You are on page 1of 360

Dell KACE K1000 Management Appliance Administrator Guide

Release 5.3
Revision Date: May 16, 2011

2004-2011 Dell, Inc. All rights reserved. Information concerning third-party copyrights and agreements, hardware and software warranty, hardware replacement, product returns, technical support terms and product licensing is in the Dell KACE End User License agreement accessible at http://www.kace.com/license/standard_eula

Contents
1 Getting Started 15
15 15 15 16 17 18 18 18 19 21 23 23 23 25 25 26 26 27 27 28 28 30 31 32 32 32 33 33 About this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding the KACE K1000 Appliance components . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software deployment components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To set up your K1000 Management Appliance server . . . . . . . . . . . . . . . . . . . . . . . . . DNS Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring network settings from the console. . . . . . . . . . . . . . . . . . . . . . . . . . . . Logging in to the Administrative Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the KACE K1000 Appliance components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Home. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Guided Tours . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Client Check-In Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software Threat Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . License Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Clients Connected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managed Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tasks in Progress. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view the Summary Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Find Your Software Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating Your Appliance Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upgrade software without using Organizational Management . . . . . . . . . . . . . To upgrade software for Organizational Management users . . . . . . . . . . . . . . . . . Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Search. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Whats Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2 Configuring your Appliance

35
35 35 37 39 40 40 42 42 42 43 44 44 45 47 47 49
3

Key configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure general settings for the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure general settings for your organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . List of open ports required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Network Settings for the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure the Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Local Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Local Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Local HTTPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Local HTTPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Security Settings for the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To generate an SSL Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Agent Messaging Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Agent Messaging Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring date and time Settings of the appliance server . . . . . . . . . . . . . . . . . . . . . . . .
Administrator Guide, Version 5.3

Contents

To configure Date & Time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Single Sign-on for multiple appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To enable linking of appliances for single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . To link appliances for single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To disable appliance links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To access the K1000 Troubleshooting Tools page. . . . . . . . . . . . . . . . . . . . . . . . . . . . To use Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

49 49 50 50 51 51 52 52

3 Labels and Smart Labels

53
53 54 55 55 56 57 57 58 58 59 59 60 60 61 61 62 63

About Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Labels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Computer Details by Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view label details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add or edit a new label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About Label Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view Label Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About Smart Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To change the Smart Label Run Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Whats Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4 Agent Provisioning

65
65 66 67 67 67 68 68 69 69 69 71 72 72 73 73 73

Overview of first time Agent provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System requirements for Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing to provision the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling file sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing for Windows Platform provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Single Machine Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To deploy the Agent on a single machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advanced Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview of Advanced Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To use Advanced Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To provision Windows platforms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To provision Unix (Linux or Mac OS X) platforms . . . . . . . . . . . . . . . . . . . . . . . . . To schedule Agent provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Provisioned Configurations page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accessing the Provisioned Configurations page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.3

Contents

To edit a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To duplicate a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Provisioning Results Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view Provisioning Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing K1000 Agent Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K1000 Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure an Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K1000 Agent Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview of Agent Updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To download a patch Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To update the Agent automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AMP Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view AMP Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a message queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

74 74 74 74 75 75 76 77 77 78 78 78 79 80 80 81

5 Managing Software and Hardware Inventories

83
83 84 85 85 85 86 86 87 87 89 89 89 90 91 91 92 92 92 93 94 94 95 95 96 96 96 97 97

Inventory Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Searching for Computers in Your Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Advanced Search for Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating Smart Labels for Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . Searching for Computers by Creating Computer Notifications . . . . . . . . . . . . . . . . Filtering Computers by Organizational Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Computer Inventory Detail Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Appliance Agent Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Advanced Search for Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Software to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding software automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add software to Inventory manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create software assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Custom Data Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Attaching a Digital Asset to a Software Item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To attach a digital asset to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to a software item. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To remove a label from a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To categorize a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To set threat level to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.3

Contents

Managing Your Processes Inventory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 To view process details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 To delete a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 To disallow processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 To apply a label to a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To remove a label from a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To categorize a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To set threat level to a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To meter a process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Managing Your Startup Program Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 To view Startup detail information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 To delete a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To apply a label to a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To remove a label from a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To categorize a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To set threat level to a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Managing Your Service Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 To view service detail information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 To delete a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 To apply a label to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 To remove a label from a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 To categorize a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 To set a threat level to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Managing Your MIA (Out-Of-Reach Computer) Inventory . . . . . . . . . . . . . . . . . . . . . . . . 104 Configuring the MIA Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 To configure the MIA settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 To delete an MIA computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 To apply a label to an MIA computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 To create a new label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Using the AppDeploy Live Application Information Clearinghouse . . . . . . . . . . . . . . . . . . 106 Enabling AppDeploy Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Viewing AppDeploy Live content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 To view AppDeploy Live information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Using the Dell Warranty feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 To obtain Dell Warranty information on a single Dell machine instantly . . . . . . . . . . . 107 To renew Dell Warranty information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 To run Dell Warranty reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

6 Importing and Exporting Appliance Resources

111
111 111 112 115 116 117 117

Importing and exporting resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Transferring resources using a SAMBA share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Export resources from one appliance to another using SAMBA shares . . . . . . . . . . . Transferring resources between Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exporting resources to Other Organizations on an appliance. . . . . . . . . . . . . . . . . . . Importing resources from another organization on your appliance . . . . . . . . . . . . . . . Import software components from another organization . . . . . . . . . . . . . . . . . . .
6

Administrator Guide, Version 5.3

Contents

7 Scanning for IP Addresses

119
119 119 119 120 120 120 122 123 123 123

IP Scan Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Scheduled Scans list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an IP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an IP scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To search network scan results on the basis of status fields . . . . . . . . . . . . . . . . . . . IP Scan Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To dynamically identify the network scan results . . . . . . . . . . . . . . . . . . . . . . . . . To edit the order value of IP Scan Smart Labels . . . . . . . . . . . . . . . . . . . . . . . . .

8 Distributing Software from Your K1000 Management Appliance

125
125 126 127 127 127 128 128 129 129 129 130 130 133 134 134 137 137 138 139 139 142 142 143 143 143 144 145 146 146 146 147 147 148

Distribution Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Distribution Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributing packages from the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ensuring that Inventory item package names match . . . . . . . . . . . . . . . . . . . . . . Distributing Packages from an Alternate Location . . . . . . . . . . . . . . . . . . . . . . . . . . . When to use a replication share or an alternate download location . . . . . . . . . . . . . . Managed Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installation parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To determine supported parameters for the .msi file . . . . . . . . . . . . . . . . . . . . . . Creating a managed installation for the Windows platform. . . . . . . . . . . . . . . . . . . . . To create a managed installation for Windows platforms. . . . . . . . . . . . . . . . . . . Examples of common deployments on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard MSI example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for Windows platforms. . . . . . . . . . . . . . . . . . . Standard EXE Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard ZIP Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for a .zip file . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for an .rpm file . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard TAR.GZ Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for a tar.gz file . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Mac OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . File Synchronizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a file synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a file synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wake-on-LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wake-on-LAN feature overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Issuing a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To issue a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To schedule a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting Wake-on-LAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.3

Contents

Preparing to create a replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Working with your replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view replication share details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing iPhone Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Before you use K1000 iPhone profile support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add an iPhone profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Delete an iPhone profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Configure Collection Settings for iPhones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Dell Systems with Dell Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding the Differences between Patching and Dell Updates . . . . . . . . . . . . . Dell Client and Server Upgrade workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Dell OpenManage Catalog Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

149 149 152 152 153 153 153 154 154 155 156 156 158

9 Using the Scripting Features

161
161 163 163 164 165 166 166 170 172 172 172 172 173 173 174 174 175 175 176 176 176 177 177 178 179 179 179 180 180 180 181

Scripting Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Order of downloading script dependencies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Appliance Default Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Token Replacement Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add an Offline KScript or Online KScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add an Online Shell Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Editing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a script from the Scripts page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a script from the Scripts Edit page . . . . . . . . . . . . . . . . . . . . . . . . . . . . Importing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To import an existing script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Duplicate an existing Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Run Now function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run scripts using the Run Now tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run Now from the Script Detail page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To use the Run Now function from the Scripts Lists Page . . . . . . . . . . . . . . . . . . Monitoring Run Now Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run Now Detail Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Searching the Scripting Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To search scripting logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About the Configuration Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Windows-based Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Registry Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Desktop Control Troubleshooter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To troubleshoot remote behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a policy to enforce Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . Desktop Shortcuts Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.3

Contents

To create scripts to add shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Event Log Reporter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an Event Log query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MSI Installer Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create the MSI Installer policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UltraVNC Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Un-Installer Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an uninstaller script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Automatic Update Settings policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To modify Windows Automatic Update settings . . . . . . . . . . . . . . . . . . . . . . . . . . To start the Automatic Windows Update on a node . . . . . . . . . . . . . . . . . . . . . . . Power Management Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About monitoring power use. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Mac OS Configuration-based Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Power Management Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce VNC Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Active Directory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

181 181 182 182 182 184 186 186 186 187 188 188 188 189 189 190 192 192

10 Maintaining Your K1000 Management Appliance

195
195 196 196 196 196 197 197 197 198 198 198 198 198 199 199 199 199 200 200 201 201 201 201 201 202 202

K1000 Management Appliance maintenance overview. . . . . . . . . . . . . . . . . . . . . . . . . . . Upgrading your appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upgrade your K1000 Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . Backing up K1000 Management Appliance data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run the appliance backup manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downloading backup files to another location. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To change backup file location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To access the backup files through ftp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restoring K1000 Management Appliance settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restoring from most recent backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To restore from the most recent backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Uploading files to restore settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upload backup files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restoring to factory settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To restore to factory settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating K1000 Management Appliance software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To verify the minimum server version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating the license key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating your Dell KACE K1000 Management Appliance license key . . . . . . . . Applying the server update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply the server update. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To verify the upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating patch definitions from KACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To update the patch definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete patch files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Reboot and shut down KACE K1000 Appliances . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.3

Contents

Updating OVAL definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To update the OVAL and patch definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting K1000 Management Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accessing K1000 Management Appliance logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downloading log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To download Dell KACE K1000 Management Appliance logs . . . . . . . . . . . . . . . Windows debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To log on to the AMP service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Disk Status log data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

202 202 203 203 204 204 204 204 206

11 LDAP

209
About LDAP Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an LDAP Label Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an LDAP Label with the Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using LDAP Easy Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the LDAP Browser Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To use the LDAP Browser Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Automatically Authenticating LDAP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure the appliance for user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . To schedule a User Import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 210 211 213 214 214 215 215 218

12 Running the K1000 Appliance Reports

221
221 222 223 223 225 228 229 229 229 230 230 230 231 232 233 233 233 234 234

Reporting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Report Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report using the Report Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new SQL report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To duplicate an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Scheduling Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a report schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To select a report if starting from the Schedule icon . . . . . . . . . . . . . . . . . . . . . . To select a report if starting from the Schedule Reports tab . . . . . . . . . . . . . . . . To define email notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To schedule the time the report runs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a scheduled report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Alert Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Create a Broadcast Alert Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-mail Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an e-mail Alert. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

13 Using Organizational Management

237

Overview of Organizational Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Default Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

10

Administrator Guide, Version 5.3

Contents

Creating and editing Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To troubleshoot nodes that fail to show up in Inventory . . . . . . . . . . . . . . . . . . . . To edit an organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete an organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing System Admin Console users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To change the password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organizational Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Default role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and editing Organizational Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To duplicate a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organizational Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Organizational Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a data filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a LDAP filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advanced Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Test and Organization Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To test an organization filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Refiltering Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To refilter computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Redirecting Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To redirect computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

237 238 239 241 242 243 243 244 244 245 245 245 246 247 248 248 248 249 249 250 251 252 252 252 252 253 253 253 254 254 254 254

A Administering Mac OS Nodes

259
259 260 260 260 263

Mac OS Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributing Software to Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Mac OS . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for Mac OS nodes . . . . . . . . . . . . . . . . . . . . . . Patching Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B Adding Steps to a Script

265
265 265 269 271
11

Adding Steps to Task Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Steps for Windows Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Steps for Mac OS X Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Steps for Red Hat Enterprise Linux Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administrator Guide, Version 5.3

Contents

C Writing Custom Inventory Rules

273
273 273 274 275 275 275 276 277 279 280 281 282 282 283 283 284 284 285 285 286 286 287 287 289 289 290 290 290 290 290 290 292 293 293 293 293 293 294

Understanding Custom Inventory Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a Custom Inventory rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How Custom Inventory Rules are implemented . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding rule syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Function syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Argument syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for conditions (Conditional rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Conditional rule reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying if a Condition exists (Exists rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Evaluating node settings (Equals rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Comparing node values (Greater and Less Than rules) . . . . . . . . . . . . . . . . . . . Testing for multiple conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for multiple true conditions (AND). . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for one true condition (OR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting values from a node (Custom Inventory Field) . . . . . . . . . . . . . . . . . . . . . . . . . . . . Value Return rule reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting File Information values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting Registry key values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting command output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting PLIST values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting multiple values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Matching file names with Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Regular Expressions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Regular Expression Rule Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining rule arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Finding a path or file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Finding a registry key and entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying a version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying environment or user variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying a file attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Windows file attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Testing for Linux and Mac file attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying the datatype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying values to test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying the name of a registry entry (Windows only). . . . . . . . . . . . . . . . . . . . Specifying a PLIST key (Mac only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using a regular expression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

D Database Tables

295

K1000 Management Appliance Database Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

12

Administrator Guide, Version 5.3

Contents

E Manually Deploying Agents

301
301 301 302 302 302 303 304 304 305 305 305 306 306 306 306 306 307 307 307 308 308 308 308 309 309 309 309 309 310 310 311

Overview of manual deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Resources for troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manually installing the Agent on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To manually install the Agent on Windows using the Install wizard . . . . . . . . . . . . . . To manually install the Agent on Windows using command lines. . . . . . . . . . . . . . . . Windows security issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing and Configuring the Agent on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To install the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To install from startup or login. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upgrade the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To start and stop the Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To manually remove the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other Agent operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check that the Agent is running . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check the version of the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run an Inventory check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Linux Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Install and Configure the Agent on Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . To install or upgrade the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To start or stop the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To manually remove the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other Agent operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check that the Agent is running . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check the version of the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run an Inventory check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Macintosh Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using shell scripts to install the Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Information collected by the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To access the Computers : Detail page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

F Understanding the Daily Run Output G K1000 Classic Reports

315 321
321 322 322 322 324 326 326 327

Reporting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report using the table presentation type . . . . . . . . . . . . . . . . . . . . . . To create a new report using the chart presentation type . . . . . . . . . . . . . . . . . . To duplicate an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report from scratch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a report using SQL Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administrator Guide, Version 5.3

13

Contents

Scheduling Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a report schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run a schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a schedule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

328 328 329 329

H Warranty, Licensing, and Support

331
331 331 331 334 335 335 339 343 344 344 344 345 346 347 348 352

Warranty And Support Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Third Party Software Notice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EZ GPO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FreeBSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preamble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Knoppix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NO WARRANTY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Microsoft Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OpenSSL License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Original SSLeay License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PHP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Samba. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preamble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Index

355

14

Administrator Guide, Version 5.3

1
Getting Started

This chapter starts with an overview of this guide and the Dell KACE K1000 Management Appliance interface components. The chapter then explains how to install and set up your K1000, and finally it provides an overview of the K1000 Management Appliance Administrator Console Home page features.

About this guide, on page 15. About this chapter, on page 15. Understanding the KACE K1000 Appliance components, on page 15. Using the KACE K1000 Appliance components, on page 21. Using Home, on page 24. Whats Next, on page 34.

About this guide


This guide explains how to install, set up, configure, and use the Dell KACE K1000 Management Appliance.

About this chapter


This chapter explains how to install and set up your K1000 Management Appliance, from unpacking the appliance to Initial Konfiguration. When finished, you will see the Administrator Portal appliance, the Web page from which you configure and use your appliance. At that point, this chapter provides an overview of the Administrator Portal. Before you can use your appliance, you need to configure it. This section provides an introduction to your appliance and an overview of the total system management workflow. This section also lists the basic administrative procedures and the best practices for system management.

Understanding the KACE K1000 Appliance components


Your appliance includes the following components:
Administrator Guide, Version 5.3 15

Getting Started

1.

Administrator ConsoleThis is used by administrators to control the K1000 Management Appliance. It is accessible by browsing to http://k1000_hostname/ admin. This portal is a Web-based interface to access and direct the functionality and capabilities within your company. The Administrator Console provides access to the following components: Inventory Management Software Distribution Reporting K1000 Settings Asset Management Scripting Security Service Desk Settings Virtual Kontainers

2. 3.

System ConsoleThis is an interface designed primarily to enforce the policies across organizations. AgentThis is the K1000 Management Appliance technology that sits on each desktop that the appliance manages. It includes an application component that manages downloads, installations, and desktop inventory. The agent also includes the Agent Management Service appliance that initiates scheduled tasks such as inventory or software updates. Service DeskThis makes software titles available to users on a self-service basis. The Service Desk does not replace traditional push software distribution (as is handled by the Administrator Console and the agent). You can change or customize the Service Desk name. The Service Desk provides: A repository for software titles that are not required for all users. A way for users to submit and track Service Desk (or Service Desk tickets). Assistance for users in routine tasks, such as software installation and getting help from the Knowledge Base.

4.

Service Desk is accessible by browsing to http://k1000_hostname.

16

Administrator Guide, Version 5.3

Getting Started

Hardware specifications
The K1000 Management Appliance include a high-performance server with the following hardware configuration: Hardware Form Factor Dimensions Height Width Depth Model CPU (Quantity/Core) RAM RAID Level Number of Disks Storage Ethernet Ports Power Supply 4.26cm (1.7in) 48.24cm (19in) (includes rack latches) 4.26cm (1.7in) 48.24cm (19in) (includes rack latches) K1100 1U Rack mount chassis K1200 1U Rack mount chassis

77.2cm (30.4in) 77.2cm (30.4in) (includes PSU handles & bezel) (includes PSU handles & bezel) PowerEdge R610 2/4 Intel Xeon, 2.4 GHz 6GB 5 3 215GB Quad Gigabit Energy Smart 520 Watts, 100 - 240 VAC PowerEdge R610 2 /4 Intel Xeon, 2.66GHz 12GB 5 5 550GB Quad Gigabit Dual Redundant, Energy Smart 520 Watts, 100 - 240 VAC

Software deployment components


This section describes the packages that can be deployed by the server on the agents. The K1000 Management Appliance supports several types of distribution packages, and this section lists the components used for the deployment of packages:

Managed Installations can be configured by the administrator to run silently or with user interaction. Within a Managed Installation Definition, the administrator can define install, uninstall, or command-line parameters. See Managed Installations, on page 129 for more information. File Synchronization is another way to distribute content to computers with the agent software. Unlike Managed Installations, File Synchronization is used to distribute files that need to be copied to a users machine without running an installer. See File Synchronizations, on page 143 for more information. Service Desk Packages are ear-marked by administrators for user self-service. Many Dell customers use the portal for handling occasional user applications, print drivers, and so on. You also can use the Service Desk to resolve installation issues by allowing users to download and install fixes. See the Service Desk Administrator Guide for detailed information.

Administrator Guide, Version 5.3

17

Getting Started

Agent is a special tab to manage the appliance agent. See Chapter 4: Agent Provisioning, starting on page 65, for details on how to configure and perform these tasks. MSI Installer Wizard creates a policy and helps you set the basic command line arguments for running MSI-based installers. The wizard generates a script used for installing or removing the software. See MSI Installer Wizard, on page 182, for more details.

The package types are mostly setup.msi or setup.exe files. The sections that follow describe how to configure the K1000 Management Appliance to meet the needs of your company.

To set up your K1000 Management Appliance server


This section describes how to set up the K1000 Management Appliance after the appliance has been properly installed in its rack.

DNS Considerations
The K1000 Management Appliance requires its own unique static IP address. By default, its hostname is kbox. Whatever name you use, it should be specified in the appropriate A record created in your internal Domain Name System (DNS) server. An MX record containing the hostname defined by the A record is required so that the users can e-mail tickets to the Service Desk. A Split DNS is required if the appliance is connected to the Internet using a reverse proxy or by being placed in the DMZ (Demilitarized Zone or Screened Subnet). A DMZ adds an additional layer of security to a LAN (Local Area Network).

Configuring network settings from the console


1. 2. To access the console, connect a monitor and keyboard directly to the appliance, but do not connect a network cable at this time. Power on the appliance. The appliance requires 5 to 10 minutes to start up for the first time.

3.

At the login prompt, enter: Login ID: konfig Password: konfig

18

Administrator Guide, Version 5.3

Getting Started

Modify the following settings using the Up and Down arrow keys to move between fields. Field K1000 (DNS) Hostname K1000 Web Server Name Description Enter the host name of the appliance. The default setting is kbox. (Recommended) Enter the fully qualified domain name (FQDN) of the appliance on your network. This is the value of Hostname concatenated with Domain (for example, appliance.kace.com). Clients connect to the K1000 using the Web Server Name. We recommend adding a DNS host record matching the K1000 Web Server Name chosen during this setup. (Required) Enter the IP address of the appliance server. Enter the domain on which the appliance is running. Enter your subnet mask. Enter the network gateway for the appliance server. Enter the IP address of the primary DNS server the appliance uses to resolve host names. Enter the IP address of the secondary DNS server, if needed. User the Right arrow key to select from the available speeds if you need to change the default. To enable email notifications, specify an SMTP server, enclosing the IP address with square brackets []. Permits console access to the K1000. Use the Right arrow key to enable. Enter any necessary proxy information.

Static IP Address Domain Subnet Mask Default gateway Primary DNS Secondary DNS Network Speed SMTP Server SSH Enabled Proxy... 4.

Press the Down arrow to move the cursor to Save, and then press Enter or Return. The appliance restarts.

5.

While your appliance reboots, connect an Ethernet cable into the port labeled Gb 1 and to a switch on your network.

Logging in to the Administrative Console


After the basic network configuration is complete, you can log in to the Administrative Console from any computer on the Local Area Network (LAN) using a Web browser. 1. 2. Open a Web browser. Enter the appliance Administrative Console URL:

Administrator Guide, Version 5.3

19

Getting Started

http://k1000_hostname/admin The Initial Konfiguration page appears.

3.

Enter the license key (including dashes) that you in received in the welcome email from Dell KACE. If you cannot find your license key, contact Dell KACE Customer Support at www.kace.com/support.

4. 5. 6. 7.

Enter a secure and unique password for the admin account. Enter the name of your company or organization. Select the timezone for your K1000 location. Click Apply Settings and Reboot. The appliance restarts.

8. 9.

When the appliance has restarted, refresh the browser page. After accepting the EULA, log in using the username admin and the password you chose.

You are now ready to start using the Administrator Interface. The following sections explain the various K1000 Management Appliance feature components. You can restore the factory settings of the appliance. For more information, refer to Restoring to factory settings, on page 199.

20

Administrator Guide, Version 5.3

Getting Started

Using the KACE K1000 Appliance components


Depending upon your options, the following components are available on your appliance:

The components are described in the following table: Component Home Sub-tabs Used to... Manage labels, which are a method for grouping machines, software, people, and so on. You can also have labels dynamically assigned by using Smart Labels. Provide overview statistics of your running processes. Also, includes guided tours for learning more about your K1000 Management Appliance. Administer the hardware and software managed by your appliance.

Guided Tour Summary Label Search

Inventory

Computers Software Processes Startup Service IP Scan MIA Management Deployment Creation Administration Assets Asset Types Asset Import Metering

Virtual Kontainers

Create virtual versions of supported applications, and deploy and run them on the nodes you administer from the Dell KACE K1000 Management Appliance. For more information, see the Virtual Kontainer Users Guide. Track computers and other physical assets, such as software, printers, and so on. Also used to: Determine software compliance. Establish relationships between assets (using logical assets). Meter actual software usage. For more information, see the Asset Management Guide.

Asset

Administrator Guide, Version 5.3

21

Getting Started

Component Distribution

Sub-tabs

Used to... Remote software distribution and administration, including iPhones and Dell OpenManage updates.

Managed Installation File Synchronization Wake-on-LAN Replication iPhone Dell Updates Scripts Run Now Run Now Status Search Logs Configuration Policy Security Policy Patching OVAL Assessment SCAP Scan Secure Browsers

Scripting

Automate system administration tasks.

Security

Reduce the risks from malware, spyware, and viruses. For more information about patching and security, see Patching and Security Guide.

Help Desk

Provide a repository for software resources and documentation for your users to access and Software download. Provides a full-featured service desk Library system for creating and tracking Service Desk Knowledge Base tickets. Tickets Users Roles Configuration Reports Classic Reports Schedule Reports Alerts Email Alerts Run pre-packaged reports and report-creating tools to monitor your appliance implementation.

Reporting

22

Administrator Guide, Version 5.3

Getting Started

Component Settings

Sub-tabs

Used to... Administer your appliance implementation.

Control Panel K1000 Agent Resources Support

Organization (Organizational Management) Global Search

N/A

Divide your appliance implementation into different logical organizations that you administer separately. Search your appliance for terms you enter.

N/A

Using Home
The Home component includes tabs for:

Guided Tours, on page 24 Summary, on page 24 Label, on page 33 Search, on page 34

Guided Tours
The Guided Tours are tutorials that help you learn more about the KACE K1000 Management Appliance by walking you through some of basic tasks. The Guided Tours supplement, but do not replace, Boot Kamp and documentation.

Summary
The K1000 Summary page provides information about the configuration and operation of your appliance. When you log on to the Administrator Console, the Home component displaying the Summary tab appears by default.

Administrator Guide, Version 5.3

23

Getting Started

The top of the K1000 Summary page provides updated news and popular FAQ information about your Dell KACE K1000 Management Appliance:

Below the Summary are dashboard meters and graphs to give you a quick view of your appliance status:. The scales on the Summary page gauges adjust automatically.

24

Administrator Guide, Version 5.3

Getting Started

Client Check-In Rate


Displays the total number of clients that have checked into the server in the past 60 minutes.

Distributions
Displays the number of managed installations, scripts, and file synchronizations that are enabled. This also displays the number of alerts that you have configured.

Administrator Guide, Version 5.3

25

Getting Started

Software Threat Level


Displays the various threat levels for software installed on various machines.

License Compliance
Displays the number of machines that use a particular licensed software. For example, the following figure displays a licensed software Adobe flash player 9, which can be installed on 1000 machines. In this example, this software is used by 12 machines. This display can use different colors for license types that are ignored (for example, freeware) and licenses that are approaching or at 100% usage. For general information about assets and license compliance, see Asset Management Guide. To change this configuration, see To configure general settings for the server, on page 35.

26

Administrator Guide, Version 5.3

Getting Started

Clients Connected
Displays the percentage of clients connected to the server.

Managed Operating Systems


Displays the various operating systems present in the inventory by percentage as a pie chart.

Administrator Guide, Version 5.3

27

Getting Started

Tasks in Progress
Displays the total number of tasks in progress on the server.

To view the Summary Details


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Click Home > Summary. The Summary page appears. 2. Scroll down, and then select the View Details button at the bottom of the page:

28

Administrator Guide, Version 5.3

Getting Started

The K1000 Summary Details page appears:

The following sections describe summary details sections. Each organization has its own summary details. Summary Section Computer Statistics Description The computers on your network, including a breakdown of the operating systems in use. In addition, if the number of computers on your network exceeds the number allowed by your Dell KACE K1000 Management Appliance license key, you are notified of it here. The software in Inventory. A summary of the number of software titles that have been uploaded to the Dell KACE K1000 Management Appliance.

Software Statistics

Software Distribution The packages that have been distributed to the computers on your network, Summary separated out by distribution method. The summary also indicates the number of packages that are enabled and disabled.

Administrator Guide, Version 5.3

29

Getting Started

Summary Section Alert Summary

Description The alerts that have been distributed to the computers on your network, separated by message type. This also indicates the number of alerts that are active and expired. The IT Advisory refers to the number of Knowledge Base articles in Service Desk. The patches received from Microsoft, Apple, and so on. The summary includes the date and time of the last patch (successful and attempted), total patches, and total packages downloaded. The OVAL definitions received and the number of vulnerabilities detected on clients in your network. The summary includes the date and time of the last OVAL download (successful and attempted) and the number of OVAL tests in the appliance, in addition to the numbers of computers scanned. The results of the Network Scans that have run on the network, including the number of IP addresses scanned, number of services discovered, number of devices discovered, and number of detected devices that are SNMP-enabled. As this page is refreshed, the record count information is refreshed. New K1000 Management Appliance installations mostly contain zero or no record counts.

Patch Bulletin Information OVAL Information

Network Scan Summary

To Find Your Software Version


The About K1000 link in the lower-left side of the K1000 Management Appliance page brings up KACE software information including:

The software revision level.

30

Administrator Guide, Version 5.3

Getting Started

A list of all of the appliance components that are running:

Updating Your Appliance Software


Your K1000 Management Appliance checks in with the servers at Dell KACE daily to find out if more recent appliance software is available. If a software update is available, an alert like this one is displayed on the Home page the next time you log in as Administrator:

This section explains how to accept the latest appliance server upgrade.

Administrator Guide, Version 5.3

31

Getting Started

For details on how to find your current appliance version, see To Find Your Software Version, on page 31.

To upgrade software without using Organizational Management


To perform these steps, be sure to select System in the Organization drop-down list in the top-right hand corner of the page. 1. Click K1000 Settings > Server Maintenance. The K1000 Server Maintenance page appears. 2. 3. Click Edit Mode at the top left of the page. Click the Check for upgrade button. The Logs tab displays the latest updated files from Dell.

To upgrade software for Organizational Management users


To perform these steps, be sure to select System in the Organization drop-down list in the top-right hand corner of the page. 1. Click K1000 Settings > Server Maintenance. The K1000 Server Maintenance page appears. 2. 3. 4. Click Edit Mode at the top left of the page. Click the Check for upgrade button. The Logs tab displays the latest updated files from Dell.

Label
To find these tabs, be sure to select your organization in the Organization drop-down list in the top-right hand corner of the page. You can find the Label tab by going to Home > Label. However, you can also create labels and smart labels within the other components of the Dell KACE K1000 Management Appliance that use labels.

LabelsProvide ad-hoc organization of users, computers, software, managed installations, and more according to your needs. For information on labels see, About Labels, on page 53. Smart LabelsEnable you to dynamically group users, computers, software, and more, by organization, based on saved criteria. Smart Labels work much like Search Folders in Outlook or Smart Folders in Mac OS X. For information, see About Smart Labels, on page 60. LDAP LabelsAutomatic labeling based on LDAP or Active Directory lookup. See About LDAP Labels on page 209.

32

Administrator Guide, Version 5.3

Getting Started

LDAP BrowserAutomatically discover information via the agent or to interface with Active Directory or LDAP organizational units. See Creating an LDAP Label with the Browser, on page 211.

Search
You can perform a global search for terms throughout the appliance using the Search tab.

Whats Next
Now that your appliance is installed and running, you need to configure it to fit your companys needs. For the rest of the setup instructions, see Chapter 2: Configuring your Appliance, starting on page 35.

Administrator Guide, Version 5.3

33

Getting Started

34

Administrator Guide, Version 5.3

2
Configuring your Appliance

This chapter explains the configuration settings necessary to set up and use your Dell KACE K1000 Management Appliance.

To configure general settings for the server, on page 35. Configuring Network Settings for the Server, on page 40. Configuring Local Routing Tables, on page 42. Configuring Local HTTPD, on page 42. Configuring Agent Messaging Protocol Settings, on page 47. Configuring date and time Settings of the appliance server, on page 49. Configuring Single Sign-on for multiple appliances, on page 49. Troubleshooting Tools, on page 51.

Key configuration settings


It is important to properly configure the server settings on the agent before you begin inventorying and actively managing the software on your network. For details on agent connection settings, refer to Chapter 4: Agent Provisioning, starting on page 65.

To configure general settings for the server


To access some settings, you need to select System on the Organization drop-down list in the top-right hand corner of the page. 1. 2. Click K1000 Settings > Control Panel. Click General Settings. The General Settings page appears. 3. 4. CompanyInstitution Name Click Edit Mode to edit the field values. Enter the following settings: Enter the name of your company. This name appears in every pop-up window or alerts displayed to your users. For example, Dell.

Administrator Guide, Version 5.3

35

Configuring your Appliance

User Email Suffix System Administrator Email Login Organization Drop-down

Enter the domain to which your users send email. For example, dell.com. Enter the email address of the appliance administrator. This address receives system-related alerts, including any critical messages. Select the check box to enable the Login Organization drop-down. By enabling the Login Organization drop-down, the empty Organization: field on the Welcome login page will be replaced by a drop-down of the configured organizations. For information about Organizational Management, see Chapter 13: Using Organizational Management, starting on page 237. Note: The organization field or drop-down only appears if more than one organization is configured. Select the check box to enable Organization Fast Switching. By enabling Organization Fast Switching, the static Organization: field at the top right corner of every page is replaced with a drop-down of organizations to which the user has access. Only those organizations that have the same user name and password appear in the drop-down. For information about Organizational Management, see Chapter 13: Using Organizational Management, starting on page 237. Crash reports (Recommended) Select this check box to send reports of any agent crashes to Dell KACE. Server crashes are automatically reported. This option is recommended because it provides additional information to the Dell KACE Technical Support team in case you need assistance. Select the check box to enable your appliance to share data with the AppDeploy Live! web site.

Organization Fast Switching

Send to Dell KACE

Enable AppDeploy Live! Session Timeout:

Set the number of inactive hours to allow all users before closing their session and requiring another login. The default is 1. Service Desk windows have Timeout Session counters to alert users of this time limit. This time limit only counts periods of inactivity. Users restart this timer with any action that causes the appliance interface to interact with the appliance server (refresh a window, save changes, change windows, etc.). If the session times out, any unsaved changes are lost, and the users is presented with the login screen again. 5. Specify the following Agent-Server Task settings: To access these settings, select System on the Organization drop-down list. Current K1000 Load Average Last Task Throughput Update The value in the field depicts the load on an appliance server at any given point of time. For the server to run normally, the value in this field must be between 0.0 and 10.0. This value indicates the date and time when the appliance Task Throughput was last updated.

36

Administrator Guide, Version 5.3

Configuring your Appliance

K1000 Task Throughput

At any given point, the appliance has multiple tasks scheduled like Inventory Updates, Scripting Updates, patching updated and execution of scripts. The value in this field decides how the scheduled multiple tasks are balanced by the appliance. Note: The value of the task throughput can be increased only if the value in the field Current K1000 Appliance load Average is not more than 10.0 and the Last throughput update time is more than 15 minutes.

6.

Specify the following User Portal settings if required to customize the User Portal page: Enter a title for the User Portal page. Enter a description of the User Portal page. Enter a title for the user portal page when accessed through an iPhone. Enter a description of the User Portal page when accessed through an iPhone.

Portal Title Portal Text iPhone Portal Title iPhone Portal Text 7. 8.

Click Set Options, to save your changes. Specify the following Logo Override settings to use your custom logo: a. Click Edit Mode to edit the field values:

Login User Portal (.jpg) Custom Report Logo (.jpg)

Displays on the User Portal login page. Displayed at the top of reports generated by the appliance. The report image dimensions are 120x32 pixels, which are specified in the auto-generated XML layout. You can adjust the xml report if you need a different layout size.

b. Click Upload Logo.

To configure general settings for your organization


To access the next set of settings, you need to select your organization in the Organization drop-down list in the top-right hand corner of the page. 1. 2. Click Settings > Control Panel. Click General Settings. The General Settings page appears. 3. 4. Click Edit Mode to edit the field values. Specify the following Logo Override settings to use your custom logo:

Administrator Guide, Version 5.3

37

Configuring your Appliance

a. Click Edit Mode to edit the field values: User Portal (.jpg) Displayed at the top of the User Portal page. 224x50 pixels is the normal size. 104x50 pixels is shorter and doesn't clip the blue highlight around the Log Out link. 300x75 pixels is maximum size that does not impact the layout. Report (.jpg) Displayed at the top of reports generated by the appliance. The report image dimensions are 120x32 pixels, which are specified in the auto-generated XML layout. You can adjust the xml report if you need a different layout size. Displayed in the agent. The client bmp image is scaled to 20x20 pixels only and cannot be customized to any other size. It is displayed on snooze pop-ups, install progress pop-ups, alerts, and message windows created by scripts.

KBOXClient (.bmp)

5. 6.

Click Upload Logo. Machine Actions allow setting up of a scripted action that you can perform against individual machines in your environment. They are used to connect to machines remotely, so you can access or execute a specified task on the target machine directly from the user interface. You can configure two actions by selecting them from the Action Item menu. The actions can execute two different tasks. The default Machine Action is mstsc.exe (Remote Desktop Connection). Under the Machine Actions section, associate the appropriate actions and then click Set Actions. For example: Select ping.exe -t KACE_HOST_IP from the Action #1 drop-down. .

Specify http://KACE_HOST_IP in command line field for Action #2 Click Set Actions. Click Inventory > Computers.

Click next to the target machine IP to ping the machine and click next to the target machine IP to launch a web browser. The appliance substitutes the KACE_HOST_IP variable with the target machine IP address and open a new browser window with that URL. There are 16 pre-programmed actions available. The Machine Actions can also be programmed for other tasks. If the machine action does not include the string .exe, then your appliance assumes it as a URL, and opens a new browser window for it.

Some of the actions listed in the Machine Actions drop-down list require Internet Explorer, because ActiveX is required to launch these programs on the local machine. Firefox does not support this feature.

38

Administrator Guide, Version 5.3

Configuring your Appliance

Most actions in the Action Icon drop-down list require you to install additional software for them to function. For example, using DameWare requires you to install TightVNC on your machine as well as on the machine you want to access. Click Action #1 or Action #2 next to the target machine on the Inventory > Computers tab to execute the Machine Action. 7. In the Optional Ignore Client IP Settings section, enter IP addresses you would like ignored as the node IP and then click Save List. This might be appropriate in cases where multiple machines could report themselves with the same IP address, like a proxy address. 8. 9. In the License Usage Warning Configurations section, enter the new values. Click Override Configuration to save. This changes when the alert colors are used in the License Compliance, on page 26. For information about setting up license assets, see K1000 Asset Management Guide. 10. In the Data Retention section, click Edit Mode, and select the amount of time you want to save machine uptime data. Machine uptime data refers to information about the number of hours each day your nodes are running. You can retain this data forever, never save it (None), or select 1 month, 3 month, 6 month (default), 9 month, or 12 month settings. For more information about power management, see About monitoring power use, on page 188. 11. Click Save Settings to save.

List of open ports required


Ensure that following ports are not blocked by your firewall. These ports are required to access the server. Port Number 21 25 80 443 3306 8080 8443 52230 Use To access backup files through FTP If the KACE K1100 Appliance SMTP Server is to be used HTTP SSL To access an appliance database Connects directly to Tomcat Connects directly to Tomcat For agents to connect to the server through AMP

Administrator Guide, Version 5.3

39

Configuring your Appliance

Configuring Network Settings for the Server


The key KACE K1000 Appliance network settings are mostly configured when you log in for the first time, using the konfig/konfig credentials. An administrator can verify or change these settings at any time. Saving any changes to the Network settings on this page forces the Appliance to reboot. Total reboot downtime is 1 to 2 minutesprovided that the changes result in a valid configuration.

To configure the Network Settings


To access the next set of settings, you need to select System in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. From the Organization drop-down list, select System. Click K1000 Settings > Control Panel. Click Network Settings. The K1000 Network Settings page appears. 4. 5. If fields are grayed out, click Edit Mode to edit the field values. Specify the following settings: We recommend adding a static IP entry for K1000 to your DNS, and using the default Hostname and Web Server Name. The fully-qualified domain name of the appliance on your network is the value of Hostname concatenated with Domain. For example, K1000.kace.com. Nodes connect to the appliance using the Web Server Name, which can be the hostname, fully-qualified domain name, or IP address. For example, K1100. The IP address of the appliance server. Caution: Be careful when changing this setting. If the IP address is entered incorrectly, refer to the appliance Administrative Console, and use the konfig login to correct it. The domain that the appliance is on. The default value is corp.kace.com The domain that the appliance is on. The default value is 255.255.255.0 The default gateway. The primary DNS server the appliance uses to resolve hostnames. (Optional) The secondary DNS server the appliance uses to resolve hostnames. The network speed. The network speed setting should match the setting of your local LAN switch. When set to auto negotiate the system automatically determines the best value. This requires the switch to support auto-negotiate. Otherwise contact your network administrator for the exact setting to be used.

K1000 Server (DNS) Hostname K1000 Web Server Name

Static IP Address

Domain Subnet Mask Default Gateway Primary DNS Secondary DNS Network Speed

40

Administrator Guide, Version 5.3

Configuring your Appliance

6.

To set Network Server Options, perform the following steps: a. Set the external SMTP Server, to enable email notifications through this SMTP server. To set SMTP Server, select the Use SMTP Server check box, and then enter the SMTP Server name in the SMTP Server box. The server named here must allow anonymous (non-authenticated) outbound mail transport. Ensure that your companys network policies allow the appliance to contact the SMTP server directly. The mail server must be configured to allow relaying of email from the appliance without authentication. You can test the email service by using Network utilities. For more information on how to use Network Utilities, refer to Troubleshooting Tools, on page 51. b. To set the proxy server, select the Use Proxy Server check box, and then specify the following proxy settings, if necessary:

Proxy Type Proxy Server Proxy Port Proxy (Basic) Auth Proxy Username Proxy Password

Enter the proxy type, either HTTP or SOCKS5. Enter the name of the proxy server. Enter the port for the proxy server. The default port is 8080. Select the check box to use the local credentials for accessing the proxy server. Enter the user name for accessing the proxy server. Enter the password for accessing the proxy server.

The appliance includes support for a proxy server, which uses basic, realm-based authentication, which prompts for a user name and password:

If your proxy server uses some other kind of authentication, you must add the IP address of the appliance on the exception list of the proxy server. For information about the Enable Help Desk POP3 Server setting, see the Service Desk Administrator Guide. 7. Click Save to save the Network Server options.

Administrator Guide, Version 5.3

41

Configuring your Appliance

Configuring Local Routing Tables


Local routing tables allow the KACE K1000 Appliance to route traffic through multiple gateways on a network. As an example of when this might be used, consider the following: The KACE K1000 Appliance is physically located in an office in Texas, but many users are located in California. The KACE K1000 Appliance would be serving the client machines on the Texas IP subnet. Using the local routing feature, the Appliance could be pointed to the network in California, so that it could host the California clients as well as the Texas clients.

To configure Local Routing Tables


To access the next set of settings, you need to select System in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. From the Organization drop-down list, select System. Click K1000 Setting. Click Local Routing Table. The K1000 Local Route Configuration page appears. 4. 5. Label Destination Netmask/CIDR Gateway Select the Green Plus Sign (+) to add settings. Specify the following settings: Enter a name/label for the route. Enter the IP address or Network for the destination with which you want your KACE K1000 Appliance to communicate. Enter the netmask of the specified network. Netmask/CIDR is applied to the host (for example, "/24", "255.255.240.0"). Enter the IP address for the router that actually routes the traffic between the KACE K1000 Appliance and the destination network. 6. 7. 8. Click the Save button to add this setting. Click the Green Plus Sign (+) to add additional settings. Click the Save Changes button to save all changes. A warning will appear indicating the Apache service needs to be restarted. 9. Click OK to continue. Once an IP address or Domain Name has been added to the white list, only that IP or Domain can access that page. All others will be blocked.

Configuring Local HTTPD


The Local HTTP Configuration feature in the KACE K1000 Appliance helps you to manage adminui/userui/systemui pages. Using this feature, you can specify a whitelist of hosts that

42

Administrator Guide, Version 5.3

Configuring your Appliance

are allowed access. Once saved, access to the adminui/userui/systemui pages will be restricted according to your settings.

To configure Local HTTPD


To access the next set of settings, you need to select System in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. From the Organization drop-down list, select System. Click K1000 Settings. Click Local HTTPD Configuration. The K1000 Local HTTPD Configuration page appears. 4. 5. Select the Green Plus Sign (+) to add settings. Specify the following settings for the following Adminui Allow ListThis is a white list of who can log into the http://kbox/ adminui page. Userui Allow ListThis is a white list of who can log in to the http://kbox page. Systemui Allow ListThis is a white list of who can log into the http://kbox/ systemui page. The default for this field is Allow, indicating the host should be allowed access. This can be any of the following:

Directive IP Address/ Domain Name

A (partial) domain name A full IP address Partial IP address

Netmask/CIDR

Along with a network, the Netmask/CIDR provides a finer-grained subnet control. Click the Save button to add this setting. Click the Green Plus Sign (+) to add additional settings. Click the Save Changes button to save all changes. A warning will appear indicating the Apache service needs to be restarted.

6. 7. 8.

9.

Click OK to continue. Once an IP address or Domain Name has been added to the white list, only that IP or Domain can access that page. All others will be blocked.

Administrator Guide, Version 5.3

43

Configuring your Appliance

Configuring Security Settings for the Server


Security Settings are not mandatory but are required to enable certain functionalities like Samba Share, SSL, SNMP, SSH, Offbox DB Access, and FTP access on the appliance server. To use any of the Security Settings features, you must enable them. If you change any security settings, you must reboot the appliance to make the changes take effect.

To configure Security Settings


To access the next set of settings, you need to select System in the Organization dropdown list in the top-right hand corner of the page. To enable SSL, you need the correct SSL Private Key file and a signed SSL Certificate. If your private key has a password, it will prevent the appliance from restarting automatically. Contact KACE support if you have this issue. 1. Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears. 2. Click Security Settings. The K1000 Security Settings page appears. 3. 4. Click Edit Mode to edit the security settings fields. In the General Security Settings area, specify the following security settings: a. Select the SSH Enabled check box to permit someone to login to the appliance using SSH. b. Select the Enable backup via ftp check box. Nightly the appliance creates a backup of the database and the files stored on it. You access these files using a read-only FTP server, which allows you to create a process on another server that pulls this information off the appliance. If you do not need this feature, you can turn off this option, and disable the FTP server. c. Clear the Enable SNMP monitoring check box. SNMP is a network/appliance monitoring protocol that is supported by many thirdparty products. If you do not want to expose the appliance SNMP data, turn off this option. d. Clear the Enable database access check box. The appliance database is accessible via port 3306 to allow you to run reports using an off board tool, like Access or Excel. If you do not want to expose the database in this way, turn off this option. e. Clear the Make FTP Writable check box. Enable this feature to upload backup files using FTP. This feature is useful if your backup files are too large for the default HTTP mechanism (browsers timing out).

44

Administrator Guide, Version 5.3

Configuring your Appliance

5.

In the Samba Share Settings area, select the Enable Organization File Shares check box to allow each organization to leverage the appliance's client share as an install location for the node. The appliance has a built-in windows file server that can be used by the provisioning service to assist in distributing the samba client on your network. Dell recommends that this file server only be enabled when performing node software installs.

6.

In the Optional SSL Settings area, specify the following SSL settings, if required: a. Clear the Enable port 80 access check box. When you activate SSL, port 80 continues to be active, unless Enable port 80 access check box is cleared. By default, the standard Agent installers attempt to contact the appliance via port 80, and then switch to SSL over port 443, after getting the server configuration. If you disable port 80, contact KACE Support to adjust the agent deployment scripts to handle SSL. For ease of agent deployment, leave port 80 active. b. Select the SSL Enabled on port 443 check box to have nodes check in to the appliance server using https. A properly signed SSL Certificate is required to enable SSL. Certificates should be supported by a valid Certificate Authority. SSL settings should only be adjusted after you have properly deployed the appliance on your LAN in non-SSL mode. If you are enabling SSL, you will need to identify the correct SSL Private Key File and SSL Certificate File. The files must be in Privacy Enhance Mail (PEM) format, similar to those used by Apache-based Web servers and not in the PCKS-12 format used by some Web servers. It is possible to convert a PCKS-12 certificate into a PEM format using software like the OpenSSL toolkit. Contact Dell KACE Technical Support if you want to enable SSL on your appliance. You can load SSL certificates into the appliance by any of these two methods: You can click Open SSL Certificate Wizard and follow the step by step procedure to load the SSL certificates. Refer To generate an SSL Certificate, on page 45. If you have your own SSL certificate and SSL private key, click Edit Mode to edit the field values. In the Set SSL Private Key File field, browse to the SSL Private Key file and browse to the signed SSL Certificate, in the Set SSL Certificate File field

7.

Click Set Security Options, to save the changes and reboot the appliance. Once you switch over to SSL, this is a one-way automatic shift for the nodes. They must be reconfigured manually if you later decide not to use SSL.

To generate an SSL Certificate


To access the next set of settings, you need to select System in the Organization dropdown list in the top-right hand corner of the page.

Administrator Guide, Version 5.3

45

Configuring your Appliance

Generate an SSL certificate using the wizard as follows: 1. Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears. 2. Click Security Settings. The K1000 Security Settings page appears. 3. Click Open SSL Certificate Wizard. The K1000 Advanced SSL Settings page appears. 4. Click Edit Mode to edit the fields and specify the following: Enter the name of your country. Enter the name of your State or Province. Enter your locality name. Enter the name of your organization. Enter the name of unit your organization belongs to. Enter a common name of the appliance you are creating the SSL certificate for. Enter your email address.

Country Name State or Province Name Locality Name Organization Name Organization Unit Name Common Name e-mail 5.

Click Set CSR Options. Your Certificate Signing Request is displayed in the field below the Set CSR Options button. You need to copy the text between the lines ----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- along with these lines, and then send it to the person who provides your company with web server certificates. Your Private Key is displayed under Private Key field. It will be deployed to the appliance when you upload a valid certificate and subsequently click Deploy. Do not send the private key to anyone. It is displayed here in case you want to deploy this certificate to another web server. The certificate and private key for SSL are not included in the appliances nightly backups for security reasons. Retain these two files for your own records. Click Create Self Signed Certificate and for Deploy to be displayed.

6.

Click Create Self Signed Cert. The SSL certificate is generated. This certificate will not be accepted by any nodes until it is added into the trusted certificate database on every machine running the client.

7.

Click Deploy to deploy the certificates and turn on SSL on the appliance. Click OK to reboot the appliance.

46

Administrator Guide, Version 5.3

Configuring your Appliance

Configuring Agent Messaging Protocol Settings


Agent Messaging Protocol (AMP) is the appliance Communications Protocol used by the server with its respective agents. AMP includes server, client, and communications components to perform optimized realtime communications for control of systems management operations. AMP provides:

Persistent connection between the appliance Server Server driven inventory updates Higher scalability in terms of number of nodes supported on one K1000 Server Better scheduling control and reliability

These settings are specific to the AMP infrastructure and do not affect other appliance configuration settings or runtime operations. These settings control both the runtime state of the AMP server and also the operational state of the agent. Changing these settings will temporarily interrupt communications between the appliance and the agents. Exercise caution when changing these settings and contact Dell KACE Technical Support for any questions regarding these parameters.

To configure Agent Messaging Protocol Settings


To access the next set of settings, you need to select System in the Organization dropdown list in the top-right hand corner of the page. 1. Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears. 2. Click Agent Messaging Protocol Settings. The K1000 Agent Messing Protocol Settings page appears.

Administrator Guide, Version 5.3

47

Configuring your Appliance

3. Server Port

Specify the General Settings: Specify the Server Port. The AMP Server on the appliance SERVER will listen on port 52230 (default). For the Agents to connect to the appliance SERVER using AMP, you must have the AMP Protocol Port 52230 open and available OUTBOUND. (That is, the agent must be able to connect through this port number OUTBOUND without restriction from any OUTBOUND filter/firewall.) Example of an OUTBOUND restriction: Windows XP Firewall blocking outbound port 52230. Allow outbound Protocol Port 52230. This can be configured in your Filter/Firewall Software or Hardware as an allowed OUTBOUND Exception. For the SERVER to accept connections via AMP, it must have the AMP Protocol Port 52230 open and available INBOUND to the appliance IP ADDRESS. (That is, the appliance SERVER must be able to accept connections through this port number INBOUND without restriction from an INBOUND filter/firewall.) Example of an INBOUND restriction: A NAT Firewall such as Cisco or SonicWall blocking INBOUND port 52230 to the K1000 IP ADDRESS. Allow inbound Protocol Port 52230 to the appliance server. This can be allowed through a One-to-One Inbound NAT Policy. Note: If you change the default AMP Port of 52230, you must update the ALLOWED OUTBOUND/INBOUND port on your filter/firewall.

Enable Select the check box to enable different levels of server debug/logging to the server's Server Debug log file. Enable SSL for AMP Select the check box to enable SSL for AMP. The activation of SSL is for AMP Only. The check box must be selected to activate SSL over AMP even though the general appliance settings may have SSL enabled already. This allows the separate configuration of AMP traffic to be un-encrypted even though all other appliance communication is SSL encrypted. Note: Before you can choose this setting, you must enable SSL as described in step b on page 45. Click Save and Restart AMP Server to the save the settings and restart the AMP server. You can click Restart AMP Server to restart the AMP server without saving the settings. Restarting the AMP Server will not restart the appliance.

4. 5.

48

Administrator Guide, Version 5.3

Configuring your Appliance

Configuring date and time Settings of the appliance server


Keep the time of the appliance accurate as most time calculations are made on the server. When updating the time zone, the appliance web server will be restarted in order for it to reflect the new zone information. Active connections may be dropped during the restart of the web server. After saving changes, this page will automatically refresh after 15 seconds.

To configure Date & Time settings


To access the next set of settings, you need to select System in the Organization dropdown list in the top-right hand corner of the page. 1. Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears. 2. Click Date & Time Settings. The K1000 Date & Time Settings page appears. 3. 4. Click Edit Mode to edit the field values. Specify the following information: Select the appropriate time zone from the drop-down list. Select the check box to automatically synchronize the appliance time with an internet time server. Enter the time server in the text box. For example: time.kace.com Select the check box to manually set the appliance clock. Select the appropriate time and date from the drop-down lists.

Time Zone Automatically synchronize with an Internet time server Set the clock on the K1000 manually 5.

Click Set Options to set the date and time settings.

Configuring Single Sign-on for multiple appliances


The Single Sign-On feature (appliance linking) enables users to authenticate once and gain access to and run multiple appliances. Once appliances are linked, you can sign on to one of them and gain access to the others without having to re-login into each appliance individually. You can link all Dell KACE K1000 Management Appliances. You can run multiple appliances from the same appliance console, but you cannot transfer resources or information between them using this feature. To link appliance so you can run them from the same console.

Administrator Guide, Version 5.3

49

Configuring your Appliance

Start by enabling linking on each appliance with the instructions in To enable linking of appliances for single sign-on, on page 50. Enabling linking creates appliance names and linking keys. Copy the appliance names and linking keys between the appliances to link using the instructions in To enable linking of appliances for single sign-on.

To enable linking of appliances for single sign-on


To access the next set of settings, you need to select System in the Organization dropdown list in the top-right hand corner of the page. 1. Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears. 2. Click Linking Dell KACE Appliances Settings. The K1000 Linking Dell KACE Appliances Settings page appears. 3. 4. Click Edit Mode. Click the Enable Dell KACE Appliance Linking check box to enable the linking. Enter a unique, logical name for this appliance. Other appliances use this name to select this appliance. Enter the number of minutes to keep the link open. When this time period expires, you need to provide login credentials when switching to a linked appliance. The default is 120 minutes. Enter the number of minutes this server waits for a remote appliance to respond to a linking request. The default is 10 seconds.

Friendly Name (this server) Remote Login Expiration Request Timeout

5.

Click Set Options to save link settings. Once linking is enabled, return to the Control Panel page and select Manage Linked K1000 Appliances to configure remote appliances.

To link appliances for single sign-on


To access the next set of settings, you need to select System in the Organization dropdown list in the top-right hand corner of the page. This procedure involves copying the K1000 Friendly Names and linking keys from one appliance to another. To save time, copy these to a central location. Optionally, you can make the link an SSL connection for added security. An SSL connection is only available if you have enabled SSL on all K1000 Management Appliance you are linking. The Manage Linked Appliances page appears after you enable linking. If appliance linking is not enabled, you are redirected to the Linking K1000 Appliances Settings page when you click the Manage Linked K1000 Appliances link.

50

Administrator Guide, Version 5.3

Configuring your Appliance

1. 2.

Follow the instructions in To enable linking of appliances for single sign-on, on page 50, on each appliance that you want to link with. Click K1000 Settings > Control Panel > Manage Linked Dell KACE Appliances. The Linking K1000 Appliances page appears.

3.

In the Choose Action menu, click Add New Item. The K1000 Settings: Add Linked Appliance page appears.

4. 5.

Enter the K1000 Friendly Name and the Linking Key of the appliance that you are establishing the link to. Click Set Options. If the settings are configured correctly, the Connection Successful message is displayed.

6.

Log on to the other appliance you are creating the link for, and repeat these steps to add the Host Name and Linking Key to it. After you click Save, the Test Connection option appears.

7.

Click Test Connection to verify the connection between the two linked appliances.

When you re-login into the first appliance, the newly updated linked appliances appear on the Organization drop-down list of the Home tab. You can now switch among the linked appliance consoles using the Org: drop-down menu on the upper right side of the appliance user interface.

To disable appliance links


To access the next set of settings, you need to select System in the Organization dropdown list in the top-right hand corner of the page. 1. Click K1000 Settings > Control Panel. The K1000 Settings : Control Panel page appears. 2. Click Linking Dell KACE Appliance Settings. The K1000 Linking Dell KACE Appliances Settings page appears. 3. 4. 5. Click Edit Mode to make this page editable. Clear the Enable Dell LACE Appliance Linking check box. Click Set Options.

After a appliance link is deleted, you can still switch to and control that appliance until you log off and log in again from the appliance Server.

Troubleshooting Tools
The Troubleshooting Tools page contains tools to help administrators and Dell KACE Technical Support to troubleshoot problems with this appliance.

Administrator Guide, Version 5.3

51

Configuring your Appliance

To access the K1000 Troubleshooting Tools page


Click Settings > Support > Troubleshooting Tools. The Troubleshooting Tools page appears.

To use Network Utilities


To access the next set of settings, you need to select System in the Organization dropdown list in the top-right hand corner of the page. You can use Network Utilities to test various aspects of this appliances network connectivity. 1. Click K1000 Settings > Support. The K1000 Settings: KACE Support page appears. 2. Click Troubleshooting Tools. The Troubleshooting Tools page appears. 3. 4. 5. 6. Click Edit Mode. Enter the IP Address in the text box. Select the appropriate network utility from the drop-down list. Click Test. You can download K1000 Troubleshooting Logs. Dell KACE Technical Support may request the troubleshooting logs to help in troubleshooting some issues. Click the click here link to download troubleshooting logs. Select the Enable Tether check box under the KACE Support Tether to allow Dell KACE Technical Support to access your appliance. Enter the key supplied by Dell KACE in the text box. Dell KACE Technical Support will provide you a key when this type of support is required.

52

Administrator Guide, Version 5.3

3
Labels and Smart Labels

This chapter gives an overview of Labels and Smart Labels, and how your Dell KACE K1000 Management Appliance uses them. For information on LDAP Labels and the LDAP Browser, see Chapter 11: LDAP, starting on page 209.

About Labels, on page 53. About Smart Labels, on page 60. Whats Next, on page 63.

About Labels
Labels can be used to organize and categorize computers, software, people, and locations. Labels are intended to be used in a flexible manner, and how you use labels is completely customizable. Label types include:

Computer inventory IP Scan Inventory Processes /Startup Items / Services Software Patches Dell Update Packages Users

Once included in a label, items can be managed on a per-label basis. All items that support labeling can have none, one, or multiple labels. You can use labels, for example, with patching, distribution packages, categorizing computers, setting up the geographic relationships, and setting the permission levels of users. Labels can be manually or automatically applied through LDAP or Smart Labels. You can also organize labels with Label Groups. Label Groups are strictly for organizational purposes, such as the View By function in the Computer Inventory page. They cannot be targeted for Patching jobs or Managed Installations. Capabilities include:

Label groups can pass their type, such as Patches or User, to the labels they contain. Label Groups pass their type restrictions to the labels they contain. For example, if a Label Group is restricted to Patches, the labels assigned to that group have only the type Patches available; the other types are grayed out.

Administrator Guide, Version 5.3

53

Labels and Smart Labels

You can associate labels with one or more Label Groups; membership in one Label Group does not preclude membership in another Label Group. In fact, Label Groups can be a member of another Label Group. Label groups do not create a functional hierarchy of labels. To create a hierarchy, you can make a label dependent on other labels by using Smart Labels to change the order in which labels are processed. For more information, see To create a Smart Label, on page 61 and To change the Smart Label Run Order, on page 62.

You can find the Label tab by going to Home > Label. (Be sure to select your organization first using the Organization menu in the top-right corner of the page.) You can also create Labels and Smart Labels in the other components of the appliance that use labels. In many areas of the appliance user interface, you can see a label selection list, which you use to constrain an action to a one or more labels. For example, you can restrict the deployment of a script to nodes that belong to particular labels.

Managing Labels
In Label Management, you can:

Create Labels (which is also done in other parts of the interface) Create Label Groups (or nested labels) Edit Label Groups Delete Labels or Labe Groups Show or Hide Label Groups

54

Administrator Guide, Version 5.3

Labels and Smart Labels

Viewing Labels
Select Label Management to view labels created. You can click on the numbers under the categories to see what the members are. For example, in the following screenshot:

The FrameMaker 7.2 label belongs to the Licenses Label Group. FrameMaker 7.2 is a software label, and there are two items in the label. The associated with a Smart Label. icon means that the label is

The laptops label is a machine label that contains only one item. This label is associated with a Smart Label that adds any computer with the chassis type laptops to the Smart Label. If any more laptops are purchased, they will be added to the label. Licenses contains one label, so it is a Label Group. MemberOfBuildingA and MemberOfFinancesGroup have the icon for an LDAP Label. For information about LDAP labels, see About LDAP Labels, on page 209. Microsoft Office Proof is also associated with a Smart Label. It is also in the Label Group, Licenses. Microsoft Office Proof has four membersuntil more copies of Office Proof are purchased.

Viewing Computer Details by Label


After you have created a Computer label, for example, you can view details about the computers on your network that belong to that label. From the Label Detail view, you can see:

The IP addresses and machine names of the computers in the label The number of Managed Installations and File Synchronizations deployed to the label The number of network scans and scripts run on the machines in the label The number of alerts, portal packages, and users associated with the label

Administrator Guide, Version 5.3

55

Labels and Smart Labels

The number of filters and replication shares associated with the label.

To view label details

To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Home > Label, and click Label Management. Click the linked name of the label you want to view. The Labels: Edit Detail page appears. 3. In the Labeled Items section, click the + sign beside the section headers to expand or collapse the view.

56

Administrator Guide, Version 5.3

Labels and Smart Labels

To add or edit a new label


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. You can add or edit labels from most places in the user interface. You can also add or edit them under Label Management. 1. 2. Click Home > Label, and click Label Management. In the Choose Action menu, click Add New Label. Avoid using backslashes (\) in Label names. If used, be sure to escape the backslash with another backslash. 3. On the Label : Edit Detail page, enter a descriptive title. If you have large numbers of labels, you can use Label Groups for organization. See To create a Label Group, on page 59 4. (Optional and for Computer labels) Enter a value for KACE_ALT_LOCATION. Typically, this value is not used. If KACE_ALT_LOCATION is used, scripts check here for dependencies. 5. 6. 7. If you defined KACE_ALT_LOCATION, specify the User Name and Password for it. (Optional) Under Restrict Label Usage To, select an appropriate category. For example, if the label is for software, restrict it to that. (Optional) Select a Label Group. If you have large numbers of labels, consider putting them in a Label Group. For example, include the labels of your licensed software in a software Label Group named Licenses. See To create a Label Group, on page 59. 8. 9. Click OK. Click Save.

For an another example on how to manually apply labels, refer to Adding Computers to Inventory, on page 89.

To delete a label
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. You can delete a label in its edit page, you can also: 1. 2. 3. 4. Click Home > Label and select Label Management. Click the check box for the label. From the Choose Action menu, click Delete Selected Item(s). Click OK in the confirmation window.
57

Administrator Guide, Version 5.3

Labels and Smart Labels

About Label Groups


You can organize long lists of labels by putting them in Label Groups. As well as organizing labels, Label Groups share their types with the labels they contain. Not only can a Label Group include multiple labels, a label can be associated with more than one Label Group. The following illustration shows the Label Group type inherited by the label from the Label Group.

To view Label Groups


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Click Home > Label, and click Label Management.

58

Administrator Guide, Version 5.3

Labels and Smart Labels

If you see Label Name [groups hidden], do the following: 2. In the Choose Action menu, click Show Label Groups. You can hide Label Groups by clicking Hide Label Groups.

To create a Label Group


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. You organize labels by putting them in Label Groups: 1. 2. Click Home > Label, and click Label Management. In the Choose Action menu, click Add New Label Group. To include existing labels in the Label Group, select the respective label check boxes before selecting Add New Label Group. 3. 4. 5. 6. In the Label Group : Edit Detail page, enter the name of the Label Group in the Name field. (Optional) Enter any notes about this Label Group. (Optional) Use the Restrict Label Usage To, select an appropriate category. For example, if the label is for software, restrict it to that. (Optional) Use the Assign to Label Group option to assign this Label Group to another Label Group. You can put Label Groups within other Label Groups. 7. Click Save.

To apply a label to a Label Group


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Home > Label, and click Label Management. Select the check box for the label with which you will work. In this example, the Smart Label MS Office Home is selected. 3. In the Choose Action menu, click Apply Label Group. In this example, the MS Office Home Smart Label is associated with the Licenses Label Group.

Administrator Guide, Version 5.3

59

Labels and Smart Labels

To delete a Label Group


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. Before you delete a Label Group, delete its member labels. 1. 2. Click Home > Label, and click Label Management. Click the name of the Label Group. The Label Group : Edit Detail page appears. 3. 4. 5. 6. 7. 8. 9. Expand the Labels under Labeled Items. Click the name of the label to open its Edit Detail page. In the Assign to Label Group section, click Edit. In the Label Selection window, select the name of the Label Group from step 2. Click the recycle bin and OK Click Save. When you have removed all labels from Label Items of the Label Group, click Delete.

About Smart Labels


Smart Labels enable you to dynamically apply a label based on a search criteria. Your appliance allows you to create specific types of Smart Labels. You can view the list of available Smart Labels from the Home > Label > Smart Labels tab. Smart Label types include:

Dell Package Smart Label IP Scan Smart Label Machine Smart Label

60

Administrator Guide, Version 5.3

Labels and Smart Labels

Patch Smart Label Software Smart Label

You can also change the order of your smart labels or delete them from the Smart Labels page.

To create a Smart Label


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. You can also create a Smart Label in every component where you use them. 1. 2. Go to Home > Label, and click Smart Labels. From the Choose Action menu, click the type of Smart Label you want to create. The Create Smart Label tab appears for the type of label that you selected. For example, if you selected Software Smart Label, the criteria just apply to software. 3. 4. 5. 6. Specify the search criteria using the available fields. Click Test Smart Label to view the results. From the Choose label list, choose or enter the label to associate with the Smart Label. Click Create Smart Label.

Now, whenever machines with software that meets the specified criteria check into your appliance, the software is automatically assigned to the associated Smart Label. You can also add a new software Smart Label or change the order of Smart Labels by going to Home > Label > Smart Labels. Deleting a Smart Label does not delete the label associated with it.

Software Smart Labels are applied in the following ways:

If a specific software Smart Label is edited using Home > Label > Smart Labels, it is reapplied to all software. All Smart Labels are reapplied to a software item when it is updated on Inventory > Software.

For more examples of using Smart Labels, see, Creating Smart Labels for Computer Inventory, on page 86, and To dynamically identify the network scan results, on page 123.

To edit a Smart Label


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.

Administrator Guide, Version 5.3

61

Labels and Smart Labels

You can find all Smart Labels in the Home component. You can also edit Smart Labels within the components that they belong to. 1. Go to Home > Label, and click Smart Labels. The Smart Labels page appears. 2. Select a Smart Label Name. The Smart Label : Edit Detail page shows the following information, depending on the type of Smart Label, Item Type Assigned Label Label Notes SQL Specifies the type of Smart Label, for example, software. Contains a drop-down list from which you choose the label you want to assign. Click Details to edit label details. For more information on editing labels, refer to Managing Labels, on page 54. Displays notes relevant to the label, if entered in the Notes field. Displays the query in SQL (Structured Query Language). Click Duplicate to create a new Smart Label with same SQL code. This field does not show when the Details link is selected.

3.

Click Save. When you click Duplicate to create a new Smart Label with the SQL code, you can only reassign it to a new label.

To change the Smart Label Run Order


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. To change the order in which Smart Labels: 1. Go to Home > Label, and click Smart Labels. The Smart Labels page appears. 2. Select one of these options from the Choose Action menu: Order Dell Update Smart Labels Order IP Scan Smart Labels Order Machine Smart Labels Order Patch Smart Labels Order Software Smart Labels

The order Smart Labels page appears for the type of Smart Label, listing all of that type. 3. To change a Smart Labels order value, click the icon next to it.

62

Administrator Guide, Version 5.3

Labels and Smart Labels

Smart Labels with smaller values execute before those with larger values. Smart Labels have a default order value of 100. 4. Click Save.

Whats Next
Many organizations use labeling with their software and hardware inventories. For more examples of using labeling, see Chapter 5: Managing Software and Hardware Inventories, starting on page 83.

Administrator Guide, Version 5.3

63

Labels and Smart Labels

64

Administrator Guide, Version 5.3

4
Agent Provisioning

The Agent Provisioning feature enables you to directly install the Dell KACE K1000 Management Appliance Agent onto machines in your environment. Information about the data collected by the Agent for each computer is located in Information collected by the Agent, on page 310.

Overview of first time Agent provisioning, on page 65. System requirements for Agents, on page 66. Preparing to provision the Agent, on page 67. Single Machine Provisioning, on page 68. Advanced Provisioning, on page 69. Using the Provisioned Configurations page, on page 73. Using the Provisioned Configurations page, on page 73. Using the Provisioning Results Page, on page 75. Managing K1000 Agent Tasks, on page 76. K1000 Agent Settings, on page 77. K1000 Agent Update, on page 78. AMP Message Queue, on page 80. Dell KACE Support is a good source for additional information and help for Agent Provisioning. Support contains white papers, articles, and a Knowledge Base.

Overview of first time Agent provisioning


Agent Provisioning helps you to easily deploy the K1000 Management Appliance Agent software on your network. You can deploy the Agent on multiple machines simultaneously by creating a configuration that identifies a range of IPs to target. The procedure for Agent provisioning depends on the operating system. 1. 2. File share on the K1000 Management Appliance must be enabled. See Enabling file sharing on page 67. A provisioning configuration identifies one or more IP addresses for the first time deployment or removal of the Agent.

Administrator Guide, Version 5.3

65

Agent Provisioning

3. 4.

The target IP address is tested for the existence of an Agent. If the Agent is not detected, then it will remotely install the Agent directly from the appliance. You can also deploy the Agent manually on Windows, Linux, and Macintosh platforms. See Appendix E: Manually Deploying Agents, starting on page 301.

System requirements for Agents


System requirements to install the Agent are:

Windows: Windows 7 (32-bit and 64-bit) Windows Vista (32-bit and 64-bit) Windows XP (32-bit and 64-bit) Windows Server 2008 (32-bit and 64-bit) Windows Server 2008 R2 (64-bit) Windows Server 2003 (32-bit and 64-bit) Windows 2000 Server (32-bit)

Linux: Red Hat Enterprise Linux (RHEL) 3, 4, and 5 (32-bit and 64-bit) Macintosh: Mac OS X v10.6 Intel Mac OS X 10.5 Intel and PowerPC Mac OS X 10.4 Intel and PowerPC

Upgrades supported: Supports upgrading from Agent version 5.1 or later to 5.3.

66

Administrator Guide, Version 5.3

Agent Provisioning

Preparing to provision the Agent


You must perform the steps in this section before provisioning the Agent.

Enabling file sharing


To activate the provisioning functionality, you must enable the K1000 Management Appliance file share. If you have multiple organizations, you must enable file share for each organization. 1. 2. In the Dell KACE Management Center, go to Settings > Control Panel. Click General Settings. The K1000 Settings: General page appears. 3. 4. In the Samba Share Settings section, click Edit Mode. Select the File Share Enabled checkbox.

5. 6.

(Optional) Enter a password for the user share. Click Save Samba Settings. You can access the provisioning installers on the appliance at: \\k1000_name\client\agent_provisioning where k1000_name is the hostname of your appliance.

Preparing for Windows Platform provisioning


For Windows platform installations, the following configuration settings are required:

Windows XP: Turn off Simple File Sharing. Provisioning requires standard file sharing with its associated security. For information on how to do this, see the Microsoft Support web site. If Simple File Sharing is enabled, a LOGON FAILURE occurs because simple file sharing does not support administrative file shares and the associated access security.

Administrator Guide, Version 5.3

67

Agent Provisioning

Windows Firewall: If turned ON, you must enable File and Print Sharing in the Exceptions list of the Firewall Configuration.

The appliance verifies the availability of ports 139 and 445 on each target machine before attempting to execute any remote installation procedures. Vista and Windows 7:

Provide Administrative credentials for each machine. Configure User Account Control (UAC) in one of two ways: Turn UAC off. Set User Account Control : Run all administrators in Admin Approval Mode to Disabled.

From the Advanced sharing settings page, turn on network discovery and turn on file and printer sharing. Ports 139 and 445 along with File and Print Sharing are required only for Agent distribution. Administrative credentials are only needed for installation of the Agent. The Agent runs within the context of the Local System Account, which is a built-in account used by the Windows operating system. Once the Agents are installed and communicating with the appliance you can turn off access to these ports and services. After installation, the Agent uses port 52230.

Single Machine Provisioning


Single Machine Provisioning option provides an easy way to deploy the Agent technologies for the first time. Single Machine Provisioning assumes some default values for settings such as TCP ports, time outs, appliance server name, and so on.

To deploy the Agent on a single machine


1. Go to Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Single Machine Provisioning. The Single Machine Provisioning page appears, including the Agent version. 3. 4. 5. 6. 7. 8. 9.
68

Enter the Target IP. Select Install Agent. Select the operating system of the Agent. (Windows Only) Enter the domain or workgroup for the user name you enter below. Enter a user name that has the necessary privileges to install the Agent. Enter the password for the account. Click Run Now.
Administrator Guide, Version 5.3

Agent Provisioning

The system saves the configuration with a default name as Simple Provisioning - IP Address and then runs the configuration against the targeted IP. The Provisioned Configurations page appears where the newly created configuration is displayed.

Advanced Provisioning
Advanced Provisioning provides the ability to provision the Agent to multiple computers.

Overview of Advanced Provisioning


The following steps describe how to do Advanced Provisioning: 1. Select the type of provisioning: 2. 3. Auto Provisioning: provides the ability to define an IP range. Manual Provisioning by IP: allows you to specify IP addresses manually and also pick machines from IP Scan and Inventory. Manual Provisioning by Hostnames: allows you to enter hostnames manually.

Set the General Settings according to the type of provisioning (described in the previous step). See next section (To use Advanced Provisioning, on page 69). Set the platform settings, as described in: To provision Windows platforms, on page 71. To provision Unix (Linux or Mac OS X) platforms, on page 72.

4.

Schedule the provisioning. See To schedule Agent provisioning on page 72.

To use Advanced Provisioning


1. Click Settings > K1000 Agent > Advanced Provisioning. The Advanced Provisioning page appears. 2. Under General Settings, select the type of provisioning you wish to do: Auto Provisioning Manual Provisioning by IP Manual Provisioning by Hostname

Administrator Guide, Version 5.3

69

Agent Provisioning

3.

Enter the information shown in the following table: Specify a unique configuration name to differentiate between different configurations. Auto Provisioning

Config Friendly Name

Provisioning IP Range

Enter an IP or IP range. Use hyphens to specify individual IP class ranges. For example: 192 168 2-5 1-200 Manual Provisioning by IP

Target IPs

Enter a comma-separated list of IP addresses for the target computers. The Help me pick machines link aids in adding machines to the Target IP list: Provisioning IP Range: use hyphens to specify individual IP class ranges. For example: 192 168 2-5 1-200. After specifying a range, click the Add All button. IP Scan Computer: this drop-down list is populated from the Network Scan Results. Inventory Computers: this drop-down list contains all the inventoried computers. The following list describes the available functions: Click a computer in the list to add it to the Target IP field. Filter: filters by character. For example, entering lib would display computer names in the list such as Library-1, Library2, and so on. (n) indicates the number of computers selected by the filter. Limit List to 20 Computers. Only Include Found Computers. Add All: adds all machines displayed in the list according to the filter and selection criteria. Manual Provisioning by Hostname

Target Hostnames Configuration Enabled K1000 Server Name K1000 Client Share Name

Enter a comma-separated list of hostnames for the target computers. Enables the provisioning configuration. Note: Scheduled configurations run only if this check box is selected. The server that installs the Agent. This field displays the default name of the appliance server. Update this field if you have multiple servers. The share folder name on the appliance, where the Agents are located.

70

Administrator Guide, Version 5.3

Agent Provisioning

DNS Lookup Enabled Name Server for Lookup Lookup Time Out 4.

Enables DNS lookup. By default, displays the primary DNS Server defined in Network Settings. You can specify either a hostname or IP address. The time, in seconds, after which a DNS lookup expires.

Set up provisioning for the platform, as described below in: To provision Windows platforms, on page 71. To provision Unix (Linux or Mac OS X) platforms, on page 72.

To provision Windows platforms


1. Enter the following details under Windows Platform Provisioning Settings: Enables provisioning.

Provision this platform Agent Identification Port Required open TCP Ports Port Scan Time Out Bypass Port checks Enable Debug Info

K1000 Agent Version (Read-only) Displays the Agent Version number. The port currently in use by the Agents. The port number is 52230. The ports that the appliance uses to access the target machine for the Agent install. Use a comma separated list. The time period (in seconds) during which the appliance scans the port for response. Select to avoid port checks while the appliance installs the Agent. Select to view debug information in the machines provisioning results.

Remove K1000 Agent Select to remove the Agent from machines. This overrides any current provisioning activity. 2. Enter the following details under Windows Network Administrative Credentials: The domain or workgroup name associated with the login credentials you enter below. The user name that has the necessary privileges to install the Agent on the target machines. The password for the account listed above.

Domain (or Workgroup) User Name (admin level) Password 3.

Schedule the provisioned configuration, as described in To schedule Agent provisioning, on page 72.

Administrator Guide, Version 5.3

71

Agent Provisioning

To provision Unix (Linux or Mac OS X) platforms


1. Enter the following details under Unix (Linux or Mac OS X) Platform Provisioning Settings: Enables provisioning on Linux or Macintosh platform. The ports that the appliance uses to access the target machine for the Agent install. Use a comma separated list. The time period (in seconds) during which the appliance scans the port for response. Select to avoid port checks while the appliance installs the Agent.

Provision this platform Required open TCP Ports Port Scan Time Out Bypass Port Checks

Remove K1000 Agent Removes the Agent from machines. This overrides any current provisioning activity. Remove agent data directory 2. Removes any remaining data folder/files after the uninstall process completes.

Enter the following details under Network Root Credentials: The user name that has the necessary privileges to install the Agent on the targeted machines. Enter the password for the account listed above.

User Name Password

K1000 Agent Version (Read-only) This field displays the Agent version number. 3. Schedule the provisioned configuration, as described in the next section (To schedule Agent provisioning, on page 72).

To schedule Agent provisioning


Scheduling Agent provisioning ensures that the appliance periodically checks computers in the specified IP range. You can install, reinstall, or uninstall the Agent as required. 1. To schedule the provisioning configuration, select the appropriate radio button under Scheduling: (Default) Select when you do not want to run the provisioning configuration on a schedule. Run at a specified minute or hour interval. Run daily at a specified time. -orRun on specified day of the week at a specified time Run monthly at the specified time. -orRun on a specified day of the month at a specified time.

Dont Run on a Schedule Run Every n minutes/ hours Run Every day/specific day at HH:MM AM/PM Run on the nth of every month/specific month at HH:MM AM/PM

72

Administrator Guide, Version 5.3

Agent Provisioning

2.

Click Save to save the provisioned configuration. The Provisioned Configurations page appears and displays the provisioned configuration you created in the list of configurations.

Using the Provisioned Configurations page


The Provisioned Configurations page displays a list of provisioning configurations and their status.

Accessing the Provisioned Configurations page


1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears: Field Config Name Total Target Running Not Started Succeeded Failed % Succeeded IP Range Schedule Enabled Description The name of the provisioning configuration. (Links to the Advanced Provisioning page.) The total number of target machines in the configuration. (Links to the Provisioning Results page.) The total number of target machines on which provisioning is currently running. (Links to the Provisioning Results page.) The total number of target machines on which provisioning has not yet started. (Links to the Provisioning Results page.) The total number of target machines on which provisioning has succeeded. (Links to the Provisioning Results page.) Indicates the total number of target machines on which provisioning has failed. (Links to the Provisioning Results page.) The total number of target machines on which provisioning has succeeded as a percentage. The IP range of the target machine. (Links to the Provisioning Results page.) Indicates the specified provisioning schedule. For example: Every n minutes, Every n hours, or Never. A green check mark indicates that the provisioning configuration is enabled.

To create a new configuration


1. On the Provisioned Configurations page, click the Choose Action drop-down list and then select Create New Configuration.

Administrator Guide, Version 5.3

73

Agent Provisioning

The Single Machine Provisioning page appears, where you can create a new configuration. For more information, see To deploy the Agent on a single machine, on page 68. 2. To provision the Agent to multiple computers, click Advanced Setup.

To edit a configuration
1. On the Provisioned Configurations page, click the name of the provisioned configuration that you want to edit. The Advanced Provisioning page appears. 2. Edit the provisioned configuration. For more information, see To use Advanced Provisioning, on page 69.

To run configurations
1. 2. On the Provisioned Configurations page, select the check boxes for the configurations that you want to run. In the Choose Action drop-down list, click Run Selected Configuration(s) Now.

To duplicate a configuration
1. On the Provisioned Configurations page, click the name of the configuration that you want to duplicate. The Advanced Provisioning page appears. 2. Under Scheduling, click Duplicate. The Provisioned Configuration page appears with the new configuration listed.

To delete a configuration
1. 2. On the Provisioned Configurations page, select the check boxes for the configurations that you want to delete. In the Choose Action drop-down list, click Delete Selected Item(s). Deleting a configuration will delete all associated target machines in the provisioning inventory list. Altering or updating a configuration will reset the data in the associated target machines list to the default settings until the subsequent provisioning run.

74

Administrator Guide, Version 5.3

Agent Provisioning

Using the Provisioning Results Page


The Provisioning Results page displays a list of computers for the selected Agent Provisioning Configuration.

To view Provisioning Results


1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Provisioned Configurations. The Provisioned Configurations page appears. 3. Click an item listed in one of the following columns: Total Target, Running, Not Started, Succeeded, Failed, and IP Range. The Provisioning Results page appears with the following information for each computer IP Address DNS Action Result Error The IP address of the target computer. The host name of the target computer. opens a Remote Desktop Connection (Internet Explorer only). I indicates a successful install. U indicates a successful uninstall. Whether the most recent provisioning succeeded or failed. The failure error, such as TCP ports not accessible. Indicates an active AMP connection to the server. Configuration Last Run 4. The name of the configuration. The last time the configuration was run.

To view additional information about a target computer, click its IP Address. The K1000 Agent Provisioning page appears. This page displays the results from the most recent provisioning run and includes information such as the IP address, Agent status, port configuration, and the logs of each provisioning step.

5. 6.

To print this page, click Printer Friendly Version. To view inventory information, click the [computer inventory] link next to the MAC address. This link is displayed only if the provisioning process can match the MAC address of the target machine with the current inventory data. For more information on computer inventory, see Adding Computers to Inventory, on page 89.

Administrator Guide, Version 5.3

75

Agent Provisioning

Managing K1000 Agent Tasks


The K1000 Agent Tasks option displays a list of all the tasks that are currently running or are scheduled for a machine connected to the appliance. To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Click K1000 Settings > Support. The K1000 Settings: Dell KACE Support page appears. 2. Click Troubleshooting Tools. The K1000 Troubleshooting Tools page appears. 3. Under the K1000 Agent Messaging, click the tasks link in See status of K1000 Agent tasks. The K1000 Agent Tasks page appears. By default, In Progress tasks are listed. If you dont see any task, select another filter in the View by drop-down list: Column Machine Name Task Type Description The computer name on which the tasks are carried out. The type of Agent task. Types depend on your configuration and include alerts, inventory, kbot, krash upload and scripting update. The start time of the task type. The time when the task type is completed. The next schedule or run time of the Agent task type. How long it took the task to run. When the task type has to be timed out. The importance or rank of the task type.

Started Completed Next Run Running Time Timeout in Priority

Some options displayed in the filter depend on the configuration of your Task Types. While most Tasks and Task Types are self-explanatory, the following Tasks may need further explanation: 4. Ready to Run (connected): Tasks that are AMP connected and about to run. Ready to Run: Tasks that will run when an AMP connection established. Longer than 10 minutes: Tasks that have been waiting longer than 10 minutes for a connection.

To view details about a computer, click its name in the Machine Name column. The Computers: Detail Item page appears.

5.

(Optional) To see a print view of the page and print it, click Printer Friendly Version.

76

Administrator Guide, Version 5.3

Agent Provisioning

K1000 Agent Settings


Agent settings configure various options, such as how often the Agent runs on the target computer and how often inventory is performed.

To configure an Agent
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Click Organizations. The K1000 Organizations page appears. 2. 3. In the table, click the name of an Organization. Click Edit Mode. The K1000 Organization: Edit Detail page appears. 4. Field Communications Window Under K1000 Agent Settings For This Organization, specify the following Agent options: Suggested Setting 00:00 to 00:00 (+1 day) Notes The period when the Agent can communicate with the appliance to perform inventory, script updates, and crash uploads. Other processes such as patching and scripting are still performed. You may wish to limit this time, if your computers are particularly busy during a certain period of the day. How often the server asks each Agent to report Inventory, Custom Inventory, File Synchronization, and Managed Installations and to check if the Agent needs upgrading. The interval that the appliance performs inventory on the nodes in the network. For example, if you set this parameter to 4 hours when the Agent Run Interval is 2 hours, the Inventory is checked every other time. Conversely, the Agent checks Custom Inventory, File Synchronization, and Managed Installation every 2 hours. The message that appears to users when communicating with the appliance.

Agent Run interval

2 hours

Agent Inventory Interval

Agent Splash Page Text

Administrator Guide, Version 5.3

77

Agent Provisioning

Field Scripting Update Interval

Suggested Setting 1 hour

Notes The frequency that the Agents checks for the latest scripts. If necessary, the updated scripts are then downloaded. This does not affect how often a script is run. Turning off Agent Log Retention will save about 1GB of disk space in the database.

Agent Log Retention

Save All Agent Logs

5.

Click Save to save the Agent settings configuration. The K1000 Agent Settings page appears in read-only mode. These changes are reflected the next time Agent checks into the appliance. The Agent normally checks in using the Run Interval schedule specified in K1000 Agent Settings page. However, you can force a check-in outside the normal schedule by running: Windows command window: Go to C:\Program Files\Dell\KACE\ or C:\Program Files (x86)\Dell\KACE\ and enter: runkbot 4 0 Macintosh terminal window: sudo /Library/Application Support/ Dell/KACE/bin/runkbot 2 0 UNIX (RHEL) terminal window: sudo /opt/dell/kace/bin/runkbot 2 0

K1000 Agent Update


Agent Update allows you to automatically update the Agent software for some or all computers that check into your appliance. Updating the Agent to 5.3 is supported from 5.1 or 5.2.

Overview of Agent Updating


The following steps describe how to update the Agents: 1. 2. 3. Download the Bundled Agents file from Dell KACE Customer Support. Load the Bundled Agents file on the appliance. Update the Agent on the target computers.

The following sections describe each of these steps.

To download a patch Agent


To download an Agent bundle, you must first register with Dell KACE Customer Support. 1. Using your login credentials, download and save the k1000_patch_agents_xxx.kbin file from the following link:

78

Administrator Guide, Version 5.3

Agent Provisioning

http://www.kace.com/support/customer/downloads.php 2. In the Dell KACE Management Center, click Settings > K1000 Agent. The Agent Provisioning page appears. The Agent package that you post to the server from this page should be an official Agent release received from Dell KACE directly. 3. Click Agent Updates from KACE. The Agent Updates from KACE page appears. 4. 5. 6. 7. Under Upload K1000 Agent Update Files, click Edit Mode. Click Browse and locate the update file that you downloaded. Click Load Bundle File. Verify that the file is uploaded and applied. The updated files appear under Loaded K1000 Agent Updates.

To update the Agent automatically


You can see the version numbers of Agent patches currently uploaded to the appliance under Loaded K1000 Agent Updates. 1. Click Settings > K1000 Agent. The Agent Provisioning page appears. 2. Click Agent Updates from KACE. The Agent Updates from KACE page appears. 3. 4. Click Edit Mode under the section that you want to edit. Specify the Agent updates as shown in the following table: The time the Agent bundle was downloaded. Upgrades the Agent the next time the computers check into the appliance. Updates those machines with the selected labels.

Distribution Time Stamp Enabled Limit Updates to Labels

Administrator Guide, Version 5.3

79

Agent Provisioning

Limit Update To Listed Machines Filter

Select the machines from the Select machine to add dropdown list. Filters the machines displayed in the Limit Update To Listed Machines field. The (n) indicates the number of computers selected by the filter. Filters by character. For example, entering lib would list computer names such as Library-1, Library-2, and so on. Enter release notes about the Agent.

Notes 5.

To save the new Agent updates, click Save.

AMP Message Queue


The AMP (Agent Messaging Protocol) Message Queue page displays the list of pending communications with the Agents, such as pending alerts, patches, scripts, or crash dumps.

To view AMP Message Queue


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Click K1000 Settings > Support. The K1000 Settings: KACE Support page appears. 2. Click Troubleshooting Tools. The K1000 Troubleshooting Tools page appears. 3. Under K1000 Agent Messaging, click the message queue link. The AMP Message Queue page appears. The pending communications are displayed in this queue only during continuous connection between the Agent and the appliance. For Alerts, the pending communications are displayed in the AMP Message Queue even if there is no continuous connection between the Agent and the appliance. These messages are displayed until the Alerts Keep Alive time interval has expires. For more information about alerts, see To Create a Broadcast Alert Message, on page 233. The Agent Message Queue page contains the following fields: Field Machine Name Description The machine name that contains the computer inventory information. Click a name to view the Computers Inventory page.

80

Administrator Guide, Version 5.3

Agent Provisioning

Field Message Type [ID, Src ID] Message Payload Expires Status

Description The type of message type, such as Run Process. The message payload. The date and time when the message expired. The status of the AMP message, such as Completed or Received.

To delete a message queue


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Click K1000 Settings > Support. The K1000 Settings: KACE Support page appears. 2. Click Troubleshooting Tools. The K1000 Troubleshooting Tools page appears. 3. Under K1000 Agent Messaging, click the message queue link. The AMP Message Queue page appears. 4. 5. 6. Click the check box for the message you want to delete. In the Choose Action drop-down list, click Delete Selected Item(s). Click OK to confirm deleting the message. This removes the message queue from the Agent.

Administrator Guide, Version 5.3

81

Agent Provisioning

82

Administrator Guide, Version 5.3

5
Managing Software and Hardware Inventories

The Dell KACE K1000 Management Appliance Inventory tab enables you to identify and manage the hardware and software on your network and organize these assets using labels and filters.

Inventory Feature Overview, on page 83. Managing Your Computer Inventory, on page 84. Managing Your Software Inventory, on page 91. Managing Your Processes Inventory, on page 97. Managing Your Startup Program Inventory, on page 100. Managing Your Service Inventory, on page 102. Managing Your MIA (Out-Of-Reach Computer) Inventory, on page 104. Using the AppDeploy Live Application Information Clearinghouse, on page 106. Using the Dell Warranty feature, on page 107.

Inventory Feature Overview


The agent collects Inventory information from each node. The information is uploaded and displayed on your K1000 Management Appliance after the nodes check in. The data is then listed on one of the Inventory tabs:

Computers Software Processes Startup Services IP Scan MIA

Administrator Guide, Version 5.3

83

Managing Software and Hardware Inventories

Inventory data is collected automatically according to the Agent Inventory Interval schedule specified in Settings > K1000 Agent. If the Agent Inventory Interval is set to zero, the inventory is performed as per the Agent Run Interval setting on the same page. To view the Agent Inventory Interval and Agent Run Interval settings, make sure you have selected the correct organization using the Organization drop-down list in the top-right corner of the main page. Then select the Organizations tab and click an organization in the list. These settings are listed under the K1000 Agent Settings for this Organization section of the K1000 Organization : Edit Detail page. Although it is listed under the Inventory tab, the IP Scan feature is discussed in Chapter 7: Scanning for IP Addresses, starting on page 119. This figure illustrates some of the Inventory features using the Computers ab. Figure 5-1: Inventory - Computers Tab

Managing Your Computer Inventory


The Computer Search & Filter page displays the computers IP address and the user connected to it. Clicking Action #1 Machine Action if specified. or Action #2 beside the IP address, invokes an

For more details on Machine Actions, refer to Chapter 2: Configuring your Appliance, starting on page 35.

84

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

From the Computers tab you can:

Search by keyword or invoke an Advanced Search Create a Filter to apply labels to computers automatically Create Notifications based on computer attributes Add/delete new computers manually Filter the Computer Listing by label Apply or remove labels Show or hide labels

To view details about a computer, click its name.

Searching for Computers in Your Inventory


This section explains the various options you have for searching for computers in your inventory.

Using Advanced Search for Computer Inventory


Although you can search computer inventory using keywords like Windows XP or Acrobat, those types of searches might not specific enough. Advanced search, on the other hand, allows you to specify values for each field present in the inventory record and search the entire inventory listing for that value. This is useful for example, if you needed to list computers with a particular version of BIOS installed.

To specify advanced search criteria


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click the Advanced Search tab. Select an attribute from the drop-down list. For example: IP Address 3. Select a condition from the drop-down list. For example: contains 4. Enter the attribute value. For example, to search machines in an IP range: XXX.XX.* Note: You can add more than one criteria. 5. To add more criteria, select a conjunction operator from the drop-down list. The options are AND or OR. 6. Click Search. The search results are displayed.

Administrator Guide, Version 5.3

85

Managing Software and Hardware Inventories

Creating Smart Labels for Computer Inventory


Smart Labels enable you to dynamically apply a label based on a criteria. Smart Labels work well with Inventory attributes. For example, to track laptops that travel, create a label called San Francisco Office, and create a Smart Label based on the IP range or subnet for machines located at the San Francisco office. Whenever a machine that meets the IP range is checked in, it is labeled as San Francisco. The table below lists some examples of useful Smart Labels that can be applied to a machine based on its inventory attributes: Filter Examples Sample Label Name XP_Low_Disk XP_No_HF182374 Building 3 CN_sales Sample Condition Windows XP Machine with less than 1 GB of free hard disk at last connection. Windows XP Machine without Hotfix 18237 installed at last connection. Machine connecting to the K1000 Management Appliance is detected in a specified IP range known to originate in building 3. Computers connecting where computer name contains the letters sales. For more information about Smart Labels, see About Smart Labels, on page 60.

Searching for Computers by Creating Computer Notifications


You can also use the Notification feature to search the inventory for computers that meet certain criteria, such as disk capacity or OS version, and then send an e-mail automatically to an administrator. For example, to know when computers have a critically low amount of disk space left, you can: 1. 2. Specify the search criteria to look for a value of 5 MB or smaller in the Disk Free (G) field Notify an administrator to take appropriate action.

To create a notification
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. 4. 5. 6. 7. Go to Inventory > Computers. Select the Create Notification tab. Specify the search criteria and the constraints. Specify a title for the search. Enter the email address of the recipient of the notification. To see whether the filter produces the desired results, click Test Notification. Click Create Notification to create the notification.

86

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

Now, whenever machines that meet the specified notification criteria check into the K1000 Management Appliance, an e-mail is automatically sent to the specified recipient. You can modify or delete a notification after it has been created on the Reporting > Email Alerts tab.

Filtering Computers by Organizational Unit


To filter computers based on an Organizational Unit found in LDAP or AD, you can create LDAP Labels to do this from the Home > Label > LDAP Labels tab. For more information on how to create LDAP Labels, refer to About LDAP Labels, on page 209.

Using the Computer Inventory Detail Page


From the Computers tab, you can select a computer in inventory and view its details. The Computer Detail page provides details about a computers hardware, software, install, patch, Service Desk, and OVAL vulnerability history, among other attributes.

The following sections describe each of the detail areas on this page. To expand or collapse the sections, click the + sign next to the section headers.

Administrator Guide, Version 5.3

87

Managing Software and Hardware Inventories

Inventory Heading Summary

Description Contains basic computer identification information. Most of this is self-explanatory. The only appliance-specific information in this section is the AMP connection and the agent software level. Some appliance features work only if there is a constant connection between the agent and the appliance: A icon indicates a constant connection between the agent and the appliance.

A icon indicates that the agent and the appliance are not connected. For more details on the AMP connection, see AMP Message Queue, on page 80. Use the Force Inventory Update button to immediately update all computer inventory information. Click Force Inventory Update to synchronize the computer with the server. It requests that the node send an inventory to the appliance. Inventory Information Software Activities This section provides more detail on some of the categories in the Summary section. This section provides details on the software programs the computer has installed, including patching level information, running processes, and startup programs. The Labels section displays the labels assigned to this computer. Labels are used to organize and categorize machines. The Failed Managed Installs section displays a list of Managed Installations that failed to install on this machine. To access details about the Managed Installations, click the Managed Software Installation detail page link. The To Install List section lists the Managed Installations that are sent to the machine the next time it connects. The Help Tickets section provides a list of the Service Desk Tickets (if any) associated with this machine. These can either be Tickets assigned to the machine owner or Tickets submitted by the machine owner. To view a Service Desk Tickets details, click the Ticket ID (for example, TICK:0032). Security The Patching Detect/Deploy Status section displays a list of patches detected and deployed on the computer. Click the appropriate link, for example, Failed, Not Patched, Patched, and All to sort the list of patches.You can review your patch schedules by clicking the Patch Schedules link. The Threat Level 5 list section displays the items that have been marked with the threat level as 5. A threat that is harmful to any software, process, startup item, and services associated with this machine is considered as threat level 5. The OVAL Vulnerabilities section displays the results of OVAL Vulnerability tests run on this machine. Only tests that failed on this computer are listed by the OVAL ID and marked as Vulnerable. Tests which passed are grouped together and marked as Safe. The Portal Install Logs section provides details about the User Portal packages installed on this machine. See Appliance Agent Logs, on page 89, for details on this section. The Scripting Logs section lists the Configuration Policy scripts that have been run on this computer, along with the status of any scripts in progress.

Logs

88

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

Inventory Heading Asset

Description This section displays the details of the Asset associated with that machine. Details such as the date and time when the Asset record was created, the date and time when it was last modified, type of the asset and name of the asset are displayed. Click the [Edit] link to edit the asset information. For more information about Assets, see the Asset Management Guide.

Appliance Agent Logs


This section displays logs for K1000 Management Appliance Management Service, boot strap, Client, and Scripting Updater.

Management Service Logs: The primary role of appliance Management Service is to execute the Offline KScripts. The Management Service logs display the steps performed by Management Service to execute the Offline KScripts. These steps include, dependencies downloads and validating the KBOTS file. Any error in the execution of Offline KScript is logged in the Management Service logs.

Boot Strap Logs: The appliance sends a boot strap request to get inventory information for a node that has checked in for the first time. The logs related to this request are displayed in Boot Strap logs.

Client Logs: The appliance sends a request to the agent to get inventory information periodically. A script is executed on the node after which it sends the inventory information to the appliance. On successful execution of K1000Client.exe, inventory is uploaded to the appliance. The agent logs display these actions.

Scripting Updater: A request is initiated periodically from the node to get the latest information related to the changes in Offline KScripts. Scripting Updater logs displays this information.

