Chat now with support
Chat with Support

KACE Systems Management Appliance 14.1 Common Documents - Administration Guide

About the KACE Systems Management Appliance Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Managing user notifications Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings Configuring Content Security Policy
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Deploying the KACE Agent to managed devices Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates About Remote Control Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Managing Linux package upgrades Manage quarantined file attachments
Using reports and scheduling notifications Monitoring devices
Getting started with monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

Provisioning the KACE Agent using the GPO Provisioning Tool for Windows devices

Provisioning the KACE Agent using the GPO Provisioning Tool for Windows devices

Of the methods for provisioning the Agent on Windows devices, Quest recommends the GPO Provisioning Tool because using the tool minimizes the pre-configuration that must happen on the target devices.

The GPO Provisioning Tool uses Active Directory® and Group Policy to distribute the installation settings and to perform the installation of the Agent. The tool creates a GPO, or modifies a pre-existing GPO to install the KACE Agent when a device authenticates with Active Directory.

The first time a target device refreshes Group Policy after the tool has completed the creation or modification process, a new Group Policy client-side extension dll is registered on the devices applying this GPO. Then the next time that the device refreshes Group Policy, Windows triggers the newly registered client-side extension to install the KACE Windows Agent.

For the Quest Knowledge Base article that contains the link to download the GPO Provisioning Tool, go to https://support.quest.com/kb/133776.

Prepare to use the GPO Provisioning Tool for Agent deployment

Before you can use the GPO Provisioning Tool to deploy Agents to Windows devices, you must ensure that your system is configured to use the tool.

The following system requirements are necessary for using the GPO Provisioning Tool:

Windows 7 and higher: Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features in Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012, from a computer that is running Windows 8.1, Windows 8, or Windows 7.

Go to http://social.technet.microsoft.com/wiki/contents/articles/2202.remote-server-administration-tools-rsat-for-windows-client-and-windows-server-dsforum2wiki.aspx.

Distribution Share: Make sure to use a share that everyone can access. For example, do not place the .msi file on the NETLOGON share, because not every user can reach that share and the lack of access will cause your upgrade to fail in the future. This location should be a permanently accessible share. The installer is an MSI (Microsoft Installer) file. To uninstall or upgrade software, MSI needs access to the .msi file. If it is not accessible, msiexec will not uninstall.
Provision KACE Agents using the appliance GPO Provisioning Tool

You can install the KACE Agent on a single device, or on multiple devices by using the appliance GPO Provisioning Tool, starting within the Agent Provisioning Assistant. You can use this method to provision Windows devices.

To complete this task, you leave the appliance to work in the Windows Group Policy Management Console or the Windows Administrative Tools using the appliance GPO Provisioning Tool before returning to the appliance.

a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Provisioning.
c.
On the Provisioning panel, click Agent Provisioning Assistant.
The Agent Provisioning Assistant: Step 1 of 3 page appears.
2.
Select the check box for Provisioning Using Windows Group Policy (recommended), and click Next to display the Agent Provisioning Assistant: Step 2 of 3 page.

Installing and starting the tool requires leaving the appliance interface.

NOTE: Only GPOs for which you have permission to edit are displayed in the tool.
6.
Return to the Agent Provisioning: Step 2 of 3 page in the appliance when you have completed working in the tool, and click Next.
7.
Click Finish on the Agent Provisioning: Step 3 of 3 page.

Agents are installed on the client devices after the Group Policy is refreshed on those devices. Depending on the environment, this installation takes place either when the device reboots, or after a 90-minute refresh cycle occurs for the Group Policy.

Go to the Devices page to keep track of the progress of devices having the agents installed and checked in.

Prepare to use the GPO Provisioning Tool for Agent deployment

Provisioning the KACE Agent using the GPO Provisioning Tool for Windows devices

Of the methods for provisioning the Agent on Windows devices, Quest recommends the GPO Provisioning Tool because using the tool minimizes the pre-configuration that must happen on the target devices.

The GPO Provisioning Tool uses Active Directory® and Group Policy to distribute the installation settings and to perform the installation of the Agent. The tool creates a GPO, or modifies a pre-existing GPO to install the KACE Agent when a device authenticates with Active Directory.

The first time a target device refreshes Group Policy after the tool has completed the creation or modification process, a new Group Policy client-side extension dll is registered on the devices applying this GPO. Then the next time that the device refreshes Group Policy, Windows triggers the newly registered client-side extension to install the KACE Windows Agent.

