Chat now with support
Chat with Support

KACE Desktop Authority 11.1 - Installation and Upgrade Guide

Registration

  You must register your new license key after a purchase to remove the evaluation time period or if the evaluation has expired. A license key is provided at the time of purchase. All configurations made during the trial are still available after the product is registered. You can continue using all features immediately following the registration process.

Enter the provided registration key code by clicking the Registration link on the bottom of the Desktop Authority console.

The following dialog opens within the Desktop Authority Manager.


The Registration window shows the following product information:

Product

The name of the installed product.

Version

The version of the installed product.

Operations Master

The Operations Master designates the computer to which Desktop Authority is installed to.

Licensed Seats

Displays the number of seats purchased. In evaluation mode, this will display the number of days remaining in the evaluation period.

Managed Seats

The number of active computers that have the Desktop Authority client installed on it, thus it is managed by Desktop Authority. A terminal server is counted as one licensed seat.

License Type

Shows the license type, Trial or Perpetual.

Install Date

The date the product was installed or updated.

Expiration Date

The date the trial will expire. Shows for trial versions only.

Add new license

Click Add new license to add the license key after purchase.

Fill in the license key and click Register.

.

After clicking Register, the license is verified. If correct, you will be prompted to replicate the change to the domain controllers. Click Yes to replicate the registration data or No to replicate the data at a later time. The registration process does not become effective until the data is replicated.

Once the product is registered and the information is replicated, Desktop Authority Manager will display the license information.

Updated registration information is not displayed on the Desktop Authority Manager dashboard or on client machines until the users log back onto the network after the registration information is entered and replicated through the system.

Desktop Authority ports and configurations

Please refer to the File Paths appendix for the correct path(s) based on the version of Desktop Authority you are using.

Installs
  • .NET Framework 4.6
  • IIS (IIS 7 will be installed to 2008 servers, IIS 7.5 will be installed to 2008 R2 servers, IIS 8 will be used on 2012 servers, IIS 8.5 will be used on 2012 servers, IIS 10 will be used on 2016 and 2019 servers)
  • MS Visual C++ 2005 Redistributable Package
SQL

User has a choice of

  • Installing MS SQL 2014 Server Express Edition
  • Using an existing instance of MS SQL (2008, 2008 R2, 2012, 2014, 2016, 2017)
Databases

There are two databases created by the installation of Desktop Authority.

  • DAConfiguration
  • DAReporting
Super Users
  • Active Directory User or group account. No special permissions needed.
Paths
  • SQL Server 2014 Express Database - C:\Program Files (x86)\Quest\Desktop Authority\Desktop Authority Manager\Database
  • Desktop Authority Manager - C:\Program Files (x86)\Quest\Desktop Authority\Desktop Authority Manager
  • Data collection repository - %programfiles%\Quest\Desktop Authority\ETL Cache
  • Download cache folder - %programfiles%\Quest\Desktop Authority\Update Service\Cache\
  • DA virtual directory – DesktopAuthorityConsole
  • Web Service virtual directory - DesktopAuthorityComponentWebServices
  • IIS metabase backup – DABackup[ddmmyyyy]
Firewall exceptions
  • File and printer sharing
  • Desktop Authority Update Service
  • Installer creates 2 inbound firewall exception rules
  • Desktop Authority Update Service
Enabled,
Allow connection,
Program: C:\Program Files (x86)\Quest\Desktop Authority\Update Service\Daupdsvc.exe,
All computers,
All users,
Protocol: TCP,
All ports,
Any IP Address,
Domain profile
  • Desktop Authority Update Service
Enabled,
Allow connection,
Program: C:\Program Files (x86)\Quest\Desktop Authority\Update Service\Daupdsvc.exe,
All computers,
All users,
Protocol: UDP,
All ports,
Any IP Address,
Domain profile
Security certificate

Desktop Authority uses a security certificate for use with the DesktopAuthorityConsole web site in IIS.

Desktop Authority defaults to creating and installing its own secure self-signed server certificate during the installation process. A self-signed certificate is one that is signed and verified legitimate by the creator of the certificate. You can, however, choose to select a certificate that already exists on the server. This may be the case during an upgrade of Desktop Authority. In most cases, it is recommended to allow Desktop Authority to create a self-signed certificate.

Services installed by DA
  • Operations Service – (Formerly known as the DA OpsMaster Service) The Operations Service is a background service that is used to manage and configure Desktop Authority's plugins. The ETLProcessor and ReportScheduler plugins are used to manage collected data and execute scheduled reports.
This service requires the credentials for a user account that is local admin of OpsMaster server and any other servers that that host the DA Administrative services in order to collect data.
This service moves files from the server that hosts the DA Administrative service (default path - C:\Program Files\Quest\Desktop Authority\etl cache) to the OpsMaster server where Desktop Authority is installed to (default path - C:\Program Files\Quest\Desktop Authority\Desktop Authority Manager\OpsMasterService\ETLFileRepository). Since the ETLProcessor plugin connects to the "\\ServerName\slETL$ (file://servername/slETL$)" share, the user account configured for the Operations Service must have access to that share where the DA Administrative service is installed to.
The Operations service is given SA access to the SQL database server during the installation of Desktop Authority.
The installation defaults this service to port 8017, but it can be changed during the install, to suit the specific environment. This port can also be changed using the Desktop Authority Setup Tool.
  • DA Manager Service – (New service introduced in DA 9.0) The Manager Service is used to manage the Web based Manager, replication, and connectivity and communication between the Manager and the database.
This service requires the credentials for a user account that is local administrator of OpsMaster server and any other servers that will host Desktop Authority services.
The Manager Service is given SA access to the SQL database server during the installation of Desktop Authority.
The installation defaults this service to port 8085, but it can be changed during the install to suit the specific environment. This port can also be changed using the Desktop Authority Setup Tool.
  • DA Administrative Service – The DA Administrative service enables Desktop Authority to perform tasks that require administrative rights without sacrificing user-level security at the workstation. This service helps Desktop Authority perform these specialized tasks by installing a client version of the DA Administrative service to each client machine and a complementary version of the DA Administrative service to one or more Domain Controllers within the domain.
This service requires two unique user accounts. The Server user account (server side service) must have Local Admin rights to all workstations. In most circumstances, this account will be one that is a member of the Domain Admins group.
The Client User account (client side service) is used on each workstation to make registry changes, install software, add printers, synchronize time and perform any other task that may require elevated privileges during the logon, logoff or shutdown events. The Client User account (client side service) should be a member of the Domain Users group.
  • Update Service – The Update Service is used for the Software Management. The Update Service offers an encrypted and secure connection to Quest owned websites.
The user account configured for this service must be a member of the Local Administrators group on the server in which the service is being installed to. This account must have Local Administrator access to the Operations Master server share (\\Servername\slogic$ (file://servername/slogic$) in order to read the Register.ini file for licensing purposes, as well as for access to the Internet.
  • IIS Application Pool – Desktop Authority’s web based Console uses IIS to host the application. The IIS Application pool identity is used to allow IIS to host web applications/virtual folders as standalone processes to avoid application crashes. Port 443 is required for IIS.
Domain user credentials are required so it can log information to the database. If Windows Authentication is chosen for the SQL database authentication, the account selected for the IIS Application pool will need to have login access to the database.
What Desktop Authority relies on/Windows Built-in

Desktop Authority makes use of HTTPS along with a digital certificate to ensure secure communication via the Console. During the DA installation, the DAInstaller has the option to create a new certificate or use an existing certificate. The certificate is used by IIS HTTPS to encrypt the data.

Service communication within Desktop Authority makes use of WCF (Windows Communication Foundation). This also makes use of the digital certificate for encryption of data.

Ports

Desktop Authority Manager relies on the following ports to be opened for inbound access.

1433 – Required by SQL Server to communicate over a firewall

443 – HTTPS port used by IIS

http://support.microsoft.com/kb/832017 Article discusses the ports, protocols and services used my MS client and server operating systems.

445 SMB over TCP for shared access to files, printers, serial ports and miscellaneous communication

137, 138, 139 NetBIOS over TCP/IP port

The ports mentioned above for CIFS/SMB are the underlying the protocol ports for Desktop Authority’s services including DA Update Service and the DA Administrative service. The “File and printer sharing” Local Firewall Policy exception configured by the Desktop Authority Installer enables desired communication through the local firewall.

These ports may have been already been opened/configured by the Desktop Authority Installer so there will not be a need to open them explicitly unless these ports are intentionally blocked through other means.

Services

File and Printer Sharing

Active Directory

Computer Browser (requires firewall exception for File and Printer sharing service)

Event Log

Net Logon

WMI

RPC

File Paths

The following table describes the paths that Desktop Authority uses.

Desktop Authority upgrades from previous versions to 11.1 will use the existing installation paths.

Important: PF stands for %programfiles% in an x86 environment and %programfiles(x86)% in a x64 environment

Server side

Location

Install paths for upgrades from ver 9.x to 11.1

 

Install Path for ver 11.1

Group Policies Admx file location
  • x:\PF\ScriptLogic\Desktop Authority Manager\TemplateFiles
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\TemplateFiles
Remote Mgmt Alternate DesktopAuthority.exe default location (shared as SLDAClient$)
  • x:\Quest\Desktop Authority\Desktop Authority Manager\DesktopAuthority
  • x:\Quest\Desktop Authority\Desktop Authority Manager\DesktopAuthority
Default MS SQL 2014 Server Express installation location
  • x:\PF\ScriptLogic\Desktop Authority Manager
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager
Default MS SQL 2014 Server Express database location
  • x:\PF\ScriptLogic\Desktop Authority Manager\Database
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\Database
Website Configuration DA Virtual Directory
  • x:\PF\ScriptLogic\Desktop Authority Manager\DAConsole\
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\DAConsole\
Desktop Authority Manager location (shared as SLogic$)
  • x:\PF\ScriptLogic\Desktop Authority Manager
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager
DA Manager ProgramData logs
  • x:\ProgramData\ScriptLogic\DAConsole
  • x:\ProgramData\Quest\DAConsole
Website Configuration Web service Virtual Directory
  • x:\PF\ScriptLogic\Desktop Authority Manager\DAComponentWebServices
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\DAComponentWebServices
Default Update Service Download Cache
  • x:\PF\ScriptLogic\Update Service\Cache
  • x:\PF\Quest\Desktop Authority\Update Service\Cache
Update Service Location  
  • x:\PF\ScriptLogic\Update Service\Daupdsvc.exe
  • x:\PF\Quest\Desktop Authority\Update Service\Daupdsvc.exe
Update Service Log File  
  • x:\PF\ScriptLogic\Update Service\Daupdsvc0.log
  • x:\PF\Quest\Desktop Authority\Update Service\Daupdsvc0.log
Update Service Status Reporter Log File  
  • %temp%\DesktopAuthority\DAUpdtSvcStRep.log
  • %temp%\DesktopAuthority\DAUpdtSvcStRep.log

Note: In the temp directory of the Update Service user account.

OpsMaster ETL Repository
  • x:\PF\ScriptLogic\Desktop Authority Manager\OpsMasterService\ETLFileRepository
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\OpsMasterService\ETLFileRepository
Signature Files
  • x:\PF\ScripLogic\Desktop Authority Manager\slsrvmgr.ske
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\slsrvmgr.ske
Admin Service XML file repository (shared as slETL$)
  • x:\PF\ScriptLogic\ETL Cache
  • x:\PF\Quest\Desktop Authority\ETL Cache
Admin Service Log file
  • (32-bit) %SystemRoot%\System32\DAAdminSvc_%ComputerName%.log
  • (32-bit) %SystemRoot%\System32\DAAdminSvcStRep.log
  • (64-bit) %SystemRoot%\SysWow64\DAAdminSvc_%ComputerName%.log
  • (64-bit) %SystemRoot%\SysWow64\DAAdminSvcStRep.log
  • (32-bit) %SystemRoot%\System32\DAAdminSvc_%ComputerName%.log
  • (32-bit) %SystemRoot%\System32\DAAdminSvcStRep.log
  • (64-bit) %SystemRoot%\SysWow64\DAAdminSvc_%ComputerName%.log
  • (64-bit) %SystemRoot%\SysWow64\DAAdminSvcStRep.log
Admin Service StatusGateway log
  • %temp%\DesktopAuthority\DAStatusGateway.log
  • %temp%\DesktopAuthority\DAStatusGateway.log

Note: In the temp directory of the Admin Service's user account.

User Management Replication
  • Source: x:\PF\ScriptLogic\Desktop Authority Manager\scripts
  • Target: %windir%\SYSVOL\sysvol\DomainName\scripts
  • Source: x:\PF\Quest\Desktop Authority\Desktop Authority Manager\scripts
  • Target: %windir%\SYSVOL\sysvol\DomainName\scripts
Computer Management Replication
  • Source: x:\PF\ScriptLogic\Desktop Authority Manager\Device Policy Master
  • Target: %windir%\SysVol\sysvol\DomainName\Policies\Desktop Authority\Device Policy Master
  • Source: x:\PF\Quest\Desktop Authority\Desktop Authority Manager\Device Policy Master
  • Target: %windir%\SysVol\sysvol\DomainName\Policies\Desktop Authority\Device Policy Master
Replication Log
  • x:\PF\ScriptLogic\Desktop Authority Manager\SLRepl.log
  • x:\PF\Quest\Desktop Authority\Desktop Authority Manager\SLRepl.log

Client side

Prior Paths New or 11.1 Version Paths
USB/Port Security devices
  • x:\PF\ScriptLogic\Port Security
  • x:\PF\Quest\Desktop Authority\PortSecurity
  • %windir%\system32
User Detailed Trace File
  • %temp%\Desktop Authority
  • %temp%\Desktop Authority
Computer verbose debug mode
  • %windir%\Temp\Desktop Authority
  • %windir%\Temp\Desktop Authority
Client Files and Agents
  • x:\ScriptLogic
  • x:\PF\ScriptLogic\Desktop Authority
  • x:\PF\ScriptLogic\Common
  • x:\PF\ScriptLogic\DA Update Client
  • x:\PF\ScriptLogic\Desktop Authority\Client Files
  • x:\Desktop Authority
  • x:\PF\Quest\Desktop Authority
  • x:\PF\Quest\Desktop Authority\Common
  • x:\PF\Quest\Desktop Authority\DA Update Client
  • x:\PF\Quest\Desktop Authority\Client Files
Expert Assist
  • x:\PF\DesktopAuthority

  • x:\PF\Quest\ExpertAssist

About Us

Quest provides software solutions for the rapidly-changing world of enterprise IT. We help simplify the challenges caused by data explosion, cloud expansion, hybrid datacenters, security threats, and regulatory requirements. We are a global provider to 130,000 companies across 100 countries, including 95% of the Fortune 500 and 90% of the Global 1000. Since 1987, we have built a portfolio of solutions that now includes database management, data protection, identity and access management, Microsoft platform management, and unified endpoint management. With Quest, organizations spend less time on IT administration and more time on business innovation. For more information, visit www.quest.com.

Technical support resources

Technical support is available to Quest customers with a valid maintenance contract and customers who have trial versions. You can access the Quest Support Portal at https://support.quest.com.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. The Support Portal enables you to:

  • Submit and manage a Service Request
  • View Knowledge Base articles
  • Sign up for product notifications
  • Download software and technical documentation
  • View how-to-videos
  • Engage in community discussions
  • Chat with support engineers online
  • View services to assist you with your product
Related Documents