Chat now with support
Chat with Support

KACE Systems Deployment Appliance 4.1 - Administrator Guide

About the KACE Systems Deployment Appliance (K2000) Getting started Using the Dashboard Configuring the K2000 Setting up user accounts and user authentication Configuring security settings Preparing for deployment Managing device inventory Using labels Creating a Windows Boot Environment Managing drivers Capturing images Capturing user states Creating scripted installations Creating a task sequence Automating deployments Performing manual deployments Imaging Mac devices About the Remote Site Appliance Importing and exporting appliance components Managing disk space Troubleshooting appliance issues Updating appliance software About us Legal notices Glossary

Disable linked appliances

Disable linked appliances

You can disable linking as needed. After appliance linking is disabled, you can continue to switch between the K2000 or remote (RSA) appliances that were linked until you log off.

1.
On the left navigation pane, click Settings to display the Control Panel, then click KACE Linking to display the KACE Linking page.
2.
Clear the Enable KACE Linking check box.
3.
Click Save.

Setting up user accounts and user authentication

You can add user accounts to the K2000 appliance and set up the accounts using local authentication. If you require external user authentication, such as an LDAP or an Active Directory® server, you can configure an external server to enable users to log in to the Administrator Console using their domain credentials.

Add or edit local administrator accounts

Add or edit local administrator accounts

You can create and edit local administrator user accounts. Adding users to the K2000 database stores the user information locally and requires only the user name, email address, password, and permissions.

1.
On the left navigation pane, click Settings to display the Control Panel, then click Users to display the Users page.
2.
Select Choose Action > New to display the User Detail page.

Option

Description

User Name

Required: Enter a login ID.

Full Name

Required: Enter the first and last name of the user.

Email

Required: Enter the email address of the user.

Domain

Enter the domain that the user is using.

Budget Code

Optional: Enter the budget code of the department where the user is located.

Location

Optional: Enter the site or location of the user.

Password

Required: Enter the default password for the user. The password is required to activate the user. If the Password field is blank, the user cannot log in to the Administrator Console.

Confirm Password

Re-enter the password.

Permissions

Role of the user on this appliance. Administrators have full read/write access. Read-only administrators can log in and view settings and run reports; they cannot access the Administrator Console.

Select the permissions:

Admin: Read/write access to the Administrator Console.
ReadOnly Admin: View all pages; no change access.
4.
Optional: Click Cancel to close the page.
5.
Click Save.

The user appears in the local account list and can now log in to the Administrator Console.

Configure an LDAP server for user authentication

Configure an LDAP server for user authentication

LDAP authentication requires creating a login account for the K2000 appliance on your LDAP server. The appliance uses this account to read and import user information from the LDAP server. The account needs read-only access to the Search Base DN field on the LDAP server. The account does not require write access, because the appliance does not write to the LDAP server.

For information on adding user accounts to the K2000 appliance, see Add or edit local administrator accounts.

When logging in, the appliance automatically queries the listed external servers. The timeout for a server is approximately 10 seconds. To decrease login delays, Quest KACE recommends deleting the sample LDAP server.

1.
On the left navigation pane, click Settings, then click User Authentication to display the Authentication Settings.
2.
Select External LDAP Server Authentication and click Add New Server.

Field

Description

Server Friendly Name

The name to identify the server.

Server Host Name (or IP)

The IP address or the host name of the LDAP server. If the IP address is not valid, the appliance waits to timeout, resulting in login delays during LDAP authentication.

If you have a non-standard SSL certificate installed on your LDAP server, such as an internally-signed certificate or a chain certificate that is not from a major certificate provider such as VeriSign, contact Quest KACE Technical Support at https://support.quest.com/contact-supportvfor assistance.

LDAP Port Number

The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).

Search Base DN

The area of the LDAP tree that the appliance should start to search for users. For example to search for the IT group, specify

OU=it,DC=company,DC=com.

Search Filter

The search filter, for example:LDAP_attribute=KBOX_USER, where LDAP_attribute is the name of the attribute containing a unique user ID and KBOX_USER is a variable that the appliance replaces at runtime with the login ID that you enter. For example when using Active Directory, enter samaccountname=KBOX_USER. For most other LDAP servers, enter UID=KBOX_USER.

LDAP Login

The credentials of the account that the K2000 uses to log in to the LDAP server to read accounts. For example: LDAP Login:CN=service_account,CN=Users, DC=company,DC=com. If no username is provided, an anonymous bind is attempted.

LDAP Password (if required)

The password of the account that the K2000 uses to log in to the LDAP server.

User Permissions

The user permissions.

Admin: Read/write access to the Administrator Console.
ReadOnly Admin: View all pages; no change access.

Test User Password

The LDAP username and password to test on the LDAP server. See Test the LDAP server.

Record the Search Base DN and the Search Filter criteria because you use this same information to import user data and to schedule user imports.
4.
Recommended: Click the Remove icon next to any external servers that are not configured to actual servers in your environment.
5.
Click Save.

The next time users log in, they are authenticated against the LDAP servers in the order listed.

Related Documents