Chat now with support
Chat with Support

Welcome, erwin customers to Quest Support Portal click here for for frequently asked questions regarding servicing your supported assets.

KACE Systems Management Appliance 11.0 Common Documents - Administrator Guide

About the KACE Systems Management Appliance Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

Add or edit LDAP Labels

Add or edit LDAP Labels

You can add and edit LDAP Labels as needed. Be sure to test LDAP Labels before you enable them.

1.
Go to the LDAP Label Detail page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, in the Home section, click Label Management.
d.
Display the LDAP Label Detail page by doing one of the following:
Select Choose Action > New.

Option

Description

Enabled

Enable the appliance to run the LDAP Label.

NOTE: Select the Enabled check box only after you have tested the LDAP Label to verify that the LDAP criteria is correct and labels are applied as expected.

Type

The LDAP Label type. There are two types of LDAP Labels:

Device: Labels applied to device records. This is useful if you want to automatically group devices by name, description, and other LDAP criteria. When devices are inventoried, this query runs against the LDAP server to determine whether any devices contain LDAP attributes with values that correspond to the LDAP search filter criteria. If a result is returned, the device is assigned the label specified in the Associated Label Name field.

You must include at least one appliance variable, such as KBOX_COMPUTER_NAME, in device labels for the LDAP label to be applied to a device. During LDAP label processing, the variable is used to compare an attribute's value in the LDAP directory to determine whether relationships exists between the LDAP object and an appliance object. See LDAP variables.

User: Labels applied to user records. This is useful if you want to automatically group users by domain, location, budget code, or other LDAP criteria. LDAP Labels are applied to or removed from user records when users are imported to the appliance manually or according to a schedule. You can use user variables, such as KBOX_USER_NAME, in user labels. During LDAP label processing, the variable is used to compare an attribute's value in the LDAP directory to determine whether relationships exists between the LDAP object and an appliance object. See LDAP variables.
TIP: To test a label, replace the KBOX_ variables with the appropriate values for your environment, then select Test.

Associated Label

The manual label, or container label, to associate with this LDAP Label. Each LDAP Label must have an associated label.

Associated Label Description

Notes from the label selected in the Associated Label Name field.

Server

The IP address or the hostname of the LDAP server. If the IP address is not valid, the appliance waits to timeout, resulting in login delays during LDAP authentication.

Port

The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).

Base DN

The criteria used to search for accounts.

This criteria specifies a location or container in the LDAP or Active Directory structure, and the criteria should include all the users that you want to authenticate. Enter the most specific combination of OUs, DCs, or CNs that match your criteria, ranging from left (most specific) to right (most general). For example, this path leads to the container with users that you need to authenticate:

OU=end_users,

DC=company,DC=com.

Advanced Search

The search filter. For example:

(&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=financial,DC=example,DC=com))

Credentials

An LDAP credential of the account the appliance uses to log in to the LDAP server to read accounts. Select from the list or create a new LDAP credential. For more information about LDAP credentials, see Add and edit LDAP User/Password credentials.

If you are unsure of the Base DN and Advanced Search information, use the LDAP Browser. See Use the LDAP Browser.

NOTE: Negative search filters are formatted as follows: (!(sAMAccountName=David)). Any other format using negatives will result in an error.
3.
Click the Test button to test the new label. Change the label parameters and test again as needed.
4.
If the LDAP Label is ready to use, select the Enabled check box. Otherwise, save the label without enabling it.
5.
Click Save.

Enable LDAP Labels

Enable LDAP Labels

After you have added and tested an LDAP Label, you can enable it. Device LDAP Labels that are enabled run against the LDAP server when devices check in to the appliance. User LDAP Labels that are enabled run against the LDAP server when users are imported manually or imported according to a schedule.

Add and test an LDAP Label. See Add or edit LDAP Labels.

1.
Go to the LDAP Label Detail page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, in the Home section, click Label Management.
2.
Select the Enabled check box.
3.
Click Save.

Delete LDAP Labels

Delete LDAP Labels

Deleting an LDAP Label removes the criteria associated with the LDAP Label, but it does not delete any other labels associated with the LDAP Label.

1.
Go to the LDAP Label Detail page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, in the Home section, click Label Management.
3.
Select Choose Action > Delete, then click Yes to confirm.

Use the LDAP Browser

Use the LDAP Browser

The LDAP Browser enables you to browse and search data located on an LDAP server, such as an Active Directory server.

To use the LDAP Browser, you must have the Bind DN and the LDAP password to log on to the LDAP server.

The LDAP Browser can be useful when you need to enter information in the Search Base DN and the Search Filter fields for LDAP queries.

1.
Go to the LDAP Browser:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, in the Home section, click Label Management.
2.
Specify LDAP Server settings:

Option

Description

IP Address or Hostname

The IP address or the hostname of the LDAP server. If the IP address is not valid, the appliance waits to timeout, resulting in login delays during LDAP authentication.

Port

The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).

Login

The credentials of the account the appliance uses to log in to the LDAP server to read accounts. For example:

LDAP Login:CN=service_account,CN=Users,

DC=company,DC=com.

If user name and password are not provided, the tree lookup is not performed. Each LDAP Label can connect to a different LDAP or Active Directory server.

Password

The password of the account the appliance uses to log in to the LDAP server.

3.
Click Test.

If the operation fails, verify the following:

4.
Click Next.
The Narrow the Search window appears.

Option

Description

LDAP EasySearch

Type a string that you want to search for.

Search on

Indicate if you want to search for indexed or non-indexed fields by selecting the appropriate option, as required.

Other attributes

Type a comma-separated list of Active Directory fields that you want to search for.

6.
Click Go.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating