Chat now with support
Chat with Support

KACE Systems Management Appliance 7.1 - Administrator Guide

About the KACE Systems Management Appliance (K1000) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations
Setting up License Compliance Managing License Compliance Setting up Service Desk Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the K1000 Agent Manually deploying the K1000 Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the K1000
Appendixes Glossary About us Legal notices

Configure appliance General Settings without the Organization component

Configure appliance General Settings without the Organization component

If the Organization component is not enabled on your appliance, all appliance General Settings are available at the Admin level.

If the Organization component is enabled on your appliance, see Configure Admin-level or organization-specific General Settings.

1.
Go to the Admin-level General Settings page:
a.
Log in to the K1000 Administrator Console, http://K1000_hostname/admin.
b.
On the left navigation bar, click Settings, then click General Settings.
2.
In the General Options section, provide the following information:

Option

Description

Last updated

Read-only: The date the information was changed and the name of the organization.

Company Name

Enter the name of your company.

Administrator Email

Enter the email address of the appliance administrator. System-related messages, including critical alerts, are sent to this address.

Company Email Suffix

Enter the domain from which your users send email. For example: example.com.

Enable mobile device access

Enable or disable Mobile Device Access to the appliance. Mobile device access enables you to interact with the K1000 appliance using the KACE GO app on iOS and Android smart phones and tablets. Administrators can use the app to access Service Desk, inventory, and application deployment features.

See Configuring Mobile Device Access.

Session Timeout

Set the number of inactive hours to allow before closing user sessions and requiring users to log in again. The default is 1. The User Console and Administrator Console have Timeout Session counters to alert users of this time limit. Only periods of inactivity are counted. The counter restarts when the user performs any action that causes the console to interact with the appliance server, such as refreshing a window, saving changes, and changing windows. When the counter reaches the limit, the user is logged out, unsaved changes are lost, and the login screen appears. The Timeout Session counter appears in the upper right of each console.

3.
In the Client Drop File Size Filter section, specify a file size.

Options

Description

Client Drop File Size Filter

A file-size filter for the organization's Client Drop location.

The Client Drop location is a storage area (Samba share) for the organization on the K1000 appliance. This storage area is used to upload large files, such as application installers and appliance backup files, to the appliance. Uploading files to the Client Drop location is an alternative to uploading files through the Administrator Console using the default HTTP mechanism, which can result in browser timeouts for large files.

The Client Drop Size filter determines whether files uploaded to the organization's Client Drop location are displayed on the Upload and Associate Client Drop File list on the Software Detail page. For example, if the Client Drop Size filter is set to 1 GB, the Upload and Associate Client Drop File list shows files that are 1 GB in size or larger. Files that are less than 1 GB in size are not displayed on the list.

Application files are moved from the organization's Client Drop location to the appropriate area when the file is selected on the Software Detail page and saved.

Appliance backup files that are placed in the Client Drop location are automatically identified as appliance backup files, and they become available for selection on the Backup Settings page within five minutes. See Copy files to the K1000 Client Drop location.

4.
In the User Console section, specify customizations for the User Console text:

Option

Description

Title

The heading that appears on the User Console login page. The User Console is the web-based interface that makes applications available to users on a self-service basis. It also enables users to file Service Desk support tickets to request help or report issues. To access the User Console, go to http://<K1000_hostname>/user where <K1000_hostname> is the hostname of your appliance.

Welcome Message

A welcome note or description of the User Console. This text appears below the title on the User Console login page.

5.
In the Acceptable Use Policy section, select policy settings:

Option

Description

Enabled

Enable the appliance to display your policy, and require users to accept the terms of your policy, when they access the Administrator Console, User Console, or Command Line Console, or log in using SSH or FTP.

Title

The heading of the policy to be displayed on the login page of the User Console.

Message

Details of the policy, which are displayed below the Title on the login page. Users must agree to the terms of the policy before they can log in to the User Console.

6.
In the Log Retention section, select the number of days to retain log information. Log entries that are older than the selected number of days are automatically deleted from the log. See Access appliance logs to view Microsoft Exchange Server errors.
7.
In the Share With Quest section, specify data sharing options.

Option

Description

Share summary usage data...

(Recommended) Share summary information with Quest. This information includes appliance status, uptime, and load averages, as well as the number of devices, Managed Installations, and applications being managed by the appliance. This option is recommended because it provides additional information to Quest Support if you need assistance. In addition, data shared with Quest is used when planning product enhancements.

Share detailed usage data...

(Recommended) Share detailed information with Quest and share anonymous information with ITNinja.com. This information includes Agent and appliance crash reports, user interface usage statistics, and inventory information, such as application titles. Quest uses this information to help improve the Software Catalog, and ITNinja uses anonymous data to identify relevant content on http://www.itninja.com for dynamic feeds to the K1000 Administrator Console.

ITNinja.com is a community website where IT professionals can share information and research on a wide variety of systems management and deployment topics. The ITNinja feed is a feature that dynamically displays software deployment tips and other contextual information on relevant pages in the K1000 Administrator Console. To enable the ITNinja feed, you need to select Share detailed Usage data.... This setting shares information anonymously with ITNinja. The ITNinja feed is available only if Share Summary Usage Data... is selected, and it is available only on pages related to software deployment, such as the software, Managed Installation, and File Synchronization detail pages. The feed is not available on the Software Catalog detail page.

Clear this option to prevent the appliance from sharing inventory data with the ITNinja community. However, clearing this option does not remove any information that has already been shared. For more information, contact Quest Support.

8.
In the Locale Settings section, specify locale preferences. These preferences determine the formats used for date and time information displayed in the Administrator Console.

Option

Description

Organization Locale

The locale to use for the organization’s Administrator Console and User Console.

Command Line Console Locale

The locale to use in the Command Line Console, which uses the konfig user account.

9.
In the Ignore Client IP Address Settings section, enter the IP address or addresses to ignore. Separate each address with a comma. Ignoring IP addresses is useful when multiple devices could report themselves with the same IP address, such as a proxy address.
10.
In the License Usage Warning Configurations section, select the percentage to use for the warning threshold and critical threshold for software license usage. If you have configured software License assets, threshold information is displayed on the license-related widgets on the Dashboard.
11.
In the Update Reporting User Password section, provide the password of the account required to run reports on the organization. You cannot change the Database Name or the Report Username.
12.
In the Data Retention section, select the options for retaining data on the appliance. You can retain this data for a specified number of months, Forever, or never save it (Disabled).

Option

Description

Retain Device Uptime Data

The amount of uptime data to save for devices. Device uptime data refers to the number of hours of each day that your managed devices are running. You can retain this data for a specified number of months, Forever, or never save it (Disabled).

Retain Metering Data

The number of months that metering data is retained in the K1000 appliance database.

Metering data is information about how applications are installed and used on the Windows and Mac devices that you manage. Metering data that is older than the selected number of months is deleted on the first day of every month. See About metering information.

Retain Uncataloged data in the Software Catalog

Whether or not to retain information about Uncataloged applications in the K1000 appliance database.

Uncataloged applications are executables that are in the K1000 inventory but that do not appear in the Software Catalog, and the K1000 retains information about those applications by default. For organizations with a large number of managed devices, however, retaining this data might greatly increase the size of the database. This could increase the time it takes to load pages in the Administrator Console and the time it takes to perform database backups.

Select this check box to retain data for Uncataloged software in the K1000 database. Clear the check box to disable data retention.

If data retention for Uncataloged software is disabled:

13.
In the Device Actions section, click Add New Action, then select the scripted actions to enable.

Device Actions are scripted actions that can be performed on managed devices. There are several pre-programmed actions available. To add your own action, select Custom Action in the Action menu, then enter the command in the Command Line text box.

The following variables are available for device actions:

KACE_HOST_IP

KACE_HOST_NAME

KACE_CUSTOM_INVENTORY_*

When device actions run, the appliance replaces variables with their appropriate values.

For KACE_CUSTOM_INVENTORY_ * replace the asterisk (*) with the name of a software application associated with a custom inventory rule. When the device action runs, the name is replaced with the custom inventory rule value for the device. Enter the software application name in uppercase characters. The allowed characters are: [A-Z0-9.-]."

If you are using Internet Explorer, you can define any valid statement to perform a task on a remote device, then assign a name to it to use the next time you want to perform that task. For example, you can enter the statement, ping.exe –t KACEHOSTIP and name it Ping. A valid statement is a maximum of 150 characters, and the name that you assign to it must be any printable character of up to 20 characters. For information about running Device Actions, see Run actions on devices.

NOTE: Most actions in the Action drop-down list require you to install additional applications for them to function. For example, using DameWare requires you to install TightVNC on your device as well as on the device you want to access.
NOTE: To run Device Actions, you must have the Administrator Console open in Internet Explorer, because ActiveX is required to launch these programs on the local device. Other browsers do not support ActiveX. See https://support.quest.com/kb/148787.
14.
To use a custom logo in the User Console, select images in the Logo Overrides section.
NOTE: You can change the logo in the User Console only; you cannot change the logo in the Administrator Console.

Option

Description

User Console

The logo or other graphic displayed at the top of the User Console. Follow these guidelines for graphics:

To see the default login page and a customized version, see Configure appliance General Settings with the Organization component enabled.

Report

This setting controls the logo used when generating reports for the selected organization.

Upload a logo or other graphic to be displayed at the top of reports. The graphic must be 201 pixels wide by 63 pixels high as specified in the auto-generated XML layout. To use a different size, adjust the output of the XML report.

To see the default report logo and a customized version, see Configure appliance General Settings with the Organization component enabled.

If the Organization component is enabled on your appliance, you can specify different logos for the reports produced for each organization and for the System.

For information about using custom logos at the System level, see Configure appliance General Settings with the Organization component enabled.

Agent Alert

Upload a logo or graphic to be used in pop-up messages on Agent-managed devices. These pop-ups include snooze dialogs, installation progress messages, alert messages, and message windows created by scripts. After you upload a graphic, it becomes available to managed devices the next time they check in to the appliance.

Graphics for pop-up messages must be in BMP format with a maximum color depth of 256 and a size of 100 pixels wide by 38 pixels high.

To see the default alert logo and a customized version, see Configure appliance General Settings with the Organization component enabled.

You can customize Alert message text and options as well. See Adding and editing scripts.

15.
Click Save and Restart Services.

Configure appliance date and time settings

Configure appliance date and time settings

Configure appliance date and time settings in the Settings section of the Administrator Console. If the Organization component is enabled on your appliance, date and time settings are available at the System level.

It is important to keep the appliance date and time settings accurate, because many calculations are based on these settings.

1.
Go to the appliance Control Panel:
If the Organization component is enabled on the appliance, log in to the K1000 System Administration Console, http://K1000_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings.
2.
Click Date and Time Settings.
The Date and Time Settings page appears.

Option

Description

Timezone

Select a timezone in the drop-down list.

Time Setting

Select an option:

Configure Network Time Protocol. Use an Internet time server. If you select this option, provide the server web address in the Server field.
Manually configure date and time. Set the appliance clock manually. Specify the time and date in the drop-down lists. The Hour drop-down list uses a 24-hour clock format.

Server

Use an Internet time server to set the appliance time. Enter the web address of the time server in the text box. For example: time.example.com.

4.
Click Save and Reboot.

Verifying port settings, NTP service, and website access

Verifying port settings, NTP service, and website access

Port settings, NTP service, and website access must be configured correctly to enable features such as Agent communications, Software Catalog updates, and patch downloads.

Verify port settings

Verify port settings

Appliance ports must be configured correctly to enable device management and database or file access.

Port

Use

Direction

20 and 21

(Optional and not recommended) Used to access backup files on the appliance through FTP from outside the firewall.

Inbound to the appliance

22

(Recommended) Used to create an SSH tunnel to quest.com.

Outbound from the appliance

25

(Optional) Used by the appliance SMTP server for email (non-SSL). This is required only if you configure SMTP email. See Configuring SMTP email servers.

Outbound from the appliance

80

(Required unless SSL is enabled) Used for standard HTTP (web) access to the Administrator Console and User Console.

Inbound to the appliance

110

(Optional) Used for POP3 email (non-SSL)

Inbound to the appliance

161

(Optional) Used for SNMP monitoring. See Discovering devices on your network.

Outbound from the appliance

443

(Required) Used for SSL access. Devices use this port when they check in to the appliance using HTTPS.

Inbound to the appliance

587

(Optional) Used by the appliance SMTP server for secure email (SSL enabled). This is required only if you configure secure SMTP email. See Configuring SMTP email servers.

Outbound from the appliance

995

(Optional) Used for POP3 email (SSL enabled).

Inbound to the appliance

3306

(Optional) Used to access the appliance database with external tools. For example, this port is used to run reports on the K1000 database using Microsoft Access® or Excel®.

Inbound to the appliance

52230

(Required) Used for AMP (Agent Messaging Protocol) communications. The appliance listens on this port for communications from devices on which the K1000 Agent is installed.

Inbound to the appliance

Port

Use

7

(Optional) Used by the appliance for UDP traffic on the network, which is used for Wake-on-LAN. See Using Wake-on-LAN.

139

(Optional) Used during K1000 Agent provisioning on Windows devices.

161

(Optional) Used for SNMP monitoring. This port should be open and bound to SNMP. See Discovering devices on your network.

445

(Optional) Used during K1000 Agent provisioning. See Provisioning the K1000 Agent.

Port

Use

389

(Optional) Used for LDAP access.

636

(Optional) Used for secure LDAP access.

Related Documents