立即与支持人员聊天
与支持团队交流

KACE Systems Management Appliance 11.1 Common Documents - Administrator Guide

About the KACE Systems Management Appliance Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Managing Linux package upgrades Maintaining device and appliance security
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

Review quarantined KACE Agents

Review quarantined KACE Agents

The appliance keeps track of any agents that request a connection to the appliance.

In a default view, the Quarantine list page only shows the Agents that are waiting for registration. You can use it to review and register applicable Agents. To display already connected Agents, simply change the list filter.

NOTE: On the Quarantine list page, the Zone column shows each agent as Internal or External. If you configure your firewall to map port 443 externally to port 52230 of the appliance, Agents that connect through the firewall to port 443 show up as External on this page. Agents that connect directly to the appliance's port 443 appear as Internal. This feature is optional, but you can use it, for example, if the appliance is hosted in a perimeter network. For more details. see https://go.kace.com/to/k1000-external-agent-port.

Agents that include a valid token are automatically connected. For more information about tokens, see Manage KACE Agent tokens.

1.
Go to the Quarantine list page by doing one of the following:

Log in to the appliance System Administration Console, https://appliance_hostname/system, or select System from the drop-down list in the top-right corner of the page. Then select Organizations > Quarantine.

A System-level quarantine list includes the Agents associated with all organizations managed by the appliance.

If your appliance does not have the Organization component enabled, or if you want to access an organization-level quarantine list, log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. Then select Inventory > Quarantine.

An organization-level quarantine list includes only the Agents associated with the selected organization.

The Quarantine list page appears. By default, the list uses the Awaiting Action filter, showing only those Agents that require approval. You can apply different filters to display All Items, and Approved or Blocked Agents. When you display the Approval Status column you can see which agents are Approved, Blocked, and Awaiting Action.
To approve one or more Agents, select them in the list, and click Choose Action > Approve. You can also block or delete Agents, as required. Blocking a quarantined agent only removes it from the Awaiting Action view on the Quarantine list page. You can block an agent that you do not want to consider approving, in general. To permanently remove a blocked agent from all views, you may want to delete it. For example, if you see a suspicious host name coming from an external agent, you have an option to either block that agent (to remove it from the Awaiting Action view), or to delete it, as required.
b.
On the Quarantine Detail page that appears, review the Agent's details.
c.
4.
System-level Agents only. If you want to associate a System-level Agent with a specific organization, select it in the list and click Choose Action > Assign to Organization > <organization name>
The selected Agent record now appears in the organization-level Quarantine list page, allowing the organization's administrator to review and register this Agent, as applicable. If an Agent is approved without being assigned to an organization, Organization filters are used to assign the agent to an organization after its first inventory.

Provisioning the KACE Agent

Provisioning the KACE Agent

Agent provisioning is the task of installing the KACE Agent on devices you want to add to appliance inventory using the Agent.

About the KACE Agent

The KACE Agent is an application that can be installed on devices to enable inventory reporting and other device management features.

Agents that are installed on managed devices communicate with the appliance through an agent messaging protocol. Agents perform scheduled tasks, such as collecting inventory information from, and distributing software to, managed devices. Communication between an Agent and the appliance occurs over a proprietary KACE tunnel which is encrypted using the TLS 1.3 protocol. The agent sends and receives unencrypted data through the TLS 1.3-encrypted KACE tunnel.

Agentless management is available for devices that cannot have Agent software installed, such as printers and devices with operating systems that the Agent does not support. See Using Agentless management.

Tracking changes to Agent settings

If History subscriptions are configured to retain information, you can view the details of the changes made to settings, assets, and objects.

This information includes the date the change was made and the user who made the change, which can be useful during troubleshooting. See About history settings.

Methods for provisioning the KACE Agent

You have a number of ways to deploy the KACE Agent to the devices you want to manage.

Provision using the Agent Provisioning Assistant: You can use the Agent Provisioning Assistant to perform provisioning for devices with Windows, Mac OS X, and Linux operating systems. Within the Assistant, you can choose between using the appliance GPO Provisioning Tool for deploying the Agent to Windows devices, or using Onboard Provisioning for deploying the Agent to Windows, Mac OS X, or Linux devices.

The GPO Provisioning Tool is recommended for Windows devices because using the tool minimizes the pre-configuration that must happen on the target device. It requires an Active Directory environment. The onboard provisioning approach requires you to perform client-side configuration on the devices to be managed before you can start provisioning.

Provision using manual deployment: Manual deployment is useful when automated Agent provisioning is not practical or when you want to deploy the KACE Agent using email or logon scripts.

Enabling file sharing

Enabling file sharing

To provision Agent software, you must enable file sharing.

If the Organization component is enabled on your appliance, see Enable file sharing at the System level. Otherwise, see Enable file sharing without the Organization component enabled.

Enable file sharing at the System level

If the Organization component is enabled on your appliance, you must enable file sharing at the System level to provision the Agent.

1.
Go to the Security Settings page:
a.
Log in to the appliance System Administration Console, http://appliance_hostname/system, or select System from the drop-down list in the top-right corner of the page.
b.
On the left navigation bar, click Settings, then click Control Panel.
c.
On the Control Panel, click Security Settings.
2.
In the Samba section, specify the following settings:

Option

Description

For appliances with the Organization component enabled:

Enable Organization File Shares

Use the appliance's client share to store files, such as files used to install applications on managed devices.

The appliance’s client share is a built-in Windows file server that the provisioning service can use to assist in distributing the Samba client on your network. Quest recommends that this file server only be enabled when you perform application installations on managed devices.

Require NTLMv2 authentication to appliance file shares

Enable NTLMv2 authentication for the appliance files shares. When this setting is enabled, managed devices connecting to the appliance File Shares require support for NTLMv2 and authenticate to the appliance using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the KACE Agent. See Manually deploying the KACE Agent.

Require NTLMv2 to off-board file shares

Force certain appliance functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions.

3.
Click Save.

When the appliance restarts, enable file sharing at the organization level. See Enable organization-level file sharing with the Organization component enabled.

Enable organization-level file sharing with the Organization component enabled

If the Organization component is enabled on your appliance, you must enable file sharing at the organization level to provision the Agent.

Verify that organization file shares are enabled. For instructions, see Enable file sharing at the System level.

1.
Go to the Admin-level General Settings page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Control Panel.
c.
On the Control Panel, click General Settings.
2.
Select Enable File Sharing in the Samba Share Settings section.
3.
Optional: Enter a password for the File Share User.
4.
Click Save Samba Settings.
Enable file sharing without the Organization component enabled

If the Organization component is not enabled on your appliance, you must enable file sharing in the appliance security settings to provision the Agent.

1.
Go to the Security Settings page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Control Panel.
c.
On the Control Panel, click Security Settings.
2.
In the Samba section, select Enable File Sharing.
3.
Optional: Select authentication options:

Option

Description

Require NTLMv2 to authenticate appliance file shares

Enable NTLMv2 authentication for the appliance files shares. When this setting is enabled, managed devices connecting to the appliance File Shares require support for NTLMv2 and authenticate to the appliance using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the KACE Agent. See Manually deploying the KACE Agent.

Require NTLMv2 authentication to off-board file shares

Force certain appliance functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions.

4.
Click Save.

Enable file sharing at the System level

Enabling file sharing

To provision Agent software, you must enable file sharing.

If the Organization component is enabled on your appliance, see Enable file sharing at the System level. Otherwise, see Enable file sharing without the Organization component enabled.

Enable file sharing at the System level

If the Organization component is enabled on your appliance, you must enable file sharing at the System level to provision the Agent.

1.
Go to the Security Settings page:
a.
Log in to the appliance System Administration Console, http://appliance_hostname/system, or select System from the drop-down list in the top-right corner of the page.
b.
On the left navigation bar, click Settings, then click Control Panel.
c.
On the Control Panel, click Security Settings.
2.
In the Samba section, specify the following settings:

Option

Description

For appliances with the Organization component enabled:

Enable Organization File Shares

Use the appliance's client share to store files, such as files used to install applications on managed devices.

The appliance’s client share is a built-in Windows file server that the provisioning service can use to assist in distributing the Samba client on your network. Quest recommends that this file server only be enabled when you perform application installations on managed devices.

Require NTLMv2 authentication to appliance file shares

Enable NTLMv2 authentication for the appliance files shares. When this setting is enabled, managed devices connecting to the appliance File Shares require support for NTLMv2 and authenticate to the appliance using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the KACE Agent. See Manually deploying the KACE Agent.

Require NTLMv2 to off-board file shares

Force certain appliance functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions.

3.
Click Save.

When the appliance restarts, enable file sharing at the organization level. See Enable organization-level file sharing with the Organization component enabled.

Enable organization-level file sharing with the Organization component enabled

If the Organization component is enabled on your appliance, you must enable file sharing at the organization level to provision the Agent.

Verify that organization file shares are enabled. For instructions, see Enable file sharing at the System level.

1.
Go to the Admin-level General Settings page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Control Panel.
c.
On the Control Panel, click General Settings.
2.
Select Enable File Sharing in the Samba Share Settings section.
3.
Optional: Enter a password for the File Share User.
4.
Click Save Samba Settings.
Enable file sharing without the Organization component enabled

If the Organization component is not enabled on your appliance, you must enable file sharing in the appliance security settings to provision the Agent.

1.
Go to the Security Settings page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Control Panel.
c.
On the Control Panel, click Security Settings.
2.
In the Samba section, select Enable File Sharing.
3.
Optional: Select authentication options:

Option

Description

Require NTLMv2 to authenticate appliance file shares

Enable NTLMv2 authentication for the appliance files shares. When this setting is enabled, managed devices connecting to the appliance File Shares require support for NTLMv2 and authenticate to the appliance using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually turned off. Enabling this option disables lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you need NTLM v2 Level 5, consider manually provisioning the KACE Agent. See Manually deploying the KACE Agent.

Require NTLMv2 authentication to off-board file shares

Force certain appliance functions that are supported through the Samba client, such as Agent Provisioning, to authenticate to offboard network file shares using NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more common and this option is usually disabled. Enabling this option enables the client ntlmv2 auth option for Samba client functions.

4.
Click Save.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级