For the Quest Knowledge Base article that contains the link to download the GPO Provisioning Tool, go to https://support.quest.com/kb/133776.

Prepare to use the GPO Provisioning Tool for Agent deployment

Before you can use the GPO Provisioning Tool to deploy Agents to Windows devices, you must ensure that your system is configured to use the tool.

The following system requirements are necessary for using the GPO Provisioning Tool:

Windows 7 and higher: Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features in Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012, from a computer that is running Windows 8.1, Windows 8, or Windows 7.

Go to http://social.technet.microsoft.com/wiki/contents/articles/2202.remote-server-administration-tools-rsat-for-windows-client-and-windows-server-dsforum2wiki.aspx.

Distribution Share: Make sure to use a share that everyone can access. For example, do not place the .msi file on the NETLOGON share, because not every user can reach that share and the lack of access will cause your upgrade to fail in the future. This location should be a permanently accessible share. The installer is an MSI (Microsoft Installer) file. To uninstall or upgrade software, MSI needs access to the .msi file. If it is not accessible, msiexec will not uninstall.
Provision KACE Agents using the appliance GPO Provisioning Tool

You can install the KACE Agent on a single device, or on multiple devices by using the appliance GPO Provisioning Tool, starting within the Agent Provisioning Assistant. You can use this method to provision Windows devices.

To complete this task, you leave the appliance to work in the Windows Group Policy Management Console or the Windows Administrative Tools using the appliance GPO Provisioning Tool before returning to the appliance.

a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Provisioning.
c.
On the Provisioning panel, click Agent Provisioning Assistant.
The Agent Provisioning Assistant: Step 1 of 3 page appears.
2.
Select the check box for Provisioning Using Windows Group Policy (recommended), and click Next to display the Agent Provisioning Assistant: Step 2 of 3 page.

Installing and starting the tool requires leaving the appliance interface.

NOTE: Only GPOs for which you have permission to edit are displayed in the tool.
6.
Return to the Agent Provisioning: Step 2 of 3 page in the appliance when you have completed working in the tool, and click Next.
7.
Click Finish on the Agent Provisioning: Step 3 of 3 page.

Agents are installed on the client devices after the Group Policy is refreshed on those devices. Depending on the environment, this installation takes place either when the device reboots, or after a 90-minute refresh cycle occurs for the Group Policy.

Go to the Devices page to keep track of the progress of devices having the agents installed and checked in.

Provision KACE Agents using the appliance GPO Provisioning Tool

Provisioning the KACE Agent using the GPO Provisioning Tool for Windows devices

Of the methods for provisioning the Agent on Windows devices, Quest recommends the GPO Provisioning Tool because using the tool minimizes the pre-configuration that must happen on the target devices.

The GPO Provisioning Tool uses Active Directory® and Group Policy to distribute the installation settings and to perform the installation of the Agent. The tool creates a GPO, or modifies a pre-existing GPO to install the KACE Agent when a device authenticates with Active Directory.

The first time a target device refreshes Group Policy after the tool has completed the creation or modification process, a new Group Policy client-side extension dll is registered on the devices applying this GPO. Then the next time that the device refreshes Group Policy, Windows triggers the newly registered client-side extension to install the KACE Windows Agent.

For the Quest Knowledge Base article that contains the link to download the GPO Provisioning Tool, go to https://support.quest.com/kb/133776.

Prepare to use the GPO Provisioning Tool for Agent deployment

Before you can use the GPO Provisioning Tool to deploy Agents to Windows devices, you must ensure that your system is configured to use the tool.

The following system requirements are necessary for using the GPO Provisioning Tool:

Windows 7 and higher: Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features in Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012, from a computer that is running Windows 8.1, Windows 8, or Windows 7.

Go to http://social.technet.microsoft.com/wiki/contents/articles/2202.remote-server-administration-tools-rsat-for-windows-client-and-windows-server-dsforum2wiki.aspx.

Distribution Share: Make sure to use a share that everyone can access. For example, do not place the .msi file on the NETLOGON share, because not every user can reach that share and the lack of access will cause your upgrade to fail in the future. This location should be a permanently accessible share. The installer is an MSI (Microsoft Installer) file. To uninstall or upgrade software, MSI needs access to the .msi file. If it is not accessible, msiexec will not uninstall.
Provision KACE Agents using the appliance GPO Provisioning Tool

You can install the KACE Agent on a single device, or on multiple devices by using the appliance GPO Provisioning Tool, starting within the Agent Provisioning Assistant. You can use this method to provision Windows devices.

To complete this task, you leave the appliance to work in the Windows Group Policy Management Console or the Windows Administrative Tools using the appliance GPO Provisioning Tool before returning to the appliance.

a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Provisioning.
c.
On the Provisioning panel, click Agent Provisioning Assistant.
The Agent Provisioning Assistant: Step 1 of 3 page appears.
2.
Select the check box for Provisioning Using Windows Group Policy (recommended), and click Next to display the Agent Provisioning Assistant: Step 2 of 3 page.

Installing and starting the tool requires leaving the appliance interface.

NOTE: Only GPOs for which you have permission to edit are displayed in the tool.
6.
Return to the Agent Provisioning: Step 2 of 3 page in the appliance when you have completed working in the tool, and click Next.
7.
Click Finish on the Agent Provisioning: Step 3 of 3 page.

Agents are installed on the client devices after the Group Policy is refreshed on those devices. Depending on the environment, this installation takes place either when the device reboots, or after a 90-minute refresh cycle occurs for the Group Policy.

Go to the Devices page to keep track of the progress of devices having the agents installed and checked in.

Provisioning the KACE Agent using onboard provisioning

Provisioning the KACE Agent using onboard provisioning

You can install the KACE Agent on multiple devices by specifying a range of IP addresses as targets for deployment (onboard provisioning). Windows, Mac OS X, and Linux devices can be targets for onboard provisioning.

After you have prepared each of your target client devices, you use the Agent Provisioning Assistant in the appliance to identify the devices and set up a provisioning schedule.

Preparing to install the KACE Agent

Before you install the KACE Agent on devices using onboard provisioning, you must verify system requirements, enable file sharing, and prepare devices.

For information on file sharing, see Enabling file sharing.

Verifying system requirements for the KACE Agent installation

Before you install the KACE Agent on devices, verify that the required ports are accessible, and that managed devices meet system requirements.

Managed devices must meet the following system requirements and be able to access the required ports:

See the Technical Specifications available on the product documentation page: https://support.quest.com/kace-systems-management-appliance/technical-documents.
Prepare Windows devices to have the Agent installed

Before you install the KACE Agent on Windows devices, you must configure file sharing and User Account Control (UAC) properly.

Provide Administrator credentials for each device. To install the KACE Agent on multiple devices, the Administrator credentials must be the same for all devices.

To configure User Account Control (UAC), do one of the following:

Set User Account Control: Run all administrators in Admin Approval Mode to Disabled. This option is recommended, because it is more secure and can be centrally configured using GPO. To find this setting, open the Group Policy (type secpol.msc into the Search programs and files field under the Start menu), then go to Local Policies > Security Options. Restart the device after applying the settings.
Disable UAC. On Windows 7, go to Control Panel > System and Security > Action Center > Change User Account Control Settings. On Windows 8, go to Control Panel > System and Security > Administrative Tools > Local Security Policy, then in Security Options in the Local Policies section choose Disabled for each of the items labeled User Account Control.

On the Advanced Sharing Settings page, enable network discovery and file and printer sharing.

If Windows Firewall is enabled, you must enable File and Print Sharing in the Exceptions list of the Firewall Configuration. For instructions, see the Microsoft Support website.

The appliance verifies the availability of ports 139 and 445 on target devices before attempting to run any remote installation procedures.

Install the KACE Agent on a device or multiple devices

You can install the KACE Agent on a single device, or on multiple devices by specifying a range of IP addresses as targets for installation, using the Agent Provisioning Assistant. You can use this method to provision Windows, Mac, or Linux devices.

With the Agent Provisioning Assistant, you can create provisioning schedules to specify how and when to install the KACE Agent on devices in your network. Provisioning according to a schedule is useful to help ensure that devices in an IP address range have the Agent installed.

Provisioning schedules configure the appliance to periodically check devices in a specified IP address range and install, reinstall, or uninstall the KACE Agent as needed.

For provisioning Windows devices, you can also use the appliance GPO Provisioning Tool. Using the tool minimizes the pre-configuration that must happen on the target device. See Provisioning the KACE Agent using the GPO Provisioning Tool for Windows devices.

a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Provisioning.
c.
On the Provisioning panel, click Agent Provisioning Assistant.
The Agent Provisioning Assistant: Step 1 of 3 page appears.
2.
Select Provisioning Using IP Range (Windows, Mac, Linux) and click Next to display the Provisioning Schedule Detail page.
3.
In the Configure section, name the schedule, enable provisioning, and provide platform information:

Option

Description

Name

A unique name that identifies this configuration. The name appears on the Provisioning Schedules page.

Enabled

Enable provisioning schedules. Schedules run only if this check box is selected.

Install/Uninstall

Indicates whether the provisioning schedule deals with installing or uninstalling Agents.

Agent Token

The token the Agent uses to connect to the appliance. Select an existing Agent token or add a new one:

1.
Select Add Agent Token.
2.
In the Add Agent Token dialog box, provide the following information:
Enable Expiration: If you want this token to be valid for a limited time, select this check box, and specify the expiration date and time, as required. To change the specified date and time, click Clear, and provide the new expiration deadline.
Enable Use Limit: If you want to specify the number of times the token can be used to register one or more agents with the appliance, select this check box, and in the field that appears, specify the maximum use count. Unless an agent's history is deleted from the appliance, the agent registers with the appliance only once, so this number represents the total number of times one or more agents can register with the appliance.
3.
Click Save.

If you do not select an Agent token, when the Agent connects to the appliance for the first time, it remains in the quarantine list until the appliance administrator approves its connection request. For more information, see Registering KACE Agent with the appliance.

Credentials

Separate rows for the credentials needed to connect to the device and run commands for the particular platform targeted by the schedule. The first column contains the operating system. The second column contains the Agent Version in place for installation. The third column contains a drop-down list from which to select existing credentials. You can select Add new credential to add credentials not already listed.

See Add and edit User/Password credentials.

4.
In the Deploy section, identify the devices to be included in the schedule:

Option

Description

Target IP addresses or hostnames

A comma-separated list of the IP addresses or host names of the target devices. Use hyphens to specify individual IP address class ranges.

The Help me pick devices link enables you to add devices to the Target IP addresses or Hostnames list:

Provisioning IP Range: Use hyphens to specify individual IP address class ranges. For example:
IPv6: fdef:22b9:e8ae:14a9::1a0:f000-f0aa
IPv4: 192.168.2-5.1-200

After specifying a range, click Add All

Select Devices from Discovery: This drop-down list is populated from the Discovery Results. To filter the contents, start typing in the field. After selecting a device, click Add All.

Option

Description

None

Run in combination with an event rather than on a specific date or at a specific time.

Every n hours

Run at a specified interval.

Every day/specific day at HH:MM

Run daily at a specified time, or run on a designated day of the week at a specified time.

Run on the nth of every month/specific month at HH:MM

Run on the same day every month, or a specific month, at the specified time.

Run on the nth weekday of every month/specific month at HH:MM

Run on the specific weekday of every month, or a specific month, at the specified time.

Custom

Run according to a custom schedule.

Use standard 5-field cron format (extended cron format is not supported):

Use the following when specifying values:

Spaces ( ): Separate each field with a space.
Asterisks (*): Include the entire range of values in a field with an asterisk. For example, an asterisk in the hour field indicates every hour.
Commas (,): Separate multiple values in a field with a comma. For example, 0,6 in the day of the week field indicates Sunday and Saturday.
Hyphens (-): Indicate a range of values in a field with a hyphen. For example, 1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates Monday through Friday.
Slashes (/): Specify the intervals at which to repeat an action with a slash. For example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The asterisk (*) specifies every hour, but /3 restricts this to hours divisible by 3.

Examples:

View Task Schedule

Click to view the task schedule. The Task Schedule dialog box displays a list of scheduled tasks. Click a task to review the task details. For more information, see View task schedules.

6.
Optional: Use Advanced settings to:
Choose the level of information to display in the log. To see only the most important messages, select Critical. To see all messages, select Debug. Other options include Error, Warning, Notice, and Info.
Enable a complete uninstall of the Agent. Selecting Remove KUID during uninstall results in an existing Agent being removed from the device before the Agent is installed again. In this case, the appliance generates a new KUID for the asset, and it appears as a new device in the appliance.
7.
Click Run now to display the Provisioning Schedules page and the new configuration.

The Provisioning Schedules page displays the progress of the successful installations after the schedule's start time.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating