About the KACE Systems Management Appliance (SMA)
About KACE SMA components
About the Administrator Console
Getting started
Components available in Admin mode without the Organization component
Components available in Admin mode with the Organization component enabled
Components available in System mode with the Organization component enabled
Using the Home component
About Dashboards
View the Dashboard in Admin mode
View the Dashboard in System mode
Customize Dashboard pages
About Dashboard widgets
View Dashboard details
View task schedules
View the KACE SMA version, model, and license information
View KACE SMA license information
About appliance software updates
About labels
Searching for information and filtering lists
Search at the Admin level
Search at the page level
Searching at the page level with advanced options
Log in to the Administrator Console: First login following initial network configuration
Example: Search for managed devices using Advanced Search criteria
Add Smart Labels and Notifications using Advanced Search criteria
Load Smart Labels from the Advanced Search tab
Create Custom Views using Advanced Search criteria
Access product documentation
Configuring the appliance
Managing inventory
Requirements and specifications
Power-on the appliance and log in to the Administrator Console
Access the Command Line Console
Tracking configuration changes
Configuring System-level and Admin-level General Settings
Setting up and using labels to manage groups of items
Configure appliance General Settings with the Organization component enabled
Configure Admin-level or organization-specific General Settings
Configure appliance General Settings without the Organization component
Configure appliance date and time settings
Enable Two-Factor Authentication for all users
Verifying port settings, NTP service, and website access
Verify port settings
Verifying the status of the NTP service
Make necessary websites accessible to the KACE SMA
Configuring network and security settings
Change appliance network settings
Configure local routing tables
Configure local web server settings and whitelist hosts
Configure security settings for the appliance
Configure Active Directory as the single sign on method
Generate an SSL certificate
Configuring Agent settings
Configuring session timeout and auto-refresh settings
Configuring locale settings
How locale settings are applied
Configure locale settings for the Administrator Console and the Command Line Console
Configure locale settings for the User Console
Configure locale settings for organizations
Configure locale settings for users
Configuring the default theme
Configure data sharing preferences
About DIACAP compliance requirements
Configuring Mobile Device Access
Enable Mobile Device Access for the appliance
Enable Mobile Device Access for users
Download and use KACE GO
Disable Mobile Device Access on the appliance
Disable Mobile Device Access for users
Enable fast switching for organizations and linked appliances
Linking Quest KACE appliances
Enable appliance linking
Add Names and Keys to appliances
Enable access to Federation API settings
Disable appliance linking
Configuring history settings
About history settings
Managing settings history
Configure settings history subscriptions for organizations
Configure System-level settings history subscriptions with the Organization component enabled
View settings history
Managing asset history
Managing object history
Using change history information
About labels
Tracking changes to label settings
Managing manual labels
Managing Smart Labels
Configuring user accounts, LDAP authentication, and SSO
Add Smart Labels
Example: Combine Smart Labels to identify devices
Edit Smart Labels
Setting up labels for user accounts
Using Smart Labels for patching
Using Smart Labels with Discovery Results
Adding Smart Labels for devices
Assign the Smart Label run order
Delete Smart Labels
Managing label groups
Add, view, or edit label groups
Assign labels to or remove labels from label groups
Delete label groups
Managing LDAP Labels
About user accounts and user authentication
About locale settings
Managing System-level user accounts
Using Replication Shares
Managing credentials
Add or edit System-level user accounts
Manage appliance administrator email notifications
Delete System-level user accounts
Managing organization user accounts
Add or edit User Roles
Delete User Roles
Add or edit organization user accounts
Customize user details
Archive user accounts
View or edit user profiles
Using an LDAP server for user authentication
Importing users from an LDAP server
About single sign on (SSO)
Enabling and disabling single sign on
Using Active Directory for single sign on
Configure Active Directory as the single sign on method
Configuring browser settings for single sign on
Configure Internet Explorer browser settings
Configure Firefox browser settings
Use Active Directory single sign on to access the Administrator Console or User Console
Unjoin the domain and disable Active Directory single sign on
Tracking changes to Credentials Management settings
Add and edit Secret Key credentials
Add and edit User/Password credentials
Add and edit Google OAuth credentials
Add and edit SNMP credentials
View credential usage
Create reports from the Credentials Management list
Export credentials information
Delete credentials
Configuring assets
About the Asset Management component
Using the Asset Management Dashboard
About managing assets
Setting up License Compliance
How asset information differs from inventory information
Identifying the assets to track
View assets and search for asset information
Add barcodes to assets
Change device owners
View and configure asset lifecycle settings
Adding and customizing Asset Types and maintaining asset information
About Asset Types
Customizing Asset Types
Managing Software assets
Managing physical and logical assets
Maintaining and using manual asset information
Managing locations
Managing contracts
Managing licenses
Managing purchase records
About renaming fields and changing field types in Asset Types
About adding and deleting asset fields
Add or customize Asset Types
About customizing the Device Asset Type
Example: Add custom fields to the Device Asset Type
Establishing relationships between asset fields
Delete Asset Types
About Asset Subtypes, custom fields, and device detail preferences
Workflow for using Asset Subtypes with SNMP devices
Add Asset Subtypes and select Device Detail page preferences
Edit Asset Subtypes
Set an Asset Subtype as the default
View subtypes available to Asset Types
View Asset Subtypes on the Assets page
Assign or change Device Asset Subtypes from the Devices page
Assign assets to subtypes or change subtype assignments from the Assets page
Update custom asset fields manually
Delete Asset Subtypes
About License Compliance for Software Catalog applications
Customize the License Asset Type
Add License assets for Software Catalog inventory
Add License assets for Software page inventory
Importing license data in CSV files
Managing License Compliance
View License Compliance information for Software Catalog applications
Reclaim unused software licenses
Update software License Compliance information manually
Customize license usage warning thresholds
View License Compliance and Configuration information
Setting up Service Desk
Setting up roles for user accounts
Configure the Cache Lifetime for Service Desk widgets
Creating and managing organizations
About default roles
Create a Service Desk staff role
Assign user roles
Apply labels and roles to Service Desk staff
Create the DefaultTicketOwners account
Configuring email settings
About email notifications
About Ticket Rules
About POP3 email accounts
Create and configure POP3 email accounts
Configure email preferences
Configuring email triggers and email templates
Configure CC lists for ticket categories
Automatically add email addresses to ticket CC List fields
Exclude addresses from ticket CC List fields
Prevent email loops
About organizations
Tracking changes to organization settings
Managing Organization Roles and User Roles
Adding, editing, and deleting organizations
Importing and exporting appliance resources
Add or edit organizations
Configure Two-Factor Authentication for organizations
Delete organizations
Customizing the logos used for the User Console and organization reports
Managing user accounts for organizations
Managing organization filters
How organization filters work
Add or edit organization Data Filters
Add or edit organization LDAP Filters
Test organization filters
Delete organization filters
Managing devices within organizations
Understanding device details
Running single organization and consolidated reports
Using the Inventory Dashboard
Using Device Discovery
Deploying packages to managed devices
About Device Discovery and device management
Tracking changes to Discovery settings
Discovering devices on your network
Managing device inventory
Add a Discovery Schedule to perform a quick "what and where" scan of your network
Add a Discovery Schedule for a thorough scan of managed Windows, Mac, Linux, and UNIX computers
Obtain a Client ID and Client Secret for use in discovering Chrome devices
Add a Discovery Schedule for a KACE Cloud Mobile Device Manager device
Add a Discovery Schedule for a G Suite device
Add a Discovery Schedule for an AirWatch device
Add a Discovery Schedule for a VMware ESXi host or a vCenter Server
Add a Discovery Schedule for SNMP-enabled non-computer devices
About Discovery Results
View and search Discovery Results
Provision the Agent using the discovered IP address or hostname
Stop a running discovery scan
Delete Discovery Schedules
About managing devices
Features available for each device management method
About inventory information
Tracking changes to inventory settings
Managing inventory information
Managing applications on the Software page
Add custom data fields
Schedule inventory data collection for managed devices
View device inventory and details
Groups and sections of items in device details
About Dell Data Protection | Encryption (DDP|E) and encryption information in device details
Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices
Finding and managing devices
Add the DumpXmlInventory registry key to an Agent-managed Windows device
Add the DumpXmlInventory registry key to an Agentless-managed Windows device
About Intel AMT information in device details
Finding devices in inventory
Labeling devices to group them
Run actions on devices
View devices that have been added manually
Delete devices from inventory
Provisioning the KACE SMA Agent
Enabling file sharing
Manually deploying the KACE SMA Agent
Enable file sharing at the System level
Enable organization-level file sharing with the Organization component enabled
Enable file sharing without the Organization component enabled
Provisioning the KACE SMA Agent using the GPO Provisioning Tool for Windows devices
Prepare to use the GPO Provisioning Tool for Agent deployment
Provision KACE SMA Agents using the KACE SMA GPO Provisioning Tool
Provisioning the KACE SMA Agent using onboard provisioning
Managing provisioning schedules
View, run, edit, or duplicate provisioning schedules
Delete provisioning schedules
View provisioning results
Managing Agent communications
Configure Agent communication and log settings
View Agent task status
View the Agent Command Queue
Delete messages from the Agent command queue
Updating the KACE SMA Agent on managed devices
Obtaining Agent installation files
Manually deploying the KACE SMA Agent on Windows devices
Using Agentless management
Manually deploy the KACE SMA Agent on Windows devices using the installation wizard
Manually deploy the KACE SMA Agent on Windows devices using the Command line
Manage the KACE SMA Agent on Windows devices using the Windows system tray
Manually deploying and upgrading the KACE SMA Agent on Linux devices
Manually deploy the KACE SMA Agent on Linux devices
Deploy the KACE SMA Agent on Linux devices at startup or login
Upgrade the KACE SMA Agent on Linux devices
Performing Agent operations on Linux devices
Start and stop the Agent on Linux devices
Manually remove the Agent from Linux devices
Verify that the Agent is running on Linux devices
View the Agent version on Linux devices
Collecting inventory information
Manually deploying and upgrading the KACE SMA Agent on Mac devices
Deploy or upgrade the KACE SMA Agent to Mac devices using the Agent installer
Deploy the Agent to Mac devices using the terminal window
Use shell scripts to deploy the KACE SMA Agent
Performing other Agent operations on Mac devices
Start or stop the Agent on Mac devices
Manually remove the Agent from Mac devices
Verify that the Agent is running on Mac devices
Verify the version of the Agent on Mac devices
Collecting inventory information from Mac devices
Manage the KACE SMA Agent on Mac devices using the menu bar
Viewing information collected by the Agent
About Agentless device management
Adding devices manually in the Administrator Console or by using the API
Operating systems supported by Agentless management
About enabling Agentless management on Agent-managed devices
Managing Agentless devices
Enable Agentless management using Discovery information
Enable Agentless management by entering device information manually
Shell support for SSH connections
Edit Agentless device connection details or delete Agentless devices
Using SNMP Inventory Configurations to identify specific SNMP objects and non-computer devices to add to inventory
About managing devices
Tracking changes to inventory settings
Add devices manually with the Administrator Console
Adding devices manually using the API
Forcing inventory updates
Force inventory updates from the appliance
Force inventory updates from Windows devices
Force inventory updates from Mac OS X devices
Force inventory updates from Linux devices
Managing MIA devices
Configure MIA settings
Apply labels to MIA devices
Delete MIA devices manually
Troubleshoot devices that fail to appear in inventory
Obtaining Dell warranty information
About the Software page
Tracking changes to inventory settings
Adding and deleting applications in Software page inventory
Creating Software assets
Managing Software Catalog inventory
Add Software assets in the Inventory section
Add Software assets in the Assets section
Attach digital assets to applications and select supported operating systems
Copy files to the KACE SMA Client Drop location
Using software threat levels and categories
Finding and labeling applications
About finding applications using Advanced Search
Add manual software labels
Apply manual labels to or remove labels from software
Add software Smart Labels
Managing the ITNinja feed
About the Software Catalog
Managing process, startup program, and service inventory
Application classifications
About cataloged applications
About Locally Cataloged applications
About Not Allowed applications
Application categories
How Software Catalog information is collected
How the Software Catalog is used with the Organization component
How Software Catalog information is localized
How you can help improve the Software Catalog
Differences between the Software page and the Software Catalog page
Viewing Software Catalog information
View lists of Discovered and Not Discovered applications
View the list of Uncataloged applications
View the list of Locally Cataloged applications
View details of Software Catalog applications
Adding applications to the Software Catalog
Submitting cataloging requests automatically adds applications to the local Software Catalog
How Locally Cataloged applications change to Cataloged applications
How custom names are resolved when Locally Cataloged applications are added to the Software Catalog
Submit cataloging requests
Cancel cataloging requests and remove local cataloging
Managing License assets for Software Catalog applications
Add License assets for Software Catalog inventory
Migrate License assets to applications in the Software Catalog
Associate Managed Installations with Cataloged Software
Using software metering
About software metering
About metering information
Enabling and configuring metering for devices and applications
Using Application Control
Choosing the devices and applications to meter
Enabling metering on devices
Enable metering on devices using manual labels
Enable metering on devices using Smart Labels
Enable metering for Software Catalog applications
Configure options for metering Software Catalog applications
Viewing Software Catalog metering information
View metering information on the Software Catalog Detail page
View metering information on the Device Detail page
Disabling metering for Software Catalog applications and managed devices
Managing metering and scheduling inventory collection
Requirements for blacklisting applications
How applications are blacklisted
About blacklisting application editions that share executable files
Applications that cannot be blacklisted
Apply the Application Control label to devices
Mark applications and suites as Not Allowed
View applications and suites that are marked as Not Allowed
Create reports showing applications marked as Not Allowed
Remove the Not Allowed designation from applications
Update or reinstall the Software Catalog
Managing process inventory
Writing custom inventory rules
View and edit process details
Add labels for processes
Apply labels to or remove labels from processes
Categorize processes
Assign threat levels to processes
Delete processes
Managing startup program inventory
View and edit startup program details
Add labels for startup programs
Apply labels to or remove labels from startup programs
Categorize startup programs
Assign threat levels to startup programs
Delete startup programs
Managing service inventory
Distributing software and using Wake-on-LAN
Patching devices and maintaining security
About software distribution
Tracking changes to distribution settings
Types of distribution packages
Distributing packages from the appliance
Distributing packages from alternate download locations and Replication Shares
Distributing applications to Mac OS X devices
Using Managed Installations
Broadcasting alerts to managed devices
Running scripts on managed devices
Adding applications to inventory
About creating Managed Installations
About installation parameters
Identify parameters that are supported by installer files
Create Managed Installations for Windows devices
Examples of common deployments on Windows
Create Managed Installations for ZIP files
Create Managed Installations for RPM files
Create Managed Installations for TAR.GZ files
Create Managed Installations for Mac OS X devices
Create and use File Synchronizations
Using Wake-on-LAN
Exporting Managed Installations
About scripts
Tracking changes to scripting settings
About default scripts
Adding and editing scripts
Managing Mac profiles
Token replacement variables
Add offline KScripts or online KScripts
Edit scripts
Delete scripts from the Scripts page
Delete scripts from the Script Detail page
Structure of importable scripts
Import scripts
Duplicate scripts
Using the Run and Run Now commands
Run scripts from the Run Now page
Run scripts from the Script Detail page
Run scripts from the Scripts page
Monitor Run Now status and view script details
About configuration policy templates
Using Windows configuration policies
About starting Windows Automatic Updates on Windows devices
Add Automatic Update scripts
About Dell Command | Monitor
Add Dell Command | Monitor scripts
Add Desktop Wallpaper scripts
Add Desktop Shortcuts scripts
Add Event Log Reporter scripts
Add MSI Installer scripts
About power management and power consumption
Add power management scripts for Windows devices
Add Registry scripts
Add Remote Desktop Control Troubleshooter scripts
Add UltraVNC scripts
Add Uninstaller scripts
Using Mac OS X configuration policies
Edit policies and scripts
Search the scripting logs
Exporting scripts
Tracking changes to Mac profile settings
Adding, editing, and uploading Mac profiles
Using Task Chains
Add or edit Mac user profiles
Add or edit Mac system profiles
Add Mac profiles using existing profiles as templates
Upload Mac profiles to the KACE SMA
Installing and managing Mac profiles
Distribute Mac profiles on a schedule
Install Mac profiles on devices using the Run option
Identify devices that have Mac profiles installed
View Mac profiles
Export the Mac profiles list
Removing and deleting Mac profiles
About patch management
Using reports and scheduling notifications
Patching workflow
About patch signature files
About patch packages
About patch testing and security
About the patch quality assurance process
Best practices for patching
Subscribing to and downloading patches
About patch subscription and downloads
Websites that must be accessible to the KACE SMA
Overview of first-time patch-subscription workflow
View details about operating systems and applications
Subscribing to patches and configuring download settings
Viewing available patches and download status
Best practices for resolving patch subscription issues
Creating and managing patch schedules
About scheduling critical OS patches for desktops and servers
About scheduling critical patches for laptops
About scheduling non-critical patches
Configuring patch schedules
Managing patch inventory
Configure Detect-only patch schedules
Configure Detect and Deploy patch schedules
Configure Deploy-only patch schedules
Configure Detect and Rollback patch schedules
Configure Rollback-only patch schedules
Error codes caused by patching and scripting
Viewing patch schedules, status, and reports
View patch schedules
View patch status
View patch status by device
View files within patches
View patch reports
Managing patch rollbacks
Prerequisites for managing patch inventory
Viewing patch information
Managing Dell devices and updates
View downloaded patches
View patch details
Resetting the number of patch deploy attempts
Viewing patch statistics and logs
Mark patches as inactive
Patch Mac OS X devices
Reset the number of patch deploy attempts from the patch Catalog
Reset the number of patch deploy attempts from the patch detail page
View patch information for devices in inventory
View devices missing patches
Managing Dell devices with Dell Updates
Differences between patching and Dell Updates
Configuring Dell Updates
Maintaining device and appliance security
Testing device security
About OVAL security checks
Understanding OVAL tests and definitions
Maintaining appliance security
View OVAL tests and definitions
Running OVAL tests
Using labels to restrict OVAL tests
Understanding OVAL updates
Configure OVAL Settings
View the OVAL vulnerability report
Apply labels to affected devices
View the OVAL Report
About SCAP
SCAP supported versions and platforms
How the KACE SMA conducts SCAP scans
Definitions of SCAP standards
About benchmarks
How a SCAP scan works
Access SCAP Scan information
View and manage benchmarks
Import and modify benchmarks
Configure SCAP schedules
Editing SCAP scan schedules
View the resolved XCCDF files
View the OVAL timestamp
View script tasks
View SCAP scan results
Download benchmarks from the archive
About security policy templates
Using Windows security policy templates
Add Internet Explorer scripts
Add XP SP3 Firewall scripts
Add McAfee AntiVirus scripts
Add McAfeeSuperDAT scripts
Add Symantec AntiVirus scripts
Using Mac security policy templates
Resolve Windows security issues that prevent Agent provisioning
About reports and notifications
Creating and modifying reports
Monitoring servers
Creating reports
Scheduling reports and notifications
Create reports using the report wizard
Create reports using SQL queries
Create reports from list pages
Duplicate reports
Edit SQL statements on reports created with the report wizard
Create reports from history lists
Modifying reports
Customizing logos used for reports
Create or modify linked reports
Getting started with server monitoring
Using the Service Desk
Enable monitoring for a device
Working with monitoring profiles
Enable monitoring for one or more servers from the Devices inventory list
Enable monitoring for a server from its Device Detail page
Obtain a new license key to increase server monitoring capacity
Apply a new license key to increase server monitoring capacity
Edit a profile
Configure SNMP trap messages and alerting criteria
Create a new profile using a default profile as a template
Profile log paths for MySQL and Apache
Upload a profile that was created by another user
Download a profile so that it can be used by others
Bind an additional profile to a device
Define nonstandard log date format
Configuring application and threshold monitoring with Log Enablement Packages
Managing monitoring for devices
Install one or more LEPs on monitored devices
Set up a Windows Server 2003 device with an ITNinja monitoring Log Enablement Package (LEP)
Edit the monitoring Log Enablement Package (LEP) for a Windows Server 2008 or higher device
Edit the monitoring Log Enablement Package (LEP) for a Windows Server 2003 device
Pause monitoring for a device
Pause or resume monitoring for multiple devices
Set the polling interval and any automatic dismissal or deletion of alerts
Disable ping probe
Receive alerts when device configurations change
Schedule a Maintenance Window during which time alerts are not collected from a device
Create and assign monitoring-specific roles
Disable monitoring for one or more devices
Enable monitoring for one or more devices
Working with alerts
Add notification schedules from the Monitoring Alerts list page
Create a Service Desk ticket from an alert
Search for alerts using Advanced Search criteria
Filtering alerts using the Include Text and Exclude Text capability
Filter alerts using the Include Text and Exclude Text capability from the Profile Details page
Filter alerts using the Exclude Text capability from the Monitoring Alerts list page
Examples of Include Text and Exclude Text for monitoring profiles
Dismiss an alert
Retrieve and review alerts that have been dismissed from the alerts list
Delete alerts
Configuring Service Desk
Maintenance and troubleshooting
System requirements
About Service Desk
Overview of setup tasks
Configuring Service Desk business hours and holidays
Configuring Service Level Agreements
Configuring Service Desk ticket queues
Using the Service Desk Dashboard
Managing Service Desk tickets, processes, and reports
Configure ticket queues
Configure queue-specific email settings
Rename Service Desk titles and labels
Enable or disable the conflict warning
View and edit response templates
Configuring ticket settings
Customizing the User Console home page
Change the User Console logo and text at the System level
Change the User Console logo and login text at the Admin-level
Show or hide action buttons and widgets on the User Console home page
Show or hide links to Knowledge Base articles on the User Console home page
Add, edit, hide, or delete User Console announcements
Prioritize User Console announcements or mark an announcement as urgent
Add, edit, or delete custom links on the User Console home page
Add ticket links to the User Console home page
Add a quick-action link for reporting problems on the User Console home page
About the session timeout period
Using the Satisfaction Survey
Enable or disable security for Service Desk attachments
Overview of Service Desk ticket lifecycle
Creating tickets from the Administrator Console and User Console
Managing Service Desk ticket queues
Create tickets from the User Console
Create tickets from the Administrator Console Ticket page
Create tickets from the Device Detail page
Create tickets from the Asset Detail page
Create a Service Desk ticket from an alert
Creating and managing tickets by email
About attachments to tickets created through email
Enable email ticket creation
Modifying ticket attributes using email
Clearing a ticket field using email
Changing ticket fields using email
Changing ticket approval fields using email
Viewing tickets and managing comments, work, and attachments
Navigate among tickets, related devices, and assets
Add work information for tickets
Use default views for tickets
Create custom views for tickets
Set a view as the default view for tickets
Add comments to tickets
Add owner-only comments to tickets
View ticket comments
Add or delete screenshots and attachments to Service Desk tickets
View ticket activity history
Send ticket information through email
Run Device Actions from tickets
Merging tickets
Using the ticket escalation process
Understanding ticket states
Understanding the escalation time limit
Understanding escalation
Changing ticket escalation settings
Change the list of escalation email recipients
Change the escalation time limits
Change the default escalation email message
Using Service Desk processes
Add, edit, and enable process templates
Define process types
Create process tickets to manage related tasks
View process information
Cancel or complete process tickets
Delete process templates
Convert process tickets to regular tickets
Convert regular tickets to process tickets
Using Ticket Rules
Using and configuring system Ticket Rules
Understanding and customizing system Ticket Rules
Create custom Ticket Rules
Duplicate a custom Ticket Rule
Delete a custom Ticket Rule
Move a Ticket Rule from one queue to another
Run Service Desk reports
Archiving, restoring, and deleting tickets
Enable ticket archival
Configure queue archive settings
Archive selected tickets
Restore archived tickets
Delete archived tickets
Managing ticket deletion
About Service Desk ticket queues
Adding and deleting queues
Viewing tickets in queues
Setting the default queue
Set the default fields for the All Queues ticket list
Move tickets between queues
About User Downloads and Knowledge Base articles
Managing User Downloads
Customizing Service Desk ticket settings
Add User Downloads
Apply labels to User Downloads
Remove labels from User Downloads
Delete User Downloads
Managing Knowledge Base articles
About customizing Service Desk ticket settings
Create ticket categories and subcategories
Customizing ticket values
Customizing ticket layout
Configuring SMTP email servers
Customize Layout and Related Ticket Fields
Configure Comment Field Options
Define custom ticket fields
Preview ticket layout
Customize the ticket list layout
Using parent-child ticket relationships
Enable parent-child ticket relationships for a queue
Enable parent tickets to close child tickets
Create child tickets for any ticket
Designate tickets as parents and add existing tickets as their children
Use a parent ticket as a to-do list
Use parent tickets to organize duplicate tickets
Using ticket approvers
Maintaining the appliance
Appendixes
Glossary
About us
Legal notices
Tracking changes to settings
About appliance backups
Troubleshooting the KACE SMA
Set the daily backup schedule and the number of backups to retain
Back up the appliance manually
Download backup files from the Administrator Console
Access backup files through FTP
About deleting appliance backup data
Configure offboard backup transfer
Restoring the appliance
Restore the appliance using the most recent backup
Upload backup files to the appliance
Restore the appliance from backups
Restore the appliance to factory settings
Updating appliance software
Check for and apply advertised appliance updates
Upload an update file to the appliance manually
Verify updates
Update the appliance license key
Reboot or shut down the appliance
Update OVAL definitions from KACE
Understanding the daily run output
Using Troubleshooting Tools
Troubleshooting appliance issues
Troubleshooting and debugging the KACE SMA Agent
Testing and troubleshooting email communication
Test outgoing email
Test incoming email
Use Telnet to test incoming email
Access appliance logs to view Microsoft Exchange Server errors
Troubleshooting email errors
About Diagnostic Console Two-Factor Authentication
Configure security settings for the appliance
Configure security settings for the appliance
To enable SSL, you need to have the correct SSL private key file and a signed SSL certificate. If your private key has a password, the appliance cannot restart automatically. If you have this issue, contact Quest Support at https://support.quest.com/contact-support.
|
NOTE: In some cases, the Firefox® browser does not display the Administrator Console login page correctly after you enable access to port 443 and restart the appliance. If that happens, clear the Firefox browser cache and cookies, then try again. |
|
1. |
|
◦ |
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin, then click Settings. |
|
◦ |
If the Organization component is enabled on the appliance, log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings. |
|
2. |
, type the community string, and click |
4. |
In the Two-Factor Authentication section, configure the Two-Factor Authentication (2FA) feature. 2FA provides stronger security for users logging into the appliance by adding an extra step to the login process. It relies on the Google Authenticator app to generate verification codes. The app generates a new six-digit code at regular intervals. When enabled, end users will be prompted for the current verification code each time they log in. |
|
a. |
Specify the following options. They appear listed in the order of precedence, as you enable them from top to bottom. For example you can only enable 2FA for the User Console if you have previously configured 2FA for the Administrator Console. |
|
▪ |
Enable Two-Factor Authentication for the System Portal: Select this check box if you want to use 2FA for the System Administration Console. To enable 2FA for all users, select Required for all Users. |
|
▪ |
Enable Two-Factor Authentication for the Admin Portal: This option only appears if you enabled 2FA for the System Administration Console, or if your appliance has only one organization. Select this check box if you want to use 2FA for the Administrator Console. Next, specify the users that will require 2FA during login by selecting one of the following options: |
|
▪ |
Required for all Users: Appliances with one organization only. To enable 2FA for all users, select this option. |
|
▪ |
Defined by Organization: Appliances with multiple organizations only. Apply the same 2FA configuration to all users in each Organization in the Administrator Console, as applicable. |
|
▪ |
Required for all Users: Appliances with multiple organizations only. Enable 2FA for all users in the Administrator Console. |
|
▪ |
Not required: Appliances with multiple organizations only. Disable 2FA for all users in the Administrator Console. |
|
▪ |
Enable Two-Factor Authentication for the User Portal: This option only appears if you enabled 2FA for the Administrator Console. Select this check box if you want to use 2FA for the User Console. Next, specify the users that will require 2FA during login by selecting one of the following options: |
|
▪ |
Defined by Organization: Apply the same 2FA configuration to all users in each Organization in the User Console, as applicable. |
|
▪ |
Required for all Users: Enable 2FA for all users in the User Console. |
|
▪ |
Not required: Disable 2FA for all users in the User Console. |
|
b. |
Under Transition Window, specify the amount of time during which users who require 2FA will be able to bypass the 2FA configuration step. |
|
5. |
Optional: In the Appliance Encryption Key section, click Generate Key to generate a new encryption key. This key is used to enable Quest Support to access your appliance for troubleshooting using a tether. It is not necessary to generate a new key unless you believe that the current key has been compromised. See Enable a tether to Quest Support. |
|
6. |
|
Prevent the KACE SMA from using single sign on. Single sign on enables users who are logged on to the domain to access the KACE SMA Administrator Console and User Console without having to re-enter their credentials on the KACE SMA login page. | |
|
Use Active Directory for authentication. Active Directory uses the domain to authenticate users on the network. See Using Active Directory for single sign on. |
|
7. |
|
For appliances with the Organization component enabled: Enable Organization File Shares |
| ||
|
Enable NTLMv2 authentication for the KACE SMA files shares. When this is enabled, managed devices connecting to the KACE SMA File Shares require support for NTLMv2 and they authenticate to the KACE SMA using NTLMv2. Although NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the KACE SMA Agent. See Manually deploying the KACE SMA Agent. | |||
|
Force certain KACE SMA functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to off-board network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions. |
|
Enable access to the appliance over port 80. If you disable port 80 access, contact Quest Support to adjust the Agent deployment scripts to handle SSL. | |
|
Enable managed devices to connect to the appliance using SSL (HTTPS). Enable this setting only after you have properly deployed the appliance on your LAN in non-SSL mode. To enable SSL, you need to load an SSL certificate as described in step 9. |
|
◦ |
Click SSL Certificate Form to generate certificate requests or load self-signed certificates. See Generate an SSL certificate. |
|
◦ |
If you have an SSL certificate and private key, click Browse or Choose File in the SSL Private Key File or SSL Certificate File fields to select them. These files must be in Privacy Enhance Mail (PEM) format, similar to those used by Apache-based web servers. |
|
◦ |
Select Enable Intermediate SSL Certificate to enable and upload intermediate SSL certificates, which are signed certificates provided by certificate issuers as proxies for root certificates. Intermediate SSL certificates must be in PEM format. |
|
◦ |
If your certificate is in PKCS-12 format, click Browse or Choose File in the PKCS-12 File field to select it, then enter the password for the file in the Password for PKCS-12 file field. |
|
10. |
In the Secure Attachments in Service Desk section, choose whether to add security for files that are attached to Service Desk tickets: |
|
◦ |
|
◦ |
Clear the check box to enable users to access files by clicking ticket links from outside the Administrator Console or User Console. |
|
11. |
|
NOTE: In some cases, the Firefox browser does not display the Administrator Console login page correctly after you enable access to port 443 and restart the appliance. If that happens, clear the Firefox browser cache and cookies, then try again. |
Configure Active Directory as the single sign on method
Configure Active Directory as the single sign on method
Active Directory single sign on enables users who are logged on to the domain to access the KACE SMA Administrator Console and User Console without having to re-enter their logon credentials each time.
Before you connect the KACE SMA to an Active Directory server, verify that:
|
• |
|
• |
|
1. |
|
◦ |
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin, then click Settings. |
|
◦ |
If the Organization component is enabled on the appliance, log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings. |
|
2. |
In the Single Sign On section of the Security Settings page, select Active Directory, then provide the following information: |
|
The host name of the domain of your Active Directory® server, such as example.com. | |
|
The user name of the administrator account on the Active Directory server. For example, username@example.com. | |
|
The password of the administrator account on the Active Directory server. | |
|
3. |
A message appears stating the results of the test. To view errors, if any, click Logs, then in the Log drop-down list, select Server Errors.
|
4. |
|
5. |
When users are logged in to devices that are joined to the Active Directory domain, they can access the KACE SMA User Console without having to re-enter their credentials. If users are on devices that are not joined to the Active Directory domain, the login window appears and they can log in using a local KACE SMA user account. See Add or edit System-level user accounts.
Generate an SSL certificate
Generate an SSL certificate
You can generate a self-signed SSL certificate, or generate a certificate signing request for third-party certificates, using the Administrator Console.
|
1. |
|
◦ |
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin, then click Settings. |
|
◦ |
If the Organization component is enabled on the appliance, log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or select System in the drop-down list in the top-right corner of the page, then click Settings. |
|
2. |
|
3. |
|
4. |
|
NOTE: If a certificate signing request has previously been generated, it appears on the page. To generate a new request, you need to update the information in the Configure section, then click Save before you click Generate Self-Signed Certificate. |
|
5. |
|
The common name of the appliance you are creating the SSL certificate for. | |
|
6. |
If this is the first time the SSL Certificate Form has been saved, the Certificate Signing Request section appears. If the form has previously been saved, the Certificate Signing Request section is updated.
|
1. |
Copy all of the text in the Certificate Signing Request section, including the lines "-----BEGIN CERTIFICATE REQUEST-----" and "-----END CERTIFICATE REQUEST-----" and everything in between, then send it to the certificate issuer or the person who provides your company with web server certificates. |
|
2. |
When you receive a certificate from the third party, return to the Security Settings page and upload the certificate. See Configure security settings for the appliance. |
|
1. |
Click Generate Self-Signed Certificate to generate and display the certificate below the Certificate Signing Request section. |
|
2. |
|
3. |
Self-signed certificates are converted to PEM files, named kbox.pem, and the files are placed in KACE SMA Agent data folders.
|
NOTE: Your private key appears in the Private Key field. It is deployed to the appliance when you deploy a valid certificate. Do not send the private key to anyone. It is displayed here in case you want to deploy this certificate to another web server.
|