立即与支持人员聊天
与支持团队交流

KACE Desktop Authority 11.2.1 - Administrator Guide

Administrator's Guide
Product Improvement Program Installation Help Concepts User Interface Validation Logic Configuration Computer Management User Management Reference File Paths
Setup Tool

Web Browser

The Web Browser object provides the ability to configure Internet Explorer and Firefox settings as well as the operating system's Internet settings.

Common

General
Browsers
Apply element settings to these browsers

Select the appropriate web browsers to allow Desktop Authority to make changes to on the client.

Set default browser to

Desktop Authority can set the clients default web browser setting. Select the specific web browser from the drop list or select Leave alone to not change the default browser setting on the client.

Note: This setting is supported in the OS versions up to Windows 7/2008.

Home page

The home page section handles whether Desktop Authority should be allowed to set the browser's home page setting on the client. There are three options to choose from.

Selecting Leave alone will tell Desktop Authority to ignore the home page setting. The home page setting on the client will not be touched. Select Set home pages to have Desktop Authority set the home page(s) to the specified URL. This option will not lock the user's ability to change this setting on the client. Select Set home pages and prevent users from changing to have Desktop Authority to set the home page(s) to the specified URL and lock the setting so the user cannot change it.

Enter the URL for the home page in the box below. You can set multiple home page tabs by specifying a home page link for each tab on its own line.

Downloads

The downloads section is where you will specify a file save location for files downloaded in the web browser on the client.

If the file location is not set, the browser's file download location will not be touched. Therefore, whatever option is set in the web browser's settings will be used.

Tabs

The Tabs section contains options that are related to using the browser with multiple tabs.

Show previews for individual tabs in the taskbar

Starting in Windows 7, you can quickly preview open windows that are in the taskbar. With the web browser that has multiple tabs open, you will also be able to preview the individual tabs when you hover the mouse over the browser icon in the taskbar. All tabs open in the browser will be displayed with a small preview above the taskbar.

Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the option to show previews of open tabs when the mouse hovers over the browser icon in the taskbar. Clear the check box to disable the option to show browser tab previews. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Warn me when closing multiple tabs

This option will save a user from accidentally closing the browser window if they only meant to close a single tab. Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the option to show a warning when closing a browser window with multiple tabs open. Clear the check box to disable the warning and just close the browser regardless of how many tabs are open. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Always switch to new tabs when they are created

The web browser has an option to control the active tab when a link is clicked that causes a page to be loaded in a new tab. Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the option and bring the new tab to the foreground. Clear the check box to disable the option and allow the new tab to stay in the background. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Enable quick tabs

Quick tabs is an Internet Explorer feature that allows you to see thumbnails of all open tabs in a single tab. Clicking on the thumbnail will activate the associated tab. In Firefox this feature is called All Tabs Preview, and is not enabled by default.

Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the option to show tab previews. Clear the check box to disable the option. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Always open links from other programs in a new tab in the current window

This option controls whether a new tab is created when a link is clicked or if the link is opened within the same tab. Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the option to open links in a new tab. Clear the check box to disable the option. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Miscellaneous
Remove "First Launch" setup screen (Internet Explorer only)

Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the First Run wizard. Clear the check box to disable the First Run wizard. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Privacy tab
Pop-ups

The Pop-ups section is used to configure the browsers pop-up blocker as well as create a pop-up blocker exception list. Select one of four options from the drop list to configure the browsers pop-up blocker.

Select Leave alone to ignore this setting on the client's web browser. The option that is currently set on the client's web browser for the pop-up blocker will not be touched. Select Turn on pop-up blocker to enable the pop-up blocker and do not allow pop-up windows to open. Select Turn off pop-up blocker to disable the pop-up blocker and allow the browser to open all pop-ups. Select the Turn on pop-up blocker and don't allow user to change it option to enable the pop-up blocker option in the client browser and lock it so the option cannot be changed.

Selecting the option, Turn on the pop-up blocker, will enable the pop-up blocker exception list. The pop-up blocker allows for certain URLs to ignore the pop-up blocker.

Show Information Bar when pop-up is blocked

When a pop-up is blocked, the browser can inform you by displaying an Information Bar letting you know the pop-up window was blocked. This option controls whether the information bar is displayed or not. Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the option and display an Information Bar when a pop-up is blocked. Clear the check box to disable the option of displaying an Information Bar. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Update the exception list by clicking the Add or Remove button. Click the Import button to import a list of URLs to the exception list.

When importing, the import file must be a tab delimited text file containing a Site Address and Action.

Example:

site1

add

site2

remove

Provides the following result when imported:

Figure 53: Results of imported exception list

Delete any exceptions from client that are not defined here

If selected, this option will delete all pop-up blocker exceptions that are defined on the client. If this option is not selected, the exceptions created on the client will be left alone.

History
Remember browsing history for at least xx days

Browsing history keeps track of the pages that have been visited in the web browser in the last xx days. Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to remember the web browser's browsing history for the specified number of days. Clear the check box to disable the browsing history option on the client. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Remember download history (Firefox only)

The download history window keeps track of files that are downloaded to the client, including files that are opened in the browser. When enabled, this option will tell the browser to keep track and remember the download history. Disabling this option will alert the browser to not bother keeping a history of downloaded files. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Clear history on Exit

When closing the web browser on the client, the history can be saved or not, depending on how the option is set in the browser. Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to clear the browser's history when it is closed. When selecting this option, you will be given a choice as to what history and files should be cleared. You can choose from Browsing history, Form history, Cookies, Cache, Saved passwords, Download history (Firefox only), Offline website data (Firefox only), Active logins (Firefox only), Site preferences (Firefox only), InPrivate filtering data (Internet Explorer only). All of these options also consist of a three state checkbox which allow you to clear the history, not clear the history or leave it alone, on the client.

Clear the check box to disable the browser's history on the client. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Auto complete

Another form of history that can be preserved on the web browser is AutoComplete history. This is where the browser will help you fill in or suggest to you what you may be typing if it is similar to something typed previously. In Firefox, this feature is called the Location bar.

There are options for the Form history, Browsing history, Favorites/bookmarks and Feeds (IE only). For each of these, select the check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) .

Cookies

A cookie contains information from a visited website and is stored on your computer. Most often they are used to remember certain settings for the site and are used for your return visit. Desktop Authority can configure the cookie settings for the web browser on the client.

A first-party cookie is a cookie that is issued by the web site that you are visiting.

A third-party cookie is issued by a site other than the one you are currently visiting.

Session cookies allow users to be recognized within a single website. Any page changes or item or data selection you do is remembered from page to page.

Select Leave alone to ignore the cookie settings on the client. Select Don't accept cookies to not allow cookies to be stored on the client at all. The other cookie options are Accept session cookies only, Accept session and first party cookies, and Accept session, first party and third party cookies.

There are always exceptions to the rule. You can create an exception list. This exception list will allow specific sites to handle cookies differently than the regular configuration. Click Add to add a site as an exception. Click Remove to remove a site from the list. Click the Import button to import a list of URLs to the exception list.

When importing, the import file must be a tab delimited text file containing an Site Address, Type and Action.

Example:

site1 block

add

site2 allow

remove

Provides the following result when imported:

Figure 54: Results of imported exception list

Delete any exceptions from client that are not defined here

If selected, this option will delete all cookie exceptions that are defined on the client. If this option is not selected, the exceptions created on the client will be left alone.

Security tab
Passwords
Allow browser to remember passwords

Both Internet Explorer and Firefox have the built-in ability to store passwords for future uses. In Firefox this is part of the Security options. In Internet Explorer it is part of the AutoComplete settings on the Content tab.

Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the browser to remember passwords. Clear the check box to disable the browser option to remember passwords. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Internet Explorer only

Phishing is a method that tricks you into divulging personal information by use of fake websites, email messages. Internet Explorer uses a Phishing filter and SmartScreen method to help combat these methods of gaining access to personal and/or sensitive information. They can also help by preventing the installation of malicious software or malware.

The Phishing filter/SmartScreen options can be configured by setting the Phishing filter/SmartScreen option. Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the Phishing filter and SmartScreen. Clear the check box to disable the Phishing filter and SmartScreen. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Firefox Only
Block reported attack sites

This Firefox option will check whether the site you are visiting may be an attempt to interfere with normal computer functions or send personal data about you to unauthorized parties.

Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the use of this option on the client. Clear the check box to disable this setting on the client. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Block reported web forgeries

This Firefox option will actively check whether the site you are visiting may be an attempt to mislead you into providing personal information (phishing).

Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the use of this option on the client. Clear the check box to disable this setting on the client. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Password exceptions

A password exception list can be created. This exception list will allow specific sites to handle remembering passwords differently than the regular configuration. Click Add to add a site as an exception. Click Remove to remove a site from the list. Click the Import button to import a list of exceptions to the list.

When importing, the import file must be a tab delimited text file containing a Site Address and Action.

Example:

site1

add

site2

remove

Provides the following result when imported:

Figure 55: Results of imported exception list

Delete any exceptions from the client that are not defined here

If selected, this option will delete all password exceptions that are defined on the client. If this option is not selected, the exceptions created on the client will be left alone.

Add-ons
Warn me when sites try to install add-ons

Firefox will warn you when a website tries to install an add-on and blocks the installation prompt.

Set this check box to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable this option on the client. Clear the check box to disable this setting on the client. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

To allow installations from a specific site, add an Exception to the exception list. The exception list will allow the installation of add-ons from specific sites differently than the regular configuration. Click Add to add a site as an exception. Click Remove to remove a site from the list. Click the Import button to import a list of exceptions to the list.

When importing, the import file must be a tab delimited text file containing a Site Address and Action.

Example:

site1

add

site2

remove

Provides the following result when imported:

Figure 56: Results of imported exception list

Delete any exceptions from the client that are not defined here

If selected, this option will delete all Add-on exceptions that are defined on the client. If this option is not selected, the exceptions created on the client will be left alone.

Prevent users from changing any settings on these pages

Each of these pages can be configured for the selected web browser(s) to be locked and unavailable to the user or unlocked and available for changes by the user. Access to the Internet Options pages include the General settings, Security settings, Content settings, Connection settings, Programs/Applications settings and the Advanced settings are controlled by this setting.

The check boxes can be set to one of three (3) different states: on (locked/unavailable for changes) , off (unlocked and available to the user) , or grayed (preserve the current client setting) . Select this check box to enable the option on the client. Clear the check box to disable the setting on the client. Gray the check box to disable Desktop Authority’s control of this option. In this case the option that is currently set on the client's web browser will not be touched when this is grayed.

Note: In Firefox, there is a special circumstance that occurs with the Advanced and Connection settings dialog. This differs from Internet Explorer because the Connection settings dialog is tied to the Advanced settings tab.

If either the Connection page OR the Advanced page is set to be locked () within a Desktop Authority profile element, the Connection settings page will always be set to a locked state making it unavailable to the user.

If the Connection page and the Advanced page are set to locked () on one of them and Leave alone () on the other, then the Connection settings dialog will be left in its current state and not configured by Desktop Authority.

Windows Internet settings

Proxy options

Note: Proxy Settings for Firefox are configured in the Windows system settings which can be verified in the Control Panel > Internet Options applet.

Automatic Configuration
Automatically detect settings

This setting will automatically detect the proxy settings for your network.

Set this option to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the option on the client. Clear the check box to disable the setting on the client. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Use automatic configuration script

Automatic configuration of the proxy uses a proxy auto-config (PAC) file to define how the web browsers are to automatically choose the proper proxy server.

Set this option to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the option on the client. Clear the check box to disable the setting on the client. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Automatic proxy configuration URL
Configuration URL

Type an address (URL) or file name that will be used for the automatic configuration script.

Manual configuration

Manually configuring the proxy server for your LAN connection requires you to specify the specific host and port for each web protocol.

Use a proxy server for your LAN connection (does not apply to dial-up or VPN connection)

Set this option to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to enable the option on the client. Clear the check box to disable the setting on the client. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Manual proxy configuration

If Use a proxy server for your LAN connection is selected, you must enter the specific proxy information (host or ip, and port) for each protocol. Proxies can be set for HTTP, SSL, FTP, Gopher and SOCKS protocols. Once the HTTP Proxy is entered, you may elect to use these settings for all protocols.

Exceptions

Specify, if any, one or more sites or IP addresses to ignore proxy settings for. Separate each exception with a semicolon (;).

Note: When adding a site to the exceptions list, it is preferred that an asterisk precede the site name. This is required for IE browsers, however FireFox will work without specifying the asterisk. The exception dialog box also allows a wildcard character (*) to be used in the place of zero or more characters in an ip address. For example, you can use "123.1*.66.*" to bypass addresses such as "123.144.66.12," "123.133.66.15," and "123.187.66.13."

Bypass proxy server for local addresses

Set this option to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Select this check box to set the option, to ignore the proxy server for local addresses, on the client. Clear the check box to set the option to use the proxy server for all Internet addresses on the client. Gray the check box to disable Desktop Authority’s control of this option. The option that is currently set on the client's web browser will not be touched when this is grayed.

Prevent user from making changes to proxy setting

To lock the proxy settings so the user is not able to change the settings on the client, select this box. Clear this box to leave the proxy configuration open and available for change by the client.

Restricted sites

Restricted sites are web sites that you do not trust. Sites that are restricted are not able to be visited. Click Add to add a site to the restricted site list. Click Remove to remove the selected site. Click the Import button to import a list of restricted sites.

When importing, the import file must be a tab delimited text file containing a Site Address and Action.

Example:

site1

add

site2

remove

Provides the following result when imported:

Figure 57: Results of imported restricted sites

Remove any websites from the client that are not defined here

If selected, this option will delete all restricted sites that are defined on the client. If this option is not selected, the restricted sites on the client will be left alone.

Trusted sites

Trusted sites are web sites that you unconditionally trust. This can be in the form of a URL or IP address. Click Add to add a site to the trusted site list. Click Remove to remove the selected site. Click the Import button to import a list of trusted sites.\

Note: When entering a URL the HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains key is updated. If an IP address is entered the Ranges key, HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges is updated. Please refer to the Microsoft article: Internet Explorer security zones registry entries for advanced users (Article ID: 182569) for more details on the ZoneMap keys.

When importing, the import file must be a tab delimited text file containing Site Address and Action.

Example:

site1

add

site2

remove

Provides the following result when imported:

Figure 58: Results of imported trusted sites

Remove any websites from the client that are not defined here

If selected, this option will delete all trusted sites that are defined on the client. If this option is not selected, the restricted sites on the client will be left alone.

Require server verification (https:) for all sites in this zone

Select this option to allow only https: sites to be added to this zone. Unchecked, you will be able to add any site to this zone.

Local intranet sites

The Local Intranet zone contains all network connections that were established by using a Universal Naming Convention (UNC) path, and Web sites that bypass the proxy server or have names that do not include periods (for example, http://local), as long as they are not assigned to either the Restricted Sites or Trusted Sites zone.

Automatically detect intranet network

Select this box to allow Windows to automatically determine which sites are port of the Intranet. Unselect this box to detect which sites are deemed to be part of the Local intranet security zone.

Include all local (intranet) sites not listed in other zones

With the local intranet not being automatically detected, select this box to include all local sites in the intranet security zone, as long as they do not belong to any other zone.

Include all sites that bypass the proxy server

With the local intranet not being automatically detected, select this box to include all sites that bypass the organization's proxy server in the intranet security zone.

Include all network paths (UNCs)

With the local intranet not being automatically detected, select this box to include network paths in the intranet security zone.

Click Add to add a site to the trusted site list. Click Remove to remove the selected site. Click the Import button to import a list of trusted sites.

When importing, the import file must be a tab delimited text file a Site Address and Action.

Example:

site1

add

site2

remove

Provides the following result when imported:

Figure 59: Results of imported local intranet sites

Remove any websites from the client that are not defined here

If selected, this option will delete all local intranet sites that are defined on the client. If this option is not selected, the restricted sites on the client will be left alone.

Require server verification (https:) for all sites in this zone

Select this option to allow only https: sites to be added to this zone. Unchecked, you will be able to add any site to this zone.

Custom Settings

The Web Browser object allows for the configuration of custom Firefox settings. If you wish to configure something in the Firefox browser that is not offered on the Web Browser object, it can be configured in the Global or Profile Definitions. See AddCustomFirefoxPref for custom setting details.

Validation Logic

Select the Validation Logic tab to set the validation rules for this element.

Notes

Select the Notes tab to create any additional notes needed to document the profile element.

Description

When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.

Windows Firewall

The Windows Firewall object allows Microsoft's Windows Firewall to be enabled or disabled on any validated computer having the Windows XP x86 SP3 or Windows XP x64 SP2 operating system installed. The ability to specify certain port and program exceptions is also specified on this object's setting tab. Windows Firewall is only applicable on Windows XP x86 SP3 and Windows XP x64 SP2 or greater.

Settings

Select an action (Enable/Disable) to configure the Windows Firewall component on client computers.

Display a notification when Windows Firewall blocks a program

This check box can be set to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) .

Select this check box to display a visual notification to the user when the Firewall blocks a program from accepting an incoming request. The notification dialog box will allow the user to determine if the Windows Firewall should allow the program to keep blocking the program or to allow incoming requests to the program. Clear this check box for no visual notification or occur. Gray the box to leave the client’s setting untouched.