Adding Computers to Inventory


The appliance provides the convenience of automatically adding computers to inventory. This is especially useful when you maintain a large number of computers on your network. However, the appliance also provides the flexibility to manually add computers to inventory. For example, you can track computers that currently do not have agent support or computers that are not available on your LAN.

Adding Computers Automatically


Computers are automatically added to Inventory by provisioning the agent on the computers on your network. The computers on which the agent is installed will check into the appliance

Administrator Guide, Version 5.3

89

Managing Software and Hardware Inventories

and upload all the available inventory data. For more information on agent provisioning, refer to Chapter 4: Agent Provisioning, starting on page 65.

Adding Computers Manually


You can use the K1000 to maintain inventory data of all the machines on your network, including those not connected to your LAN. This might be a good practise if you want to maintain Inventory on computers in dark networks. The number of computer or machine records in Inventory affects your license count even if the computer is no longer in use.

To add a computer to inventory manually


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Go to Inventory > Computers. In the Choose Action menu, click Add New Item. The Computer: Edit Computer Detail page appears. 3. Complete the information required by: Entering by hand: For example data, view the computer record of a machine that is already listed in the inventory. Importing the machine.xml file for this computer.

The K1000Client.exe can take an optional command line parameter-inventory. To configure this, type: K1000 Agent/exe-inventory The appliance agent collects the inventory data and generates a file called machine.xml, which you can upload here. If you choose this option, the appliance ignores all other field values on this page.

To delete a computer
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. 4. Go to Inventory > Computers. Select the check box next to the computer(s) you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click OK to confirm deleting the computer.

90

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

To apply a label to a computer


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Computers. Select the computer to which you will apply a label. In the Choose Action menu: Select Add Label. Enter the New Label name to apply and click Save. Avoid using backslashes (\) in Label names. If used, be sure to escape the backslash with another backslash.

To remove a label from a computer


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Computers. Select the check box next to the computer from which you will remove a label. In the Choose Action menu, click the appropriate label under Remove Label.

Managing Your Software Inventory


The Inventory feature also collects and displays an inventory of the software items installed on each of the computers listed in the inventory. From the Inventory > Software tab you can see all the software installed across your network. By default, the software list alphabetically lists only the first 100 software items detected. To view all software installed, click the Show All link. From the Software List page, you can:

Add or delete software Add, remove, or apply labels Categorize the Software Set Threat Level to Software

To view the details of a software title, click the software name link.

Using Advanced Search for Software Inventory


You can search your software inventory using keywords like Adobe Flash Player or ActivePerl. For more refined search results use the Advanced Search. This feature allows you to specify values for each field present in the software inventory and search the entire

Administrator Guide, Version 5.3

91

Managing Software and Hardware Inventories

inventory for that particular value or combination of values. For example, if you need a list of computers that have a specific application installed on a specific operating system.

To specify advanced search criteria


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Go to the Advanced Search tab. Select an attribute and a condition from the drop-down lists. For example, Display Name (Title) and contains. 3. Enter the Attribute Value. For example, ActivePerl causes all the machines having ActivePerl software to be searched. 4. To add more than one criteria, select the Conjunction Operator from the drop-down list. For example: AND. 5. Select an attribute and a condition from the drop-down lists. For example, Supported OS and contains. 6. Enter the Attribute Value. For example, XP. 7. Click Search. The combination of XP and ActivePerl returns all machines that have Windows XP OS and ActivePerl software installed.

Adding Software to Inventory


You can add software inventory items automatically or manually. Automatically capturing software inventory items is especially useful when it is difficult to determine and maintain lists of all the software titles installed on your network nodes. Thus, the K1000 Management Appliance also provides you with the flexibility to manually add software titles to the inventory. For example, you can add a software item that is not yet been installed on your network, create a managed installation from it, and then deploy it to your other nodes.

Adding software automatically


Software items are added to Inventory automatically when the agent checks in. The nodes on which the appliance agent is installed check in to your appliance and upload all the available software inventory data. For more information on agent provisioning, refer to Chapter 4: Agent Provisioning, starting on page 65.

92

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

To add software to Inventory manually


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. The appliance automatically creates inventory records for the software titles found on the network. If you dont see a software package in Inventory, the package probably isnt installed on a node in your K1000 Management Appliance. Usually, its better to install the package on a node and run inventory, than to manually install. You may want o include a custom rule so that information about the software is current and the package is not reinstalled each time that the agent check in, for example. See Appendix C: Writing Custom Inventory Rules, starting on page 273. 1. 2. Go to Inventory > Software. In the Choose Action menu, click Add New Item. The Software : Edit Software Details page appears. 3. Enter the general software details. Enter the Display Version, Publisher (Vendor), and Display Name (Title) consistently across software inventory to ensure proper downstream reporting. 4. 5. 6. 7. Upload or specify links to available information files associated with the software. In the Assign To Label field, select the labels to assign. (Optional) Enter any other information in the Notes field. Specify the Custom Inventory Rule. For example:

RegistryValueGreaterThan(HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx,szDatVersion,4.0.44) Before deploying a software item to a remote node, your appliance first verifies whether that file is present on the that node. If it is detected, it is not sent to the machine a second time. In some instances, installed programs do not register in Add/Remove Programs or in standard areas of the registry. In such cases, the appliance may not be able to detect the presence of the application without additional information from the administrator. Therefore, the appliance may repeat the install each time the node connects. For more information on Custom Inventory ID (rule), refer to Appendix C: Writing Custom Inventory Rules, starting on page 273. 8. 9. Select the supported operating systems in the Supported Operating Systems field. In the Custom Inventory Rule field, enter the Custom Inventory ID.

10. Beside Upload & Associate File, click Browse to browse to the file you wish to upload and associate with this software, and then click Open.

Administrator Guide, Version 5.3

93

Managing Software and Hardware Inventories

11. Under Metadata, specify the following information: Category Threat Level Hide from AppDeploy Live! Select the desired category. Select the threat level. Select this check box to hide this information from Live Application Deployment. (Use for proprietary information.)

12. Click Save. The software detail page displays license information for the software. You can also view the license asset detail by clicking on the license link.

To create software assets


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Software. Select the check box for the appropriate software. In the Choose Action menu, click Create Asset. The Assets page appears. For more information about using Assets, see the Asset Management Guide.

Custom Data Fields


You can create custom data fields to read information from a target machine and report it in the Computer Inventory certificate. This is useful for reading and reporting on information in the registry and elsewhere on the target machine. For example, DAT file version number from the registry, file created date, file publisher, or other data.

To create a custom data field


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. 4. Go to Inventory > Software. In the Choose Action menu, click Add New Item. Enter a value in the Display Name (Title) field. In the Custom Inventory Rule field, enter the appropriate syntax according to the information you want returned: To return a Registry Value, enter the following, replacing valueType with either TEXT, NUMBER, or DATE. NUMBER is an integer value:

94

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

RegistryValueReturn(string absPathToKey, string valueName, string valueType), Example: RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Viruss can Online,SourceDisk, TEXT) To return File Information, enter: FileInfoReturn(string fullPath, string attributeToRetrieve, string valueType) Example: FileInfoReturn(C:\Program Files\Internet Explorer\iexplore.exe, Comments,TEXT) You can retrieve the following attributes from the FileInfoReport() function: Comments CompanyName FileBuildPart FileDescription FileMajorPart FileMinorPart FileName FilePrivatePart FileVersion InternalName IsDebug IsPatclhed IsPreRelease IsPrivateBuild IsSpecialBuild Language LegalCopyright LegalTrademarks OriginalFilename PrivateBuild ProductBuildPart ProductMajorPart ProductMinorPart ProductName ProductPrivatePart ProductVersion SpecialBuild CreatedDate ModifiedDate AccessedDate

Attaching a Digital Asset to a Software Item


Whether you add the software to inventory automatically or manually, you need to associate the files required to install the software before distributing a package to users for installation. To associate multiple files, create a .zip file, and associate the resulting archive file.

To attach a digital asset to a software item


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Go to Inventory > Software. Select the linked name of the software title.
95

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

The Software: Edit Software Detail page appears. 3. 4. 5. Beside Upload & Associate File, click Browse. Locate the file to upload, and then click Open. Modify other details as necessary, and then click Save. The Software-To-Computer Deployment Detail table at the bottom of the Software > Edit Software Detail page shows which computers have the software title installed.

To delete a software item


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. 4. Go to Inventory > Software. Select the check box next the software you wish to delete. In the Choose Action menu, click Delete Selected Item(s). Click OK to confirm deleting the software.

To apply a label to a software item


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. If you want your label to include all copies of this software, the ones you have now and any you might purchase in the future, use a Smart Label. See Creating Smart Labels for Computer Inventory, on page 86. 1. 2. 3. Go to Inventory > Software. Select the check box beside the software to apply a label to. In the Choose Action menu, click Apply Label and then the appropriate label to apply. You can also click Add Label in the Choose Action menu to create and apply a new label. Avoid using backslashes (\) in Label names. If used, be sure to escape the backslash with another backslash.

To remove a label from a software item


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Go to Inventory > Software. Select the check box beside the software to remove the label from.

96

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

3.

In the Choose Action menu, click Remove Label and the appropriate label.

To categorize a software item


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Software. Select the check box beside the software you want to categorize. In the Choose Action menu, click Set Category and the category.

To set threat level to a software item


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Software. Select the check box next to the software. In the Choose Action menu, click the appropriate threat level.

Managing Your Processes Inventory


The K1000 Management Appliance Processes feature allows you to keep track of processes that are running on all agent machines across your enterprise. The Processes feature records and reports the processes details information. You can record and view software usage for the last 1, 2, 3, 6, or 12 months. Detail pages provide information on individual processes, including the name of the computer running those processes, system description, and the last user. Using Processes feature, you can:

View Process details Delete selected processes Disallow selected processes Meter selected processes Apply labels Remove labels

The processes are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet, Malware, Security, and System Tool.

Administrator Guide, Version 5.3

97

Managing Software and Hardware Inventories

To view process details


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Inventory > Processes. The Processes page appears. 2. Select the process name to view details. The Process Details page appears. 3. 4. 5. 6. 7. Select labels to assign to a process using the Assign To Label option. Enter any notes that further describe this process in the Notes field. Select the category of the process in the Category drop-down list. Select the threat level of the process in the Threat Level drop-down list. Click Save. You can read comments on the process submitted by other users by clicking [Read Comments] on the Process Details page. You can also ask for help from KACE about the processes by clicking [Ask For Help.] You need a KACE user name and password to log in to the Dell KACE database. You can also see computers with running the selected process. You can view and print a printer friendly version of this page.

To delete a process
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. To delete processes, do one of the following: 2. From the Processes List view, select the check box beside the process, and then in the Choose Action menu, click Delete Selected Item(s). From the Process detail page, click Delete.

Click OK to confirm deleting the selected process.

To disallow processes
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Inventory > Processes. The Processes page appears. 2. 3.
98

Select the check box beside the processes to disallow. In the Choose Action menu, click Disallow Selected Item(s).
Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

The Script : Edit Detail page appears. 4. Enter the script configuration details, and then click Run Now to run Disallowed Programs Policy. For more detailed information on scripting and Disallowed Programs Policy, refer to Chapter 9: Using the Scripting Features, starting on page 161.

To apply a label to a process


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Processes. Select the check box next to the processes you want to apply a label to. In the Choose Action menu, click the appropriate label to apply.

To remove a label from a process


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Processes. Select the check box next to the processes you want to remove the label from. In the Choose Action menu, click the appropriate label under Remove Label.

To categorize a process
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Processes. Select the check box next to the processes you want to categorize. In the Choose Action menu, click the appropriate category.

To set threat level to a process


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Processes. Select the check box next to the processes. In the Choose Action menu, click the appropriate threat level.

Administrator Guide, Version 5.3

99

Managing Software and Hardware Inventories

To meter a process
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Processes. Click the check box next to the processes. In the Choose Action menu, click Meter Selected Items(s). The process are added to the list of processes to be monitored in the Metering tab. For more information on Software Metering, refer to Asset Management Guide.

Managing Your Startup Program Inventory


The K1000 Management Appliance Startup feature allows you to keep track of startup programs on all agent machines across your enterprise. The Startup feature records and reports the startup program detail information. Detail pages provide information on startup programs, including the name of the computer running those startup programs, system description, and the last user. Using Startup feature, you can:

View startup program details Delete selected startup programs Apply or remove labels

The startup programs are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet, Malware, Security, and System Tool.

To view Startup detail information


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Inventory > Startup. The Startup Programs page appears. 2. Click the startup program name to view details. The Startup Programs : Edit Startup Programs Detail page appears. 3. 4. 5. 6. Select labels to assign to startup program using the Assign To Label option. (Optional) Enter notes that further describe this startup program in the Notes field. Select the category of the startup program in the Category drop-down list. Select the threat level of the startup program in the Threat Level drop-down list.

100

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

7.

Click Save to save the startup program details. You can read comments on the startup program submitted by other users by clicking [Read Comments]. You can also ask for help from KACE about the startup programs by clicking [Ask For Help.] You need a KACE user name and password to log in to the Dell KACE database.

You can also see computers with running the selected startup program. You can view a printer friendly version of this page and take print outs of the report.

To delete a startup program


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. To delete startup programs, do one of the following: 2. From the Startup Programs List view, select the check box next to the startup program, and then in the Choose Action menu, click Delete Selected Item(s). From the Startup Program : Edit Startup Program Detail page, click Delete.

Click OK to confirm deleting the selected startup program.

To apply a label to a startup program


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Startup. Select the check box next to the startup programs you want to apply a label to. Select the appropriate label to apply from the Choose Action menu.

To remove a label from a startup program


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Startup. Select the check box next to the startup programs you want to remove from the label. In the Choose Action menu, click the appropriate label under Remove Label.

To categorize a startup program


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.

Administrator Guide, Version 5.3

101

Managing Software and Hardware Inventories

1. 2. 3.

Go to Inventory > Startup. Select the check box next to the startup programs you want to categorize. In the Choose Action menu, click the appropriate category.

To set threat level to a startup program


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Startup. Select the check box next to the startup programs. In the Choose Action menu, click the appropriate threat level.

Managing Your Service Inventory


The K1000 Management Appliance Service feature allows you to keep track of services running on all agent machines across your enterprise. The Service feature records and reports the services information in detail. Detail pages provide information on services, including the name of the computer running those services, system description, and the last user. Using Services feature, you can:

View services details Delete selected services Apply or delete labels

The services are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet, Malware, Security, and System Tool.

To view service detail information


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Inventory > Service. The Services page appears. 2. Click the service name to view details. The Service : Edit Service Detail page appears. 3. 4. Select labels to assign to service using the Assign To Label option. Enter any notes that further describe this service in the Notes field.

102

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

5. 6. 7.

Select the category of the service in the Category drop-down list. Select the threat level of the service in the Threat Level drop-down list. Click Save to save the service details. You can read comments on the service submitted by other users by clicking [Read Comments]. You can also ask for help from Dell KACE about the service by clicking [Ask For Help.] You need a KACE username and password to log in to the Dell KACE database.

You can also see computers with running the selected startup program. You can view a printer friendly version of this page and take print outs of the report.

To delete a service
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. To delete services, do one of the following: 2. From the Services List view, select the check box next to the service, and then in the Choose Action menu, click Delete Selected Item(s). From the Process detail page, click Delete.

Click OK to confirm deleting the selected service.

To apply a label to a service


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Service. Select the check box next to the services you want to apply a label to. In the Choose Action menu, click the appropriate label to apply.

To remove a label from a service


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Service. Select the check box next to the services you want to remove the label from. In the Choose Action menu, click the appropriate label under Remove Label.

Administrator Guide, Version 5.3

103

Managing Software and Hardware Inventories

To categorize a service
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Service. Select the check box next to the services you want to categorize. In the Choose Action menu, click the appropriate category.

To set a threat level to a service


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Service. Select the check box next to the services. In the Choose Action menu, click the appropriate threat level.

Managing Your MIA (Out-Of-Reach Computer) Inventory


The K1000 Management Appliance MIA tab offers a list of the nodes that have not checked in to the appliance in some time. You can filter the MIA view by computers that have missed the last first, fifth, or tenth syncs, or which have not communicated with appliance in the last 1-90 days. The MIA tab also displays the IP and MAC Addresses of these computers. From the MIA tab, you can remove the computers from the appliance Inventory and assign them to labels to group them for management action.

Configuring the MIA Settings


You can configure the MIA Settings to enable the appliance to automatically delete computers from the inventory after they have not checked in for a specified number of days. This eliminates the need to manually delete the computers from the Computers - MIA page.

To configure the MIA settings


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Go to Inventory > MIA. In the Choose Action menu, click Configure Settings. The MIA Settings page appears.

104

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

3.

Enter the following information: Select this check box to enable automatic deleting of MIA computers. Enter the period in number of days. Computers that do not communicate with the appliance for the number of days specified are automatically deleted.

Automatically delete MIA computers Days

4.

Click Save.

To delete an MIA computer


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. 4. Go to Inventory > MIA. Select the check box next to the computers you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click OK to confirm deleting the computer.

To apply a label to an MIA computer


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > MIA. Select the check box next to the computers you want to apply a label to. In the Choose Action menu, select the appropriate label to apply .

To create a new label


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. For example, you can create a label on any tab in Inventory: 1. 2. 3. Click Inventory, and click the tab you want to work with, for example, Software. In the Choose Action menu, click Add Label. In the Add Label window, enter a name for the new label. Avoid using a backslash (\) in Label names. If used, be sure to escape the backslash with another backslash. 4. Click Save.

Administrator Guide, Version 5.3

105

Managing Software and Hardware Inventories

Using the AppDeploy Live Application Information Clearinghouse


AppDeploySM (or AppDeploy.com) contains information on installation, deployment, and systems management automation. (However, it does not tie directly into the appliance.) By centralizing relevant information in one place, AppDeploy.com reduces the need for searching answers through vendor sites, discussion boards, and technical publications. This website provides computer administrators an easier way to search for answers and solutions.

Enabling AppDeploy Live


To perform these steps, be sure to select System in the Organization drop-down list in the top-right hand corner of the page. The AppDeploy Live! website is both a platform for product forums and a source of up-todate news and announcements. Enabling AppDeploy Live! integrates community submitted information directly from this web site. 1. 2. 3. 4. 5. Click K1000 Settings > Control Panel > General Settings. Click Edit Mode. Click the Enable AppDeploy Live! check box. Click OK on the pop-up confirmation page. Click Set Options to save your changes.

For more information on how to change K1000 General Settings, refer to To configure general settings for the server, on page 35.

Viewing AppDeploy Live content


You can view AppDeploy Live contents of your appliance. From Inventory, you can view AppDeploy Live information on software, processes, startup programs, and services. AppDeploy Live information can also be viewed from the Distribution > Managed Installations and Distribution > File Synchronization. You can visit www.AppDeploy.com for more information. If you have not enabled AppDeploy Live, you cannot view AppDeploy Live information. Refer to Using the AppDeploy Live Application Information Clearinghouse, on page 106.

To view AppDeploy Live information


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Inventory > Software. The Software page appears, which lists the software installed on nodes. 2. Select a software title to see the associated information from AppDeploy Live.

106

Administrator Guide, Version 5.3

Managing Software and Hardware Inventories

The Software : Edit Software Detail page appears. 3. Scroll Down to view AppDeploy Live information.

Using the Dell Warranty feature


The Dell Warranty feature only works for Dell computers that are in inventory.

The Dell Warranty feature runs a background service that gathers and updates warranty information on your Dell computers that are in Inventory. This background service runs every four hours and selects a different organization in a round-robin fashion. Every four hours, the service runs on approximately 100 machines per organization. Over time, warranty information is gathered and updated for all Dell machines. This process may take a week or up to a month to acquire warranty information for all of the Dell machines across different organizations. If you need to see warranty information immediately, there is an option to gather warranty information on a single Dell machine instantly. You can download warranty information into a CSV file for a single or multiple machines within your organization. From the Dell Warranty tab, you can also access the Dell Support Web site to renew your warranty information if it is out of date or view additional details about your warranty.

To obtain Dell Warranty information on a single Dell machine instantly


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Inventory > Computers. The Computers : Detail Item <Machine Name> page appears. 2. 3. Select the Dell machine in the list of computers for which you wish to gather warranty information to view the machine details. Under the Inventory Information section, select the Hardware link.

Administrator Guide, Version 5.3

107

Managing Software and Hardware Inventories

If this is a Dell computer that you have selected, you will see Dell warranty information under the Dell Service Info section as shown in the following figure:

4.

Select the Refresh button. The warranty information is updated immediately for this machine.

To renew Dell Warranty information


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Inventory > Computers. The Computers : Detail Item <Machine Name> page appears. 2. 3. 4. Select the Dell machine in the list of computers for which you wish to renew warranty information. Under the Inventory Information section, select the Hardware link. Select the support@dell.com link in the Dell Service Info section. You will be redirected to the Dell Support Web site. Here you can renew your warranty information if it is outdated. You can also view additional information about your existing warranty.

To run Dell Warranty reports


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Reporting > Reports. The K1000 : Reports page appears. 2. From the View By drop-down list in the top-right corner of the page, select Dell Warranty.
Administrator Guide, Version 5.3

108

Managing Software and Hardware Inventories

3.

View the following reports: Dell Warranty Expired Dell Warranty Expires in the Next 60 Days

You can run these reports and store them as HTML, CSV or PDF files. These reports are available at both the Organization level and the System level within the K1000 Management Appliance.

Administrator Guide, Version 5.3

109

Managing Software and Hardware Inventories

110

Administrator Guide, Version 5.3

6
Importing and Exporting Appliance Resources

This chapter explains how to transfer K1000 Management Appliance resources between organizations within an appliance and between separate appliances.

Importing and exporting resources, on page 111. Transferring resources using a SAMBA share, on page 111. Transferring resources between Organizations, on page 115.

Importing and exporting resources


The Administrator Portal offers you the ability to import and export the following resources components between separate K1000 Management Appliances or between different organizations within an appliance:

Email alerts Managed Installations Reports Scripts Smart labels Software components from Inventory Ticket rules

All K1000 Management Appliance have built-in SAMBA share directories, allowing you to import and export appliance resources among them. For details, see the Transferring resources using a SAMBA share section. If you use the Organizational Management component of the K1000 Management Appliance, you also can transfer resources between organizations within an appliance. For details, see Transferring resources between Organizations, on page 115. If you do not use Organizational Management, its options are not displayed.

Transferring resources using a SAMBA share


Any appliance can export the resources listed in Importing and exporting resources to another appliance using their SAMBA share directories as staging areas.

Administrator Guide, Version 5.3

111

Importing and Exporting Appliance Resources

Export resources from one appliance to another using SAMBA shares


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Open the Administrator Portal of the appliance from which to export resources. Go to Settings > Resources. The Resource Management Panel appears.

3.

Click Export K1000 Resources. The Export K1000 Resources page appears, listing all of the resources available to export.

By default, all available resources on the appliance are listed. You can limit the resources to view using the drop-down list and Search field on the right side of the page. Select a resource from the View by list to display only that resource category.

112

Administrator Guide, Version 5.3

Importing and Exporting Appliance Resources

Enter a term in the Search field to limit the resources list even further. In this example, only reports with the term closed in the description are listed:

4. 5.

Select the check boxes next to those resources you wish to export. In the Choose Action menu, click Export to SAMBA Share. The Annotate Exported Resource(s) splash screen appears.

6.

Enter a description of the components to export in the Notes field and click Save. Your exported resources first appear on the Resource Manager Queue page with a Status of New Request. Click the Refresh button to update this page. When finished, the Status changes to Completed. Most import/export tasks only take a moment, but very large resources take longer. This page does not refresh by itself for several minutes. The resources you exported are now available on your SAMBA share for other K1000 Management Appliance to import.

7.

Go to Settings > Control Panel > General Settings. and note the location of the SAMBA share directory in the SAMBA Share Settings section. You need to copy the appliance resources from this directory to the SAMBA share of the appliance importing the software.

8.

For the importing appliance, go to Settings > Control Panel, and click General Settings. The K1000 Settings: General page appears.

9.

In the SAMBA Share Settings section, note the location of the SAMBA share directory.

10. Using a third-party file copying utility, copy the resources from the exporting appliance SAMBA share to the importing appliance SAMBA share. 11. For the importing appliance, go to Settings > Resources.

Administrator Guide, Version 5.3

113

Importing and Exporting Appliance Resources

The Resource Management Panel appears:

12. Click Import K1000 Resources. The Import K1000 Resources page appears, listing all of the appliance resources available to import. 13. From Choose Action menu, click Import Resource(s) from SAMBA Share. The Import Resources from SAMBA Share Directory page appears.

114

Administrator Guide, Version 5.3

Importing and Exporting Appliance Resources

14. Select the resource files to import, and click Import Resources.

Your imported resources first appear on the Resource Manager Queue page with a Status of New Request. Click Refresh to update this page. When finished, the Status changes to Completed. Most import/export tasks only take a moment, but very large resources take longer. This page does not refresh by itself for several minutes. Once you see a Status of Completed, the resources you imported are available and listed on their respective tabs (Reporting, Inventory > Software, Scripting, Distribution > Managed Installations) for your organization to use.

Transferring resources between Organizations


You transfer resources between KACE K1000 Appliance organizations by exporting them from one organization and then importing them into another. The sections below explain how to do this.

Administrator Guide, Version 5.3

115

Importing and Exporting Appliance Resources

Exporting resources to Other Organizations on an appliance


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. The first step in transferring any of the resources listed in Importing and exporting resources is exporting them from one organization, which is explained in this section. 1. Go to Settings > Resources. The Resource Management Panel appears.

2.

To export resources from one organization to the others, click Export K1000 Resources. The Export K1000 Resources page appears, listing all of the resources on the appliance available to export.

3. 4.

Select the check boxes next to the resources you wish to export. In the Choose Action menu, click Export to Local K1000. The Annotate Exported Resource(s) splash screen appears.

5.

Enter a brief comment describing the exported resources in the Note field, and then click Save.

116

Administrator Guide, Version 5.3

Importing and Exporting Appliance Resources

Your exported resources first appear on the Resource Manager Queue page with a Status of New Request. In a few minutes, the export will complete, and the Status changes to Completed. Click the Refresh button to update this page. The resources you exported are now available for other organizations on your appliance to import. For details on importing these resources into another organization, see the Importing resources from another organization on your appliance section.

Importing resources from another organization on your appliance


Once resources are exported from an organization, they are available to the other organizations on that appliance to import and use. If you have not yet exported the appliance resources you need, follow the instructions in the Exporting resources to Other Organizations on an appliance section. To import appliance resources from another appliance, follow the instructions in the Transferring resources using a SAMBA share section.

Import software components from another organization


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Settings > Resources. The Resource Management Panel appears.

2.

Click Import K1000 Resources.

Administrator Guide, Version 5.3

117

Importing and Exporting Appliance Resources

The Import K1000 Resources page appears, listing all of the resources available to import:

3. 4.

Select the check boxes next to the resources that you would like to import. In the Choose Action menu, click Import Selected Resource(s). The Resource Manager Queue page appears. Your imported resources first appear on the Resource Manager Queue page with a Status of New Request. Click the Refresh button to update this page. When finished, the Status changes to Completed. Most import/export tasks only take a moment to complete, but very large resources take longer. This page may not refresh for several minutes.

Once you see a Status of Completed, the resources you imported are available on the respective pages (Reports, Inventory > Software, Scripting, Distribution > Managed Installations) for your organization.

118

Administrator Guide, Version 5.3

7
Scanning for IP Addresses

IP scan allows you to scan a range of IP addresses to detect the existence and attributes of various devices on a network.

IP Scan Overview, on page 119. Viewing Scheduled Scans list, on page 119. Creating an IP Scan, on page 120.

IP Scan Overview
The K1000 Management Appliance can scan a range of IP addresses for SNMP-enabled machines, allowing you to retrieve information about machines connected to your network. Although IP scans have their own server-side scheduling, you can invoke a scan on-demand or schedule an IP scan to run at a specific time. IP Scan reports a variety of inventory data, allowing you to monitor the availability and service level of a target machine. IP Scan scans ports in addition to IP addresses. You can collect data even without knowing the IP addresses of the target machines. It can scan any type of device (as long as the device has an IP address on the network), including computers, virtual machines, printers, network devices, servers, wireless access points, routers, and switches.

Viewing Scheduled Scans list


By default, the IP Scan tab displays the available scans. From this page, you can also:

Schedule a new scan. Delete scans.

About scan results


On the scan results page, you can:

Schedule new scan. Apply a label or a Smart Label or delete a label. Create a remote connection to the machine. (This can be done only if configured under Machine Action.)
119

Administrator Guide, Version 5.3

Scanning for IP Addresses

To view scan results


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. There are other ways to get to scan results. The following is an example: 1. 2. Go to Inventory > IP Scan. In the Choose Action menu, click View Scan Inventory. The Network Scan Results page opens.

Creating an IP Scan
You can create a network scan that will search for DNS, Socket, and SNMP across a single subnet or multiple subnets. You also define a network scan to search for devices listening on a particular port (for example, Port 80). This allows you to view devices that are connected to your network even when the agent is not installed on those devices. When defining a network scan, balance the scope of the scan (number of IP addresses you are scanning) with the depth of the probe (number of attributes you are scanning for), so that you do not overwhelm your network or the appliance. For example, if you need to scan a large number of IP addresses frequently, keep the number of ports, TCP/IP connections, and so on, relatively small. As a general rule, scan a particular subnet no more than once every few hours. The agent listens to port 52230. To determine which machines on your network are running an agent, define a network scan to report which machines are listening on that port.

To create an IP scan
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Inventory > IP Scan. The Network Scan Settings page appears. 2. In the Choose Action menu, click Add New Item. The Network Scan Setting page appears. 3. 4. Enter a name for the scan in the Network Scan Friendly Name field. Enter the IP range to scan in the Network Scan IP Range field.

120

Administrator Guide, Version 5.3

Scanning for IP Addresses

5.

Specify the DNS lookup test details: Check live addresses against the DNS server to see if they have an associated name. This can help you identify known nodes on your network. Enter the host name or IP address. Enter the time out interval (in seconds).

DNS Lookup Enabled Name Server for Lookup Lookup Time Out 6.

Select the Ping Test Enabled check box. If the Ping and Socket tests are disabled, you cannot run the other tests. The Ping or Socket tests determine if the address is alive. If it is, you can run an SNMP or a Port Scan against it.

7.

Specify the connection test details: Select this check box to perform connection testing during network scan. Enter the protocol to use.

Connection Test Enabled Connection Test Protocol

Connection Test Port Enter the port to use for testing the connection. Connection Time Out Enter the time out interval (in seconds). 8. Specify SNMP test details: Select this check box to enable SNMP scanning. Enter the community string to query. (Public is the default.) The query only runs if authentication is not required. When authentication is required, the scan returns SNMP enabled with no system data.

SNMP Enabled SNMP Public String

9.

Specify port scan test details: Select this check box to enable port scanning of device ports. Enter a comma-separated list of TCP ports to scan. Enter a comma-separated list of UDP ports to scan. Enter the time out interval (in seconds).

Device Port Scan Enabled TCP Port List UDP Port List Port Scan Time Out

10. Specify the scan schedule: Dont Run on a Schedule Run Every n minutes/ hours Run in combination with an event rather than on a specific date or time. Run the scan at a specified interval.

Administrator Guide, Version 5.3

121

Scanning for IP Addresses

Run Every day/specific day at HH:MM AM/PM Run on the nth of every month/specific month at HH:MM AM/PM 11. Click Save.

Run the schedules daily at a specified time, or run on a designated day of the week at a specified time. Run either monthly at a specified time and day or run at a designated time and day on a specified month.

Deleting a scan configuration also deletes all associated scan inventory items. If you want to maintain the scan inventory, but do not want to rescan, set the schedule of the scan configuration to not run.

To search network scan results on the basis of status fields


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Click Inventory > IP Scan. The Network Scan Settings page appears. 2. In the Choose Action menu, click View Scan Inventory. The Network Scan Results page appears. 3. 4. Click the Advanced Search tab. Select an attribute from the drop-down list. For example: Ping Status. 5. Select a condition from the drop-down list. For example: =. 6. Enter the attribute value. For example, to search machines that have a successful ping status, enter 1. 7. Click Search. The search results are displayed below. Clicking the IP address of a network device displays the values for Ping Status, Connection Status, and SNMP Status as Succeeded or Failed. However, the underlying database fields actually contain a 0 for Failed and 1 for Succeeded. Therefore, when using these fields as criteria for advanced search, Smart Labels, or notifications, you must enter the numeric values.

122

Administrator Guide, Version 5.3

Scanning for IP Addresses

IP Scan Smart Label


The IP Scan Smart Label searches for all devices that are detected in the Network Scan, including DNS, Socket, and SNMP across a single subnet or multiple subnets. Smart Labels enable you to dynamically identify based on a search criteria.

To dynamically identify the network scan results


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Click Home > Label. The Labels page appears. 2. 3. On the Labels page, click Smart Labels. In the Choose Action menu, click Add New IP Scan Smart Label. The Network Scan Results page appears. 4. 5. 6. 7. Specify the search criteria. Choose or enter the label to associate with the Smart Label. To see whether the Smart Label produces the desired results, click Test Smart Label. Click Create Smart Label.

When devices that meet the specified criteria are detected in the network scan, they are automatically assigned to the associated Smart Label. You can modify or delete a Smart Label after it has been created from the Home > Label > Smart Labels page. You can specify the order in which IP Scan Smart Labels are run by changing their order value.

To edit the order value of IP Scan Smart Labels


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Click Home > Label. On the Labels page, click Smart Labels. In the Choose Action menu, click Order IP Scan Smart Labels. The Order IP Scan Smart Labels page appears. 4. 5. Click the icon next to an order value to modify it.

Enter the appropriate order value, and click Save. IP Scan Smart Labels with lower order values are run before those with higher order values. The default order value for a new IP Scan Smart Label is 100.

Administrator Guide, Version 5.3

123

Scanning for IP Addresses

124

Administrator Guide, Version 5.3

8
Distributing Software from Your K1000 Management Appliance

The K1000 Management Appliances software distribution features offer various methods for deploying software, updates, and files to the computers on your network.

Distribution Feature Overview, on page 125. Types of Distribution Packages, on page 126. Managed Installations, on page 129. Examples of common deployments on Windows, on page 133. Examples of Common Deployments on Linux, on page 139. Examples of Common Deployments on Mac OS, on page 143. File Synchronizations, on page 143. Wake-on-LAN, on page 145. Replication, on page 148. Managing iPhone Profiles, on page 153. Managing Dell Systems with Dell Updates, on page 155. Configuring Dell OpenManage Catalog Updates, on page 158.

Distribution Feature Overview


Dell recommends that customers follow a predefined set of procedures before deploying any software on their network. The following illustration represents a high-level example of a generic distribution process. This process can be modified to meet the needs of your organization. However, to avoid distribution problems, it is important to test various deployment scenarios prior to deployment.

Administrator Guide, Version 5.3

125

Distributing Software from Your K1000 Management Appliance

Figure 8-1: Basic Deployment procedure


Inventory & Assess

Test

Target

Deploy

Report

One of the most important concepts in the deployment procedure is to test each deployment before rolling it out to a large number of users. The appliance verifies that a package is designated for a particular system, machine, or operating system. However, the appliance cannot assess the compatibility with other software on the target machine. Therefore, establish procedures for testing each piece of software before deploying it on your network. For example, develop a test group of target machines, and deploy the required software using your appliance. This practice helps you to verify the compatibility of the software with the operating system and other applications within your test group. You can create a test label and perform a test distribution before you go live in your environment. You can create a test label from the Home > Labels tab. This chapter focuses primarily on the test, target, and deploy portions of this flow diagram. For more details on creating an inventory of computers and software packages in use on your network, see Chapter 8: Distributing Software from Your K1000 Management Appliance, starting on page 125.

Types of Distribution Packages


The primary types of distribution packages that can be deployed on the nodes in the network are:

Managed installations File synchronizations Appliance agents

Distribution packages (whether for managed installation, file synchronization, or user portal packages) cannot be created until a digital file is associated with an Inventory item. This rule applies even if you are:

126

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

Sending a command, rather than an installation or a digital file, to target machines. Redirecting the appliance agents to retrieve the digital asset (for example, .exe, .msi) from an alternate download location.

To create a distribution
1. 2. 3. Install the package manually on a machine. Take an inventory of that machine. For more information on how to take an inventory, see Managing Your Software Inventory, on page 91. Use the item listed in the Software Inventory list for the Managed Installation.

To create packages with different settings, such as parameters, labels, or deployment definitions, you can create multiple distribution packages for a single Inventory item. However, the Managed Installation (MI) cannot be verified against more than one inventory item because the MI checks for the existence of only one inventory item. Although the K1000 Agent tab is listed under the Distribution tab, Deploying K1000 Agent is discussed as part of the installation and setup process in Chapter 1: Getting Started, starting on page 15. For information about updating an existing version of the appliance agent, see K1000 Agent Update, on page 78.

Distributing packages from the appliance


Packages distributed through the appliance are only deployed to target nodes if the Inventory item is designated to run on the targets operating system. For example, if the Inventory item is defined for Windows XP Professional only, the Inventory item does not deploy to targets with Windows 2000. Also the package does not deploy to nodes that are not included in the machine label. For example, if the deployment package is set to deploy to a label called Office A, the package does not deploy to machines that are not in Office A. When an appliance creates a software inventory item, it only records the operating systems on which the item was installed in the Inventory detail record. A managed installation must be enabled by selecting a managed action and a deployment window.

Ensuring that Inventory item package names match


If the display name of the Software Inventory item does not exactly match the name that the software registers in Add/Remove programs, the appliance may attempt to deploy a package repeatedly even though it is already there. To ensure that the Inventory item display name exactly matches: 1. 2. Install the package on a target machine. Take an automatic inventory of that machine using the appliance. The newly installed package appears in the Inventory list.

Administrator Guide, Version 5.3

127

Distributing Software from Your K1000 Management Appliance

You can then associate a digital file and create one or more deployment packages.

Distributing Packages from an Alternate Location


The K1000 Management Appliance supports software distribution from alternate locations. The agent can retrieve digital installation files from remote locations, including a UNC address, DFS source, or an HTTP location. The CIFS and SMB protocols, SAMBA servers, and file server appliances are supported by your K1000 Management Appliance. The alternate download feature addresses administrative issues, such as:

Supporting remote sites with restricted bandwidth, which might result in difficulties accessing the appliance. Avoiding storing large packages on the appliance.

An alternate download location can be any path on the network. Ensure that the alternate location has the required files for installing the application. To activate this capability, you must enter an alternate checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). You may use any tool to establish your checksum. To create the MD5 checksum, enter: K1000Client -hash=filename This displays the MD5 hash for the file. If no checksum is entered, the digital asset on the file share must exactly match the digital asset associated with the Deployment Package on the K1000 Management Appliance. Also, the target path must include the complete filename (for example, \\fileserver_one\software\adobe.exe). When the appliance fetches files, it uses these priorities: 1. Alternate download location 2. Replication share 3. Appliance If a replication share is specified in the label, the replication share is always used instead of an alternate download location. If there is no replication share, the agent fails over to the appliance.

When to use a replication share or an alternate download location


The difference between a replication share and an alternate download location is:

Replication share is a full replication of all digital assets and is managed automatically by the appliance.

128

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

Alternate download location can be any path on the network. You make sure that the alternate location has the files that might be needed for installs of a particular application.

Whenever a replication share is specified for a label, nodes in that label go to that replication share to get files until you remove them from the label or stop using the replication item. If a replication share is specified, that is always be used instead of any other alternate location. The agent always fails over to appliance in following scenarios:

There is no replication share specified for any label it is a member of There are more than one possible replication shares identified

For more information on replication shares, refer to Replication, on page 148.

Managed Installations
To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. Managed installations enable you to deploy software that requires an installation file to run to the computers on your network. You can create a Managed Installation package from the Distribution > Managed Installation page. From the Managed Installation tab, you can:

Create or delete Managed Installations Execute or disable Managed Installations Specify a Managed Action Apply or remove a label Search Managed Installations by keyword

Installation parameters
Your K1000 Management Appliance allows packaged definitions to contain .msi, .exe,.zip, and other file types for software deployment. If an administrator installs the file on a local machine, either by running a single file, BAT file, or VBScript, the package can be installed remotely by the appliance. To simplify the distribution and installation process, the package definition can also contain parameters that are passed to the installer at run time on the local machine. You can use parameters as custom installation settings, for example, a standard install or to bypass auto-restart.

To determine supported parameters for the .msi file


To identify which parameters are supported by your .msi or other any installer, follow these steps:

Administrator Guide, Version 5.3

129

Distributing Software from Your K1000 Management Appliance

1. 2.

Open an MS-DOS command prompt. Go to the directory that contains the target installer. For example: c:\...\adobe.exe

3.

Enter: filename /? For example: adobe.exe /? If that package supports parameters, they are displayed. For example: /quiet, / norestart.

4.

Use the parameter definitions identified to update your package definition.

If these steps do not succeed, refer to the software vendors documentation.

Creating a managed installation for the Windows platform


When creating a managed installation, you can specify whether you want to interact with the users using a custom message before or after the installation. You can also indicate whether to deploy the package when the user is logged in or not and limit deployment to a specific label. The following section provides general steps for creating a managed installation. For specific details on creating a managed installation for an .msi, .exe, or .zip file, refer to the subsequent sections.

To create a managed installation for Windows platforms


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. 1. 2. 3. 4. Select Distribution > Managed Installations. In the Choose Action menu, select Add New Item. The Managed Software Installation: Edit Detail page appears. Select the software from the Software drop-down list. You can filter the list by entering any filter options. Enter the following information:

Also show software Select this check box to display any software without an associated executable without an uploaded. You can upload a file to the software record directly from this Associated File Managed Installation page. Upload & Associate Click the Browse button and navigate to the location that contains the new New File executable of any software selected or to associate an executable to a software without an associated file.

130

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

Installation Command

Select the Use Default or Configure Manually option. Use Default Run Parameters: Specify the installation behavior as follows: The maximum field length is 256 characters. If your path exceeds this limit, on the command line, point to a BAT file that contains the path and the command. If your Parameters file path includes spaces, enclose the complete path in quotes. For example: \\kace_share\demo files\share these files\setup.bat Configur Installation Command: If desired, specify full command-line e parameters in the provided field. Refer to the MSI Command Line Manually documentation for available runtime options. Un-Install using Full Command Line: Select this check box to uninstall software. Run Command Only: Select this check box to run the command line only.

Delete Downloaded Files Use Alternate Download

Select this check box to delete the package files after installation. Select this check box to specify details for alternate download. When you select this check box, the following fields appear: Alternate Download Location: Enter the location where the K1000 Agent can retrieve digital installation files. Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User: Enter a user name that has the necessary privileges to access the alternate download location. Alternate Download Password: Enter the password for the user name. Note: If the target machine is part of a replication label, the appliance does not fetch software from the alternate download location. For more information, refer to Distributing Packages from an Alternate Location, on page 128. Specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. Because that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information, refer to To add or edit a new label, on page 57.

Notes

(Optional) Enter additional information in this field.

Administrator Guide, Version 5.3

131

Distributing Software from Your K1000 Management Appliance

Managed Actions

Managed Action allows you to select an appropriate time for this package to be deployed. Available options are: Disabled Execute anytime (next available) Execute before logon (at machine bootup) Execute after logon (before desktop loads) Execute while user logged on Execute while user is logged off

5. Deploy to All Machines

Specify the deployment details: Select this check box to deploy the software to all machines. Select a label to limit deployment only to machines belonging to the selected label. Press CTRL to select multiple labels. If you have selected a label that has a replication share or an alternate download location, the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from the appliance. Note: The appliance always uses a replication share in preference over an alternate location. You can limit deployment to one or more machines. Select the machines from the drop-down list to add to the list. You can filter the list by entering filter options. Select the order to install the software. The lower value deploys first. Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the K1000 Management Appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Specify the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, overrides and/or interact with the deployment window of a specific package.

Limit Deployment To Selected Labels

Limit Deployment To Listed Machines Deploy Order Max Attempts

Deployment Window (24H clock)

132

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

6. Allow Snooze

Set user interaction details: Click the check box to allow snooze. When you click the check box, the following additional fields appear: Snooze Message: Enter a snooze message. Snooze Timeout: Enter the timeout, in minutes, for which the message is displayed. Snooze Timeout Action: Select a timeout action that take places at the end of the timeout period. For example, if the installation is being carried out when there currently no active users accessing their desktop. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction.

Custom Pre-Install Message

Select this check box to display a message to users prior to installation. When you select the check box, the following additional fields appear: Pre-Install User Message: Enter a pre-install message. Pre-Install Message Timeout: Enter a timeout, in minutes, for which the message is displayed. Pre-Install Timeout Action: Select a timeout action from the dropdown list, this action takes place at the end of the timeout period. Options include Install later or Install now. For example, if the installation is being carried out when there currently no active users accessing their desktop. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction.

Custom Post-Install Select this check box to select a message to users after the installation is Message complete. When you click the check box, the following additional fields appear: Post-Install User Message: Enter a post install message. Post-Install Message Timeout: Enter a timeout, in minutes, for which the message is displayed. 7. Click Save.

Examples of common deployments on Windows


This section provides examples of the three most common package deployments, which are .msi, .exe, and .zip files. This section provides examples for each type of deployment. For each of these examples, you must upload the file to the appliance before creating the Managed Installation package. We recommend that you install the software on a QA machine, wait till the appliance agent connects to the appliance and creates an Inventory item for the software, and then creates the Managed Installation package.

Administrator Guide, Version 5.3

133

Distributing Software from Your K1000 Management Appliance

Standard MSI example


Using .msi files is an easy, self-contained way to deploy software on Windows-based machines. If your .msi file requires no special transformation or customization, the deployment is simple. MSI files require a /i switch when using other switches with an install. The appliance parameter line does not require the file name or msiexec syntax. The only the /* input is required: /qn /I (Correct) msiexec /I /qn (Incorrect)

To use parameters with .msi files, all your target machines must have the same version of Windows Installer (available from Microsoft). Some switches may not be active on older versions. The most up-to-date version of Windows Installer can be distributed to nodes with the appliance.

If you are using Windows Installer 3.0 or later, you can identify the supported parameters by selecting the Run program available from the Start menu. Enter msiexec in the popup window. A window displays, which includes the supported parameters list.

To create a managed installation for Windows platforms


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. 1. 2. 3. 4. Select Distribution > Managed Installations. In the Choose Action menu, select Add New Item. The Managed Software Installation: Edit Detail page appears. Select the software from the Software drop-down list. You can filter the list by entering any filter options. Enter the following information: Select this check box to display any software without an associated executable uploaded. You can upload a file to the software record directly from this Managed Installation page. Click the Browse button and navigate to the location that contains the new executable of any software selected or to associate an executable to a software without an associated file.

Also show software without an Associated File Upload & Associate New File

134

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

Installation Command

Select the Use Default or Configure Manually option. Use Default Run Parameters: Specify the installation behavior as follows: The maximum field length is 256 characters. If your path exceeds this limit, on the command line, point to a BAT file that contains the path and the command. If your Parameters file path includes spaces, enclose the complete path in quotes. For example: \\kace_share\demo files\share these files\setup.bat. Configur Installation Command: If desired, specify full commande line parameters in the provided field. Refer to the MSI Manually Command Line documentation for available runtime options. Un-Install using Full Command Line: Select this check box to uninstall software. Run Command Only: Select this check box to run the command line only.

Delete Downloaded Files Select this check box to delete the package files after installation. Use Alternate Download Select this check box to specify details for alternate download. When you select this check box, the following fields appear: Alternate Download Location: Enter the location where the K1000 Agent can retrieve digital installation files. Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User: Enter a user name that has the necessary privileges to access the alternate download location. Alternate Download Password: Enter the password for the user name. Note: If the target machine is part of a replication label, the appliance does not fetch software from the alternate download location. For more information, refer to Distributing Packages from an Alternate Location, on page 128. Specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. Because that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information, refer to To add or edit a new label, on page 57. Notes (Optional) Enter any additional information in this field.

Administrator Guide, Version 5.3

135

Distributing Software from Your K1000 Management Appliance

Managed Actions

Managed Action allows you to select an appropriate time for this package to be deployed. Available options are: Disabled Execute anytime (next available) Execute before logon (at machine bootup) Execute after logon (before desktop loads) Execute while user logged on Execute while user is logged off

5.

Specify the deployment details: Select this check box to deploy the software to all machines. Select a label to limit deployment only to machines belonging to the selected label. Press CTRL to select multiple labels. If you have selected a label that has a replication share or an alternate download location, the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from the appliance. Note: The appliance always uses a replication share in preference over an alternate location. You can limit deployment to one or more machines. Select the machines from the drop-down list to add to the list. You can filter the list by entering filter options. Select the order to install the software. The lower value deploys first. Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the K1000 Management Appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Specify the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, overrides and/or interact with the deployment window of a specific package.

Deploy to All Machines Limit Deployment To Selected Labels

Limit Deployment To Listed Machines Deploy Order Max Attempts

Deployment Window(24H clock)

136

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

6. Allow Snooze

Set user interaction details: Click the check box to allow snooze. When you click the check box, the following additional fields appear: Snooze Message: Enter a snooze message. Snooze Timeout: Enter the timeout, in minutes, for which the message is displayed. Snooze Timeout Action: Select a timeout action that take places at the end of the timeout period. For example, if the installation is being carried out when there currently no active users accessing their desktop. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction.

Custom Pre-Install Message

Select this check box to display a message to users prior to installation. When you select the check box, the following additional fields appear: Pre-Install User Message: Enter a pre-install message. Pre-Install Message Timeout: Enter a timeout, in minutes, for which the message is displayed. Pre-Install Timeout Action: Select a timeout action from the drop-down list, this action takes place at the end of the timeout period. Options include Install later or Install now. For example, if the installation is being carried out when there currently no active users accessing their desktop. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction.

Custom Post-Install Message

Select this check box to select a message to users after the installation is complete. When you click the check box, the following additional fields appear: Post-Install User Message: Enter a post install message. Post-Install Message Timeout: Enter a timeout, in minutes, for which the message is displayed.

7.

Click Save.

Standard EXE Example


The standard executable example is identical to the MSI example above with one exception: / I is not required in the run parameters line when using an .exe file. When using an executable file, it is often helpful to identify switch parameters for a quiet or silent installation. To do this, specify /? in the run parameters field.

Standard ZIP Example


Deploying software using a .zip file is a convenient way to package software when multiple files are required to deploy a particular software title (for example, setup.exe, plus required configuration and data files). For example, if you have a CD-ROM containing a group of files

Administrator Guide, Version 5.3

137

Distributing Software from Your K1000 Management Appliance

required to install a particular application, you can package them together in a .zip file and upload them to the appliance for deployment. The appliance agent automatically runs deployment packages with .msi and .exe extensions. However, K1000 Management Appliance also provide a capability for administrators to zip many files together and direct the appliance to unpack the ZIP file and run a specific file within. If you intend to deploy a .zip file, you must place the name of the file within the .zip that you would like to run in the Command (Executable) field within the Deployment Package (for example, runthis.exe).

To create a managed installation for a .zip file


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Browse to the location that contains the necessary installation files. Select all files and create a .zip file using WinZip or another utility. Create an inventory item for the target deployment. You can do this manually from the Inventory > Software tab or by installing the package on a node that regularly connects to the appliance. 4. 5. Associate the .zip file with the inventory item and upload it to the appliance. Click Distribution > Managed Installation. The Managed Installations page appears. 6. In the Choose Action menu, click Add New Item. The Managed Software Installation : Edit Detail page appears. 7. 8. Select the software title that the .zip file is associated with from the Software dropdown list. In the Run Parameters field, specify the complete command with arguments. For example: setup.exe /qn 9. Click Save.

When attempting to deploy a .zip file created using WinZip maximum compression, the package may fail to uncompress and you may see an error in the application event viewer or kbxlog.txt with the message: Unsupported compression mode 9 The appliance agent uses a library called SharpZipLib to uncompress .zip files. This library supports .zip files using both stored and deflate compression methods and also supports old (PKZIP 2.0) style encryption, tar with GNU long filename extensions, gzip, zlib and raw deflate, as well as BZip2. However, Zip64 and deflate64 are not supported. Compression mode 9 is deflate64, which in WinZip is called maximum compression.
138 Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

To resolve the issue, recreate the zip file using WinZip normal compression.

Examples of Common Deployments on Linux


This section provides examples of the supported package deployments: .rpm .zip, .bin, .tgz, and tar.gz files. For each of these examples, you must have already uploaded the file to the appliance prior to creating the Managed Installation package. We recommend installing the software on a QA machine, waiting a sufficient amount of time for the appliance agent to connect to the K1000 Management Appliance and create an inventory item for the software, and then creating the Managed Installation package.

To create a managed installation for an .rpm file


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. You can deploy software on Linux-based machines using .rpm files. 1. Click Distribution > Managed Installations. The Managed Installations page appears. 2. In the Choose Action menu, click Add New Item. The Managed Installation: Edit Detail page appears. 3. Select the software from the Software drop-down list. You can filter the list by entering any filter options. 4. By default, the appliance agent attempts to install the .rpm file using the following command. In general, this is sufficient to install a new package or update an existing one to a new version: rpm -U packagename.rpm If you have selected a .zip/.tgz/tar.gz file, the content is unpacked, and the root directory searched for all .rpm files. The installation command is run against each of these files. The appliance finds all rpm files at the top level of an archive automatically, so you can install more than one package at a time. You can also create an archive containing a shell script and then specify that script name as the full command. The appliance runs that command if it is found, and logs an error if is not. To change the default parameters, you have to specify this in the Run Parameters field. You can specify wildcards in the filenames you use. If the filename contains spaces, enclose it in single or double quotation marks. The files are extracted into a directory in /tmp and it becomes the current working directory of the command. On Red Hat Linux, you do not need to include any other files in your archive other than your script if that is all you want to execute.

Administrator Guide, Version 5.3

139

Distributing Software from Your K1000 Management Appliance

If the PATH environment variable of your root account does not include the current working directory, and you want to execute a shell script or other executable that you have included inside an archive, specify the relative path to the executable in the Full Command Line field. The command is executed inside a directory alongside the files that have been extracted. For example, to run a shell script called installThis.sh, package it alongside an .rpm file, and then enter the command: ./installThis.sh in the Installation Command field. If you archived it inside another directory, the Installation Command field is: ./dir/filename.sh Both these examples, as well as some other K1000 Management Appliance functions, assume that sh is in the root's PATH. If you're using another scripting language, you may need to specify the full path to the command processor you want to run in the Installation Command, like /bin/sh ./filename.sh Include appropriate arguments for an unattended, batch script. If you select the uninstall check box in the MI detail, the agent runs the following command on either your standalone rpm file or each rpm file it finds in the archive, removing the packages automatically: //usr/sbin/rpm -e packagename.rpm Removing software in this way is performed only if the archive or package is downloaded to the node. If you select the Uninstall Using Full Command Line check box, specify a full command line in the Installation Command field to ensure the correct removal command is run on the correct package. Because no package is downloaded in this case, specify the path in the installation database where the package receipt is stored. 5. If your package requires additional options, you can enter the following installation details: (Optional) You do not need to specify parameters if you have an .rpm file. Enter a value to override (Default -U default). For example, if you set Run Parameters to: -ivh --replacepkgs, then the command that runs on the computer is: rpm -ivh replacepkgs package.rpm You do not need to specify a full command line if you have an .rpm file. The appliance executes the installation command by itself. The Linux node tries to install this via: rpm [-U | Run Parameters] "packagename.tgz If you do not want to use the default command, you can replace it completely by specifying the complete command line here. If you have specified an archive file, this command is run against all of the .rpm files it can find.

Run Parameters

Installation Command

140

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

Un-Install using Full Command Line

Click the check box to uninstall software. If a Full Command Line above is entered, it is run. Otherwise, by default the agent attempts to run the command, which is generally expected to remove the package. Click the check box to run the command line only. This does not download the actual digital asset. (Optional) Enter additional information in this field. Managed Action allows you to select the most appropriate time for this package to be deployed. Execute anytime (next available) and Disabled are the only options available for Linux platform.

Run Command Only Notes Managed Action

6.

Specify the deployment details: Click the check box to deploy to all the machines. Select a label to limit deployment only to machines belonging to the selected label. Press CTRL to select multiple labels. If you have selected a label that has a replication share or an alternate download location, then the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from appliance. Note: The appliance always uses a replication share in preference over an alternate location. You can limit deployment to one or more machines. Select the machines from the drop-down list to add to the list. You can filter the list by entering filter options. The order in which software is installed. The lower value deploys first. Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the K1000 Management Appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Specify the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, override and/or interact with the deployment window of a specific package.

Deploy to All Machines Limit Deployment To Selected Labels

Limit Deployment To Listed Machines Deploy Order Max Attempts

Deployment Window(24H clock)

7. Allow Snooze

Set user interaction details: This option is not available for Linux platform. This option is not available for Linux platform. This option is not available for Linux platform.

Custom Pre-Install Message Custom Post-Install Message

Delete Downloaded Files Select this check box to delete the package files after installation.

Administrator Guide, Version 5.3

141

Distributing Software from Your K1000 Management Appliance

Use Alternate Download

Select this check box to specify details for alternate download. When you select this check box, the following fields appear: Alternate Download Location: Enter the location from where the K1000 Agent can retrieve digital installation files. Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User: Enter a user name that has the necessary privileges to access the Alternate Download Location. Alternate Download Password: Enter the password for the user name specified above. Note: If the target machine is part of a replication label, then the appliance does not fetch software from the alternate download location. For more information on using an alternate location, refer to Distributing Packages from an Alternate Location, on page 128. Here you specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. But since that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information on how to create or edit labels, refer to About Labels, on page 53.

8.

Click Save.

Standard TAR.GZ Example


Deploying software using a tar.gz file is a convenient way to package software when more than one file is required to deploy a particular software title (for example, packagename.rpm, configuration, and data files). If you have a CD-ROM containing a group of files required to install a particular application, you can package them together in a tar.gz file, and upload them to your appliance for deployment.

To create a managed installation for a tar.gz file


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Use the following two commands to create tar.gz file: a. tar cvf filename.tar packagename.rpm b. gzip filename.tar This creates filename.tar.gz 2. Create an inventory item for the target deployment.

142

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

You can do this manually from the Inventory > Software tab, or by installing the package on a K1000 Agent machine that regularly connects to the K1000 Management Appliance. 3. 4. Associate the tar.gz file with the Inventory item, and upload it to the appliance. Click Distribution > Managed Installation. The Managed Installations page appears. 5. In the Choose Action menu, click Add New Item. The Managed Software Installation: Edit Detail page appears. 6. Select the software title with which the tar.gz file is associated from the Software dropdown list. This file is uncompressed and searched for all .rpm files. The installation command is run against each of them. If no Run Parameters are filled in, -U is used by default. You do not need to specify a full command line. The server executes the installation command by itself. The Linux node tries to install this using: rpm [-U | Run Parameters] "packagename.tgz 7. 8. Enter other package details as described in the Managed Installations, on page 129 procedures for .rpm file above. Click Save.

The agent automatically runs deployment packages with .rpm extensions. However, the appliance also provides a capability for administrators to zip many files together and direct the K1000 Management Appliance to unpack the zip and run a specific file within.

Examples of Common Deployments on Mac OS


For information on common deployments on Macintosh, refer to Appendix A: Administering Mac OS Nodes, starting on page 259.

File Synchronizations
File synchronizations enable you to distribute software files to the computers on your network. These can be any type of file, such as PDF, ZIP files, or EXE files, which are simply downloaded to the users machine, but not installed.

Creating a file synchronization


Using file synchronizations, you can push out any type of file to the computers on your network. You can choose to install the files from the appliance, or you can specify an alternate location from where users download the file. The string KACE_ALT_Location in the Alternate Download Location field is replaced with the value assigned by the
Administrator Guide, Version 5.3 143

Distributing Software from Your K1000 Management Appliance

corresponding label. You should not have a machine in more than one label with an Alternate Download Location specified.

To create a file synchronization


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Click Distribution > File Synchronization. The File Synchronizations page appears. 2. In the Choose Action menu, click Add New Item. The File Synchronization: Edit Detail page appears. 3. 4. Notes Location (full directory path) Location User Location Password Enabled Create Location (if doesnt exists) Replace existing files Do Not Uncompress Distribution Persistent Select the software title to install in the Software Title to Install drop-down list. Set or modify the following installation details: Enter any information related to the software title selected. Enter the location on the users machine where you want to upload this file. If the Location specified above is a shared location, enter the User login name. If the Location specified above is a shared location, enter the login password. Click the check box to download the file the next time the K1000 Agent checks into the appliance. Create the installation location if not has not already been created. Click the check box to overwrite existing files of the same name on the target machines. Click the check box if you are distributing a compressed file and do not want the file uncompressed. Click the check box if you want the appliance to confirm every time that this package does not already exist on the target machine before attempting to deploy it. Click the check box to create a desktop shortcut to the file location. Enter a display name for the shortcut. Click the check box to delete temporary installation files.

Create shortcut (to location) Shortcut name Delete Temp Files 5.

Specify the deployment details: Enter a label for the package. The file is distributed to the users assigned to the label, such as the operating system affected by the synchronization.

Limit Deployment to Labels

144

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

Limit Deployment to Listed Machines

Select a machine for deployment. If your list of machines is long, you can use the Filter field to filter the list by entering a few characters of the machine name. Enter a pre-deployment message to be sent to the user prior to deployment.

Pre-Deploy User Message

Post-Deploy User Message Enter a post-deployment message to be sent to the user after deployment. Deployment Window (24H clock) Enter the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, overrides and/or interact with the deployment window of a specific package. Click this check box to specify details for alternate download. When you click this check box, the following fields appear: Alternate Download Location: Enter the location from where the K1000 Agent can retrieve digital installation files. Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User: Enter a user name that has necessary privileges to access the Alternate Download Location. Alternate Download Password: Enter the password for the user name specified above. Note: If the target machine is part of a replication label, then the appliance does not fetch software from the alternate download location. For more information on using an alternate location, refer to Distributing Packages from an Alternate Location, on page 128. Here you specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. But since that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information on how to create or edit labels, refer to Managing Labels, on page 54. 6. Click Save. To distribute files previously deployed after the deployment window has closed, click the Resend Files button.

Use Alternate Download

Wake-on-LAN
The K1000 Management Appliance Wake-on-LAN feature provides the ability to wake up computers equipped with network cards that are Wake-on-LAN compliant.

Administrator Guide, Version 5.3

145

Distributing Software from Your K1000 Management Appliance

Wake-on-LAN feature overview


The Wake-on-LAN feature enables you to remotely power-on device on your network, even if those machines do not have the agent installed. Wake-on-LAN can target a label or a specific MAC-addressed machine. . This feature only supports machines that are equipped with a Wake-On-LANenabled network interface card (NIC) and BIOS. Using the Wake-on-LAN feature on the K1000 Management Appliance will cause broadcast UDP traffic on your network on port 7. This traffic should be ignored by most computers on the network. The K1000 Management Appliance sends 16 packets per Wake-on-LAN request because it must guess the broadcast address that is required to get the Magic Packet to the target computer. This amount of traffic should not have a noticeable impact on the network.

Issuing a Wake-on-LAN request


You can wake multiple devices at once by specifying a label to which those devices belong, or you can wake computers or network devices individually. To wake devices on a regular basis, for example, to perform monthly maintenance, you can schedule a Wake-on-LAN to go out a specific time. If the device you want to wake is not inventoried by the K1000 Management Appliance but you still know the MAC (Hardware) address and its last-known IP address, you can manually enter the information to wake the device.

To issue a Wake-on-LAN request


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Click Distribution > Wake-on-LAN. The Wake-on-LAN page appears. 2. 3. To wake multiple devices, select a label from the Labels drop-down list. To wake computers individually: a. Click them from the Wake a Computer list. b. Press CTRL, and then select multiple computers. You can filter the list by entering any filter options. 4. To wake a network device, specify the devices IP address in the Devices field. You can filter the list by entering any filter options. 5. 6. 7. Specify the MAC address of the device in the MAC Address field. Specify the IP address of the device in the IP Address field. Click Send Wake-on-LAN.

146

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

After you send the Wake-on-LAN request, the results at the top of the page indicate the number of machines that received the request and to which label, if any, those machines belong.

To schedule a Wake-on-LAN request


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Distribution > Wake-on-LAN. Click the Schedule a routine Wake-on-LAN event link. The Wake-on-LAN page appears. 3. In the Choose Action menu, click Add New Item. The Wake-on-LAN Settings page appears. 4. 5. 6. Select the appropriate radio button to schedule Wake-on-LAN scan, in the Scheduling area: (Default) Select to run the tests in combination with an event rather than on a specific date or at a specific time. In the Labels to Wake-on-LAN box, select the labels to include in the request.

Dont Run on a Schedule

Run Every day/specific Select to run the tests every day or only the selected day of the day at HH:MM AM/PM week at the specified time. Run on the nth of every month/specific month at HH:MM AM/PM 7. Click Save. The Wake-on-LAN tab appears with the scheduled request listed. From this view you can edit or delete any scheduled requests. Select to run the tests on a specific date or the same day every month at the specified time.

Troubleshooting Wake-on-LAN
When a Wake-on-LAN request fails to wake devices, it might be due inappropriate configuration of network devices. For example:

The device does not have a WOL-capable network card or is not configured properly. The K1000 Management Appliance has incorrect information about the subnet to which the device is attached. UDP traffic is not routed between subnets or is being filtered by a network device. Broadcast traffic is not routed between subnets or is being filtered by a network device. Traffic on Port 7 is being filtered by a network device.

For more assistance with troubleshooting Wake-on-LAN, see:

Administrator Guide, Version 5.3

147

Distributing Software from Your K1000 Management Appliance

http://support.intel.com/support/network/sb/cs-008459.htm.

Replication
Using a replication share is a method to handle managed installations, patching, or Dell Updates where network bandwidth and speed are issues. In those situations, using a replication share is a good alternative to downloading directly from an appliance. A replication share allows an appliance to replicate software installers, patches, node upgrades, and script dependencies to a shared folder on a node. If any replication item is deleted from the appliance server, it is marked for deletion in the replication share and deleted in the replication task cycle.

In creating a replication share, identify one node at each remote location to act as a replication machine. The server copies all the replication items to the replication machine at

148

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

the specified destination path. The replication process automatically restarts if stopped due to a network failure or replication schedule. If stopped, the replication process restarts at the point it was stopped. Sneaker net share You can create a new folder and copy the contents of an existing replication folder to it. You can then specify this folder as the new replication folder in the appliance. The appliance checks if the new folder has all the replication items present and replicates only the new ones. This results in conserving the bandwidth by not copying the files twice. You can manually copy the contents of replication folder to a new folder. The replication folder created in a machine follows following hierarchy: \\machinename\foldername\repl2\replicationitems folder The machine name and folder name is user defined while repl2 is automatically created by appliance server. The replication items folder includes the folder for patches, kbots, upgrade files, and software. All the replication items are first listed in the replication queue and then copied one at a time to the destination path. Any new replication item is first listed in the replication queue and then copied after a default interval of 10 minutes. Replication items are copied in this order: 1. 2. 3. 4. Script dependencies Software Agent upgrades Patches

Preparing to create a replication share


You can create replication shares only on the machines listed in the Inventory > Computers tab. To create a share on a machine that is not listed in Inventory, you need to first create an inventory record for the machine. For information, see Adding Computers to Inventory, on page 89. Also, confirm or do the following:

The replication share needs to have write permissions of the destination path to write the software files. The K1000 agent needs to be installed on the replication share. Create a computer label for your target nodes before starting the process.

To create a replication share


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Click Distribution > Replication. The Replication Shares page appears.

Administrator Guide, Version 5.3

149

Distributing Software from Your K1000 Management Appliance

2.

In the Choose Action menu, click Add New Item. The Replication Share: Edit Detail page appears.

3. 4.

Click the Replication Enabled check box. Click Failover to K1000 (optional). While you are testing the replication setup, dont enable this setting so that you can confirm that the replication is successful.

5.

Select the node in the Replication Machine drop-down list. The replication share is created on this node. The replication share can be created by two methods: Locally Shared network drive

6. 7.

Specify the replication share destination details: Select the label for the nodes that you want to get files from the replication to share Enter the path for the replication machine to use for the replication share. For a local drive, use local drive syntax, for example: C:\k1000share For a network drive, use UNC format, for example: \\kaceRep\k1000hare Note: $ notation, for example \KaceRep\e$, is not supported

Destination Path

Destination Path User

Enter the login name for the replication drive (destination path). The login account should have full access (including write) to the location. Use only letters and numbers; other characters dont work, such as @. Not required for local drives. Enter the password for the replication share. Use only letters and numbers. Not required for local drives.

Destination Path Password 8.

Verify that the selected computer label does not have KACE_ALT_LOCATION specified. KACE_ALT_LOCATION has precedence over the replication share while downloading files to the node. Specify the replication share download details: Enter the path for nodes in the replication label to copy items from the replication drive. For example, a UNC path: \\fileservername\directory\k1000\ Other nodes need read permission to copy replication items from this shared folder. Enter the login name for accessing the download path. We recommend you use only letters and numbers. Some other characters, for example, @, dont work.

9.

Download Path

Download Path User

150

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

Download Path Password

Enter the password for accessing the download path. We recommend you use only letters and numbers.

10. Specify the following:

Limit Patch O/S Files

Click the OS patches to replicate from the patch subscription settings page. Default: Replicate all displayed. (Only active patches are available.) For information about patching, see Patching and Security Guide. Click the language patches to replicate from the patch subscription settings page. Default: Replicate all displayed. For information about patching, see Patching and Security Guide. Click to replicate the application patches to the replication share. Click to replicate Dell packages to the replication share. Enter the maximum bandwidth to use for replication. If this field is left blank, the maximum bandwidth available for replication is used. Enter the restricted bandwidth to use for replication. If this field is left blank, the maximum bandwidth available for replication is used. Select the bandwidth used for different time slots and/or days. The colors represent: White Replication Off Light Blue Replication on with low bandwidth Blue Replication on with high bandwidth

Limit Patch Language Files Replicate App Patches Replicate Dell Packages Hi Bandwidth Lo Bandwidth Replication Schedule

In the replication schedule, as well as clicking the individual cells, you can:

Select hours (columns) by clicking the hour number. Select days (rows), by clicking the day of the week.

Administrator Guide, Version 5.3

151

Distributing Software from Your K1000 Management Appliance

Copy Schedule From Notes

Select an existing replication schedule from the drop-down list to replicate items according to that schedule. (Optional) Enter comments in the text box.

11. Click Save. When you have completed testing, you might want to return to step 4 and check Failover to K1000.

Working with your replication share


From the Replication tab, you can:

Add or delete replication shares Enable or disable replication shares Start or restart a halted replication task Halt a running replication task Perform a share inventory for the replication share Interrupt the current replication Export to CSV format Opening a CSV file containing multibyte characters with Microsoft Excel may yield "garbage characters" in the resulting worksheet. See Dell KACE Support for the steps to import the CSV file into an Excel worksheet.

To view replication share details


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. After creating a replication share and clicking Save, the Replication Shares page opens. 1. Click Distribution > Replication. The Replication Shares page appears. 2. Click a replication share. The Replication Share: Edit Detail page appears. 3. At the bottom of the Replication Share: Edit Detail page, you can also view the following: Replication Queue: Click Replication Queue to see a list of replication files that are going to be replicated with their status.

152

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

Share Inventory: Click Show Share Inventory to see a list of replication items that have been copied. Delete Queue: Click Show Delete Queue to see a list of replication items that are marked for deletion.

Managing iPhone Profiles


Dell KACE K1000 Management Appliances can manage your companys iPhone profiles. iPhone profiles are configuration files in XML (.mobileconfig) generated by Apple tools. You can:

Email profiles to the appropriate users. Have your users download their authorized profile.

Before you use K1000 iPhone profile support


Depending on whether you have already worked with profiles, you might need to perform the following: 1. Create a profile. If you dont already have profiles, see www.apple.com for information on creating and editing them. You can edit an existing profile with the K1000 iPhone page, but if you have extensive editing, the Apple tools are handier. 2. Create labels for your users. If your implementation involves multiple profiles, consider creating user labels for the profiles. Also, you may also want to restrict a profile to a test user label. For information about creating labels, see About Labels, on page 53. 3. Think about how you want to organize iPhone profiles in the Software Library of your K1000 user portal.

To add an iPhone profile


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Distribution > iPhone. In the Choose Action menu, click Add New Item. The iPhone Profile : Edit Detail page appears. 3. In the Profile Name field, enter a profile name. If you dont enter a name, a name from the .mobileconfig file is used. (This name is overwritten if you upload the .mobileconfig file again.) 4. Click Browse and select your profile.

Administrator Guide, Version 5.3

153

Distributing Software from Your K1000 Management Appliance

5.

Click Browse to make this profile available to users when you save. You can also enable the profile after saving.

6.

Click Edit for Limit Access to User Labels to restrict access to specific users. For example, if your profile is designed for users in a specific geography or division, create a label for those users.

7.

To send the profile to your users by email, enter their email addresses in the To field. Use the Filter field to filter your search for users by name or email address.

8. 9.

In Message field, enter a message and/or instructions for your users. In the XML field, enter any attributes for the .mobileconfig file.

10. Click Save.

To Delete an iPhone profile


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Click Distribution > iPhone. Click the check box for the iPhone profile you want to delete. In the Choose Action menu, click Delete Selected Item(s).

You can also delete a profile from the iPhone Profile : Edit Detail page.

To Configure Collection Settings for iPhones


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Distribution > iPhone. In the Choose Action menu, click Configure Collection Settings. The iPhone Asset Collection Settings & Schedule page appears. 3. 4. 5. Select the Enabled check box to enable deployment. Select the Deploy to All Machines check box to deploy to all machines. In the Choose Action menu, click Configure Collection Settings. The iPhone Asset Collection Settings & Schedule page appears. 6. Use the Limit Deployment to Selected Labels option to select a label to limit deployment to only machines belonging to the selected label. Press CTRL to select multiple labels.

154

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

If you have selected a label that has a replication share or an alternate download location, the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from the appliance. 7. 8. Use the Supported Operating Systems list to select the operating system to include in the deployment. Select the appropriate radio button to schedule the collection settings in the Scheduling area: (Default) Select to run the collection in combination with an event rather than on a specific date or at a specific time. Select to run the collection every few minutes or hours depending on your setting. Select to run the collection every day or on a specific day of the week at a specific time.

Dont Run on a Schedule Run Every nth minutes or hours Run every day or specific day of the week at HH:MM AM/ PM Run on the nth of every month/specific month at HH:MM AM/PM Custom Schedule 9. Click Save.

Select to run the collection on a specific date or the same day every month at the specified time. Select to create a custom schedule for the collection.

Managing Dell Systems with Dell Updates


The Dell Updates tab offers Dell customers the Dell Client Updates and Dell Server Updates features. You use these features to keep your Dell computers updated with the latest software patches and upgrades. Dell provides catalogs (lists) of software upgrades and patches, which you can choose to install on the Dell computers in your appliance implementation. The catalogs provide updates for:

Software and firmware for servers and workstations. Some Dell-supplied applications.

The Dell Updates tab is similar features and workflow to the appliance patching features on the Security tab. The two tabs are so similar that you can use the Patching and Security Guide document for all the Dell Client Updates and Server updates except for the differences listed in the next section. Patching and Security Guide is available from the www.kace.com website, Support tab, under Documentation (your Support login is required).

Administrator Guide, Version 5.3

155

Distributing Software from Your K1000 Management Appliance

Understanding the Differences between Patching and Dell Updates


The K1000 Management Appliance patching and Dell Update features are nearly identical. Read Patching and Security Guide for most patching/updating procedures. The exceptions are:

The Dell Update subscription process is different from the K1000 Management Appliance patch subscription process. For instructions on subscribing to Dell Updates, see the Configuring Dell OpenManage Catalog Updates section below. The names used for these actions are different: Patching Term Detection Dell Updates Term Inventory Term Used in: Patching and Security Guide This chapter and the Dell documentation.

Action Probe your computers to determine whether they have or need a specific patch or update.

Install the patch or update on the Deployment computers in your appliance implementation.

Update

You manage and execute Dell Updates and Patching from different appliance interface pages: K1000 Management Appliance Interface Page Administrator Portal > Distribution > Dell Updates Administrator Portal > Organization: System > K1000 Settings > Dell Client and Server Update Settings Administrator Portal > Security > Detect and Deploy patches Administrator Portal > Security > Patching > Subscription Settings

Action Execute Dell Update schedules Manage Dell Updates Execute Patching Schedules Manage Patching

Dell Client and Server Upgrade workflow


This section explains the general steps you use upgrade your Dell clients and servers. Unless otherwise noted, see the Patching and Security Guide for details on these steps. Follow these steps to use Dell client and server updates on an appliance: 1. 2. (If needed) Upgrade your nodes and servers to the latest K1000 Management Appliance release. Configure the Dell Updates. This includes deciding when to update your catalogs of Dell updates for Dell hardware that you own. Once Dell OpenManage is set up on your appliance, it automatically probes for and determines what updates your system requires. You do need to set up a schedule for these updates and configure this process. This step is different than the patching subscription. For details, see the Configuring Dell OpenManage Catalog
156 Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

Updates section below. You configure Dell updates from the Administrator Portal > Organization:: System > K1000 Settings > Control Panel > Dell Client and Server Update Settings page. All other Dell Updates settings and feature are available on the Administrator Portal > Organization: Default > Distribution > Dell Updates tab. 3. Filter out the updates that you do not want to apply to your servers and clients. You may not want to install all of the patches from the catalog. Mark these patches as inactive to prevent them from being automatically installed. 4. Group the updates by applications or software families in patch labels that your schedules use to run the inventory and update actions. For example, a label can specify patches for all Microsoft Windows systems. 5. Group your Dell systems together in machine labels that your schedules use to run the inventory and update actions. For example, you can collect all Dell servers running Microsoft XP into a single label and then run a patch schedule to inventory and update them. 6. Perform an update inventory to discover which of your nodes have updates available. You can perform this step independently, or as part of an inventory and update patch schedule that also installs the updates. Normally, you perform the inventory automatically as part of a patch schedule. Patching and Security Guide uses the term detect or detection instead of inventory. 7. Install the updates on the nodes that need them. This is known as patch update, and you can also perform it automatically part of an update schedule. Patching and Security Guide uses the term deploy or deployment instead of update. 8. Bring all these pieces together into patch schedules that automatically run inventory/ update actions for the updates in your update labels, on the corresponding computers in your machine labels. Patching and Security Guide walks you through the process of creating a schedule that automatically inventories your hardware and updates it with the critical software updates it needs. You can run schedules at any interval that you choose. Normally, you create different schedules for the laptops, workstations, and servers in your appliance implementation, because these three types of computers have very different usage characteristics. 9. Test your schedules on a small subset of the computers you administer to make sure everything is working the way you expect.

Administrator Guide, Version 5.3

157

Distributing Software from Your K1000 Management Appliance

Configuring Dell OpenManage Catalog Updates


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. Follow these steps to configure the Dell update process for the s and applications that your appliance implementation uses. Dell updates its hardware patches in Catalogs; one for serves and one for workstations. 1. Click K1000 Settings > Control Panel > Dell Client and Server Update Settings page. The Dell Client and Server Update Settings page appears:

2.

Scroll to the bottom the page and click Edit Mode link. The Dell Client and Server Update Settings page buttons and check boxes are enabled for changes. The Download Status table shows you the current status of the Dell catalogs that your appliance uses.

3. 4.

Click Disable import of Dell Client and Server Update Catalogs to stop the Dell updates. Click one of the Check for Changes options to set up a schedule for updating the Dell catalogs.

158

Administrator Guide, Version 5.3

Distributing Software from Your K1000 Management Appliance

The first option of these two is intended for weekly updates and the second for monthly. 5. Use the Stop Download section options to limit the amount of time you allow the Dell updates to run. You may want to enforce a hard stop at a specific time, for example, when your users start working. 6. The Package Download Options buttons to specific whether to limit the Dell updates to just the ones that apply to your appliance implementation now, or keep all of the Dell updates available. If you change operating systems or bring on new Dell equipment frequently, its probably best to keep all Dell updates handy.

7. 8.

Click Refresh Catalog Now to update the catalogs immediately. Click Delete All Files or Delete Unused Files to remove all or some of the Dell catalog files. These options can free disk space.

9.

Click Save Dell Update Settings at the bottom of the page to make your changes take effect.

This completes the process of configuring your Dell OpenManage catalog updates.

Administrator Guide, Version 5.3

159

Distributing Software from Your K1000 Management Appliance

160

Administrator Guide, Version 5.3

9
Using the Scripting Features

The Dell KACE K1000 Management Appliance Policy and Scripting component provides a point-and-click interface to perform tasks that typically require you to use a manual process or advanced programming.

Scripting Overview, on page 161. Using the Appliance Default Scripts, on page 163. Creating and Editing Scripts, on page 164. Using the Run Now function, on page 174. Searching the Scripting Log Files, on page 177. About the Configuration Policies, on page 178. Using the Windows-based Policies, on page 179. Using the Mac OS Configuration-based Policies, on page 189.

Scripting Overview
With Policy and Scripting, you can more easily and automatically perform a variety of tasks. You can perform these tasks across your network through customized scripts that run according to your preferences.

Administrator Guide, Version 5.3

161

Using the Scripting Features

Figure 9-1: The Scripting tabs

Scripts automate tasks such as:

Power management Installing software Checking antivirus status Changing registry settings Scheduling deployment to the endpoints on your network

Each script consists of: Metadata Dependencies (any supporting executable files that are necessary to run a script, for example, .zip and .bat files) Rules to obey (Offline Kscripts and Online Kscripts) Tasks to complete (Offline Kscripts and Online Kscripts). Each script can have any number of tasks, and you can configure whether each task must complete successfully before the next is executed. Deployment settings Schedule settings

You can create these types of scripts:

162

Administrator Guide, Version 5.3

Using the Scripting Features

Offline KScripts: These scripts can execute even when nodes are not connected to the appliance server, such as at the time of Machine Boot Up and User Login. Or, they execute at a scheduled time based on the node clock. You can create these scripts using the K1000 Management Appliance scripting wizard. Online KScripts: These scripts can execute only when the node is able to ping the appliance server. They execute at scheduled times based on the appliance clock. You can create these scripts using the K1000 Management Appliance scripting wizard. Online Shell Scripts: These scripts can execute only when the node is connected to the appliance server. They execute at scheduled times based on the server clock. The online shell scripts are built using simple text-based scripts (bash, perl, batch, and so on) supported by the target operating system. Batch files are supported on Windows, along with the different shell script formats supported by the specific operating system of the targeted machines.

Order of downloading script dependencies


The order of downloading script dependencies is as follows: 1. 2. 3. 4. Local machine (checks if the dependency is present on the node). KACE_ALT_LOCATION (Alternate Download Location if specified). Replication server (if replication is enabled). K1000 Server.

Using the Appliance Default Scripts


Your K1000 Management Appliance includes these ready-made scripts: Script Name Defragment the C: drive Force Checkin Description Defragments the c: drive on the computer. Runs KBScriptRunner on a node to force a checkin. WARNING: Do not run this with more than 50 nodes selected as it can overload the server with requests. On some machines, a missing registry entry causes all the contents of the system32 directory to be reported as the Startup Programs. This script fixes the registry entry if it is missing. Issues the DOS-DIR command on a Windows system. Used as an example for how to run a DOS command. Issues the AppDir.txt command to list the contents of the Mac OS applications directory. Used as an example of how to run a command on a Mac OS system. Disables the appliance Remote Control functionality on Windows XP Professional by configuring Terminal Services properly.

Inventory Startup Programs Fix Issue a DOS Command Example Issue a Mac Command Example K1000 Remote Control Disabler

Administrator Guide, Version 5.3

163

Using the Scripting Features

Script Name K1000 Remote Control Enabler K1000Client debug logs Disable K1000Client debug logs Enable Make Removable Drives Read-Only Make Removable Drives Read-Write Message Window Script Example

Description Enables the appliance Remote Control functionality on Windows XP Professional by configuring Terminal Services properly. Disables the debug switch used with the appliance client debug logs. Enables client debug and sends the debug log back to the appliance. This script turns on debug only for the inventory and deployment part of the node. It does not enable debugging of the scheduling service. Allows removable drives to be mounted only as read-only (a method of controlling unauthorized access to data). Removable drives can be mounted read-write. Illustrates use of the Message Window. Your script must have properly paired create/destroy message window commands to work properly. The Message Windows remain displayed until one of the following occurs: User dismisses the message. Script finishes executing. Timeout is reached.

Put a Mac to sleep Reset KUID

Places a Mac OS system in sleep mode. Deletes the registry keys that identify a node so that a new key can be generated. Will only execute one time per node due to the ResetKUIDRunOnce registry flag. Powers-off a Mac OS system. An example Online KScript that uses the Alert User Before Run feature to allow the console user to snooze the shutdown. Specifies a delay (in seconds) while the message in quotes is displayed to the user. Omit the -t parameter to silently and immediately shut down nodes. An example Online KScript that uses the Alert User Before Run feature to allow the console user to snooze the shutdown. Disables usage of USB Drives. Enables usage of USB Drives.

Shutdown a Mac Shutdown a Mac with snooze Shutdown a Windows system Shutdown a Windows system with Snooze USB Drives Disable USB Drives Enable

Creating and Editing Scripts


There are three ways to create scripts, which you can perform from the Scripting > Scripts tab.

By importing an existing script (in XML format). By copying and modifying an existing script.

164

Administrator Guide, Version 5.3

Using the Scripting Features

By creating a new script from scratch.

The process of creating scripts is an iterative one. After creating a script, deploy the script to a limited number of machines to verify that the script runs correctly before deploying it to all the machines on your network. (You can create a test label to do this.) Leave a script disabled until you have tested and edited the script and are ready to run it.

Token Replacement Variables


You can use the following token replacement variables anywhere in the XML of a K1000 Management Appliance script. They are replaced at run time on the node with appropriate values:

$(KACE_DEPENDENCY_DIR) expands to: Windows: $(KACE_INSTALL)\packages\kbots\xxx Mac OS and Linux: /var/kace/SMMP/kbots_cache/packages/kbots/xxx

Any script dependencies for this script are downloaded to the node in this folder.

$(KBOX_INSTALL_DIR) agent installation directory: Windows: C:\Program Files\KACE\KBOX Mac OS: /Library/KBOXAgent/Home/bin/ Linux: /KACE/bin/

$(KBOX_SYS_DIR) agent machine's system directory: Windows: C:\Windows\System32 Mac OS and Linux: /

$(KACE_INSTALL) same as KBOX_INSTALL_DIR. $(KBOX_EXECUTE_EVENT) event causing KBOT to run, [BOOTUP|LOGON|null]. $(MAC_ADDRESS) agent machine's primary MAC address. $(KACE_SERVER) host name of the appliance server. $(KACE_SERVER_PORT) port to use when connecting to KACE_SERVER (80/ 443). $(KACE_SERVER_URLPREFIX) http/https. $(KACE_COMPANY_NAME) agent's copy of the setting from the server's configuration page. $(KACE_SPLASH_TEXT) agent's copy of the setting from the server's configuration page. $(KACE_LISTEN_PORT) agent's port that the server can use for Run Now. $(KACE_SERVER_URL) a combination of server, port, and URL prefix (http:// k1000_hostname:80).

Administrator Guide, Version 5.3

165

Using the Scripting Features

$(KBOX_IP_ADDRESS) agent's local IP address (corresponds with network entry of MAC_ADDRESS). $(KBOX_MAC_ADDRESS) same as MAC_ADDRESS.

Adding Scripts
Offline and Online KScripts include one or more Tasks. Within each Task section, there are Verify and Remediation sections where you can further define the script behavior. If a section is left blank, it defaults to success. For example, if you leave the Verify section blank, it ends in On Success.

To add an Offline KScript or Online KScript


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Scripts. In the Choose Action menu, click Add New Item . The Script: Edit Detail page appears. 3. Script Type Name Description Status In the Configuration area, enter the requested details: Use this field to select the Offline Kscript or Online Kscript types. (Optional) Enter a meaningful name for the script to make it easier to distinguish from others listed on the Scripts tab. (Optional) Enter a brief description of the actions the script performs. This information helps you to distinguish one script from another on the Scripts tab. Select a value to indicate whether the script is in development (Draft) or has been rolled out to your network (Production). Use the Template status if you are building a script that is used as the basis for future scripts. Select to run the script on the target machines. Do not enable a script until you are finished editing and testing it and are ready to run it. Enable the script on a test label before you enable it on all machines. (Optional) Enter notes for yourself and other appliance administrators. 4. Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines Specify the deployment options: Select to deploy the script to all the machines. Select a label to limit deployment only to machines grouped by that label. Press CTRL to select more than one label. Select to limit deployment to one or more machines. From the drop-down list, select the machines to add to the list. You can filter the list by entering filter options.

Enabled

Notes

166

Administrator Guide, Version 5.3

Using the Scripting Features

Pick Specific OS Versions: Alerts: Online KScripts Only Agents 5.1 (and higher) Windows and Mac OS agents

Select to limit the script to specific operating system versions. (Otherwise, the script runs on all versions of the operating systems you pick.) Alert User Before Run Allows you to delay or cancel the script before it runs. (For example, choose to enable this for scripts that reboot or shut down computers.) If no user is logged in to the console, the script runs immediately. Dialog Options: OK - The script runs immediately. Cancel - The script is cancelled until its next scheduled run. Snooze - The user is prompted again after the Snooze Duration. If the time specified by Dialog Timeout elapses without the user pressing a button, the script runs at that time. When the user presses the snooze button, the dialog reappears after the Snooze Duration. Interaction With Run As: Only the console user can see the alert dialog (and therefore choose to snooze or cancel) regardless of the Run As setting. Enabling an alert prompts the console user even if the script is set to run as all users or another user. Dialog Timeout (Minutes): Snooze Duration (Minutes): Alert Message: Enter the number of minutes. Enter the number of minutes: Enter the message you want displayed to users. Run with administrative privileges on local machine. Use this setting for all scripts created with a wizard. Affect that users profile.

Run As: Online KScripts Only

Run As Local System

Run As User logged in to console Run As User:

Run As All Logged in Users Affect all users profiles. Handle network-wide tasks. Usually admin, but you can run as any user.

Administrator Guide, Version 5.3

167

Using the Scripting Features

Scheduling

In the Scheduling area, specify when and how often the script is run. Dont Run on a Schedule Runs in combination with an event rather than on a specific date or at a specific time. Use this option in combination with one or more of the Also choices below. For example, use this option in conjunction with Also Run at User Login to run whenever the user logs in. Runs on every hour and minutes as specified. Runs on the specified time on the specified day.

Run Every nth minutes/ hours Run Every day/specific day at HH:MM AM/PM

Run on the nth of Every Runs on a particular day of every month or Month or on a Specific particular month at a specified time. Month at HH:MM AM/PM. Custom Schedule Allows you to set an arbitrary schedule using standard cron format. For example, 1,2,3,5,2025,30-35,59 23 31 12 * * means: On the last day of year, at 23:01, 23:02, 23:03, 23:05, 23:20, 23:21, 23:22, 23:23, 23:24, 23:25, 23:30, 23:31, 23:32, 23:33, 23:34, 23:35, 23:59. The appliance does not support the extended cron format. Runs the Offline KScript once when new scripts are downloaded from the appliance. To set the time interval for downloading scripts, click Scripting Update Interval in the help area on this page. Runs the Offline KScript at machine boot time. Beware that this causes the machine to boot up slower than it might normally. Runs the Offline KScript after the user has entered their Windows login credentials. Allows the Offline KScript to run even if the target machine cannot contact the appliance to report results. In such a case, results are stored on the machine and uploaded to the appliance until the next contact. Allows the Offline KScript to run even if a user is not logged in. To run the script only when the user is logged into the machine, clear this option.

Also Run Once at next Client Checkin (Only for Offline KScript)

Also Run at Machine Boot Up (Only for Offline KScript) Also Run at User Login (Only for Offline KScript) Allow Run While Disconnected (Only for Offline KScript)

Allow Run While Logged Off (Only for Offline KScript)

5.

Click Run Now to immediately push the script to all machines. Use this option with caution. For more information about Run Now, refer to Using the Run Now function, on page 174.

168

Administrator Guide, Version 5.3

Using the Scripting Features

6.

To browse for and upload files required by the script, click Add new dependency, click Browse, and then click Open to add the new dependency file. If a Replication Share is specified and enabled at Distribution > Replication, the dependencies are downloaded from the specified replication share.

If the replication share is inaccessible, the dependencies are downloaded from the appliance server. To enable this setting, select the Failover To K1000 check box on the Replication Share : Edit Detail page. Repeat this step to add additional new dependencies as necessary. 7. Click Add Task Section to add a new task. The process flow of a task is a script similar to the following: IF Verify THEN Success ELSE IF Remediation THEN Remediation Success ELSE Remediation Failure 8. Attempts Under Policy or Job Rules, set the following options for Task 1: Enter the number of times the script attempts to run. If the script fails but remediation is successful, you may want to run the task again to confirm the remediation step. To do this, set the number of Attempts to 2 or more. If the Verify section fails, it is run the number of times mentioned in this field. Select Break to stop running upon failure. Select Continue to perform remediation steps upon failure. 9. In the Verify section, click Add to add a step, and then select one or more steps to perform. Refer to Appendix B: Adding Steps to Task Sections, starting on page 265. 10. In the On Success and Remediation sections, select one or more steps to perform. Refer to Appendix A: Administering Mac OS Nodes, starting on page 259. 11. In the On Remediation Success and On Remediation Failure sections, select one or more steps to perform. Refer to Appendix A: Administering Mac OS Nodes, starting on page 259. To remove a dependency, task, or step, click the trash can icon item. This icon appears when your mouse hovers over an item. beside the

On Failure

Administrator Guide, Version 5.3

169

Using the Scripting Features

Click next to Policy or Job Rules to view the token replacement variables that can be used anywhere in the K1000 Management Appliance script. The variables are replaced at runtime with appropriate values on the node. For more information, refer to Token Replacement Variables, on page 165.

To add an Online Shell Script


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Scripts. In the Choose Action menu, click Add New Item . The Script: Edit Detail page appears. 3. In the Configuration area, enter the following information: Select the Online Shell Script type. Enter a meaningful name for the script to make it easier to distinguish from others listed on the Scripts tab. (Optional) Enter a brief description of the actions the script performs. This field helps you to distinguish one script from another on the Scripts tab. Indicate whether the script is in development (Draft) or has been rolled out to your network (Production). Use the Template status if you are building a script to use as the basis for future scripts. Click to run the script on the target machines. Do not enable a script until you are finished editing and testing it and are ready to run it. Enable the script on a test label before you enable it on all machines. (Optional) Enter any notes.

Script Type Name Description

Status

Enabled

Notes 4.

Specify the deployment options: Click to deploy the script to all the machines. Select a label to limit deployment to machines in that label. Press CTRL and click labels to select more than one label.

Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines: Pick Specific OS Versions:

You can limit deployment to one or more machines. From the dropdown list, select machines to add to the list. You can filter the list by entering filter options. Select to limit the script to specific operating stem versions. Otherwise, the script runs on all versions of the operating systems you pick.

170

Administrator Guide, Version 5.3

Using the Scripting Features

Scheduling

In the Scheduling area, specify when and how often the script runs. Dont Run on a Schedule The test runs in combination with an event rather than on a specific date or at a specific time. Use this option in combination with one or more of the Also choices below. For example, use this option in conjunction with Also Run at User Login to run whenever the user logs in. Run Every nth minutes/ hours Run Every day/specific day at HH:MM AM/PM Custom Schedule The test runs on the interval of hour and minutes specified. The test runs on the specified time on the specified day. This option allows you to set an arbitrary schedule using standard cron format. For example, 1,2,3,5,20-25,30-35,59 23 31 12 * * means: On the last day of year, at 23:01, 23:02, 23:03, 23:05, 23:20, 23:21, 23:22, 23:23, 23:24, 23:25, 23:30, 23:31, 23:32, 23:33, 23:34, 23:35, 23:59. The appliance doesnt support the extended cron format.

5.

Click Run Now to immediately push the script to all machines. Use this option with caution. For more information about the Run Now button, refer to Using the Run Now function, on page 174. To browse for and upload files required by the script, click Add new dependency, click Browse, and then click Open to add the new dependency file. If a Replication Share is specified and enabled at Distribution > Replication, the dependencies are still downloaded from the appliance server, because Replication is not supported by online shell scripts. Repeat this step to add additional new dependencies as necessary.

6.

7. Script Text

Specify the following: Enter the relevant script text. Enter the value in minutes, the maximum time, for which the server tries for execution of the script. Select to upload dependency file, if any, to the node. Specify the directory path and file name.

Timeout (minutes) Upload File

Delete Downloaded Select to delete the downloaded files from the node. Files To remove a dependency, click the trash can icon beside the item. This icon appears when your mouse hovers over an item.

Administrator Guide, Version 5.3

171

Using the Scripting Features

Click next to Policy or Job Rules to view the token replacement variables that can be used anywhere in the K1000 Management Appliance script and are replaced at runtime on the node with appropriate values. For more information, refer to Token Replacement Variables, on page 165.

Editing Scripts
On the Script: Edit Detail page, you can edit the three types of scripts: Offline KScripts, Online KScripts, and Online Shell Scripts. You can also edit Offline KScripts and Online KScripts by using the wizard or with the XML editor. To use the XML editor, click the View raw XML editor link below the Scheduling option.

To edit a script
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Scripts. Click the name of the script you want to edit. The Script: Edit Detail page appears. 3. 4. Modify the script as desired. Click Save.

To delete a script from the Scripts page


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. 4. Click Scripting > Scripts. Click the check box beside the script you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click OK to confirm deletion.

To delete a script from the Scripts Edit page


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Scripts. Click the name of the script you want to delete. The Script: Edit Detail page appears. 3. 4. Click Delete. Click OK to confirm deletion.

172

Administrator Guide, Version 5.3

Using the Scripting Features

Importing Scripts
If you prefer to create your script in an external XML editor, you can upload your finished script to the K1000 Management Appliance. Be sure that the imported script conforms to the following structure:

The root element <kbots></kbots> includes the URL of the KACE DTD kbots xmlns=http://kace.com/Kbots.xsd>...<kbots> One or more <kbot> elements. Exactly one <config> element within each <kbot> element. Exactly one <execute> element within each <config> element. One or more <compliance> elements within each <kbot> element.

The following is an example of the XML structure for an appliance script: <?xml version=1.0 encoding=utf-8 ?> <kbots xmlns=http://kace.com/Kbots.xsd> <kbot> <config name=name= type=policy id=0 version=version= description=description=> <execute disconnected=false logged_off=false> </execute> </config> <compliance> </compliance> </kbot> </kbots> In the above example of a simple XML script, the </config> element corresponds to the Configuration section on the Script: Edit Detail page. This is where you specify the name of the policy or job (optional), and the script type (policy or job). Within this element you can also indicate whether the script can run when the target machine is disconnected or logged off from the appliance. You can specify whether the script is enabled and describe the specific tasks the script is to perform within the <compliance> element. If you are creating a script that will perform some of the same tasks as an existing script, copy the existing script, and open it in an XML editor. The scripts <compliance> element gives you an idea of how the script works, and how you can change it. For more information, refer to To Duplicate an existing Script, on page 174.

To import an existing script


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.

Administrator Guide, Version 5.3

173

Using the Scripting Features

1. 2.

Click Scripting > Scripts. In the Choose Action menu, click Import from XML. The Script: Edit Detail page appears.

3.

Paste the existing script into the space provided, and click Save.

To Duplicate an existing Script


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. If you have already created a script that is similar to a proposed script, the duplicate feature makes it easier to copy the script as a start for a new script. 1. 2. Click Scripting > Scripts. Click the linked name of the script you want to copy to open it for editing. The Script: Edit Detail page appears. 3. Click Duplicate at the bottom of the page. The Scripts list page appears, which includes a new script named Copy of xxx, where xxx is the name of the copied script. 4. Click the linked name of the copied script to open it for editing. Continue by following the steps in Adding Scripts, on page 166.

Using the Run Now function


The Run Now function provides a way for you to run scripts on selected machines immediately without setting a schedule. For example, you may want to use this function if you:

Suspect machines on your network are infected with a virus or other vulnerability, and they can compromise the entire network if not resolved right away. Want to test and debug scripts on a specific machine or set of machines during development.

The Run Now function is available in three locations:

Run Now tabRunning Scripts from the Scripting > Run Now tab allows you to run one script at a time on the target machines. Script : Edit Detail PageRunning Scripts from the Script : Edit Detail page allows you to run one script at a time on the target machines. Scripts List PageRunning scripts from the Scripts List Page using the Run Now option from the Choose Action menu allows you to run more than one script at the same time on the target machines.

174

Administrator Guide, Version 5.3

Using the Scripting Features

To run scripts using the Run Now tab


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page.

CAUTION: A script is deployed immediately when you click Run Now: Use this feature cautiously! Do not deploy unless you are certain that you want to run the script on the target machines. 1. Click Scripting > Run Now. The Run Now page appears. 2. Select the script you want to run in the Scripts list. You can use the Filter options to filter the Scripts list. 3. Select the machines on which script needs to run from the Inventory Machines list. Selected machine names appear in the Machine Names field. You can use the Filter options to filter the machine names list. You can add all the machines by clicking Add All.

At least one machine name is required. 4. Click Run Now to run the selected script.

Run Now from the Script Detail page


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. To minimize the risk of deploying to unintended target machines, create a label that represents the machines on which you will perform the Run Now function. Refer to Using the Run Now function, on page 174, for more information. 1. 2. Click Scripting > Scripts. Select the script you want to run. The Script: Edit Detail page appears. 3. Select the labels that represent the machines on which you want to run the script. Press CTRL to select multiple labels. 4. Scroll to the bottom of the Scheduling section, and then click Run Now. A confirmation dialog box appears if you have made any changes. 5. Click OK in the confirmation dialog box to save any unsaved changes before running. The Run Now Status page is displayed after the script is run.

Administrator Guide, Version 5.3

175

Using the Scripting Features

To use the Run Now function from the Scripts Lists Page
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. To minimize the risk of deploying to unintended target machines, create a label that represents the machines you want to run the Run Now function on. Refer to Using the Run Now function, on page 174, for more information. 1. 2. 3. Click Scripting > Scripts. Select the scripts you want to run. From the Choose Action menu, click Run Now.

Monitoring Run Now Status


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. When you click Run Now or select Run Now from the Choose Action menu, the Run Now Status tab appears where you can see a new line item for the script.

The Pushed column indicates the number of machines on which the script is attempting to run. The Completed column indicates the number of machines that have finished running the script.

The numbers in these columns increment accordingly as the script runs on all of the selected machines. The icons above the right-hand column provide further details of the script status. Icon The script completed successfully. The script is still being run, therefore its success or failure is unknown. An error occurred while running the script. If errors occurred in pushing the scripts to the selected machines, you can search the scripting logs to determine the cause. For more information about searching logs, refer to Searching the Scripting Log Files, on page 177. The Run Now function communicates over port 52230. One reason a script might fail to deploy is if firewall settings are blocking the appliance Agent from listening on that port. Description

Run Now Detail Page


For more information on a Run Now item, click the linked start time on the Run Now Status page to display the items Run Now Detail page.

176

Administrator Guide, Version 5.3

Using the Scripting Features

The Run Now Detail page displays the results of a script that was run manually using the Run Now function, instead of running it on a schedule. The Run Now Statistics section displays the results of a script that was pushed, the push failures, push successes, completed machines, running machines, successes and failures in numbers and percentage. The Push Failures section lists those machines that the server could not contact and therefore did not receive the policy. Once pushed, it may take some time for the machine to complete a policy. Machines that have received the policy but have not reported their results, are listed in the Scripts Running section. After the policy is run, it reports either success or failure. The results are sorted under the appropriate section. Each individual computer page also has the results of the Run Now events run on that machine. The Run Failures section lists those machines that failed to complete the script. The Run Successes section lists those machines that completed the script successfully.

Searching the Scripting Log Files


The Search Logs page allows you to search the logs uploaded to the K1000 Management Appliance by the machines on your network.

To search scripting logs


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Search Logs. Enter keywords for the scripts in the Search for field. You can use the following operators to change how the logs are searched: Operator + * Function A leading plus sign indicates the word must be present in the log. A leading minus sign indicates the word must not be present in the log. A trailing asterisk can be used to find logs that contain words that begin with the supplied characters. A phrase enclosed in double quotes matches only if the log contains the phrase exactly as typed. To search only in logs uploaded by a particular script, choose the script name. Select the log type to search in from the drop-down list.

3. 4.

Administrator Guide, Version 5.3

177

Using the Scripting Features

You can choose from the following options: 5. 6. 7. Output Activity Status Debug

In the Historical field, select whether to search in only the most recent logs or in all logs from the drop-down list. In the Labels field, select a label from the drop-down list to search logs uploaded by machines in a particular label group. Click Search. The search results display the logs and the machines that have uploaded the logs.

You can apply a label to the machines that are displayed by selecting a label from the dropdown list, under search results.

About the Configuration Policies


The Configuration Policy page displays a list of wizards you can use to create policies that manage various aspects of the computers on your network. To access the list of available Configuration Policy wizards, go to Scripting > Configuration Policy. This section includes descriptions of the settings for each of the policies you can create. The Windows-based wizards include:

Enforce Registry Settings, on page 179. Remote Desktop Control Troubleshooter, on page 179. Enforce Desktop Settings, on page 180. Desktop Shortcuts Wizard, on page 181. Event Log Reporter, on page 181. MSI Installer Wizard, on page 182. UltraVNC Wizard, on page 184. Un-Installer Wizard, on page 186. Windows Automatic Update Settings policy, on page 186. Power Management Wizard, on page 188.

For details, see Using the Windows-based Policies, on page 179. The Mac OS-based wizards include:


178

Enforce Power Management Settings, on page 190. Enforce VNC Settings, on page 192.

Administrator Guide, Version 5.3

Using the Scripting Features

Enforce Active Directory Settings, on page 192.

For details, see Using the Mac OS Configuration-based Policies, on page 189.

Using the Windows-based Policies


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. The following sections explain how to use the default policies available to Windows systems. If you edit a Wizard-based policy, keep the Run As setting as local system.

Enforce Registry Settings


This wizard allows you to create scripts that enforce registry settings: 1. 2. 3. 4. Use regedit.exe to locate and export the values from the registry that you are interested in. Open the .reg file that contains the registry values you want with notepad.exe and copy the text. Click Scripting > Configuration Policy. Select Enforce Registry Settings. The Configuration Policy : Desktop Enforcement page appears. 5. 6. 7. Enter a policy name in the Policy Name field. Paste the copied registry values into the Registry File field. Click Save. The Script: Edit Detail page appears. 8. Enable and set a schedule for this policy to take effect.

A new script is created, which checks that the values in the registry file matching the values found on the target machines. Any missing or incorrect values are replaced. Refer to Adding Scripts, on page 166, for more information.

Remote Desktop Control Troubleshooter


This editor creates a troubleshooting script for the K1000 Management Appliance Remote Control functionality. The script that this page generates tests the following:

Terminal Services: To access a Windows XP Professional machine using Remote Desktop, Terminal Services must be running. This script verifies that this is the case. Firewall Configuration: If the Windows XP SP2 Firewall is running on the machine, several different configurations can affect results in Remote Desktop requests being blocked by the firewall.

Administrator Guide, Version 5.3

179

Using the Scripting Features

To troubleshoot remote behavior


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 1. Click Scripting > Configuration Policy. Click Remote Desktop Control Troubleshooter. The Configuration Policy : Remote Control Troubleshooter page appears. 2. 3. Under Firewall Configuration, specify the required settings. Click Save. The Script: Edit Detail page appears. 4. Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166, for more information.

Enforce Desktop Settings


This wizard allows you to build policies that affect the user's desktop wallpaper. The wallpaper bitmap file is distributed to each machine affected by the policy. This file must be in bitmap (.bmp) format.

To create a policy to enforce Desktop Settings


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 1. 2. 3. 4. Click Scripting > Configuration Policy. Click Enforce Desktop Settings. Select the Use wallpaper check box. Click Browse to select and upload the .bmp file to use for the wallpaper. Select a position for the wallpaper image from the Position drop-down list. 5. Select Stretch to stretch the image so that it covers the entire screen. Select Center to display the image in the center of the screen. Select Tile to repeat the image over the entire screen.

Click Save. The Script: Edit Detail page appears.

6.

Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166 for more information.

180

Administrator Guide, Version 5.3

Using the Scripting Features

Desktop Shortcuts Wizard


This wizard allows you to quickly create scripts that add shortcuts to users' Desktop, Start Menu, or Quick Launch bar. You can create an Internet shortcut and put a URL to the target with no parameters and working shortcut.

To create scripts to add shortcuts


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Configuration Policy. Click Desktop Shortcuts Wizard. The Configuration Policy : Enforce Shortcuts page appears. 3. 4. 5. Enter a name for the desktop shortcut policy in the Policy Name field. Click Add Shortcuts. Specify the shortcut details. Enter the text label that appears below or next to the shortcut. Enter the application or file that is launched when the shortcut is selected. For example: Program.exe. Enter any command line parameters. For example: /S /IP=123.4.

Name Target Parameter s

WorkingDi Enter the changes to the current working directory. For example: r C:\Windows\Temp. Location Select the location where the shortcut appears from the drop-down list. Options include: Desktop, Quick Launch, and Start Menu.

6. 7. 8.

Click Save Changes to save the new shortcut. Click Add Shortcut to add more shortcuts. To edit or delete a shortcut, hover over a shortcut and click the Trash can icon that appears. Click Save. The Script: Edit Detail page appears.

9.

Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166, for more information.

Event Log Reporter


This wizard creates a script that queries the Windows Event Log and uploads the results to the K1000 Management Appliance.

Administrator Guide, Version 5.3

181

Using the Scripting Features

To create an Event Log query


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Configuration Policy. Click Event Log Dumper. The Configuration Policy : Event Log Reporter page appears. 3. Specify query details: Enter the name of the log file created by the script. Enter the type of log you want to query: Application, System, and Security. Enter the type of event you want to query: Information, Warning, and Error. (Optional) Use this field to restrict the query to events from a specific source.

Output filename Log file Event Type Source Name

4.

Click Save. The Script : Edit Detail page appears.

5.

Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166 for more information.

6. 7.

You can view the event log in the Computers : Detail page of the particular machine, by selecting Inventory > Computers. In Scripting Logs, under Currently Deployed Jobs & Policies, click the View logs link next to Event Log.

MSI Installer Wizard


This wizard helps you set the basic command line arguments for running MSI-based installers. Refer to the MSDN website (msdn.microsoft.com) for complete options documentation.

To create the MSI Installer policy


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 1. Click Scripting > Configuration Policy. Click MSI Installer Wizard. The Configuration Policy : MSI Wizard page appears.

182

Administrator Guide, Version 5.3

Using the Scripting Features

2. Action Software MSI Filename

Enter the following information: Select a task from the drop-down list. Options include Install, Uninstall, Repair missing files, and Reinstall all files. Select the application you want to install, uninstall, or modify from the drop-down list. You can filter the list by entering any filter options. Specify the MSI filename if it is a zip. Select an option to specify how the installation should appear to end users. Options include: Default, Silent, Basic UI, Reduced UI, and Full UI. Enter the installation directory.

User Interaction Install Directory

Additional Switches Enter details of any additional installer switches. Additional Switches are inserted between the msiexe.exe and the /i foo.msi arguments. Additional Properties Enter details of any additional properties. Additional properties are inserted at the end of the command line. For example: msiexec.exe /s1 /switch2 /i patch123.msi TARGETDIR=C:\patcher PROP=A PROP2=B Enter the features to install. Separate features with commas. Select this box to do per-machine installations only. Select the behavior after installation. Options include: Delete installer file and unzipped files. Delete installer file, and leave unzipped files. Leave installer file, and delete unzipped files. Leave installer file and unzipped files. Restart Options Select the restart behavior. Options include: No restart after installation. Prompts user for restart. Always restart after installation. Default.

Feature List Store Config per machine After install

Administrator Guide, Version 5.3

183

Using the Scripting Features

Logging

Select the types of installer messages to log. Press CTRL and click to select multiple message types. Options include: None All Messages Status Messages Non-fatal warnings All error messages Start up actions Action-specific records User requests Initial UI parameters Out-of-memory or fatal exit information Out-of-disk-space messages Terminal properties Append to existing file Flush each line to the log

Log File Name 3. 4.

Enter the name of the log file. Click Save. The Script: Edit Detail page appears. Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166 for more information.

UltraVNC Wizard
The UltraVNC Wizard creates a script to distribute UltraVNC to Windows computers on your network. UltraVNC is a free software application that allows you to remotely log into another computer (through the Internet or network). Refer to the UltraVNC Web site (www.uvnc.com) for documentation and downloads. To distribute UltraVNC to the computers on your network To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Configuration Policy. Select UltraVNC Wizard. The Configuration Policy : Ultra VNC Wizard page appears.

184

Administrator Guide, Version 5.3

Using the Scripting Features

3. Install Options

Specify UltraVNC installation and authentication options: Install Mirror Driver Select this check box to install the optional UltraVNC Mirror Video Driver. The Mirror Video Driver is a driver that allows faster and more accurate updates. The video driver also makes a direct link between the video driver framebuffer memory and UltraWinVNC server. Using the framebuffer directly eliminates the use of the CPU for intensive screen blitting, resulting in a big speed boost and very low CPU load. Select this check box to install the optional UltraVNC Mirror Video Driver. Provide a VNC password for authentication. To use MS Logon authentication and to export the ACL from your VNC installation, use: MSLogonACL.exe /e acl.txt Copy and paste the contents of the text file into the ACL field. Review the script that is generated by this wizard to make sure its output is expected. You can view the raw script by clicking View raw XML Editor on the Script Detail page. Select this check box to enable key-based encryption.

Install Viewer Authenticatio n VNC Password Require MS Logon

Key Based Encryption 4.

Specify UltraVNC miscellaneous options: Select this check box if you do not want to display the UltraVNC tray icon on the target computers. Select this check box if you do not want to display node options in the tray icon menu on the target computers. This option is available if you did not select Disable Tray Icon option. Select this check box to disable the UltraVNC properties panel on the target computers. Select this check box if you do not want to allow computer users to shut down WinVNC.

Disable Tray Icon Disable client options in tray icon menu Disable properties panel Forbid the user to close down WinVNC 5. Click Save.

The Script: Edit Detail page appears. 6. Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166, for more information.

Administrator Guide, Version 5.3

185

Using the Scripting Features

Un-Installer Wizard
This wizard allows you to quickly build a script to uninstall a software package. The resulting script can perform three actions: Execute an uninstall command, Kill a process, and Delete a directory.

To create an uninstaller script


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Configuration Policy. Click Un-Installer Wizard. The Configuration Policy : Uninstaller page appears. 3. Job Name Software Item Enter the following information: Enter a name for the uninstaller script. Select the software item to uninstall from the drop-down list. The wizard attempts to fill in the correct uninstall command. Verify that the values are correct. Uninstall Command Directory Uninstall Command File Uninstall Command Parameters Kill Process To have a process killed before executing the uninstall command, enter the full name of the process in the Kill Process field. For example: notepad.exe. To have a directory deleted after executing the uninstall command, enter the full name of the directory in the Delete Directory field here. For example: C:\Program Files\Example_App\. When you select the software item, the wizard attempts to fill in the uninstall command directory, file, and parameters. Review the entries to make sure the values are correct.

Delete Directory.

4.

Click Save. The Script: Edit Detail page appears.

5.

Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166 for more information.

Windows Automatic Update Settings policy


The K1000 Management Appliance provides a way for you to control the behavior of the Windows Update feature. This feature allows you to specify how and when Windows updates are downloaded so that you can control the update process for the computers on your network. The configuration settings reside under the Scripting > Configuration Policy

186

Administrator Guide, Version 5.3

Using the Scripting Features

tab. More detailed information can be found at Microsoft's support site: KB Article 328010.

To modify Windows Automatic Update settings


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Configuration Policy. Click Windows Automatic Update Settings. The Windows Automatic Update Policy page appears. 3. Enter the following information: Select this option to enable automatic downloading of Windows Updates.

Automatic (recommended)

Download updates for me, Select this option ensure that you receive the latest downloads, but but let me choose when to control their installation. install them. Notify me but dont automatically download or install them. Turn off Automatic Updates Remove Admin Policy. User allowed to configure. Select this option to provide the additional flexibility in the installation of updates. Important: This may make your network more vulnerable to attack if you neglect to retrieve and install the updates on a regular basis. Select this option if you are using the appliance patching feature to manage Microsoft patch updates. Select this option to provide users with the control over the updates downloaded. Important: This may make end-users, as a result your network, more vulnerable to attack. Select the interval (in minutes) from the Reschedule Wait Time drop-down list to wait before rescheduling an update if the update fails. Select to specify no reboot while a user is logged in.

Reschedule Wait Time

Do not reboot machine while user logged in 4. 5.

Enter the details for the SUS Server and SUS Server Statistics. (SUS stands for Windows Server Update Service.) Click Save. The Script: Edit Detail page appears.

6.

Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166, for more information.

Administrator Guide, Version 5.3

187

Using the Scripting Features

To start the Automatic Windows Update on a node


You can start the Automatic Windows Update on the node using one of the following methods:

Enable automatic Windows updates settings policy of the Appliance on the node. Enable the local policy for automatic deployment of Windows update on the node. Modify the registry key for automatic deployment of Windows update on the node. Set up the group policy on the domain for automatic deployment of Windows updates on the node. Configure the patching functionality for automatic deployment of the Windows update on the node. If you are using the patching functionality for automatic deployment of Windows updates on the node, you must disable the automatic deployment of Windows updates on the node by any other process to avoid the conflict between the different deployment processes.

Power Management Wizard


The Power Management Wizard enables you to configure power management settings to determine and/or decrease the amount of time your computers are drawing power.

To enable power management on a Windows XP System, you need EZ GPO. The Power Management Wizard automatically downloads EZ GPO when run on a Windows XP system. EZ GPO is a free tool that works in conjunction with Group Policy Objects on Windows XP. For more information on EZ GPO, see: http://www.energystar.gov On Windows 7 and Vista machines, power management is configured using the built-in powercfg command. (EZ GPO does not work on these platforms.)

About monitoring power use


Most power companies are concerned with the consumption of desktop systems, but not laptops. For example, to collect information of desktop systems:

Create a Smart Label in Inventory for the chassis type. Create reports grouping machines by the chassis type. Make a Smart Label in Inventory for Uptime since last reboot that contains the number of days that concern you.

To get an overview of your power consumption, run reports about power management for about a month. Go to Reporting > Reports to see the available reports in the Power Management category. You can also configure how long node uptime information is retained. See To configure general settings for the server, on page 35. This is one of the last configuration options.

188

Administrator Guide, Version 5.3

Using the Scripting Features

To configure Power Management


To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Click Scripting > Configuration Policy. Select Power Management Wizard. On the Configuration Policy : Windows Power Management page, select your target operating system. 4. If you manage Windows XP systems, refer to the side bar help. If you handle Windows Vista or Windows 7, you can select one of standard configurations: Balanced, High Performance, Power Saver, or Custom.

Click Save. The Script : Edit Detail page opens.

5. 6. 7.

Select the value for Status. (Optional) Enter any Notes. Limit the script to the appropriate version of Windows by doing one or both of the following: In the Deployment section, use labels to limit the deployment of the script to computers that run the corresponding version of Windows. In the Supported Operating Systems section, select the Pick Specific OS version check box and select the supported version of Windows.

For example, if you select Deploy to All Machines, you can use the Pick Specific OS Version option to limit it to a specific version of Windows. Windows XP: Keep the default Run as Local System with any script created in a wizard. Run As options are offered with Online KScripts like the Windows XP version of the Power Management script. 8. 9. (Optional) Alert users before run. (Optional) Change Scheduling options according to your preferences.

10. Click Save.

Using the Mac OS Configuration-based Policies


The following sections explain how to use the default policies available to Mac OS systems:

Enforce Power Management Settings, on page 190. Enforce VNC Settings, on page 192. Enforce Active Directory Settings, on page 192.

Administrator Guide, Version 5.3

189

Using the Scripting Features

Enforce Power Management Settings


This policy offers you these different energy management profiles to configure and use on your Mac OS-based systems:

Better energy savings Normal Better Performance Custom

You can tailor each of the profiles to these power sources: All Battery Charger (Wall Power) UPS

Power usage settings are a trade-off between CPU usage and power usage. Most of the settings are on/off check boxes to apply or remove options. You can add time periods, in numbers, to the Sleep settings. The policy options are shown below:

190

Administrator Guide, Version 5.3

Using the Scripting Features

Figure 9-2: The Mac Power Management page

Administrator Guide, Version 5.3

191

Using the Scripting Features

Enforce VNC Settings


This configuration policy controls enables/disables the Mac OS built-in VNC server. Figure 9-3: The Enforce VNC Settings page

Enforce Active Directory Settings


You use this policy to add or remove a computer from your domain by:

Choosing to add or remove a system. Entering your administrator credentials. The resulting script assumes that you have root access and shows your password unencrypted (clear text), so make sure that anyone using this script is trusted.

Specifying the LDAP domain name and user authentication information. Deciding on the other options you have for this system as shown below.

You can also use this policy to ensure that your Mac OS nodes check into your Active Directory database.

192

Administrator Guide, Version 5.3

Using the Scripting Features

Figure 9-4: The Enforce Active Directory Settings page

Administrator Guide, Version 5.3

193

Using the Scripting Features

194

Administrator Guide, Version 5.3

10
Maintaining Your K1000 Management Appliance

This chapter describes the most commonly used features and functions for maintaining and administering K1000 Management Appliance.

K1000 Management Appliance maintenance overview, on page 195 Backing up K1000 Management Appliance data, on page 196. Restoring K1000 Management Appliance settings, on page 198. Updating K1000 Management Appliance software, on page 199. Updating OVAL definitions, on page 202. Troubleshooting K1000 Management Appliance, on page 203. Windows debugging, on page 204.

K1000 Management Appliance maintenance overview


The Server Maintenance page allows you to perform a variety of functions to maintain and update your K1000 Management Appliance, for example:

Access the most recent appliance server backups Upgrade your appliance server to a newer version Retrieve updated OVAL definitions Restore to backed-up versions and also create a new backup of the appliance at any time

The Server Maintenance tab also enables you to reboot and shut down the appliance, as well as update appliance license key information. From the Server Maintenance tab you can:

Upgrade the appliance Update OVAL vulnerability definitions Create a backup appliance Enter or update the appliance License Key Restore to most recent backup Restore to factory default settings

Administrator Guide, Version 5.3

195

10

Maintaining Your K1000 Management Appliance

Restore from uploaded backup files Reboot your appliance Reboot with extended database check Shut down your appliance

Upgrading your appliance


KACE provides new server software patches on the corporate server. Your appliance checks kace.com nightly for recommended upgrades, which you can apply from the server maintenance page.

To upgrade your K1000 Management Appliance


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. 3. Go to K1000 Settings > Server Maintenance. Click Edit Mode. Click Check for Upgrade. If the upgrade is available, the label Available Upgrade along with the build number is displayed. If the upgrade is not available, the label Your K1000 is up to date, is displayed. 4. Click Upgrade Now to upgrade to the available build. When the appliance has finished upgrading, reboot it to use the latest features.

Backing up K1000 Management Appliance data


By default, your K1000 Management Appliance automatically backs up at 3 A.M., creating two files on the backup drive:

k1000 _dbdata.gz containing the database backup k1000_file.tgz containing any files and packages you have uploaded to the appliance.

To run the appliance backup manually


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. To run a K1000 Management Appliance backup before the nightly backup occurs, run the backup manually: 1.
196

Go to K1000 Settings > Server Maintenance.


Administrator Guide, Version 5.3

Maintaining Your K1000 Management Appliance

10

2. 3.

Click Edit Mode. In the K1000 Controls section, click Run Backup. After creating the backup, the Settings > Logs tab appears.

Downloading backup files to another location


The backup files are used to restore your K1000 Management Appliance configuration in the event of a data loss or during an upgrade or migration to new hardware. The K1000 Management Appliance contains only the most recent full backup of the files. For a greater level of recoverability (for instance if you wanted to keep rolling backups), you can offload the backup files to another location so that they can be restored later if necessary. You can access the backup files for downloading from the Administrator UI as well as through ftp.

To change backup file location


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. Go to K1000 Settings > Server Maintenance. In the K1000 Controls section, click the backup links: 3. k1000_dbdata.gz containing the database backup k1000_file.tgz containing the files and packages you uploaded to the K1000 Management Appliance

Click Save in the dialog box that appears. In Internet Explorer, use Browse to specify a location for the files and click Save. In Firefox, you must have previously set the download location.

To access the backup files through ftp


1. 2. Open a command prompt. At the C:\ prompt, enter:

ftp k1000 3. Enter the login credentials: Username: kbftp. Password: getbxf. 4. Enter the following commands:

> type binary > get k1000_dbdata.gz > get k1000_file.tgz

Administrator Guide, Version 5.3

197

10

Maintaining Your K1000 Management Appliance

>close >quit

Restoring K1000 Management Appliance settings


You use backup files to restore your appliance configuration in the event of a data loss or to transfer the setting during an upgrade or migration to new hardware. Restoring any type of backup file destroys the data currently configured in the appliance server. Dell recommends off-loading any backup files or data that you want to keep before performing a restore. If your backup files are too large to upload using the default HTTP mechanism (the browser times out), you can upload them using FTP. To upload using FTP, enable the Enable backup via FTP and Make FTP writable security settings. For details see Configuring Local HTTPD, on page 42.

Restoring from most recent backup


The appliance has a built-in ability to restore files from the most recent backup directly from the backup drive. You can access the backup files from the Administrator UI or through ftp.

To restore from the most recent backup


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. 3. Go to K1000 Settings > Server Maintenance. Click Edit Mode. Click Restore from Backup.

Uploading files to restore settings


If you have off-loaded your backup files to another location, you can upload those files manually, rather than restoring from the backup files stored on the K1000 Management Appliance.

To upload backup files


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. 3. 4. Go to K1000 Settings > Server Maintenance. Scroll down and click the Edit Mode. In the K1000 Restore section, click Browse and locate the backup file. Click Restore from Upload Files.

198

Administrator Guide, Version 5.3

Maintaining Your K1000 Management Appliance

10

Restoring to factory settings


The appliance has a built-in ability to restore the itself back to its factory settings. To view the factory settings refer to To set up your K1000 Management Appliance server, on page 18.

To restore to factory settings


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. 3. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode. Click Restore Factory Settings.

Updating K1000 Management Appliance software


Part of maintaining your Dell KACE K1000 Management Appliance involves updating the software that runs on the K1000 Management Appliance Server. This process also involves:

Verifying that you are using the minimum required version of the K1000 Management Appliance Updating the license key in the Dell KACE K1000 Management Appliance to obtain the current product functionality.

To verify the minimum server version


Before applying this update, verify your K1000 Management Appliance Server version meets the minimum version requirement. 1. 2. 3. Open your browser, and go to the URL for the K1000 Management Appliance (http:// k1000/admin). Select the About K1000 link located at the lower left of the screen. The System Management Appliance line (below the license agreement) contains the release number, as shown in Figure 10-1 on page 200.

Administrator Guide, Version 5.3

199

10

Maintaining Your K1000 Management Appliance

Figure 10-1: About K1000

Updating the license key


After installing an upgrade to the Dell KACE K1000 Management Appliance server, you may need to enter a new KACE license key to fully activate the K1000 Management Appliance. You need the new license key to upgrade your appliance.

Updating your Dell KACE K1000 Management Appliance license key


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. 3. 4. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode. Under License Information, enter your new license key. Click Save License.

200

Administrator Guide, Version 5.3

Maintaining Your K1000 Management Appliance

10

Applying the server update


If you are using a previous version of the Dell KACE K1000 Management Appliance, you must apply the earlier updates separately before continuing. Refer to the release notes for your version of the Dell KACE K1000 Management Appliance to determine the minimum updates.

To apply the server update


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. 3. 4. 5. 6. Download the k1000_upgrade_server_XXXX.bin file, and save it locally. Open your browser to http://k1000/admin. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode. Under Update K1000, click Browse, and locate the update file you just downloaded. Click Update K1000. When the file has completed uploading, your K1000 Management Appliance will reboot with the latest features.

To verify the upgrade


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. After applying the upgrade, verify successful completion by reviewing the update log. 1. 2. 3. 4. Go to K1000 Settings > Logs. Select Updates from the Current log drop-down list. Review the Update log for any error messages or warnings. Click About K1000 in the upper right corner to verify the current version.

Updating patch definitions from KACE


Although the definitions for Microsoft patches are updated automatically on a scheduled basis, you can retrieve the latest files manually from the Server Maintenance page.

To update the patch definitions


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode.

Administrator Guide, Version 5.3

201

10

Maintaining Your K1000 Management Appliance

3.

Click Update Patching to update your patch definitions.

To delete patch files


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. You can delete all previously downloaded patches: 1. 2. 3. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode. Click Delete Patch Files to delete the patch files.

To Reboot and shut down KACE K1000 Appliances


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. You may need to reboot the appliance from time to time when troubleshooting or upgrading its settings. 1. 2. Click K1000 Settings > Server Maintenance. Click Reboot K1000.

Before you can perform hardware maintenance, you need to shut down the appliance before unplugging it. You can shut down the appliance either by:

Pressing the power button once, quickly. Clicking the Shutdown K1000 button on the Settings > Server Maintenance tab. You can use the Reboot and Shutdown buttons after you click the Edit Mode link at the bottom of the page.

Updating OVAL definitions


Although the definitions for OVAL vulnerabilities are updated automatically on a scheduled basis, you can retrieve the latest files manually from the Server Maintenance page. For more information about OVAL definitions, see the Security and Patching Guide.

To update the OVAL and patch definitions


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. Go to K1000 Settings > Server Maintenance. Scroll down and click Edit Mode.

202

Administrator Guide, Version 5.3

Maintaining Your K1000 Management Appliance

10

3.

Click Update OVAL.

Troubleshooting K1000 Management Appliance


Your appliance offers several log files that can help you detect and resolve errors. The log files are rotated automatically as each grows in size, so no additional administrative log maintenance procedures are required. Log maintenance checks are performed daily. The appliance maintains the last seven days of activity in the logs. KACE Technical Support may request that you send the appliance server logs if they need more information in troubleshooting an issue. To download the logs, click the Download Logs link. For more information, see Downloading log files, on page 204.

Accessing K1000 Management Appliance logs


You can access the appliance Server logs by going to the Settings > Logs tab. Select the appropriate log to view from the Current log drop-down list. This area also provides a reference for any K1000 Management Appliance informational or exception notices. Log Type Hardware Server Log Name Disk Status K1000 Log Access Server Errors Stats Updates Tomcat Log Description Displays the status of the appliance disk array. Displays the errors generated on the server. Displays the HTTP Server's access information. Displays errors or server warnings regarding any of the onboard server processes. Displays the number of connections the appliance is processing over time. Displays details of any appliance patches or upgrades applied using the Update K1000 function. Displays the Tomcat log information.

System Displays system performance log information. Performanc e Konductor Log Opcode Cache Client Client Errors Displays Konductor log information. Displays opcode cache log information. Displays Agent exception logs.

AMP Server Displays AMP server errors. AMP Queue Displays AMP Queue errors.

Administrator Guide, Version 5.3

203

10

Maintaining Your K1000 Management Appliance

Downloading log files


The Dell KACE K1000 Management Appliance provides the ability to directly download the logs into one file from the Admin UI. To help diagnose a problem, Dell KACE Technical support might ask you to submit log files.

To download Dell KACE K1000 Management Appliance logs


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. 2. Go to K1000 Settings > Logs. Click Download logs on the right of the Log page. The logs are downloaded in the k1000_logs.tgz file. 3. Click Save.

In addition to the standard logging, you can enable other debug logs on a node:

K1000 Agent Enable debug logging on the node to troubleshoot machine inventory, managed installs, and file synchronizations. K1000 AMP Service Enable debug logging on the Windows node to troubleshoot the on-demand running of Desktop Alerts, Run-Now scripts, and Patching. You can enable debug logging by configuring AMP Settings. For information on how to configure the AMP Settings page, refer to Configuring Agent Messaging Protocol Settings, on page 47.

Windows debugging
To log on to the AMP service
1. Open the SMMP configuration file: %PROGRAMFILES%\KACE\K1000\SMMP.conf 2. Add the following line: debug=true For more information on debug logging on Linux and Mac OS platforms, refer to Appendix E: Manually Deploying Agents, starting on page 301.

SMMP.conf without debug=true

Windows debug.log with basic logging

Mac OS X agent.log with basic logging

Linux agent.log with basic logging

204

Administrator Guide, Version 5.3

Maintaining Your K1000 Management Appliance

10

SMMP.conf with debug=true

Windows debug.log with detailed logging

Mac OS X agent.log with detailed logging

Linux agent.log with detailed logging

Administrator Guide, Version 5.3

205

10

Maintaining Your K1000 Management Appliance

Understanding Disk Status log data


When troubleshooting the K1000 Management Appliance, you often work with the Disk Status log. If there is a physical problem with the appliance, that issue is reflected here.

K1000 Management Appliance server and agent exceptions are reported nightly to kace.com if you enabled crash reporting on the Settings > General tab.

206

Administrator Guide, Version 5.3

Maintaining Your K1000 Management Appliance

10

Figure 10-2: Disk Status Log

In the cases where the logs display errors, this section will be helpful to solve any problems. This section does not describe every possible error message, but other possible errors can be resolved by following the same steps: Step Step 1: Rebuild Description The disk status log error Degraded indicates that you need to rebuild the array. To do this: Click Rebuild Disk Array. Rebuilding can take up to 2 hours. If an error state still exists after this, proceed to step 2.

Administrator Guide, Version 5.3

207

10

Maintaining Your K1000 Management Appliance

Step Step 2: Power Down and Reseat the Drives

Description In some cases, the degraded array may be caused by a hard drive that is no longer seated firmly in the drive-bay. In these cases, the disk status will usually show disk missing for that drive in the log. Power down the Dell KACE K1000 Management Appliance. Once the appliance is powered off, eject each of the hard-drives and then re-insert them, making sure that the drive is firmly in the bay. Power the machine back on and then look again at the disk status log to see if that has resolved the issue. If an error state still exists, try rebuilding again or proceed to Step 3.

Step 3: Call Dell KACE Technical Support

If you have performed the previous steps and are still experiencing errors, contact Dell KACE Technical Support by email at (support@kace.com) or phone (888)522-3638 option 2.

208

Administrator Guide, Version 5.3

11
LDAP

The Dell KACE K1000 Management Appliance LDAP feature allows you to browse and search the data located on an LDAP Server.

About LDAP Labels, on page 209. Creating an LDAP Label Manually, on page 210 Creating an LDAP Label with the Browser, on page 211. Using LDAP Easy Search, on page 213. Using the LDAP Browser Wizard, on page 214. Automatically Authenticating LDAP Users, on page 215.

About LDAP Labels


LDAP Labels allow the automatic labeling of machine records based on LDAP or Active Directory interaction. The search filter queries the LDAP server. If it finds any entries, they are automatically labelled. If the LDAP server requires credentials for administrative login (i.e., nonanonymous login), supply these credentials. If no LDAP user name is given, an anonymous bind is attempted. Each LDAP Label can connect to a different LDAP/AD server. You can bind to an LDAP query based on the following Dell KACE K1000 Management Appliance variables:

Computer Name Computer Description Computer MAC IP Address User name User Domain Domain User

Administrator Guide, Version 5.3

209

11

LDAP

Creating an LDAP Label Manually


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Home > Label > LDAP Labels. In the Choose Action menu, click Add New Item. The LDAP Label : Edit Detail page appears. Skip the Enabled check box until you have tested the LDAP Label. 3. Enabled Filter Type Associated Label Name Server Hostname Enter the following information: Select this check box to enable the appliance to run the label each time a system checks in. Select this only after you have tested the label. Select the LDAP filter type: Machine or User. Select an existing label to associate with this LDAP label.

Associated Label Notes Any notes from the label definition are automatically added to this field. Specify the IP or Host Name of the LDAP Server. Note: For connecting through SSL, use the IP or Host Name. For example: ldaps://HOSTNAME. If you have a non-standard SSL certificate installed on your LDAP server, contact KACE Support for assistance before proceeding. A non-standard certificate can be an internally-signed or a chain certificate that is not from a major certificate provider such as Verisign. Enter the LDAP port number, which is either 389 or 636 (LDAPS). Enter the Search Base DN (Distinguished Names). For example: CN=Users,DC=kace,DC=com. Enter a search filter. For example: (&(sAMAccountName=admin)(memberOf=CN=financial,DC=ka ce,DC=com)) Enter the LDAP login. For example: LDAP Login: CN=Administrator, CN=Users,DC=kace=com Enter the password for the LDAP login.

LDAP Port Number Search Base DN Search Filter

LDAP Login LDAP Password

If you are unable to fill in the information for Search Base DN and Search Filter fields, you can use the LDAP Browser Wizard. For more information on the LDAP Browser Wizard, refer to Service Desk Administrator Guide. Negative searches are NOT supported correctly in LDAP search using Microsofts recommended method. You will receive a bad search filter error, even if you use the filter builder. Error example: (!samaccountname=David) Workaround example: (!(samaccountname=David))

210

Administrator Guide, Version 5.3

LDAP

11

4. 5.

Click the Test LDAP Label button to test your new label. Change the label parameters and test again as necessary. If the LDAP label is ready to use, select the Enabled check box. Otherwise, you can save without enabling.

6.

Click Save.

Each time a machine checks into the K1000 Management Appliance, this query runs against the LDAP server. The admin value in the Search Filter field is replaced with the name of the user that is logged onto this machine. If a result is returned, the machine gets the label specified in the Associated Label field. To test your LDAP label, click the Test button and review the results.

You can also create an LDAP Label using the LDAP Browser.

Creating an LDAP Label with the Browser


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. The LDAP Browser allows you to browse and search the data located on the LDAP Server (for example, the Active Directory Server.) You must have the Bind DN and Password to log on to the LDAP Server. 1. 2. LDAP Server Go to Home > Labels > LDAP Browser. Specify the LDAP Server Details Enter the IP or the Host Name of the LDAP Server. Note: For connecting through SSL, use the IP or Host Name. For example: ldaps://HOSTNAME. If you have a non-standard SSL certificate installed on your LDAP server, such as an internally-signed certificate or a chain certificate that is not from a major certificate provider such as Verisign, contact KACE Support for assistance before proceeding. Enter the LDAP port number, either 389 or 636 (LDAPS). Enter the Bind DN. For example: CN=Administrator,CN=Users,DC=kace,DC=com. Enter the password for the LDAP login.

LDAP Port LDAP Login LDAP Password 3.

Click Test. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names) available on that directory is displayed. You can use these base DNs as a starting point to browse and search the directory.

Administrator Guide, Version 5.3

211

11

LDAP

If the connection was not established, the Operation Failed message appears, which can be due to one of the following reasons: 4. The IP or Host Name provided is incorrect. The LDAP server is not up. The login credentials provided are incorrect.

Click a Base DN, or click Next. A new window displays the Search Base DN and the Search Filter fields. The Search Base DN is populated on the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN and the Search Filter values.

5.

You can also use the Filter Builder to create complex filters. Click Filter Builder. The Query Builder is displayed. Specify the following information. Enter the attribute name. For example: samaccountname. Select the relational operator from the drop-down list. For example, =. Enter the attribute value. For example, admin.

Attribute Name Relational Operator Attribute Value 6.

To add more than one attribute: Select the conjunction operator from the drop-down list. For example, AND. Note: This field is available for the previous attribute only when you add a new attribute.

Conjunction Operator

Add Search Scope

Click to add multiple attributes. Click One level to search at the same level or click Sub-tree level to search at the sub-tree level. Click OK. The query appears in the Search Filter text area. For example, (samaccountname=admin). 8. Click Browse to display all the immediate child nodes for the given base DN and search filter. Click Search to display all the direct and indirect child nodes for the given base DN and search filter. The search results are displayed in the left panel. 9. Click a child node to view its attributes. The attributes are displayed in the right panel.

7.

212

Administrator Guide, Version 5.3

LDAP

11

Using LDAP Easy Search


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. You can use LDAP Easy Search to quickly search the data located on the LDAP Server. To use the LDAP Easy Search 1. 2. LDAP Server Go to Home > Label >LDAP Browser. Specify the LDAP Server Details Enter the IP or the Host Name of the LDAP Server. Note: For connecting through SSL, use the IP or Host Name. For example: ldaps://HOSTNAME. If you have a non-standard SSL certificate installed on your LDAP server, such as an internally-signed certificate or a chain certificate that is not from a major certificate provider such as Verisign, contact KACE Support for assistance before proceeding. Enter the LDAP port number, either 389 or 636 (LDAPS). Enter the Bind DN. For example: CN=Administrator,CN=Users,DC=kace,DC=com Enter the password for the LDAP login.

LDAP Port LDAP Login LDAP Password 3. 4.

Click Test. On a successful connection to the LDAP server, a list of possible base DNs available on that directory is displayed. You can use these base DNs as a starting point to browse and search the directory. If the connection was not established, the Operation Failed message appears. Check the following causes: The IP or Host Name provided is incorrect. The LDAP server is not up. The login credentials provided are incorrect.

5.

Click a Base DN, or click Next. A new window displays the Search Base DN and the Search Filter fields. The Search Base DN field is populated on the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN and Search Filter values.

6.

Click the Go to LDAP Easy Search link. The LDAP EasySearch page appears.

7.

Enter any key word for search, and click GO. For more a specific search, you can click the Indexed field option or Non-Indexed field option. You can also specify Other attributes, separated by comma.

Administrator Guide, Version 5.3

213

11

LDAP

Using the LDAP Browser Wizard


The LDAP Browser Wizard enables you to fill in the information for the Search Base DN and the Search Filter fields. Using the LDAP Browser Wizard, you can browse and search the data located on the LDAP Server. For example, Active Directory Server. You must have the Bind DN and the Password to log on to the LDAP Server.

To use the LDAP Browser Wizard


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. 2. LDAP Server Go to Home > Label > LDAP Browser. Specify the LDAP Server Details Enter the IP or Host Name for the LDAP Server. Note: For connecting through SSL, use the IP or the Host Name. For example: ldaps://HOSTNAME. If you have a non-standard SSL certificate installed on your LDAP server, you need to contact KACE Support for assistance before proceeding. A non-standard certificate can be an internally-signed or a chain certificate that is not from a major certificate provider such as Verisign. Enter the LDAP Port number. For example: 389 or 636 (LDAPS). Enter the Bind DN. For example: CN=Administrator,CN=Users,DC=kace,DC=com Enter the password for the LDAP login.

LDAP Port LDAP Login LDAP Password 3. 4.

Click Test. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names) available on that directory is displayed. You can use these base DNs as a starting point to browse and search the directory. If the connection was not established, the Operation Failed message appears. Check the following causes: The IP or Host Name provided is incorrect. The LDAP Server is not up. The login credentials provided are incorrect.

5.

Click Next or one of the base DNs to advance to the next step. A new window displays the Search Base DN and Search Filter fields. The Search Base DN is populated on the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN and Search Filter field values.

6.

To create complex filters, click Filter Builder.

214

Administrator Guide, Version 5.3

LDAP

11

The Query Builder is displayed. 7. Specify the following information: Enter the attribute name. For example: samaccountname. Select the Relational Operator from the drop-down list. For example: =. Enter the attribute value. For example: admin.

Attribute Name Relational Operator Attribute Value 8.

To add more than one attribute: Select the Conjunction Operator from the drop-down list. For example, AND. Note: This field is available for the previous attribute only when you add a new attribute. Click to add multiple attributes. Click One level to search at the same level or click Sub-tree level to search at the sub tree level. Click OK. The query appears in the Search Filter text area. For example, (samaccountname=admin).

Conjunction Operator

Add Search Scope

9.

10. Click Browse to display all the immediate child nodes for the given base DN and search filter or click Search to display all the direct and indirect child nodes for the given base DN and Search Filter. The search results are displayed in the left panel. 11. Click a child node to view its attributes. The attributes are displayed in the right panel. 12. Click Next to confirm the LDAP configuration. 13. Click Next to use the displayed settings.

Automatically Authenticating LDAP Users


Instead of setting up users individually on the Users tab, you can configure the K1000 Management Appliance for local authentication or External LDAP Server authentication. The appliance can then access a directory service (such as LDAP) for user authentication. This allows users to log into the appliance Administrator portal using their domain user name and password, without having to add users individually from the Users tab.

To configure the appliance for user authentication


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page.

Administrator Guide, Version 5.3

215

11

LDAP

1.

Click Settings > Control Panel. The Settings: Control Panel page appears.

2.

Click User Authentication. The K1000 Settings: Authentication page appears.

3. 4.

Click Edit Mode. Specify the authentication method you want to use:

K1000 (local) Select this option to enable local authentication. (This is the default.) Authentication) If local authentication is enabled, the password is authenticated against the existing entries in the local database at Service Desk > Users. External LDAP Server Authentication Select this option to enable external user authentication. You can use external authentication against an LDAP server or Active Directory server. If External LDAP Server Authentication is enabled, the password is authenticated against the External LDAP Server. Contact KACE customer support if you need assistance with this process.

If the External LDAP Server Authentication is enabled, provide credentials for administrative login. The LDAP user configured should at least have READ access to the search base area. If you do not specify an LDAP user name, an anonymous bind is attempted. 5. 6. Click Edit Mode to edit External LDAP Server Authentication fields. Click the appropriate icons next to the server name to perform described actions: Icon Description Schedules a user import for this server. Modifies the server definition. Removes the server. Changes the order of the server in the list of servers. 7. Click Add New Server to add a new LDAP Server. You can have more than one LDAP Server/Directory configured. All servers must have a valid IP address or Hostname. Otherwise, the appliance will timeout, resulting in login delays when using LDAP authentication.

216

Administrator Guide, Version 5.3

LDAP

11

8.

Complete the LDAP server definition by specifying the following information: Enter a name for the server. Enter the IP or Host Name of the LDAP server. Note: For connecting through SSL, use the IP or the Host Name. For example: ldaps://HOSTNAME. If you have a non-standard SSL certificate installed on your LDAP server, contact KACE Support for assistance before proceeding. A non-standard certificate can be an internallysigned or a chain certificate that is not from a major certificate provider such as Verisign. Enter the LDAP Port number, either 389 or 636 (LDAPS). Enter the Search Base DN. For example: CN=Users,DC=hq,DC=corp,DC=kace,DC=com.

Server Friendly Name Server Host Name (or IP)

LDAP Port Number Search Base DN

Search Filter

Enter the Search Filter. For example: (samaccountname=admin).

LDAP Login

Enter the LDAP login. For example: CN=Administrator,CN=Users,DC=hq,DC=corp,DC=k ace,DC=com

LDAP Password (if required) Role

Enter the password for the LDAP login. Required. Enter the users role: Admin Role: This user can log on to and access all features of the administrator UI and Service Desk. The Admin Role is the default role. Read-Only Admin Role: This user can log on but cannot modify any settings in the administrator UI or Service Desk. User Role: This user can log on only to the Service Desk. Login Not Allowed: This user cannot log on to the Service Desk. Note: The roles listed above are system provided roles and are not editable. To create a new role, refer to the Service Desk Administrator Guide.

9.

Click Apply to save your changes.

10. To test the LDAP settings, enter a password in the Test User password, and then click Test LDAP Settings. If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP Browser Wizard. For more information on how to use the LDAP Browser Wizard, refer to Using the LDAP Browser Wizard, on page 214.

Administrator Guide, Version 5.3

217

11

LDAP

To schedule a User Import


1. 2. Click Edit Mode to edit the External LDAP Server Authentication fields. Click the icon next to the server name in the list of servers to schedule a user import.

The User Import : Schedule Choose attributes to import: Step 1 of 3 page appears. The LDAP Server Details are displayed, which are read-only: LDAP Server LDAP Port Search Base DN Search Filter LDAP Login LDAP Password 3. The IP or Host Name of the LDAP Server. The LDAP Port number, which is either 389 (LDAP) or 636 (LDAPS). The Search Base DN. For example: OU=users,DC=domain,DC=com The Search Filter. The LDAP login. The LDAP login password.

Specify the attributes to import. Specify the attributes to retrieve. For example: samaccountname, objectguid, mail, memberof, displayname, sn, cn, userPrincipalName, name, description If you leave this field blank, it retrieves all attributes. This may make the import process slow, and is not recommended. Enter a label attribute. For example: memberof. Label Attribute is the attribute on a customer item that returns a list of groups this user is a member of. The union of all the label attributes will form the list of labels you can import. Enter the label prefix. For example: ldap_ The Label Prefix is a string that is added to the front of all the labels. Enter the Binary Attributes. For example: objectsid. Binary Attributes indicates which attributes should be treated as binary for purposes of storage. Enter the maximum rows. This limits the result set that is returned in the next step. Click the check box to view the debug output in the next step. If you are unable to complete the information for Search Base DN and Search Filter, you can use the LDAP Browser Wizard. For more information on how to use the LDAP Browser Wizard, refer to Using the LDAP Browser Wizard, on page 214.

Attributes to retrieve

Label Attribute

Label Prefix Binary Attributes

Max # Rows Debug Output

4.

In Email Notification section, click to enter the recipients e-mail address, or choose Select user to add from the drop-down list.

218

Administrator Guide, Version 5.3

LDAP

11

5.

In Scheduling section, specify the scan schedule: Select this to not have the user import run on a schedule. (Default)

Dont Run on a Schedule

Run Every day/ Run daily or a specific day of the week at the specified time. specific day at HH:MM AM/PM Run on the nth of every month/ specific month at HH:MM AM/ PM 6. Click Next. The User Import : Schedule - Define mapping between User attributes and LDAP attributes: Step 2 of 3 page opens. 7. Select the value from the drop-down list next to each LDAP attribute to map the values from your LDAP server into the User record on the appliance. The fields in red are mandatory. The LDAP Uid must be a unique identifier for the user record. 8. Select a label to add to the appliance. Press CTRL and click to select more than one label. This list displays a list of all the Label Attribute values that were discovered in the search results. 9. Click Next. Run on a specific date or day of the month at the specified time.

10. Review the information displayed in the tables below: The Users to be Imported table displays list of users reported. The Labels to be Imported table displays the list of labels reported. The Existing Users table and the Existing Labels table display the list of Users and Labels that are currently on the appliance. Only users with a LDAP UID, User Name, and E-mail value will be imported. Any records that do not have these values are listed in the Users with invalid data table.

11. Click Next to start the import. The User Import : Schedule - Import data into the K1000: Step 3 of 3 page opens. 12. Click Import Now to save the schedule information and load the user information into the appliance. After importing, the User list page appears, where you can edit the imported user records. 13. Click Save to save schedule information.

Administrator Guide, Version 5.3

219

11

LDAP

The Settings: Authentication page opens. The imported user can log on to and access all features of the administrator UI and Service Desk depending on the role assigned.

220

Administrator Guide, Version 5.3

12
Running the K1000 Appliance Reports

The Dell KACE K1000 Management Appliance provides a variety of reporting and alert features that enable you get a detailed view of the activity on your organizations implementation. The K1000 Management Appliance 5.3 includes a new reporting engine. If you are upgrading from an earlier version, the previous Reports and the reporting engine are still available. These Reports are listed under the Classic Reports tab. Appendix G: K1000 Classic Reports, starting on page 321, contains instructions for using this deprecated feature.

Reporting Overview, on page 221 Running Reports, on page 222 Creating and Editing Reports, on page 223 Scheduling Reports, on page 229 Using Alert Messages, on page 233 E-mail Alerts, on page 234

Reporting Overview
The K1000 Management Appliance is shipped with many stock reports. To view the list, select Reporting > Reports. The reporting engine generate reports in HTML, CSV, and TXT formats. By default, the appliance provides reports in the following general categories:

Compliance Dell Updates Dell Warranty Hardware Service Desk

Administrator Guide, Version 5.3

221

12

Running the K1000 Appliance Reports

iPhone Inventory K1000 Network Patching Power Management Security Software Template Virtual Kontainers

You can duplicate and modify these reports as necessary. However, a strong knowledge of SQL is required to successfully change a report. Opening a CSV file containing multi byte characters with Microsoft Excel may yield garbage characters" in the resulting worksheet. See Dell KACE Support for instructions on how to import the CSV file into an Excel worksheet.

Running Reports
The K1000 Reports page displays a list of the available reports. The View by menu allows you to filter which reports are displayed by category. To use, create, delete or modify Reports, be sure to select your organization from the Organization drop-down list in the top-right hand corner of the page. To run any of the K1000 Management Appliance reports, click the desired format type: HTML, CSV, or TXT. For the HTML format, the report is displayed in a new window. For other formats, you can open the file or save it to your computer.

222

Administrator Guide, Version 5.3

Running the K1000 Appliance Reports

12

Creating and Editing Reports


If you have other reporting needs not covered by default reports, you can:

Duplicate an existing report and modify the copy to suit your needs. See To duplicate an existing report on page 229. Create a new report using the Report Wizard. See To create a new report using the Report Wizard on page 225. Create an SQL report. See To create a new SQL report on page 228.

Report Layout
To make the analysis of your data easier, the K1000 Management Appliance can lay out reports by:

Column and row order. Group rows under a subheading row. Order rows by ascending or descending alphanumeric sequence. Prioritize row sorting.

The following graphic shows an example of grouping rows. In this example, suppose you want to create a list of Windows machines that have Adobe Illustrator installed, and for license reasons, you want them separated by operating system. The report criteria looks for Illustrator and makes the operating system (OS_Name) the break column (displayed as a

Administrator Guide, Version 5.3

223

12

Running the K1000 Appliance Reports

subheading). The report returns a list of machines divided into Windows XP, Windows Vista, Windows 7, and shows the number of machines in each group.

224

Administrator Guide, Version 5.3

Running the K1000 Appliance Reports

12

The following graphics shows an example of sorting using two criteria. In this example, suppose that you want to create a list of the last time the agent was synced sorted by operating system and domain. The Sort on fields selection is:

The report returns a list of computers first sorted by operating system and then domain. The sort criteria first groups the computers by the type of operating system and then by the domain:

To create a new report using the Report Wizard


1. Click Reporting > Reports. The K1000 Reports page appears. 2. In the Choose Action menu, click Add New Report. The Define a New Report page is displayed. 3. Enter the report details as shown: Display name for the report. Make this as descriptive as possible, so you can distinguish this report from others.

Report Title

Administrator Guide, Version 5.3

225

12

Running the K1000 Appliance Reports

Report Category

Category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page and displayed in the Report list on the K1ooo Reports page. Information that the report will provide. Adds number column for each row. The available topics are displayed in the menu. This sets which fields are available for the report, which you define in step 6.

Description Show Line Number Column Report Topic

4. 5.

Click the appropriate topic name from the Available Topics list. For example, software. Click Next. The Define a New Report: Fields to include page is displayed.

6.

Select the fields that you want to include in your report. Clicking a Section title toggles the fields in the section.

7.

Click Next. The Define a New Report: Fields order page is displayed.

8.

Using drag and drop, place the fields in the order you want the columns to appear on the Report.

9.

Click Next. The Define a New Report: Sort on fields page is displayed.

10. Configure how the rows are arranged.

226

Administrator Guide, Version 5.3

Running the K1000 Appliance Reports

12

Order By: Specify how the results are sorted based on the fields defined in step 6. These fields organize the data by priority with the top field having the highest priority. Report data is organized by the selection in the first field, and then by the second field, and then by the third field. For an example, see Report Layout, on page 223.

Sequence: Orders the results in either ascending or descending alphanumeric order. Break Header: Groups results under a subheading using the name of the field selected in the Order by column.

11. Click Next. The Define a New Report: Filters page is displayed. 12. (Optional) Use filter criteria if you don't want to return the entire data set in your report: a. To add a filter, click or to add a nested group

b. Select the AND/OR operator from the and/or drop-down list. AND: Match all of the following fields. OR: Match any of the following fields. c. Select the appropriate field from the Field Name list. For example, Supported Operating Systems. d. Select the appropriate operator from the Operator drop-down list. For example, contains. e. In the Value field, enter the appropriate value. For example, Windows. This rule filters the data and displays only Windows machines. f. Save the filter.

g. To add another filter, repeat the preceding steps. 13. Click Save.

Administrator Guide, Version 5.3

227

12

Running the K1000 Appliance Reports

The K1000 Reports page is displayed with the new report listed. The View by field is automatically set to the category of the new report.

14. To run the new report, click the desired format. If you select CSV or TXT, you can open the file or save it to your computer.

To create a new SQL report


1. Click Reporting > Reports. The K1000 Reports page appears. 2. In the Choose Action menu, click Add New SQL Report. The K1000 Report : Edit Report page is displayed. 3. Enter the report details as shown: Display name for the report. Make this as descriptive as possible, so you can distinguish this report from others. Category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page and displayed in the Report list on the K1ooo Reports page. Information that the report will provide. The formats that you want available for this report. The query statement that will generate the report data. For reference, consult the MYSQL documentation. A comma-separated list of SQL column names. The report will generate break headers and sub totals for these columns. Adds number column for each row.

Title Category

Description Output Types SQL Select Statements Break on Columns Show Line Number Column 4. Click Save.

The K1000 Management Appliance checks the syntax for your report and reports any errors. 5. To run the new report, click the desired format. If you select CSV or TXT, you can open the file or save it to your computer.

228

Administrator Guide, Version 5.3

Running the K1000 Appliance Reports

12

To edit an existing report


1. Click Reporting > Reports. The K1000 Reports page appears. 2. Click the report that you want to edit. Depending on the type of report, one of the following pages is displayed: 3. 4. The K1000 Reports : Edit Report page, if the Report is an SQL report. Define a New Report page, if the report was created by the Report Wizard.

To edit an SQL report, use the same steps as described in To create a new SQL report, on page 228. To edit a report using the Report Wizard, use the same steps as described in To create a new report using the Report Wizard, on page 225.

To duplicate an existing report


You cannot duplicate a report made with the Report Wizard.

1.

Click Reporting > Reports. The K1000 Reports page appears.

2.

Click the report title you want to duplicate. Depending on the type of report, either of the following pages are displayed. Wizard Report: Define a New Report page SQL Report: The K1000 Reports : Edit Report page Depending on the type of report, either the The K1000 Reports : Edit Report page is displayed, where you can modify the report for your needs, or the Reporting wizard is started where you can modify the duplicated report.

3.

To duplicate the report, click Duplicate.

4. 5.

Modify the report details as necessary. Click Save.

Scheduling Reports
Reports schedules allow you to specify a specific time to run reports and send email notifications of the results to one or more recipients. The Reports Schedules page displays a list of scheduled reports

Administrator Guide, Version 5.3

229

12

Running the K1000 Appliance Reports

To create a report schedule


Reports are scheduled on the Schedule Reports : Edit Detail page. 1. Go to the Schedule Reports : Edit Detail page in one of two ways: Go to Reporting > Reports, and then on the K1000 Reports page click the reports Schedule icon . Go to Reporting > Schedule Reports, and then from the Choose Action menu, select Create a New Schedule.

The Schedule Reports : Edit Detail page is displayed. 2. On the Schedule Reports : Edit Detail page, specify the details for the report schedule, as described in the following sections. To select a report if starting from the Schedule icon To select a report if starting from the Schedule Reports tab To define email notifications To schedule the time the report runs

To select a report if starting from the Schedule icon


1. If you accessed the Schedule Reports : Edit Detail page starting from the Schedule icon , specify the following schedule details: Schedule Title: The display name for the schedule. Make this as descriptive as possible, so you can distinguish this schedule from others. Description: The information that the schedule provides. Select the Reports or Classic Reports radio button based on the type of report you are scheduling. This determines which of reports are listed in the Select report to schedule drop-down list. Report to Schedule: The name of the report is already selected.

2.

Report Output Formats: The available output formats (CSV, TXT, or HTML) for the scheduled report.

Continue to To define email notifications, on page 231.

To select a report if starting from the Schedule Reports tab


1. If you accessed the Schedule Reports : Edit Detail page starting from the Schedule Reports tab, specify the following schedule details:

230

Administrator Guide, Version 5.3

Running the K1000 Appliance Reports

12

Schedule Title: The display name for the schedule. Make this as descriptive as possible, so you can distinguish this schedule from others. Description: The information that the schedule provides. Select the Reports or Classic Reports radio button based on the type of report you are scheduling. This determines which of reports are listed in the Select report to schedule drop-down list. Report to Schedule: From the Select report to schedule drop-down list, select the report that you want to schedule. Use the Filter to limit the number of reports displayed in the Select report to schedule menu.

The Filter filters by character. For example, entering dell displays report titles containing dell.

2.

Report Output Formats: The available output formats (CSV, TXT, or HTML) for the scheduled report.

Continue to To define email notifications, on page 231.

To define email notifications


1. (Required) Define the email notifications by clicking .

Administrator Guide, Version 5.3

231

12

Running the K1000 Appliance Reports

The Recipients field and Select user to add drop-down list are displayed.

2.

Enter the email addresses in following ways: Enter a comma-separated list of email addresses in the Recipients field. Use the Filter to limit the number of email address displayed in the Select user to add menu. The Filter filters by character. For example, entering mgt would display email addresses jessie@mgt-kace.com, leo@mgt-kace.com, and so on.

3.

In the Subject field, enter the subject of the schedule. The subject can help the reader to quickly identify what the report is about.

4. 5.

In the Message Text field, enter the message text in the notification. If desired, select Only send when results are present.

To schedule the time the report runs


1. Select the appropriate radio button and time under Scheduling: (Default) Select when you do not want to run the report on a schedule. Run at a specified hour interval. Run daily at a specified time. -orRun on specified day of the week at a specified time. Run monthly at the specified time. -orRun on a specified day of the month at a specified time.

Dont Run on a Schedule Run Every n hours Run Every day/specific day at hour:minute Run on the nth of every month/specific month at hour:minute 2. Click Save.

232

Administrator Guide, Version 5.3

Running the K1000 Appliance Reports

12

The Report Schedules page is displayed listing the newly scheduled report.

From the Report Schedules List page, you can:

Click a report to open it. Use keywords to search schedules. From the Choose Action menu, you can create new schedules or delete them.

To delete a scheduled report


1. Click Reporting > Schedule Reports. The Report Schedules page appears. 2. 3. 4. Select the check box for the schedules that you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click OK to confirm deleting the schedules.

Using Alert Messages


Alert messages provide a way for you to interact with your users by displaying a message in a pop-up window. The Alerts List page displays the messages you have distributed to users. From the Alerts List page you can open existing alerts, create new alerts, or delete alerts. You can also search messages using keywords. To alert users before you run a script on their computer, you can add this to online KScripts. See the information about alerts in To add an Offline KScript or Online KScript, on page 166. The Alerts feature works only if there is a constant connection between the appliance agent and the appliance. For information on how to set up the constant connection, refer to Configuring Agent Messaging Protocol Settings, on page 47.

To Create a Broadcast Alert Message


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page.

Administrator Guide, Version 5.3

233

12

Running the K1000 Appliance Reports

If you have information that you want to distribute to your network, you can review and modify previous messages you have deployed, or you can create a new message. 1. 2. Click Reporting > Alerts. In the Choose Action menu, click Add New Item. The Alerts: Edit Detail page appears. 3. 4. In the Message Content field, type the text of your message. In the Keep Alive field, specify the length of time the message will be valid. Messages will be broadcast to users until either the user's desktop has received the message or the specified time interval has elapsed. To set the time interval for downloading scripts, go to: Settings >K1000 Agent >K1000 Agent Settings. 5. In the Limit Broadcast To area, select the recipient labels to send this message to. Press CTRL and click to select multiple labels. 6. 7. Select the Enable Scheduled Run check box to specify the alert schedule. Select the appropriate day and time from the drop-down lists. Click Save. The pending alert messages are displayed in the AMP Message Queue until they are pushed to the target machine. The alert messages remain in the queue until the target machine checks in. This is true even if the Keep Alive time interval elapses or if the connection between the appliance Agent and the appliance has been lost or interrupted.

E-mail Alerts
E-mail Alerts differ from Alerts (broadcast messages) in an e-mail alert you can send out messages to administrators based on more detailed criteria. The E-mail Alert feature relies on the Inventory > Computers engine to create a notification that will be sent to administrators when computers meet the criteria you specify. The K1000 Management Appliance checks the computers listed in the inventory against the criteria in the E-mail Alert once in every hour until one or more computers meet the criteria; then a message is sent to the administrators specified in the alert details.

To create an e-mail Alert


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. Notifications are processed every 60 minutes. If a notification query results in one or more machine records, a notification e-mail is automatically sent to the specified recipient. 1. Click Reporting > Email Alerts. The Email Alerts page appears.

234

Administrator Guide, Version 5.3

Running the K1000 Appliance Reports

12

2.

In the Choose Action menu, click Add New Computer Notification. The Inventory > Computers tab appears with the Create Email Notification fields exposed.

3. 4.

Enter the search criteria. In the Title field, enter a title for the alert. The Title will appear in the Subject field.

5.

In the Recipient field, enter the e-mail address(es) of the message recipient. The e-mail addresses must be fully qualified e-mail addresses. The recipients address can be a single e-mail address or a list of addresses separated by commas.

6.

Click the Create Notification tab.

Administrator Guide, Version 5.3

235

12

Running the K1000 Appliance Reports

236

Administrator Guide, Version 5.3

13
Using Organizational Management

The Organizational Management component allows you to create different organizations within your appliance that you administer separately. You can assign roles within each organizations to limit user access to specific tabs.

Overview of Organizational Management, on page 237 Creating and editing Organizations, on page 237 Organizational Roles, on page 245 Creating and editing Organizational Roles, on page 245 Organizational Filters, on page 248 Creating and Editing Organizational Filters, on page 249 Computers, on page 252

Overview of Organizational Management


The K1000 Management Appliance organization feature enables you to group machines to allow for a high level of separation between logical areas of responsibility within a company. These groups are referred to as Organizations. This feature is accessible to the system administrator through the System Administrative Console. The system administrator creates these organizations and assigns them roles to limit access to specific tabs. The administrators of each organization cannot view or perform activities on machines that belong to other organizations other than their own.

Default Organization
The default organization will have everything coming into the appliance. The default organization will allow the administrator to view or perform activities on machines in all organizations. If a machine is not set in a filter, then the machine will go to the default organization.

Creating and editing Organizations


You can create new organizations or edit the existing organizations from the Organizations page by going to the Organizations > Organizations tab. Create the roles, and then create the organizations, because you must specify the role while creating an organization.

Administrator Guide, Version 5.3

237

13

Using Organizational Management

To create an organization
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. In the Choose Action menu, click Add New Item. The K1000 Organization: Edit Detail page appears. 3. Name Description Role Enter Organization information as follows: Enter a name for the new organization. This field is mandatory. Enter a description for the new organization. Select the appropriate role from the drop-down list. Note: First, create the role by going to Organizations > Roles, before you can select that specific role from this list. 4. Click Save. The K1000 Organization: Edit Detail page appears with more content. 5. 6. Name Description Scroll down and click the Edit Mode link. Enter the following information: Enter a name for the organization. This field retains the information you specified in the previous page. You can modify the name if required. Enter the description for the organization. This field retains the information you specified in the previous page. You can modify the description if required. Select the appropriate role from the drop-down list. This field retains the role you selected in the previous page. You can modify this selection if required. Note: You must first create the role by going to Organizations > Roles, before you can select that specific role from this list. Select the filter that will be used to direct a new machine that is checking into the appliance to the this organization. Press CTRL and click to select more than one filter. Note: Create the filter by going to Organizations > Filters. Then, you can select that specific filter from this list. (Read-only) Displays the number of computers checking in to the organization. (Read-only) Displays the name of the database the organization is using.

Role

Organization Filters

Computer Count Database Name

238

Administrator Guide, Version 5.3

Using Organizational Management

13

Report User

Displays the report user name used to generate all reports in the specific organization. By having a report user name, you can provide access to the organizational database (for additional reporting tools), but not give write access to anyone. Enter the report user password.

Report User Password 7. Field Communications Window

Specify the agent settings for the organization: Suggested Setting 12:00 am to 12:00 am Notes The interval during which the agent is allowed to communicate with the appliance. For example, to allow the Agent to connect between 1 AM and 6 AM only, select 1:00 am from the first dropdown list, and 6:00 am from the second drop-down list. The frequency with which the agent checks into the appliance. Each time an agent connects, it resets its connect interval based on this setting. The default setting is once every hour. The interval (in hours) during which the appliance will inventory the computers on your network. If set to zero, the appliance will inventory nodes at every Run Interval. The message that appears to users when communicating with the appliance.

Agent Run interval Agent Inventory Interval Agent Splash Page Text

1 hours

The appliance is verifying your PC Configuration and managing software updates. Please Wait... 15 minutes

Scripting Update Interval Agent Log Retention

The frequency with which the agent downloads new script definitions. The default interval is 15 minutes. This option disallows the server to store the scripting result information that comes up from the agents. The default is to store all the results, which can impact performance. Turning this off provides less information about each node but enables faster agent check-ins.

8.

Click Save.

To troubleshoot nodes that fail to show up in Inventory


You can perform troubleshooting tasks, if your machine does not show up in Inventory after installing the Agent. By default, the Agent communicates with the appliance using http: over port 80. Assuming network connectivity is in place, newly-installed agents may fail to connect to the appliance during the first-time setup due to problems with the default KBOX host name in DNS.

Administrator Guide, Version 5.3

239

13

Using Organizational Management

1.

If you set up the appliance in your DNS using a host name other than the default name kbox or if you need agents to reach the appliance by using the IP address rather than the DNS name, you must install the agent specifying the SERVER property. For example: Windows: c:\>KInstallerSetup.exe -server=myk1000 -display_mode=silent or c:\>KInstallerSetup.exe -server=192.168.2.100 display_mode=silent Mac OS: /Library/KBOXAgent/Home/bin/setkbox myk1000 or /Library/KBOXAgent/Home/bin/setkbox 192.168.2.100 Linux: /KACE/bin/setKBOX myk1000 or /KACE/bin/setKBOX 192.168.2.100

2.

To correct the server name for a node that is already installed, edit the host= value in: Windows: c:\program files\KACE\KBOX\smmp.conf Mac OS: /var/kace/kagentd/kbot_config.yaml Linux: /var/KACE/kagentd/kbot_config.yaml

3. 4. 5.

Verify that you are able to ping the appliance, and reach it through a Web browser at http://k1000_hostname. Verify that Internet Options are not set to use proxy. Verify that proxy is excluded for the local network or k1000_hostname. Verify that no firewall or anti-spyware software is blocking communication between the appliance and any of the agent components, including: KBOXManagementService.exe KBOXClient.exe KUpdater.exe kagentd (OS X/ Unix)

6.

Verify that the KBOXManagementService.exe (Windows) or the kagentd (OS X/ Unix) processes are running. The agent shows as perl in the OS X Activity Monitor.

240

Administrator Guide, Version 5.3

Using Organizational Management

13

If, after verifying these items, you are still unable to get the agent to connect to the appliance, contact KACE Support.

To edit an organization
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click the linked name of the organization. The K1000 Organization : Edit Detail page appears. 3. 4. Name Description Scroll down and click the Edit Mode link. Edit the organization details as follows: Enter a name for the organization. This field retains the information you specified in the previous page. You can modify the name if required. Enter the description for the organization. This field retains the information you specified in the previous page. You can modify the description if required. Select the appropriate role from the drop-down list. This field retains the role you selected in the previous page. You can modify this selection if required. Note: You must first create the role by going to Organizations > Roles, before you can select that specific role from this list. Select the filter that will be used to direct a new machine that is checking into the appliance to the this organization. Press CTRL and click to select more than one filter. Note: Create the filter by going to Organizations > Filters. Then, you can select that specific filter from this list. (Read-only) Displays the number of computers checking in to the organization. (Read-only) Displays the name of the database the organization is using. Displays the report user name used to generate all reports in the specific organization. By having a report user name, you can provide access to the organizational database (for additional reporting tools), but not give write access to anyone. Enter the report user password.

Role

Organization Filters

Computer Count Database Name Report User

Report User Password

Administrator Guide, Version 5.3

241

13

Using Organizational Management

5. Field

Specify the agent settings for the organization: Suggested Setting 12:00 am to 12:00 am Notes The interval during which the agent is allowed to communicate with the appliance. For example, to allow the Agent to connect between 1 AM and 6 AM only, select 1:00 am from the first dropdown list, and 6:00 am from the second drop-down list. The frequency with which the agent checks into the appliance. Each time an agent connects, it resets its connect interval based on this setting. The default setting is once every hour. The interval (in hours) during which the appliance will inventory the computers on your network. If set to zero, the appliance will inventory nodes at every Run Interval. The message that appears to users when communicating with the appliance.

Communications Window

Agent Run interval

1 hours

Agent Inventory Interval Agent Splash Page Text

The appliance is verifying your PC Configuration and managing software updates. Please Wait... 15 minutes

Scripting Update Interval Agent Log Retention

The frequency with which the agent downloads new script definitions. The default interval is 15 minutes. This option disallows the server to store the scripting result information that comes up from the agents. The default is to store all the results, which can impact performance. Turning this off provides less information about each node but enables faster agent check-ins.

6.

Click Save. The default credentials admin/admin are automatically created when you create an organization.

To delete an organization
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click the linked name of the organization. The K1000 Organization: Edit Detail page appears. 3. 4. Scroll down and click Edit Mode. Click Delete to delete the organization.

242

Administrator Guide, Version 5.3

Using Organizational Management

13

A confirmation message appears. 5. Click OK to confirm deleting the organization.

Managing System Admin Console users


When logged in as a system administrator, you can add users to access the System Administrator Console. When adding users, be sure to specify the correct user permission level. To set up users for a specific organization, log into that organization.

To add a user
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. 3. Select K1000 Settings > Control Panel. Click Users. The K1000 System Admin Users page appears. 4. In the Choose Action menu, select Add New Item. The K1000 System Admin: Edit Detail page appears. 5. Enter the necessary user details. Do not specify legal characters in any field. User Name Full Name Email Domain Budget Code Location Work Phone Home Phone Mobile Phone Pager Phone Enter a user name for accessing the system administrator console. Enter the users full name. Enter the users email address. (Optional) Enter an active directory domain. (Optional) Enter the financial department code. (Optional) Enter the name of a site or building. (Optional) Enter the users work phone number. (Optional) Enter the users home phone number. (Optional) Enter the users mobile phone number. (Optional) Enter the users pager phone number.

Administrator Guide, Version 5.3

243

13

Using Organizational Management

Custom 1 Custom 2 Custom 3 Custom 4 Password Enter the password for the new user. Null passwords are not valid for new users. The user will be created but cannot be activated without a valid password. Re-enter the users password. Specify the users logon permissions: AdminThis user can log on to and access all features in the system administrator console. ReadOnly AdminThis user can log on but cannot modify any settings in the system administrator console. 6. Click Save. (Optional) Enter additional information in the custom fields as necessary.

Confirm Password Permissions

To delete a user
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click K1000 Settings > Control Panel. The K1000 Settings : Control Panel page appears. 3. Click Users. The K1000 System Admin Users page appears. 4. 5. 6. Click the check boxes for the users you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click OK to confirm deleting the selected user.

You can also delete users from the K1000 System Admin: Edit Detail page.

To change the password


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations.

244

Administrator Guide, Version 5.3

Using Organizational Management

13

The K1000 Organizations page appears. 2. 3. Click K1000 Settings > Control Panel. Click Users. The K1000 System Admin Users page appears. 4. Click the user name whose password you want to change. The K1000 System Admin: Edit Detail page appears. 5. Modify the password as follows: Enter the password for the user. Null passwords are not valid. This field is mandatory. Re-enter the users password. This field is mandatory.

Password Confirm Password 6.

Click Save to save the changes.

Organizational Roles
Roles are assigned to each organization to limit access to different tabs in the Administrator Console and the User Portal. You can restrict what tabs an organization is allowed to see when the administrator logs in to the Administrator Console and the user logs in to the User Portal. The following are the permissions that can be applied for each tab.

Write The organization will have write access for the tab. The administrator or user will be able to edit the fields present on the page. Read The organization will have only read access for the tab. The administrator or user will be not be able to edit the fields present on the page. The administrator or user will be not be able to add, edit, or delete any item present in the list. Hide The tab will be hidden and the administrator or user will not be able to view that tab.

Default role
The default role has access to all tabs in the Administrator Console and the User Portal. The default role will have write access for all tabs. The administrator or user will be able to edit the fields present on the page.

Creating and editing Organizational Roles


It is recommended that you first create the roles and then create the organizations, since it is mandatory to specify the role while creating an organization.

Administrator Guide, Version 5.3

245

13

Using Organizational Management

To create a role
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Roles. The Organizational Roles page appears. 3. In the Choose Action menu, click Add New Item. The Organizational Role : Edit Detail page appears. 4. Enter the role information as follows: Enter a name for the new role. This field is mandatory. (Optional) Enter a description for the new role.

Role Name Description 5.

In the Permissions ADMIN Console, click a component link to expand it. You can also click the Expand All link to expand all component sections.

6.

To assign the same access level to all areas of a component, click one of the following: All Write All Read All Hide

7.

To assign different permission levels to different areas of the component, click the Custom option. If you clicked the Custom option, select the appropriate permission from the dropdown menu next to the names of each tab.

8. 9.

Under Permissions USER Console, click the UserUI link to expand it. To assign the same access level to all areas of a the User Console, click one of the following: All Write All Read All Hide

10. To assign different permission levels to different areas of the User Console, click the Custom option.

246

Administrator Guide, Version 5.3

Using Organizational Management

13

11. Click Save. If you assign HIDE permission to General Settings and User Authentication under K1000 Settings, the Control Panel tab is hidden. For users upgrading from 1100 to 1200: When using 1100, if you assign HIDE permission to all tabs other than Logs and Server Maintenance under K1000 Settings. Then after upgrading to 1200, the K1000 Settings tab gets hidden from the Administrator console.

To edit a role
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Roles. The Organizational Roles page appears. 3. Click the linked name of the role. The Organizational Role: Edit Detail page appears. 4. Edit the role details: Enter the name for the new organization. This field is mandatory. (Optional) Enter the description for the new organization.

Name Description 5. 6.

Under Permissions ADMIN Console, click the individual tab link to expand it. Or, click the Expand All link to expand all the tabs. Under each tab, select All Write, All Read, or All Hide to assign the respective permission to all the sub tabs. Or, select the Custom option to assign custom permissions to individual sub tabs. If you select the Custom option, select the appropriate permission from the drop-down list next to each tab. Under Permissions USER Console, click the UserUI link to expand it. Under each tab, select All Write, All Read, or All Hide to assign the respective permission to all the sub tabs. Or, select the Custom option to assign custom permissions to individual sub tabs.

7. 8. 9.

10. If you select the Custom option, select the appropriate permission from the drop-down list next to each tab. 11. Click Save.

Administrator Guide, Version 5.3

247

13

Using Organizational Management

To delete a role
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Roles. The Organizational Roles page appears. 3. To delete a role, do one of the following: 4. Select the check box beside the role, and then select Delete Selected Item(s) from the Choose Action menu. From the Organizational Role: Edit detail page, click Delete.

Click OK.

To duplicate a role
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. 3. Click Roles. Click the role you want to duplicate. The Organizational Role : Edit Detail page appears. 4. Click Duplicate to duplicate the organization details. The page refreshes. 5. Enter the role information as follows: Enter a name for the role. This is a mandatory field. Enter a description for the role.

Role Name Description 6. Click Save.

The Associated Organizations table displays the list of organizations associated with this role.

Organizational Filters
Filters are used to direct a new machine checking into the appliance to the appropriate organization. An organization can be assigned more than one filter. The filters are executed

248

Administrator Guide, Version 5.3

Using Organizational Management

13

according to the ordinal specified when the filters are created. If a machine is not set in a filter, it will go to the default organization. A machine can be directed to the appropriate organizations in the following ways:

One or more filters will be executed against the machine that is checking in. If one of the filters is successful, the machine will be redirected to the correct organization. If no filter matches the machine, it will be put into the default organization. The system administrator can then manually move that machine from the default organization to the appropriate organization.

Two types of filters exist:

Data Filter Allows the automatic organization of machines based on a search criteria. Whenever machines that check in meet the criteria, they will be directed to the specific organization. LDAP Filter The LDAP label allows the automatic organization of machines based on LDAP or Active Directory interaction. The filter will be applied to the LDAP server, and if any entries are returned, they are automatically organized. If the LDAP server requires credentials for administrative login (that is, nonanonymous login), supply those credentials. If no LDAP user name is given, an anonymous bind is attempted. Each LDAP filter may connect to a different LDAP/AD server

Creating and Editing Organizational Filters


You can create new filters or edit existing filters from the Organizational Filters page by going to Organizations > Filters.

To add a data filter


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Filters. The K1000 Organization Filters page appears. 3. In the Choose Action menu, click Add New Data Filter. The K1000 Organization Filter : Edit Detail page appears. 4. Enter the filter information as follows: Select to enable this filter. (You have to enable the filter to use it.) Enter a name for the filter. Enter the description for the filter.

Enabled Name Description

Administrator Guide, Version 5.3

249

13

Using Organizational Management

Evaluation Order

Enter a number. The filter will be executed according to the evaluation order specified.

5. 6. 7. 8.

Enter the Machine Filter Criteria. Select an attribute from the drop-down list. For example, IP Address. Select the condition from the drop-down list. For example, contains. Enter the attribute value in the provided field. For example, to filter machines from the specified IP range and direct them to the organization, enter: XXX.XX.* You can add multiple criteria.

9.

Select the Conjunction Operator (AND or OR) from the drop-down list to add more criteria.

10. Click the Add Criteria link to add more criteria. 11. Click Save.

To add a LDAP filter


To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Filters. The K1000 Organization Filters page appears. 3. In the Choose Action menu, click Add New LDAP Filter. K1000 Organization LDAP Filter : Edit Detail page appears. 4. Enter the Filter information as follows: Select to enable this filter. (You have to enable the filter to use it.) Enter a name for the filter. Enter a description for the filter. Enter a number. The filter will be executed according to the evaluation order specified.

Enabled Name Description Evaluation Order 5.

Enter the LDAP Machine Filter Criteria. Specify the IP or Host Name of the LDAP Server. Note: To connect through SSL, use the IP or the Host Name. For example: ldaps://HOSTNAME. Specify the LDAP Port number. For example: 389 or 636 (LDAPS).

Server Hostname

LDAP Port Number

250

Administrator Guide, Version 5.3

Using Organizational Management

13

Search Base DN

Enter the Search Base DN. For example: CN=Users,DC=hq,DC=corp,DC=kace,DC=com.

Search Filter LDAP Login

Specify the Search Filter. For example: samaccountname=admin. Specify the LDAP login. For example: LDAP Login: CN=Administrator,CN=Users,DC=hq,DC=corp, DC=kace,DC=com

LDAP Password 6. 7.

Enter the password for the LDAP login if required.

To test your filter, click Test LDAP Filter. Click Save.

To edit a filter
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Filters. The K1000 Organization Filters page appears. 3. Click the linked name of the filter. The K1000 Organization Filter : Edit Detail page appears. 4. Edit the filter details: Select to enable this filter. (You have to enable the filter to use it.) Enter a name for the filter. Enter a description for the filter. Enter a number. The filter will be executed according to the evaluation order specified.

Enabled Name Description Evaluation Order

5. 6.

Edit the machine filter criteria. Select an attribute from the drop-down list. For example: IP Address.

7.

Select the condition from the drop-down list. For example: contains.

8.

Specify the attribute value in the provided field. For example, XXX.XX.* In the above example, machines from the specified IP range are filtered and directed to the organization to which this filter is applied.

Administrator Guide, Version 5.3

251

13

Using Organizational Management

Note: You can add multiple criteria. 9. Select a conjunction operator (AND or OR) from the drop-down list to add more criteria.

10. Click the Add Criteria link to add more criteria. 11. To test your filter, click Test Filter. 12. Click Save.

To delete a filter
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Filters. The K1000 Organization Filters page appears. 3. To delete a filter, do one of the following: 4. Select the check box beside the filter, and then select Delete Selected Item(s) from the Choose Action menu. Click Delete.

Click OK.

Computers
The K1000 Computers page lists all the nodes that are checking into the appliance. It displays details for each computer such as the Name, the Organization the computer is checking into, the Last Sync (when the computer last checked into the appliance), the Description, and the IP Address.

Advanced Search
If you need more granularity than keyword searches provide, try using an advanced search. The advanced search allows you to specify values for each field present in the inventory record and search the entire inventory listing for that value. For example, if you need to know which computers have a particular version of BIOS installed to upgrade only those affected machines, you can search for these.

To specify advanced search criteria


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page.

252

Administrator Guide, Version 5.3

Using Organizational Management

13

1. 2. 3.

Go to Inventory > Computers. Click Advanced Search. Select an attribute from the drop-down list. For example: IP Address.

4.

Select the condition from the drop-down list. For example: contains.

5.

Specify the attribute value in the provided field. For example: XXX.XX.* In the above example, machines from the specified IP range are searched. Note: You can add more than one criteria.

6.

Select the Conjunction Operator from the drop-down list to add more criteria. For example: AND.

7.

Click Search. The search results are displayed below. You can refilter the computers displayed in the list, for more information refer to Refiltering Computers, on page 253.

Test and Organization Filter


You can test an existing organization filter to check whether it is getting applied to the computers.

To test an organization filter


1. 2. 3. Click the Test Organization Filter tab. Select the appropriate filter from the drop-down list. Click Test. The test results will be displayed below.

You can refilter the computers displayed in the list. For more information, refer to Refiltering Computers, on page 253. Note: If you do not see any computers listed in the test results, no existing computers match the machine filter criteria you set upor the machine filter criteria is invalid. You can edit the machine filter criteria. For more information on how to edit a filter, refer to Creating and Editing Organizational Filters, on page 249.

Refiltering Computers
You can refilter the computers, which will recheck the computers against all filters. For example, you can check if the filter created by you is applied correctly to the intended computers. You first create the new filter by going to Organizations > Filters. In the Computers page, refilter the computers. The organizations column will display the new

Administrator Guide, Version 5.3

253

13

Using Organizational Management

organization name in red besides the old organization name, against those computers on which the filter has been applied.

To refilter computers
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Go to Organizations > Computers. The K1000 Computers page appears. 2. 3. Select the check boxes next to the computers that you want to refilter. In the Choose Action menu, click Refilter Selected Computers to recheck the computers against all filters.

Redirecting Computers
You can redirect a computer to a different organization. For example, a computer checks into organization A. You can redirect that computer to organization B. The next time the computer checks in, it will check into organization B.

To redirect computers
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Go to Organizations > Computers. The K1000 Computers page appears. 2. 3. Select the check boxes next to the computers that you want to redirect. Select the appropriate organization name under Change Sync to Organization, from the Choose Action menu, to redirect the computers to the appropriate organization.

Understanding Computer Details


The Computer Detail page provides details about a computers inventory information, software, activities and assets. To access computer details, go to Organizations > Computers and click on a computer name in the list.

254

Administrator Guide, Version 5.3

Using Organizational Management

13

The following table describes each of the detail areas on this page. To expand the sections, select Expand All. The fields that are displayed depend on the type of computer and its operating system. Item Summary Name Model Chassis Type IP Address MAC RAM Total Processors OS Name Service Pack Agent Version User Name AMP Connection Last Inventory Record Created Disk Inventory Information Hardware RAM Total Ram Used Manufacturer Model Domain Motherboard Processors CD/DVD Drives Sound Devices Video Controllers Total amount of RAM. How much RAM is used. Computer manufacturer. Computer model. Name of domain. Main and peripheral buses. CPU count, type, and manufacturer. Configuration of drives installed on the computer. Installed audio devices. Installed video controllers Name of the computer. Computer model. Type of computer, such as desktop or laptop. IP address of the computer. Media Access Control address number. Amount of Random-access memory. Number of CPUs and type. Type of operating system, such as Windows, Macintosh, or Linux. Service Pack version number (Windows only). K1000 Agent version number. Name of most recent user. (Some computers might have multiple users). Time of last connection to the K1000 Agent. Time of latest inventory. Time that the inventory record was created. Number of disk drives, type and size of the file system, and amount of disk space used. Description

Administrator Guide, Version 5.3

255

13

Using Organizational Management

Item Monitor BIOS Name BIOS Version BIOS Manufacturer BIOS Description BIOS Serial Number Disk Printers Network Interfaces K1000 Agent Agent Version AMP Version AMP Connected KACE ID Database ID Last Inventory Last Sync Last Agent Update User User Logged User Name User Domain Operating System Name Version Build Number Architecture Installed Date Last System Reboot Last System ShutDown Uptime Since Last Reboot Agent Version.

Description Type and manufacturer of the monitor. BIOS version. BIOS version. BIOS Manufacturer. BIOS Description. BIOS serial number. Number of disk drives, type and size of file system, and amount of disk space used. The printers that the computer is configured to use. Type of network interface, IP Address, MAC address, and whether DHCP is enabled or disabled.

Version of Agent Messaging Protocol. Time of the last connection to the K1000 Agent. KACE ID. Database ID. Time of latest inventory. Time the computer last checked in to the appliance. Time when the Agent was updated. The user currently logged into the computer. User name. The domain that the user belongs to. Name of the operating system. Version number of the operating system. Build of the operating system. Build number of the operating system. Operating system architecture, such as PPC or x64. Date of operating system installation. Last time the operating system was rebooted. Last time the operating system was turned off. How long the operating system has been up.

256

Administrator Guide, Version 5.3

Using Organizational Management

13

Item System Directory Registry Size Registry Max Size Notes Software Installed Programs Custom Inventory Fields. Virtual Application Kontainers Uploaded Files

Description Location of the system directory. Size of the registry. Maximum size of the registry. You can enter any additional information in this field. List of the software and versions installed on the computer. Lists any Custom Inventory fields created for this machine, along with the field name and value. List any Virtual Kontainers on the computer. You use Virtual Kontainers to create virtual versions of supported applications, and deploy and run them on the nodes you administer. Lists the files that have been uploaded to the K1000 Management Appliance from this computer using the upload a file script action. Installed Microsoft Patches. List of running processes. List of startup programs. List of services. The labels assigned to this computer. Labels are used to organize and categorize inventory and assets. Lists any failed managed installs. Managed installations allow deploying software that require installation files. List of managed installations that will be sent to the computer the next time it connects with the appliance. Lists any Service Desk Tickets assigned or submitted by any user of the computer. Lists the patches detected and deployed on the computer. Lists any threats that are harmful to any software, process, startup item, or service. Results of OVAL Vulnerability tests run on this computer. Results of FDCC/SCAP Configuration Scans run on this computer.

Installed Patches via Inventory Running Processes Startup Programs Services Activities Labels Failed Managed Installs To Install List Service Desk Tickets Security Patching Detect/Deploy Status Threat Level 5 List OVAL Vulnerabilities FDCC/SCAP Configuration Scans Logs

Administrator Guide, Version 5.3

257

13

Using Organizational Management

Item K1000 Agent Logs Portal Install Logs Scripting Logs Asset Asset Information Related Assets Asset History

Description Contains the logs for the K1000 Agent application. A question mark indicates that its status is unknown. Details about User Portal packages installed on this machine. Configuration Policy scripts that have been run on this computer, along with the available status of any scripts in progress. Lists when the record was created and last modified; the asset type, such as computer; and the name of the asset. Lists any related assets. Lists the changes done to the asset of the computer along with the date and time when each change was done.

258

Administrator Guide, Version 5.3

A
Administering Mac OS Nodes

This appendix lists Dell KACE K1000 Management Appliance information and behaviors that are specific to Apple Mac OS nodes. For the supported versions of the Mac OS operating system, see Chapter 4: System requirements for Agents, starting on page 66.

Mac OS Inventory, on page 259. Distributing Software to Mac OS Nodes, on page 260. Patching Mac OS Nodes, on page 263.

Mac OS Inventory
Your K1000 Management Appliance manages Mac OS X nodes the same manner it manages Windows nodes. See the Chapter 5: Managing Software and Hardware Inventories, starting on page 83, for details. You search for Macintosh nodes using Inventory > Computer > Advanced Search. In the Advanced Search tab, identify the nodes using attributes such as OS Name. For more information on how to use the Advanced Search tab, see Using Advanced Search for Software Inventory, on page 91. You can select the Create Notification tab to set up searches for Mac OS nodes with specific criteria and sends the administrator an email when it finds them. For example, if you wanted to know when computers had a critically low amount of disk space left, you could specify the search criteria to look for a value of 5 MB or smaller in the Disk Free field, and then notify an administrator who can take appropriate action. For more information on how to create notifications, see Searching for Computers by Creating Computer Notifications, on page 86. Inventory filtering provides a way to dynamically apply a label based on search criteria. It is often helpful to define filters by inventory attribute. For example, you can create a label called San Francisco Office and create a filter based on the IP range or subnet for machines in San Francisco. Whenever machines check in that meet the criteria you have set up, they would receive the San Francisco label. This is particularly useful if your network includes laptops that often travel to remote locations. You can also create a label to group all your Mac OS nodes. Once grouped by label, you can more easily manage software, reports, or software deployments on your Mac OS nodes. For more information on labeling, refer to Managing Labels, on page 54.

Administrator Guide, Version 5.3

259

Administering Mac OS Nodes

Distributing Software to Mac OS Nodes


The K1000 Management Appliance Distribution component provides various methods for deploying software, updates, and files to your nodes. Managed installations deploy software to the nodes on your network that require an installation file to run. You can create a managed installation package by going to Distribution > Managed Installation. From the Managed Installations page you can:

Create or delete managed installations Execute or disable managed installations Specify a Managed Action Apply or remove a label Search managed installations by keyword

Examples of Common Deployments on Mac OS


On the Apple Mac OS X platform, there is a universal installer with the usual .pkg file extension. You cannot upload a .pkg file directly, as these files consist of low-level directories, and Web browsers cannot handle uploading entire directories. You do not require an installer to install plain packages from the K1000 Management Appliance. These are the .app packages you might normally drag to your Applications folder. These packages must be archived as well, since they consist of low-level directories, just like the installer packages. You can even archive installers along with plain applications. The K1000 Management Appliance runs installers first and then copies applications into the Applications folder. The supported package deployments are .pkg, .app, .dmg, .zip, .tgz, and tar.gz. If you package the file as a disk image, the appliance mounts and unmounts it quietly. This section provides examples for each type of deployment. For each of these examples, you must have already uploaded the file to the appliance prior to creating the Managed Installation package. Dell recommends that you install the software on a test machine. Once the agent connects to the appliance, the appliance creates an inventory item and a managed installation package for the software.

To create a managed installation for Mac OS nodes


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Go to Distribution > Managed Installations. The Managed Installations page appears. 2. Select Add New Item in the Choose Action menu. The Managed Software Installation: Edit Detail Page appears.

260

Administrator Guide, Version 5.3

Administering Mac OS Nodes

3.

Select the software from the Software drop-down list. By default, the agent attempts to install the .pkg file using the following command:

installer -pkg packagename.pkg -target / [Run Parameters] If you have selected a .zip/.tgz/tar.gz file, the contents are unpacked and the system searches the root directory for all .pkg files. The installation command runs against each of these .pkg files and executes on all of these files in alphabetical order. Next, the appliance searches for all plain applications (.app) on the top level of the archive and copies them to the Applications folder using the following command: ditto -rscs Application.app /Applications/Application.app To execute a script or change any of the these command lines, you can specify the appropriate script invocation as the Full Command Line. You can specify wildcards in the filenames you use. Enclose the filename in single or double quotation marks if it contains spaces. The files are extracted into a directory in /tmp, and that becomes the current working directory of the command. On Mac OS, you do not need to include any other files in your archive other than your script, if this is all you want to execute. 4. If your package requires additional options, you can enter the following installation details: You cannot apply Run Parameters to the above-mentioned commands. You do not need to specify an installation command The server executes the installation command by itself. The Mac OS node tries to install this using: installer -pkg packagename.pkg -target / [Run Parameters] or ditto -rsrc packagename.app /Applications/theapp If you do not want to use the default command at all, you can replace it completely by selecting the Configure Manually option and specifying the complete command line. If you have specified an archive file, this command runs against all of the .pkg files or .app files it can find. Select this check box to uninstall software. If the Installation Command field above is filled in, it is run. Otherwise, by default, the agent attempts to run the command, which is generally expected to remove the package. Select this check box to run the command line only. This will not download the actual digital asset. Enter additional information in this field, if any.

Run Parameters Installation Command

Un-Install using Full Command Line

Run Command Only Notes

Administrator Guide, Version 5.3

261

Administering Mac OS Nodes

Managed Action

Select the most appropriate time for this package to be deployed. Execute anytime (next available) and Disabled are the only options available for Macintosh platform.

5.

Specify the deployment details: Select this check box to deploy to all the machines. Select one or more labels to limit deployment only to machines grouped by these label(s) You can limit deployment to one or more machines. From the dropdown list, select a machine to add to the list. You can add more than one machine, and filter the list by entering filter options. The lowest deploy number is installed first. Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Enter the time (using a 24-hour clock) to deploy the package. Deployment Window times affect the Managed Action options. Also, the run intervals defined in the System Console, under Organizations > Organizations for this specific organization, override and/or interact with the deployment window of a specific package.

Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines Deploy Order Max Attempts

Deployment Window(24H clock)

6. Allow Snooze

Set user interaction details: This option is not available for Mac OS nodes. This option is not available for Mac OS nodes. This option is not available for Mac OS nodes.

Custom Pre-Install Message Custom Post-Install Message

Delete Downloaded Files Select this check box to delete the package files after installation.

262

Administrator Guide, Version 5.3

Administering Mac OS Nodes

Use Alternate Download

Select this check box to specify details for alternate download. When you select this check box, the following fields appear: Alternate Download LocationEnter the location from where the Agent can retrieve digital installation files. Alternate ChecksumEnter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download UserEnter a user name with the necessary privileges to access the Alternate Download Location. Alternate Download PasswordEnter the password for the user name specified above. Note: If the target node is part of a replication label, the K1000 Management Appliance does not fetch software from the alternate download location. For more information, refer to Distributing Packages from an Alternate Location, on page 128. Specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. However, since that label will not be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information on how to create or edit labels, refer to To add or edit a new label, on page 57.

7.

Click Save.

For more information about distribution, refer to Chapter 8: Distributing Software from Your K1000 Management Appliance, starting on page 125. For more information about managed installations, refer to Managed Installations, on page 129.

Patching Mac OS Nodes


Patching enables you to quickly and easily deploy patches to your network. For details on all patching features, see the Patching Strategies document. Use the Patch Listing > View by Operating System listing or Advanced Search feature to find Mac OS patches. Or use the Smart Label feature to automatically search the patch list using predefined search criteria. To allow the appliance to download Apple Security updates for Macintosh, you need to select the appropriate operating system from the Macintosh Platform list in the Patch Subscription Settings page. You can select more than one Macintosh operating system.

Administrator Guide, Version 5.3

263

Administering Mac OS Nodes

264

Administrator Guide, Version 5.3

B
Adding Steps to a Script

The steps documented here are available on the Scripting component. For details on scripting, see Chapter 9: Using the Scripting Features, starting on page 161.

Adding Steps to Task Sections.

Adding Steps to Task Sections


Refer to the following table when adding steps to a Policy or Job task. These steps are available from the Verify, On Success, Remediation, On Remediation Success, and On Remediation drop-down lists. The other column headings V, OS, R, ORS, and ORF indicate whether a particular step is available in the corresponding Task sections.

Steps for Windows Systems


The following table shows the steps that are available in Tasks for Windows systems. Step Always fail Call a custom DLL function Create a custom DLL object Create a message window Delete a registry key Delete a registry value Destroy a message window Call function "%{procName}" from "%{path}\%{file}". Create object "%{className}" from "%{path}\%{file}". Create a message window named "%{name}" with title "%{title}", message "%{message}" and timeout "%{timeout}" seconds. Delete "%{key}" from the registry. Delete "%{key}!%{name}" from the registry. Destroy the message window named "%{name}". X Description V X X X X X X X OS R X X X X X X ORS ORF

X X X

X X X X X

Administrator Guide, Version 5.3

265

Adding Steps to a Script

Step Install a software package

Description Install "%{name}" with arguments "%{install_cmd}". Note: This step requires you to choose from a list of software packages already uploaded using the functionality in the Inventory/ Software tab. For more information, see Adding Software to Inventory, on page 92. Kill the process "%{name}". Launch "%{path}\%{program}" with params "%{parms}". Log %{key}!%{name}. Log %{attrib} from %{path}\%{file}. Log %{message} to %{type}. Restart service %{name} Run the batch file "%{_fake_name}" with params "%{parms}". Note: In this step, you do not need to upload the batch file. You create the batch file by pasting the script in the space provided.

OS X

R X

ORS ORF

Kill a process Launch a program Log a registry value Log file information Log message Restart a service Run a batch file

X X

X X

X X X X X X

X X

X X

Search file system

Search for "%{name}" in "%{startingDirectory}" on "%{drives}" and "%{action}". Set "%{key}". Set "%{key}!%{name}" to "%{newValue}". Restart service %{name}. Stop service %{name} Unzip "%{path}\%{file}" to "%{target}". Set the text in the message window named "%{name}" to "%{text}". Update policy and job schedule from the appliance. Upload "%{path}\%{file}" to the server. Verify that the directory "%{path}" exists. Verify that the file "%{path}\%{file}" exists. Verify that the file "%{path}\%{file}" has version "%{expectedValue}".

Set a registry key Set a registry value Start a service Stop a service Unzip a file Update message window text Update policy and job schedule Upload a file Verify a directory exists Verify a file exists Verify a file version is exactly

X X

X X X X

X X X X X X X

X X

X X

X X

266

Administrator Guide, Version 5.3

Adding Steps to a Script

Step Verify a file version is greater than Verify a file version is greater than or equal to Verify a file version is less than Verify a file version is less than or equal to Verify a file version is not Verify a file was modified since

Description Verify that the file "%{path}\%{file}" has version greater than "%{expectedValue}". Verify that the file "%{path}\%{file}" has version greater than or equal to "%{expectedValue}. Verify that the file "%{path}\%{file}" has version less than "%{expectedValue}". Verify that the file "%{path}\%{file}" has version less than or equal to "%{expectedValue}. Verify that the file "%{path}\%{file}" does not have version "%{expectedValue}". Verify that the file "%{path}\%{file}" was modified since "%{expectedValue}".

V X X

OS

ORS ORF

X X

X X X X X X

Verify a process is not Verify the process "%{name}" is not running. running Verify a process is running Verify a product version is exactly Verify a product version is greater than Verify a product version is greater than or equal to Verify a product version is less than Verify the process "%{name}" is running. Verify that the product "%{path}\%{file}" has version "%{expectedValue}". Verify that the product "%{path}\%{file}" has version greater than "%{expectedValue}". Verify that the product "%{path}\%{file}" has version greater than or equal to "%{expectedValue}. Verify that the product "%{path}\%{file}" has version less than "%{expectedValue}".

X X

Verify a product Verify that the product "%{path}\%{file}" has version is less than or version less than or equal to equal to "%{expectedValue}. Verify a product version is not Verify a registry key does not exist Verify a registry key exists Verify a registry keys subkey count is exactly Verify that the product "%{path}\%{file}" does not have version "%{expectedValue}". Verify that "%{key}" does not exist. Verify that "%{key}" exists. Verify that "%{key}" has exactly "%{expectedValue}" subkeys.

X X X X

Administrator Guide, Version 5.3

267

Adding Steps to a Script

Step Verify a registry keys subkey count is greater than Verify a registry keys subkey count is greater than or equal to Verify a registry keys subkey count is less than Verify a registry keys subkey count is less than or equal to Verify a registry keys subkey count is not Verify a registry keys value count is exactly Verify a registry keys value count is greater than Verify a registry keys value count is greater than or equal to Verify a registry keys value count is less than Verify a registry keys value count is less than or equal to Verify a registry keys value count is not Verify a registry pattern doesnt match Verify a registry pattern match

Description Verify that "%{key}" has greater than "%{expectedValue}" subkeys. Verify that "%{key}" has greater than or equal to "%{expectedValue}" subkeys.

V X

OS

ORS ORF

Verify that "%{key}" has less than "%{expectedValue}" subkeys. Verify that "%{key}" has less than or equal to "%{expectedValue}" subkeys. Verify that "%{key}" does not have exactly "%{expectedValue}" subkeys. Verify that "%{key}" has exactly "%{expectedValue}" values. Verify that "%{key}" has greater than "%{expectedValue}" values. Verify that "%{key}" has greater than or equal to "%{expectedValue}" values. Verify that "%{key}" has less than "%{expectedValue}" values. Verify that "%{key}" has less than or equal to "%{expectedValue}" values. Verify that "%{key}" does not have exactly "%{expectedValue}" values. Verify that "%{key}!%{name}=%{expectedValue}" doesn't match. Verify that "%{key}!%{name}=%{expectedValue}" matches.

X X X

X X

Verify a registry value Verify that "%{key}!%{name}" does not exist. does not exist Verify a registry value Verify that "%{key}!%{name}" exists. exists

X X

268

Administrator Guide, Version 5.3

Adding Steps to a Script

Step

Description

V X X X

OS

ORS ORF

Verify a registry value Verify that "%{key}!%{name}" is equal to is exactly "%{expectedValue}". Verify a registry value Verify that "%{key}!%{name}" is greater than is greater than "%{expectedValue}". Verify a registry value Verify that "%{key}!%{name}" is greater than is greater than or or equal to "%{expectedValue}" . equal to Verify a registry value Verify that "%{key}!%{name}" is less than is less than "%{expectedValue}". Verify a registry value Verify that "%{key}!%{name}" is less than or is less than or equal equal to "%{expectedValue}". to Verify a registry value Verify that "%{key}!%{name}" is not equal to is not "%{expectedValue}". Verify a service exists Verify the service "%{name}" exists. Verify a service is running Verify the service "%{name}" is running.

X X

X X X

Steps for Mac OS X Systems


The following table shows the steps that are available in Tasks for Mac OS X systems. Step Always fail Create a message window Destroy a message window Kill a process Launch a program Log a plist value Log an environment variable Log file attribute Log filenames matching regex Log message Log %{message} to %{type}. X Create a message window named "%{name}" with title "%{title}", message "%{message}" and timeout "%{timeout}" seconds. Destroy the message window named "%{name}". Kill the process "%{name}". Launch "%{path}\%{program}" with params "%{parms}". Description V X X X OS R X X X X ORS ORF

X X X

X X X

X X X

X X X

X X X

Administrator Guide, Version 5.3

269

Adding Steps to a Script

Step Search file system

Description Search for "%{name}" in "%{startingDirectory}" on "%{drives}" and "%{action}". Unzip "%{path}\%{file}" to "%{target}". Set the text in the message window named "%{name}" to "%{text}". Update policy and job schedule from the appliance. Upload "%{path}\%{file}" to the server. Verify that the directory "%{path}" exists. Verify that the file "%{path}\%{file}" exists. Verify that the file "%{path}\%{file}" was modified since "%{expectedValue}".

V X

OS

ORS ORF

Unzip a file Update message window text Update policy and job schedule Upload a file Verify a directory exists Verify a file exists Verify a file was modified since

X X X X X X X X X

X X

X X

X X

Verify a process is not Verify the process "%{name}" is not running. running Verify a process is running Verify a plist value equals Verify a plist value exists Verify a plist value greater than Verify a plist value less than Verify an environment variable equals Verify an environment variable exists Verify an environment variable greater than Verify an environment variable less than Verify at least one file matching regex exists Verify the process "%{name}" is running.

270

Administrator Guide, Version 5.3

Adding Steps to a Script

Step Verify count of filenames matching regex is greater than Verify count of filenames matching regex is less than Verify count of filenames matching regex Verify file info equals Verify file info greater than Verify file info less than

Description

OS

ORS ORF

Steps for Red Hat Enterprise Linux Systems


The following table shows the steps that are available in Tasks for RHEL (Red Hat Enterprise Linux) systems. Step Always fail Kill a process Launch a program Log an environment variable Log file attribute info Log filenames matching regex Log message Search file system Log %{message} to %{type}. Search for "%{name}" in "%{startingDirectory}" on "%{drives}" and "%{action}". Unzip "%{path}\%{file}" to "%{target}". Update policy and job schedule from the appliance. Upload "%{path}\%{file}" to the server. Verify that the directory "%{path}" exists. X X X Kill the process "%{name}". Launch "%{path}\%{program}" with params "%{parms}". Description V X X X X X OS R X X X X X X X ORS ORF

Unzip a file Update policy and job schedule Upload a file Verify a directory exists

X X X

Administrator Guide, Version 5.3

271

Adding Steps to a Script

Step Verify a file exists Verify a file was modified since

Description Verify that the file "%{path}\%{file}" exists. Verify that the file "%{path}\%{file}" was modified since "%{expectedValue}".

V X X X X

OS

ORS ORF

Verify a process is not Verify the process "%{name}" is not running. running Verify a process is running Verify an environment variable equals Verify an environment variable exists Verify an environment variable greater than Verify an environment variable less than Verify at least one file matching regex exists Verify count of filenames matching regex is greater than Verify count of filenames matching regex is less than Verify count of filenames matching regex Verify file info equals Verify file info greater than Verify file info less than Verify the process "%{name}" is running.

272

Administrator Guide, Version 5.3

C
Writing Custom Inventory Rules

This chapter describes how to inventory items that are not appearing in Software list by default. Custom Inventory rules allow you to automatically detect software and other items on a node. Capturing this information allows you to manage your custom Software items with Smart Labels, Distribution and Managed Installations, Scripting, and include additional details in Reports. Use the Custom Inventory rules if:

The software or item you want to inventory is not listed in Add/Remove Programs. Different versions of the same software have the same entry in Add/Remove Programs, either with incorrect or incomplete Display Version information. To write deployment rules, scripts, reports based on the presence of a Software Item or value that is not reported by the agent.

Understanding Custom Inventory Rules


Custom Inventory rules test or get the value of registry keys and entries, program, files, scripts, environment variables, system properties, and the output of commands. There are two types of rules:

Conditional rules that test whether or not a condition exists on the node. When a rule returns true, the agent reports the item as an Installed Program; when the rule returns false, the item does not appear as an Installed Program. Value Return rules that get data from the node and if the value exists the agent reports the item as an Installed Program and sets a corresponding Custom Inventory field.

Creating a Custom Inventory rule


You add Custom Inventory rules to the Custom Inventory field of the Inventory > Software > Custom_Item: Details page.

Administrator Guide, Version 5.3

273

Writing Custom Inventory Rules

See Chapter 5: To add software to Inventory manually, starting on page 93 for details.

How Custom Inventory Rules are implemented


You create a custom Software Item, add a Custom Inventory rule, and save the item. The agent receives the new rule during the first checkin after you created it. In the session the agent executes the rule and reports the finding back to the appliance. The agent runs all rules as well as any other processes scheduled for that session. Therefore, once the agent checks in, it could take several minutes to run all the rules and other processes before the agent reports the results. After the agent reports the results, the nodes Inventory > Computer Details page shows the results under Software in Installed Programs and/or Custom Inventory field.

274

Administrator Guide, Version 5.3

Writing Custom Inventory Rules

The Installed Program and Custom Inventory Field name. For example BIOSDATE, is the custom Software Items Display name (Title): BIOSDATE. The Software Items with Value Return rules that set a Custom Inventory Field also appear as Installed Programs. If the results you expect dont appear, verify that the node recently checked in. The check in time is shown in the Last Inventory field of the Inventory > Computers Detail page.

Understanding rule syntax


Conditional and Value Return rules use the following syntax: functionName(argument,argument,...) For specific information on functions and their arguments see:

Checking for conditions (Conditional rules), on page 276 Getting values from a node (Custom Inventory Field), on page 283 Matching file names with Regular Expressions, on page 287

Function syntax
Enter the functionName followed by an opening parentheses, enclose the arguments with a closing parentheses. No spaces are allowed between the name of the function and the opening parentheses.

Argument syntax
Enter argument syntax for all rules except command and regex (regular expression) as follows:

Separate arguments by commas. Commas are not allowed anywhere else in the string.

Administrator Guide, Version 5.3

275

Writing Custom Inventory Rules

Do not include single or double quotes. White space is trimmed from the front and back of each argument.

For example, the following syntaxes are the same: RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector, IE, 6.000) RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector,IE,6.000)

Checking for conditions (Conditional rules)


This section explains how to write Custom Inventory rules that identify whether or not (true/ false) a Software Item is installed. When using a conditional rule, if the rule returns true the Display name (Title) of the custom Software Item displays in the nodes inventory list under Installed Programs (Inventory > Details > Software > Installed Programs). The following screen shows a node with a custom Software Item, A1 IE custom inventory 7 , installed.

The following sections describe the rules that test for conditions:

Conditional rule reference Verifying if a Condition exists (Exists rules) Evaluating node settings (Equals rules) Comparing node values (Greater and Less Than rules) Testing for multiple conditions

When the rule returns false, the Software Item does not appear in Installed Programs in the nodes inventory list. You can also display a list of nodes that have the item installed from the Inventory > Software > Custom_item: Details page.

276

Administrator Guide, Version 5.3

Writing Custom Inventory Rules

Conditional rule reference


The following table provides a list of all available conditional rules with links to specific details on how to specify the arguments: Syntax Windows OS Mac OS X Linux Description

DirectoryExists(path) FileExists(path)

X X

X X

X X

Checks for a directory at the specified path on the node. Checks for a file at the specified path on the node. Include the name of the file and extension in the path. Verifies that the Version > File Version property of the file specified in the path matches the NUMBER value you entered. Verifies that the Version > File Version property of the file you specified as the path is lower than the NUMBER value you entered.

FileVersionEquals(path, version)

FileVersionLessThan(path, version)

FileVersionGreaterThan(path, version) ProductVersionEquals(path, version)

Verifies that the Version > File Version property of the file you specified is higher than the NUMBER value you entered. Verifies that the Version > Product Version property of the executable or installation file you specified matches the NUMBER value you entered. Verifies that the Version > Product Version property of the executable or installation file you specified is lower than the NUMBER value you entered. Verifies that the Version > Product Version property of the executable or installation file you specified is higher than the NUMBER value you entered. X X Verifies that the File Info property of the executable or installation file you specified is higher than the value you entered. Verifies that the File Info property of the executable or installation file you specified is lower than the value you entered.

ProductVersionLessThan(path, version)

ProductVersionGreaterThan(path, version)

FileInfoGreaterThan(fullpath, attribute, type, value) FileInfoLessThan(fullpath, attribute, type, value)

Administrator Guide, Version 5.3

277

Writing Custom Inventory Rules

Syntax Windows

OS Mac OS X Linux

Description

FileInfoEquals(fullpath, attribute, type, value) RegistryKeyExists(registryPath) RegistryValueEquals(registryPath, valueName, value) RegistryValueLessThan(registryPath , valueName, value) RegistryValueGreaterThan(registryP ath, valueName, value) EnvironmentVariableExists(var) EnvironmentVariableGreaterThan(var , type, value)

Verifies that the attribute of the executable or installation file you specified matches the value you entered. Verifies that a registry key exists. Verifies that a registry entry exactly matches the value you specify. Value is compared as TEXT. Verifies that the registry entry is lower than the value you specify. Value is a NUMBER. Verifies that the registry entry is higher than the value you specify. Value is a NUMBER.

X X

X X

Verifies that an environment variable with the name you specify exists. Verifies that the environment variable definition is higher than the value you specify. Only DATE (in the full format mm/dd/ yyyy hh:mm:ss) and NUMBER are valid types.

EnvironmentVariableLessThan(var, type, value)

Verifies that the environment variable definition is lower than the value you specify. Only DATE (in the full format mm/dd/ yyyy hh:mm:ss) and NUMBER are valid types. Verifies that the environment variable definition exactly matches the value you specify. All three types are valid, TEXT, DATE (in the full format mm/dd/yyyy hh:mm:ss), and NUMBER. Verifies that a named value exists in a PLIST file. Verifies that the named value is a DATE (in the full format mm/dd/yyyy hh:mm:ss) or NUMBER higher than the value you specified.

EnvironmentVariableEquals(var, type, value)

PlistValueExists(fullpath, entry) PlistValueGreaterThan(fullpath, entry, type, value)

X X

278

Administrator Guide, Version 5.3

Writing Custom Inventory Rules

Syntax Windows

OS Mac OS X Linux

Description

PlistValueLessThan(fullpath, entry, type, value)

Verifies that the named value is a DATE (in the full format mm/dd/yyyy hh:mm:ss) or NUMBER lower than the value you specified. Verifies that the named value is a TEXT, DATE (in the full format mm/dd/yyyy hh:mm:ss), or NUMBER that exactly matches the value you specified. You can specify a colon separated list of entries to match the value. Arrays and other valid PLIST datatypes are not supported.

PlistValueEquals(fullpath, entry, type, value)

Verifying if a Condition exists (Exists rules)


Rules whose name ends with Exists check for the presence of a file, directory, registry key, or other item. If the agent locates the item on the node, the rule returns true, and the item appears as an Installed Program. Use any of the following Exists rules:

DirectoryExists(path) FileExists(path) RegistryKeyExists(registryPath) EnvironmentVariableExists(var) PlistValueExists(fullpath, entry) FilenamesMatchingRegexExist(fullpath,regex)

ExampleCheck for a directory (folder)


The following example tests to see if the Windows directory exists on the node: DirectoryExists(C:\WINDOWS\)

ExampleCheck for a file


The following example verifies that the Notepad executable file exists on the node:

Administrator Guide, Version 5.3

279

Writing Custom Inventory Rules

FileExists(C:\WINDOWS\notepad.exe)

Evaluating node settings (Equals rules)


Rules whose name ends with Equals compare the value set on the node to the value you specify in the rule. The rules return true if the values exactly match. Rules that use arguments with set datatypes can only compare values of the same type. For example version is a NUMBER and therefore cannot match a value that includes an alpha or special character, even if you specify the character in the argument. Likewise, the value argument for RegistryValueEquals compares the values as TEXT, so a whole number such as 1 does not match a value of 1.0, 1.0.0, and so forth; it matches 1 only. Use any of the following Equals rules:

FileVersionEquals(path, version) ProductVersionEquals(path, version) FileInfoEquals(fullpath, attribute, type, value) RegistryValueEquals(registryPath, valueName, value) EnvironmentVariableEquals(var, type, value) PlistValueEquals(fullpath, entry, type, value) FilenamesMatchingRegexEqual(fullpath,regex,value)

ExampleTesting JAVA_HOME setting


To verify that the JAVA_HOME setting is C:\Program Files\Java\jdk1.6.0_02: EnvironmentVariableEquals(JAVA_HOME, TEXT, C:\Program Files\Java\jdk1.6.0_02)

ExampleTesting McAfee Registry Entry setting


To check the setting use the same format as the date in the entry: RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\McAfee\AVEngine, AVDatDate, 2010/03/01)

ExampleTesting Internet Explorer version


To verify that the Internet Explorer is version 6.0.2900.2180. Specifying the version as 6.0.2900.218 returns false.

280

Administrator Guide, Version 5.3

Writing Custom Inventory Rules

FileVersionEquals(C:\Program Files\Internet Explorer\iexplore.exe, 6.0.2900.2180)

ExampleDetecting Windows XP Service Pack 2


Windows XP Service Pack 2 appears in Add/Remove programs for machines that were originally on SP1 then upgraded to SP2 only. The default Software inventory for this item does not reflect machines that are already on SP2 because they were originally imaged at the SP2 level. When using the appliance to deploy Windows XP Service Pack 2 create the following Custom Inventory rule for a custom Software Item: RegistryValueEquals(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT \CurrentVersion,CSDVersion,Service Pack 2) You can then exclude nodes with this item installed to prevent the appliance from trying to deploy the SP2 to nodes that are already at that level (that is, SP1 machines that have been upgraded, as well as machines originally imaged with SP2).

Comparing node values (Greater and Less Than rules)


Functions whose names end with GreaterThan and LessThan compare NUMBER (integer) values only. Therefore, a value that contains an alpha or special character, such as versions that contain a letter (1.2.3B), do not compare correctly with this function. Use any of the following Greater Than and Less Than rules:

FileVersionGreaterThan(path, version) and FileVersionLessThan(path, version) ProductVersionGreaterThan(path, version) and ProductVersionLessThan(path, version) FileInfoGreaterThan(fullpath, attribute, type, value) and FileInfoLessThan(fullpath, attribute, type, value) RegistryValueGreaterThan(registryPath, valueName, value) and RegistryValueLessThan(registryPath, valueName, value) EnvironmentVariableGreaterThan(var, type, value) and EnvironmentVariableLessThan(var, type, value) PlistValueGreaterThan(fullpath, entry, type, value) and PlistValueLessThan(fullpath, entry, type, value) FilenamesMatchingRegexGreaterThan(fullpath,regex,value) and FilenamesMatchingRegexLessThan(fullpath,regex,value)

ExampleTesting if the Product Version is higher than 6.0 To verify that the product version is higher than 6.0:

Administrator Guide, Version 5.3

281

Writing Custom Inventory Rules

ProductVersionGreaterThan(C:\Program Files\Internet Explorer\iexplorer.exe, 6.0) To verify that the production version is 6 (that is equal to 6.0) or higher, enter the following: ProductVersionEquals(C:\Program Files\Internet Explorer\iexplorer.exe, 6.0) OR ProductVersionGreaterThan(C:\Program Files\Internet Explorer\iexplorer.exe, 6.0)

ExampleTesting for a Product Version range


To test if the product version is within a range, combine less than and greater than rules: ProductVersionGreaterThan(C:\Program Files\Internet Explorer\iexplorer.exe, 6.0) AND ProductVersionLessThan(C:\Program Files\Internet Explorer\iexplorer.exe, 8.0)

Testing for multiple conditions


You can join rules using AND and OR operators to test for multiple conditions. Using both AND and OR operators in the same Custom Inventory rule is not supported. Set up separate Software Items. Joining conditional rules produces the following results:

AND operator: All the rules must return true in order for the results to return true and report the Software Item as an Installed Program. OR operator: Only one rule must return true for the Software Item to be reported as an Installed Program.

Checking for multiple true conditions (AND)


Use the AND operator to join conditional rules in the Custom Inventory field when you want the item to be reported as an Installed Program only if all the rules are true. In the Custom Inventory field, join rules using the following syntax: Function(arguments...) AND Function(arguments) AND ... Separate the conditional statements from the operator with spaces.

ExampleChecking for a Registry Key and comparing values


To check for a registry key and a registry entry value on a Windows system use AND to combine the rules as shown below:

282

Administrator Guide, Version 5.3

Writing Custom Inventory Rules

RegistryKeyExists(registryPath) AND RegistryValueEquals(registryPath, valueName, value)

Checking for one true condition (OR)


When you join rules using the OR operator, if any of the rules in the Custom Inventory field are true, the software appears in the Installed Program list of the node. In the Custom Inventory field, join the rules using the following syntax: Function(arguments) OR Function(arguments) OR ... Separate the function statements and operator using a space.

ExampleChecking for either Registry value


To check that a registry entry is one value or another: RegistryValueEquals(registryPath, valueName, value) OR RegistryValueEquals(registryPath, valueName, value) To specify a range it use RegistryValueGreaterThan and RegistryValueLessThan rules joined by the AND operator.

Getting values from a node (Custom Inventory Field)


The rules that end with ValueReturn allow you t gather information from the node. Use these rules to get information that the agent normally does not. The returned values are set with the custom Software Item Display name (Title) in the node inventory. To display the list, go to Inventory > Details > Software > Custom Inventory Fields.

Use the Custom Inventory Field values to manage installs and distribute software as well as in reports, View by filtering, and Smart Label search criteria, or any other process that can be performed with a automatically detected setting. This section covers the following topics:

Administrator Guide, Version 5.3

283

Writing Custom Inventory Rules

Value Return rule reference Getting Registry key values Getting command output Getting PLIST values Getting multiple values

Value Return rule reference


The following table shows all available value return rules that you can use to set a Custom Inventory Field. Syntax Windows OS Mac OS X Linux Description

RegistryValueReturn(registryPath, valueName, X type) EnvironmentVariableReturn(var, type) X X

Returns the value of a registry entry, and sets the datatype to the one you specified. Returns the value of an environment variable, and sets the datatype to the one your specified. Returns the value of a file attribute, see valid types in Specifying a file attribute, on page 290. Returns the output of the command, and sets the datatype to TEXT. Returns the output of the command, and sets the datatype to DATE. Returns the output of the command, and sets the datatype to NUMBER. Returns the value of the PLIST key, and sets the datatype to TEXT, NUMBER, or DATE.

FileInfoReturn(path, attribute, type)

ShellCommandTextReturn(command) ShellCommandDateReturn(command) ShellCommandNumberReturn(command) PlistValueReturn(fullpath, entry, type)

X X X

X X X

X X X X

Getting File Information values


You can set the Custom Inventory Field to any of the Windows File Information attributes using the FileInfoReturn rule.

ExampleGetting Windows Internet Explorer Product Version


The following example sets the Custom Inventory Field for the Internet Explorer Product Version as a NUMBER. In the Custom Inventory field, enter the following:

284

Administrator Guide, Version 5.3

Writing Custom Inventory Rules

FileInfoReturn(C:\Program Files\Internet Explorer\iexplore.exe,ProductVersion,NUMBER) However, if the value contained a special or alpha character, specify the TEXT as the type. TEXT limits the operators you can use in queries in other features, such as Smart Label Search Criteria.

Getting Registry key values


Set the Custom Inventory Field to a registry key using the RegistryValueReturn rule. Where the registryPath (on left) is the path to the entry, the valueName (on right) is the key you want to return.

ExampleGetting the Internet Explorer ProductID key


To set the ProductID registry key as a Custom Inventory Field. RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Registration, ProductId, TEXT)

Getting command output


Command rules allow you to set the output of a command to a Custom Inventory Field. The command depends on the command interpreter and executable path on the node. For example, on Windows systems you can write MS-DOS commands, but not Cygwin-style UNIX commands unless Cygwin is installed and available in the default path for all users. Use any of the following rules to set the output of the command to a Custom Inventory Field:

ShellCommandTextReturn(command) ShellCommandDateReturn(command) ShellCommandNumberReturn(command)

Administrator Guide, Version 5.3

285

Writing Custom Inventory Rules

ExampleGetting uptime on a Mac OS X


To set the uptime as a Custom Inventory Field: ShellCommandTextReturn(/usr/bin/uptime averages://' | awk '{print $1}') | sed -e 's/.*load

The Uptime Return custom Software Item displays in the Custom Inventory Field.

Getting PLIST values


PlistValueReturn rules allow you to set a Property List (PList) key as a Custom Inventory Field.

ExampleGetting the system locale


To distribute software using Managed Installations based on the native language, enter the following rule to get computer locale and then create corresponding Smart Label that is applied to the machine based on the language code reported by the agent in the Custom Inventory Field: PlistValueReturn(~/Library/Preferences/GlobalPreferences.plist, AppleLocale, TEXT)

Getting multiple values


Join ValueReturn rules using either the AND or OR operator. The rule shows the software item as an Installed Program, if any of the values are not empty. The joined values are all set in the same Custom Inventory Field separated by the operator and therefore are technically considered for the purposes of Search Criteria, filters, reports, and other appliance processes as TEXT. ValueReturn rules joined by the: AND operator: All the values are reported in the Custom Inventory Field. OR operator: All values are reported in the Custom Inventory Field.

286

Administrator Guide, Version 5.3

Writing Custom Inventory Rules

In the Custom Inventory field, join rules using the following syntax: Function(arguments...) AND Function(arguments) AND ... Separate the conditional statements from the operator with spaces. Do not join AND and OR operators in the same rule.

Matching file names with Regular Expressions


This section describes the Regular Expression rules that match file names in Conditional and Value Return rules using a regular expression. Regular expressions match a character or the specified string to the file names in the directory you specified. The K1000 agent only provides functions that compare file names using regular expressions.

Understanding Regular Expressions


The purpose of this section is to provide a high-level introduction to regular expressions. For more information on writing regular expressions go to: http://msdn.microsoft.com/en-us/library/az24scfc.aspx. The following table provides an overview of basic regular expression syntax you can use to match file names: Character (any string) Description Entering non-special characters only matches any file name that contains the string. Example Expression abc Matches Myabc.txt abcFile.xls MyFile.abc From File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg

Dot matches any single character. When entered alone it matches all files.

File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg

Backslash escapes a special character, suppressing the special regular expression quantifier meaning. For example, to match all text files, enter: .*\.txt$

\.

Administrator Guide, Version 5.3

287

Writing Custom Inventory Rules

Character ^

Description Caret (and \A) matches the characters you specify to the start of the file name. Pipe separates a list of options to match. Dollar (and \Z or \z) matches the characters your specify to the end of the file name. Question mark makes the preceding character optional in matches.

Example Expression ^k Matches kinstaller.exe From install.exe runkbot.bat kinstaller.exe install.exe kinstaller.exe runkbot.bat MyStartupBat.doc MyStartup.bat

run|installer kinstaller.exe runkbot.bat bat$ MyStartup.bat

\.log10?$

a.log11 mylog.log10

app.log appconf.log2 mylog.log10 a.log11 afile.txt app.log appconf.log12 mylog.log10 a.log11 afile.txt app.log appconf.log12 mylog.log10 a.log11 afile.txt3 app.log appconf.log12 mylog.log10 a.log11 afile.txt3 app.log appconf.log12 mylog.log10 a.log11 afile.txt3

Asterisk matches the preceding character zero or more times.

\.log1*$

app.log appconf.log12 a.log11

Plus matches the preceding character one or more times.

ap+.*\.log

app.log appconf.log12

[]

[123] Brackets enclose a character class and matches any character within the brackets. Note that character class special character rules differ from normal regular expressions. Parentheses enclosing characters creates a back reference and matches the preceding characters and/or the enclosed characters. ap?+\.(log) [123]$

appconf.log12 mylog.log10 a.log11 afile.txt3

()

appconf.log12 a.log11

288

Administrator Guide, Version 5.3

Writing Custom Inventory Rules

Character {n}

Description Curly brackets repeats the preceding character the number of specified times, where n is greater than or equal to 1.

Example Expression a.{3}?+\. (log)[123]$ Matches appconf.log12 From app.log appconf.log12 mylog.log10 a.log11 afile.txt3

Regular Expression Rule Reference


The syntax of a regular expression rule varies slightly from the other File rules. Where the fullpath argument is a string that matches the absolute path to the file location, but does not include name of the file. And the file name is specified as a separate argument using a regular expression. The following table provides a list of rules that allow you to use regular expressions. Syntax Windows OS Mac OS X Linux Description

FilenamesMatchingRegexExist(fullpath,regex)

Returns true if any files in the specified directory match the file name you entered using a regular expression. True if the number of files that match is more than the value. True if the number of files that match is less than the value. True if the number of files that match is the same as the value. Sets the Custom Inventory Field to the matching file names (includes path).

FilenamesMatchingRegexGreaterThan(fullpat h,regex,value)

X X X X

X X X X

FilenamesMatchingRegexLessThan(fullpath,re X gex,value) FilenamesMatchingRegexEqual(fullpath,regex, X value) FilenamesMatchingRegexReturn(fullpath,rege x,type) X

Defining rule arguments


This section provides details on defining the arguments in a rule. For rule syntax see the tables in Checking for conditions (Conditional rules), on page 276, Getting values from a node (Custom Inventory Field), and Matching file names with Regular Expressions for more details on the specific rules they can be used in.

Administrator Guide, Version 5.3

289

Writing Custom Inventory Rules

Finding a path or file


path and fullpath are a string that specifies the absolute path to a directory or file on the node, for example: C:\Program Files\Mozilla Firefox\firefox.exe The agent locates the directory or file and performs the specific test.

Finding a registry key and entry


registryPath is a string that specifies the absolute path in the registry to a registry key, for example: HKEY_LOCAL_MACHINE/software/kace

Specifying a version
version is an integer (datatype is NUMBER) that the agent compares to the version of the item being tested on the node. For example, the FileVersionGreaterThan test returns true if the value you specify is higher than the version number of the file or folder and otherwise returns false. To test a range, join a Less Than and Greater Than rule as follows: FileVersionGreaterThan(C:\Program Files\Adobe\Acrobat\7.0\Acrobat\Acrobat.exe, 6.99) AND FileVersionLessThan(C:\Program Files\Adobe\Acrobat\7.0\Acrobat\Acrobat.exe, 8.00)

Specifying environment or user variables


var is a string that matches the actual name of the environment variable on the system. For example, to test that the Program Files directory variable is correctly set: EnvironmentVariableEquals(ProgramFiles, TEXT, C:\Program Files)

Specifying a file attribute


attribute is a system property, a file or folder property, or an agent assigned property on the node. The appliance provides operating system dependent argument types.

Using Windows file attributes


You can use the FileInfoGreaterThan, FileInfoLessThan, and FileInfoEquals functions to test a file property on Windows in the following syntax:
290 Administrator Guide, Version 5.3

Writing Custom Inventory Rules

FunctionName(fullpath, attribute, type, value) You can specify any type but the datatype indicated in the table below shows the Windows supported type: AccessedDate Comments CompanyName CreatedDate FileBuildPart FileDescription FileMajorPart FileMinorPart FileName FilePrivatePart FileVersion DATE TEXT TEXT DATE Last date and time the file was accessed. Additional information provided for diagnostic purposes. Name of the company that produced the file. When the file was created.

NUMBER/ Third position of the File Version, for example TEXT in version 1.2.3, 3=Build. TEXT File Description of the Windows file properties Details tab.

NUMBER/ First position of the File Version, for example TEXT in version 1.2.3, 1=Major. NUMBER/ Second position of the File Version, for TEXT example in version 1.2.3, 2=Minor. TEXT TEXT Current name of the file. Also see FileExists. Fourth position of the File Version, for example in version 1.2.3.4, 4=Private.

NUMBER/ Complete File Version shown on the file TEXT properties Details tab. Also see FileVersionEquals, FileVersionGreatThan, and FileVersionLessThan TEXT Internal name of the file, if one exists, such as the module name. If the file has no internal name, it is equal to the original filename, without an extension. Returns True (1) if the file contains debugging information or was compiled with debugging enabled; otherwise returns False (0). Returns True (1) if the provider marked the file as modified and it is not identical to the original shipped version; otherwise returns False (0). Returns True (1) if the provider marked the file as a development version, not a commercially released product; otherwise returns False (0).

InternalName

IsDebug

TEXT/ NUMBER TEXT/ NUMBER

IsPatched

IsPreRelease

TEXT/ NUMBER

Administrator Guide, Version 5.3

291

Writing Custom Inventory Rules

IsPrivateBuild

TEXT/ NUMBER

Returns True (1) if the provider marked the file as not built using standard release procedures; otherwise returns False (0). When True, file also has a PrivateBuild string. Returns True (1) if the provider marked the file as built by the original company using standard release procedures but is a variation of the standard file of the same version number; otherwise returns False (0). When True, file also has a SpecialBuild string. Language code, displays corresponding name on the File Properties Details tab. Copyright notices that apply to the file. Trademarks and registered trademarks that apply to the file. Last day and time the file was modified. Provides the full name of the file when it was put or installed on the node. Information about the version of the file.

IsSpecialBuild

TEXT/ NUMBER

Language LegalCopyright LegalTrademarks ModifiedDate OriginalFilename PrivateBuild ProductBuildPart ProductMajorPart ProductMinorPart ProductName

TEXT TEXT TEXT DATE TEXT TEXT

NUMBER/ Third position of the Product Version, for TEXT example in version 1.2.3, 3=Build. NUMBER/ First position of the Product Version, for TEXT example in version 1.2.3, 1=Major. NUMBER/ Second position of the Product Version, for TEXT example in version 1.2.3, 2=Minor. TEXT String that matches the Product Name of the Windows property. Fourth position of the Product Version, for example in version 1.2.3.4, 4=Private.

ProductPrivatePart NUMBER ProductVersion

NUMBER/ The full production version. TEXT Also see ProductVersionEquals, ProductVersionGreaterThan, and ProductVersionLessThan. TEXT Additional information about the build.

SpecialBuild

Testing for Linux and Mac file attributes


On Linux and Mac nodes you can use the following arguments to test file attributes: device_number inode number_links owner ID of device (disk) containing the file. inode number. Number of hard links to the file. User name of the person who owns the file.

292

Administrator Guide, Version 5.3

Writing Custom Inventory Rules

group size access_time modification_time creation_time block_size blocks

Group name of the file owner. File size. Time stamp of the last time the user or system accessed the file. Last time a change that was mode to the file was saved. When the file was created. The block size of the file. The number of blocks used by the file.

Specifying the datatype


type identifies the type of data you are testing or returning. The agent supports the following types:

TEXT a string. Only valid for exactly matching in conditional rules such as Equals. In ValueReturn rules, sets the Custom Inventory Field type to string and therefore limits search criteria and filtering to matching operators. NUMBER an integer. Valid in all conditional rules, allows you to specify a whole number for comparison. DATE must be in the format of MM/dd/yyyy HH:mm:ss for example 09/28/2006 05:03:51. Time is required, for example in a comparison such as greater than you must at least specify the time as 00:00:00.

Specifying values to test


value typically follows type except in a rule where the datatype is known, such as in a version rule. The value you specify must match the type, for more information see Specifying the datatype, on page 293.

Specifying the name of a registry entry (Windows only)


valueName is a string that matches the name of the registry entry you want to test. Used only in registry tests for Windows systems.

Specifying a PLIST key (Mac only)


entry is either NUMBER, TEXT, or DATE and matches a key in a PLIST file on a Mac OS X computer. In the entry argument, you can specify a colon separated list of keys to match.

Using a regular expression


regex is a regular expressions that matches a file name in a Conditional or Value Return rule. See Matching file names with Regular Expressions, on page 287 for more details.

Administrator Guide, Version 5.3

293

Writing Custom Inventory Rules

Defining commands
The shell command functions allow you to specify the command you want to run on the computer. The guidelines for writing rule arguments do not apply to command. However white space after the opening parentheses and immediately before the closing one is stripped from the command.

294

Administrator Guide, Version 5.3

D
Database Tables

This appendix contains a list of the table names used in the Dell KACE K1000 Management Appliance database.

K1000 Management Appliance Database Tables, on page 295.

K1000 Management Appliance Database Tables


Refer to the following table when creating custom reports. For more information, see Chapter 12: Running the K1000 Appliance Reports, starting on page 221. Table ADVISORY ADVISORY_LABEL_JT ASSET ASSET_ASSOCIATION ASSET_DATA_1 ASSET_DATA_2 ASSET_DATA_3 ASSET_DATA_4 ASSET_DATA_5 ASSET_DATA_6 ASSET_DATA_7 ASSET_FIELD_DEFINITION ASSET_FILTER ASSET_HIERARCHY ASSET_HISTORY ASSET_TYPE AUTHENTICATION CLIENTDIST_LABEL_JT CLIENT_DISTRIBUTION Component Service Desk Service Desk Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Assets Appliance Administration Appliance Administration Appliance Administration

Administrator Guide, Version 5.3

295

Database Tables

Table CUSTOM_FIELD_DEFINITION CUSTOM_VIEW DELL_INVENTORY DELL_INVENTORY_APPLICATION _DEVICE_JT DELL_INVENTORY_DEVICE_JT DELL_INVENTORY_LOG DELL_MACHINE_PKG_UPDATE_S TATUS DELL_MACHINE_STATUS DELL_PKG_LABEL_JT DELL_PKG_STATUS DELL_PKG_UPDATE_HISTORY DELL_SCHEDULE DELL_SCHEDULE_LABEL_JT DELL_SCHEDULE_OS_JT DELL_SCHEDULE_UPDATE_LABE L_JT FILTER FS FS_LABEL_JT FS_MACHINE_JT GLOBAL_OPTIONS HD_ATTACHMENT HD_CATEGORY HD_EMAIL_EVENT HD_FIELD HD_IMPACT HD_MAILTEMPLATE HD_PRIORITY HD_QUEUE HD_QUEUE_APPROVER_LABEL_J T HD_QUEUE_OWNER_LABEL_JT

Component Custom Fields Custom Fields Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Labeling File Synchronization File Synchronization File Synchronization Appliance Administration Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk

Service Desk

296

Administrator Guide, Version 5.3

Database Tables

Table HD_QUEUE_SUBMITTER_LABEL_ JT HD_SERVICE HD_SERVICE_TICKET HD_SERVICE_USER_LABEL_JT HD_STATUS HD_TICKET HD_TICKET_CHANGE HD_TICKET_CHANGE_FIELD HD_TICKET_FILTER HD_TICKET_RELATED HD_TICKET_RULE HD_WORK IM_CRON IPHONE_PROFILE IPHONE_PROFILE_LABEL_JT KBOT KBOT_CRON_SCHEDULE KBOT_DEPENDENCY KBOT_EVENT_SCHEDULE KBOT_FORM KBOT_FORM_DATA KBOT_LABEL_JT KBOT_LOG KBOT_LOG_DETAIL KBOT_LOG_LATEST KBOT_OS_FAMILY_JT KBOT_OS_JT KBOT_RUN KBOT_RUN_MACHINE KBOT_RUN_TOKEN KBOT_SHELL_SCRIPT KBOT_UPLOAD KBOT_VERIFY

Component Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Appliance Administration iPhone iPhone Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting

Administrator Guide, Version 5.3

297

Database Tables

Table KBOT_VERIFY_STEPS LABEL LABEL_LABEL_JT LDAP_FILTER LDAP_IMPORT_USER MACHINE MACHINE_CUSTOM_INVENTORY MACHINE_DAILY_UPTIME MACHINE_DISKS MACHINE_LABEL_JT MACHINE_NICS MACHINE_NTSERVICE_JT MACHINE_PROCESS_JT MACHINE_REPLITEM MACHINE_SOFTWARE_JT MESSAGE MESSAGE_LABEL_JT METER METER_COUNTER MI MI_ATTEMPT MI_LABEL_JT MSP_MI_TEMPLATE NODE NODE_LABEL_JT NODE_PORTS NODE_SNMP_IF NODE_SNMP_SYSTEM NOTIFICATION NTSERVICE NTSERVICE_LABEL_JT OBJECT_HISTORY

Component Scripting Labeling Labeling Labeling User Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Alerts Alerts Software Metering Software Metering Managed Installs Managed Installs Managed Installs Patching Network Scan Network Scan Network Scan Network Scan Network Scan Alerts Inventory Inventory Appliance Administration

MACHINE_STARTUPPROGRAM_JT Inventory

298

Administrator Guide, Version 5.3

Database Tables

Table OPERATING_SYSTEMS OVAL_STATUS PATCHLINK_MACHINE_STATUS PATCHLINK_PATCH_LABEL_JT PATCHLINK_PATCH_STATUS PATCHLINK_SCHEDULE PATCHLINK_SCHEDULE_DEPLOY _LABEL_JT PATCHLINK_SCHEDULE_DETECT _LABEL_JT PATCHLINK_SCHEDULE_LABEL_ JT PATCHLINK_SCHEDULE_OS_JT PATCHLINK_SCHEDULE_ROLLBA CK_LABEL_JT PATCH_FILTER PORTAL PORTAL_LABEL_JT PROCESS PROCESS_LABEL_JT PROVISION_CONFIG PROVISION_NODE REPLICATION_LANGUAGE REPLICATION_PLATFORM REPLICATION_SCHEDULE REPLICATION_SHARE REPORT REPORT_FIELD REPORT_FIELD_GROUP REPORT_JOIN REPORT_OBJECT REPORT_SCHEDULE SAVED_SEARCH SCAN_FILTER SCAN_SETTINGS

Component Inventory OVAL Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Labeling Service Desk Service Desk Inventory Inventory Appliance Administration Appliance Administration Replication Replication Replication Replication Reporting Reporting Reporting Reporting Reporting Reporting Appliance Administration Labeling Network Scan

Administrator Guide, Version 5.3

299

Database Tables

Table SETTINGS SOFTWARE SOFTWARE_LABEL_JT SOFTWARE_OS_JT STARTUPPROGRAM STARTUPPROGRAM_LABEL_JT THROTTLE USER USERIMPORT_SCHEDULE USER_HISTORY USER_KEYS USER_LABEL_JT USER_ROLE USER_ROLE_PERMISSION_VALU E

Component Appliance Administration Inventory Inventory Inventory Inventory Inventory Appliance Administration Service Desk Service Desk Service Desk Service Desk Service Desk Appliance Administration Appliance Administration

300

Administrator Guide, Version 5.3

E
Manually Deploying Agents

This appendix explains how to manually deploy the Dell KACE K1000 Management Appliance Agent on nodes using a command-line or terminal.

Overview of manual deployment


Manually deploying or upgrading the Agent is useful when you have problems with provisioning or want to use other means, such as email, scripting, and Group Policy/Active Directory:

Email To deploy Agents through email, you can send an email to your users that contains one of the following: Install file. Link to the appliance. Other Web location to retrieve the required installation file.

Using this method, your users can click a link and install the Agent.

Logon Scripts Logon scripts provide a great mechanism to deploy the Agent when you log onto a computer. If you use logon scripts, simply post the appropriate file in an accessible directory and create a logon script for the Agents to retrieve it.

You can find the installers for Windows, Macintosh, and Red Hat Linux in the following directory: \\k1000_hostname\client\agent_provisioning File share must be enabled to access the installers. See Enabling file sharing on page 67.

Updating the Agent


Manually updating the Agent depends on which version of the K1000 Agent that is installed on the target computer:

For 5.1 or later, install the Agent as described in this chapter for your platform.

Administrator Guide, Version 5.3

301

Manually Deploying Agents

For 5.0 or earlier, you must first uninstall the Agent on each target computer. See the documentation included with your version of the K1000 Management Appliance.

Resources for troubleshooting


If you have one or more computers that dont install or show up in Inventory:

Go to Dell KACE Support. Support contains whitepapers, articles, and a Knowledge Base that can help you with this issue and many other issues. Windows platforms: Windows security issues, on page 304 Windows debugging, on page 304

Linux (Red Hat): Linux Debugging, on page 307

Mac OS X: Macintosh Debugging, on page 309.

Manually installing the Agent on Windows


You can install the Agent on Windows using the Install Wizard or command lines. The Agent executable files are installed in:

Windows XP or earlier: C:\Program Files\Dell\KACE\ Window Vista and Windows 7: C:\Program Files (x86)\Dell\KACE\

The Agent configuration files, logs, and other data are stored in: Window Vista and Windows 7: C:\ProgramData\Dell\KACE Windows XP or earlier: C:\Documents and Settings\All Users\Dell\KACE

To manually install the Agent on Windows using the Install wizard


1. Go to the shared directory of the appliance server:
\\k1000_hostname\client\agent_provisioning\windows_platform

2. 3.

Copy the ampagent-5.3.buildnumber-x86.msi file to your local computer. Double-click the file to start the installation and follow the instructions in the install wizard. Be sure to enter the name of your K1000 server.

302

Administrator Guide, Version 5.3

Manually Deploying Agents

The node information appears in the appliance Inventory within a few minutes. Although the Agent automatically checks in, you can force a check in using the following command line: runkbot 4 0

To manually install the Agent on Windows using command lines


The options listed in Table E-1 on page 303 provide several different ways for installing the Agents on Windows Platforms. For example:

In a batch file, as part of a logon script, which runs the installer (msiexec) and sets various parameters, such as the value of the host. Set an environment variable for the server name and then run the installer. Change name of the installer, which automatically sets the server name during the install.

This method provides the following parameters: Table E-1: Command line parameters for the Agent Description Windows Installer Tool Install flag Uninstall flag Silent install Log verbose output Auto set host name msiexec or msiexec.exe /i Example: msiexec /i ampagent-5.3.12345-x86 /x Example: msiexec /x ampagent-5.3.12345-x86 /qn Example: msiexec /qn /i ampagent-5.3.12345-x86 /L*v log.txt rename agent_installer.msi_hostname.msi (Renames the install file to the name of the server name, which automatically sets the host name.) Example: msiexec /qn /i ampagent-5.3.32941x86_k1000.kace.com.msi PROPERTY=value (Must use ALL CAPS.) Example: msiexec /qn /i ampagent-5.3.32941-x86.msi HOST=k1000.kace.com Parameter

Set properties

Administrator Guide, Version 5.3

303

Manually Deploying Agents

Table E-1: Command line parameters for the Agent Description Set server name Parameter set KACE_SERVER=k1000name (Must be followed by an msiexec call to install.) Example: set KACE_SERVER=kbox msiexec /i ampagent-5.2.12345-x86

The ordering of setting the host is as follows: 1. 2. 3. 4. If the installer contains the name of host, use that. If KACE_SERVER is set, use that. If amp.conf has a server, use that. If smmp.conf has a server, use that (when updating from 5.1).

Do not leave empty. Do not set to kbox. Otherwise, the agent will NOT connect to the server.

Windows security issues


Windows security may prevent the initial provisioning from the K1000. To allow provisioning, use the following command lines to open up the firewall and configure settings.

reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v ForceGuest /t REG_DWORD /d 0 /f reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system / v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v FdenyTSConnections /t REG_DWORD /d 0 /f netsh.exe firewall set service type=FILEANDPRINT mode=ENABLE scope=ALL netsh.exe firewall set service type=REMOTEADMIN mode=ENABLE scope=ALL

Windows debugging
1. 2. Open a command window. (Windows Vista and Windows 7 require Run as administrator privileges.) Stop the Agent: net stop ampagent 3. Add the following line to the amp.conf file: debug=true This file is located in: Window Vista and Windows 7: C:\ProgramData\Dell\KACE

304

Administrator Guide, Version 5.3

Manually Deploying Agents

Windows XP or earlier: C:\Documents and Settings\All Users\Dell\KACE 4. Start the Agent: net start ampagent The output is recorded in various K1000 Agent logs. The Agent normally checks in using the Run Interval schedule specified in the K1000 Agent Settings page. However, you can force a check in outside of the normal schedule by going to C:\Program Files\Dell\KACE\ or C:\Program Files (x86)\Dell\KACE\ and entering: runkbot 4 0

Installing and Configuring the Agent on Linux


This section provides information for installing and configuring the Agent on Linux.

To install the Agent


You must have the K1000 Agent installation file on your computer. 1. 2. Open a terminal from Applications > System Tools. At the command prompt, set the name of the server and install the Agent: sudo KACE_SERVER=k1000name rpm -ivh ampagent-5.2.35800-1.i386.rpm The Agent is installed in the following directories: 3. /opt/dell/kace/bin/ where the Agent executable files are installed. /var/dell/kace/ where the Agent configuration, logs, and other data is stored.

To force the Agent to check in, enter: sudo /opt/dell/kace/bin/runkbot 2 0

To install from startup or login


You can install the Agent for any user starting or logging in to a Linux system. You can set the name by adding the following command to the root directory: export KACE_SERVER=k1000name The export call must precede the call to the installer. For example: export KACE_SERVER=k1000name rpm -ivh k1000agent-12345.i386.rpm The ordering of setting the host is as follows: 1. 2. 3. If the installer contains the name of host, use that. If KACE_SERVER is set, use that. If amp.conf has a server, use that.

Administrator Guide, Version 5.3

305

Manually Deploying Agents

4.

If smmp.conf has a server, use that (when updating from 5.1).

Do not leave empty. Do not set to kbox. Otherwise, the agent will NOT connect to the server.

To upgrade the Agent


You must have the K1000 Agent installation file on your computer. 1. 2. Open a terminal from Applications > System Tools. At the command line prompt, enter: rpm -uvh k1000agent-linux_buildnumber.rpm

To start and stop the Agent


1. 2. Open a terminal from Applications > System Tools. Perform the following: To start the Agent, enter: sudo /etc/rc.d/init.d/AMPctl start To stop the Agent, enter: sudo /etc/rc.d/init.d/AMPctl stop

To manually remove the Agent


1. 2. Open a terminal from Applications > System Tools. At the command line prompt, enter: sudo rpm -e ampagent 3. (Optional) Remove the kace directory: rm -rf /var/dell/kace/

Other Agent operations


This section describes the various tasks you can perform to manage the Agent using a terminal.

To check that the Agent is running


1. 2. Open a terminal from Applications > System Tools. At the command line prompt, enter: ps aux | grep AMPAgent This output indicates that the process is running:

306

Administrator Guide, Version 5.3

Manually Deploying Agents

root 6100 0.0 3.9 3110640 20384 ? opt/dell/kace/bin/AMPAgent --daemon

Ssl

Mar03

0:00 /

To check the version of the Agent


1. 2. Open a terminal from Applications > System Tools. At the command line prompt, enter: rpm -q ampagent The version number is reported.

To run an Inventory check


1. 2. Open a terminal from Applications > System Tools. Go to the following folder: /opt/dell/kace/bin/ 3. To run an inventory and send to the K1000: sudo ./runkbot 2 0 4. To manually run an inventory: sudo ./inventory 5. To save the inventory results to a file, enter: sudo /opt/dell/kace/bin/inventory > `hostname`.txt This command saves the inventory results to a file that is based on the name of your computer.

Linux Debugging
1. 2. Open a terminal from Applications > System Tools. Stop the Agent: sudo /etc/rc.d/init.d/AMPctl stop 3. Set debug to true in the amp.conf file in /var/dell/kace/data: cat<<eof/var/dell/kace/data/amp.conf debug=true eof 4. Start the Agent: sudo /etc/rc.d/init.d/AMPctl start The output is recorded in various K1000 Agent Logs. The Agent normally checks in using the Run Interval schedule specified in K1000 Agent Settings page. However, you can force a check in outside the normal schedule by going to /Library/Application Support/Dell/ KACE/bin/ and running: runkbot 2 0

Administrator Guide, Version 5.3

307

Manually Deploying Agents

To Install and Configure the Agent on Mac OS Nodes


This section provides information for installing the Agent on Mac OS. Additional options are described in Using shell scripts to install the Agent, on page 310. Some commands must be run as root. Proceed with su or sudo as required.

To install or upgrade the Agent


You must have the K1000 Agent installation file on your computer. 1. 2. 3. Double-click ampagent-5.3.buildnumber.dmg. Double-click AMPAgent.pkg. Follow the instructions in the installer. Be sure to enter the name of your K1000 server. The installer creates the following directories on your computer: /Library/Application Support/Dell/KACE/ where the Agent executable files are installed. /Library/Application Support/Dell/KACE/data/ where the Agent configuration, logs, and other data is stored.

To start or stop the Agent


1. 2. Open a terminal from Applications > Utilities. Go to the following folder: cd Library/Application Support/Dell/KACE/bin 3. Perform the following: To start the Agent, enter: ./AMPctl start To stop the Agent, enter: ./AMPctl stop

To manually remove the Agent


1. 2. Open a terminal from Applications > Utilities. Use su or sudo: SystemStarter stop AMPAgent rm -rf /Library/Application\ Support/Dell rm -rf /Library/StartupItems/AMPAgent rm -rf /Library/LaunchDaemons/kace.ampagent.bootup.plist

308

Administrator Guide, Version 5.3

Manually Deploying Agents

pkgutil --forget com.kace.ampagent The agent is removed.

Other Agent operations


This section describes the various tasks you can perform to manage the Agent using a terminal.

To check that the Agent is running


1. 2. Open a terminal from Applications > Utilities. Enter the following command: ps aux | grep AMPAgent This output indicates that the process is running: root 2159 0.0 1.1 94408 12044 p2 S 3:26PM 0:10.94 /Library/ Application Support/Dell/KACE/AMPAgent

To check the version of the Agent


1. 2. Open a terminal from Applications > Utilities. Enter: cat /Library/Application\ Support/Dell/KACE/data/version The version number is reported.

To run an Inventory check


1. 2. Open a terminal from Applications > Utilities. Go to the following folder: cd /Library/Application\ Support/Dell/KACE/bin/ 3. To run an inventory and send to the K1000: sudo ./runkbot 2 0

4.
5.

To manually run an inventory:


sudo ./inventory To save the inventory results to a local file: sudo ./inventory > computer_name.txt This command saves the inventory results to a file named computer_name.txt, where computer_name is the computer name that you specified.

Macintosh Debugging
1. Open a terminal from Applications > Utilities.

Administrator Guide, Version 5.3

309

Manually Deploying Agents

2.

Go to the following folder: cd Library/Application Support/Dell/KACE/bin

3.

Stop the Agent: ./AMPctl stop

4.

Add the following line to the end of the amp.conf file in /Library/Application\ Support/Dell/KACE/data: debug=true

5.

Start the Agent: ./AMPctl start

The output is recorded in various K1000 Agent logs. The Agent normally checks in using the Run Interval schedule specified in K1000 Agent Settings page. However, you can force a check in outside the normal schedule by going to /Library/Application Support/Dell/ KACE/bin/ and running: runkbot 2 0

Using shell scripts to install the Agent


The K1000 Management Appliance provides options that are useful when using shells scripts to install the Agent: 1. 2. 3. hdiutil attach ./ampagent-5.3.12345-all.dmg sudo sh -c 'KACE_SERVER=k1000name installer -pkg /Volumes/Dell_KACE/AMPAgent.pkg -target /' hdiutil detach '/Volumes/Dell KACE' The export call must proceed the install call (for example, sudo export KACE_SERVER=k1000name installer -pkg '/Volumes/Dell KACE/ AMPAgent.pkg' -target / The ordering of setting the host is as follows: 1. 2. 3. 4. If the installer contains the name of host, use that. If KACE_SERVER is set, use that. If amp.conf has a server, use that. If smmp.conf has a server, use that (when updating from 5.1).

Do not leave empty. Do not set to kbox. Otherwise, the agent will NOT connect to the server. For information about using shell scripts and command lines, see http:// developer.apple.com.

Information collected by the Agent


The Computers : Detail Item page displays the information collected by the Agent.
310 Administrator Guide, Version 5.3

Manually Deploying Agents

To access the Computers : Detail page


1. Go to Inventory > Computers. The Computer Inventory page appears. 2. Select a computer to view. The Computers : Detail Item page appears. The following table describes each of the detail areas on this page. To expand the sections, select Expand All. The fields that are displayed depend on the type of computer and its operating system. Item Summary Name Model Chassis Type IP Address MAC RAM Total Processors OS Name Service Pack Agent Version User Name AMP Connection Last Inventory Record Created Disk Inventory Information Hardware RAM Total Ram Used Manufacturer Model Total amount of RAM. How much RAM is used. Computer manufacturer. Computer model. Name of the computer. Computer model. Type of computer, such as desktop or laptop. IP address of the computer. Media Access Control address number. Amount of Random-access memory. Number of CPUs and type. Type of operating system, such as Windows, Macintosh, or Linux. Service Pack version number (Windows only). K1000 Agent version number. Name of most recent user. (Some computers might have multiple users). Time of last connection to the K1000 Agent. Time of latest inventory. Time that the inventory record was created. Number of disk drives, type and size of the file system, and amount of disk space used. Description

Administrator Guide, Version 5.3

311

Manually Deploying Agents

Item Domain Motherboard Processors CD/DVD Drives Sound Devices Video Controllers Monitor BIOS Name BIOS Version BIOS Manufacturer BIOS Description BIOS Serial Number Disk Printers Network Interfaces K1000 Agent Agent Version AMP Version AMP Connected KACE ID Database ID Last Inventory Last Sync Last Agent Update User User Logged User Name User Domain Operating System Name Version Build Agent Version. Name of domain.

Description

Main and peripheral buses. CPU count, type, and manufacturer. Configuration of drives installed on the computer. Installed audio devices. Installed video controllers Type and manufacturer of the monitor. BIOS version. BIOS version. BIOS Manufacturer. BIOS Description. BIOS serial number. Number of disk drives, type and size of file system, and amount of disk space used. The printers that the computer is configured to use. Type of network interface, IP Address, MAC address, and whether DHCP is enabled or disabled.

Version of Agent Messaging Protocol. Time of the last connection to the K1000 Agent. KACE ID. Database ID. Time of latest inventory. Time the computer last checked in to the appliance. Time when the Agent was updated. The user currently logged into the computer. User name. The domain that the user belongs to. Name of the operating system. Version number of the operating system. Build of the operating system.

312

Administrator Guide, Version 5.3

Manually Deploying Agents

Item Number Architecture Installed Date Last System Reboot Last System ShutDown Uptime Since Last Reboot System Directory Registry Size Registry Max Size Notes Software Installed Programs Custom Inventory Fields. Virtual Application Kontainers Uploaded Files

Description Build number of the operating system. Operating system architecture, such as PPC or x64. Date of operating system installation. Last time the operating system was rebooted. Last time the operating system was turned off. How long the operating system has been up. Location of the system directory. Size of the registry. Maximum size of the registry. You can enter any additional information in this field. List of the software and versions installed on the computer. Lists any Custom Inventory fields created for this machine, along with the field name and value. List any Virtual Kontainers on the computer. You use Virtual Kontainers to create virtual versions of supported applications, and deploy and run them on the nodes you administer. Lists the files that have been uploaded to the K1000 Management Appliance from this computer using the upload a file script action. Installed Microsoft Patches. List of running processes. List of startup programs. List of services. The labels assigned to this computer. Labels are used to organize and categorize inventory and assets. Lists any failed managed installs. Managed installations allow deploying software that require installation files. List of managed installations that will be sent to the computer the next time it connects with the appliance. Lists any Service Desk Tickets assigned or submitted by any user of the computer. Lists the patches detected and deployed on the computer.

Installed Patches via Inventory Running Processes Startup Programs Services Activities Labels Failed Managed Installs To Install List Service Desk Tickets Security Patching Detect/Deploy Status

Administrator Guide, Version 5.3

313

Manually Deploying Agents

Item Threat Level 5 List OVAL Vulnerabilities FDCC/SCAP Configuration Scans Logs K1000 Agent Logs Portal Install Logs Scripting Logs Asset Asset Information Related Assets Asset History

Description Lists any threats that are harmful to any software, process, startup item, or service. Results of OVAL Vulnerability tests run on this computer. Results of FDCC/SCAP Configuration Scans run on this computer. Contains the logs for the K1000 Agent application. A question mark indicates that its status is unknown. Details about User Portal packages installed on this machine. Configuration Policy scripts that have been run on this computer, along with the available status of any scripts in progress. Lists when the record was created and last modified; the asset type, such as computer; and the name of the asset. Lists any related assets. Lists the changes done to the asset of the computer along with the date and time when each change was done.

314

Administrator Guide, Version 5.3

F
Understanding the Daily Run Output
The daily run output is automatically sent to the System Administrator by email every night at 2:00 AM. This appendix contains a sample of the daily run output. Your output may differ from the sample shown. The following syntaxes are the standard freebsd maintenance messages:


Filesystem /dev/ twed0s1a devfs /dev/ twed0s1f /dev/ twed0s1e /dev/ twed0s1d /dev/ twed1s1d

Removing stale files from /var/preserve: Cleaning out old system announcements: Removing stale files from /var/rwho: Backup password and group files: Verifying group file syntax: Backing up mail aliases: Disk status:

1K-blocks 2026030 1 134105316 10154158 2026030 151368706

Used 36780 1 1003568 6365810 3858 2722542

Avail 1827168 0 122373324 2976016 1860090 136536668

Capacity 2% 100% 1% 68% 0% 2%

Mounted on / /dev /kbox /usr /var /kbackup

Administrator Guide, Version 5.3

315

Understanding the Daily Run Output

The above table reports information about your disks. Those of interest are /kbox and /kbackup. /kbox contains all the software for the appliance server. It is also contains the software packages uploaded to the server. If this drive starts getting close to full you must remove old unused packages or contact KACE for an upgrade. /kbackup is the drive where /kbox is backed up. It is generally as full as the / kbox. If it is close to full, you must remove old unused packages or contact KACE for an upgrade.

Network interface status: Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll em0 1500 00:30:48:73:07:4c 332146 0 204673 0 0 em0 1500 192.168.2 kboxdev 308055 201832 em0 1500 fe80:1::230:4 fe80:1::230:48ff: 0 4 em1* 1500 00:30:48:73:07:4d 0 0 0 0 0 plip0 1500 0 0 0 0 0 lo0 16384 699 0 699 0 0 lo0 16384 your-net localhost 699 699 lo0 16384 localhost ::1 0 0 lo0 16384 fe80:4::1 fe80:4::1 0 0

316

Administrator Guide, Version 5.3

Understanding the Daily Run Output

The above table reports information about the network status of the appliance. Make sure the Ierrs/Oerrs are zero. Other values indicate some sort of network failure. If you notice consistent errors, contact KACE support for assistance.

Local system status: 3:04PM up 3 days, 4:12, 0 users, load averages: 0.05, 0.20, 0.15 The above indicates the amount of time the appliance has been up since the last time it was powered off. There will not be any users logged onto the machine. The load averages vary depending on the load on appliance was when this report was run.

Mail in local queue: /var/spool/mqueue is empty Total requests: 0 Mail in submit queue: /var/spool/clientmqueue is empty Total requests: 0 Security check: (output mailed separately) Checking for rejected mail hosts:

Administrator Guide, Version 5.3

317

Understanding the Daily Run Output

Checking for denied zone transfers (AXFR and IXFR): tar: Removing leading /' from member names The messages above are the standard freebsd messages regarding the health of the mail systems. There should not be mail in the queues. However, if an item still exists, check your SMTP settings from the Settings > Network Settings page.

[Thu Mar 17 15:05:31 PST 2005] K1000 Backup: Backup Complete. Backup files available for off-box storage via ftp. The above message indicates an appliance-specific message telling you that the backups have been successfully completed and are on the /kbackup disk, available through the ftp interface.

[Thu Mar 17 15:05:31 PST 2005] K1000 RAID Status Disk Array Detail Info not available during a rebuild. If Rebuild in progress,% completion listed below Disk Array Detail Status: Unit UnitType Status %Cmpl Port Stripe Size(GB) Blocks ---------------------------------------------------------------------u0 RAID-1 OK 149.05 312579760 u0-0 DISK OK p0 149.05 312579760 u0-1 DISK OK p1 149.05 312579760 Disk Array REBUILD Status: /c0/u0 is not rebuilding, its current state is OK The above table indicates the status of your raid drives. If you ever see the disks degraded or not rebuilding properly, contact KACE support to address the problem.

[Thu Mar 17 15:05:31 PST 2005] K1000 Database Maintenance Daily routines to maintain database performance. DB Table Maintenance Log: # Connecting to localhost... # Disconnecting from localhost... ORG.ADVISORY OK ORG.AUTHENTICATION OK ORG.CATEGORY OK ORG.CLIENT_DISTRIBUTION OK ORG.FILTER OK

318

Administrator Guide, Version 5.3

Understanding the Daily Run Output

ORG.FS ORG.FS_LABEL_JT ORG.GLOBAL_OPTIONS ORG.LABEL ORG.LDAP_FILTER ORG.LICENSE ORG.LICENSE_MODE ORG.MACHINE ORG.MACHINE_CUSTOM_INVENTORY ORG.MACHINE_DISKS ORG.MACHINE_LABEL_JT ORG.MACHINE_NICS ORG.MACHINE_PROCESS ORG.MACHINE_SOFTWARE_JT ORG.MACHINE_STARTUP_PROGRAMS ORG.MESSAGE ORG.MESSAGE_LABEL_JT ORG.MI ORG.MI_LABEL_JT ORG.NETWORK_SETTINGS ORG.NOTIFICATION ORG.OPERATING_SYSTEMS ORG.PORTAL ORG.PORTAL_LABEL_JT ORG.PRODUCT_LICENSE ORG.REPORT ORG.SCHEDULE ORG.SERVER_LOG ORG.SOFTWARE ORG.SOFTWARE_LABEL_JT ORG.SOFTWARE_OS_JT ORG.THROTTLE ORG.TIME_SETTINGS ORG.TIME_ZONE ORG.USER ORG.USER_HISTORY ORG.USER_KEYS ORG.USER_LABEL_JT -- End of daily output --

OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK

The database is checked every night for any inconsistencies, and these are automatically repaired. If you see any failures from this output, contact Dell KACE Support for assistance.

Administrator Guide, Version 5.3

319

Understanding the Daily Run Output

320

Administrator Guide, Version 5.3

G
K1000 Classic Reports

The Dell KACE K1000 Management Appliance 5.3 includes a new reporting engine. See Running the K1000 Appliance Reports on page 221. This appendix contains information on using Reporting from the 5.2 version. These reports are listed under the Classic Reports tab.

Reporting Overview, on page 321 Running Reports, on page 322 Creating and Editing Reports, on page 322 Scheduling Reports, on page 328

Reporting Overview
The K1000 Management Appliance is shipped with many stock reports; select Reporting > Reports to view the list. The reporting engine utilizes XML-based report layouts to generate reports in HTML, PDF, CSV, TXT, and XSL formats. By default, the appliance provides reports in the following general categories:

Compliance Dell updates Hardware Service Desk iPhone K1000 Network Patching Power Management

Administrator Guide, Version 5.3

321

K1000 Classic Reports

Security Software Template

You can duplicate and modify these reports as necessary. However, a strong knowledge of SQL is required to successfully change a report. Opening a CSV file containing multibyte characters with Microsoft Excel may yield "garbage characters" in the resulting worksheet. See Dell KACE Support for instructions on how to import the CSV file into an Excel worksheet.

Running Reports
To run any of the K1000 Management Appliance reports, click the desired format type (HTML, PDF, CSV, XLS, or TXT). For the HTML format, the report is displayed in a new window. If you select PDF, CSV, XLS, or TXT formats, you can open the file or save it to your computer.

Creating and Editing Reports


If you have other reporting needs not covered by default reports, you can:

Create a new report from scratch. Modify one of the templates provided in the K1000 Management Appliance Template category. Duplicate an existing reportanother way to create a report is to open an existing report and create a copy of it. You can modify the copy to suit your needs. Create a new report using the Report Wizard.

You can create a report using the Table or Chart presentation type:

The Table presentation type is a tabular report with optional row groupings and summaries. The Chart presentation type is a bar, line, or pie chart.

To create a new report using the table presentation type


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Click Reporting > Reports. The K1000 Reports page appears.

322

Administrator Guide, Version 5.3

K1000 Classic Reports

2. 3.

In the Choose Action menu, click Add New Report. Enter the report details as shown: Enter a display name for the report. Make this as descriptive as possible, so you can distinguish this report from others. Enter the category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page. Describe the information that the report will provide.

Report Title Report Category Description 4. 5. 6. 7.

Click the appropriate topic name from the Available Topics list. For example, software. Click the Table presentation type icon. Click Next. Choose table columns: a. Click the Appropriate column name from the Available columns list. b. Click to add that column to the Display Columns list. You can change the column order by clicking or . c. To remove a column from the Display list, click the appropriate column and click .

8. 9.

Click Next. To define the criteria for displaying records in the report: a. Click the appropriate field name from the Available Fields list. Columns that you chose in the previous step appear under display fields. You can also choose a field from among all fields available for that topic. For example, Threat Level. b. Click Add. c. Select the appropriate operator from the comparison drop-down list. For example, Greater Than. d. Enter the appropriate value in the text field, for example, 3. This rule will filter the data and display only software that has Threat Level greater than 3. e. Click OK. The rule is added in the list of Current Rules. You can add more than one rule. f. Click to remove a rule from the list of Current Rules.

g. Select the Use Expanded logic check box to use expanded logic. Expanded logic enables you to define a syntactic structure for your rules to override operator precedence. h. Click Check Syntax to check whether the rule syntax is valid. i. Once you add more than one rule, you can click Move Up or Move Down to change the order of rules. 10. Click Next.

Administrator Guide, Version 5.3

323

K1000 Classic Reports

11. To choose columns to be displayed in the report: a. Click the Appropriate column name from the Available columns list. b. Click to add that column to the Display Columns list. You can change the column order by clicking or . c. To remove a column from the Display list, click the appropriate column and click 12. Click Next. 13. (Optional) Customize the report layout. You can drag to set column order, width and add spacers. You can drag and drop between columns as well as between columns and spacer. Click on the column and report headings for further menu of labels, grouping, summary, and other options. The available options are: Title Spacer Column Click the report title to select title and page options. Click spacer to add an empty column. Click column to select various column options. .

14. Click Save to save the report. The K1000 Reports page is displayed with the new report in the list. To run the new report, click the desired format (HTML, PDF, CSV, XLS, or TXT). For the HTML format, the report is displayed in a new window. If you select PDF, CSV, XLS, or TXT formats, you can open the file or save it to your computer. You can jump to steps 1-5 of the Reporting Wizard. Step 1 and Step 2 are mandatory and cannot be left blank.

To create a new report using the chart presentation type


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Click Reporting > Reports. The K1000 Reports page appears. 2. 3. In the Choose Action menu, click Add New Report. Enter the report details as shown below: Enter a display name for the report. Make this as descriptive as possible, so you can distinguish this report from others. Enter the category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page. Describe the information that the report will provide.

Report Title Report Category Description

324

Administrator Guide, Version 5.3

K1000 Classic Reports

4. 5. 6. 7.

Click the appropriate topic name from the Available Topics list. For example, software. Click the Chart presentation type icon. Click Next. To choose table columns: a. Click the Appropriate column name from the Available columns list. b. Click to add that column to the Display Columns list. You can change the column order by clicking or . c. To remove a column from the Display list, click the appropriate column and click .

8. 9.

Click Next. To define the criteria for displaying records in the report: a. Click the Appropriate field name from the Available Fields list. Columns that you chose in the previous step appear under display fields. You can also choose a field from among all fields available for that topic. For example, Threat Level. b. Click Add. c. Select the appropriate operator from the comparison drop-down list. For example, Greater Than. d. Enter the appropriate value in the text field. For example, 3. This rule will filter the data and display only software that has Threat Level greater than 3. e. Click OK. The rule is added in the list of Current Rules. You can add more than one rule. f. Click to remove a rule from the list of Current Rules.

g. Select the Use Expanded logic check box to use expanded logic. Expanded logic enables you to define a syntactic structure for your rules to override operator precedence. h. Click Check Syntax to check whether the rule syntax is valid. i. Once you add more than one rule, you can click Move Up or Move Down to change the order of rules. 10. Click Next. 11. Select the appropriate chart type from the following: Simple 3-D Bar: Displays categories along the X-axis, values along the Y-axis. 3-D Pie: Displays a slice for each category. The corresponding value determines the size of the slice. Line: Displays categories or dates along the X-axis, values along the Y-axis.

12. Select the appropriate category field from the Category Field drop-down list.

Administrator Guide, Version 5.3

325

K1000 Classic Reports

13. Select the summary from the Summary drop-down list, beside appropriate Value field name. If you have more than one Value field, you can change the value field order by clicking or . 14. Select the Show legend check box to display a legend in the chart. 15. Specify the Chart width and Chart height in pixels, in the text fields. 16. Click Save to save the report. The K1000 Reports page is displayed with the new report in the list. You can jump to steps 1-5 of the Reporting Wizard. Step 1 and Step 2 are mandatory and cannot be left blank.

To duplicate an existing report


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. The steps for duplicating a regular report and a SQL report are similar. However, regular reports have a report wizard. 1. Click Reporting > Reports. The K1000 Reports page appears. 2. Click the report title you want to duplicate. Depending on the type of report, the K1000 Report: Edit Detail page or the Report Wizard page appears. 3. 4. 5. Click Duplicate. Modify the report details as necessary. Click Save.

Refer to Appendix B: Adding Steps to a Script, starting on page 265.

To create a new report from scratch


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Click Reporting > Reports. The K1000 Reports page appears. 2. In the Choose Action menu, click Add New SQL Report. The K1000 Report: Edit Detail page appears. 3. Title Specify the following report details: A display name for the report. Make this as descriptive as possible to distinguish this report from others.

326

Administrator Guide, Version 5.3

K1000 Classic Reports

Report Category Output File Name Description Output Types SQL Select Statement Break on Columns

The category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page. The name for the file generate when this report is run. Describe the information that the report provides. Select the appropriate formats that should be available for this report. The query statement that will generate the report data. For reference, consult the MYSQL documentation. A comma-separated list of SQL column names. The report will generate break headers and sub totals for these columns. This setting refers to the autogenerated layout. Click this check box to regenerate the XML Report Layout using new columns. If you changed only a sort order or a where clause, you don't need to recreate the layout. If you changed the columns that the query returns, the XML Report Layout is regenerated based on your SQL.

XML Report Layout

4.

Click Save. The K1000 Management Appliance reports use JasperReports open source JRXML format. Use the JasperReports iReports tool to change the way your reports are formatted. Information and documentation are available at: http://jasperforge.org/. Once you click Save, the report wizard is disabled for that report.

To edit a report using SQL Editor


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Go to Reporting > Reports. The K1000 Reports page appears. 2. Click the report you want to edit. The Report Wizard page appears. 3. 4. Click Edit SQL. Click OK to proceed. The K1000 Report: Edit Detail page appears. 5. Title Report Category Edit the following report details: Edit the display name for the report, if required. Make the title as descriptive as possible to distinguish this report from others. Edit or enter the category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page.

Administrator Guide, Version 5.3

327

K1000 Classic Reports

Output File Name Description Output Types SQL Select Statement Break on Columns

Edit or enter the name for the file generate when this report is run. Describe the information that the report will provide. Select the appropriate formats that should be available for this report. Edit or enter the query statement that will generate the report data. For reference, consult the MYSQL documentation. A comma-separated list of SQL column names. The report will generate break headers and sub totals for these columns. This setting refers to the autogenerated layout. Click this check box to regenerate the XML Report Layout using new columns. If you changed only a sort order or a where clause, you don't need to recreate the layout. If you changed the columns that the query returns, the XML Report Layout is regenerated based on your SQL.

XML Report Layout

6.

Click Save. If you manually change a reports SQL statement, you cannot use the Report Wizard to change it later.

Scheduling Reports
Reports can be scheduled from the Schedule Reports tab. From the Report Schedules List page you can open existing schedules, create new schedules, or delete them. You can also search schedules using keywords.

To create a report schedule


To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Click Reporting > Schedule Reports. The Report Schedules page appears. 2. In the Choose Action menu, click Create a New Schedule. The Schedule Reports : Edit Detail page appears. 3. Schedule Title Description Report to Schedule Specify the following schedule details: Enter a display name for the schedule. Make this as descriptive as possible, so you can distinguish this schedule from others. Enter the information that the schedule would provide. Select the appropriate report you would like to schedule. You can filter the list by entering any filter options.

328

Administrator Guide, Version 5.3

K1000 Classic Reports

Reports

Select the Reports or Classic Reports radio button based on the type of report you are scheduling. This determines which of reports are listed in the Select report to schedule drop-down list. Click the desired output report format (PDF, Excel, CSV, or TXT) that should be available for this scheduled report. Recipients Click the icon to enter the recipients e-mail address, or choose Select user to add from the drop-down list. This is a mandatory filed. Enter the subject of the schedule. The subject can help to quickly identify what the schedule is about. Enter the message text in the notification.

Report Output Formats Email Notification

Subject Message Text 4.

Specify the scan schedule as follows: Run in combination with an event rather than on a specific date or time. Run the scan at a specified hour interval. Run daily at a specified time. -orRun on specified day of the week at a specified time. Run monthly at the specified time. -orRun on a specified day of the month at a specified time.

Dont Run on a Schedule Run Every n hours Run Every day/specific day at hour:minute Run on the nth of every month/specific month at hour:minute 5.

Click Save or Run Now to run the schedule reports immediately.

To run a schedule
To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Click Reporting > Schedule Reports. The Report Schedules page appears. 2. 3. Click the check boxes for the schedules you want to run. In the Choose Action menu, click Run Selected Schedules Now.

To delete a schedule
To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Click Reporting > Schedule Reports.
329

Administrator Guide, Version 5.3

K1000 Classic Reports

The Report Schedules page appears. 2. 3. 4. Click the check box for the schedules you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click Yes to confirm deleting the schedules.

330

Administrator Guide, Version 5.3

H
Warranty, Licensing, and Support

Warranty And Support Information


Information concerning hardware and software warranty, hardware replacement, product returns, technical support terms and product licensing can be found in the KACE End User License agreement accessible at: HTTP://WWW.KACE.COM/LICENSE/STANDARD_EULA

Third Party Software Notice


Dell KACE K1000 Management Appliance TM is licensed per the accompanying Third Party License Agreements in addition to the Dell KACE K1000 Management Appliance license noted above. Dell KACE K1000 Management Appliance includes software redistributed under license from the following vendors. In addition, Dell KACE K1000 Management Appliance contains paid licences to MySQL and RLib that have been purchased and embedded within Dell KACE K1000 Management Appliance by KACE. Copyright 2004, KACE Networks, Inc. and other copyrights.

Apache EZ GPO FreeBSD Knoppix Microsoft Windows OpenSSL PHP Samba Sendmail

Apache
This product (Dell KACE K1000 Management Appliance) includes software developed by The Apache Software Foundation (http://www.apache.org/). Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

Administrator Guide, Version 5.3

331

Warranty, Licensing, and Support

1.

Definitions. License shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. Licensor shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. Legal Entity shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, control means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. You (or Your) shall mean an individual or Legal Entity exercising permissions granted by this License. Source form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. Object form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. Work shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). Derivative Works shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. Contribution shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, submitted means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as Not a Contribution. Contributor shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.

2.

Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, nocharge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You

3.

332

Administrator Guide, Version 5.3

Warranty, Licensing, and Support

institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: a. You must give any other recipients of the Work or Derivative Works a copy of this License; and b. You must cause any modified files to carry prominent notices stating that You changed the files; and c. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and d. If the Work includes a NOTICE text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. e. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of

6.

7.

Administrator Guide, Version 5.3

333

Warranty, Licensing, and Support

TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.

9.

EZ GPO
Copyright (c) 2003-2007, The Environmental Protection Agency. All of the documentation and software included in the EZ GPO PC Monitor Power Management Tool software is copyrighted by the Environmental Protection Agency. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the Environmental Protection Agency nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE ENVIRONMENTAL PROTECTION AGENCY AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FEDERAL GOVERMENT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

334

Administrator Guide, Version 5.3

Warranty, Licensing, and Support

BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

FreeBSD
This product (Dell KACE K1000 Management Appliance) includes software developed by Free Software Foundation, Inc. GNU GENERAL PUBLIC LICENSE, Version 2, June 1991. Copyright (C) 1989, 1991 Free Software Foundation, Inc.,675 Mass Ave, Cambridge, MA 02139, USA.Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Preamble
The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must
Administrator Guide, Version 5.3 335

Warranty, Licensing, and Support

be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

1.

This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The Program, below, refers to any such program or work, and a work based on the Program means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term modification.) Each licensee is addressed as you. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.

2.

You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

3.

You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b. You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c. If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do

336

Administrator Guide, Version 5.3

Warranty, Licensing, and Support

not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 4. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a. Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b. Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c. Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 5. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

Administrator Guide, Version 5.3

337

Warranty, Licensing, and Support

6.

You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

7.

8.

9.

If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

10. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and any later version, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version
338 Administrator Guide, Version 5.3

Warranty, Licensing, and Support

number of this License, you may choose any version ever published by the Free Software Foundation. 11. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 12. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS

Knoppix
This product (Dell KACE K1000 Management Appliance) includes the Knoppix software developed by Klaus Knopper. Knoppix is a registered trademark of Klaus Knopper. The KNOPPIX software collection and all included programs that are authored by Klaus Knopper, are subject to the terms and conditions of the GNU GENERAL PUBLIC LICENSE Version 2, as quoted herein. Please note that this license does NOT automatically apply to third-party programs included on this CD. Check /usr/share/doc/*/copyright* and other supplied license files of each software package carefully for more information. GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is

Administrator Guide, Version 5.3

339

Warranty, Licensing, and Support

intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow.

GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION. 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may

340

Administrator Guide, Version 5.3

Warranty, Licensing, and Support

charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

3.

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the

Administrator Guide, Version 5.3

341

Warranty, Licensing, and Support

executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the

5.

6.

7.

8.

9.

342

Administrator Guide, Version 5.3

Warranty, Licensing, and Support

present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

NO WARRANTY
1. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. <one line to give the program's name and a brief idea of what it does.> Copyright (C) <year> <name of author> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite
343

Administrator Guide, Version 5.3

Warranty, Licensing, and Support

330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. <signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License.

Microsoft Windows
This Product is designed for use in supporting the deployment of the following operating systems: Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows 98 Second Edition, Microsoft Windows Millennium Edition, Microsoft Windows NT Workstation 4 Service Pack 5 or later, Microsoft Windows NT Server 4 Service Pack 5 or later, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server (Standard, Advanced and Datacenter Editions), Microsoft Windows XP Professional, Microsoft Windows XP Tablet PC Edition, Microsoft Windows XP Media Center Edition, or Microsoft Windows Server 2003 (Web, Standard, Enterprise and Datacenter Editions). This Product is designed for use on processor architectures supported by the operating system that the Product was built from: e.g., the x86 32-bit version may only deploy X86 32-bit Microsoft operating systems, the Intel Itanium version may only deploy versions of Microsoft Windows designed for this architecture, and the 64-bit extended version may only deploy versions of Microsoft Windows designed for this architecture. The Product may not function properly with other operating system products or other processor architectures.

OpenSSL
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License
Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.

344

Administrator Guide, Version 5.3

Warranty, Licensing, and Support

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. 2. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

3.

5. 6.

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License


Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL

Administrator Guide, Version 5.3

345

Warranty, Licensing, and Support

documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com). Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. 2. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)". The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-). 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

3.

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed, i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]

PHP
This product (Dell KACE K1000 Management Appliance) includes software developed by The PHP Group. The PHP License, version 3.0. Copyright (c) 1999 - 2004 The PHP Group. All rights reserved.

346

Administrator Guide, Version 5.3

Warranty, Licensing, and Support

Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following conditions are met: 1. 2. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. The name PHP must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact group@php.net. Products derived from this software may not be called PHP, nor may PHP appear in their name, without prior written permission from group@php.net. You may indicate that your software works in conjunction with PHP by saying Foo for PHP instead of calling it PHP Foo or phpfoo. The PHP Group may publish revised and/or new versions of the license from time to time. Each version will be given a distinguishing version number. Once covered code has been published under a particular version of the license, you may always continue to use it under the terms of that version. You may also choose to use such covered code under the terms of any subsequent version of the license published by the PHP Group. No one other than the PHP Group has the right to modify the terms applicable to covered code created under this License. Redistributions of any form whatsoever must retain the following acknowledgment: This product includes PHP, freely available from <http://www.php.net/>. THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

3.

4.

5.

6.

This software consists of voluntary contributions made by many individuals on behalf of the PHP Group. The PHP Group can be contacted via Email at group@php.net. For more information on the PHP Group and the PHP project, please see <http:// www.php.net>. This product includes the Zend Engine, freely available at <http:// www.zend.com>.

Samba
GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA

Administrator Guide, Version 5.3

347

Warranty, Licensing, and Support

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Preamble
The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

348

Administrator Guide, Version 5.3

Warranty, Licensing, and Support

0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b. You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c. If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

Administrator Guide, Version 5.3

349

Warranty, Licensing, and Support

Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a. Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b. Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c. Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

5.

350

Administrator Guide, Version 5.3

Warranty, Licensing, and Support

6.

Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

7.

8.

If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

9.

10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be
Administrator Guide, Version 5.3 351

Warranty, Licensing, and Support

guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS

Sendmail
This product (Dell KACE K1000 Management Appliance) includes software developed by Sendmail, Inc. SENDMAIL LICENSE The following license terms and conditions apply, unless a different license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor, Emeryville, CA 94608, USA, or by electronic mail at license@sendmail.com. License Terms: Use, Modification and Redistribution (including distribution of any modified or derived work) in source and binary forms is permitted only if each of the following conditions is met: 1. Redistributions qualify as freeware or Open Source Software under one of the following terms: a. Redistributions are made at no charge beyond the reasonable cost of materials and delivery. b. Redistributions are accompanied by a copy of the Source Code or by an irrevocable offer to provide a copy of the Source Code for up to three years at the cost of materials and delivery. Such redistributions must allow further use, modification, and redistribution of the Source Code under substantially the same terms as this

352

Administrator Guide, Version 5.3

Warranty, Licensing, and Support

license. For the purposes of redistribution Source Code means the complete compilable and linkable source code of sendmail including all modifications. 2. Redistributions of source code must retain the copyright notices as they appear in each source code file, these license terms, and the disclaimer/limitation of liability set forth as paragraph 6 below. Redistributions in binary form must reproduce the Copyright Notice, these license terms, and the disclaimer/limitation of liability set forth as paragraph 6 below, in the documentation and/or other materials provided with the distribution. For the purposes of binary distribution the Copyright Notice refers to the following language: Copyright (c) 1998-2003 Sendmail, Inc. All rights reserved. Neither the name of Sendmail, Inc. nor the University of California nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission. The name sendmail is a trademark of Sendmail, Inc. All redistributions must comply with the conditions imposed by the University of California on certain embedded code, whose copyright notice and conditions for redistribution are as follows: a. Copyright (c) 1988, 1993 The Regents of the University of California. All rights reserved. b. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: (i) Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. (ii) Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. (iii) Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY SENDMAIL, INC. AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SENDMAIL, INC., THE REGENTS OF THE UNIVERSITY OF CALIFORNIA OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

3.

4.

5.

Administrator Guide, Version 5.3

353

Warranty, Licensing, and Support

354

Administrator Guide, Version 5.3

Index
A
active directory settings 192 adding software to inventory 92 Administering 259 administering Mac OS nodes 259 administration applying the server update 201 backing up data 196 disk logs, understanding 206 k1000_dbdata.gz file 196 k1000_file.tgz file 196 logs, accessing 203 restarting your appliance 202 restoring appliance settings 198 restoring factory settings 199 restoring most recent backup 198 troubleshooting 203 troubleshooting your appliance 203 updating appliance software 199 updating OVAL definitions 202 updating the license key 200 upgrading server software 196 verifying minimum server version 199 advanced search using for computer inventory 85 advanced search for software 91 agent running confirmation 309 agents about 16 operating system requirements 66 alert messages to users using 233 alert summary description 30 alerts AMP connection required for 233 broadcast 233 email 234 email, creating 234 license compliance 39 with scripts 167 alternate download location 128 AMP connection about 80 AMP Message Queue 80 AMP message queue 80 Apache software copyright 331 AppDeploy viewing live content 106 AppDeploy Live 106 enabling for your appliance 106 appliance administration overview 195 appliance agent logs 89 appliance revision level 30 applying the server update 201 Auto Provisioning 69 manual 196 bandwidth, replication replication bandwidth 151

C
client bundle 78 clients check-in rate monitor 25 connection meter 27 Clients Connected Meter 27 command line deployment Linux agent 305 Mac OS agent 308 Windows agent 302, 303 components finding 30 compression mode 9 138 computer detail page 87 computer details appliance agent logs 89 viewing by label 55 computer inventory detail page 87 computer notifications 86 computers 86 adding to inventory 89 inventory 83 searching for in inventory 85 statistics 29 configuration KACE K1200 35 policies 178 configuration polices about 178 configuration settings 35 configuring Dell OpenManage catalog updates 158 creating an LDAP label with the browser 211 creating computer notifications 86 creating IP scans 120 Custom Data Fields 94 Custom Inventory ID (rule) 273

D
Daily Run Output 315 data retention 39 database tables 295 debugging logs Mac OS 309 Default Role 245 Delete a configuration 74 Dell Open Manage, with Dell Updates tab 155 Dell Updates configuring the OpenManage catalog 158 patching, compared 156 replication 151 using to maintain your Dell systems 155 workflow 156 deployments compared with updates 156 desktop settings desktop shortcuts wizard 181 desktops settings enforcement 180

B
backing up appliance data 196 backup files downloading 197 backups

Administrator Guide, Version 5.3

355

Index

wallpaper 180 desktops, remote troubleshooting 180 detection inventory term used instead 156 Digital Asset 95 disabling KACE K1000 links 51 disk logs understanding 206 Distribution Distributing Packages from the appliance 127 Distributing Packages through an Alternate Location 128 Types of Distribution Packages 126 distributions monitor 25 download location, alternate 128 downloading backup files 197 Duplicate a configuration 74

E
E-mail Alerts 234 enabling KACE K1000 appliances for switching between KACE K1000 consoles 51 environmental policies Mac OS 190 Windows 188 Event Log Reporter 181 exporting appliance resources 111 exporting resources to other organizations 116 EZ GPO copyright 334

computers, adding 89 computers, searching for 85 creating smart labels 86 detection term used instead 156 overview 83, 84 service 102 software, managing 91 startup programs 100 inventory tab using 83 IP addresses scanning for 119 IP scan 119 creating 120 overview 119 scheduling 119 IP scan inventory in the IP Scan chapter 84 IP Scan Smart Label 123

K
K1000 software deployment components 17 K1000 Agent Update Update K1000 Agent Automatically 79 KACE K1000 components 15 configuration settings 35 hardware specifications 16 installing 15 server, setting up 18 setting up 15 KACE K1000 appliance linking about 49 configuring 49 KACE K1000 appliances linking 50 KACE K1000 Modules 21 KACE K1200 configuration 35 KNOPPIX copyright 339 KScripts about 162

F
file synchronizations 143 creating 143 filters computers by organizational unit 87 data filters 249 organization filter 253 testing 253 for computer inventory 86 FreeBSD copyright 335 FTP making backups writable 44

G
getting started 15

L
Label Groups 59 Labels 105 Label Groups 59 labels 53 Labels tab overview 32, 53 LDAP labels 32, 53 labels, creating with the browser 211 LDAP Browser Wizard 214 LDAP Easy Search 213 LDAP Filters 209 licence compliance configuring alerts 39 License Compliance 26 License Compliance Gauge 39 linking KACE K1000 appliances 50

H
hardware inventory, creating 83 hardware specifications for KACE K1000 16 Home component 23

I
importing KACE K1000 resources 111 inventory advanced search 85 agent logs 89 computer notifications 86 computers 84 computers detail page 87

356

Administrator Guide, Version 5.3

Index

disabling links 51 enabling 50, 51 Linux manual deployment of KACE K1000 appliance agent on 305 log files script 177 Login Script 301 logs agent logs 89

Mac OS agent 308 Windows agent 302, 303 Manual Deployment of KACE K1000 appliance agent 301 MIA inventory 104 MIA Computers 104 MIA Settings 104 Microsoft Windows copyright 344 MSI Installer policy 182

M
Mac OS 259 administering 259 distribution tab differences 260 examples of common deployments on 260 inventory tab differences 259 managed installation for 260 patching tab differences 263 policies 189 power management 190 supported OSs 259 supported releases 66 VNC Settings for 192 Mac OS nodes 308, 309 checking into active directory 193 debugging logs 309 manual agent version check 309 manual inventory check 309 manually removing agent 308 verifying agent 309 Mac OS policies enforce active directory settings 192 Mac OS Users Distribution 260 Inventory 259 Patching 263 Macintosh 259 manual deployment of KACE K1000 appliance agent on 308 make FTP writable 44 managed installation 129 managed installations EXE example 137 Linux examples 139 Mac OS nodes 260 Macintosh examples 143 MSI Example 134 parameters 129 standard RPM Example 139 standard TAR.GZ Example 142 Windows platform 130 ZIP example 137 Managed Operating Systems 27 managing your MIA inventory 104 managing your processes inventory 97 managing your service inventory 102 managing your software inventory 91 managing your startup program inventory 100 manual backups 196 manual deployment Linux Agent 305

N
network scan summary description 30 Network Settings 40, 42 Network Utilities 52 nodes check-in rate 25

O
Offline KScripts 162 Online KScripts 162 alerting users with 167 online shell scripts about 163 Open Manager Dell maintenance 155 OpenSSL copyright 344 operating system requirements 66 Organization File Shares 45 organization filter 253 Organizational Components 17 Organizational Filters 248 LDAP Filter 249 organizational filters data filters 249 Organizational Management 237 upgrading KACE K1000 software with 31 Organizational Roles 245 Organizations 237 organizations transferring KACE K1000 resources between 115 OVAL information (description of field) 30

P
packages enabled and disabled 29 patch agent 78 patching Dell Updates, compared 156 replicating language patches 151 replicating OS patches 151 updating patch definitions from KACE 201 path bulletin information description 30 PHP copyright 346 policies configuration 178 Mac OS-based 189 Windows-based, using 179 Port 443 45

Administrator Guide, Version 5.3

357

Index

Port 80 45 Power Management windows 188 Windows configuration 189 power management Mac OS 190 retaining information about 39 processes inventory, about 97 Provisioning Results 75 provisioning results page 75

Run Now tab using to run scripts 175 running classic reports 321 running reports 221

S
Samba copyright 347 SAMBA share using to transfer resources between KACE K1000 appliances 111 scanning networks for IP addresses 119 scheduling IP scans 119 scripting adding steps to 265 tasks you can automate 162 scripting component Search Logs 177 scripting module overview 161 scripts adding 166 adding steps to 265 alerts with 167 duplicating 174 editing 172 importing 173 log files 177 online shell scripts 163 reusing 174 Run Now function 174 running as local admin 167 running as user 167 running immediately 174 token replacement variables 165 Windows registry settings 179 Windows-based policy Wizards 179 searching for computers in your inventory 85 searching for using computer notifications 86 Security Settings 44 Sendmail copyright 352 servers tasks in progress 28 service inventory, managing 102 Service Desk overview 16 session timeout about 36 resetting 36 setting up your KACE K1000 series 15 setting up your KACE K1000 server 18 shell scripts 163 single sign-on 51 configuring 49 enabling 50, 51 Smart Labels creating 60, 61 editing 61 IP Scan 123 ordering 62 smart labels 53, 86 software

R
Redirecting computer(s) 254 Refiltering computer(s) 253 registry settings Windows, for 179 remote desktops behavior 180 replication copying schedules replication schedules importing 152 Dell Updates 151 language patches 151 OS patches 151 scheduling 151 stopping 152 replication schedule 151 replication share 148 details 152 procedure to create 149 replication shares deleting 152 Report Wizard limitations 328 reports 221, 321 creating a new SQL report 228 creating and running 223 creating using Report Wizard 225 define email notifications 231 delete a scheduled reports 233 duplicating an existing report 229 editing an existing report 229 format types 222 layout 223 overview 221, 321 running 221, 222, 321, 322 schedule time report runs 232 scheduling 229 select a report if starting from the Schedule icon 230 select a report if starting from the Schedule Reports tab 230 SQL, editing 328 resources exporting 116 transferring 111 restoring appliance settings 198 revision of KACE K1000 software 30 Run As feature 167 run as Wizards 179 Run Now function 174

358

Administrator Guide, Version 5.3

Index

inventory, creating 83 statistics 29 un-installer 186 Software Asset 94 Software Deployment Components 17 software deployment components 17 software distribution summary 29 software inventory 91 software revision level 30 Software Threat Level 26 software threat level graph 26 SQL editing 328 SSL Certificate File 45 SSL Certificate Wizard 45 start and stop the agent 308 Startup 100 startup inventory, managing 100 statistics, computer 29 statistics, software 29 Steps for Task sections 265 support information AppDeploy 106 synchronizations, file 143 System Admin Console Users 243 system console 16 System requirements 66

User Authentication 215 users time limit on sessions 36 utility rebates Mac OS 190 Windows 188

V
verifying minimum server version 199 viewing computer details by label 55 VNC controlling on Mac OS X 192 VNC settings Mac OS policies 192

W
Wake-on-LAN overview 146 request, issuing 146 scheduling requests 147 troubleshooting 147 wallpaper controlling 180 warranty Information 331 Windows Automatic Update Settings 186 configuring Power Management 189 manual deployment of KACE K1000 appliance agent on 302, 303 Power Management 188 Windows Debugging 204 Windows operating system requirements 66 Windows policies 179 enforce registry settings 179 WinZip compression levels 138

T
Tasks In Progress 28 time limit on open inactive user sessions 36 token replacement variables 165 transferring appliance resources between organizations 115 transferring resources about 111 transferring resources between KACE K1000 appliances 111 troubleshooting remote desktops 180 Wake-on-LAN 147 Troubleshooting Tools 51 troubleshooting your appliance 203 types of reports 221, 321

U
UltraVNC Wizard 184 Unpacking the Appliance 18 updates compared with deployments 156 Dell Updates and patching 156 updating OVAL definitions 202 updating the license key 200 upgrades, KACE K1000 31 upgrading your appliance 196 uploading files to restore settings 198 uploading large FTP files troubleshooting 44 user alert messages about 233

Administrator Guide, Version 5.3

359

Index

360

Administrator Guide, Version 5.3