Chat now with support
Chat with Support

KACE Systems Management Appliance 9.1 Common Documents - Administrator Guide

About the KACE Systems Management Appliance (SMA) Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Provisioning the KACE SMA Agent Manually deploying the KACE SMA Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Dell devices and updates Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the KACE SMA
Appendixes Glossary About us Legal notices

Add Symantec AntiVirus scripts

Using Windows security policy templates

You can use security policy templates to create scripts that configure security settings on Windows devices.

NOTE: If you edit a template-based policy, keep Run As set to local system. Using local system ensures that the script has full access to the Windows system, including the registry. Running the script as a different user might not provide adequate access to the Windows system.
Add Internet Explorer scripts

Use this template to create a script that controls Internet Explorer preferences. You can control specific preferences while keeping others as user-defined.

Policy settings overwrite the corresponding user’s Internet Explorer preferences. Because this script modifies user settings, schedule it to run when users are logged in.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
Click Internet Explorer to display the Windows Internet Explorer page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

User Home Page

Enforce User home page policy: Force the user’s home page to the specified page. Select the check box, then specify the URL to use as the home page.

Security

Enforce Internet Zone settings policy: Specify the security level for each zone. Select the check box, then choose the security level from the Security level drop-down list.
Enforce Local Internet Zone settings policy: Specify the security level for intranet zones. Select the check box, then choose the security level from the Security level drop-down list and choose the sites to include.
Enforce Trusted Zone settings policy: Specify the security level of trusted zones. Select the check box, then choose the security level from the Security level drop-down list.
Enforce Zone Map: Select the check box, then specify the IP addresses or ranges.

Privacy

Control the cookies and pop-ups that are accepted by Internet Explorer from the Internet Zone. Select from these options:

Enforce Privacy settings policy: Select the check box, then set the Cookie policy.
Enforce Pop-up settings policy: Select the check box, then set the Pop-up filter level.
4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Add XP SP3 Firewall scripts

Use this template to create scripts that enforce firewall settings on Windows XP Service Pack 3 devices.

If target devices authenticate with a domain controller, they use the Domain Policy. Otherwise, they use the Standard Policy, and tighter restrictions might be advised.

Script settings override existing settings on devices. Further, if a script disables the firewall on a device, the device user cannot enable the firewall. If the firewall is set to no policy, the user's configuration for the firewall is used.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
Click XP SP3 Firewall to display the Windows XP SP3 Firewall page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Domain Policy

The policy used when the device has authenticated with a domain controller. If you do not have a domain controller, use the Standard Policy configuration.

Standard Policy

The policy used when the device has not authenticated with a domain controller, for example, when a device user is at home or using a Wi-Fi® hotspot. This configuration is more restrictive than the Domain Policy.

4.
If you select the Enabled option for the firewall, specify the following options:

Option

Description

Enable logging

Enable the firewall to log information about the unsolicited incoming messages that it receives. The firewall also records information about messages that it blocks and successful inbound and outbound messages. Specify a location and name for the log file. The default is: C:\Program Files\KACE\firewall.log

Allow WMI traffic

Enable inbound TCP traffic on ports 135 and 445 to traverse the firewall. These ports are necessary for using remote administration tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI).

Allow Remote Desktop

Enable inbound TCP traffic on port 3389 to traverse the firewall. This port is required for the device to receive Remote Desktop requests.

Allow File and printer sharing

Enable inbound TCP traffic on ports 139 and 445, and inbound UDP traffic on ports 137 and 138. These ports are required for the device to act as a file or printer sharing server.

Allow Universal Plug-and-Play (UPnP)

Enable inbound TCP traffic on port 2869 and inbound UDP traffic on port 1900. These ports are required for the device to receive messages from plug-and-play network devices, such as routers with built-in firewalls.

5.
To specify Inbound Port Exceptions, click Add Port Exception.

Inbound port exceptions enable additional ports to be opened in the firewall. These ports might be required for the device to run other network services. An Inbound Port Exception is automatically added for port 52230 for the KACE Agent Listener, which is required to use the Run Now command.

6.
Specify a Name, Port, Protocol, and Source for the exception and click Save Changes.
7.
Click Save at the bottom of the page to display the Script Detail page.
9.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
10.
Click Save.
Add McAfee AntiVirus scripts

Use this template to create scripts that install the selected McAfee VirusScan® features on devices.

Upload the McAfee Antivirus installation files to the appliance as a ZIP archive. When you upload the ZIP archive, the McAfee application is added to the appliance software inventory if it does not already exist.

This script verifies that the software is installed with the configuration you specify. The script also confirms that the On Access Scanner (McShield) is running.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
Click McAfee AntiVirus to display the McAfee Antivirus for Windows page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

McAfee 8.0 Setup Zip

The ZIP archive that contains the installation files to use for the script. click Browse or Choose File to select the ZIP archive. Click Software Inventory to go to the Software Detail page to select the ZIP archive.

User Interaction

How the installation appears to users. For a description of the available options, see the McAfee documentation.

McAfee Features

The features to be installed. Use Ctrl-click or Command-click to select multiple features. To install the Alert Manager, use the McAfee tools to include the Alert Manager installation files in the deployment package. See the McAfee documentation for information about available features.

Enable On-Access Scanner

Select this check box to start McAfee's automatic file scanner after the installation is complete. The On-Access scanner scans files whenever they are accessed, for example, when opening a file or running a program.

Preserve earlier version settings

Select this check box to preserve the present configuration settings for the On-Access Scanner before the update occurs.

Lockdown VirusScan Shortcuts

Select this check box to not display any VirusScan shortcuts in the Windows Start menu.

Remove other antivirus software

Select this check box to remove competing anti-virus software that could conflict with McAfee.

Installation Directory

The directory on the target device where the application is to be installed.

Source Paths

Provide the path to the source McAfee ZIP file uploaded to the appliance.

Logging

The information to record in the installation log. Use Ctrl-click or Command-click to select multiple items.

Log File Name

The name of the log file.

Additional Arguments

Any additional arguments.

Reboot

Whether to restart the target device after installation.

After Installation

The action to be performed after installation.

Options include Run AutoUpdate or Run AutoUpdate silently. You can also select to Scan all local drives or Scan all local drives silently.

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Add McAfeeSuperDAT scripts

Use this template to create scripts that apply McAfee SuperDAT or XDAT updates to managed devices.

Obtain the McAfee SDAT or XDAT file to use with this script.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
Click McAfee SuperDAT to display the McAfee SuperDAT for Windows page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

SDAT or XDAT file

The installation files to use for the script. click Browse or Choose File to select the ZIP archive. Click Software Inventory to go to the Software Detail page to select the ZIP archive.

Install Silently

The file is installed without displaying installation feedback or progress on the device.

Prompt For Reboot

If the installation requires the device to be rebooted, prompt the user before rebooting.

Reboot If Needed

The device is rebooted as needed. Without this option, a silent installation does not reboot the device.

Force Update

All file versions are updated, even if the device already appears to have the latest versions.

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Add Symantec AntiVirus scripts

Use this template to create scripts that install and configure the Symantec AntiVirus application. The script is intended to run periodically to ensure that Symantec AntiVirus is configured and running properly.

Upload the Symantec AntiVirus.msi file to be distributed. When you upload the file, the application is added to the appliance inventory if it does not already exist.

2.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
3.
Click Symantec AntiVirus to display the Symantec AntiVirus for Windows page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Action

The task to be performed. Tasks include Install, Uninstall, Repair missing files, and Reinstall all files.

Software

The application to use for the script. To search for an application, begin typing in the field.

MSI Filename

The MSI filename (required if the file is a ZIP archive).

User Interaction

How the installation appears to users. Options include: Default, Silent, Basic UI, Reduced UI, and Full UI.

Install Directory

The directory on the target device where the application is to be installed.

Additional Switches

Any additional installer switches. Additional switches are inserted between the msiexe.exe and the /i foo.msi arguments.

