managed devices using Advanced Search criteria Add Smart Labels and Notifications using Advanced Search criteria Load Smart Labels from the Advanced Search tab

Create Custom Views using Advanced Search criteria Access product documentation

Log in to the Administrator Console: First login following initial network configuration

Getting started

Configuring the appliance

Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings

Configure appliance General Settings with the Organization component enabled Configure Admin-level or organization-specific General Settings Configure appliance General Settings without the Organization component

Configure appliance date and time settings Verifying port settings, NTP service, and website access

Verify port settings Verifying the status of the NTP service Make necessary websites accessible to the K1000 appliance

Configuring network and security settings

Changing appliance network settings Configure local routing tables Configure local web server settings and whitelist hosts Configure security settings for the appliance Configure Active Directory as the single sign on method Configure Quest Identity Broker as the single sign on method Generate an SSL certificate

Configuring Agent settings

About Konea Configure Agent settings

Configuring session timeout and auto-refresh settings

Set session timeout Set auto-refresh properties

Configuring locale settings

How locale settings are applied Configure locale settings for the Administrator Console and the Command Line Console Configure locale settings for the User Console Configure locale settings for organizations Configure locale settings for users

Configure data sharing preferences About DIACAP compliance requirements

Enable or disable the Acceptable Use Policy

Configuring Mobile Device Access

Enable Mobile Device Access for the appliance Enable Mobile Device Access for users Download and use KACE GO Disable Mobile Device Access on the appliance Disable Mobile Device Access for users

Enable fast switching for organizations and linked appliances Linking Quest KACE appliances

Enable appliance linking Add Names and Keys to appliances Enable access to Federation API settings Disable appliance linking

Configuring history settings

About history settings Managing settings history

Configure settings history subscriptions for organizations Configure System-level settings history subscriptions with the Organization component enabled View settings history

Managing asset history

Configure asset history subscriptions View asset history

Managing object history

Configure object history View object history

Using change history information

View the change history of items Search for items in change history lists Delete history records Export history records

Setting up and using labels to manage groups of items

About labels

About Smart Labels About LDAP Labels About label groups About organization filters

Tracking changes to label settings Managing manual labels

Add or edit manual labels View manual label details Delete manual labels

Managing Smart Labels

Add Smart Labels Example: Combine Smart Labels to identify devices Edit Smart Labels Setting up labels for user accounts

Add an All Ticket Owners label

Using Smart Labels for patching

Add a Smart Label for critical OS patches Add a Smart Label for new patches

Using Smart Labels with Discovery Results

Add Discovery Results Smart Labels Changing the run order of Discovery Results Smart Labels

Adding Smart Labels for devices

Add a Smart Label for desktops Add a Smart Label for servers Add a Smart Label for laptops

Assign the Smart Label run order Delete Smart Labels

Managing label groups

Add, view, or edit label groups Assign labels to or remove labels from label groups Delete label groups

Managing LDAP Labels

Add or edit LDAP Labels Enable LDAP Labels Delete LDAP Labels Use the LDAP Browser

Configuring user accounts, LDAP authentication, and SSO

About user accounts and user authentication About locale settings Managing System-level user accounts

Add or edit System-level user accounts Manage appliance administrator email notifications Delete System-level user accounts

Managing organization user accounts

Add or edit User Roles Delete User Roles Add or edit organization user accounts Customize user details

View or edit user profiles Using an LDAP server for user authentication

About the login account on your LDAP server Configure and test LDAP user authentication

Importing users from an LDAP server

Import user information manually Import user information according to a schedule

About single sign on (SSO)

Using external LDAP or Active Directory servers for single sign on About Quest Identity Broker

Enabling and disabling single sign on

Enable single sign on Disable single sign on

Using Active Directory for single sign on

Configure Active Directory as the single sign on method Configuring browser settings for single sign on

Configure Internet Explorer browser settings Configure Firefox browser settings Use Active Directory single sign on to access the Administrator Console or User Console

Unjoin the domain and disable Active Directory single sign on

Using Quest Identity Broker for single sign on

Configure Quest Identity Broker as the single sign on method Manage Quest Identity Broker user approval requests Use single sign on through Quest Identity Broker

Using Replication Shares

Create Replication Shares View Replication Share details

Managing credentials

Tracking changes to Credentials Management settings Add and edit User/Password credentials Add and edit Google OAuth credentials Add and edit SNMP credentials View credential usage Create reports from the Credentials Management list Export credentials information Delete credentials

