Chat now with support
Chat with Support

KACE Asset Management Appliance 7.1 - Administrator Guide

About the KACE Systems Management Appliance (K1000) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations
Setting up License Compliance Managing License Compliance Setting up Service Desk Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the K1000 Agent Manually deploying the K1000 Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the K1000
Appendixes Glossary About us Legal notices

About Dell Data Protection | Encryption (DDP|E) and encryption information in device details

About Dell Data Protection ||E) and encryption information in device details

If devices in the network have the DDP|E client installed, the K1000 can collect status and configuration information and display it on the Device Detail page.

Registry key needed to be set on Windows DDP|E client

A requirement for the K1000 being able to collect detailed inventory from Windows DDP|E clients is to set the DumpXmlInventory key in the client.

This registry value causes DDP|E to write an inventory.xml file to the target device, which is then parsed by inventory. See Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices.

This requirement applies only to Windows.

Dell Data Protection ||E)

DDP|E consists of applications that enable a user to:

Table 10. Supported OSs for DDP|E

Operating system

Versions

Windows

7, 8, 8.1

Mac OS X

10.7.5, 10.8.3–10.8.5, 10.9.2–10.9.3

Table 11. DDP|E information displayed on the Device Detail page

 

Item

 

Description

MACHINE_DDPE

Database field

Unique ID

An identification of the DDP|E client used by the DDP|E server.

MCID

Agent Version

Version of DDP|E client installed.

AGENT_VERSION

Server Hostname

Hostname of the DDP|E server managing this DDP|E client.

SERVER_HOSTNAME

Protection Status

Example values are Protected and Unprotected. Values of Locked or Unknown might indicate a problem.

PROTECTION_STATUS

Last Inventory Generated

Timestamp of when the last DDP|E client inventory occurred. Not to be confused with K1 inventory.

PROTECTION_STATUS_UPDATED

Table 12. DDP|E Volume information displayed on the Device Detail page

 

Item

 

Description

MACHINE_DDPE_VOLUME

Database field

Device

Name of the device/volume as reported by the operating system.

DEVICE_ID

Protection Status

Indication of the current level/status of DDP|E protection on the DDP|E client.

PROTECTION_STATUS

Protection Reason

Manner of protection used on the DDP|E client. The option is typically VendorProtected, which indicates DDP|E or BitLocker.

PROTECTION_REASON

BitLocker

BitLocker is a full disk encryption feature included with Windows.

Table 13. Supported OSs for BitLocker

Operating system

Versions

Windows

Vista, 7 (Enterprise and Ultimate)

Windows

8, 8.1 (Pro and Enterprise)

Windows server

2008, 2008 R2, 2012, 2012 R2

Table 14. BitLocker information displayed on the Device Detail page

 

Item

 

Description

MACHINE_BITLOCKER_VOLUME

Database field

Device ID

Unique identifier for the volume on the system.

DEVICE_ID

Persistent Volume ID

A persistent identifier for the volume on the system.

PERSISTENT_VOLUME_ID

Protection status

Denotes whether BitLocker is protecting the volume.

PROTECTION_STATUS

Metadata Version

Possible values:

VERSION

Encryption Method

Type of encryption used. For example, AES-128. Possible values:

SELF_ENCRYPTION_DRIVE

_ENCRYPTION_METHOD

Hardware Encryption Status

Possible values:

HARDWARE_ENCRYPTION_STATUS

Lock Status

Possible values:

LOCK_STATUS

Conversion Status

Status of the conversion. Possible values:

CONVERSION_STATUS

Encryption Percentage

The extent of conversion, shown as a percentage.

ENCRYPTION_PERCENTAGE

Wiping Status

Status of any wiping of free space. Possible values:

WIPING_STATUS

Wiping Percentage

The extent of free space wiping, shown as a percentage.

WIPING_PERCENTAGE

Key Protectors

Key protectors in place. Possible values:

KEY_PROTECTORS

FileVault 2

FileVault 2 is a full disk encryption feature included with Mac OS X.

Table 15. Supported OSs for FileVault 2

Operating system

Versions

Mac OS X

10.8, 10.9, 10.10

Table 16. FileVault 2 information displayed on the Device Detail page

 

Item

 

Description

MACHINE_FILEVAULT_VOLUME

Database field

Enabled

Indicates if FileVault is enabled.

IS_ENABLED

Personal Recovery Key

Indicates the existence of a Personal Recovery Key.

HAS_PERSONAL_RECOVERY_KEY

Institutional Recovery Key

Indicates the existence of a corporate-provisioned X.509-based asymmetric key pair.

HAS_INSTITUTIONAL_RECOVERY

_KEY

Authorized Users

A list of accounts that can unlock the drive in EFI.

AUTHORIZED_USERS

Conversion Status

The status of the encryption process. Examples include Pending Conversion, Converting, Encryption Paused, and Complete.

CONVERSION_STATUS

Conversion Percentage

The extent of conversion, shown as a percentage.

CONVERSION_PERCENTAGE

Encryption Status

Status of the encryption. For example, Locked or Unlocked.

ENCRYPTION_STATUS

Encryption Type

Type of encryption used. For example, AES-XTS.

ENCRYPTION_TYPE

Device

Unique identifier for the volume on the system.

DEVICE_ID

Version

VERSION

Trusted Platform Module (TPM)

TPM is a dedicated microprocessor that secures hardware by integrating cryptographic keys into devices.

Table 17. Supported OSs for TPM

Operating system

Versions

Windows

Vista, 7, 8, 8.1

Windows Server

2008, 2008 R2, 2012, 2012 R2

Table 18. TPM information displayed on the Device Detail page

 

Item

 

Description

MACHINE_TPM

Database field

Manufacturer

Manufacturer of the TPM chip.

MANUFACTURER_ID_TEXT

Manufacturer Version

Version of the TPM chip.

MANUFACTURER_VERSION

Manufacturer Version Info

Additional version information that is specific to the manufacturer.

MANUFACTURER_VERSION_INFO

Specification Version

The version of the Trusted Computing Group (TCG) specification that the TPM supports.

SPECIFICATION_VERSION

Physical Presence Version

The version of the Physical Presence Interface that the device supports. The Physical Presence Interface is a communication mechanism that runs device operations that require physical presence.

PHYSICAL_PRESENCE_VERSION

_INFO

TPM Enabled

Step 1 of TPM initialization.

IS_TPM_ENABLED

TPM Activated

Step 2 of TPM initialization.

IS_TPM_ACTIVATED

TPM Owned

Step 3 of TPM initialization.

IS_TPM_OWNED

Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices

Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices

If DumpXmlInventory is absent on a Windows DDP|E client, the K1000 cannot get access to the inventory .xml file in order to collect the relevant field information.

Dell Data Protection | Encryption is installed on the Windows device. Go to http://www.dell.com/support/home/us/en/19/product-support/product/dell-data-protection-encryption/drivers.

The procedure for adding the key is different for Agent-managed devices and Agentless-managed devices.

Add the DumpXmlInventory registry key to an Agent-managed Windows device

You must add DumpXmlInventory to a Windows DDP|E client before the K1000 can collect field information from that client's inventory.xml file.

For Agent-managed Windows devices, you can use a default offline KScript from the K1000 scripting feature to set the "dump inventory" registry key. This key is necessary for the DDP|E agent to write the detailed inventory XML data to the K1000 file system.

1.
Go to the Script Detail page for the K1000 Enable Detailed DDPE Inventory (Windows) script.
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
c.
From the list, select K1000 Enable Detailed DDPE Inventory (Windows).
2.
In the Configure section, specify script settings:

Option

Description

Name

K1000 Enable Detailed DDPE Inventory (Windows), the name of this default script.

Enabled

Select this check box to run the script on the target devices. Do not enable a script until you are finished testing it and are ready to run it. Enable the script on a test label before you enable it on all devices.

Type

The script type is Offline KScripts.

Status

Indicates the readiness of the script to be rolled out to the network. Set the status to Production.

Description

Contains the brief description of the actions the default script performs.

Notes

Any additional information you want to provide.

3.
In the Deploy section specify deployment options:

Option

Description

All Devices

Deploy to all devices. Clear the check box to limit the deployment to specific labels or devices.

Labels

Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save.

If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.

Devices

Limit deployment to one or more devices. To find devices, begin typing in the field.

Operating Systems

Limit deployment to devices that have the specified operating systems. Leave the Operating Systems field blank to deploy the script to all operating systems.

Select Specific Operating Systems

Limit deployment to devices that have specific versions of operating systems. If this check box is cleared, the script runs on all versions of specified operating systems.

4.
In the Schedule section, specify run options:

Option

Description

None

Run in combination with an event rather than on a specific date or at a specific time.

Every nth minutes/hours

Run at a specified interval.

Every day/specific day at HH:MM

Run daily at a specified time, or run on a designated day of the week at a specified time.

Run on the nth of every month or on a specific month at HH:MM

Run on the same day every month, or a specific month, at the specified time.

Custom Schedule

Run according to a custom schedule.

Use standard 5-field cron format (extended cron format is not supported):

Use the following when specifying values:

Spaces ( ): Separate each field with a space.
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour.
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday.
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday.
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk (*) specifies every hour, but /3 restricts this to hours divisible by 3.

Examples:

Also run once at next device checkin (for offline KScripts only)

Runs the offline KScript once when new scripts are downloaded from the appliance.

Also Execute before login (for offline KScripts only)

Runs the offline KScript when devices start up. This might cause devices to start up more slowly than normal.

Also Execute after login (before desktop loads) (for offline KScripts only)

Runs the offline KScript after users enter Windows login credentials.

Allow run while disconnected (for offline KScripts only)

Allows the offline KScript to run even if the target device cannot contact the appliance to report results. In such a case, results are stored on the device and uploaded to the appliance during the next connection.

Allow run without a logged-in user

Allows the script to run even if a user is not logged in. To run the script only when the user is logged in to the device, clear this option.

Run on next connection if offline

For online KScripts or Shell Scripts, this option enables the script to run on offline machines when they become online again.

When a script runs, it calculates the number of machines it is supposed to run on based on their labels, or their operating systems, or by manually identifying selected machines. Given that set of machines, the script then determines which of those machines are currently online, and then queues up a task for the online machines in the Konductor.

When you select this option, the script skips the step that identifies online machines and it runs on the online machines. For the offline machines, the task is added to the Konductor's queue, and it runs when those machine become online.

Any subsequent tasks for running the same script (for example, for an offline machine that already exists in the Konductor's queue) overwrite the existing tasks, so there can never be more than one task in the Konductor's queue for the same machine.

Having a high number of tasks in the Konductor may affect the appliance's performance, so the best practice is to use offline scripts for those machines that are typically offline, and only use this option with online scripts when the target machines are expected to be online, to avoid an overpopulating the Konductor's queue.

By default, this option is disabled.

5.
Skip the Dependencies and Tasks sections.
Click Run Now to immediately push the script to all devices.

Use this option with caution. See Using the Run and Run Now commands.

Click Save.
Add the DumpXmlInventory registry key to an Agentless-managed Windows device

You must add DumpXmlInventory to a Windows DDP|E client before the K1000 can collect field information from that client's inventory.xml file.

For an Agentless-managed Windows device, the process requires that you create a new Group Policy Object on a Windows Server 2008 or 2012 device so that you can deploy the registry setting to multiple devices in a domain.

1.
2.
Right-click Group Policy Objects and click New.
3.
Provide a description name for the new GPO (for instance, Dell Data Protection | Encryption: Inventory Registry Setting) and click OK.
5.
Browse to Computer Configuration > Preferences > Windows Settings > Registry.
6.
Right-click Registry and select New > Registry Item.
7.
On the General tab, select Update in the Action drop-down menu.
8.
Select HKEY_LOCAL_MACHINE in the Hive drop-down list.
9.
Specify a Key Path of SYSTEM\CurrentControlSet\services\DellMgmtAgent\Parameters.
10.
Specify a Value name of DumpXmlInventory.
11.
Select REG_DWORD in the Value type drop-down list.
12.
Specify 1 in the Value data field.
13.
Select the Hexadecimal option in the Base group, and click OK.
14.
Close the Group Policy Management Editor.

You can now link this new group policy object to a specific domain, Organizational Unit, and so on.

Add the DumpXmlInventory registry key to an Agent-managed Windows device

Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices

If DumpXmlInventory is absent on a Windows DDP|E client, the K1000 cannot get access to the inventory .xml file in order to collect the relevant field information.

Dell Data Protection | Encryption is installed on the Windows device. Go to http://www.dell.com/support/home/us/en/19/product-support/product/dell-data-protection-encryption/drivers.

The procedure for adding the key is different for Agent-managed devices and Agentless-managed devices.

Add the DumpXmlInventory registry key to an Agent-managed Windows device

You must add DumpXmlInventory to a Windows DDP|E client before the K1000 can collect field information from that client's inventory.xml file.

For Agent-managed Windows devices, you can use a default offline KScript from the K1000 scripting feature to set the "dump inventory" registry key. This key is necessary for the DDP|E agent to write the detailed inventory XML data to the K1000 file system.

1.
Go to the Script Detail page for the K1000 Enable Detailed DDPE Inventory (Windows) script.
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
c.
From the list, select K1000 Enable Detailed DDPE Inventory (Windows).
2.
In the Configure section, specify script settings:

Option

Description

Name

K1000 Enable Detailed DDPE Inventory (Windows), the name of this default script.

Enabled

Select this check box to run the script on the target devices. Do not enable a script until you are finished testing it and are ready to run it. Enable the script on a test label before you enable it on all devices.

Type

The script type is Offline KScripts.

Status

Indicates the readiness of the script to be rolled out to the network. Set the status to Production.

Description

Contains the brief description of the actions the default script performs.

Notes

Any additional information you want to provide.

3.
In the Deploy section specify deployment options:

Option

Description

All Devices

Deploy to all devices. Clear the check box to limit the deployment to specific labels or devices.

Labels

Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save.

If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.

Devices

Limit deployment to one or more devices. To find devices, begin typing in the field.

Operating Systems

Limit deployment to devices that have the specified operating systems. Leave the Operating Systems field blank to deploy the script to all operating systems.

Select Specific Operating Systems

Limit deployment to devices that have specific versions of operating systems. If this check box is cleared, the script runs on all versions of specified operating systems.

4.
In the Schedule section, specify run options:

Option

Description

None

Run in combination with an event rather than on a specific date or at a specific time.

Every nth minutes/hours

Run at a specified interval.

Every day/specific day at HH:MM

Run daily at a specified time, or run on a designated day of the week at a specified time.

Run on the nth of every month or on a specific month at HH:MM

Run on the same day every month, or a specific month, at the specified time.

Custom Schedule

Run according to a custom schedule.

Use standard 5-field cron format (extended cron format is not supported):

Use the following when specifying values:

Spaces ( ): Separate each field with a space.
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour.
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday.
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday.
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk (*) specifies every hour, but /3 restricts this to hours divisible by 3.

Examples:

Also run once at next device checkin (for offline KScripts only)

Runs the offline KScript once when new scripts are downloaded from the appliance.

Also Execute before login (for offline KScripts only)

Runs the offline KScript when devices start up. This might cause devices to start up more slowly than normal.

Also Execute after login (before desktop loads) (for offline KScripts only)

Runs the offline KScript after users enter Windows login credentials.

Allow run while disconnected (for offline KScripts only)

Allows the offline KScript to run even if the target device cannot contact the appliance to report results. In such a case, results are stored on the device and uploaded to the appliance during the next connection.

Allow run without a logged-in user

Allows the script to run even if a user is not logged in. To run the script only when the user is logged in to the device, clear this option.

Run on next connection if offline

For online KScripts or Shell Scripts, this option enables the script to run on offline machines when they become online again.

When a script runs, it calculates the number of machines it is supposed to run on based on their labels, or their operating systems, or by manually identifying selected machines. Given that set of machines, the script then determines which of those machines are currently online, and then queues up a task for the online machines in the Konductor.

When you select this option, the script skips the step that identifies online machines and it runs on the online machines. For the offline machines, the task is added to the Konductor's queue, and it runs when those machine become online.

Any subsequent tasks for running the same script (for example, for an offline machine that already exists in the Konductor's queue) overwrite the existing tasks, so there can never be more than one task in the Konductor's queue for the same machine.

Having a high number of tasks in the Konductor may affect the appliance's performance, so the best practice is to use offline scripts for those machines that are typically offline, and only use this option with online scripts when the target machines are expected to be online, to avoid an overpopulating the Konductor's queue.

By default, this option is disabled.

5.
Skip the Dependencies and Tasks sections.
Click Run Now to immediately push the script to all devices.

Use this option with caution. See Using the Run and Run Now commands.

Click Save.
Add the DumpXmlInventory registry key to an Agentless-managed Windows device

You must add DumpXmlInventory to a Windows DDP|E client before the K1000 can collect field information from that client's inventory.xml file.

For an Agentless-managed Windows device, the process requires that you create a new Group Policy Object on a Windows Server 2008 or 2012 device so that you can deploy the registry setting to multiple devices in a domain.

1.
2.
Right-click Group Policy Objects and click New.
3.
Provide a description name for the new GPO (for instance, Dell Data Protection | Encryption: Inventory Registry Setting) and click OK.
5.
Browse to Computer Configuration > Preferences > Windows Settings > Registry.
6.
Right-click Registry and select New > Registry Item.
7.
On the General tab, select Update in the Action drop-down menu.
8.
Select HKEY_LOCAL_MACHINE in the Hive drop-down list.
9.
Specify a Key Path of SYSTEM\CurrentControlSet\services\DellMgmtAgent\Parameters.
10.
Specify a Value name of DumpXmlInventory.
11.
Select REG_DWORD in the Value type drop-down list.
12.
Specify 1 in the Value data field.
13.
Select the Hexadecimal option in the Base group, and click OK.
14.
Close the Group Policy Management Editor.

You can now link this new group policy object to a specific domain, Organizational Unit, and so on.

Add the DumpXmlInventory registry key to an Agentless-managed Windows device

Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices

If DumpXmlInventory is absent on a Windows DDP|E client, the K1000 cannot get access to the inventory .xml file in order to collect the relevant field information.

Dell Data Protection | Encryption is installed on the Windows device. Go to http://www.dell.com/support/home/us/en/19/product-support/product/dell-data-protection-encryption/drivers.

The procedure for adding the key is different for Agent-managed devices and Agentless-managed devices.

Add the DumpXmlInventory registry key to an Agent-managed Windows device

You must add DumpXmlInventory to a Windows DDP|E client before the K1000 can collect field information from that client's inventory.xml file.

For Agent-managed Windows devices, you can use a default offline KScript from the K1000 scripting feature to set the "dump inventory" registry key. This key is necessary for the DDP|E agent to write the detailed inventory XML data to the K1000 file system.

1.
Go to the Script Detail page for the K1000 Enable Detailed DDPE Inventory (Windows) script.
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
c.
From the list, select K1000 Enable Detailed DDPE Inventory (Windows).
2.
In the Configure section, specify script settings:

Option

Description

Name

K1000 Enable Detailed DDPE Inventory (Windows), the name of this default script.

Enabled

Select this check box to run the script on the target devices. Do not enable a script until you are finished testing it and are ready to run it. Enable the script on a test label before you enable it on all devices.

Type

The script type is Offline KScripts.

Status

Indicates the readiness of the script to be rolled out to the network. Set the status to Production.

Description

Contains the brief description of the actions the default script performs.

Notes

Any additional information you want to provide.

3.
In the Deploy section specify deployment options:

Option

Description

All Devices

Deploy to all devices. Clear the check box to limit the deployment to specific labels or devices.

Labels

Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save.

If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.

Devices

Limit deployment to one or more devices. To find devices, begin typing in the field.

Operating Systems

Limit deployment to devices that have the specified operating systems. Leave the Operating Systems field blank to deploy the script to all operating systems.

Select Specific Operating Systems

Limit deployment to devices that have specific versions of operating systems. If this check box is cleared, the script runs on all versions of specified operating systems.

4.
In the Schedule section, specify run options:

Option

Description

None

Run in combination with an event rather than on a specific date or at a specific time.

Every nth minutes/hours

Run at a specified interval.

Every day/specific day at HH:MM

Run daily at a specified time, or run on a designated day of the week at a specified time.

Run on the nth of every month or on a specific month at HH:MM

Run on the same day every month, or a specific month, at the specified time.

Custom Schedule

Run according to a custom schedule.

Use standard 5-field cron format (extended cron format is not supported):

Use the following when specifying values:

Spaces ( ): Separate each field with a space.
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour.
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday.
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday.
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk (*) specifies every hour, but /3 restricts this to hours divisible by 3.

Examples:

Also run once at next device checkin (for offline KScripts only)

Runs the offline KScript once when new scripts are downloaded from the appliance.

Also Execute before login (for offline KScripts only)

Runs the offline KScript when devices start up. This might cause devices to start up more slowly than normal.

Also Execute after login (before desktop loads) (for offline KScripts only)

Runs the offline KScript after users enter Windows login credentials.

Allow run while disconnected (for offline KScripts only)

Allows the offline KScript to run even if the target device cannot contact the appliance to report results. In such a case, results are stored on the device and uploaded to the appliance during the next connection.

Allow run without a logged-in user

Allows the script to run even if a user is not logged in. To run the script only when the user is logged in to the device, clear this option.

Run on next connection if offline

For online KScripts or Shell Scripts, this option enables the script to run on offline machines when they become online again.

When a script runs, it calculates the number of machines it is supposed to run on based on their labels, or their operating systems, or by manually identifying selected machines. Given that set of machines, the script then determines which of those machines are currently online, and then queues up a task for the online machines in the Konductor.

When you select this option, the script skips the step that identifies online machines and it runs on the online machines. For the offline machines, the task is added to the Konductor's queue, and it runs when those machine become online.

Any subsequent tasks for running the same script (for example, for an offline machine that already exists in the Konductor's queue) overwrite the existing tasks, so there can never be more than one task in the Konductor's queue for the same machine.

Having a high number of tasks in the Konductor may affect the appliance's performance, so the best practice is to use offline scripts for those machines that are typically offline, and only use this option with online scripts when the target machines are expected to be online, to avoid an overpopulating the Konductor's queue.

By default, this option is disabled.

5.
Skip the Dependencies and Tasks sections.
Click Run Now to immediately push the script to all devices.

Use this option with caution. See Using the Run and Run Now commands.

Click Save.
Add the DumpXmlInventory registry key to an Agentless-managed Windows device

You must add DumpXmlInventory to a Windows DDP|E client before the K1000 can collect field information from that client's inventory.xml file.

For an Agentless-managed Windows device, the process requires that you create a new Group Policy Object on a Windows Server 2008 or 2012 device so that you can deploy the registry setting to multiple devices in a domain.

1.
2.
Right-click Group Policy Objects and click New.
3.
Provide a description name for the new GPO (for instance, Dell Data Protection | Encryption: Inventory Registry Setting) and click OK.
5.
Browse to Computer Configuration > Preferences > Windows Settings > Registry.
6.
Right-click Registry and select New > Registry Item.
7.
On the General tab, select Update in the Action drop-down menu.
8.
Select HKEY_LOCAL_MACHINE in the Hive drop-down list.
9.
Specify a Key Path of SYSTEM\CurrentControlSet\services\DellMgmtAgent\Parameters.
10.
Specify a Value name of DumpXmlInventory.
11.
Select REG_DWORD in the Value type drop-down list.
12.
Specify 1 in the Value data field.
13.
Select the Hexadecimal option in the Base group, and click OK.
14.
Close the Group Policy Management Editor.

You can now link this new group policy object to a specific domain, Organizational Unit, and so on.

Related Documents