Additional Properties

Any additional properties. These are inserted at the end of the command line. For example:

msiexec.exe /s1 /switch2 /i patch123.msi TARGETDIR=C:\patcher PROP=A PROP2=B

After Install

What to do with the installation files when installation is complete.

Restart Options

Whether to restart the target device after installation.

Logging

The information to record in the installation log. Use Ctrl-click or Command-click to select multiple items.

Log File Name

The name of the log file.

Network Management

The network type.

Server Name

If you select Managed from the Network Management drop-down list, specify the server name.

Enable AutoProtect

The AutoProtect option.

Disable SymProtect

The Disable SymProtect option.

Run Live Update

The Live Update behavior.

Features to Install

The features you want to install from the Features to Install list. Use Ctrl-click or Command-click to select multiple features. See the Symantec documentation for specific information about the options available here. You must include the SAVMain feature for this script to work properly (although this template does not enforce this requirement).

5.
Click Save to display the Script Detail page.
7.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
8.
Click Save.

Using Mac security policy templates

Using Mac security policy templates

You can use security policy templates to create scripts that configure security settings on Mac devices.

The following sections explain how to use the policies available to Mac OS X devices.

NOTE: If you edit a template-based policy, keep the Run As setting as local system.
Add Application Layer Firewall scripts

Use this template to create scripts that configure the Application Layer Firewall (ALF) on Mac devices.

In Mac OS X, ALF is located in Mac System Preferences.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Application Layer Firewall to display the Mac Application Layer Firewall page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Application Layer Firewall Mode

The level of security to use for the firewall.

Enable Firewall Logging

Enable the firewall to log information about the unsolicited requests, blocked requests, and successful requests.

Enable Stealth Mode

Enable the firewall to drop packages that are denied without sending error messages to requesters.

Trusted Applications

The full path to the application binaries, for example:

/Applications/Safari.app/Contents/MacOS/

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Add Parental Controls scripts

Use this template to create scripts that configure the parental control options available on Mac OS X.

Some of the options are set using Managed Client for Mac OS X (MCX) on a local device. This method of setting options takes the place of network-based policy settings on an Open Directory server. Mixing network-based policy settings with local node settings might lead to unpredictable results.

Most of these settings require a reboot or logout and login to take effect.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Parental Controls to display the Mac Parental Controls page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Hide Profanity in Dictionary

Prevent words identified as profanity from being displayed in the dictionary on target devices.

Prohibit actions

Prevent actions from being performed on target devices.

Website Restrictions

Select the access restrictions for websites.

URLs of approved websites

If you select Allow access only to these websites, provide the URLs of the websites you want to approve. Users on target devices can only access approved websites.

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Add Security scripts

Use this template to create scripts that configure security options on Mac OS X devices.

Security options are available in Mac System Preferences.

Some of the options are set using Managed Client for Mac OS X (MCX) on a local device. This method of setting options takes the place of network-based policy settings on an Open Directory server. Mixing network-based policy settings with local node settings might lead to unpredictable results.

Most of these settings require a reboot or log out and log in to take effect.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Security Policies to display the Mac Security Policy page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Actions to enforce

The actions to perform on target devices.

Timeout

The period, in minutes, after which actions are performed.

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.

Add Application Layer Firewall scripts

Using Mac security policy templates

You can use security policy templates to create scripts that configure security settings on Mac devices.

The following sections explain how to use the policies available to Mac OS X devices.

NOTE: If you edit a template-based policy, keep the Run As setting as local system.
Add Application Layer Firewall scripts

Use this template to create scripts that configure the Application Layer Firewall (ALF) on Mac devices.

In Mac OS X, ALF is located in Mac System Preferences.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Application Layer Firewall to display the Mac Application Layer Firewall page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Application Layer Firewall Mode

The level of security to use for the firewall.

Enable Firewall Logging

Enable the firewall to log information about the unsolicited requests, blocked requests, and successful requests.

Enable Stealth Mode

Enable the firewall to drop packages that are denied without sending error messages to requesters.

Trusted Applications

The full path to the application binaries, for example:

/Applications/Safari.app/Contents/MacOS/

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Add Parental Controls scripts

Use this template to create scripts that configure the parental control options available on Mac OS X.

Some of the options are set using Managed Client for Mac OS X (MCX) on a local device. This method of setting options takes the place of network-based policy settings on an Open Directory server. Mixing network-based policy settings with local node settings might lead to unpredictable results.

Most of these settings require a reboot or logout and login to take effect.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Parental Controls to display the Mac Parental Controls page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Hide Profanity in Dictionary

Prevent words identified as profanity from being displayed in the dictionary on target devices.

Prohibit actions

Prevent actions from being performed on target devices.

Website Restrictions

Select the access restrictions for websites.

URLs of approved websites

If you select Allow access only to these websites, provide the URLs of the websites you want to approve. Users on target devices can only access approved websites.

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Add Security scripts

Use this template to create scripts that configure security options on Mac OS X devices.

Security options are available in Mac System Preferences.

Some of the options are set using Managed Client for Mac OS X (MCX) on a local device. This method of setting options takes the place of network-based policy settings on an Open Directory server. Mixing network-based policy settings with local node settings might lead to unpredictable results.

Most of these settings require a reboot or log out and log in to take effect.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Security Policies to display the Mac Security Policy page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Actions to enforce

The actions to perform on target devices.

Timeout

The period, in minutes, after which actions are performed.

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.

Add Parental Controls scripts

Using Mac security policy templates

You can use security policy templates to create scripts that configure security settings on Mac devices.

The following sections explain how to use the policies available to Mac OS X devices.

NOTE: If you edit a template-based policy, keep the Run As setting as local system.
Add Application Layer Firewall scripts

Use this template to create scripts that configure the Application Layer Firewall (ALF) on Mac devices.

In Mac OS X, ALF is located in Mac System Preferences.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Application Layer Firewall to display the Mac Application Layer Firewall page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Application Layer Firewall Mode

The level of security to use for the firewall.

Enable Firewall Logging

Enable the firewall to log information about the unsolicited requests, blocked requests, and successful requests.

Enable Stealth Mode

Enable the firewall to drop packages that are denied without sending error messages to requesters.

Trusted Applications

The full path to the application binaries, for example:

/Applications/Safari.app/Contents/MacOS/

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Add Parental Controls scripts

Use this template to create scripts that configure the parental control options available on Mac OS X.

Some of the options are set using Managed Client for Mac OS X (MCX) on a local device. This method of setting options takes the place of network-based policy settings on an Open Directory server. Mixing network-based policy settings with local node settings might lead to unpredictable results.

Most of these settings require a reboot or logout and login to take effect.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Parental Controls to display the Mac Parental Controls page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Hide Profanity in Dictionary

Prevent words identified as profanity from being displayed in the dictionary on target devices.

Prohibit actions

Prevent actions from being performed on target devices.

Website Restrictions

Select the access restrictions for websites.

URLs of approved websites

If you select Allow access only to these websites, provide the URLs of the websites you want to approve. Users on target devices can only access approved websites.

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Add Security scripts

Use this template to create scripts that configure security options on Mac OS X devices.

Security options are available in Mac System Preferences.

Some of the options are set using Managed Client for Mac OS X (MCX) on a local device. This method of setting options takes the place of network-based policy settings on an Open Directory server. Mixing network-based policy settings with local node settings might lead to unpredictable results.

Most of these settings require a reboot or log out and log in to take effect.

1.
Go to the Security Policies list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Scripting, then click Security Policies.
2.
In the Mac section, click Security Policies to display the Mac Security Policy page.

Option

Description

Name

A name that identifies the script. This name appears on the Scripts page.

Actions to enforce

The actions to perform on target devices.

Timeout

The period, in minutes, after which actions are performed.

4.
Click Save to display the Script Detail page.
6.
To edit the raw XML used in the script, click Edit XML below the Schedule section.
7.
Click Save.
Related Documents