Configuring assets

About the Asset Management component About managing assets

How asset information differs from inventory information Identifying the assets to track View assets and search for asset information Add barcodes to assets Change device owners

Adding and customizing Asset Types and maintaining asset information

About Asset Types Customizing Asset Types

About renaming fields and changing field types in Asset Types About adding and deleting asset fields Add or customize Asset Types About customizing the Device Asset Type Example: Add custom fields to the Device Asset Type Establishing relationships between asset fields Delete Asset Types

About Asset Subtypes, custom fields, and device detail preferences

Workflow for using Asset Subtypes with SNMP devices Add Asset Subtypes and select Device Detail page preferences Edit Asset Subtypes Set an Asset Subtype as the default View subtypes available to Asset Types View Asset Subtypes on the Assets page Assign or change Device Asset Subtypes from the Devices page Assign assets to subtypes or change subtype assignments from the Assets page Update custom asset fields manually Delete Asset Subtypes

Managing Software assets

Customize the Software Asset Type Adding Software assets

Add Software assets on the Software list Add Software assets in the Assets section

Managing physical and logical assets

Add physical Asset Types Archive device Assets

Maintaining and using manual asset information Managing locations

Manage locations Add or edit locations Customize location fields

Setting up License Compliance

About License Compliance for Software Catalog applications

About license upgrades About license downgrades

Customize the License Asset Type Add License assets for Software Catalog inventory Add License assets for Software page inventory Importing license data in CSV files

How asset information is handled during import Importing asset data using CSV files

Prepare asset data before importing Example: Import license data from prepared spreadsheets

Managing License Compliance

View License Compliance information for Software Catalog applications Update software License Compliance information manually Customize license usage warning thresholds View License Compliance and Configuration information

Setting up Service Desk

Setting up roles for user accounts

About default roles Create a Service Desk staff role Assign user roles Apply labels and roles to Service Desk staff Create the DefaultTicketOwners account

Configuring email settings

About email notifications About Ticket Rules About POP3 email accounts Create and configure POP3 email accounts Configuring email triggers and email templates

Configure email triggers Configure email templates

Configure CC lists for ticket categories Automatically add email addresses to ticket CC List fields Exclude addresses from ticket CC List fields Prevent email loops

Creating and managing organizations

About organizations

About the Default organization

Tracking changes to organization settings Managing Organization Roles and User Roles

Available default roles Add or edit Organization Roles Duplicate Organization Roles Delete roles

Adding, editing, and deleting organizations

Add or edit organizations Delete organizations Customizing the logos used for the User Console and organization reports

Managing user accounts for organizations Managing organization filters

How organization filters work Add or edit organization Data Filters Add or edit organization LDAP Filters Test organization filters Delete organization filters

Managing devices within organizations

Using Advanced Search Filter devices Redirect devices

Understanding device details Running single organization and consolidated reports

Importing and exporting appliance resources

About importing and exporting resources Transferring resources among appliances using Samba share directories

Export resources from an appliance Import resources to an appliance

Transferring resources among organizations

Export resources from organizations Import resources to organizations

Managing exported resources at the System level

View or delete shared resources Move shared resources from the local K1000 to network locations View or delete the status of resource exports

Managing inventory

Using Device Discovery

About Device Discovery and device management Tracking changes to Discovery settings Discovering devices on your network

Add a Discovery Schedule to perform a quick "what and where" scan of your network

Things to take into consideration with Nmap discovery

Add a Discovery Schedule for a thorough scan of managed Windows, Mac, Linux, and UNIX computers Obtain a Client ID and Client Secret for use in discovering Chrome devices Add a Discovery Schedule for a G Suite device Add a Discovery Schedule for a Dell Mobility Management (DMM) device Add a Discovery Schedule for SNMP-enabled non-computer devices Add a Discovery Schedule for an AirWatch device About Discovery Results View and search Discovery Results Provision the Agent using the discovered IP address or hostname Stop a running discovery scan Delete Discovery Schedules

Managing device inventory

About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information

Add custom data fields Schedule inventory data collection for managed devices View device inventory and details Groups and sections of items in device details About Dell Data Protection | Encryption (DDP|E) and encryption information in device details Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices

Add the DumpXmlInventory registry key to an Agent-managed Windows device Add the DumpXmlInventory registry key to an Agentless-managed Windows device

About Intel AMT information in device details

Finding and managing devices

Finding devices in inventory Labeling devices to group them

Add, apply, and remove manual device labels Using Smart Labels for devices

Run actions on devices View devices that have been added manually Delete devices from inventory

Provisioning the K1000 Agent

Enabling file sharing

Enable file sharing at the System level Enable organization-level file sharing with the Organization component enabled Enable file sharing without the Organization component enabled

Provisioning the K1000 Agent using the GPO Provisioning Tool for Windows devices

Prepare to use the GPO Provisioning Tool for Agent deployment Provision K1000 Agents using the K1000 GPO Provisioning Tool

Provisioning the K1000 Agent using onboard provisioning

Preparing to install the K1000 Agent Install the K1000 Agent on a device or multiple devices

Managing provisioning schedules

View, run, edit, or duplicate provisioning schedules Delete provisioning schedules View provisioning results

Managing Agent communications

Configure Agent communication and log settings View Agent task status View the Agent Command Queue Delete messages from the Agent command queue

Updating the K1000 Agent on managed devices

View K1000 Agent updates Configure Agent update settings Upload Agent updates manually

Manually deploying the K1000 Agent

Obtaining Agent installation files Manually deploying the K1000 Agent on Windows devices

Manually deploy the K1000 Agent on Windows devices using the installation wizard Manually deploy the K1000 Agent on Windows devices using the Command line

Manually deploying and upgrading the K1000 Agent on Linux devices

Manually deploy the K1000 Agent on Linux devices Deploy the K1000 Agent on Linux devices at startup or login Upgrade the K1000 Agent on Linux devices

Performing Agent operations on Linux devices

Start and stop the Agent on Linux devices Manually remove the Agent from Linux devices Verify that the Agent is running on Linux devices View the Agent version on Linux devices Collecting inventory information

Manually deploying and upgrading the K1000 Agent on Mac devices

Deploy or upgrade the K1000 Agent to Mac devices using the Agent installer Deploy the Agent to Mac devices using the terminal window Use shell scripts to deploy the K1000 Agent

Performing other Agent operations on Mac devices

Start or stop the Agent on Mac devices Manually remove the Agent from Mac devices Verify that the Agent is running on Mac devices Verify the version of the Agent on Mac devices Collecting inventory information from Mac devices

Viewing information collected by the Agent

Using Agentless management

About Agentless device management

Operating systems supported by Agentless management About enabling Agentless management on Agent-managed devices

Managing Agentless devices

Enable Agentless management using Discovery information Enable Agentless management by entering device information manually Shell support for SSH and Telnet connections Edit Agentless device connection details or delete Agentless devices

Using SNMP Inventory Configurations to identify specific SNMP objects and non-computer devices to add to inventory

Obtain a list of object identifiers (OIDs) using the Administrator Console Map Object Identifiers to fields in the K1000 inventory table Apply an SNMP Inventory Configuration to a device

Adding devices manually in the Administrator Console or by using the API

About managing devices Tracking changes to inventory settings Add devices manually with the Administrator Console Adding devices manually using the API

Enable inventory API access Submit inventory information using the API Sample Perl script Valid XML schema for Windows Example using the XML schema for Windows devices Valid XML schema for Linux and Mac devices Upload an XML file using the Administrator Console

Forcing inventory updates

Force inventory updates from the appliance Force inventory updates from Windows devices Force inventory updates from Mac OS X devices Force inventory updates from Linux devices

Managing MIA devices

Configure MIA settings Apply labels to MIA devices Delete MIA devices manually Troubleshoot devices that fail to appear in inventory

Obtaining Dell warranty information

Obtain Dell warranty information on a single Dell device instantly Renew a Dell warranty Run Dell warranty reports

Managing applications on the Software page

About the Software page

View items in Software page inventory

Tracking changes to inventory settings Adding and deleting applications in Software page inventory

Add applications to Software page inventory manually Delete applications

Creating Software assets

Add Software assets in the Inventory section Add Software assets in the Assets section Attach digital assets to applications and select supported operating systems Copy files to the K1000 Client Drop location

Using software threat levels and categories

Assign threat levels to applications Assign categories to applications

Finding and labeling applications

About finding applications using Advanced Search Add manual software labels Apply manual labels to or remove labels from software Add software Smart Labels

Managing the ITNinja feed

Enable the ITNinja feed Viewing ITNinja information

View ITNinja information for software View ITNinja information for Managed Installations View ITNinja information for File Synchronizations

Disable the ITNinja feed

Managing Software Catalog inventory

About the Software Catalog

Application classifications About cataloged applications About Locally Cataloged applications About Not Allowed applications Application categories How Software Catalog information is collected How the Software Catalog is used with the Organization component How Software Catalog information is localized How you can help improve the Software Catalog Differences between the Software page and the Software Catalog page

Viewing Software Catalog information

View lists of Discovered and Not Discovered applications View the list of Uncataloged applications View the list of Locally Cataloged applications View details of Software Catalog applications

Adding applications to the Software Catalog

Submitting cataloging requests automatically adds applications to the local Software Catalog How Locally Cataloged applications change to Cataloged applications How custom names are resolved when Locally Cataloged applications are added to the Software Catalog Submit cataloging requests Cancel cataloging requests and remove local cataloging

Managing License assets for Software Catalog applications

Add License assets for Software Catalog inventory Migrate License assets to applications in the Software Catalog

Using software metering

About software metering

About Classic Metering

About metering information

About the scripts that collect metering information How suites are metered

Enabling and configuring metering for devices and applications

Choosing the devices and applications to meter Enabling metering on devices Enable metering on devices using manual labels Enable metering on devices using Smart Labels Enable metering for Software Catalog applications Configure options for metering Software Catalog applications

Viewing Software Catalog metering information

View metering information on the Software Catalog Detail page View metering information on the Device Detail page

Disabling metering for Software Catalog applications and managed devices

Disable metering for Software Catalog applications Disabling metering for devices

Managing metering and scheduling inventory collection

Schedule metering and inventory collection intervals

Using Application Control

Requirements for blacklisting applications How applications are blacklisted About blacklisting application editions that share executable files Applications that cannot be blacklisted Apply the Application Control label to devices Mark applications and suites as Not Allowed View applications and suites that are marked as Not Allowed Create reports showing applications marked as Not Allowed Remove the Not Allowed designation from applications

Update or reinstall the Software Catalog

Managing process, startup program, and service inventory

Managing process inventory

View and edit process details Add labels for processes Apply labels to or remove labels from processes Categorize processes Assign threat levels to processes Delete processes

Managing startup program inventory

View and edit startup program details Add labels for startup programs Apply labels to or remove labels from startup programs Categorize startup programs Assign threat levels to startup programs Delete startup programs

Managing service inventory

View and edit service details Add labels for services Apply labels to and remove labels from services Categorize services Assign threat levels to services Delete services

Writing custom inventory rules

About Custom Inventory rules Types of Custom Inventory rules Create Custom Inventory rules

How Custom Inventory rules are implemented Syntax for Custom Inventory rules

Checking for conditions (conditional rules) Getting values from a device (Custom Inventory Field) Matching filenames to regular expressions

Understanding regular expressions Regular Expression Rule Reference

Defining rule arguments Test Custom Inventory rules

Deploying packages to managed devices

Distributing software and using Wake-on-LAN

About software distribution

About testing software distribution

Tracking changes to distribution settings Types of distribution packages

Attaching digital assets to applications and selecting supported operating systems

Distributing packages from the appliance Distributing packages from alternate download locations and Replication Shares

About alternate download locations About Replication Shares

Distributing applications to Mac OS X devices Using Managed Installations

Adding applications to inventory About creating Managed Installations About installation parameters Identify parameters that are supported by installer files Create Managed Installations for Windows devices Examples of common deployments on Windows

Standard MSI example Standard EXE example

Create Managed Installations for ZIP files Create Managed Installations for RPM files Create Managed Installations for TAR.GZ files Create Managed Installations for Mac OS X devices

Create and use File Synchronizations Using Wake-on-LAN

Issue Wake-on-LAN requests Schedule Wake-on-LAN requests Troubleshooting Wake-on-LAN

Exporting Managed Installations

Broadcasting alerts to managed devices

Create alerts to be broadcast

Running scripts on managed devices

About scripts

Obtaining script dependencies

Tracking changes to scripting settings About default scripts Adding and editing scripts

Token replacement variables Add offline KScripts or online KScripts Edit scripts Delete scripts from the Scripts page Delete scripts from the Script Detail page Structure of importable scripts Import scripts Duplicate scripts

Using the Run and Run Now commands

Run scripts from the Run Now page Run scripts from the Script Detail page Run scripts from the Scripts page Monitor Run Now status and view script details

About configuration policy templates Using Windows configuration policies

About starting Windows Automatic Updates on Windows devices Add Automatic Update scripts About Dell Command | Monitor Add Dell Command | Monitor scripts Add Desktop Wallpaper scripts Add Desktop Shortcuts scripts Add Event Log Reporter scripts Add MSI Installer scripts About power management and power consumption Add power management scripts for Windows devices Add Registry scripts Add Remote Desktop Control Troubleshooter scripts Add UltraVNC scripts Add Uninstaller scripts

Using Mac OS X configuration policies

Add Active Directory scripts Add Power Management scripts Add VNC scripts

Edit policies and scripts Search the scripting logs Exporting scripts

Managing Mac profiles

Tracking changes to Mac profile settings Adding, editing, and uploading Mac profiles

Add or edit Mac user profiles Add or edit Mac system profiles Add Mac profiles using existing profiles as templates Upload Mac profiles to the K1000 appliance

Installing and managing Mac profiles

Distribute Mac profiles on a schedule Install Mac profiles on devices using the Run option Identify devices that have Mac profiles installed View Mac profiles Export the Mac profiles list

Removing and deleting Mac profiles

Remove Mac profiles from managed devices Example: Remove a profile that has been deployed to specified devices Delete Mac profiles from the K1000 appliance

Patching devices and maintaining security

About patch management

Patching workflow About patch signature files About patch packages About patch testing and security

About the patch testing environment

About assessment testing About deployment testing

About the patch quality assurance process Best practices for patching

Subscribing to and downloading patches

About patch subscription and downloads Websites that must be accessible to the K1000 appliance Overview of first-time patch-subscription workflow View details about operating systems and applications Subscribing to patches and configuring download settings

Subscribe to patches Select patch download settings

Viewing available patches and download status

View available patches View patch download status

Creating and managing patch schedules

About scheduling critical OS patches for desktops and servers

Workflow for critical OS patches for desktops and servers

About scheduling critical patches for laptops

Workflow for critical patches for laptops

About scheduling non-critical patches Configuring patch schedules

Configure Detect-only patch schedules Configure Detect and Deploy patch schedules Configure Deploy-only patch schedules Configure Detect and Rollback patch schedules Configure Rollback-only patch schedules

Viewing patch schedules, status, and reports

View patch schedules View patch status View patch status by device View files within patches View patch reports

Managing patch rollbacks

Determine whether a patch can be rolled back Undo the last patching job

Managing patch inventory

Prerequisites for managing patch inventory Viewing patch information

View downloaded patches View patch details Resetting the number of patch deploy attempts

Reset the number of patch deploy attempts from the patch Catalog Reset the number of patch deploy attempts from the patch detail page

View patch information for devices in inventory View devices missing patches

Viewing patch statistics and logs

View patch statistics View the patch log

Mark patches as inactive Patch Mac OS X devices

Managing Dell devices and updates

Managing Dell devices with Dell Updates Differences between patching and Dell Updates Configuring Dell Updates

Configure Dell Update catalog updates Create Dell Update schedules

Maintaining device and appliance security

Testing device security

About OVAL security checks Understanding OVAL tests and definitions

View OVAL tests and definitions Running OVAL tests Using labels to restrict OVAL tests Understanding OVAL updates Configure OVAL Settings View the OVAL vulnerability report Apply labels to affected devices View the OVAL Report

About SCAP

SCAP supported versions and platforms How the K1000 conducts SCAP scans Definitions of SCAP standards

About benchmarks How a SCAP scan works

Access SCAP Scan information View and manage benchmarks Import and modify benchmarks Configure SCAP schedules

Editing SCAP scan schedules

View the resolved XCCDF files View the OVAL timestamp View script tasks View SCAP scan results Download benchmarks from the archive

About security policy templates Using Windows security policy templates

Add Internet Explorer scripts Add XP SP3 Firewall scripts Add McAfee AntiVirus scripts Add McAfeeSuperDAT scripts Add Symantec AntiVirus scripts

Using Mac security policy templates

Add Application Layer Firewall scripts Add Parental Controls scripts Add Security scripts

Resolve Windows security issues that prevent Agent provisioning

Maintaining appliance security

Security run output

Using reports and scheduling notifications

About reports and notifications

About reports About notifications Tracking changes to report settings

Creating and modifying reports

Creating reports

Create reports using the report wizard Create reports using SQL queries Create reports from list pages Duplicate reports Edit SQL statements on reports created with the report wizard Create reports from history lists

Modifying reports

Edit reports Delete reports

Customizing logos used for reports Create or modify linked reports

Scheduling reports and notifications

Running single-organization and consolidated reports

Run single-organization reports Run consolidated organization reports

Scheduling reports

Add report schedules Delete report schedules

Scheduling notifications

Add notification schedules from the Reporting section Add notification schedules from list pages Edit notification schedules Delete notification schedules

Monitoring servers

Getting started with server monitoring

Enable monitoring for a device

Enable monitoring for one or more servers from the Devices inventory list Enable monitoring for a server from its Device Detail page

Obtain a new license key to increase server monitoring capacity Apply a new license key to increase server monitoring capacity

Working with monitoring profiles

Edit a profile Configure SNMP trap messages and alerting criteria Create a new profile using a default profile as a template Profile log paths for MySQL and Apache Upload a profile that was created by another user Download a profile so that it can be used by others Bind an additional profile to a device Define nonstandard log date format Configuring application and threshold monitoring with Log Enablement Packages

Install one or more LEPs on monitored devices Set up a Windows Server 2003 device with an ITNinja monitoring Log Enablement Package (LEP) Edit the monitoring Log Enablement Package (LEP) for a Windows Server 2008 or higher device Edit the monitoring Log Enablement Package (LEP) for a Windows Server 2003 device

Managing monitoring for devices

Pause monitoring for a device Pause or resume monitoring for multiple devices Set the polling interval and any automatic dismissal or deletion of alerts Disable ping probe Receive alerts when device configurations change Schedule a Maintenance Window during which time alerts are not collected from a device Create and assign monitoring-specific roles Disable monitoring for one or more devices Enable monitoring for one or more devices

Working with alerts

Add notification schedules from the Monitoring Alerts list page Create a Service Desk ticket from an alert Search for alerts using Advanced Search criteria Filtering alerts using the Include Text and Exclude Text capability

Filter alerts using the Include Text and Exclude Text capability from the Profile Details page Filter alerts using the Exclude Text capability from the Monitoring Alerts list page Examples of Include Text and Exclude Text for monitoring profiles

Dismiss an alert Retrieve and review alerts that have been dismissed from the alerts list Delete alerts

Using the Service Desk

Configuring Service Desk

System requirements About Service Desk Overview of setup tasks Configuring Service Desk business hours and holidays

Configure Service Desk business hours Configure Service Desk holidays

Configuring Service Level Agreements

Enable Service Level Agreements

Configuring Service Desk ticket queues

Configure ticket queues Rename Service Desk titles and labels Enable or disable the conflict warning

Configuring ticket settings

Customize the Ticket Detail page

Customizing the User Console home page

Change the User Console logo and text at the System level Change the User Console logo and login text at the Admin-level Show or hide action buttons and widgets on the User Console home page Show or hide links to Knowledge Base articles on the User Console home page Add, edit, hide, or delete User Console announcements Prioritize User Console announcements or mark an announcement as urgent Add, edit, or delete custom links on the User Console home page Add ticket links to the User Console home page Add a quick-action link for reporting problems on the User Console home page About the session timeout period

Using the Satisfaction Survey

Changing the Satisfaction Survey default behavior

Change the Satisfaction Survey label Remove the Satisfaction Survey field from tickets

Enable or disable security for Service Desk attachments

Managing Service Desk tickets, processes, and reports

Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console

Create tickets from the User Console Create tickets from the Administrator Console Ticket page Create tickets from the Device Detail page Create tickets from the Asset Detail page Create a Service Desk ticket from an alert

Creating and managing tickets by email

About attachments to tickets created through email Enable email ticket creation Modifying ticket attributes using email Clearing a ticket field using email Changing ticket fields using email Changing ticket approval fields using email

Setting or changing custom fields using email

Viewing tickets and managing comments, work, and attachments

Navigate among tickets, related devices, and assets Add work information for tickets Use default views for tickets Create custom views for tickets Set a view as the default view for tickets Add comments to tickets Add owner-only comments to tickets View ticket comments Add or delete screenshots and attachments to Service Desk tickets View ticket activity history Send ticket information through email Run Device Actions from tickets

Using the ticket escalation process

Understanding ticket states Understanding the escalation time limit Understanding escalation Changing ticket escalation settings Change the list of escalation email recipients Change the escalation time limits Change the default escalation email message

Using Service Desk processes

Add, edit, and enable process templates Define process types Create process tickets to manage related tasks View process information Cancel or complete process tickets Delete process templates Convert process tickets to regular tickets Convert regular tickets to process tickets

Using Ticket Rules

Using and configuring system Ticket Rules Understanding and customizing system Ticket Rules Create custom Ticket Rules Duplicate a custom Ticket Rule Delete a custom Ticket Rule Move a Ticket Rule from one queue to another

Run Service Desk reports Archiving, restoring, and deleting tickets

Enable ticket archival Configure queue archive settings Archive selected tickets Restore archived tickets Delete archived tickets

Managing ticket deletion

Configure ticket deletion settings Delete tickets

Managing Service Desk ticket queues

About Service Desk ticket queues Adding and deleting queues

Add a queue Add a queue by duplicating an existing queue Delete a queue or queues

Viewing tickets in queues

View tickets across all queues

Setting the default queue

Set the default queue at the system level Set the default queue at the user level

Set the default fields for the All Queues ticket list Move tickets between queues

About User Downloads and Knowledge Base articles

Managing User Downloads

Add User Downloads Apply labels to User Downloads Remove labels from User Downloads Delete User Downloads

Managing Knowledge Base articles

Add, edit, or duplicate Knowledge Base articles Delete Knowledge Base articles View user ratings and the number of views for Knowledge Base articles

Customizing Service Desk ticket settings

About customizing Service Desk ticket settings Create ticket categories and subcategories Customizing ticket values

Customize ticket status values Customize ticket priority values Customize ticket impact values

Customizing ticket layout

Customize Layout and Related Ticket Fields Configure Comment Field Options Define custom ticket fields Preview ticket layout Customize the ticket list layout

Using parent-child ticket relationships

Enable parent-child ticket relationships for a queue Enable parent tickets to close child tickets Create child tickets for any ticket Designate tickets as parents and add existing tickets as their children Use a parent ticket as a to-do list Use parent tickets to organize duplicate tickets

Using ticket approvers

Configure ticket approvers Approving tickets by email

Configuring SMTP email servers

Connect your email server to the K1000 appliance Using internal and external SMTP servers

Use the internal SMTP server Use an external SMTP server or Secure SMTP server

Maintenance and troubleshooting

Maintaining the appliance

Tracking changes to settings About appliance backups

Set the daily backup schedule and the number of backups to retain Back up the appliance manually Download backup files from the Administrator Console Access backup files through FTP About deleting appliance backup data

Disable or enable appliance backups

Restoring the appliance

Restore the appliance using the most recent backup Upload backup files to the appliance Restore the appliance from backups Restore the appliance to factory settings

Updating appliance software

Check for and apply advertised appliance updates Upload an update file to the appliance manually Verify updates Update the appliance license key

Reboot or shut down the appliance Update OVAL definitions from KACE Understanding the daily run output

Disk status Appliance network interface status Appliance up-time and load averages Email system health

Verify SMTP settings

Appliance backup status Status of RAID drives

Troubleshooting the K1000

Using Troubleshooting Tools

Verify the status of devices on the network Enable a tether to Quest Support

Troubleshooting appliance issues

View appliance logs Download appliance activity logs Viewing the daily run output

Troubleshooting and debugging the K1000 Agent

Resolve Windows security issues that prevent Agent provisioning Enabling debugging on Windows devices

Enable Windows debugging by editing the amp.conf file Enable Windows debugging from the command line

Enable debugging on Linux devices Enable debugging on Mac OS X devices

Testing and troubleshooting email communication

Test outgoing email Test incoming email Use Telnet to test incoming email Access appliance logs to view Microsoft Exchange Server errors Troubleshooting email errors

About Two-Factor Authentication

Appendixes

Database table names Adding steps to task sections of scripts LDAP variables

Glossary

A B C D E F I K L M N O P Q R S T U V W

About us

We are more than just a name Our brand, our vision. Together. Contacting Quest Technical support resources

Legal notices

• Viewing Topics 741 - 744 of 1045
•  Previous
• Next 

×

Add Security scripts

Using Mac security policy templates

Add Application Layer Firewall scripts

Add Parental Controls scripts

Add Security scripts

You can use security policy templates to create scripts that configure security settings on Mac devices.

The following sections explain how to use the policies available to Mac OS X devices.

NOTE: If you edit a template-based policy, keep the Run As setting as local system.

Add Application Layer Firewall scripts

Use this template to create scripts that configure the Application Layer Firewall (ALF) on Mac devices.

In Mac OS X, ALF is located in Mac System Preferences.

1.	Go to the Security Policies list:

a.	Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.

b.	On the left navigation bar, click Scripting, then click Security Policies.

2.	In the Mac section, click Application Layer Firewall to display the Mac Application Layer Firewall page.

3.	Provide the following information:

Option	Description
Name	A name that identifies the script. This name appears on the Scripts page.
Application Layer Firewall Mode	The level of security to use for the firewall.
Enable Firewall Logging	Enable the firewall to log information about the unsolicited requests, blocked requests, and successful requests.
Enable Stealth Mode	Enable the firewall to drop packages that are denied without sending error messages to requesters.
Trusted Applications	The full path to the application binaries, for example: /Applications/Safari.app/Contents/MacOS/

4.	Click Save to display the Script Detail page.

5.	Select options for configuration, deployment, and scheduling. See Add offline KScripts or online KScripts.

6.	To edit the raw XML used in the script, click Edit XML below the Schedule section.

7.	Click Save.

Add Parental Controls scripts

Use this template to create scripts that configure the parental control options available on Mac OS X.

Some of the options are set using Managed Client for Mac OS X (MCX) on a local device. This method of setting options takes the place of network-based policy settings on an Open Directory server. Mixing network-based policy settings with local node settings might lead to unpredictable results.

Most of these settings require a reboot or logout and login to take effect.

1.	Go to the Security Policies list:

a.	Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.

b.	On the left navigation bar, click Scripting, then click Security Policies.

2.	In the Mac section, click Parental Controls to display the Mac Parental Controls page.

3.	Provide the following information:

Option	Description
Name	A name that identifies the script. This name appears on the Scripts page.
Hide Profanity in Dictionary	Prevent words identified as profanity from being displayed in the dictionary on target devices.
Prohibit actions	Prevent actions from being performed on target devices.
Website Restrictions	Select the access restrictions for websites.
URLs of approved websites	If you select Allow access only to these websites, provide the URLs of the websites you want to approve. Users on target devices can only access approved websites.

4.	Click Save to display the Script Detail page.

5.	Select options for configuration, deployment, and scheduling. See Add offline KScripts or online KScripts.

6.	To edit the raw XML used in the script, click Edit XML below the Schedule section.

7.	Click Save.

Add Security scripts

Use this template to create scripts that configure security options on Mac OS X devices.

Security options are available in Mac System Preferences.

Some of the options are set using Managed Client for Mac OS X (MCX) on a local device. This method of setting options takes the place of network-based policy settings on an Open Directory server. Mixing network-based policy settings with local node settings might lead to unpredictable results.

Most of these settings require a reboot or log out and log in to take effect.

1.	Go to the Security Policies list:

a.	Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.

b.	On the left navigation bar, click Scripting, then click Security Policies.

2.	In the Mac section, click Security Policies to display the Mac Security Policy page.

3.	Provide the following information:

Option	Description
Name	A name that identifies the script. This name appears on the Scripts page.
Actions to enforce	The actions to perform on target devices.
Timeout	The period, in minutes, after which actions are performed.

4.	Click Save to display the Script Detail page.

5.	Select options for configuration, deployment, and scheduling. See Add offline KScripts or online KScripts.

6.	To edit the raw XML used in the script, click Edit XML below the Schedule section.

7.	Click Save.

Resolve Windows security issues that prevent Agent provisioning

Resolve Windows security issues that prevent Agent provisioning

If Windows security settings prevent the K1000 appliance from provisioning the Agent to Windows devices, you can reconfigure settings through a command prompt.

To allow provisioning, you must open the firewall and configure security settings.

1.	Open a command prompt on the device.

2.	Open the firewall and configure security settings:

reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v ForceGuest /t REG_DWORD /d 0 /f

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v FdenyTSConnections /t REG_DWORD /d 0 /f

netsh.exe firewall set service type=FILEANDPRINT mode=ENABLE scope=ALL

netsh.exe firewall set service type=REMOTEADMIN mode=ENABLE scope=ALL

Maintaining appliance security

Maintaining appliance security

Security run output

To maintain appliance security, review daily security reports, and apply appliance software updates as they become available.

When appliance software updates are available, they are advertised on the appliance Dashboard.

Security run output

Security run output

The appliance security status is provided in the security run output email.

The K1000 security run output is automatically emailed to the system administrator every day at 02:00.

The following example shows the content of the security run output.

Checking setuid files and devices:

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

MyK1 kernel log messages:
+++ /tmp/security.G1jFJvQh 2013-04-21 02:01:01.000000000 -0700
+em0: link state changed to DOWN
+em0: link state changed to UP
+em0: link state changed to DOWN
+em0: link state changed to UP
+em0: link state changed to DOWN
+em0: link state changed to UP
+em0: link state changed to DOWN
+em0: link state changed to UP
+em0: link state changed to DOWN
+em0: link state changed to UP
+em0: link state changed to DOWN
+em0: link state changed to UP
+em0: link state changed to DOWN
+em0: link state changed to UP

MyK1 login failures:

MyK1 refused connections:

-- End of security output --

•  Previous
• Viewing Topics 741 - 744 of 1045
• Next 

Search this document Search all documents for this product-version Search all documents for this product Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy