• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• KACE Systems Management Appliance 14.0 Common Documents
• KACE Systems Management Appliance 14.0 Common Documents - Administration Guide

KACE Systems Management Appliance 14.0 Common Documents - Administration Guide

Table of Contents  

About the KACE Systems Management Appliance

About the appliance components About the Administrator Console

Components available in Admin mode without the Organization component Components available in Admin mode with the Organization component enabled Components available in System mode with the Organization component enabled Using the Home component

About Dashboards View the Dashboard in Admin mode View the Dashboard in System mode Customize Dashboard pages About Dashboard widgets View Dashboard details View task schedules View the appliance version, model, and license information View product licensing information About appliance software updates About labels

Searching for information and filtering lists

Search at the Admin level Search at the page level Searching at the page level with advanced options

Example: Search for managed devices using Filter criteria Add Smart Labels and Notifications using Advanced Search criteria Load Smart Labels from the Filter tab

Create Custom Views using Filter criteria Access product documentation

Log in to the Administrator Console: First login following initial network configuration

Getting started

Configuring the appliance

Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings

Configure appliance General Settings with the Organization component enabled Configure Admin-level or organization-specific General Settings Configure appliance General Settings without the Organization component

Configure appliance date and time settings Managing user notifications

Review user notification alerts Configure user notifications

Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access

Verify port settings Verifying the status of the NTP service Make necessary websites accessible to the appliance

Configuring network and security settings

Change appliance network settings Configure local routing tables Configure local web server settings and allow access to hosts Configure security settings for the appliance Configure Active Directory as the single sign on method Generate an SSL certificate

Configuring session timeout and auto-refresh settings

Set session timeout Set auto-refresh properties

Configuring locale settings

How locale settings are applied Configure locale settings for the Administrator Console and the Command Line Console Configure locale settings for the User Console Configure locale settings for organizations Configure locale settings for users

Configuring the default theme

Configure the default theme for the appliance Configure the default theme for a user

Configure data sharing preferences About DIACAP compliance requirements

Enable or disable the Acceptable Use Policy

Configuring Mobile Device Access

Enable Mobile Device Access for the appliance Enable Mobile Device Access for users Download and use KACE GO Disable Mobile Device Access on the appliance Disable Mobile Device Access for users

Enable fast switching for organizations and linked appliances Linking Quest KACE appliances

Enable appliance linking Add Names and Keys to appliances Enable access to Federation API settings Disable appliance linking

Configuring history settings

About history settings Managing settings history

Configure settings history subscriptions for organizations Configure settings history subscriptions for organizations View settings history

Managing asset history

Configure asset history subscriptions View asset history

Managing object history

Configure object history View object history

Using change history information

View the change history of items Search for items in change history lists Delete history records Export history records

Configuring Content Security Policy

Enable Content Security Policy

Setting up and using labels to manage groups of items

About labels

About Smart Labels About LDAP Labels About label groups About organization filters

Tracking changes to label settings Managing manual labels

Add or edit manual labels View manual label details Delete manual labels

Managing Smart Labels

Add Smart Labels Example: Combine Smart Labels to identify devices Edit Smart Labels Setting up labels for user accounts

Add an All Ticket Owners label

Using Smart Labels for patching

Add a Smart Label for critical OS patches Add a Smart Label for new patches

Using Smart Labels with Discovery Results

Add Discovery Results Smart Labels Changing the run order of Discovery Results Smart Labels

Adding Smart Labels for devices

Add a Smart Label for desktops Add a Smart Label for servers Add a Smart Label for laptops

Assign the Smart Label run order Delete Smart Labels

Managing label groups

Add, view, or edit label groups Assign labels to or remove labels from label groups Delete label groups

Managing LDAP Labels

Add or edit LDAP Labels Enable LDAP Labels Delete LDAP Labels Use the LDAP Browser

Configuring user accounts, LDAP authentication, and SSO

About user accounts and user authentication About locale settings Managing System-level user accounts

Add or edit System-level user accounts Manage appliance administrator email notifications Delete System-level user accounts

Managing organization user accounts

Add or edit User Roles Delete User Roles Add or edit organization user accounts Customize user details Archive user accounts

View or edit user profiles Using an LDAP server for user authentication

About the login account on your LDAP server Configure and test LDAP user authentication

Importing users from an LDAP server

Import user information manually Import user information according to a schedule

About single sign on (SSO)

Using external LDAP or Active Directory servers for single sign on

Enabling and disabling single sign on

Enable single sign on Disable single sign on

Using Active Directory for single sign on

Configure Active Directory as the single sign on method Configuring browser settings for single sign on

Configure Microsoft Edge browser settings Configure Firefox browser settings Use Active Directory single sign on to access the Administrator Console or User Console

Unjoin the domain and disable Active Directory single sign on

Configure SAML for single sign on

Example: Using Microsoft Active Directory in Azure as a SAML Identity Provider

Reviewing user sessions

Install and configure the location database View a list of user sessions

Deploying the KACE Agent to managed devices Using Replication Shares

Create Replication Shares View Replication Share details

Managing credentials

Tracking changes to Credentials Management settings Add and edit Secret Key credentials Add and edit User/Password credentials Add and edit LDAP User/Password credentials Add and edit Google Workspace credentials Add and edit SNMP credentials Add and edit Microsoft Office 365 OAuth credentials View credential usage Create reports from the Credentials Management list Export credentials information Delete credentials

Configuring assets

About the Asset Management component Using the Asset Management Dashboard

About the Asset Management Dashboard widgets Customize the Asset Management Dashboard

About managing assets

How asset information differs from inventory information Identifying the assets to track View assets and search for asset information Add barcodes to assets Change device owners View and configure asset lifecycle settings

Adding and customizing Asset Types and maintaining asset information

About Asset Types Customizing Asset Types

About renaming fields and changing field types in Asset Types About adding and deleting asset fields Add or customize Asset Types About customizing the Device Asset Type Example: Add custom fields to the Device Asset Type Establishing relationships between asset fields Delete Asset Types

About Asset Subtypes, custom fields, and device detail preferences

Workflow for using Asset Subtypes with SNMP devices Add Asset Subtypes and select Device Detail page preferences Edit Asset Subtypes Set an Asset Subtype as the default View subtypes available to Asset Types View Asset Subtypes on the Assets page Assign or change Device Asset Subtypes from the Devices page Assign assets to subtypes or change subtype assignments from the Assets page Update custom asset fields manually Delete Asset Subtypes

Managing Software assets

Customize the Software Asset Type Adding Software assets

Add Software assets on the Software list Add Software assets in the Assets section

Managing physical and logical assets

Add physical Asset Types Archive device Assets

Maintaining and using manual asset information Managing locations

Manage locations Add or edit locations Customize location fields

Managing contracts

Manage contracts Add or edit contracts

Managing licenses

Manage licenses Add or edit licenses

Managing purchase records

Manage purchase records Add or edit purchase records

Setting up License Compliance

About License Compliance for Software Catalog applications

About license upgrades About license downgrades

Customize the License Asset Type Add License assets for Software Catalog inventory Add License assets for Software page inventory Importing license data in CSV files

How asset information is handled during import Importing asset data using CSV files

Prepare asset data before importing Example: Import license data from prepared spreadsheets

Managing License Compliance

View License Compliance information for Software Catalog applications Reclaim unused software licenses Update software License Compliance information manually Customize license usage warning thresholds View License Compliance and Configuration information

Setting up Service Desk

Setting up roles for user accounts

About default roles Create a Service Desk staff role Assign user roles Apply labels and roles to Service Desk staff Create the DefaultTicketOwners account

Configuring email settings

About email notifications About Ticket Rules About POP3 email accounts Create and configure POP3 email accounts Configure email preferences Configuring email triggers and email templates

Configure email triggers Configure email templates

Configure CC lists for ticket categories Automatically add email addresses to ticket CC List fields Exclude addresses from ticket CC List fields Prevent email loops

Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations

About organizations

About the Default organization

Tracking changes to organization settings Managing Organization Roles and User Roles

Available default roles Add or edit Organization Roles Duplicate Organization Roles Delete roles

Adding, editing, and deleting organizations

Add or edit organizations Configure Two-Factor Authentication for organizations Delete organizations Customizing the logos used for the User Console and organization reports

Managing user accounts for organizations Managing organization filters

How organization filters work Add or edit organization Data Filters Add or edit organization LDAP Filters Test organization filters Delete organization filters

Managing devices within organizations

Using Filter for Advanced Search Filter devices Redirect devices

Understanding device details Running single organization and consolidated reports

Importing and exporting appliance resources

About importing and exporting resources Transferring resources among appliances using Samba share directories

Export resources from an appliance Import resources to an appliance

Transferring resources among organizations

Export resources from organizations Import resources to organizations

Managing exported resources at the System level

View or delete shared resources Move shared resources from the local appliance to network locations View or delete the status of resource exports

Managing inventory

Using the Inventory Dashboard

About the Inventory Dashboard widgets Customize the Inventory Dashboard

Using Device Discovery

About Device Discovery and device management Tracking changes to Discovery settings Discovering devices on your network

Add a Discovery Schedule to perform a quick "what and where" scan of your network

Things to take into consideration with Nmap discovery

Add a Discovery Schedule for a thorough scan of managed Windows, Mac, Linux, and UNIX computers Obtain a Client ID and Client Secret for use in discovering Chrome devices Add a Discovery Schedule for a KACE Cloud Mobile Device Manager device Add a Discovery Schedule for a Google Workspace device Add a Discovery Schedule for an Workspace ONE device Add a Discovery Schedule for a VMware ESXi host or a vCenter Server Add a Discovery Schedule for a Microsoft Hyper-V or System Center Virtual Machine Manager System Center Virtual Machine Manager Credential Requirements Add a Discovery Schedule for SNMP-enabled non-computer devices About Discovery Results View and search Discovery Results Provision the Agent using the discovered IP address or hostname Stop a running discovery scan Delete Discovery Schedules

Managing device inventory

About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information

Add custom data fields Schedule inventory data collection for managed devices View device inventory and details Viewing information about devices enrolled in KACE Cloud MDM Groups and sections of items in device details About Dell Data Protection | Encryption (DDP|E) and encryption information in device details Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices

Add the DumpXmlInventory registry key to an Agent-managed Windows device Add the DumpXmlInventory registry key to an Agentless-managed Windows device

About Intel AMT information in device details

Finding and managing devices

Finding devices in inventory Labeling devices to group them

Add, apply, and remove manual device labels Using Smart Labels for devices

Run actions on devices View devices that have been added manually Delete devices from inventory

Registering KACE Agent with the appliance

Manage KACE Agent tokens Review quarantined KACE Agents

Provisioning the KACE Agent

Enabling file sharing

Enable file sharing at the System level Enable organization-level file sharing with the Organization component enabled Enable file sharing without the Organization component enabled

Provisioning the KACE Agent using the GPO Provisioning Tool for Windows devices

Prepare to use the GPO Provisioning Tool for Agent deployment Provision KACE Agents using the appliance GPO Provisioning Tool

Provisioning the KACE Agent using onboard provisioning

Preparing to install the KACE Agent Install the KACE Agent on a device or multiple devices

Managing provisioning schedules

View, run, edit, or duplicate provisioning schedules Delete provisioning schedules View provisioning results

Managing Agent communications

Configure Agent communication and log settings View Agent task status View the Agent Command Queue Delete messages from the Agent command queue

Updating the KACE Agent on managed devices

View KACE Agent updates Configure Agent update settings Upload Agent updates manually

Manually deploying the KACE Agent

Obtaining Agent installation files Manually deploying the KACE Agent on Windows devices

Manually deploy the KACE Agent on Windows devices using the installation wizard Manually deploy the KACE Agent on Windows devices using the Command line Manage the KACE Agent on Windows devices using the Windows system tray

Manually deploying and upgrading the KACE Agent on Linux devices

Manually deploy the KACE Agent on Linux devices Deploy the KACE Agent on Linux devices at startup or login Upgrade the KACE Agent on Linux devices

Performing Agent operations on Linux devices

Start and stop the Agent on Linux devices Manually remove the Agent from Linux devices Verify that the Agent is running on Linux devices View the Agent version on Linux devices Collecting inventory information

Manually deploying and upgrading the KACE Agent on Mac devices

Deploy or upgrade the KACE Agent to Mac devices using the Agent installer Deploy the Agent to Mac devices using the terminal window Use shell scripts to deploy the KACE Agent

Performing other Agent operations on Mac devices

Start or stop the Agent on Mac devices Manually remove the Agent from Mac devices Verify that the Agent is running on Mac devices Verify the version of the Agent on Mac devices Collecting inventory information from Mac devices Manage the KACE Agent on Mac devices using the menu bar

Viewing information collected by the Agent

Using Agentless management

About Agentless device management

Operating systems supported by Agentless management About enabling Agentless management on Agent-managed devices

Managing Agentless devices

Enable Agentless management using Discovery information Enable Agentless management by entering device information manually Shell support for SSH connections Edit Agentless device connection details or delete Agentless devices

Using SNMP Inventory Configurations to identify specific SNMP objects and non-computer devices to add to inventory

Obtain a list of object identifiers (OIDs) using the Administrator Console Map Object Identifiers to fields in the inventory table Apply an SNMP Inventory Configuration to a device About printer templates

Adding devices manually in the Administrator Console or by using the API

About managing devices Tracking changes to inventory settings Add devices manually with the Administrator Console Adding devices manually using the API

Submit inventory information using the API Sample Perl script Valid XML schema for Windows Example using the XML schema for Windows devices Valid XML schema for Linux and Mac devices Upload an XML file using the Administrator Console

Forcing inventory updates

Force inventory updates from the appliance Force inventory updates from Windows devices Force inventory updates from Mac OS X devices Force inventory updates from Linux devices

Managing MIA devices

Configure MIA settings Apply labels to MIA devices Delete MIA devices manually Troubleshoot devices that fail to appear in inventory

Obtaining Dell warranty information

Obtain Dell warranty information on a single Dell device instantly Renew a Dell warranty Run Dell warranty reports

Managing applications on the Software page

About the Software page

View items in Software page inventory

Tracking changes to inventory settings Adding and deleting applications in Software page inventory

Add applications to Software page inventory manually Delete applications

Creating Software assets

Add Software assets in the Inventory section Add Software assets in the Assets section Attach digital assets to applications and select supported operating systems Copy files to the appliance Client Drop location

Using software threat levels and categories

Assign threat levels to applications Assign categories to applications

Finding and labeling applications

About finding applications using Filter Add manual software labels Apply manual labels to or remove labels from software Add software Smart Labels

Managing the ITNinja feed

Enable the ITNinja feed Viewing ITNinja information

View ITNinja information for software View ITNinja information for Managed Installations View ITNinja information for File Synchronizations

Disable the ITNinja feed

Managing Software Catalog inventory

About the Software Catalog

Application classifications About cataloged applications About Locally Cataloged applications About Not Allowed applications Application categories How Software Catalog information is collected How the Software Catalog is used with the Organization component How Software Catalog information is localized How you can help improve the Software Catalog Differences between the Software page and the Software Catalog page

Viewing Software Catalog information

View lists of Discovered and Not Discovered applications View the list of Uncataloged applications View the list of Locally Cataloged applications View details of Software Catalog applications

Adding applications to the Software Catalog

Submitting cataloging requests automatically adds applications to the local Software Catalog How Locally Cataloged applications change to Cataloged applications How custom names are resolved when Locally Cataloged applications are added to the Software Catalog Submit cataloging requests Cancel cataloging requests and remove local cataloging

Managing License assets for Software Catalog applications

Add License assets for Software Catalog inventory Migrate License assets to applications in the Software Catalog

Associate Managed Installations with Cataloged Software Using software metering

About software metering

About Classic Metering

About metering information

About the scripts that collect metering information How suites are metered

Enabling and configuring metering for devices and applications

Choosing the devices and applications to meter Enabling metering on devices Enable metering on devices using manual labels Enable metering on devices using Smart Labels Enable metering for Software Catalog applications Configure options for metering Software Catalog applications

Viewing Software Catalog metering information

View metering information on the Software Catalog Detail page View metering information on the Device Detail page

Disabling metering for Software Catalog applications and managed devices

Disable metering for Software Catalog applications Disabling metering for devices

Managing metering and scheduling inventory collection

Schedule metering and inventory collection intervals

Using Application Control

Requirements for blocking applications How applications are blocked About denying access to application editions that share executable files Applications that cannot be blocked Apply the Application Control label to devices Mark applications and suites as Not Allowed View applications and suites that are marked as Not Allowed Create reports showing applications marked as Not Allowed Remove the Not Allowed designation from applications

Update or reinstall the Software Catalog

Managing process, startup program, and service inventory

Managing process inventory

View and edit process details Add labels for processes Apply labels to or remove labels from processes Categorize processes Assign threat levels to processes Delete processes

Managing startup program inventory

View and edit startup program details Add labels for startup programs Apply labels to or remove labels from startup programs Categorize startup programs Assign threat levels to startup programs Delete startup programs

Managing service inventory

View and edit service details Add labels for services Apply labels to and remove labels from services Categorize services Assign threat levels to services Delete services

Writing custom inventory rules

About Custom Inventory rules Types of Custom Inventory rules Create Custom Inventory rules

How Custom Inventory rules are implemented Syntax for Custom Inventory rules

Checking for conditions (conditional rules) Getting values from a device (Custom Inventory Field) Matching filenames to regular expressions

Understanding regular expressions Regular Expression Rule Reference

Defining rule arguments Test Custom Inventory rules

Deploying packages to managed devices

Distributing software and using Wake-on-LAN

About software distribution

About testing software distribution

Tracking changes to distribution settings Types of distribution packages

Attaching digital assets to applications and selecting supported operating systems

Distributing packages from the appliance Distributing packages from alternate download locations and Replication Shares

About alternate download locations About Replication Shares

Distributing applications to Mac OS X devices Using Managed Installations

Adding applications to inventory About creating Managed Installations About installation parameters Identify parameters that are supported by installer files Create Managed Installations for Windows devices Examples of common deployments on Windows

Standard MSI example Standard EXE example

Create Managed Installations for ZIP files Create Managed Installations for RPM files Create Managed Installations for TAR.GZ files Create Managed Installations for macOS X devices

Create and use File Synchronization Using Wake-on-LAN

Issue Wake-on-LAN requests Schedule Wake-on-LAN requests Troubleshooting Wake-on-LAN

Exporting Managed Installations

Broadcasting alerts to managed devices

Create alerts to be broadcast

Running scripts on managed devices

About scripts

Obtaining script dependencies

Tracking changes to scripting settings About default scripts Adding and editing scripts

Token replacement variables Add offline KScripts, online KScripts, or online shell scripts Edit scripts Delete scripts from the Scripts page Delete scripts from the Script Detail page Structure of importable scripts Import scripts Duplicate scripts

Using the Run and Run Now commands

Run scripts from the Run Now page Run scripts from the Script Detail page Run scripts from the Scripts page Monitor Run Now status and view script details

Edit policies and scripts Search the scripting logs Exporting scripts

Using Task Chains

Add and edit Task Chains

Patching devices and maintaining security

Using the Security Dashboard

About the Security Dashboard widgets Customize the Security Dashboard

About patch management

Patching workflow About patch signature files About patch packages About patch testing and security

About the patch testing environment

About the patch quality assurance process Best practices for patching

Subscribing to and downloading patches

About patch subscription and downloads Websites that must be accessible to the appliance Overview of first-time patch-subscription workflow View details about operating systems and applications Subscribing to patches and configuring download settings

Subscribe to patches Select patch and feature update download settings

Viewing available patches and download status

View available patches View patch download status

Best practices for resolving patch subscription issues

Creating and managing patch schedules

About scheduling critical OS patches for desktops and servers

Workflow for critical OS patches for desktops and servers

About scheduling critical patches for laptops

Workflow for critical patches for laptops

About scheduling non-critical patches Configuring patch schedules

Configure patch schedules Error codes caused by patching and scripting

Viewing patch schedules, status, and reports

View a list of patch schedules Review patch schedule details Patching status definitions View patch status View patch status by device View files within patches View patch reports

Managing patch rollbacks

Determine whether a patch can be rolled back Undo the last patching job

Managing patch inventory

Prerequisites for managing patch inventory Viewing patch information

View downloaded patches View patch details Resetting the number of patch deploy attempts

Reset the number of patch deploy attempts from the patch Catalog Reset the number of patch deploy attempts from the patch detail page

View patch information for devices in inventory View devices missing patches

Viewing patch statistics and logs

View patch statistics View the patch log

Mark patches as inactive Patch Mac OS X devices

Managing Windows Feature Updates

Subscribe to Windows Feature Updates Configure Windows Feature Update schedules View Windows Feature Update schedules Review Windows Feature Update schedule details View available Windows Feature Updates View Windows Feature Update status

Managing Dell devices and updates

Differences between patching and Dell Updates Select Dell Update download settings Configure Dell Update schedules View Dell Update schedules Review Dell Update schedule details View available Dell Updates View Dell Update status

Managing Linux package upgrades

View Linux package upgrade schedules Configure Linux package upgrade schedules Review Linux package upgrade schedule details Review Linux package upgrades

Manage quarantined file attachments

Using reports and scheduling notifications

About reports and notifications

About reports About notifications Tracking changes to report settings

Creating and modifying reports

Creating reports

Create reports using the report wizard Create reports using SQL queries Create reports from list pages Duplicate reports Edit SQL statements on reports created with the report wizard Create reports from history lists

Modifying reports

Edit reports Delete reports

Customizing logos used for reports

Scheduling reports and notifications

Running single-organization and consolidated reports

Run single-organization reports Run consolidated organization reports

Scheduling reports

Add report schedules Delete report schedules

Scheduling notifications

Add notification schedules from the Reporting section Add notification schedules from list pages Edit notification schedules Delete notification schedules

Monitoring devices

Getting started with monitoring

Enable monitoring for a device

Enable monitoring for one or more devices from the Devices inventory list Enable monitoring for a server from its Device Detail page

Obtaining a new license key to increase server monitoring capacity Apply a new license key to increase server monitoring capacity

Working with monitoring profiles

Edit a profile Configure SNMP trap messages and alerting criteria Create a new profile using a default profile as a template Profile log paths for MySQL and Apache Upload a profile that was created by another user Download a profile so that it can be used by others Bind an additional profile to a device Define nonstandard log date format Configuring application and threshold monitoring with Log Enablement Packages

Install one or more LEPs on monitored devices Edit the monitoring Log Enablement Package (LEP) for a Windows Server 2008 or higher device

Managing monitoring for devices

Pause monitoring for a device Pause or resume monitoring for multiple devices Set the polling interval and any automatic dismissal or deletion of alerts Disable ping probe Receive alerts when device configurations change Schedule a Maintenance Window during which time alerts are not collected from a device Create and assign monitoring-specific roles Disable monitoring for one or more devices Enable monitoring for one or more devices

Working with alerts

Add notification schedules from the Monitoring Alerts list page Create a Service Desk ticket from an alert Search for alerts using Filter criteria Filtering alerts using the Include Text and Exclude Text capability

Filter alerts using the Include Text and Exclude Text capability from the Profile Details page Filter alerts using the Exclude Text capability from the Monitoring Alerts list page Examples of Include Text and Exclude Text for monitoring profiles

Dismiss an alert Retrieve and review alerts that have been dismissed from the alerts list Delete alerts

Using the Service Desk

Configuring Service Desk

System requirements About Service Desk Overview of setup tasks Import tickets from another system Configuring Service Desk business hours and holidays

Configure Service Desk business hours Configure Service Desk holidays

Configuring Service Level Agreements

Enable Service Level Agreements

Configuring Service Desk ticket queues

Configure ticket queues Configure queue-specific email settings Rename Service Desk titles and labels Enable or disable the conflict warning View and edit response templates

Configuring ticket settings

Customize the Ticket Detail page

Customizing the User Console home page

Change the User Console logo and text at the System level Change the User Console logo and login text at the Admin-level Show or hide action buttons and widgets on the User Console home page Show or hide links to Knowledge Base articles on the User Console home page Add, edit, hide, or delete User Console announcements Prioritize User Console announcements or mark an announcement as urgent Add, edit, or delete custom links on the User Console home page Add ticket links to the User Console home page Add a quick-action link for reporting problems on the User Console home page About the session timeout period

Using the Satisfaction Survey

Changing the Satisfaction Survey default behavior

Change the Satisfaction Survey label Remove the Satisfaction Survey field from tickets

Enable or disable security for Service Desk attachments

Using the Service Desk Dashboard

About the Service Desk Dashboard widgets Customize the Service Desk Dashboard

Managing Service Desk tickets, processes, and reports

Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console

Create tickets from the User Console Create tickets from the Administrator Console Ticket page Create tickets from the Device Detail page Create tickets from the Asset Detail page Create a Service Desk ticket from an alert

Creating and managing tickets by email

About attachments to tickets created through email Enable email ticket creation Create a ticket by email Modifying ticket attributes using email Clearing a ticket field using email Changing ticket fields using email Changing ticket approval fields using email

Setting or changing custom fields using email

Viewing tickets and managing comments, work, and attachments

Navigate among tickets, related devices, and assets Add work information for tickets Use default views for tickets Create Filter views for tickets Set a view as the default view for tickets Add comments to tickets Add owner-only comments to tickets View ticket comments Add or delete screen shots and attachments from Service Desk tickets View ticket activity history Send ticket information through email Run Device Actions from tickets

Merging tickets

Enable ticket merge Merge tickets from the Tickets list page Merge tickets from the Ticket Detail page

Using the ticket escalation process

Understanding ticket states Understanding the escalation time limit Understanding escalation Changing ticket escalation settings Change the list of escalation email recipients Change the Response and Resolution time limits Change the default escalation email message

Using Service Desk processes

Add, edit, and enable process templates Define process types Create process tickets to manage related tasks Create process tickets by email View process information Cancel or complete process tickets Delete process templates Convert process tickets to regular tickets Convert regular tickets to process tickets

Using Ticket Rules

Using and configuring system Ticket Rules Understanding and customizing system Ticket Rules Create custom Ticket Rules Duplicate a custom Ticket Rule Delete a custom Ticket Rule Move a Ticket Rule from one queue to another

Run Service Desk reports Archiving, restoring, and deleting tickets

Enable ticket archival Configure queue archive settings Archive selected tickets Restore archived tickets Delete archived tickets

Managing ticket deletion

Configure ticket deletion settings Delete tickets

Managing Service Desk ticket queues

About Service Desk ticket queues Adding and deleting queues

Add a queue Add a queue by duplicating an existing queue Delete a queue or queues

Viewing tickets in queues

View tickets across all queues

Setting the default queue

Set the default queue at the system level Set the default queue at the user level

Set the default fields for the All Queues ticket list Move tickets between queues Bulk edit tickets in a queue

About User Downloads and Knowledge Base articles

Managing User Downloads

Add User Downloads Apply labels to User Downloads Remove labels from User Downloads Delete User Downloads

Managing Knowledge Base articles

Add, edit, or duplicate Knowledge Base articles Delete Knowledge Base articles View user ratings and the number of views for Knowledge Base articles

Customizing Service Desk ticket settings

About customizing Service Desk ticket settings Create ticket categories and subcategories Customizing ticket values

Customize ticket status values Customize ticket priority values Customize ticket impact values

Customizing ticket layout

Customize Layout and Related Ticket Fields Configure Comment Field Options Define custom ticket fields Customize the ticket list layout Manage ticket templates Configure a ticket template Preview ticket layout

Using parent-child ticket relationships

Enable parent-child ticket relationships for a queue Enable parent tickets to close child tickets Create child tickets for any ticket Designate tickets as parents and add existing tickets as their children Use a parent ticket as a to-do list Use parent tickets to organize duplicate tickets

Using ticket approvers

Configure ticket approvers Approving tickets by email

Configuring SMTP email servers

Connect your email server to the appliance Using internal and external SMTP servers

Use the internal SMTP server Use an external SMTP server or Secure SMTP server

Maintenance and troubleshooting

Maintaining the appliance

Tracking changes to settings About appliance backups

Set the daily backup schedule and the number of backups to retain Back up the appliance manually Download backup files from the Administrator Console Access backup files through FTP About deleting appliance backup data

Disable or enable appliance backups

Configure offboard backup transfer

Restoring the appliance

Restore the appliance using the most recent backup Upload backup files to the appliance Restore the appliance from backups Restore the appliance to factory settings

Updating appliance software

Check for and apply advertised appliance updates Upload an update file to the appliance manually Verify updates Update the appliance license key

Reboot or shut down the appliance Understanding the daily run output

Disk status Appliance network interface status Appliance up-time and load averages Email system health

Verify SMTP settings

Appliance backup status Status of RAID drives

Troubleshooting the appliance

Using Troubleshooting Tools

Verify the status of devices on the network Identify device issues Enable a tether to Quest KACE Support

Troubleshooting appliance issues

View appliance logs Download appliance activity logs Viewing the daily run output

Troubleshooting and debugging the KACE Agent

Resolve Windows security issues that prevent Agent provisioning

Testing and troubleshooting email communication

Test outgoing email Test incoming email Use Telnet to test incoming email Access appliance logs to view Microsoft Exchange Server errors Troubleshooting email errors

About Diagnostic Console Two-Factor Authentication

Appendixes

Database table names Adding steps to task sections of scripts LDAP variables

Glossary

A B C D E F I K L M N O P R S T U V W

About us

Technical support resources

Legal notices

• Viewing Topics 653 - 656 of 1029

×

About patch testing and security

About patch testing and security

About the patch testing environment

Quest provides safe, timely, and high-quality patch signatures for Windows and Mac operating systems, and many popular applications.

Before patch signatures are made available to the appliance, Quest performs the following security checks:

•	Verification of patch metadata produced by each content development team.

•	Validation of patch installation and uninstallation processes.

•	Confirmation that the patch does not disrupt the stability of the targeted operating systems and applications.

About the patch testing environment

About the patch testing environment

Quest uses VMware® ESX®, VMware® vCenter™, Microsoft® Azure®, and custom hardware bench testing.

Testing methods include verification that patch-naming conventions comply with Quest policies.

About assessment testing

Assessment testing verifies that the Patch Management component is performing properly.

The testing verifies that:

•	An applicable non-patched device shows as applicable and not patched.

•	A patched device shows as installed and not applicable.

•	No false positives exist in the detection of the digital fingerprint.

•	Patch content is compliant with mandatory baselines.

•	Vulnerability is correctly displayed in the Update Server.

•	All Smart Label, sorting, and other visual features are functioning properly.

About deployment testing

Deployment testing verifies that patches are being deployed appropriately.

The testing verifies that:

•	The package is deployable.

•	The suppress-reboot functionality works.

•	The uninstallation functionality works.

•	On-demand package caching works.

•	Automatic deployment scheduling works.

•	Agent package download works.

•	SHA1 checksum ensures package integrity.

•	The Agent automatically runs assessment after patch deployment.

•	The Agent restarts automatically after reboot.

About the patch quality assurance process

About the patch quality assurance process

Quest provides Patch Management customers more value through the content development and quality assurance processes. The quality assurance teams verify the patch install and uninstall processes as well as the patch metadata produced by the content development team. Providing quality content to our customers is a high priority. To ensure successful delivery of content, Quest executes test cases covering the following test components.

Testing environment

Quest invests heavily in testing infrastructure. The content development and quality assurance teams have access to a virtual enterprise environment representing nodes of various configurations. Quest uses a mix of virtual desktops and servers in addition to custom physical bench testing to ensure that our testing infrastructure is state of the art.

Application testing

Quest tests with various applications as necessary to ensure the requirements of the patch are satisfied.

Testing strategy

Quest uses the following types of testing:

•	General testing verifies the following:

◦	Patch-naming convention complies with the Quest policies.

•	Assessment testing verifies the following:

◦	An applicable non-patched system shows applicable and not patched.

◦	An patched system shows installed and not applicable.

◦	False positives in the detection of digital fingerprint.

◦	The content complies with mandatory baselines.

◦	The patch is correctly displayed in Patch Server, including all filtering, sorting and other visual functionality.

•	Deployment testing verifies the following:

◦	The package can be successfully deployed.

◦	The suppress reboot functionality works correctly.

◦	The uninstall functionality works correctly.

◦	On-demand package caching works correctly.

◦	Automatic deployment scheduling works correctly.

◦	Agent package downloads.

◦	The package hash ensures the package integrity.

◦	The agent automatically runs assessment after each patch deployment.

◦	The agent restarts automatically after a reboot.

Trusted delivery and flexibility

Quest processes are designed and implemented to maximize global availability through a secure content distribution network. All communications with Quest are conducted through encrypted, secure channels to ensure the integrity of security content.