Enable file and print sharing

This check box can be set to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) .

Select this check box to enable File and Print sharing on each validated client. Clear this box to disable File and Print sharing on each validated client. Gray the box to leave the client’s setting untouched.

Don't allow exceptions (inbound firewall only)

This check box can be set to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) .

Select this box to disallow all excepted traffic specified in the exceptions list. Clear this box to allow traffic. Gray the box to leave the client’s setting untouched.

Exceptions

The Exceptions list is a holding place for all Firewall port and program exceptions. Click Add to add an exception to the Exception list. Click Edit to edit an existing exception on the list. Click Delete to remove a configured port or program from the Exception list.

Action

Select Open or Close from the Action list. This will configure the specified port to be opened or closed for incoming traffic.

Type

Select TCP, UDP or Program from the Protocol list to specify the type of port or program to be configured.

Exception

When the Type is set to TCP or UDP, type the port number to be opened or closed into the Exception entry box. When the Type is set to Program, specify the path to the executable program into the Exception entry box.

Description

Type a meaningful description or reason for the exception in the Description box.

Scope

Select Any Computer, My Network (subnet) only or Custom List from the Scope list. Any Computer specifies that incoming traffic on the port is allowed regardless of where it is coming from. My Network (subnet) only specifies that incoming traffic on the specified port is allowed only if the request is coming from the local network. Custom List specifies that incoming traffic from any computer specified in the custom list is allowed. Delineate the custom list of IP addresses by commas.

Advanced

The Windows Firewall Advanced tab allows specific types of ICMP messages to be enabled or disabled. ICMP messages are used for diagnostics and troubleshooting. The requests listed below are types of requests that the computer may or may not need to respond to. Select each Internet request type that the computer will respond to. Clear each Internet request type that the computer will not respond to.

Default filters
Domain profile

A rule in the Domain profile applies when a computer is connected to a domain.

Allow inbound connections that do not match a rule

Check this box to allow an inbound connection request even if it does not match a Domain profile rule. This check box can be set to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Gray the check box to leave the client’s setting untouched.

Allow outbound connections that do not match a rule

Check this box to allow an outbound connection request even if it does not match a Domain profile rule. This check box can be set to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Gray the check box to leave the client’s setting untouched.

Private profile

A rule in the Private profile applies when a computer is connected to a private network location.

Allow inbound connections that do not match a rule

Check this box to allow an inbound connection request even if it does not match a Private profile rule. This check box can be set to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Gray the check box to leave the client’s setting untouched.

Allow outbound connections that do not match a rule

Check this box to allow an outbound connection request even if it does not match a Private profile rule. This check box can be set to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Gray the check box to leave the client’s setting untouched.

Public profile

A rule in the Public profile applies when a computer is connected to a public network location.

Allow inbound connections that do not match a rule

Check this box to allow an inbound connection request even if it does not match a Public profile rule. This check box can be set to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Gray the check box to leave the client’s setting untouched.

Allow outbound connections that do not match a rule

Check this box to allow an outbound connection request even if it does not match a Public profile rule. This check box can be set to one of three (3) different states: on (enabled) , off (disabled) , or grayed (preserve client setting) . Gray the check box to leave the client’s setting untouched.

Validation Logic

Select the Validation Logic tab to set the validation rules for this element.

Notes

Select the Notes tab to create any additional notes needed to document the profile element.

Description

When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.

Reference

Desktop Authority reference

External Folders Used by Desktop Authority

Files and logs locations

Note: Please refer to the File Paths appendix for the correct path(s) based on the version of Desktop Authority you are using.

Replication

The Replication process logs the files and target folders that are copied during the replication process. The log file can be found in (32-bit OS) %Program Files%\Quest\Desktop Authority\Desktop Authority Manager\SLRepl.log or (64-bit OS) %Program Files (x86)%\Quest\Desktop Authority\Desktop Authority Manager\SLRepl.log.

User Management

During replication, user management files are published to the User Management target replication folder. By default, this folder is NETLOGON (%windir%\SYSVOL\sysvol\DomainName\scripts is shared as NETLOGON). The files are published from the SLscripts$ share (32-bit OS) - %Program Files%\Quest\Desktop Authority\Desktop Authority Manager\Scripts or 64-bit - %Program Files (x86)%\Quest\Desktop Authority\Desktop Authority Manager\Scripts).

Computer Management

Also during replication, computer management files are published to the Computer Management target replication folder. By default, this folder is located at SYSVOL\[DomainName]\Policies\Desktop Authority\Device Policy Master. The files are published from (32-bit OS) - %Program Files%\Quest\Desktop Authority\Desktop Authority Manager\Device Policy Master or (64-bit OS) - %Program Files (x86)%\Quest\Desktop Authority\Desktop Authority Manager\Device Policy Master.

Some files are published to the \SYSVOL\[DomainName]\Policies\Desktop Authority\Desktop Authority Agent 8.0 folder.

DA Administrative Service
  • The DA Administrative Service Data Collection XML file repository can be found at %programfiles%\Quest\Desktop Authority\ETL Cache.
  • The DA Administrative Service log file repository can be found at (32-bit) %SystemRoot%\System32 or (64-bit) %SystemRoot%\SysWow64 The log file is named DAAdminSvc_%ServerName%.log.*
  • The log file for the StatusGateway is located in the DA Administrative Service's account user profile %temp%\DesktopAuthority\DAStatusGateway.log on the server where the DA Administrative Service is installed.*

*Both the StatusGateway and Administrative Service log files can be enabled by setting or creating a registry key for the service.

Add or modify the SLDEBUG registry value in "HKLM\SYSTEM\CurrentControlSet\services\DAAdminSvc"

Set SLDEBUG to a DWORD whose value <>0 (1) to enable the log files.

Figure 60: Editing the DAAdminSvc in the Registry

Update Service
  • The Update Service download cache can be found %programfiles%\Quest\Desktop Authority\Update Service. The files are named daupdsvc#.log.This repository containsSoftware Management catalog.
  • The log file for the Update Service status reporter is located in the Update Service Account user profile %temp%\DesktopAuthority\DAUpdtSvcStRep.log where the Update Service has been installed.*

*Both log files can be enabled by setting or creating a registry key for the service.

Add or modify the SLDEBUG registry value in "HKLM\SYSTEM\CurrentControlSet\services\UpdateService"

Set SLDEBUG to a DWORD whose value <>0 (1) to enable the log files.

Figure 61: Editing the Update Service in the Registry

Log files

User

Desktop Authority uses the User's temp directory to store log files that pertain to the actual user events related to Desktop Authority. The users temp directory can be found in %TEMP%\ Desktop Authority.

Client configuration logs for the Web Browser and Folder Redirection profile objects

  • SLTraceLogonCC.log
  • SLTraceLogoffCC.log
  • SLTraceRefreshCC.log
  • SLTraceCC.log

SL Agent COM object is used for logging events (logon, logoff, inactivity and COM object registration) on the client

  • Slagent*.log

Detailed diagnostic log files for User based events. The log files are time stamped and record all User Management configuration settings applied to the client.

  • Sltrace.htm - logon events
  • Sltracelogoff.htm - logoff events
  • Sltraceenforce.htm –refresh events

The SLTrace Update Service Locator logs entries showing the determination of which Update Service the client should use based on response time. Services are queried from a list servers provided by the Engine which are based on the computer’s site.

  • SLTraceUSLoc_*.htm

Other files may appear in the User’s temp directory for more in-depth troubleshooting, if necessary.

Computer

Computer based log files will be stored on each individual client machine in the Windows temp directory, %windir%\Temp\Desktop Authority.

Detailed diagnostic log files for Computer based events. The log files are time stamped and record all Computer Management configuration settings applied to the client.

  • ComputerManagementTrace*.htm

The SLTrace Update Service Locator logs entries showing the determination of which Update Service the client should use based on response time. Services are queried from a list servers provided by the Engine which are based on the computer’s site.

  • SLTraceUSLoc*.htm
Client files

Various files are stored on each client utilizing Desktop Authority. There are 3 folders that may be used depending on the Desktop Authority features used and the client platform. These folders are %SystemDrive%\Quest\Desktop Authority, %SystemDrive%\%Program Files%\Quest\Desktop Authority, %SystemDrive%\%Program Files (x86)%\Quest\Desktop Authority.

USB/Port Security client files are stored in the %Program Files%\Quest\Desktop Authority folder.

The following files are stored in %Program Files%\Quest\Desktop Authority or %Program Files (x86)%\Quest\Desktop Authority

  • DA Update Client - Client side update service (used with Software Management)
  • SLagent - Desktop client files used with the DA client service, if necessary
  • DA client service - This service provides run as admin functionality
  • Computer Management - Client Side service and configuration files
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级