Chat now with support
Chat with Support

KACE Desktop Authority 11.1 - Administrator Guide

Administrator's Guide
Product Improvement Program Installation Help Concepts User Interface Validation Logic Configuration Computer Management User Management Reference File Paths
Setup Tool

File Operations

The File Operations object provides the ability to Copy, Delete, Move and Rename files and folders. File Operations support Local, Mapped and network drive paths as well as a generous portion of operation options.

Settings

File operation
Operation

Select Copy, Move/Rename, Delete or Create Folder from the Operation list to specify the action to execute on the specified files.

Source folder

Specify the folder on which the selected Operation will act upon.

Source file(s)

Specify the files on which the selected Operation will act upon.

Destination folder

For Copy, Move/Rename or Create Folder operations, specify the folder to be used as the destination for the selected Operation.

Destination file(s)

For Copy or Move/Rename operations, specify the file names to be used for the destination of the selected Operation.

Options
Only files

Select this check box to enable extra File Operation options. When enabled, select changed before, changed after, changed between, changed on and older than from the list

  • changed before

    Select changed before, for the selected operation to act on all files last modified prior to the specified date.

  • changed after

    Select changed after, for the selected operation to act on all files last modified after the specified date.

  • changed between

    Select changed between, for the selected operation to act on all files last modified between (and including) the specified dates.

  • changed on

    Select changed on, for the selected operation to act on all files last modified on the specified date.

  • older than

    Select older than, for the selected operation to act on all files older than the specified number of days.

  • last accessed before

    Select last accessed before, for the selected operation to act on all files that were last accessed before the specified date.

  • last accessed after

    Select last accessed after, for the selected operation to act on all files that were last accessed after the specified date.

  • last accessed between

    Select last accessed between, for the selected operation to act on all files that were last accessed between the specified dates.

  • last accessed on

    Select last accessed on, for the selected operation to act on all files that were last accessed on the specified date.

  • last accessed more than X days

    Select last accessed more than X days, for the selected operation to act on all files that were last accessed more than the specified number of days ago.

Include subdirectories

Select this check box to include all subdirectories of the Source Folder in the selected Operation. Clear this check box to exclude all Source Folder subdirectories in the selected Operation.

Continue on error

Select this check box to continue performing the selected Operation regardless of any errors that occur during the execution of the action. Clear this check box to stop the selected Operation if an error occurs.

Include hidden/system files

Select this check box to include all hidden and system files in the selected Operation. Clear this check box to ignore all hidden and system files in the selected Operation.

Overwrite read-only files

Select this check box for the selected operation to overwrite or delete read-only files. Clear this check box for the selected operation to ignore all read-only files.

Overwrite existing files

For Copy or Move/Rename operations, select this check box for the operation to overwrite existing files. Clear the check box for the operation to ignore existing files.

Overwrite older files

For Copy or Move/Rename operations, select this check box for the operation to overwrite existing files if the destination file is older than the source file. Clear the check box for the overwrite operation to ignore overwriting destination files that are older than the source files.

Perform copy asynchronously

Select this box to perform the selected operation asynchronously. In asynchronous mode, the File Operations element will execute at the same time as other File Operations elements. If this check box is cleared, applications will run sequentially one after another. Each application must complete before the next one will begin.

Redirect to 32 bit folder on 64 bit operating systems

Select this box to force the operation to copy files to the corresponding 32-bit folder, when performing the operation on 64-bit operating systems.

Wipe disk area to DoD 3 spec

Available for Move/Rename and Delete operations, select this check box to securely remove files/folders from the specified source using the DoD 3 specification.

Show progress bar

Show the progress of the file operation.

Possible File Operations

Source Folder

Source

File

Destination Folder

Destination File

Operation

X

 

X
(non-existing)

 

Rename folder

X

 

X
(existing)

 

Move folder

X

Single

X

 

Move file to different folder

X

Multiple

X

 

Move files to different folder

X

Single

X

Single

Rename file

X

Multiple

X

Single

Not supported

X

Single

X

Multiple

Not Supported

X

Multiple

X

Multiple

Not supported

Validation Logic

Select the Validation Logic tab to set the validation rules for this element.

Notes

Select the Notes tab to create any additional notes needed to document the profile element.

Description

When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.

File/Registry Permissions

The File/Registry Permissions object provides the ability to modify NTFS File and Folder permissions or Registry permissions. Permissions are configurable for 2008, 7, 8.1,10, 2008 R2, 2012, 2012 R2, 2016, and 2019 systems only.

Settings

Action
Type

Select File/Folder or Registry from the Type list. The selected Type is the object that Permissions will be applied to.

Action

Select Append, Overwrite or Revoke from the Action list. This action defines how to apply the Permissions to the selected object.

  • Append - Add permissions to list of existing permissions for the object.
  • Overwrite - Replace existing permissions with permissions specified in this element for the object.
  • Revoke - Remove permissions for the object from the specified user/group.
Path/hive/Key

For the File/Folder Type, enter the Path to the object that Permissions will be applied to. For the Registry Type, enter the Hive and Key that the Permissions will be applied to.

Force use of 32-bit registry locations on 64-bit operating systems

Check this box to force the 32 bit registry location to be used instead of the 64 bit location, when executing on 64 bit operating systems.

Inheritance

Select Do not modify this object's inheritance, Allow this object to inherit from parent, Do not allow this object to inherit from parent and discard inherited permissions, Do not allow this object to inherit from parent and copy inherited permissions from the Inheritance list. The Inheritance selection defines how or if permissions for the object will be inherited.

  • Do not modify this object's inheritance - This object will not assume (inherit) permissions from any other object.
  • Allow this object to inherit from parent - This object is allowed to assume permissions from its parent object.
  • Do not allow this object to inherit from parent and discard inherited permissions - This object will not be allowed to assume permissions from its parent object. If the object already has inherited any parent permissions they will be removed.
  • Do not allow this object to inherit from parent and copy inherited permissions - This object is not allowed to assume (inherit) permissions from its parent object, nor is it allowed to copy permissions from its parent.
Permissions

The Permissions list designates which users and/or groups will be given permissions to the selected object (File/Folder or Registry)

Press Add to define users and/or groups to which permissions will be given to the selected object. Press Edit to edit an entry in the Permissions list. Press Delete to remove an entry from the Permissions list.

Figure 42: Creating permission sets

Once in Add/Edit mode update the following entries:

Principal

Specify a user or group that will be assigned the designated permissions.

SID

The SID (Security Identifier) will be automatically populated once a Principal is selected.

Permissions

The permission boxes represent the standard permissions that can be allowed or denied for the specified Principal. Select Allow to permit access to the object. Select Deny to refuse access to the object. Selecting either Allow or Deny Full Control will automatically select the Read, Write, Execute and Modify permissions.

Propagation

Select Apply to this object only, Apply to this object and child objects one level deep, Apply to this object and allow all child objects to inherit, or Apply to this object and apply to all child objects from the Propagation list. The propagation selection defines which components (Parent and/or Child) of the object are affected by the Permission change.

  • Apply to this object only - Permissions are applied to the selected Path or registry Hive/Key only. No child objects are affected.
  • Apply to this object and child objects one level deep - Permissions are applied to the selected Path or registry Hive/Key object and to any container immediately within this object.
  • Apply to this object and allow all child objects to inherit - Permissions are applied to the selected Path or registry Hive/Key object. All child objects have the ability to inherit these permissions however the child objects are not given these permissions automatically.
  • Apply to this object and apply to all child objects - Permissions are applied to the selected Path or registry Hive/Key object and to any all containers below this object.
Child object to include

Select Files, Folders, or Files and Folders from the list. The selected child object(s) will be included in the propagation of the applied permissions.

Validation Logic

Select the Validation Logic tab to set the validation rules for this element.

Notes

Select the Notes tab to create any additional notes needed to document the profile element.

Description

When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.

Folder Redirection

The Folder Redirection object provides the ability to change the Windows default location for specialized folders known as Shell Folders. Shell folders are folders that are specific to each authenticated user. They include the Contacts (Windows 7, Windows 8.1), Cookies (Windows 8.1), Desktop (Windows 8.1), Downloads (Windows 7, Windows 8.1), Favorites (IE Bookmarks)(Windows 8.1), History (Windows 8.1), My Music (Windows 8.1), My Pictures (Windows 8.1), My Videos (Windows 7, Windows 8.1), Personal (My Documents Folder)(Windows 7, Windows 8.1), Programs Group (Windows 7, Windows 8.1), Recent (Windows 7, Windows 8.1), Send To (Windows 7, Windows 8.1), Start Menu (Windows 7, Windows 8.1), Startup (Windows 7, Windows 8.1) and Temporary Internet Files (Windows 7, Windows 8.1).

Shell folders are located under the authenticated user’s profile, C:\Documents and Settings\profilename\.

By defaulting the location of these folders to a network share (or mapped drive), rather than the local computer, users are allowed to access their own desktop, bookmarks, recent document list, application settings, etc., regardless of the computer they log on to. This also enables the profile to be secured and backed up.

In addition to user-specific shell folders, Windows 2008/7/8.1/2008 R2/2012/2012 R2/2016/2019 also includes a common set of shell folders that are available to all users of the computer. This common set of shell folders is often referred to as the "All Users" profile or "Users Profiles".

Settings

Action
Shell folder

Select a shell folder from the Shell folder list.

NOTE: Redirecting Temporary Internet Files to a network share is not supported with IE 8 and later.

Redirect to folder

Specify a folder that the shell folder should be redirected to. The folder designation may be in the form of a path, mapped drive or UNC. Click Browse to navigate to the path. Desktop Authority’s dynamic variable selection is available for this field by pressing the F2 key.

NOTE: Although a path in the form of C:\RedirectedFolder may be used, it is recommended that a fully qualified UNC be used instead. Note that UNC paths longer than 260 are truncated by the operating system. If this occurs, the folder redirection will not work.

Reset to default

Select this check box to restore the redirected folder to the operating system’s default location.

Copy any files that exist in the original folder

Select this check box to copy files from the current folder to the redirected folder when it is redirected.

Validation Logic

Select the Validation Logic tab to set the validation rules for this element.

Notes

Select the Notes tab to create any additional notes needed to document the profile element.

Description

When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.

General

The General object provides several miscellaneous settings including settings to purge the client TEMP files, password expiration warnings and others.

Settings

TEMP Files
Enable purge

Select this checkbox to enable purging of the client computer's %TEMP% folder.

Purge client %TEMP% files on the first Wednesday of every month

%TEMP% is an environment variable that defines the location of the User's temporary files folder. Desktop Authority can easily control the purging of this folder in order to keep the client’s machine free of extraneous, unused files. The user will never have to remember (or forget, as is usually the case) to manually purge this folder.

Purging is completed on the first Wednesday of each month.

Select Prompt from the list to let the user decide whether to purge the %TEMP% folder.
Select Always from the list to purge the %TEMP% folder on the first Wednesday of each month.

Specify the file(s) to purge from the %temp% folder. Use wildcards to specify multiple files. A subfolder may also be specified.

The default is [Prompt] purge.

File mask

Specify a file mask that defines exactly what files to include in the purge operation.

The default is to purge all *.tmp] files.

Warnings
Password expiration

Enter a numeric value, or use the arrows, representing the number of days prior to expiration in which to enable a warning to the client that their password is about to expire. The warning will give the user an advanced reminder the specified number of days before the password will expire. If no number is entered, the warning is disabled.

Low disk space

Enter a numeric value, or use the arrows, representing the number of megabytes to enable a warning to the client if disk space falls below the specified size. If no number is entered, the warning is disabled.

Local admin password

To define local admin access for clients, enter the local admin username/password. After entering the local admin password, click OK. The password will be encrypted for display purposes in the Manager.

Set password

Select this box to use the currently logged on user credentials as the local admin password. Deselect this box to modify the credentials. Enter the Password twice to enter a new local admin password.

Network
Disconnect all existing network drives before mapping new ones

Select this check box to forcibly disconnect all existing network drive mappings before Desktop Authority drive mapping elements are executed. If Desktop Authority is executed and this check box is not selected, any persistent connections that the client may have defined for the same drive letter to be mapped by Desktop Authority will be overridden. Desktop Authority will not automatically remove all persistent connections on each client (unless this check box is selected) — only the ones that conflict with the mappings being applied by Desktop Authority during the logon process.

Disconnect all existing network printers before connecting new ones

This check box can be set to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to forcibly remove all existing network printer mappings from the client before Desktop Authority printer mapping elements are executed. Clear this check box to leave the computers existing printer mappings as is. Gray the check box to leave the printer mappings set to what they have already been validated for. 

Disconnect all existing IP printers before connecting new ones (excludes server operating systems)

This check box can be set to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to forcibly remove all existing IP printer mappings from the client before Desktop Authority printer mapping elements are executed. Clear this check box to leave the computers existing printer mappings as is. Gray the check box to leave the printer mappings set to what they have already been validated for.

Note: IP printers on servers will not be disconnected by this option.

Concurrent drive limit
Limit concurrent logons by monitoring the share mapped using drive

This option provides a mechanism by which the number of concurrent logons by a single user can be limited. Implementation of this feature requires a combined effort between Desktop Authority and the domain’s servers where the shares reside.

Once configured, Desktop Authority will immediately log off any user that attempts to concurrently log on more sessions than they are allowed.

Additional
Don't display last user name

Use this setting to clear or set the previous user’s logon name.

Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to clear the logon name of the previous user of the computer. The user name entry will be blank on the logon dialog box the next time a user logs onto the computer. Clear the check box to display the previous user’s name. The user name will be shown in the logon dialog box each time a user logs on to the computer. Gray the check box to disable Desktop Authority’s control of the user name.

Clear all existing security policies

Select this check box if you are using Desktop Authority's Security Policies only. This setting instructs Desktop Authority to remove all existing security policies prior to applying new ones. Removing a security policy removes the setting from the registry which in effect disables the policy from being applied to the workstation.

Clear this check box if you are using Microsoft’s Policies in combination with Desktop Authority's Security Policies. Microsoft’s Group Policies are applied to the computer before the logon script executes, this option will ensure that Desktop Authority does not "clear" the existing Microsoft Policies.

Graying this check box acts exactly as if the check box is cleared unless there are other elements that either Select or Clear this option. If there are other elements with a selected or cleared check box, this option will be ignored. The last setting processed, either selected or cleared will take precedence over all other settings.

Remove IE tour

Select this check box to remove the Internet Explorer Take a Tour splash screen. Once removed, it cannot be reactivated by Desktop Authority.

Remove Internet connection wizard

Select this check box to remove the Internet Connection Wizard and prevent it from launching the first time each user of the computer attempts to launch Internet Explorer. Once the Internet Connection Wizard is removed, it cannot be reactivated (added back to the desktop) by Desktop Authority.

Do not show Desktop Agent icon in system tray

This check box can be set to one of three (3) different states: on (enabled), ,hide the Desktop Agent icon in the system tray, off (disabled), , show the Desktop Agent icon in the system tray, or grayed, , preserve Global Desktop Agent setting.

Validation Logic

Select the Validation Logic tab to set the validation rules for this element.

Notes

Select the Notes tab to create any additional notes needed to document the profile element.

Description

When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.

Related Documents