Using a best practice approach, critical security patches are automatically downloaded to customer locations, based on their subscription options. Additional security patches may be downloaded, as necessary, to create a customized version of the KACE Patch Content Repository within the customer’s own secure enterprise environment.

Best practices for patching

Best practices for patching

Best practices for patching devices include testing patches, using labels to organize devices and patches, and notifying users when systems are being patched.

•	Test patches before deploying them

Test patches on selected devices before deploying them to all devices. This testing ensures that patches do not break anything before they are widely deployed.

When choosing test devices, look for these characteristics:

◦	Devices whose users are technically sophisticated and can communicate problems effectively.

◦	Devices that have access to the systems and software that reflect the working environment.

For a thorough test, devices should function normally for at least a week after being patched. If no problems are reported after a week, the patch can be deployed to the remaining devices on the network.

•	Use labels to organize devices and patches

You can use Smart Labels to automatically group devices by type, such as laptop, desktop, and server. In addition, you can use Smart Labels to automatically group patches by importance, such as critical operating system patches and lower priority patches for other applications. You can then create patching schedules to match each type of device and patch.

See:

◦	Using Smart Labels for patching

◦	Creating and managing patch schedules

•	Use either Windows Update or the appliance to patch Windows devices

There are two options for patching Windows devices:

◦

Use Windows Feature Update: Windows Update is a Microsoft feature that downloads and installs updates to Windows operating systems. If you enable Windows Update on managed devices, use Patch Management on the appliance only to detect Windows operating system patches, not to deploy them. Patches will be deployed by Windows Update.

◦	Use the Patch Management: You can download and deploy patches for Windows operating systems using Patch Management. If you use Patch Management on the appliance, disable Windows Update on managed devices, because patches will be deployed by the appliance.

TIP: The appliance enables you to create a policy that specifies whether or not managed devices use Windows Update. See .

•	Minimize downtime during patching

Schedule patch deployment during periods when device use is lower to minimize downtime. Keep in mind that device use varies depending on the device type:

◦	Servers: These require careful and well-publicized upgrades. When patching servers, you might need to plan ahead by several weeks.

◦	Desktops: These have more flexible options for patching, because they are often left running when they are not in use.

◦	Laptops: These are the most difficult to patch, because they are often only available to patch while being used.

For more information about creating patch schedules for each type of device, see:

◦	About scheduling critical OS patches for desktops and servers

◦	About scheduling critical patches for laptops

•	Notify users when devices are being patched

Be sure to notify users when the devices they use are being patched. This is especially important if devices need to be restarted as part of the patching process. There are several ways to inform users of patching schedules:

◦	Send email or use other messaging systems: Notify users in advance through email and other messaging systems outside the appliance Administrator Console. This notification is especially useful when patching might prevent access to critical systems, such as servers, for a time.

◦	Send an alert message from the appliance: Use the appliance Administrator Console to create an alert and broadcast it to all devices or to selected devices. These broadcast alerts can be used to remind users that patching is about to start.

• For more information on creating alerts, see Broadcasting alerts to managed devices.

◦	Provide alerts during patching: When you schedule patching, choose to alert users before patching, and prompt users before rebooting their devices. You can also enable users to snooze or postpone reboots if necessary. See Configuring patch schedules.

For more information about scheduling patching for various devices, see:

◦	About scheduling critical OS patches for desktops and servers

◦	About scheduling critical patches for laptops

•	Set time limits on patching jobs to reduce impact on users

Patching jobs can require extensive bandwidth and resources. To reduce the impact on users, you can set time limits on patching jobs. For example, you could configure patching jobs to start at 04:00 and stop at 07:00. Any patching jobs that are in progress at 07:00 are suspended. Jobs resume where they left off when the next scheduled patching job begins. See Configuring patch schedules.

•	Use Replication Shares to optimize network resources

Use Replication Shares to optimize network resource requirements and download time. Replication Shares are devices that keep copies of files for distribution, which can be useful for managed devices that are deployed across multiple geographic locations. For example, using a Replication Share, a device in New York could download patch files from another device at the same office, rather than downloading those files from an appliance in Los Angeles.

For more information on setting up and using Replication Shares, see Using Replication Shares.

•	Find information on the Quest Knowledge Base

Quest Support has a Knowledge Base of articles about the appliance, which you can access at https://support.quest.com/kace-systems-management-appliance/kb. The Knowledge Base is continually updated with solutions to real-world appliance problems that administrators encounter. To view patching articles, go to the Knowledge Base and search for Security.

•	Use ITNinja.com to connect with other IT professionals

Sponsored by Quest KACE, ITNinja.com (formerly AppDeploy.com) is a product-agnostic IT-focused community website. It is the Internet’s leading destination for IT professionals to share information and ask questions about system-management related topics. See http://itninja.com.

•  Previous
• Viewing Topics 653 - 656 of 1029
• Next 

Search this document Search all documents for this product-version Search all documents for this product Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center