Dell KACE K1000 Admin Guide
Dell KACE K1000 Admin Guide
Release 5.3
Revision Date: May 16, 2011
2004-2011 Dell, Inc. All rights reserved. Information concerning third-party copyrights and agreements, hardware and software warranty, hardware replacement, product returns, technical support terms and product licensing is in the Dell KACE End User License agreement accessible at http://www.kace.com/license/standard_eula
Contents
1 Getting Started 15
15 15 15 16 17 18 18 18 19 21 23 23 23 25 25 26 26 27 27 28 28 30 31 32 32 32 33 33 About this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding the KACE K1000 Appliance components . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software deployment components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To set up your K1000 Management Appliance server . . . . . . . . . . . . . . . . . . . . . . . . . DNS Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring network settings from the console. . . . . . . . . . . . . . . . . . . . . . . . . . . . Logging in to the Administrative Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the KACE K1000 Appliance components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Home. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Guided Tours . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Client Check-In Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software Threat Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . License Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Clients Connected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managed Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tasks in Progress. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view the Summary Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Find Your Software Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating Your Appliance Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upgrade software without using Organizational Management . . . . . . . . . . . . . To upgrade software for Organizational Management users . . . . . . . . . . . . . . . . . Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Search. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Whats Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
35
35 35 37 39 40 40 42 42 42 43 44 44 45 47 47 49
3
Key configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure general settings for the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure general settings for your organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . List of open ports required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Network Settings for the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure the Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Local Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Local Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Local HTTPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Local HTTPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Security Settings for the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To generate an SSL Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Agent Messaging Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Agent Messaging Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring date and time Settings of the appliance server . . . . . . . . . . . . . . . . . . . . . . . .
Administrator Guide, Version 5.3
Contents
To configure Date & Time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Single Sign-on for multiple appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To enable linking of appliances for single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . To link appliances for single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To disable appliance links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To access the K1000 Troubleshooting Tools page. . . . . . . . . . . . . . . . . . . . . . . . . . . . To use Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
49 49 50 50 51 51 52 52
53
53 54 55 55 56 57 57 58 58 59 59 60 60 61 61 62 63
About Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Labels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Computer Details by Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view label details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add or edit a new label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About Label Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view Label Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About Smart Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To change the Smart Label Run Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Whats Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 Agent Provisioning
65
65 66 67 67 67 68 68 69 69 69 71 72 72 73 73 73
Overview of first time Agent provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System requirements for Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing to provision the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enabling file sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing for Windows Platform provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Single Machine Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To deploy the Agent on a single machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advanced Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview of Advanced Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To use Advanced Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To provision Windows platforms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To provision Unix (Linux or Mac OS X) platforms . . . . . . . . . . . . . . . . . . . . . . . . . To schedule Agent provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Provisioned Configurations page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accessing the Provisioned Configurations page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
To edit a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To duplicate a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Provisioning Results Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view Provisioning Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing K1000 Agent Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K1000 Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure an Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K1000 Agent Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview of Agent Updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To download a patch Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To update the Agent automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AMP Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view AMP Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a message queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
74 74 74 74 75 75 76 77 77 78 78 78 79 80 80 81
83
83 84 85 85 85 86 86 87 87 89 89 89 90 91 91 92 92 92 93 94 94 95 95 96 96 96 97 97
Inventory Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Searching for Computers in Your Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Advanced Search for Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating Smart Labels for Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . Searching for Computers by Creating Computer Notifications . . . . . . . . . . . . . . . . Filtering Computers by Organizational Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Computer Inventory Detail Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Appliance Agent Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Computers Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Your Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Advanced Search for Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Software to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding software automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add software to Inventory manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create software assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Custom Data Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Attaching a Digital Asset to a Software Item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To attach a digital asset to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply a label to a software item. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To remove a label from a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To categorize a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To set threat level to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
Managing Your Processes Inventory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 To view process details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 To delete a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 To disallow processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 To apply a label to a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To remove a label from a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To categorize a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To set threat level to a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 To meter a process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Managing Your Startup Program Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 To view Startup detail information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 To delete a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To apply a label to a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To remove a label from a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To categorize a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 To set threat level to a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Managing Your Service Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 To view service detail information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 To delete a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 To apply a label to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 To remove a label from a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 To categorize a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 To set a threat level to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Managing Your MIA (Out-Of-Reach Computer) Inventory . . . . . . . . . . . . . . . . . . . . . . . . 104 Configuring the MIA Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 To configure the MIA settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 To delete an MIA computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 To apply a label to an MIA computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 To create a new label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Using the AppDeploy Live Application Information Clearinghouse . . . . . . . . . . . . . . . . . . 106 Enabling AppDeploy Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Viewing AppDeploy Live content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 To view AppDeploy Live information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Using the Dell Warranty feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 To obtain Dell Warranty information on a single Dell machine instantly . . . . . . . . . . . 107 To renew Dell Warranty information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 To run Dell Warranty reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
111
111 111 112 115 116 117 117
Importing and exporting resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Transferring resources using a SAMBA share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Export resources from one appliance to another using SAMBA shares . . . . . . . . . . . Transferring resources between Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exporting resources to Other Organizations on an appliance. . . . . . . . . . . . . . . . . . . Importing resources from another organization on your appliance . . . . . . . . . . . . . . . Import software components from another organization . . . . . . . . . . . . . . . . . . .
6
Contents
119
119 119 119 120 120 120 122 123 123 123
IP Scan Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Viewing Scheduled Scans list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an IP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an IP scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To search network scan results on the basis of status fields . . . . . . . . . . . . . . . . . . . IP Scan Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To dynamically identify the network scan results . . . . . . . . . . . . . . . . . . . . . . . . . To edit the order value of IP Scan Smart Labels . . . . . . . . . . . . . . . . . . . . . . . . .
125
125 126 127 127 127 128 128 129 129 129 130 130 133 134 134 137 137 138 139 139 142 142 143 143 143 144 145 146 146 146 147 147 148
Distribution Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Distribution Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributing packages from the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ensuring that Inventory item package names match . . . . . . . . . . . . . . . . . . . . . . Distributing Packages from an Alternate Location . . . . . . . . . . . . . . . . . . . . . . . . . . . When to use a replication share or an alternate download location . . . . . . . . . . . . . . Managed Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installation parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To determine supported parameters for the .msi file . . . . . . . . . . . . . . . . . . . . . . Creating a managed installation for the Windows platform. . . . . . . . . . . . . . . . . . . . . To create a managed installation for Windows platforms. . . . . . . . . . . . . . . . . . . Examples of common deployments on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard MSI example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for Windows platforms. . . . . . . . . . . . . . . . . . . Standard EXE Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard ZIP Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for a .zip file . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for an .rpm file . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard TAR.GZ Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for a tar.gz file . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Mac OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . File Synchronizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a file synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a file synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wake-on-LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wake-on-LAN feature overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Issuing a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To issue a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To schedule a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting Wake-on-LAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
Preparing to create a replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Working with your replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To view replication share details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing iPhone Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Before you use K1000 iPhone profile support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add an iPhone profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Delete an iPhone profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Configure Collection Settings for iPhones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing Dell Systems with Dell Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding the Differences between Patching and Dell Updates . . . . . . . . . . . . . Dell Client and Server Upgrade workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Dell OpenManage Catalog Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
149 149 152 152 153 153 153 154 154 155 156 156 158
161
161 163 163 164 165 166 166 170 172 172 172 172 173 173 174 174 175 175 176 176 176 177 177 178 179 179 179 180 180 180 181
Scripting Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Order of downloading script dependencies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Appliance Default Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Token Replacement Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Adding Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add an Offline KScript or Online KScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add an Online Shell Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Editing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a script from the Scripts page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a script from the Scripts Edit page . . . . . . . . . . . . . . . . . . . . . . . . . . . . Importing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To import an existing script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Duplicate an existing Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Run Now function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run scripts using the Run Now tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run Now from the Script Detail page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To use the Run Now function from the Scripts Lists Page . . . . . . . . . . . . . . . . . . Monitoring Run Now Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run Now Detail Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Searching the Scripting Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To search scripting logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About the Configuration Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Windows-based Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Registry Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Desktop Control Troubleshooter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To troubleshoot remote behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a policy to enforce Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . Desktop Shortcuts Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
To create scripts to add shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Event Log Reporter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an Event Log query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MSI Installer Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create the MSI Installer policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UltraVNC Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Un-Installer Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an uninstaller script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Automatic Update Settings policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To modify Windows Automatic Update settings . . . . . . . . . . . . . . . . . . . . . . . . . . To start the Automatic Windows Update on a node . . . . . . . . . . . . . . . . . . . . . . . Power Management Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About monitoring power use. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the Mac OS Configuration-based Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Power Management Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce VNC Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enforce Active Directory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
181 181 182 182 182 184 186 186 186 187 188 188 188 189 189 190 192 192
195
195 196 196 196 196 197 197 197 198 198 198 198 198 199 199 199 199 200 200 201 201 201 201 201 202 202
K1000 Management Appliance maintenance overview. . . . . . . . . . . . . . . . . . . . . . . . . . . Upgrading your appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upgrade your K1000 Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . . Backing up K1000 Management Appliance data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run the appliance backup manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downloading backup files to another location. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To change backup file location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To access the backup files through ftp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restoring K1000 Management Appliance settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restoring from most recent backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To restore from the most recent backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Uploading files to restore settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upload backup files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Restoring to factory settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To restore to factory settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating K1000 Management Appliance software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To verify the minimum server version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating the license key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating your Dell KACE K1000 Management Appliance license key . . . . . . . . Applying the server update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To apply the server update. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To verify the upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating patch definitions from KACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To update the patch definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete patch files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Reboot and shut down KACE K1000 Appliances . . . . . . . . . . . . . . . . . . . . . .
Contents
Updating OVAL definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To update the OVAL and patch definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting K1000 Management Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Accessing K1000 Management Appliance logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downloading log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To download Dell KACE K1000 Management Appliance logs . . . . . . . . . . . . . . . Windows debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To log on to the AMP service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Disk Status log data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11 LDAP
209
About LDAP Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an LDAP Label Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating an LDAP Label with the Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using LDAP Easy Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the LDAP Browser Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To use the LDAP Browser Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Automatically Authenticating LDAP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To configure the appliance for user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . To schedule a User Import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 210 211 213 214 214 215 215 218
221
221 222 223 223 225 228 229 229 229 230 230 230 231 232 233 233 233 234 234
Reporting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Report Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report using the Report Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new SQL report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To duplicate an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Scheduling Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a report schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To select a report if starting from the Schedule icon . . . . . . . . . . . . . . . . . . . . . . To select a report if starting from the Schedule Reports tab . . . . . . . . . . . . . . . . To define email notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To schedule the time the report runs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a scheduled report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Alert Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Create a Broadcast Alert Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-mail Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an e-mail Alert. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
237
10
Contents
Creating and editing Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create an organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To troubleshoot nodes that fail to show up in Inventory . . . . . . . . . . . . . . . . . . . . To edit an organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete an organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Managing System Admin Console users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To change the password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organizational Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Default role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and editing Organizational Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To duplicate a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organizational Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Organizational Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a data filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To add a LDAP filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To delete a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Advanced Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Test and Organization Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To test an organization filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Refiltering Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To refilter computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Redirecting Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To redirect computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
237 238 239 241 242 243 243 244 244 245 245 245 246 247 248 248 248 249 249 250 251 252 252 252 252 253 253 253 254 254 254 254
259
259 260 260 260 263
Mac OS Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributing Software to Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Examples of Common Deployments on Mac OS . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a managed installation for Mac OS nodes . . . . . . . . . . . . . . . . . . . . . . Patching Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
265
265 265 269 271
11
Adding Steps to Task Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Steps for Windows Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Steps for Mac OS X Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Steps for Red Hat Enterprise Linux Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administrator Guide, Version 5.3
Contents
273
273 273 274 275 275 275 276 277 279 280 281 282 282 283 283 284 284 285 285 286 286 287 287 289 289 290 290 290 290 290 290 292 293 293 293 293 293 294
Understanding Custom Inventory Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a Custom Inventory rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How Custom Inventory Rules are implemented . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding rule syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Function syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Argument syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for conditions (Conditional rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Conditional rule reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Verifying if a Condition exists (Exists rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Evaluating node settings (Equals rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Comparing node values (Greater and Less Than rules) . . . . . . . . . . . . . . . . . . . Testing for multiple conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for multiple true conditions (AND). . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking for one true condition (OR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting values from a node (Custom Inventory Field) . . . . . . . . . . . . . . . . . . . . . . . . . . . . Value Return rule reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting File Information values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting Registry key values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting command output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting PLIST values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting multiple values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Matching file names with Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Regular Expressions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Regular Expression Rule Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining rule arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Finding a path or file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Finding a registry key and entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying a version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying environment or user variables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying a file attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Windows file attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Testing for Linux and Mac file attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying the datatype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying values to test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Specifying the name of a registry entry (Windows only). . . . . . . . . . . . . . . . . . . . Specifying a PLIST key (Mac only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using a regular expression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Defining commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
D Database Tables
295
12
Contents
301
301 301 302 302 302 303 304 304 305 305 305 306 306 306 306 306 307 307 307 308 308 308 308 309 309 309 309 309 310 310 311
Overview of manual deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Updating the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Resources for troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manually installing the Agent on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To manually install the Agent on Windows using the Install wizard . . . . . . . . . . . . . . To manually install the Agent on Windows using command lines. . . . . . . . . . . . . . . . Windows security issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing and Configuring the Agent on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To install the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To install from startup or login. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To upgrade the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To start and stop the Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To manually remove the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other Agent operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check that the Agent is running . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check the version of the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run an Inventory check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Linux Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To Install and Configure the Agent on Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . To install or upgrade the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To start or stop the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To manually remove the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other Agent operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check that the Agent is running . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To check the version of the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To run an Inventory check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Macintosh Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using shell scripts to install the Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Information collected by the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To access the Computers : Detail page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
315 321
321 322 322 322 324 326 326 327
Reporting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating and Editing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report using the table presentation type . . . . . . . . . . . . . . . . . . . . . . To create a new report using the chart presentation type . . . . . . . . . . . . . . . . . . To duplicate an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To create a new report from scratch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . To edit a report using SQL Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13
Contents
331
331 331 331 334 335 335 339 343 344 344 344 345 346 347 348 352
Warranty And Support Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Third Party Software Notice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EZ GPO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FreeBSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preamble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Knoppix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NO WARRANTY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Microsoft Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OpenSSL License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Original SSLeay License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PHP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Samba. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preamble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Index
355
14
1
Getting Started
This chapter starts with an overview of this guide and the Dell KACE K1000 Management Appliance interface components. The chapter then explains how to install and set up your K1000, and finally it provides an overview of the K1000 Management Appliance Administrator Console Home page features.
About this guide, on page 15. About this chapter, on page 15. Understanding the KACE K1000 Appliance components, on page 15. Using the KACE K1000 Appliance components, on page 21. Using Home, on page 24. Whats Next, on page 34.
Getting Started
1.
Administrator ConsoleThis is used by administrators to control the K1000 Management Appliance. It is accessible by browsing to http://k1000_hostname/ admin. This portal is a Web-based interface to access and direct the functionality and capabilities within your company. The Administrator Console provides access to the following components: Inventory Management Software Distribution Reporting K1000 Settings Asset Management Scripting Security Service Desk Settings Virtual Kontainers
2. 3.
System ConsoleThis is an interface designed primarily to enforce the policies across organizations. AgentThis is the K1000 Management Appliance technology that sits on each desktop that the appliance manages. It includes an application component that manages downloads, installations, and desktop inventory. The agent also includes the Agent Management Service appliance that initiates scheduled tasks such as inventory or software updates. Service DeskThis makes software titles available to users on a self-service basis. The Service Desk does not replace traditional push software distribution (as is handled by the Administrator Console and the agent). You can change or customize the Service Desk name. The Service Desk provides: A repository for software titles that are not required for all users. A way for users to submit and track Service Desk (or Service Desk tickets). Assistance for users in routine tasks, such as software installation and getting help from the Knowledge Base.
4.
16
Getting Started
Hardware specifications
The K1000 Management Appliance include a high-performance server with the following hardware configuration: Hardware Form Factor Dimensions Height Width Depth Model CPU (Quantity/Core) RAM RAID Level Number of Disks Storage Ethernet Ports Power Supply 4.26cm (1.7in) 48.24cm (19in) (includes rack latches) 4.26cm (1.7in) 48.24cm (19in) (includes rack latches) K1100 1U Rack mount chassis K1200 1U Rack mount chassis
77.2cm (30.4in) 77.2cm (30.4in) (includes PSU handles & bezel) (includes PSU handles & bezel) PowerEdge R610 2/4 Intel Xeon, 2.4 GHz 6GB 5 3 215GB Quad Gigabit Energy Smart 520 Watts, 100 - 240 VAC PowerEdge R610 2 /4 Intel Xeon, 2.66GHz 12GB 5 5 550GB Quad Gigabit Dual Redundant, Energy Smart 520 Watts, 100 - 240 VAC
Managed Installations can be configured by the administrator to run silently or with user interaction. Within a Managed Installation Definition, the administrator can define install, uninstall, or command-line parameters. See Managed Installations, on page 129 for more information. File Synchronization is another way to distribute content to computers with the agent software. Unlike Managed Installations, File Synchronization is used to distribute files that need to be copied to a users machine without running an installer. See File Synchronizations, on page 143 for more information. Service Desk Packages are ear-marked by administrators for user self-service. Many Dell customers use the portal for handling occasional user applications, print drivers, and so on. You also can use the Service Desk to resolve installation issues by allowing users to download and install fixes. See the Service Desk Administrator Guide for detailed information.
17
Getting Started
Agent is a special tab to manage the appliance agent. See Chapter 4: Agent Provisioning, starting on page 65, for details on how to configure and perform these tasks. MSI Installer Wizard creates a policy and helps you set the basic command line arguments for running MSI-based installers. The wizard generates a script used for installing or removing the software. See MSI Installer Wizard, on page 182, for more details.
The package types are mostly setup.msi or setup.exe files. The sections that follow describe how to configure the K1000 Management Appliance to meet the needs of your company.
DNS Considerations
The K1000 Management Appliance requires its own unique static IP address. By default, its hostname is kbox. Whatever name you use, it should be specified in the appropriate A record created in your internal Domain Name System (DNS) server. An MX record containing the hostname defined by the A record is required so that the users can e-mail tickets to the Service Desk. A Split DNS is required if the appliance is connected to the Internet using a reverse proxy or by being placed in the DMZ (Demilitarized Zone or Screened Subnet). A DMZ adds an additional layer of security to a LAN (Local Area Network).
3.
18
Getting Started
Modify the following settings using the Up and Down arrow keys to move between fields. Field K1000 (DNS) Hostname K1000 Web Server Name Description Enter the host name of the appliance. The default setting is kbox. (Recommended) Enter the fully qualified domain name (FQDN) of the appliance on your network. This is the value of Hostname concatenated with Domain (for example, appliance.kace.com). Clients connect to the K1000 using the Web Server Name. We recommend adding a DNS host record matching the K1000 Web Server Name chosen during this setup. (Required) Enter the IP address of the appliance server. Enter the domain on which the appliance is running. Enter your subnet mask. Enter the network gateway for the appliance server. Enter the IP address of the primary DNS server the appliance uses to resolve host names. Enter the IP address of the secondary DNS server, if needed. User the Right arrow key to select from the available speeds if you need to change the default. To enable email notifications, specify an SMTP server, enclosing the IP address with square brackets []. Permits console access to the K1000. Use the Right arrow key to enable. Enter any necessary proxy information.
Static IP Address Domain Subnet Mask Default gateway Primary DNS Secondary DNS Network Speed SMTP Server SSH Enabled Proxy... 4.
Press the Down arrow to move the cursor to Save, and then press Enter or Return. The appliance restarts.
5.
While your appliance reboots, connect an Ethernet cable into the port labeled Gb 1 and to a switch on your network.
19
Getting Started
3.
Enter the license key (including dashes) that you in received in the welcome email from Dell KACE. If you cannot find your license key, contact Dell KACE Customer Support at www.kace.com/support.
4. 5. 6. 7.
Enter a secure and unique password for the admin account. Enter the name of your company or organization. Select the timezone for your K1000 location. Click Apply Settings and Reboot. The appliance restarts.
8. 9.
When the appliance has restarted, refresh the browser page. After accepting the EULA, log in using the username admin and the password you chose.
You are now ready to start using the Administrator Interface. The following sections explain the various K1000 Management Appliance feature components. You can restore the factory settings of the appliance. For more information, refer to Restoring to factory settings, on page 199.
20
Getting Started
The components are described in the following table: Component Home Sub-tabs Used to... Manage labels, which are a method for grouping machines, software, people, and so on. You can also have labels dynamically assigned by using Smart Labels. Provide overview statistics of your running processes. Also, includes guided tours for learning more about your K1000 Management Appliance. Administer the hardware and software managed by your appliance.
Inventory
Computers Software Processes Startup Service IP Scan MIA Management Deployment Creation Administration Assets Asset Types Asset Import Metering
Virtual Kontainers
Create virtual versions of supported applications, and deploy and run them on the nodes you administer from the Dell KACE K1000 Management Appliance. For more information, see the Virtual Kontainer Users Guide. Track computers and other physical assets, such as software, printers, and so on. Also used to: Determine software compliance. Establish relationships between assets (using logical assets). Meter actual software usage. For more information, see the Asset Management Guide.
Asset
21
Getting Started
Component Distribution
Sub-tabs
Used to... Remote software distribution and administration, including iPhones and Dell OpenManage updates.
Managed Installation File Synchronization Wake-on-LAN Replication iPhone Dell Updates Scripts Run Now Run Now Status Search Logs Configuration Policy Security Policy Patching OVAL Assessment SCAP Scan Secure Browsers
Scripting
Security
Reduce the risks from malware, spyware, and viruses. For more information about patching and security, see Patching and Security Guide.
Help Desk
Provide a repository for software resources and documentation for your users to access and Software download. Provides a full-featured service desk Library system for creating and tracking Service Desk Knowledge Base tickets. Tickets Users Roles Configuration Reports Classic Reports Schedule Reports Alerts Email Alerts Run pre-packaged reports and report-creating tools to monitor your appliance implementation.
Reporting
22
Getting Started
Component Settings
Sub-tabs
N/A
Divide your appliance implementation into different logical organizations that you administer separately. Search your appliance for terms you enter.
N/A
Using Home
The Home component includes tabs for:
Guided Tours
The Guided Tours are tutorials that help you learn more about the KACE K1000 Management Appliance by walking you through some of basic tasks. The Guided Tours supplement, but do not replace, Boot Kamp and documentation.
Summary
The K1000 Summary page provides information about the configuration and operation of your appliance. When you log on to the Administrator Console, the Home component displaying the Summary tab appears by default.
23
Getting Started
The top of the K1000 Summary page provides updated news and popular FAQ information about your Dell KACE K1000 Management Appliance:
Below the Summary are dashboard meters and graphs to give you a quick view of your appliance status:. The scales on the Summary page gauges adjust automatically.
24
Getting Started
Distributions
Displays the number of managed installations, scripts, and file synchronizations that are enabled. This also displays the number of alerts that you have configured.
25
Getting Started
License Compliance
Displays the number of machines that use a particular licensed software. For example, the following figure displays a licensed software Adobe flash player 9, which can be installed on 1000 machines. In this example, this software is used by 12 machines. This display can use different colors for license types that are ignored (for example, freeware) and licenses that are approaching or at 100% usage. For general information about assets and license compliance, see Asset Management Guide. To change this configuration, see To configure general settings for the server, on page 35.
26
Getting Started
Clients Connected
Displays the percentage of clients connected to the server.
27
Getting Started
Tasks in Progress
Displays the total number of tasks in progress on the server.
28
Getting Started
The following sections describe summary details sections. Each organization has its own summary details. Summary Section Computer Statistics Description The computers on your network, including a breakdown of the operating systems in use. In addition, if the number of computers on your network exceeds the number allowed by your Dell KACE K1000 Management Appliance license key, you are notified of it here. The software in Inventory. A summary of the number of software titles that have been uploaded to the Dell KACE K1000 Management Appliance.
Software Statistics
Software Distribution The packages that have been distributed to the computers on your network, Summary separated out by distribution method. The summary also indicates the number of packages that are enabled and disabled.
29
Getting Started
Description The alerts that have been distributed to the computers on your network, separated by message type. This also indicates the number of alerts that are active and expired. The IT Advisory refers to the number of Knowledge Base articles in Service Desk. The patches received from Microsoft, Apple, and so on. The summary includes the date and time of the last patch (successful and attempted), total patches, and total packages downloaded. The OVAL definitions received and the number of vulnerabilities detected on clients in your network. The summary includes the date and time of the last OVAL download (successful and attempted) and the number of OVAL tests in the appliance, in addition to the numbers of computers scanned. The results of the Network Scans that have run on the network, including the number of IP addresses scanned, number of services discovered, number of devices discovered, and number of detected devices that are SNMP-enabled. As this page is refreshed, the record count information is refreshed. New K1000 Management Appliance installations mostly contain zero or no record counts.
30
Getting Started
This section explains how to accept the latest appliance server upgrade.
31
Getting Started
For details on how to find your current appliance version, see To Find Your Software Version, on page 31.
Label
To find these tabs, be sure to select your organization in the Organization drop-down list in the top-right hand corner of the page. You can find the Label tab by going to Home > Label. However, you can also create labels and smart labels within the other components of the Dell KACE K1000 Management Appliance that use labels.
LabelsProvide ad-hoc organization of users, computers, software, managed installations, and more according to your needs. For information on labels see, About Labels, on page 53. Smart LabelsEnable you to dynamically group users, computers, software, and more, by organization, based on saved criteria. Smart Labels work much like Search Folders in Outlook or Smart Folders in Mac OS X. For information, see About Smart Labels, on page 60. LDAP LabelsAutomatic labeling based on LDAP or Active Directory lookup. See About LDAP Labels on page 209.
32
Getting Started
LDAP BrowserAutomatically discover information via the agent or to interface with Active Directory or LDAP organizational units. See Creating an LDAP Label with the Browser, on page 211.
Search
You can perform a global search for terms throughout the appliance using the Search tab.
Whats Next
Now that your appliance is installed and running, you need to configure it to fit your companys needs. For the rest of the setup instructions, see Chapter 2: Configuring your Appliance, starting on page 35.
33
Getting Started
34
2
Configuring your Appliance
This chapter explains the configuration settings necessary to set up and use your Dell KACE K1000 Management Appliance.
To configure general settings for the server, on page 35. Configuring Network Settings for the Server, on page 40. Configuring Local Routing Tables, on page 42. Configuring Local HTTPD, on page 42. Configuring Agent Messaging Protocol Settings, on page 47. Configuring date and time Settings of the appliance server, on page 49. Configuring Single Sign-on for multiple appliances, on page 49. Troubleshooting Tools, on page 51.
35
Enter the domain to which your users send email. For example, dell.com. Enter the email address of the appliance administrator. This address receives system-related alerts, including any critical messages. Select the check box to enable the Login Organization drop-down. By enabling the Login Organization drop-down, the empty Organization: field on the Welcome login page will be replaced by a drop-down of the configured organizations. For information about Organizational Management, see Chapter 13: Using Organizational Management, starting on page 237. Note: The organization field or drop-down only appears if more than one organization is configured. Select the check box to enable Organization Fast Switching. By enabling Organization Fast Switching, the static Organization: field at the top right corner of every page is replaced with a drop-down of organizations to which the user has access. Only those organizations that have the same user name and password appear in the drop-down. For information about Organizational Management, see Chapter 13: Using Organizational Management, starting on page 237. Crash reports (Recommended) Select this check box to send reports of any agent crashes to Dell KACE. Server crashes are automatically reported. This option is recommended because it provides additional information to the Dell KACE Technical Support team in case you need assistance. Select the check box to enable your appliance to share data with the AppDeploy Live! web site.
Set the number of inactive hours to allow all users before closing their session and requiring another login. The default is 1. Service Desk windows have Timeout Session counters to alert users of this time limit. This time limit only counts periods of inactivity. Users restart this timer with any action that causes the appliance interface to interact with the appliance server (refresh a window, save changes, change windows, etc.). If the session times out, any unsaved changes are lost, and the users is presented with the login screen again. 5. Specify the following Agent-Server Task settings: To access these settings, select System on the Organization drop-down list. Current K1000 Load Average Last Task Throughput Update The value in the field depicts the load on an appliance server at any given point of time. For the server to run normally, the value in this field must be between 0.0 and 10.0. This value indicates the date and time when the appliance Task Throughput was last updated.
36
At any given point, the appliance has multiple tasks scheduled like Inventory Updates, Scripting Updates, patching updated and execution of scripts. The value in this field decides how the scheduled multiple tasks are balanced by the appliance. Note: The value of the task throughput can be increased only if the value in the field Current K1000 Appliance load Average is not more than 10.0 and the Last throughput update time is more than 15 minutes.
6.
Specify the following User Portal settings if required to customize the User Portal page: Enter a title for the User Portal page. Enter a description of the User Portal page. Enter a title for the user portal page when accessed through an iPhone. Enter a description of the User Portal page when accessed through an iPhone.
Portal Title Portal Text iPhone Portal Title iPhone Portal Text 7. 8.
Click Set Options, to save your changes. Specify the following Logo Override settings to use your custom logo: a. Click Edit Mode to edit the field values:
Displays on the User Portal login page. Displayed at the top of reports generated by the appliance. The report image dimensions are 120x32 pixels, which are specified in the auto-generated XML layout. You can adjust the xml report if you need a different layout size.
37
a. Click Edit Mode to edit the field values: User Portal (.jpg) Displayed at the top of the User Portal page. 224x50 pixels is the normal size. 104x50 pixels is shorter and doesn't clip the blue highlight around the Log Out link. 300x75 pixels is maximum size that does not impact the layout. Report (.jpg) Displayed at the top of reports generated by the appliance. The report image dimensions are 120x32 pixels, which are specified in the auto-generated XML layout. You can adjust the xml report if you need a different layout size. Displayed in the agent. The client bmp image is scaled to 20x20 pixels only and cannot be customized to any other size. It is displayed on snooze pop-ups, install progress pop-ups, alerts, and message windows created by scripts.
KBOXClient (.bmp)
5. 6.
Click Upload Logo. Machine Actions allow setting up of a scripted action that you can perform against individual machines in your environment. They are used to connect to machines remotely, so you can access or execute a specified task on the target machine directly from the user interface. You can configure two actions by selecting them from the Action Item menu. The actions can execute two different tasks. The default Machine Action is mstsc.exe (Remote Desktop Connection). Under the Machine Actions section, associate the appropriate actions and then click Set Actions. For example: Select ping.exe -t KACE_HOST_IP from the Action #1 drop-down. .
Specify http://KACE_HOST_IP in command line field for Action #2 Click Set Actions. Click Inventory > Computers.
Click next to the target machine IP to ping the machine and click next to the target machine IP to launch a web browser. The appliance substitutes the KACE_HOST_IP variable with the target machine IP address and open a new browser window with that URL. There are 16 pre-programmed actions available. The Machine Actions can also be programmed for other tasks. If the machine action does not include the string .exe, then your appliance assumes it as a URL, and opens a new browser window for it.
Some of the actions listed in the Machine Actions drop-down list require Internet Explorer, because ActiveX is required to launch these programs on the local machine. Firefox does not support this feature.
38
Most actions in the Action Icon drop-down list require you to install additional software for them to function. For example, using DameWare requires you to install TightVNC on your machine as well as on the machine you want to access. Click Action #1 or Action #2 next to the target machine on the Inventory > Computers tab to execute the Machine Action. 7. In the Optional Ignore Client IP Settings section, enter IP addresses you would like ignored as the node IP and then click Save List. This might be appropriate in cases where multiple machines could report themselves with the same IP address, like a proxy address. 8. 9. In the License Usage Warning Configurations section, enter the new values. Click Override Configuration to save. This changes when the alert colors are used in the License Compliance, on page 26. For information about setting up license assets, see K1000 Asset Management Guide. 10. In the Data Retention section, click Edit Mode, and select the amount of time you want to save machine uptime data. Machine uptime data refers to information about the number of hours each day your nodes are running. You can retain this data forever, never save it (None), or select 1 month, 3 month, 6 month (default), 9 month, or 12 month settings. For more information about power management, see About monitoring power use, on page 188. 11. Click Save Settings to save.
39
Static IP Address
Domain Subnet Mask Default Gateway Primary DNS Secondary DNS Network Speed
40
6.
To set Network Server Options, perform the following steps: a. Set the external SMTP Server, to enable email notifications through this SMTP server. To set SMTP Server, select the Use SMTP Server check box, and then enter the SMTP Server name in the SMTP Server box. The server named here must allow anonymous (non-authenticated) outbound mail transport. Ensure that your companys network policies allow the appliance to contact the SMTP server directly. The mail server must be configured to allow relaying of email from the appliance without authentication. You can test the email service by using Network utilities. For more information on how to use Network Utilities, refer to Troubleshooting Tools, on page 51. b. To set the proxy server, select the Use Proxy Server check box, and then specify the following proxy settings, if necessary:
Proxy Type Proxy Server Proxy Port Proxy (Basic) Auth Proxy Username Proxy Password
Enter the proxy type, either HTTP or SOCKS5. Enter the name of the proxy server. Enter the port for the proxy server. The default port is 8080. Select the check box to use the local credentials for accessing the proxy server. Enter the user name for accessing the proxy server. Enter the password for accessing the proxy server.
The appliance includes support for a proxy server, which uses basic, realm-based authentication, which prompts for a user name and password:
If your proxy server uses some other kind of authentication, you must add the IP address of the appliance on the exception list of the proxy server. For information about the Enable Help Desk POP3 Server setting, see the Service Desk Administrator Guide. 7. Click Save to save the Network Server options.
41
42
are allowed access. Once saved, access to the adminui/userui/systemui pages will be restricted according to your settings.
Netmask/CIDR
Along with a network, the Netmask/CIDR provides a finer-grained subnet control. Click the Save button to add this setting. Click the Green Plus Sign (+) to add additional settings. Click the Save Changes button to save all changes. A warning will appear indicating the Apache service needs to be restarted.
6. 7. 8.
9.
Click OK to continue. Once an IP address or Domain Name has been added to the white list, only that IP or Domain can access that page. All others will be blocked.
43
44
5.
In the Samba Share Settings area, select the Enable Organization File Shares check box to allow each organization to leverage the appliance's client share as an install location for the node. The appliance has a built-in windows file server that can be used by the provisioning service to assist in distributing the samba client on your network. Dell recommends that this file server only be enabled when performing node software installs.
6.
In the Optional SSL Settings area, specify the following SSL settings, if required: a. Clear the Enable port 80 access check box. When you activate SSL, port 80 continues to be active, unless Enable port 80 access check box is cleared. By default, the standard Agent installers attempt to contact the appliance via port 80, and then switch to SSL over port 443, after getting the server configuration. If you disable port 80, contact KACE Support to adjust the agent deployment scripts to handle SSL. For ease of agent deployment, leave port 80 active. b. Select the SSL Enabled on port 443 check box to have nodes check in to the appliance server using https. A properly signed SSL Certificate is required to enable SSL. Certificates should be supported by a valid Certificate Authority. SSL settings should only be adjusted after you have properly deployed the appliance on your LAN in non-SSL mode. If you are enabling SSL, you will need to identify the correct SSL Private Key File and SSL Certificate File. The files must be in Privacy Enhance Mail (PEM) format, similar to those used by Apache-based Web servers and not in the PCKS-12 format used by some Web servers. It is possible to convert a PCKS-12 certificate into a PEM format using software like the OpenSSL toolkit. Contact Dell KACE Technical Support if you want to enable SSL on your appliance. You can load SSL certificates into the appliance by any of these two methods: You can click Open SSL Certificate Wizard and follow the step by step procedure to load the SSL certificates. Refer To generate an SSL Certificate, on page 45. If you have your own SSL certificate and SSL private key, click Edit Mode to edit the field values. In the Set SSL Private Key File field, browse to the SSL Private Key file and browse to the signed SSL Certificate, in the Set SSL Certificate File field
7.
Click Set Security Options, to save the changes and reboot the appliance. Once you switch over to SSL, this is a one-way automatic shift for the nodes. They must be reconfigured manually if you later decide not to use SSL.
45
Generate an SSL certificate using the wizard as follows: 1. Click K1000 Settings > Control Panel. The K1000 Settings: Control Panel page appears. 2. Click Security Settings. The K1000 Security Settings page appears. 3. Click Open SSL Certificate Wizard. The K1000 Advanced SSL Settings page appears. 4. Click Edit Mode to edit the fields and specify the following: Enter the name of your country. Enter the name of your State or Province. Enter your locality name. Enter the name of your organization. Enter the name of unit your organization belongs to. Enter a common name of the appliance you are creating the SSL certificate for. Enter your email address.
Country Name State or Province Name Locality Name Organization Name Organization Unit Name Common Name e-mail 5.
Click Set CSR Options. Your Certificate Signing Request is displayed in the field below the Set CSR Options button. You need to copy the text between the lines ----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- along with these lines, and then send it to the person who provides your company with web server certificates. Your Private Key is displayed under Private Key field. It will be deployed to the appliance when you upload a valid certificate and subsequently click Deploy. Do not send the private key to anyone. It is displayed here in case you want to deploy this certificate to another web server. The certificate and private key for SSL are not included in the appliances nightly backups for security reasons. Retain these two files for your own records. Click Create Self Signed Certificate and for Deploy to be displayed.
6.
Click Create Self Signed Cert. The SSL certificate is generated. This certificate will not be accepted by any nodes until it is added into the trusted certificate database on every machine running the client.
7.
Click Deploy to deploy the certificates and turn on SSL on the appliance. Click OK to reboot the appliance.
46
Persistent connection between the appliance Server Server driven inventory updates Higher scalability in terms of number of nodes supported on one K1000 Server Better scheduling control and reliability
These settings are specific to the AMP infrastructure and do not affect other appliance configuration settings or runtime operations. These settings control both the runtime state of the AMP server and also the operational state of the agent. Changing these settings will temporarily interrupt communications between the appliance and the agents. Exercise caution when changing these settings and contact Dell KACE Technical Support for any questions regarding these parameters.
47
3. Server Port
Specify the General Settings: Specify the Server Port. The AMP Server on the appliance SERVER will listen on port 52230 (default). For the Agents to connect to the appliance SERVER using AMP, you must have the AMP Protocol Port 52230 open and available OUTBOUND. (That is, the agent must be able to connect through this port number OUTBOUND without restriction from any OUTBOUND filter/firewall.) Example of an OUTBOUND restriction: Windows XP Firewall blocking outbound port 52230. Allow outbound Protocol Port 52230. This can be configured in your Filter/Firewall Software or Hardware as an allowed OUTBOUND Exception. For the SERVER to accept connections via AMP, it must have the AMP Protocol Port 52230 open and available INBOUND to the appliance IP ADDRESS. (That is, the appliance SERVER must be able to accept connections through this port number INBOUND without restriction from an INBOUND filter/firewall.) Example of an INBOUND restriction: A NAT Firewall such as Cisco or SonicWall blocking INBOUND port 52230 to the K1000 IP ADDRESS. Allow inbound Protocol Port 52230 to the appliance server. This can be allowed through a One-to-One Inbound NAT Policy. Note: If you change the default AMP Port of 52230, you must update the ALLOWED OUTBOUND/INBOUND port on your filter/firewall.
Enable Select the check box to enable different levels of server debug/logging to the server's Server Debug log file. Enable SSL for AMP Select the check box to enable SSL for AMP. The activation of SSL is for AMP Only. The check box must be selected to activate SSL over AMP even though the general appliance settings may have SSL enabled already. This allows the separate configuration of AMP traffic to be un-encrypted even though all other appliance communication is SSL encrypted. Note: Before you can choose this setting, you must enable SSL as described in step b on page 45. Click Save and Restart AMP Server to the save the settings and restart the AMP server. You can click Restart AMP Server to restart the AMP server without saving the settings. Restarting the AMP Server will not restart the appliance.
4. 5.
48
Time Zone Automatically synchronize with an Internet time server Set the clock on the K1000 manually 5.
49
Start by enabling linking on each appliance with the instructions in To enable linking of appliances for single sign-on, on page 50. Enabling linking creates appliance names and linking keys. Copy the appliance names and linking keys between the appliances to link using the instructions in To enable linking of appliances for single sign-on.
5.
Click Set Options to save link settings. Once linking is enabled, return to the Control Panel page and select Manage Linked K1000 Appliances to configure remote appliances.
50
1. 2.
Follow the instructions in To enable linking of appliances for single sign-on, on page 50, on each appliance that you want to link with. Click K1000 Settings > Control Panel > Manage Linked Dell KACE Appliances. The Linking K1000 Appliances page appears.
3.
In the Choose Action menu, click Add New Item. The K1000 Settings: Add Linked Appliance page appears.
4. 5.
Enter the K1000 Friendly Name and the Linking Key of the appliance that you are establishing the link to. Click Set Options. If the settings are configured correctly, the Connection Successful message is displayed.
6.
Log on to the other appliance you are creating the link for, and repeat these steps to add the Host Name and Linking Key to it. After you click Save, the Test Connection option appears.
7.
Click Test Connection to verify the connection between the two linked appliances.
When you re-login into the first appliance, the newly updated linked appliances appear on the Organization drop-down list of the Home tab. You can now switch among the linked appliance consoles using the Org: drop-down menu on the upper right side of the appliance user interface.
After a appliance link is deleted, you can still switch to and control that appliance until you log off and log in again from the appliance Server.
Troubleshooting Tools
The Troubleshooting Tools page contains tools to help administrators and Dell KACE Technical Support to troubleshoot problems with this appliance.
51
52
3
Labels and Smart Labels
This chapter gives an overview of Labels and Smart Labels, and how your Dell KACE K1000 Management Appliance uses them. For information on LDAP Labels and the LDAP Browser, see Chapter 11: LDAP, starting on page 209.
About Labels, on page 53. About Smart Labels, on page 60. Whats Next, on page 63.
About Labels
Labels can be used to organize and categorize computers, software, people, and locations. Labels are intended to be used in a flexible manner, and how you use labels is completely customizable. Label types include:
Computer inventory IP Scan Inventory Processes /Startup Items / Services Software Patches Dell Update Packages Users
Once included in a label, items can be managed on a per-label basis. All items that support labeling can have none, one, or multiple labels. You can use labels, for example, with patching, distribution packages, categorizing computers, setting up the geographic relationships, and setting the permission levels of users. Labels can be manually or automatically applied through LDAP or Smart Labels. You can also organize labels with Label Groups. Label Groups are strictly for organizational purposes, such as the View By function in the Computer Inventory page. They cannot be targeted for Patching jobs or Managed Installations. Capabilities include:
Label groups can pass their type, such as Patches or User, to the labels they contain. Label Groups pass their type restrictions to the labels they contain. For example, if a Label Group is restricted to Patches, the labels assigned to that group have only the type Patches available; the other types are grayed out.
53
You can associate labels with one or more Label Groups; membership in one Label Group does not preclude membership in another Label Group. In fact, Label Groups can be a member of another Label Group. Label groups do not create a functional hierarchy of labels. To create a hierarchy, you can make a label dependent on other labels by using Smart Labels to change the order in which labels are processed. For more information, see To create a Smart Label, on page 61 and To change the Smart Label Run Order, on page 62.
You can find the Label tab by going to Home > Label. (Be sure to select your organization first using the Organization menu in the top-right corner of the page.) You can also create Labels and Smart Labels in the other components of the appliance that use labels. In many areas of the appliance user interface, you can see a label selection list, which you use to constrain an action to a one or more labels. For example, you can restrict the deployment of a script to nodes that belong to particular labels.
Managing Labels
In Label Management, you can:
Create Labels (which is also done in other parts of the interface) Create Label Groups (or nested labels) Edit Label Groups Delete Labels or Labe Groups Show or Hide Label Groups
54
Viewing Labels
Select Label Management to view labels created. You can click on the numbers under the categories to see what the members are. For example, in the following screenshot:
The FrameMaker 7.2 label belongs to the Licenses Label Group. FrameMaker 7.2 is a software label, and there are two items in the label. The associated with a Smart Label. icon means that the label is
The laptops label is a machine label that contains only one item. This label is associated with a Smart Label that adds any computer with the chassis type laptops to the Smart Label. If any more laptops are purchased, they will be added to the label. Licenses contains one label, so it is a Label Group. MemberOfBuildingA and MemberOfFinancesGroup have the icon for an LDAP Label. For information about LDAP labels, see About LDAP Labels, on page 209. Microsoft Office Proof is also associated with a Smart Label. It is also in the Label Group, Licenses. Microsoft Office Proof has four membersuntil more copies of Office Proof are purchased.
The IP addresses and machine names of the computers in the label The number of Managed Installations and File Synchronizations deployed to the label The number of network scans and scripts run on the machines in the label The number of alerts, portal packages, and users associated with the label
55
The number of filters and replication shares associated with the label.
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Home > Label, and click Label Management. Click the linked name of the label you want to view. The Labels: Edit Detail page appears. 3. In the Labeled Items section, click the + sign beside the section headers to expand or collapse the view.
56
For an another example on how to manually apply labels, refer to Adding Computers to Inventory, on page 89.
To delete a label
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. You can delete a label in its edit page, you can also: 1. 2. 3. 4. Click Home > Label and select Label Management. Click the check box for the label. From the Choose Action menu, click Delete Selected Item(s). Click OK in the confirmation window.
57
58
If you see Label Name [groups hidden], do the following: 2. In the Choose Action menu, click Show Label Groups. You can hide Label Groups by clicking Hide Label Groups.
59
Dell Package Smart Label IP Scan Smart Label Machine Smart Label
60
You can also change the order of your smart labels or delete them from the Smart Labels page.
Now, whenever machines with software that meets the specified criteria check into your appliance, the software is automatically assigned to the associated Smart Label. You can also add a new software Smart Label or change the order of Smart Labels by going to Home > Label > Smart Labels. Deleting a Smart Label does not delete the label associated with it.
If a specific software Smart Label is edited using Home > Label > Smart Labels, it is reapplied to all software. All Smart Labels are reapplied to a software item when it is updated on Inventory > Software.
For more examples of using Smart Labels, see, Creating Smart Labels for Computer Inventory, on page 86, and To dynamically identify the network scan results, on page 123.
61
You can find all Smart Labels in the Home component. You can also edit Smart Labels within the components that they belong to. 1. Go to Home > Label, and click Smart Labels. The Smart Labels page appears. 2. Select a Smart Label Name. The Smart Label : Edit Detail page shows the following information, depending on the type of Smart Label, Item Type Assigned Label Label Notes SQL Specifies the type of Smart Label, for example, software. Contains a drop-down list from which you choose the label you want to assign. Click Details to edit label details. For more information on editing labels, refer to Managing Labels, on page 54. Displays notes relevant to the label, if entered in the Notes field. Displays the query in SQL (Structured Query Language). Click Duplicate to create a new Smart Label with same SQL code. This field does not show when the Details link is selected.
3.
Click Save. When you click Duplicate to create a new Smart Label with the SQL code, you can only reassign it to a new label.
The order Smart Labels page appears for the type of Smart Label, listing all of that type. 3. To change a Smart Labels order value, click the icon next to it.
62
Smart Labels with smaller values execute before those with larger values. Smart Labels have a default order value of 100. 4. Click Save.
Whats Next
Many organizations use labeling with their software and hardware inventories. For more examples of using labeling, see Chapter 5: Managing Software and Hardware Inventories, starting on page 83.
63
64
4
Agent Provisioning
The Agent Provisioning feature enables you to directly install the Dell KACE K1000 Management Appliance Agent onto machines in your environment. Information about the data collected by the Agent for each computer is located in Information collected by the Agent, on page 310.
Overview of first time Agent provisioning, on page 65. System requirements for Agents, on page 66. Preparing to provision the Agent, on page 67. Single Machine Provisioning, on page 68. Advanced Provisioning, on page 69. Using the Provisioned Configurations page, on page 73. Using the Provisioned Configurations page, on page 73. Using the Provisioning Results Page, on page 75. Managing K1000 Agent Tasks, on page 76. K1000 Agent Settings, on page 77. K1000 Agent Update, on page 78. AMP Message Queue, on page 80. Dell KACE Support is a good source for additional information and help for Agent Provisioning. Support contains white papers, articles, and a Knowledge Base.
65
Agent Provisioning
3. 4.
The target IP address is tested for the existence of an Agent. If the Agent is not detected, then it will remotely install the Agent directly from the appliance. You can also deploy the Agent manually on Windows, Linux, and Macintosh platforms. See Appendix E: Manually Deploying Agents, starting on page 301.
Windows: Windows 7 (32-bit and 64-bit) Windows Vista (32-bit and 64-bit) Windows XP (32-bit and 64-bit) Windows Server 2008 (32-bit and 64-bit) Windows Server 2008 R2 (64-bit) Windows Server 2003 (32-bit and 64-bit) Windows 2000 Server (32-bit)
Linux: Red Hat Enterprise Linux (RHEL) 3, 4, and 5 (32-bit and 64-bit) Macintosh: Mac OS X v10.6 Intel Mac OS X 10.5 Intel and PowerPC Mac OS X 10.4 Intel and PowerPC
Upgrades supported: Supports upgrading from Agent version 5.1 or later to 5.3.
66
Agent Provisioning
5. 6.
(Optional) Enter a password for the user share. Click Save Samba Settings. You can access the provisioning installers on the appliance at: \\k1000_name\client\agent_provisioning where k1000_name is the hostname of your appliance.
Windows XP: Turn off Simple File Sharing. Provisioning requires standard file sharing with its associated security. For information on how to do this, see the Microsoft Support web site. If Simple File Sharing is enabled, a LOGON FAILURE occurs because simple file sharing does not support administrative file shares and the associated access security.
67
Agent Provisioning
Windows Firewall: If turned ON, you must enable File and Print Sharing in the Exceptions list of the Firewall Configuration.
The appliance verifies the availability of ports 139 and 445 on each target machine before attempting to execute any remote installation procedures. Vista and Windows 7:
Provide Administrative credentials for each machine. Configure User Account Control (UAC) in one of two ways: Turn UAC off. Set User Account Control : Run all administrators in Admin Approval Mode to Disabled.
From the Advanced sharing settings page, turn on network discovery and turn on file and printer sharing. Ports 139 and 445 along with File and Print Sharing are required only for Agent distribution. Administrative credentials are only needed for installation of the Agent. The Agent runs within the context of the Local System Account, which is a built-in account used by the Windows operating system. Once the Agents are installed and communicating with the appliance you can turn off access to these ports and services. After installation, the Agent uses port 52230.
Enter the Target IP. Select Install Agent. Select the operating system of the Agent. (Windows Only) Enter the domain or workgroup for the user name you enter below. Enter a user name that has the necessary privileges to install the Agent. Enter the password for the account. Click Run Now.
Administrator Guide, Version 5.3
Agent Provisioning
The system saves the configuration with a default name as Simple Provisioning - IP Address and then runs the configuration against the targeted IP. The Provisioned Configurations page appears where the newly created configuration is displayed.
Advanced Provisioning
Advanced Provisioning provides the ability to provision the Agent to multiple computers.
Set the General Settings according to the type of provisioning (described in the previous step). See next section (To use Advanced Provisioning, on page 69). Set the platform settings, as described in: To provision Windows platforms, on page 71. To provision Unix (Linux or Mac OS X) platforms, on page 72.
4.
69
Agent Provisioning
3.
Enter the information shown in the following table: Specify a unique configuration name to differentiate between different configurations. Auto Provisioning
Provisioning IP Range
Enter an IP or IP range. Use hyphens to specify individual IP class ranges. For example: 192 168 2-5 1-200 Manual Provisioning by IP
Target IPs
Enter a comma-separated list of IP addresses for the target computers. The Help me pick machines link aids in adding machines to the Target IP list: Provisioning IP Range: use hyphens to specify individual IP class ranges. For example: 192 168 2-5 1-200. After specifying a range, click the Add All button. IP Scan Computer: this drop-down list is populated from the Network Scan Results. Inventory Computers: this drop-down list contains all the inventoried computers. The following list describes the available functions: Click a computer in the list to add it to the Target IP field. Filter: filters by character. For example, entering lib would display computer names in the list such as Library-1, Library2, and so on. (n) indicates the number of computers selected by the filter. Limit List to 20 Computers. Only Include Found Computers. Add All: adds all machines displayed in the list according to the filter and selection criteria. Manual Provisioning by Hostname
Target Hostnames Configuration Enabled K1000 Server Name K1000 Client Share Name
Enter a comma-separated list of hostnames for the target computers. Enables the provisioning configuration. Note: Scheduled configurations run only if this check box is selected. The server that installs the Agent. This field displays the default name of the appliance server. Update this field if you have multiple servers. The share folder name on the appliance, where the Agents are located.
70
Agent Provisioning
DNS Lookup Enabled Name Server for Lookup Lookup Time Out 4.
Enables DNS lookup. By default, displays the primary DNS Server defined in Network Settings. You can specify either a hostname or IP address. The time, in seconds, after which a DNS lookup expires.
Set up provisioning for the platform, as described below in: To provision Windows platforms, on page 71. To provision Unix (Linux or Mac OS X) platforms, on page 72.
Provision this platform Agent Identification Port Required open TCP Ports Port Scan Time Out Bypass Port checks Enable Debug Info
K1000 Agent Version (Read-only) Displays the Agent Version number. The port currently in use by the Agents. The port number is 52230. The ports that the appliance uses to access the target machine for the Agent install. Use a comma separated list. The time period (in seconds) during which the appliance scans the port for response. Select to avoid port checks while the appliance installs the Agent. Select to view debug information in the machines provisioning results.
Remove K1000 Agent Select to remove the Agent from machines. This overrides any current provisioning activity. 2. Enter the following details under Windows Network Administrative Credentials: The domain or workgroup name associated with the login credentials you enter below. The user name that has the necessary privileges to install the Agent on the target machines. The password for the account listed above.
Schedule the provisioned configuration, as described in To schedule Agent provisioning, on page 72.
71
Agent Provisioning
Provision this platform Required open TCP Ports Port Scan Time Out Bypass Port Checks
Remove K1000 Agent Removes the Agent from machines. This overrides any current provisioning activity. Remove agent data directory 2. Removes any remaining data folder/files after the uninstall process completes.
Enter the following details under Network Root Credentials: The user name that has the necessary privileges to install the Agent on the targeted machines. Enter the password for the account listed above.
K1000 Agent Version (Read-only) This field displays the Agent version number. 3. Schedule the provisioned configuration, as described in the next section (To schedule Agent provisioning, on page 72).
Dont Run on a Schedule Run Every n minutes/ hours Run Every day/specific day at HH:MM AM/PM Run on the nth of every month/specific month at HH:MM AM/PM
72
Agent Provisioning
2.
Click Save to save the provisioned configuration. The Provisioned Configurations page appears and displays the provisioned configuration you created in the list of configurations.
73
Agent Provisioning
The Single Machine Provisioning page appears, where you can create a new configuration. For more information, see To deploy the Agent on a single machine, on page 68. 2. To provision the Agent to multiple computers, click Advanced Setup.
To edit a configuration
1. On the Provisioned Configurations page, click the name of the provisioned configuration that you want to edit. The Advanced Provisioning page appears. 2. Edit the provisioned configuration. For more information, see To use Advanced Provisioning, on page 69.
To run configurations
1. 2. On the Provisioned Configurations page, select the check boxes for the configurations that you want to run. In the Choose Action drop-down list, click Run Selected Configuration(s) Now.
To duplicate a configuration
1. On the Provisioned Configurations page, click the name of the configuration that you want to duplicate. The Advanced Provisioning page appears. 2. Under Scheduling, click Duplicate. The Provisioned Configuration page appears with the new configuration listed.
To delete a configuration
1. 2. On the Provisioned Configurations page, select the check boxes for the configurations that you want to delete. In the Choose Action drop-down list, click Delete Selected Item(s). Deleting a configuration will delete all associated target machines in the provisioning inventory list. Altering or updating a configuration will reset the data in the associated target machines list to the default settings until the subsequent provisioning run.
74
Agent Provisioning
To view additional information about a target computer, click its IP Address. The K1000 Agent Provisioning page appears. This page displays the results from the most recent provisioning run and includes information such as the IP address, Agent status, port configuration, and the logs of each provisioning step.
5. 6.
To print this page, click Printer Friendly Version. To view inventory information, click the [computer inventory] link next to the MAC address. This link is displayed only if the provisioning process can match the MAC address of the target machine with the current inventory data. For more information on computer inventory, see Adding Computers to Inventory, on page 89.
75
Agent Provisioning
Some options displayed in the filter depend on the configuration of your Task Types. While most Tasks and Task Types are self-explanatory, the following Tasks may need further explanation: 4. Ready to Run (connected): Tasks that are AMP connected and about to run. Ready to Run: Tasks that will run when an AMP connection established. Longer than 10 minutes: Tasks that have been waiting longer than 10 minutes for a connection.
To view details about a computer, click its name in the Machine Name column. The Computers: Detail Item page appears.
5.
(Optional) To see a print view of the page and print it, click Printer Friendly Version.
76
Agent Provisioning
To configure an Agent
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Click Organizations. The K1000 Organizations page appears. 2. 3. In the table, click the name of an Organization. Click Edit Mode. The K1000 Organization: Edit Detail page appears. 4. Field Communications Window Under K1000 Agent Settings For This Organization, specify the following Agent options: Suggested Setting 00:00 to 00:00 (+1 day) Notes The period when the Agent can communicate with the appliance to perform inventory, script updates, and crash uploads. Other processes such as patching and scripting are still performed. You may wish to limit this time, if your computers are particularly busy during a certain period of the day. How often the server asks each Agent to report Inventory, Custom Inventory, File Synchronization, and Managed Installations and to check if the Agent needs upgrading. The interval that the appliance performs inventory on the nodes in the network. For example, if you set this parameter to 4 hours when the Agent Run Interval is 2 hours, the Inventory is checked every other time. Conversely, the Agent checks Custom Inventory, File Synchronization, and Managed Installation every 2 hours. The message that appears to users when communicating with the appliance.
2 hours
77
Agent Provisioning
Notes The frequency that the Agents checks for the latest scripts. If necessary, the updated scripts are then downloaded. This does not affect how often a script is run. Turning off Agent Log Retention will save about 1GB of disk space in the database.
5.
Click Save to save the Agent settings configuration. The K1000 Agent Settings page appears in read-only mode. These changes are reflected the next time Agent checks into the appliance. The Agent normally checks in using the Run Interval schedule specified in K1000 Agent Settings page. However, you can force a check-in outside the normal schedule by running: Windows command window: Go to C:\Program Files\Dell\KACE\ or C:\Program Files (x86)\Dell\KACE\ and enter: runkbot 4 0 Macintosh terminal window: sudo /Library/Application Support/ Dell/KACE/bin/runkbot 2 0 UNIX (RHEL) terminal window: sudo /opt/dell/kace/bin/runkbot 2 0
78
Agent Provisioning
http://www.kace.com/support/customer/downloads.php 2. In the Dell KACE Management Center, click Settings > K1000 Agent. The Agent Provisioning page appears. The Agent package that you post to the server from this page should be an official Agent release received from Dell KACE directly. 3. Click Agent Updates from KACE. The Agent Updates from KACE page appears. 4. 5. 6. 7. Under Upload K1000 Agent Update Files, click Edit Mode. Click Browse and locate the update file that you downloaded. Click Load Bundle File. Verify that the file is uploaded and applied. The updated files appear under Loaded K1000 Agent Updates.
79
Agent Provisioning
Select the machines from the Select machine to add dropdown list. Filters the machines displayed in the Limit Update To Listed Machines field. The (n) indicates the number of computers selected by the filter. Filters by character. For example, entering lib would list computer names such as Library-1, Library-2, and so on. Enter release notes about the Agent.
Notes 5.
80
Agent Provisioning
Field Message Type [ID, Src ID] Message Payload Expires Status
Description The type of message type, such as Run Process. The message payload. The date and time when the message expired. The status of the AMP message, such as Completed or Received.
81
Agent Provisioning
82
5
Managing Software and Hardware Inventories
The Dell KACE K1000 Management Appliance Inventory tab enables you to identify and manage the hardware and software on your network and organize these assets using labels and filters.
Inventory Feature Overview, on page 83. Managing Your Computer Inventory, on page 84. Managing Your Software Inventory, on page 91. Managing Your Processes Inventory, on page 97. Managing Your Startup Program Inventory, on page 100. Managing Your Service Inventory, on page 102. Managing Your MIA (Out-Of-Reach Computer) Inventory, on page 104. Using the AppDeploy Live Application Information Clearinghouse, on page 106. Using the Dell Warranty feature, on page 107.
83
Inventory data is collected automatically according to the Agent Inventory Interval schedule specified in Settings > K1000 Agent. If the Agent Inventory Interval is set to zero, the inventory is performed as per the Agent Run Interval setting on the same page. To view the Agent Inventory Interval and Agent Run Interval settings, make sure you have selected the correct organization using the Organization drop-down list in the top-right corner of the main page. Then select the Organizations tab and click an organization in the list. These settings are listed under the K1000 Agent Settings for this Organization section of the K1000 Organization : Edit Detail page. Although it is listed under the Inventory tab, the IP Scan feature is discussed in Chapter 7: Scanning for IP Addresses, starting on page 119. This figure illustrates some of the Inventory features using the Computers ab. Figure 5-1: Inventory - Computers Tab
For more details on Machine Actions, refer to Chapter 2: Configuring your Appliance, starting on page 35.
84
Search by keyword or invoke an Advanced Search Create a Filter to apply labels to computers automatically Create Notifications based on computer attributes Add/delete new computers manually Filter the Computer Listing by label Apply or remove labels Show or hide labels
85
To create a notification
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. 4. 5. 6. 7. Go to Inventory > Computers. Select the Create Notification tab. Specify the search criteria and the constraints. Specify a title for the search. Enter the email address of the recipient of the notification. To see whether the filter produces the desired results, click Test Notification. Click Create Notification to create the notification.
86
Now, whenever machines that meet the specified notification criteria check into the K1000 Management Appliance, an e-mail is automatically sent to the specified recipient. You can modify or delete a notification after it has been created on the Reporting > Email Alerts tab.
The following sections describe each of the detail areas on this page. To expand or collapse the sections, click the + sign next to the section headers.
87
Description Contains basic computer identification information. Most of this is self-explanatory. The only appliance-specific information in this section is the AMP connection and the agent software level. Some appliance features work only if there is a constant connection between the agent and the appliance: A icon indicates a constant connection between the agent and the appliance.
A icon indicates that the agent and the appliance are not connected. For more details on the AMP connection, see AMP Message Queue, on page 80. Use the Force Inventory Update button to immediately update all computer inventory information. Click Force Inventory Update to synchronize the computer with the server. It requests that the node send an inventory to the appliance. Inventory Information Software Activities This section provides more detail on some of the categories in the Summary section. This section provides details on the software programs the computer has installed, including patching level information, running processes, and startup programs. The Labels section displays the labels assigned to this computer. Labels are used to organize and categorize machines. The Failed Managed Installs section displays a list of Managed Installations that failed to install on this machine. To access details about the Managed Installations, click the Managed Software Installation detail page link. The To Install List section lists the Managed Installations that are sent to the machine the next time it connects. The Help Tickets section provides a list of the Service Desk Tickets (if any) associated with this machine. These can either be Tickets assigned to the machine owner or Tickets submitted by the machine owner. To view a Service Desk Tickets details, click the Ticket ID (for example, TICK:0032). Security The Patching Detect/Deploy Status section displays a list of patches detected and deployed on the computer. Click the appropriate link, for example, Failed, Not Patched, Patched, and All to sort the list of patches.You can review your patch schedules by clicking the Patch Schedules link. The Threat Level 5 list section displays the items that have been marked with the threat level as 5. A threat that is harmful to any software, process, startup item, and services associated with this machine is considered as threat level 5. The OVAL Vulnerabilities section displays the results of OVAL Vulnerability tests run on this machine. Only tests that failed on this computer are listed by the OVAL ID and marked as Vulnerable. Tests which passed are grouped together and marked as Safe. The Portal Install Logs section provides details about the User Portal packages installed on this machine. See Appliance Agent Logs, on page 89, for details on this section. The Scripting Logs section lists the Configuration Policy scripts that have been run on this computer, along with the status of any scripts in progress.
Logs
88
Description This section displays the details of the Asset associated with that machine. Details such as the date and time when the Asset record was created, the date and time when it was last modified, type of the asset and name of the asset are displayed. Click the [Edit] link to edit the asset information. For more information about Assets, see the Asset Management Guide.
Management Service Logs: The primary role of appliance Management Service is to execute the Offline KScripts. The Management Service logs display the steps performed by Management Service to execute the Offline KScripts. These steps include, dependencies downloads and validating the KBOTS file. Any error in the execution of Offline KScript is logged in the Management Service logs.
Boot Strap Logs: The appliance sends a boot strap request to get inventory information for a node that has checked in for the first time. The logs related to this request are displayed in Boot Strap logs.
Client Logs: The appliance sends a request to the agent to get inventory information periodically. A script is executed on the node after which it sends the inventory information to the appliance. On successful execution of K1000Client.exe, inventory is uploaded to the appliance. The agent logs display these actions.
Scripting Updater: A request is initiated periodically from the node to get the latest information related to the changes in Offline KScripts. Scripting Updater logs displays this information.
89
and upload all the available inventory data. For more information on agent provisioning, refer to Chapter 4: Agent Provisioning, starting on page 65.
The K1000Client.exe can take an optional command line parameter-inventory. To configure this, type: K1000 Agent/exe-inventory The appliance agent collects the inventory data and generates a file called machine.xml, which you can upload here. If you choose this option, the appliance ignores all other field values on this page.
To delete a computer
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. 4. Go to Inventory > Computers. Select the check box next to the computer(s) you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click OK to confirm deleting the computer.
90
Add or delete software Add, remove, or apply labels Categorize the Software Set Threat Level to Software
To view the details of a software title, click the software name link.
91
inventory for that particular value or combination of values. For example, if you need a list of computers that have a specific application installed on a specific operating system.
92
RegistryValueGreaterThan(HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx,szDatVersion,4.0.44) Before deploying a software item to a remote node, your appliance first verifies whether that file is present on the that node. If it is detected, it is not sent to the machine a second time. In some instances, installed programs do not register in Add/Remove Programs or in standard areas of the registry. In such cases, the appliance may not be able to detect the presence of the application without additional information from the administrator. Therefore, the appliance may repeat the install each time the node connects. For more information on Custom Inventory ID (rule), refer to Appendix C: Writing Custom Inventory Rules, starting on page 273. 8. 9. Select the supported operating systems in the Supported Operating Systems field. In the Custom Inventory Rule field, enter the Custom Inventory ID.
10. Beside Upload & Associate File, click Browse to browse to the file you wish to upload and associate with this software, and then click Open.
93
11. Under Metadata, specify the following information: Category Threat Level Hide from AppDeploy Live! Select the desired category. Select the threat level. Select this check box to hide this information from Live Application Deployment. (Use for proprietary information.)
12. Click Save. The software detail page displays license information for the software. You can also view the license asset detail by clicking on the license link.
94
RegistryValueReturn(string absPathToKey, string valueName, string valueType), Example: RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Viruss can Online,SourceDisk, TEXT) To return File Information, enter: FileInfoReturn(string fullPath, string attributeToRetrieve, string valueType) Example: FileInfoReturn(C:\Program Files\Internet Explorer\iexplore.exe, Comments,TEXT) You can retrieve the following attributes from the FileInfoReport() function: Comments CompanyName FileBuildPart FileDescription FileMajorPart FileMinorPart FileName FilePrivatePart FileVersion InternalName IsDebug IsPatclhed IsPreRelease IsPrivateBuild IsSpecialBuild Language LegalCopyright LegalTrademarks OriginalFilename PrivateBuild ProductBuildPart ProductMajorPart ProductMinorPart ProductName ProductPrivatePart ProductVersion SpecialBuild CreatedDate ModifiedDate AccessedDate
The Software: Edit Software Detail page appears. 3. 4. 5. Beside Upload & Associate File, click Browse. Locate the file to upload, and then click Open. Modify other details as necessary, and then click Save. The Software-To-Computer Deployment Detail table at the bottom of the Software > Edit Software Detail page shows which computers have the software title installed.
96
3.
In the Choose Action menu, click Remove Label and the appropriate label.
View Process details Delete selected processes Disallow selected processes Meter selected processes Apply labels Remove labels
The processes are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet, Malware, Security, and System Tool.
97
To delete a process
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. To delete processes, do one of the following: 2. From the Processes List view, select the check box beside the process, and then in the Choose Action menu, click Delete Selected Item(s). From the Process detail page, click Delete.
To disallow processes
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Inventory > Processes. The Processes page appears. 2. 3.
98
Select the check box beside the processes to disallow. In the Choose Action menu, click Disallow Selected Item(s).
Administrator Guide, Version 5.3
The Script : Edit Detail page appears. 4. Enter the script configuration details, and then click Run Now to run Disallowed Programs Policy. For more detailed information on scripting and Disallowed Programs Policy, refer to Chapter 9: Using the Scripting Features, starting on page 161.
To categorize a process
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Processes. Select the check box next to the processes you want to categorize. In the Choose Action menu, click the appropriate category.
99
To meter a process
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Processes. Click the check box next to the processes. In the Choose Action menu, click Meter Selected Items(s). The process are added to the list of processes to be monitored in the Metering tab. For more information on Software Metering, refer to Asset Management Guide.
View startup program details Delete selected startup programs Apply or remove labels
The startup programs are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet, Malware, Security, and System Tool.
100
7.
Click Save to save the startup program details. You can read comments on the startup program submitted by other users by clicking [Read Comments]. You can also ask for help from KACE about the startup programs by clicking [Ask For Help.] You need a KACE user name and password to log in to the Dell KACE database.
You can also see computers with running the selected startup program. You can view a printer friendly version of this page and take print outs of the report.
101
1. 2. 3.
Go to Inventory > Startup. Select the check box next to the startup programs you want to categorize. In the Choose Action menu, click the appropriate category.
The services are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet, Malware, Security, and System Tool.
102
5. 6. 7.
Select the category of the service in the Category drop-down list. Select the threat level of the service in the Threat Level drop-down list. Click Save to save the service details. You can read comments on the service submitted by other users by clicking [Read Comments]. You can also ask for help from Dell KACE about the service by clicking [Ask For Help.] You need a KACE username and password to log in to the Dell KACE database.
You can also see computers with running the selected startup program. You can view a printer friendly version of this page and take print outs of the report.
To delete a service
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. To delete services, do one of the following: 2. From the Services List view, select the check box next to the service, and then in the Choose Action menu, click Delete Selected Item(s). From the Process detail page, click Delete.
103
To categorize a service
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. 3. Go to Inventory > Service. Select the check box next to the services you want to categorize. In the Choose Action menu, click the appropriate category.
104
3.
Enter the following information: Select this check box to enable automatic deleting of MIA computers. Enter the period in number of days. Computers that do not communicate with the appliance for the number of days specified are automatically deleted.
4.
Click Save.
105
For more information on how to change K1000 General Settings, refer to To configure general settings for the server, on page 35.
106
The Software : Edit Software Detail page appears. 3. Scroll Down to view AppDeploy Live information.
The Dell Warranty feature runs a background service that gathers and updates warranty information on your Dell computers that are in Inventory. This background service runs every four hours and selects a different organization in a round-robin fashion. Every four hours, the service runs on approximately 100 machines per organization. Over time, warranty information is gathered and updated for all Dell machines. This process may take a week or up to a month to acquire warranty information for all of the Dell machines across different organizations. If you need to see warranty information immediately, there is an option to gather warranty information on a single Dell machine instantly. You can download warranty information into a CSV file for a single or multiple machines within your organization. From the Dell Warranty tab, you can also access the Dell Support Web site to renew your warranty information if it is out of date or view additional details about your warranty.
107
If this is a Dell computer that you have selected, you will see Dell warranty information under the Dell Service Info section as shown in the following figure:
4.
Select the Refresh button. The warranty information is updated immediately for this machine.
108
3.
View the following reports: Dell Warranty Expired Dell Warranty Expires in the Next 60 Days
You can run these reports and store them as HTML, CSV or PDF files. These reports are available at both the Organization level and the System level within the K1000 Management Appliance.
109
110
6
Importing and Exporting Appliance Resources
This chapter explains how to transfer K1000 Management Appliance resources between organizations within an appliance and between separate appliances.
Importing and exporting resources, on page 111. Transferring resources using a SAMBA share, on page 111. Transferring resources between Organizations, on page 115.
Email alerts Managed Installations Reports Scripts Smart labels Software components from Inventory Ticket rules
All K1000 Management Appliance have built-in SAMBA share directories, allowing you to import and export appliance resources among them. For details, see the Transferring resources using a SAMBA share section. If you use the Organizational Management component of the K1000 Management Appliance, you also can transfer resources between organizations within an appliance. For details, see Transferring resources between Organizations, on page 115. If you do not use Organizational Management, its options are not displayed.
111
3.
Click Export K1000 Resources. The Export K1000 Resources page appears, listing all of the resources available to export.
By default, all available resources on the appliance are listed. You can limit the resources to view using the drop-down list and Search field on the right side of the page. Select a resource from the View by list to display only that resource category.
112
Enter a term in the Search field to limit the resources list even further. In this example, only reports with the term closed in the description are listed:
4. 5.
Select the check boxes next to those resources you wish to export. In the Choose Action menu, click Export to SAMBA Share. The Annotate Exported Resource(s) splash screen appears.
6.
Enter a description of the components to export in the Notes field and click Save. Your exported resources first appear on the Resource Manager Queue page with a Status of New Request. Click the Refresh button to update this page. When finished, the Status changes to Completed. Most import/export tasks only take a moment, but very large resources take longer. This page does not refresh by itself for several minutes. The resources you exported are now available on your SAMBA share for other K1000 Management Appliance to import.
7.
Go to Settings > Control Panel > General Settings. and note the location of the SAMBA share directory in the SAMBA Share Settings section. You need to copy the appliance resources from this directory to the SAMBA share of the appliance importing the software.
8.
For the importing appliance, go to Settings > Control Panel, and click General Settings. The K1000 Settings: General page appears.
9.
In the SAMBA Share Settings section, note the location of the SAMBA share directory.
10. Using a third-party file copying utility, copy the resources from the exporting appliance SAMBA share to the importing appliance SAMBA share. 11. For the importing appliance, go to Settings > Resources.
113
12. Click Import K1000 Resources. The Import K1000 Resources page appears, listing all of the appliance resources available to import. 13. From Choose Action menu, click Import Resource(s) from SAMBA Share. The Import Resources from SAMBA Share Directory page appears.
114
14. Select the resource files to import, and click Import Resources.
Your imported resources first appear on the Resource Manager Queue page with a Status of New Request. Click Refresh to update this page. When finished, the Status changes to Completed. Most import/export tasks only take a moment, but very large resources take longer. This page does not refresh by itself for several minutes. Once you see a Status of Completed, the resources you imported are available and listed on their respective tabs (Reporting, Inventory > Software, Scripting, Distribution > Managed Installations) for your organization to use.
115
2.
To export resources from one organization to the others, click Export K1000 Resources. The Export K1000 Resources page appears, listing all of the resources on the appliance available to export.
3. 4.
Select the check boxes next to the resources you wish to export. In the Choose Action menu, click Export to Local K1000. The Annotate Exported Resource(s) splash screen appears.
5.
Enter a brief comment describing the exported resources in the Note field, and then click Save.
116
Your exported resources first appear on the Resource Manager Queue page with a Status of New Request. In a few minutes, the export will complete, and the Status changes to Completed. Click the Refresh button to update this page. The resources you exported are now available for other organizations on your appliance to import. For details on importing these resources into another organization, see the Importing resources from another organization on your appliance section.
2.
117
The Import K1000 Resources page appears, listing all of the resources available to import:
3. 4.
Select the check boxes next to the resources that you would like to import. In the Choose Action menu, click Import Selected Resource(s). The Resource Manager Queue page appears. Your imported resources first appear on the Resource Manager Queue page with a Status of New Request. Click the Refresh button to update this page. When finished, the Status changes to Completed. Most import/export tasks only take a moment to complete, but very large resources take longer. This page may not refresh for several minutes.
Once you see a Status of Completed, the resources you imported are available on the respective pages (Reports, Inventory > Software, Scripting, Distribution > Managed Installations) for your organization.
118
7
Scanning for IP Addresses
IP scan allows you to scan a range of IP addresses to detect the existence and attributes of various devices on a network.
IP Scan Overview, on page 119. Viewing Scheduled Scans list, on page 119. Creating an IP Scan, on page 120.
IP Scan Overview
The K1000 Management Appliance can scan a range of IP addresses for SNMP-enabled machines, allowing you to retrieve information about machines connected to your network. Although IP scans have their own server-side scheduling, you can invoke a scan on-demand or schedule an IP scan to run at a specific time. IP Scan reports a variety of inventory data, allowing you to monitor the availability and service level of a target machine. IP Scan scans ports in addition to IP addresses. You can collect data even without knowing the IP addresses of the target machines. It can scan any type of device (as long as the device has an IP address on the network), including computers, virtual machines, printers, network devices, servers, wireless access points, routers, and switches.
Schedule new scan. Apply a label or a Smart Label or delete a label. Create a remote connection to the machine. (This can be done only if configured under Machine Action.)
119
Creating an IP Scan
You can create a network scan that will search for DNS, Socket, and SNMP across a single subnet or multiple subnets. You also define a network scan to search for devices listening on a particular port (for example, Port 80). This allows you to view devices that are connected to your network even when the agent is not installed on those devices. When defining a network scan, balance the scope of the scan (number of IP addresses you are scanning) with the depth of the probe (number of attributes you are scanning for), so that you do not overwhelm your network or the appliance. For example, if you need to scan a large number of IP addresses frequently, keep the number of ports, TCP/IP connections, and so on, relatively small. As a general rule, scan a particular subnet no more than once every few hours. The agent listens to port 52230. To determine which machines on your network are running an agent, define a network scan to report which machines are listening on that port.
To create an IP scan
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. Go to Inventory > IP Scan. The Network Scan Settings page appears. 2. In the Choose Action menu, click Add New Item. The Network Scan Setting page appears. 3. 4. Enter a name for the scan in the Network Scan Friendly Name field. Enter the IP range to scan in the Network Scan IP Range field.
120
5.
Specify the DNS lookup test details: Check live addresses against the DNS server to see if they have an associated name. This can help you identify known nodes on your network. Enter the host name or IP address. Enter the time out interval (in seconds).
DNS Lookup Enabled Name Server for Lookup Lookup Time Out 6.
Select the Ping Test Enabled check box. If the Ping and Socket tests are disabled, you cannot run the other tests. The Ping or Socket tests determine if the address is alive. If it is, you can run an SNMP or a Port Scan against it.
7.
Specify the connection test details: Select this check box to perform connection testing during network scan. Enter the protocol to use.
Connection Test Port Enter the port to use for testing the connection. Connection Time Out Enter the time out interval (in seconds). 8. Specify SNMP test details: Select this check box to enable SNMP scanning. Enter the community string to query. (Public is the default.) The query only runs if authentication is not required. When authentication is required, the scan returns SNMP enabled with no system data.
9.
Specify port scan test details: Select this check box to enable port scanning of device ports. Enter a comma-separated list of TCP ports to scan. Enter a comma-separated list of UDP ports to scan. Enter the time out interval (in seconds).
Device Port Scan Enabled TCP Port List UDP Port List Port Scan Time Out
10. Specify the scan schedule: Dont Run on a Schedule Run Every n minutes/ hours Run in combination with an event rather than on a specific date or time. Run the scan at a specified interval.
121
Run Every day/specific day at HH:MM AM/PM Run on the nth of every month/specific month at HH:MM AM/PM 11. Click Save.
Run the schedules daily at a specified time, or run on a designated day of the week at a specified time. Run either monthly at a specified time and day or run at a designated time and day on a specified month.
Deleting a scan configuration also deletes all associated scan inventory items. If you want to maintain the scan inventory, but do not want to rescan, set the schedule of the scan configuration to not run.
122
When devices that meet the specified criteria are detected in the network scan, they are automatically assigned to the associated Smart Label. You can modify or delete a Smart Label after it has been created from the Home > Label > Smart Labels page. You can specify the order in which IP Scan Smart Labels are run by changing their order value.
Enter the appropriate order value, and click Save. IP Scan Smart Labels with lower order values are run before those with higher order values. The default order value for a new IP Scan Smart Label is 100.
123
124
8
Distributing Software from Your K1000 Management Appliance
The K1000 Management Appliances software distribution features offer various methods for deploying software, updates, and files to the computers on your network.
Distribution Feature Overview, on page 125. Types of Distribution Packages, on page 126. Managed Installations, on page 129. Examples of common deployments on Windows, on page 133. Examples of Common Deployments on Linux, on page 139. Examples of Common Deployments on Mac OS, on page 143. File Synchronizations, on page 143. Wake-on-LAN, on page 145. Replication, on page 148. Managing iPhone Profiles, on page 153. Managing Dell Systems with Dell Updates, on page 155. Configuring Dell OpenManage Catalog Updates, on page 158.
125
Test
Target
Deploy
Report
One of the most important concepts in the deployment procedure is to test each deployment before rolling it out to a large number of users. The appliance verifies that a package is designated for a particular system, machine, or operating system. However, the appliance cannot assess the compatibility with other software on the target machine. Therefore, establish procedures for testing each piece of software before deploying it on your network. For example, develop a test group of target machines, and deploy the required software using your appliance. This practice helps you to verify the compatibility of the software with the operating system and other applications within your test group. You can create a test label and perform a test distribution before you go live in your environment. You can create a test label from the Home > Labels tab. This chapter focuses primarily on the test, target, and deploy portions of this flow diagram. For more details on creating an inventory of computers and software packages in use on your network, see Chapter 8: Distributing Software from Your K1000 Management Appliance, starting on page 125.
Distribution packages (whether for managed installation, file synchronization, or user portal packages) cannot be created until a digital file is associated with an Inventory item. This rule applies even if you are:
126
Sending a command, rather than an installation or a digital file, to target machines. Redirecting the appliance agents to retrieve the digital asset (for example, .exe, .msi) from an alternate download location.
To create a distribution
1. 2. 3. Install the package manually on a machine. Take an inventory of that machine. For more information on how to take an inventory, see Managing Your Software Inventory, on page 91. Use the item listed in the Software Inventory list for the Managed Installation.
To create packages with different settings, such as parameters, labels, or deployment definitions, you can create multiple distribution packages for a single Inventory item. However, the Managed Installation (MI) cannot be verified against more than one inventory item because the MI checks for the existence of only one inventory item. Although the K1000 Agent tab is listed under the Distribution tab, Deploying K1000 Agent is discussed as part of the installation and setup process in Chapter 1: Getting Started, starting on page 15. For information about updating an existing version of the appliance agent, see K1000 Agent Update, on page 78.
127
You can then associate a digital file and create one or more deployment packages.
Supporting remote sites with restricted bandwidth, which might result in difficulties accessing the appliance. Avoiding storing large packages on the appliance.
An alternate download location can be any path on the network. Ensure that the alternate location has the required files for installing the application. To activate this capability, you must enter an alternate checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). You may use any tool to establish your checksum. To create the MD5 checksum, enter: K1000Client -hash=filename This displays the MD5 hash for the file. If no checksum is entered, the digital asset on the file share must exactly match the digital asset associated with the Deployment Package on the K1000 Management Appliance. Also, the target path must include the complete filename (for example, \\fileserver_one\software\adobe.exe). When the appliance fetches files, it uses these priorities: 1. Alternate download location 2. Replication share 3. Appliance If a replication share is specified in the label, the replication share is always used instead of an alternate download location. If there is no replication share, the agent fails over to the appliance.
Replication share is a full replication of all digital assets and is managed automatically by the appliance.
128
Alternate download location can be any path on the network. You make sure that the alternate location has the files that might be needed for installs of a particular application.
Whenever a replication share is specified for a label, nodes in that label go to that replication share to get files until you remove them from the label or stop using the replication item. If a replication share is specified, that is always be used instead of any other alternate location. The agent always fails over to appliance in following scenarios:
There is no replication share specified for any label it is a member of There are more than one possible replication shares identified
Managed Installations
To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. Managed installations enable you to deploy software that requires an installation file to run to the computers on your network. You can create a Managed Installation package from the Distribution > Managed Installation page. From the Managed Installation tab, you can:
Create or delete Managed Installations Execute or disable Managed Installations Specify a Managed Action Apply or remove a label Search Managed Installations by keyword
Installation parameters
Your K1000 Management Appliance allows packaged definitions to contain .msi, .exe,.zip, and other file types for software deployment. If an administrator installs the file on a local machine, either by running a single file, BAT file, or VBScript, the package can be installed remotely by the appliance. To simplify the distribution and installation process, the package definition can also contain parameters that are passed to the installer at run time on the local machine. You can use parameters as custom installation settings, for example, a standard install or to bypass auto-restart.
129
1. 2.
Open an MS-DOS command prompt. Go to the directory that contains the target installer. For example: c:\...\adobe.exe
3.
Enter: filename /? For example: adobe.exe /? If that package supports parameters, they are displayed. For example: /quiet, / norestart.
4.
Also show software Select this check box to display any software without an associated executable without an uploaded. You can upload a file to the software record directly from this Associated File Managed Installation page. Upload & Associate Click the Browse button and navigate to the location that contains the new New File executable of any software selected or to associate an executable to a software without an associated file.
130
Installation Command
Select the Use Default or Configure Manually option. Use Default Run Parameters: Specify the installation behavior as follows: The maximum field length is 256 characters. If your path exceeds this limit, on the command line, point to a BAT file that contains the path and the command. If your Parameters file path includes spaces, enclose the complete path in quotes. For example: \\kace_share\demo files\share these files\setup.bat Configur Installation Command: If desired, specify full command-line e parameters in the provided field. Refer to the MSI Command Line Manually documentation for available runtime options. Un-Install using Full Command Line: Select this check box to uninstall software. Run Command Only: Select this check box to run the command line only.
Select this check box to delete the package files after installation. Select this check box to specify details for alternate download. When you select this check box, the following fields appear: Alternate Download Location: Enter the location where the K1000 Agent can retrieve digital installation files. Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User: Enter a user name that has the necessary privileges to access the alternate download location. Alternate Download Password: Enter the password for the user name. Note: If the target machine is part of a replication label, the appliance does not fetch software from the alternate download location. For more information, refer to Distributing Packages from an Alternate Location, on page 128. Specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. Because that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information, refer to To add or edit a new label, on page 57.
Notes
131
Managed Actions
Managed Action allows you to select an appropriate time for this package to be deployed. Available options are: Disabled Execute anytime (next available) Execute before logon (at machine bootup) Execute after logon (before desktop loads) Execute while user logged on Execute while user is logged off
Specify the deployment details: Select this check box to deploy the software to all machines. Select a label to limit deployment only to machines belonging to the selected label. Press CTRL to select multiple labels. If you have selected a label that has a replication share or an alternate download location, the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from the appliance. Note: The appliance always uses a replication share in preference over an alternate location. You can limit deployment to one or more machines. Select the machines from the drop-down list to add to the list. You can filter the list by entering filter options. Select the order to install the software. The lower value deploys first. Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the K1000 Management Appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Specify the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, overrides and/or interact with the deployment window of a specific package.
132
6. Allow Snooze
Set user interaction details: Click the check box to allow snooze. When you click the check box, the following additional fields appear: Snooze Message: Enter a snooze message. Snooze Timeout: Enter the timeout, in minutes, for which the message is displayed. Snooze Timeout Action: Select a timeout action that take places at the end of the timeout period. For example, if the installation is being carried out when there currently no active users accessing their desktop. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction.
Select this check box to display a message to users prior to installation. When you select the check box, the following additional fields appear: Pre-Install User Message: Enter a pre-install message. Pre-Install Message Timeout: Enter a timeout, in minutes, for which the message is displayed. Pre-Install Timeout Action: Select a timeout action from the dropdown list, this action takes place at the end of the timeout period. Options include Install later or Install now. For example, if the installation is being carried out when there currently no active users accessing their desktop. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction.
Custom Post-Install Select this check box to select a message to users after the installation is Message complete. When you click the check box, the following additional fields appear: Post-Install User Message: Enter a post install message. Post-Install Message Timeout: Enter a timeout, in minutes, for which the message is displayed. 7. Click Save.
133
To use parameters with .msi files, all your target machines must have the same version of Windows Installer (available from Microsoft). Some switches may not be active on older versions. The most up-to-date version of Windows Installer can be distributed to nodes with the appliance.
If you are using Windows Installer 3.0 or later, you can identify the supported parameters by selecting the Run program available from the Start menu. Enter msiexec in the popup window. A window displays, which includes the supported parameters list.
Also show software without an Associated File Upload & Associate New File
134
Installation Command
Select the Use Default or Configure Manually option. Use Default Run Parameters: Specify the installation behavior as follows: The maximum field length is 256 characters. If your path exceeds this limit, on the command line, point to a BAT file that contains the path and the command. If your Parameters file path includes spaces, enclose the complete path in quotes. For example: \\kace_share\demo files\share these files\setup.bat. Configur Installation Command: If desired, specify full commande line parameters in the provided field. Refer to the MSI Manually Command Line documentation for available runtime options. Un-Install using Full Command Line: Select this check box to uninstall software. Run Command Only: Select this check box to run the command line only.
Delete Downloaded Files Select this check box to delete the package files after installation. Use Alternate Download Select this check box to specify details for alternate download. When you select this check box, the following fields appear: Alternate Download Location: Enter the location where the K1000 Agent can retrieve digital installation files. Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User: Enter a user name that has the necessary privileges to access the alternate download location. Alternate Download Password: Enter the password for the user name. Note: If the target machine is part of a replication label, the appliance does not fetch software from the alternate download location. For more information, refer to Distributing Packages from an Alternate Location, on page 128. Specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. Because that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information, refer to To add or edit a new label, on page 57. Notes (Optional) Enter any additional information in this field.
135
Managed Actions
Managed Action allows you to select an appropriate time for this package to be deployed. Available options are: Disabled Execute anytime (next available) Execute before logon (at machine bootup) Execute after logon (before desktop loads) Execute while user logged on Execute while user is logged off
5.
Specify the deployment details: Select this check box to deploy the software to all machines. Select a label to limit deployment only to machines belonging to the selected label. Press CTRL to select multiple labels. If you have selected a label that has a replication share or an alternate download location, the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from the appliance. Note: The appliance always uses a replication share in preference over an alternate location. You can limit deployment to one or more machines. Select the machines from the drop-down list to add to the list. You can filter the list by entering filter options. Select the order to install the software. The lower value deploys first. Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the K1000 Management Appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Specify the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, overrides and/or interact with the deployment window of a specific package.
136
6. Allow Snooze
Set user interaction details: Click the check box to allow snooze. When you click the check box, the following additional fields appear: Snooze Message: Enter a snooze message. Snooze Timeout: Enter the timeout, in minutes, for which the message is displayed. Snooze Timeout Action: Select a timeout action that take places at the end of the timeout period. For example, if the installation is being carried out when there currently no active users accessing their desktop. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction.
Select this check box to display a message to users prior to installation. When you select the check box, the following additional fields appear: Pre-Install User Message: Enter a pre-install message. Pre-Install Message Timeout: Enter a timeout, in minutes, for which the message is displayed. Pre-Install Timeout Action: Select a timeout action from the drop-down list, this action takes place at the end of the timeout period. Options include Install later or Install now. For example, if the installation is being carried out when there currently no active users accessing their desktop. You can select Install now to install the software without any hindrance to the users or select Install later if the installer needs some user interaction.
Select this check box to select a message to users after the installation is complete. When you click the check box, the following additional fields appear: Post-Install User Message: Enter a post install message. Post-Install Message Timeout: Enter a timeout, in minutes, for which the message is displayed.
7.
Click Save.
137
required to install a particular application, you can package them together in a .zip file and upload them to the appliance for deployment. The appliance agent automatically runs deployment packages with .msi and .exe extensions. However, K1000 Management Appliance also provide a capability for administrators to zip many files together and direct the appliance to unpack the ZIP file and run a specific file within. If you intend to deploy a .zip file, you must place the name of the file within the .zip that you would like to run in the Command (Executable) field within the Deployment Package (for example, runthis.exe).
When attempting to deploy a .zip file created using WinZip maximum compression, the package may fail to uncompress and you may see an error in the application event viewer or kbxlog.txt with the message: Unsupported compression mode 9 The appliance agent uses a library called SharpZipLib to uncompress .zip files. This library supports .zip files using both stored and deflate compression methods and also supports old (PKZIP 2.0) style encryption, tar with GNU long filename extensions, gzip, zlib and raw deflate, as well as BZip2. However, Zip64 and deflate64 are not supported. Compression mode 9 is deflate64, which in WinZip is called maximum compression.
138 Administrator Guide, Version 5.3
To resolve the issue, recreate the zip file using WinZip normal compression.
139
If the PATH environment variable of your root account does not include the current working directory, and you want to execute a shell script or other executable that you have included inside an archive, specify the relative path to the executable in the Full Command Line field. The command is executed inside a directory alongside the files that have been extracted. For example, to run a shell script called installThis.sh, package it alongside an .rpm file, and then enter the command: ./installThis.sh in the Installation Command field. If you archived it inside another directory, the Installation Command field is: ./dir/filename.sh Both these examples, as well as some other K1000 Management Appliance functions, assume that sh is in the root's PATH. If you're using another scripting language, you may need to specify the full path to the command processor you want to run in the Installation Command, like /bin/sh ./filename.sh Include appropriate arguments for an unattended, batch script. If you select the uninstall check box in the MI detail, the agent runs the following command on either your standalone rpm file or each rpm file it finds in the archive, removing the packages automatically: //usr/sbin/rpm -e packagename.rpm Removing software in this way is performed only if the archive or package is downloaded to the node. If you select the Uninstall Using Full Command Line check box, specify a full command line in the Installation Command field to ensure the correct removal command is run on the correct package. Because no package is downloaded in this case, specify the path in the installation database where the package receipt is stored. 5. If your package requires additional options, you can enter the following installation details: (Optional) You do not need to specify parameters if you have an .rpm file. Enter a value to override (Default -U default). For example, if you set Run Parameters to: -ivh --replacepkgs, then the command that runs on the computer is: rpm -ivh replacepkgs package.rpm You do not need to specify a full command line if you have an .rpm file. The appliance executes the installation command by itself. The Linux node tries to install this via: rpm [-U | Run Parameters] "packagename.tgz If you do not want to use the default command, you can replace it completely by specifying the complete command line here. If you have specified an archive file, this command is run against all of the .rpm files it can find.
Run Parameters
Installation Command
140
Click the check box to uninstall software. If a Full Command Line above is entered, it is run. Otherwise, by default the agent attempts to run the command, which is generally expected to remove the package. Click the check box to run the command line only. This does not download the actual digital asset. (Optional) Enter additional information in this field. Managed Action allows you to select the most appropriate time for this package to be deployed. Execute anytime (next available) and Disabled are the only options available for Linux platform.
6.
Specify the deployment details: Click the check box to deploy to all the machines. Select a label to limit deployment only to machines belonging to the selected label. Press CTRL to select multiple labels. If you have selected a label that has a replication share or an alternate download location, then the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from appliance. Note: The appliance always uses a replication share in preference over an alternate location. You can limit deployment to one or more machines. Select the machines from the drop-down list to add to the list. You can filter the list by entering filter options. The order in which software is installed. The lower value deploys first. Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the K1000 Management Appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Specify the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, override and/or interact with the deployment window of a specific package.
7. Allow Snooze
Set user interaction details: This option is not available for Linux platform. This option is not available for Linux platform. This option is not available for Linux platform.
Delete Downloaded Files Select this check box to delete the package files after installation.
141
Select this check box to specify details for alternate download. When you select this check box, the following fields appear: Alternate Download Location: Enter the location from where the K1000 Agent can retrieve digital installation files. Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User: Enter a user name that has the necessary privileges to access the Alternate Download Location. Alternate Download Password: Enter the password for the user name specified above. Note: If the target machine is part of a replication label, then the appliance does not fetch software from the alternate download location. For more information on using an alternate location, refer to Distributing Packages from an Alternate Location, on page 128. Here you specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. But since that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information on how to create or edit labels, refer to About Labels, on page 53.
8.
Click Save.
142
You can do this manually from the Inventory > Software tab, or by installing the package on a K1000 Agent machine that regularly connects to the K1000 Management Appliance. 3. 4. Associate the tar.gz file with the Inventory item, and upload it to the appliance. Click Distribution > Managed Installation. The Managed Installations page appears. 5. In the Choose Action menu, click Add New Item. The Managed Software Installation: Edit Detail page appears. 6. Select the software title with which the tar.gz file is associated from the Software dropdown list. This file is uncompressed and searched for all .rpm files. The installation command is run against each of them. If no Run Parameters are filled in, -U is used by default. You do not need to specify a full command line. The server executes the installation command by itself. The Linux node tries to install this using: rpm [-U | Run Parameters] "packagename.tgz 7. 8. Enter other package details as described in the Managed Installations, on page 129 procedures for .rpm file above. Click Save.
The agent automatically runs deployment packages with .rpm extensions. However, the appliance also provides a capability for administrators to zip many files together and direct the K1000 Management Appliance to unpack the zip and run a specific file within.
File Synchronizations
File synchronizations enable you to distribute software files to the computers on your network. These can be any type of file, such as PDF, ZIP files, or EXE files, which are simply downloaded to the users machine, but not installed.
corresponding label. You should not have a machine in more than one label with an Alternate Download Location specified.
Specify the deployment details: Enter a label for the package. The file is distributed to the users assigned to the label, such as the operating system affected by the synchronization.
144
Select a machine for deployment. If your list of machines is long, you can use the Filter field to filter the list by entering a few characters of the machine name. Enter a pre-deployment message to be sent to the user prior to deployment.
Post-Deploy User Message Enter a post-deployment message to be sent to the user after deployment. Deployment Window (24H clock) Enter the time (using a 24-hour clock) to deploy the package. The Deployment Window times affects any of the Managed Action options. Also, the run intervals defined in the System Console, under K1000 Settings for this specific organization, overrides and/or interact with the deployment window of a specific package. Click this check box to specify details for alternate download. When you click this check box, the following fields appear: Alternate Download Location: Enter the location from where the K1000 Agent can retrieve digital installation files. Alternate Checksum: Enter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download User: Enter a user name that has necessary privileges to access the Alternate Download Location. Alternate Download Password: Enter the password for the user name specified above. Note: If the target machine is part of a replication label, then the appliance does not fetch software from the alternate download location. For more information on using an alternate location, refer to Distributing Packages from an Alternate Location, on page 128. Here you specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. But since that label cannot be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information on how to create or edit labels, refer to Managing Labels, on page 54. 6. Click Save. To distribute files previously deployed after the deployment window has closed, click the Resend Files button.
Wake-on-LAN
The K1000 Management Appliance Wake-on-LAN feature provides the ability to wake up computers equipped with network cards that are Wake-on-LAN compliant.
145
146
After you send the Wake-on-LAN request, the results at the top of the page indicate the number of machines that received the request and to which label, if any, those machines belong.
Run Every day/specific Select to run the tests every day or only the selected day of the day at HH:MM AM/PM week at the specified time. Run on the nth of every month/specific month at HH:MM AM/PM 7. Click Save. The Wake-on-LAN tab appears with the scheduled request listed. From this view you can edit or delete any scheduled requests. Select to run the tests on a specific date or the same day every month at the specified time.
Troubleshooting Wake-on-LAN
When a Wake-on-LAN request fails to wake devices, it might be due inappropriate configuration of network devices. For example:
The device does not have a WOL-capable network card or is not configured properly. The K1000 Management Appliance has incorrect information about the subnet to which the device is attached. UDP traffic is not routed between subnets or is being filtered by a network device. Broadcast traffic is not routed between subnets or is being filtered by a network device. Traffic on Port 7 is being filtered by a network device.
147
http://support.intel.com/support/network/sb/cs-008459.htm.
Replication
Using a replication share is a method to handle managed installations, patching, or Dell Updates where network bandwidth and speed are issues. In those situations, using a replication share is a good alternative to downloading directly from an appliance. A replication share allows an appliance to replicate software installers, patches, node upgrades, and script dependencies to a shared folder on a node. If any replication item is deleted from the appliance server, it is marked for deletion in the replication share and deleted in the replication task cycle.
In creating a replication share, identify one node at each remote location to act as a replication machine. The server copies all the replication items to the replication machine at
148
the specified destination path. The replication process automatically restarts if stopped due to a network failure or replication schedule. If stopped, the replication process restarts at the point it was stopped. Sneaker net share You can create a new folder and copy the contents of an existing replication folder to it. You can then specify this folder as the new replication folder in the appliance. The appliance checks if the new folder has all the replication items present and replicates only the new ones. This results in conserving the bandwidth by not copying the files twice. You can manually copy the contents of replication folder to a new folder. The replication folder created in a machine follows following hierarchy: \\machinename\foldername\repl2\replicationitems folder The machine name and folder name is user defined while repl2 is automatically created by appliance server. The replication items folder includes the folder for patches, kbots, upgrade files, and software. All the replication items are first listed in the replication queue and then copied one at a time to the destination path. Any new replication item is first listed in the replication queue and then copied after a default interval of 10 minutes. Replication items are copied in this order: 1. 2. 3. 4. Script dependencies Software Agent upgrades Patches
The replication share needs to have write permissions of the destination path to write the software files. The K1000 agent needs to be installed on the replication share. Create a computer label for your target nodes before starting the process.
149
2.
In the Choose Action menu, click Add New Item. The Replication Share: Edit Detail page appears.
3. 4.
Click the Replication Enabled check box. Click Failover to K1000 (optional). While you are testing the replication setup, dont enable this setting so that you can confirm that the replication is successful.
5.
Select the node in the Replication Machine drop-down list. The replication share is created on this node. The replication share can be created by two methods: Locally Shared network drive
6. 7.
Specify the replication share destination details: Select the label for the nodes that you want to get files from the replication to share Enter the path for the replication machine to use for the replication share. For a local drive, use local drive syntax, for example: C:\k1000share For a network drive, use UNC format, for example: \\kaceRep\k1000hare Note: $ notation, for example \KaceRep\e$, is not supported
Destination Path
Enter the login name for the replication drive (destination path). The login account should have full access (including write) to the location. Use only letters and numbers; other characters dont work, such as @. Not required for local drives. Enter the password for the replication share. Use only letters and numbers. Not required for local drives.
Verify that the selected computer label does not have KACE_ALT_LOCATION specified. KACE_ALT_LOCATION has precedence over the replication share while downloading files to the node. Specify the replication share download details: Enter the path for nodes in the replication label to copy items from the replication drive. For example, a UNC path: \\fileservername\directory\k1000\ Other nodes need read permission to copy replication items from this shared folder. Enter the login name for accessing the download path. We recommend you use only letters and numbers. Some other characters, for example, @, dont work.
9.
Download Path
150
Enter the password for accessing the download path. We recommend you use only letters and numbers.
Click the OS patches to replicate from the patch subscription settings page. Default: Replicate all displayed. (Only active patches are available.) For information about patching, see Patching and Security Guide. Click the language patches to replicate from the patch subscription settings page. Default: Replicate all displayed. For information about patching, see Patching and Security Guide. Click to replicate the application patches to the replication share. Click to replicate Dell packages to the replication share. Enter the maximum bandwidth to use for replication. If this field is left blank, the maximum bandwidth available for replication is used. Enter the restricted bandwidth to use for replication. If this field is left blank, the maximum bandwidth available for replication is used. Select the bandwidth used for different time slots and/or days. The colors represent: White Replication Off Light Blue Replication on with low bandwidth Blue Replication on with high bandwidth
Limit Patch Language Files Replicate App Patches Replicate Dell Packages Hi Bandwidth Lo Bandwidth Replication Schedule
In the replication schedule, as well as clicking the individual cells, you can:
Select hours (columns) by clicking the hour number. Select days (rows), by clicking the day of the week.
151
Select an existing replication schedule from the drop-down list to replicate items according to that schedule. (Optional) Enter comments in the text box.
11. Click Save. When you have completed testing, you might want to return to step 4 and check Failover to K1000.
Add or delete replication shares Enable or disable replication shares Start or restart a halted replication task Halt a running replication task Perform a share inventory for the replication share Interrupt the current replication Export to CSV format Opening a CSV file containing multibyte characters with Microsoft Excel may yield "garbage characters" in the resulting worksheet. See Dell KACE Support for the steps to import the CSV file into an Excel worksheet.
152
Share Inventory: Click Show Share Inventory to see a list of replication items that have been copied. Delete Queue: Click Show Delete Queue to see a list of replication items that are marked for deletion.
Email profiles to the appropriate users. Have your users download their authorized profile.
153
5.
Click Browse to make this profile available to users when you save. You can also enable the profile after saving.
6.
Click Edit for Limit Access to User Labels to restrict access to specific users. For example, if your profile is designed for users in a specific geography or division, create a label for those users.
7.
To send the profile to your users by email, enter their email addresses in the To field. Use the Filter field to filter your search for users by name or email address.
8. 9.
In Message field, enter a message and/or instructions for your users. In the XML field, enter any attributes for the .mobileconfig file.
You can also delete a profile from the iPhone Profile : Edit Detail page.
154
If you have selected a label that has a replication share or an alternate download location, the appliance copies digital assets from that replication share or alternate download location instead of downloading them directly from the appliance. 7. 8. Use the Supported Operating Systems list to select the operating system to include in the deployment. Select the appropriate radio button to schedule the collection settings in the Scheduling area: (Default) Select to run the collection in combination with an event rather than on a specific date or at a specific time. Select to run the collection every few minutes or hours depending on your setting. Select to run the collection every day or on a specific day of the week at a specific time.
Dont Run on a Schedule Run Every nth minutes or hours Run every day or specific day of the week at HH:MM AM/ PM Run on the nth of every month/specific month at HH:MM AM/PM Custom Schedule 9. Click Save.
Select to run the collection on a specific date or the same day every month at the specified time. Select to create a custom schedule for the collection.
Software and firmware for servers and workstations. Some Dell-supplied applications.
The Dell Updates tab is similar features and workflow to the appliance patching features on the Security tab. The two tabs are so similar that you can use the Patching and Security Guide document for all the Dell Client Updates and Server updates except for the differences listed in the next section. Patching and Security Guide is available from the www.kace.com website, Support tab, under Documentation (your Support login is required).
155
The Dell Update subscription process is different from the K1000 Management Appliance patch subscription process. For instructions on subscribing to Dell Updates, see the Configuring Dell OpenManage Catalog Updates section below. The names used for these actions are different: Patching Term Detection Dell Updates Term Inventory Term Used in: Patching and Security Guide This chapter and the Dell documentation.
Action Probe your computers to determine whether they have or need a specific patch or update.
Install the patch or update on the Deployment computers in your appliance implementation.
Update
You manage and execute Dell Updates and Patching from different appliance interface pages: K1000 Management Appliance Interface Page Administrator Portal > Distribution > Dell Updates Administrator Portal > Organization: System > K1000 Settings > Dell Client and Server Update Settings Administrator Portal > Security > Detect and Deploy patches Administrator Portal > Security > Patching > Subscription Settings
Action Execute Dell Update schedules Manage Dell Updates Execute Patching Schedules Manage Patching
Updates section below. You configure Dell updates from the Administrator Portal > Organization:: System > K1000 Settings > Control Panel > Dell Client and Server Update Settings page. All other Dell Updates settings and feature are available on the Administrator Portal > Organization: Default > Distribution > Dell Updates tab. 3. Filter out the updates that you do not want to apply to your servers and clients. You may not want to install all of the patches from the catalog. Mark these patches as inactive to prevent them from being automatically installed. 4. Group the updates by applications or software families in patch labels that your schedules use to run the inventory and update actions. For example, a label can specify patches for all Microsoft Windows systems. 5. Group your Dell systems together in machine labels that your schedules use to run the inventory and update actions. For example, you can collect all Dell servers running Microsoft XP into a single label and then run a patch schedule to inventory and update them. 6. Perform an update inventory to discover which of your nodes have updates available. You can perform this step independently, or as part of an inventory and update patch schedule that also installs the updates. Normally, you perform the inventory automatically as part of a patch schedule. Patching and Security Guide uses the term detect or detection instead of inventory. 7. Install the updates on the nodes that need them. This is known as patch update, and you can also perform it automatically part of an update schedule. Patching and Security Guide uses the term deploy or deployment instead of update. 8. Bring all these pieces together into patch schedules that automatically run inventory/ update actions for the updates in your update labels, on the corresponding computers in your machine labels. Patching and Security Guide walks you through the process of creating a schedule that automatically inventories your hardware and updates it with the critical software updates it needs. You can run schedules at any interval that you choose. Normally, you create different schedules for the laptops, workstations, and servers in your appliance implementation, because these three types of computers have very different usage characteristics. 9. Test your schedules on a small subset of the computers you administer to make sure everything is working the way you expect.
157
2.
Scroll to the bottom the page and click Edit Mode link. The Dell Client and Server Update Settings page buttons and check boxes are enabled for changes. The Download Status table shows you the current status of the Dell catalogs that your appliance uses.
3. 4.
Click Disable import of Dell Client and Server Update Catalogs to stop the Dell updates. Click one of the Check for Changes options to set up a schedule for updating the Dell catalogs.
158
The first option of these two is intended for weekly updates and the second for monthly. 5. Use the Stop Download section options to limit the amount of time you allow the Dell updates to run. You may want to enforce a hard stop at a specific time, for example, when your users start working. 6. The Package Download Options buttons to specific whether to limit the Dell updates to just the ones that apply to your appliance implementation now, or keep all of the Dell updates available. If you change operating systems or bring on new Dell equipment frequently, its probably best to keep all Dell updates handy.
7. 8.
Click Refresh Catalog Now to update the catalogs immediately. Click Delete All Files or Delete Unused Files to remove all or some of the Dell catalog files. These options can free disk space.
9.
Click Save Dell Update Settings at the bottom of the page to make your changes take effect.
This completes the process of configuring your Dell OpenManage catalog updates.
159
160
9
Using the Scripting Features
The Dell KACE K1000 Management Appliance Policy and Scripting component provides a point-and-click interface to perform tasks that typically require you to use a manual process or advanced programming.
Scripting Overview, on page 161. Using the Appliance Default Scripts, on page 163. Creating and Editing Scripts, on page 164. Using the Run Now function, on page 174. Searching the Scripting Log Files, on page 177. About the Configuration Policies, on page 178. Using the Windows-based Policies, on page 179. Using the Mac OS Configuration-based Policies, on page 189.
Scripting Overview
With Policy and Scripting, you can more easily and automatically perform a variety of tasks. You can perform these tasks across your network through customized scripts that run according to your preferences.
161
Power management Installing software Checking antivirus status Changing registry settings Scheduling deployment to the endpoints on your network
Each script consists of: Metadata Dependencies (any supporting executable files that are necessary to run a script, for example, .zip and .bat files) Rules to obey (Offline Kscripts and Online Kscripts) Tasks to complete (Offline Kscripts and Online Kscripts). Each script can have any number of tasks, and you can configure whether each task must complete successfully before the next is executed. Deployment settings Schedule settings
162
Offline KScripts: These scripts can execute even when nodes are not connected to the appliance server, such as at the time of Machine Boot Up and User Login. Or, they execute at a scheduled time based on the node clock. You can create these scripts using the K1000 Management Appliance scripting wizard. Online KScripts: These scripts can execute only when the node is able to ping the appliance server. They execute at scheduled times based on the appliance clock. You can create these scripts using the K1000 Management Appliance scripting wizard. Online Shell Scripts: These scripts can execute only when the node is connected to the appliance server. They execute at scheduled times based on the server clock. The online shell scripts are built using simple text-based scripts (bash, perl, batch, and so on) supported by the target operating system. Batch files are supported on Windows, along with the different shell script formats supported by the specific operating system of the targeted machines.
Inventory Startup Programs Fix Issue a DOS Command Example Issue a Mac Command Example K1000 Remote Control Disabler
163
Script Name K1000 Remote Control Enabler K1000Client debug logs Disable K1000Client debug logs Enable Make Removable Drives Read-Only Make Removable Drives Read-Write Message Window Script Example
Description Enables the appliance Remote Control functionality on Windows XP Professional by configuring Terminal Services properly. Disables the debug switch used with the appliance client debug logs. Enables client debug and sends the debug log back to the appliance. This script turns on debug only for the inventory and deployment part of the node. It does not enable debugging of the scheduling service. Allows removable drives to be mounted only as read-only (a method of controlling unauthorized access to data). Removable drives can be mounted read-write. Illustrates use of the Message Window. Your script must have properly paired create/destroy message window commands to work properly. The Message Windows remain displayed until one of the following occurs: User dismisses the message. Script finishes executing. Timeout is reached.
Places a Mac OS system in sleep mode. Deletes the registry keys that identify a node so that a new key can be generated. Will only execute one time per node due to the ResetKUIDRunOnce registry flag. Powers-off a Mac OS system. An example Online KScript that uses the Alert User Before Run feature to allow the console user to snooze the shutdown. Specifies a delay (in seconds) while the message in quotes is displayed to the user. Omit the -t parameter to silently and immediately shut down nodes. An example Online KScript that uses the Alert User Before Run feature to allow the console user to snooze the shutdown. Disables usage of USB Drives. Enables usage of USB Drives.
Shutdown a Mac Shutdown a Mac with snooze Shutdown a Windows system Shutdown a Windows system with Snooze USB Drives Disable USB Drives Enable
By importing an existing script (in XML format). By copying and modifying an existing script.
164
The process of creating scripts is an iterative one. After creating a script, deploy the script to a limited number of machines to verify that the script runs correctly before deploying it to all the machines on your network. (You can create a test label to do this.) Leave a script disabled until you have tested and edited the script and are ready to run it.
Any script dependencies for this script are downloaded to the node in this folder.
$(KBOX_INSTALL_DIR) agent installation directory: Windows: C:\Program Files\KACE\KBOX Mac OS: /Library/KBOXAgent/Home/bin/ Linux: /KACE/bin/
$(KBOX_SYS_DIR) agent machine's system directory: Windows: C:\Windows\System32 Mac OS and Linux: /
$(KACE_INSTALL) same as KBOX_INSTALL_DIR. $(KBOX_EXECUTE_EVENT) event causing KBOT to run, [BOOTUP|LOGON|null]. $(MAC_ADDRESS) agent machine's primary MAC address. $(KACE_SERVER) host name of the appliance server. $(KACE_SERVER_PORT) port to use when connecting to KACE_SERVER (80/ 443). $(KACE_SERVER_URLPREFIX) http/https. $(KACE_COMPANY_NAME) agent's copy of the setting from the server's configuration page. $(KACE_SPLASH_TEXT) agent's copy of the setting from the server's configuration page. $(KACE_LISTEN_PORT) agent's port that the server can use for Run Now. $(KACE_SERVER_URL) a combination of server, port, and URL prefix (http:// k1000_hostname:80).
165
$(KBOX_IP_ADDRESS) agent's local IP address (corresponds with network entry of MAC_ADDRESS). $(KBOX_MAC_ADDRESS) same as MAC_ADDRESS.
Adding Scripts
Offline and Online KScripts include one or more Tasks. Within each Task section, there are Verify and Remediation sections where you can further define the script behavior. If a section is left blank, it defaults to success. For example, if you leave the Verify section blank, it ends in On Success.
Enabled
Notes
166
Pick Specific OS Versions: Alerts: Online KScripts Only Agents 5.1 (and higher) Windows and Mac OS agents
Select to limit the script to specific operating system versions. (Otherwise, the script runs on all versions of the operating systems you pick.) Alert User Before Run Allows you to delay or cancel the script before it runs. (For example, choose to enable this for scripts that reboot or shut down computers.) If no user is logged in to the console, the script runs immediately. Dialog Options: OK - The script runs immediately. Cancel - The script is cancelled until its next scheduled run. Snooze - The user is prompted again after the Snooze Duration. If the time specified by Dialog Timeout elapses without the user pressing a button, the script runs at that time. When the user presses the snooze button, the dialog reappears after the Snooze Duration. Interaction With Run As: Only the console user can see the alert dialog (and therefore choose to snooze or cancel) regardless of the Run As setting. Enabling an alert prompts the console user even if the script is set to run as all users or another user. Dialog Timeout (Minutes): Snooze Duration (Minutes): Alert Message: Enter the number of minutes. Enter the number of minutes: Enter the message you want displayed to users. Run with administrative privileges on local machine. Use this setting for all scripts created with a wizard. Affect that users profile.
Run As All Logged in Users Affect all users profiles. Handle network-wide tasks. Usually admin, but you can run as any user.
167
Scheduling
In the Scheduling area, specify when and how often the script is run. Dont Run on a Schedule Runs in combination with an event rather than on a specific date or at a specific time. Use this option in combination with one or more of the Also choices below. For example, use this option in conjunction with Also Run at User Login to run whenever the user logs in. Runs on every hour and minutes as specified. Runs on the specified time on the specified day.
Run Every nth minutes/ hours Run Every day/specific day at HH:MM AM/PM
Run on the nth of Every Runs on a particular day of every month or Month or on a Specific particular month at a specified time. Month at HH:MM AM/PM. Custom Schedule Allows you to set an arbitrary schedule using standard cron format. For example, 1,2,3,5,2025,30-35,59 23 31 12 * * means: On the last day of year, at 23:01, 23:02, 23:03, 23:05, 23:20, 23:21, 23:22, 23:23, 23:24, 23:25, 23:30, 23:31, 23:32, 23:33, 23:34, 23:35, 23:59. The appliance does not support the extended cron format. Runs the Offline KScript once when new scripts are downloaded from the appliance. To set the time interval for downloading scripts, click Scripting Update Interval in the help area on this page. Runs the Offline KScript at machine boot time. Beware that this causes the machine to boot up slower than it might normally. Runs the Offline KScript after the user has entered their Windows login credentials. Allows the Offline KScript to run even if the target machine cannot contact the appliance to report results. In such a case, results are stored on the machine and uploaded to the appliance until the next contact. Allows the Offline KScript to run even if a user is not logged in. To run the script only when the user is logged into the machine, clear this option.
Also Run Once at next Client Checkin (Only for Offline KScript)
Also Run at Machine Boot Up (Only for Offline KScript) Also Run at User Login (Only for Offline KScript) Allow Run While Disconnected (Only for Offline KScript)
5.
Click Run Now to immediately push the script to all machines. Use this option with caution. For more information about Run Now, refer to Using the Run Now function, on page 174.
168
6.
To browse for and upload files required by the script, click Add new dependency, click Browse, and then click Open to add the new dependency file. If a Replication Share is specified and enabled at Distribution > Replication, the dependencies are downloaded from the specified replication share.
If the replication share is inaccessible, the dependencies are downloaded from the appliance server. To enable this setting, select the Failover To K1000 check box on the Replication Share : Edit Detail page. Repeat this step to add additional new dependencies as necessary. 7. Click Add Task Section to add a new task. The process flow of a task is a script similar to the following: IF Verify THEN Success ELSE IF Remediation THEN Remediation Success ELSE Remediation Failure 8. Attempts Under Policy or Job Rules, set the following options for Task 1: Enter the number of times the script attempts to run. If the script fails but remediation is successful, you may want to run the task again to confirm the remediation step. To do this, set the number of Attempts to 2 or more. If the Verify section fails, it is run the number of times mentioned in this field. Select Break to stop running upon failure. Select Continue to perform remediation steps upon failure. 9. In the Verify section, click Add to add a step, and then select one or more steps to perform. Refer to Appendix B: Adding Steps to Task Sections, starting on page 265. 10. In the On Success and Remediation sections, select one or more steps to perform. Refer to Appendix A: Administering Mac OS Nodes, starting on page 259. 11. In the On Remediation Success and On Remediation Failure sections, select one or more steps to perform. Refer to Appendix A: Administering Mac OS Nodes, starting on page 259. To remove a dependency, task, or step, click the trash can icon item. This icon appears when your mouse hovers over an item. beside the
On Failure
169
Click next to Policy or Job Rules to view the token replacement variables that can be used anywhere in the K1000 Management Appliance script. The variables are replaced at runtime with appropriate values on the node. For more information, refer to Token Replacement Variables, on page 165.
Status
Enabled
Notes 4.
Specify the deployment options: Click to deploy the script to all the machines. Select a label to limit deployment to machines in that label. Press CTRL and click labels to select more than one label.
Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines: Pick Specific OS Versions:
You can limit deployment to one or more machines. From the dropdown list, select machines to add to the list. You can filter the list by entering filter options. Select to limit the script to specific operating stem versions. Otherwise, the script runs on all versions of the operating systems you pick.
170
Scheduling
In the Scheduling area, specify when and how often the script runs. Dont Run on a Schedule The test runs in combination with an event rather than on a specific date or at a specific time. Use this option in combination with one or more of the Also choices below. For example, use this option in conjunction with Also Run at User Login to run whenever the user logs in. Run Every nth minutes/ hours Run Every day/specific day at HH:MM AM/PM Custom Schedule The test runs on the interval of hour and minutes specified. The test runs on the specified time on the specified day. This option allows you to set an arbitrary schedule using standard cron format. For example, 1,2,3,5,20-25,30-35,59 23 31 12 * * means: On the last day of year, at 23:01, 23:02, 23:03, 23:05, 23:20, 23:21, 23:22, 23:23, 23:24, 23:25, 23:30, 23:31, 23:32, 23:33, 23:34, 23:35, 23:59. The appliance doesnt support the extended cron format.
5.
Click Run Now to immediately push the script to all machines. Use this option with caution. For more information about the Run Now button, refer to Using the Run Now function, on page 174. To browse for and upload files required by the script, click Add new dependency, click Browse, and then click Open to add the new dependency file. If a Replication Share is specified and enabled at Distribution > Replication, the dependencies are still downloaded from the appliance server, because Replication is not supported by online shell scripts. Repeat this step to add additional new dependencies as necessary.
6.
7. Script Text
Specify the following: Enter the relevant script text. Enter the value in minutes, the maximum time, for which the server tries for execution of the script. Select to upload dependency file, if any, to the node. Specify the directory path and file name.
Delete Downloaded Select to delete the downloaded files from the node. Files To remove a dependency, click the trash can icon beside the item. This icon appears when your mouse hovers over an item.
171
Click next to Policy or Job Rules to view the token replacement variables that can be used anywhere in the K1000 Management Appliance script and are replaced at runtime on the node with appropriate values. For more information, refer to Token Replacement Variables, on page 165.
Editing Scripts
On the Script: Edit Detail page, you can edit the three types of scripts: Offline KScripts, Online KScripts, and Online Shell Scripts. You can also edit Offline KScripts and Online KScripts by using the wizard or with the XML editor. To use the XML editor, click the View raw XML editor link below the Scheduling option.
To edit a script
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Scripts. Click the name of the script you want to edit. The Script: Edit Detail page appears. 3. 4. Modify the script as desired. Click Save.
172
Importing Scripts
If you prefer to create your script in an external XML editor, you can upload your finished script to the K1000 Management Appliance. Be sure that the imported script conforms to the following structure:
The root element <kbots></kbots> includes the URL of the KACE DTD kbots xmlns=http://kace.com/Kbots.xsd>...<kbots> One or more <kbot> elements. Exactly one <config> element within each <kbot> element. Exactly one <execute> element within each <config> element. One or more <compliance> elements within each <kbot> element.
The following is an example of the XML structure for an appliance script: <?xml version=1.0 encoding=utf-8 ?> <kbots xmlns=http://kace.com/Kbots.xsd> <kbot> <config name=name= type=policy id=0 version=version= description=description=> <execute disconnected=false logged_off=false> </execute> </config> <compliance> </compliance> </kbot> </kbots> In the above example of a simple XML script, the </config> element corresponds to the Configuration section on the Script: Edit Detail page. This is where you specify the name of the policy or job (optional), and the script type (policy or job). Within this element you can also indicate whether the script can run when the target machine is disconnected or logged off from the appliance. You can specify whether the script is enabled and describe the specific tasks the script is to perform within the <compliance> element. If you are creating a script that will perform some of the same tasks as an existing script, copy the existing script, and open it in an XML editor. The scripts <compliance> element gives you an idea of how the script works, and how you can change it. For more information, refer to To Duplicate an existing Script, on page 174.
173
1. 2.
Click Scripting > Scripts. In the Choose Action menu, click Import from XML. The Script: Edit Detail page appears.
3.
Paste the existing script into the space provided, and click Save.
Suspect machines on your network are infected with a virus or other vulnerability, and they can compromise the entire network if not resolved right away. Want to test and debug scripts on a specific machine or set of machines during development.
Run Now tabRunning Scripts from the Scripting > Run Now tab allows you to run one script at a time on the target machines. Script : Edit Detail PageRunning Scripts from the Script : Edit Detail page allows you to run one script at a time on the target machines. Scripts List PageRunning scripts from the Scripts List Page using the Run Now option from the Choose Action menu allows you to run more than one script at the same time on the target machines.
174
CAUTION: A script is deployed immediately when you click Run Now: Use this feature cautiously! Do not deploy unless you are certain that you want to run the script on the target machines. 1. Click Scripting > Run Now. The Run Now page appears. 2. Select the script you want to run in the Scripts list. You can use the Filter options to filter the Scripts list. 3. Select the machines on which script needs to run from the Inventory Machines list. Selected machine names appear in the Machine Names field. You can use the Filter options to filter the machine names list. You can add all the machines by clicking Add All.
At least one machine name is required. 4. Click Run Now to run the selected script.
175
To use the Run Now function from the Scripts Lists Page
To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. To minimize the risk of deploying to unintended target machines, create a label that represents the machines you want to run the Run Now function on. Refer to Using the Run Now function, on page 174, for more information. 1. 2. 3. Click Scripting > Scripts. Select the scripts you want to run. From the Choose Action menu, click Run Now.
The Pushed column indicates the number of machines on which the script is attempting to run. The Completed column indicates the number of machines that have finished running the script.
The numbers in these columns increment accordingly as the script runs on all of the selected machines. The icons above the right-hand column provide further details of the script status. Icon The script completed successfully. The script is still being run, therefore its success or failure is unknown. An error occurred while running the script. If errors occurred in pushing the scripts to the selected machines, you can search the scripting logs to determine the cause. For more information about searching logs, refer to Searching the Scripting Log Files, on page 177. The Run Now function communicates over port 52230. One reason a script might fail to deploy is if firewall settings are blocking the appliance Agent from listening on that port. Description
176
The Run Now Detail page displays the results of a script that was run manually using the Run Now function, instead of running it on a schedule. The Run Now Statistics section displays the results of a script that was pushed, the push failures, push successes, completed machines, running machines, successes and failures in numbers and percentage. The Push Failures section lists those machines that the server could not contact and therefore did not receive the policy. Once pushed, it may take some time for the machine to complete a policy. Machines that have received the policy but have not reported their results, are listed in the Scripts Running section. After the policy is run, it reports either success or failure. The results are sorted under the appropriate section. Each individual computer page also has the results of the Run Now events run on that machine. The Run Failures section lists those machines that failed to complete the script. The Run Successes section lists those machines that completed the script successfully.
3. 4.
177
You can choose from the following options: 5. 6. 7. Output Activity Status Debug
In the Historical field, select whether to search in only the most recent logs or in all logs from the drop-down list. In the Labels field, select a label from the drop-down list to search logs uploaded by machines in a particular label group. Click Search. The search results display the logs and the machines that have uploaded the logs.
You can apply a label to the machines that are displayed by selecting a label from the dropdown list, under search results.
Enforce Registry Settings, on page 179. Remote Desktop Control Troubleshooter, on page 179. Enforce Desktop Settings, on page 180. Desktop Shortcuts Wizard, on page 181. Event Log Reporter, on page 181. MSI Installer Wizard, on page 182. UltraVNC Wizard, on page 184. Un-Installer Wizard, on page 186. Windows Automatic Update Settings policy, on page 186. Power Management Wizard, on page 188.
For details, see Using the Windows-based Policies, on page 179. The Mac OS-based wizards include:
178
Enforce Power Management Settings, on page 190. Enforce VNC Settings, on page 192.
For details, see Using the Mac OS Configuration-based Policies, on page 189.
A new script is created, which checks that the values in the registry file matching the values found on the target machines. Any missing or incorrect values are replaced. Refer to Adding Scripts, on page 166, for more information.
Terminal Services: To access a Windows XP Professional machine using Remote Desktop, Terminal Services must be running. This script verifies that this is the case. Firewall Configuration: If the Windows XP SP2 Firewall is running on the machine, several different configurations can affect results in Remote Desktop requests being blocked by the firewall.
179
6.
Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166 for more information.
180
WorkingDi Enter the changes to the current working directory. For example: r C:\Windows\Temp. Location Select the location where the shortcut appears from the drop-down list. Options include: Desktop, Quick Launch, and Start Menu.
6. 7. 8.
Click Save Changes to save the new shortcut. Click Add Shortcut to add more shortcuts. To edit or delete a shortcut, hover over a shortcut and click the Trash can icon that appears. Click Save. The Script: Edit Detail page appears.
9.
Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166, for more information.
181
4.
5.
Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166 for more information.
6. 7.
You can view the event log in the Computers : Detail page of the particular machine, by selecting Inventory > Computers. In Scripting Logs, under Currently Deployed Jobs & Policies, click the View logs link next to Event Log.
182
Enter the following information: Select a task from the drop-down list. Options include Install, Uninstall, Repair missing files, and Reinstall all files. Select the application you want to install, uninstall, or modify from the drop-down list. You can filter the list by entering any filter options. Specify the MSI filename if it is a zip. Select an option to specify how the installation should appear to end users. Options include: Default, Silent, Basic UI, Reduced UI, and Full UI. Enter the installation directory.
Additional Switches Enter details of any additional installer switches. Additional Switches are inserted between the msiexe.exe and the /i foo.msi arguments. Additional Properties Enter details of any additional properties. Additional properties are inserted at the end of the command line. For example: msiexec.exe /s1 /switch2 /i patch123.msi TARGETDIR=C:\patcher PROP=A PROP2=B Enter the features to install. Separate features with commas. Select this box to do per-machine installations only. Select the behavior after installation. Options include: Delete installer file and unzipped files. Delete installer file, and leave unzipped files. Leave installer file, and delete unzipped files. Leave installer file and unzipped files. Restart Options Select the restart behavior. Options include: No restart after installation. Prompts user for restart. Always restart after installation. Default.
183
Logging
Select the types of installer messages to log. Press CTRL and click to select multiple message types. Options include: None All Messages Status Messages Non-fatal warnings All error messages Start up actions Action-specific records User requests Initial UI parameters Out-of-memory or fatal exit information Out-of-disk-space messages Terminal properties Append to existing file Flush each line to the log
Enter the name of the log file. Click Save. The Script: Edit Detail page appears. Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166 for more information.
UltraVNC Wizard
The UltraVNC Wizard creates a script to distribute UltraVNC to Windows computers on your network. UltraVNC is a free software application that allows you to remotely log into another computer (through the Internet or network). Refer to the UltraVNC Web site (www.uvnc.com) for documentation and downloads. To distribute UltraVNC to the computers on your network To perform these steps, be sure to select your organization in the Organization dropdown list in the top-right hand corner of the page. 1. 2. Click Scripting > Configuration Policy. Select UltraVNC Wizard. The Configuration Policy : Ultra VNC Wizard page appears.
184
3. Install Options
Specify UltraVNC installation and authentication options: Install Mirror Driver Select this check box to install the optional UltraVNC Mirror Video Driver. The Mirror Video Driver is a driver that allows faster and more accurate updates. The video driver also makes a direct link between the video driver framebuffer memory and UltraWinVNC server. Using the framebuffer directly eliminates the use of the CPU for intensive screen blitting, resulting in a big speed boost and very low CPU load. Select this check box to install the optional UltraVNC Mirror Video Driver. Provide a VNC password for authentication. To use MS Logon authentication and to export the ACL from your VNC installation, use: MSLogonACL.exe /e acl.txt Copy and paste the contents of the text file into the ACL field. Review the script that is generated by this wizard to make sure its output is expected. You can view the raw script by clicking View raw XML Editor on the Script Detail page. Select this check box to enable key-based encryption.
Specify UltraVNC miscellaneous options: Select this check box if you do not want to display the UltraVNC tray icon on the target computers. Select this check box if you do not want to display node options in the tray icon menu on the target computers. This option is available if you did not select Disable Tray Icon option. Select this check box to disable the UltraVNC properties panel on the target computers. Select this check box if you do not want to allow computer users to shut down WinVNC.
Disable Tray Icon Disable client options in tray icon menu Disable properties panel Forbid the user to close down WinVNC 5. Click Save.
The Script: Edit Detail page appears. 6. Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166, for more information.
185
Un-Installer Wizard
This wizard allows you to quickly build a script to uninstall a software package. The resulting script can perform three actions: Execute an uninstall command, Kill a process, and Delete a directory.
Delete Directory.
4.
5.
Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166 for more information.
186
tab. More detailed information can be found at Microsoft's support site: KB Article 328010.
Automatic (recommended)
Download updates for me, Select this option ensure that you receive the latest downloads, but but let me choose when to control their installation. install them. Notify me but dont automatically download or install them. Turn off Automatic Updates Remove Admin Policy. User allowed to configure. Select this option to provide the additional flexibility in the installation of updates. Important: This may make your network more vulnerable to attack if you neglect to retrieve and install the updates on a regular basis. Select this option if you are using the appliance patching feature to manage Microsoft patch updates. Select this option to provide users with the control over the updates downloaded. Important: This may make end-users, as a result your network, more vulnerable to attack. Select the interval (in minutes) from the Reschedule Wait Time drop-down list to wait before rescheduling an update if the update fails. Select to specify no reboot while a user is logged in.
Enter the details for the SUS Server and SUS Server Statistics. (SUS stands for Windows Server Update Service.) Click Save. The Script: Edit Detail page appears.
6.
Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on page 166, for more information.
187
Enable automatic Windows updates settings policy of the Appliance on the node. Enable the local policy for automatic deployment of Windows update on the node. Modify the registry key for automatic deployment of Windows update on the node. Set up the group policy on the domain for automatic deployment of Windows updates on the node. Configure the patching functionality for automatic deployment of the Windows update on the node. If you are using the patching functionality for automatic deployment of Windows updates on the node, you must disable the automatic deployment of Windows updates on the node by any other process to avoid the conflict between the different deployment processes.
To enable power management on a Windows XP System, you need EZ GPO. The Power Management Wizard automatically downloads EZ GPO when run on a Windows XP system. EZ GPO is a free tool that works in conjunction with Group Policy Objects on Windows XP. For more information on EZ GPO, see: http://www.energystar.gov On Windows 7 and Vista machines, power management is configured using the built-in powercfg command. (EZ GPO does not work on these platforms.)
Create a Smart Label in Inventory for the chassis type. Create reports grouping machines by the chassis type. Make a Smart Label in Inventory for Uptime since last reboot that contains the number of days that concern you.
To get an overview of your power consumption, run reports about power management for about a month. Go to Reporting > Reports to see the available reports in the Power Management category. You can also configure how long node uptime information is retained. See To configure general settings for the server, on page 35. This is one of the last configuration options.
188
5. 6. 7.
Select the value for Status. (Optional) Enter any Notes. Limit the script to the appropriate version of Windows by doing one or both of the following: In the Deployment section, use labels to limit the deployment of the script to computers that run the corresponding version of Windows. In the Supported Operating Systems section, select the Pick Specific OS version check box and select the supported version of Windows.
For example, if you select Deploy to All Machines, you can use the Pick Specific OS Version option to limit it to a specific version of Windows. Windows XP: Keep the default Run as Local System with any script created in a wizard. Run As options are offered with Online KScripts like the Windows XP version of the Power Management script. 8. 9. (Optional) Alert users before run. (Optional) Change Scheduling options according to your preferences.
Enforce Power Management Settings, on page 190. Enforce VNC Settings, on page 192. Enforce Active Directory Settings, on page 192.
189
You can tailor each of the profiles to these power sources: All Battery Charger (Wall Power) UPS
Power usage settings are a trade-off between CPU usage and power usage. Most of the settings are on/off check boxes to apply or remove options. You can add time periods, in numbers, to the Sleep settings. The policy options are shown below:
190
191
Choosing to add or remove a system. Entering your administrator credentials. The resulting script assumes that you have root access and shows your password unencrypted (clear text), so make sure that anyone using this script is trusted.
Specifying the LDAP domain name and user authentication information. Deciding on the other options you have for this system as shown below.
You can also use this policy to ensure that your Mac OS nodes check into your Active Directory database.
192
193
194
10
Maintaining Your K1000 Management Appliance
This chapter describes the most commonly used features and functions for maintaining and administering K1000 Management Appliance.
K1000 Management Appliance maintenance overview, on page 195 Backing up K1000 Management Appliance data, on page 196. Restoring K1000 Management Appliance settings, on page 198. Updating K1000 Management Appliance software, on page 199. Updating OVAL definitions, on page 202. Troubleshooting K1000 Management Appliance, on page 203. Windows debugging, on page 204.
Access the most recent appliance server backups Upgrade your appliance server to a newer version Retrieve updated OVAL definitions Restore to backed-up versions and also create a new backup of the appliance at any time
The Server Maintenance tab also enables you to reboot and shut down the appliance, as well as update appliance license key information. From the Server Maintenance tab you can:
Upgrade the appliance Update OVAL vulnerability definitions Create a backup appliance Enter or update the appliance License Key Restore to most recent backup Restore to factory default settings
195
10
Restore from uploaded backup files Reboot your appliance Reboot with extended database check Shut down your appliance
k1000 _dbdata.gz containing the database backup k1000_file.tgz containing any files and packages you have uploaded to the appliance.
10
2. 3.
Click Edit Mode. In the K1000 Controls section, click Run Backup. After creating the backup, the Settings > Logs tab appears.
Click Save in the dialog box that appears. In Internet Explorer, use Browse to specify a location for the files and click Save. In Firefox, you must have previously set the download location.
ftp k1000 3. Enter the login credentials: Username: kbftp. Password: getbxf. 4. Enter the following commands:
197
10
>close >quit
198
10
Verifying that you are using the minimum required version of the K1000 Management Appliance Updating the license key in the Dell KACE K1000 Management Appliance to obtain the current product functionality.
199
10
200
10
201
10
3.
Before you can perform hardware maintenance, you need to shut down the appliance before unplugging it. You can shut down the appliance either by:
Pressing the power button once, quickly. Clicking the Shutdown K1000 button on the Settings > Server Maintenance tab. You can use the Reboot and Shutdown buttons after you click the Edit Mode link at the bottom of the page.
202
10
3.
System Displays system performance log information. Performanc e Konductor Log Opcode Cache Client Client Errors Displays Konductor log information. Displays opcode cache log information. Displays Agent exception logs.
AMP Server Displays AMP server errors. AMP Queue Displays AMP Queue errors.
203
10
In addition to the standard logging, you can enable other debug logs on a node:
K1000 Agent Enable debug logging on the node to troubleshoot machine inventory, managed installs, and file synchronizations. K1000 AMP Service Enable debug logging on the Windows node to troubleshoot the on-demand running of Desktop Alerts, Run-Now scripts, and Patching. You can enable debug logging by configuring AMP Settings. For information on how to configure the AMP Settings page, refer to Configuring Agent Messaging Protocol Settings, on page 47.
Windows debugging
To log on to the AMP service
1. Open the SMMP configuration file: %PROGRAMFILES%\KACE\K1000\SMMP.conf 2. Add the following line: debug=true For more information on debug logging on Linux and Mac OS platforms, refer to Appendix E: Manually Deploying Agents, starting on page 301.
204
10
205
10
K1000 Management Appliance server and agent exceptions are reported nightly to kace.com if you enabled crash reporting on the Settings > General tab.
206
10
In the cases where the logs display errors, this section will be helpful to solve any problems. This section does not describe every possible error message, but other possible errors can be resolved by following the same steps: Step Step 1: Rebuild Description The disk status log error Degraded indicates that you need to rebuild the array. To do this: Click Rebuild Disk Array. Rebuilding can take up to 2 hours. If an error state still exists after this, proceed to step 2.
207
10
Description In some cases, the degraded array may be caused by a hard drive that is no longer seated firmly in the drive-bay. In these cases, the disk status will usually show disk missing for that drive in the log. Power down the Dell KACE K1000 Management Appliance. Once the appliance is powered off, eject each of the hard-drives and then re-insert them, making sure that the drive is firmly in the bay. Power the machine back on and then look again at the disk status log to see if that has resolved the issue. If an error state still exists, try rebuilding again or proceed to Step 3.
If you have performed the previous steps and are still experiencing errors, contact Dell KACE Technical Support by email at ([email protected]) or phone (888)522-3638 option 2.
208
11
LDAP
The Dell KACE K1000 Management Appliance LDAP feature allows you to browse and search the data located on an LDAP Server.
About LDAP Labels, on page 209. Creating an LDAP Label Manually, on page 210 Creating an LDAP Label with the Browser, on page 211. Using LDAP Easy Search, on page 213. Using the LDAP Browser Wizard, on page 214. Automatically Authenticating LDAP Users, on page 215.
Computer Name Computer Description Computer MAC IP Address User name User Domain Domain User
209
11
LDAP
Associated Label Notes Any notes from the label definition are automatically added to this field. Specify the IP or Host Name of the LDAP Server. Note: For connecting through SSL, use the IP or Host Name. For example: ldaps://HOSTNAME. If you have a non-standard SSL certificate installed on your LDAP server, contact KACE Support for assistance before proceeding. A non-standard certificate can be an internally-signed or a chain certificate that is not from a major certificate provider such as Verisign. Enter the LDAP port number, which is either 389 or 636 (LDAPS). Enter the Search Base DN (Distinguished Names). For example: CN=Users,DC=kace,DC=com. Enter a search filter. For example: (&(sAMAccountName=admin)(memberOf=CN=financial,DC=ka ce,DC=com)) Enter the LDAP login. For example: LDAP Login: CN=Administrator, CN=Users,DC=kace=com Enter the password for the LDAP login.
If you are unable to fill in the information for Search Base DN and Search Filter fields, you can use the LDAP Browser Wizard. For more information on the LDAP Browser Wizard, refer to Service Desk Administrator Guide. Negative searches are NOT supported correctly in LDAP search using Microsofts recommended method. You will receive a bad search filter error, even if you use the filter builder. Error example: (!samaccountname=David) Workaround example: (!(samaccountname=David))
210
LDAP
11
4. 5.
Click the Test LDAP Label button to test your new label. Change the label parameters and test again as necessary. If the LDAP label is ready to use, select the Enabled check box. Otherwise, you can save without enabling.
6.
Click Save.
Each time a machine checks into the K1000 Management Appliance, this query runs against the LDAP server. The admin value in the Search Filter field is replaced with the name of the user that is logged onto this machine. If a result is returned, the machine gets the label specified in the Associated Label field. To test your LDAP label, click the Test button and review the results.
You can also create an LDAP Label using the LDAP Browser.
Click Test. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names) available on that directory is displayed. You can use these base DNs as a starting point to browse and search the directory.
211
11
LDAP
If the connection was not established, the Operation Failed message appears, which can be due to one of the following reasons: 4. The IP or Host Name provided is incorrect. The LDAP server is not up. The login credentials provided are incorrect.
Click a Base DN, or click Next. A new window displays the Search Base DN and the Search Filter fields. The Search Base DN is populated on the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN and the Search Filter values.
5.
You can also use the Filter Builder to create complex filters. Click Filter Builder. The Query Builder is displayed. Specify the following information. Enter the attribute name. For example: samaccountname. Select the relational operator from the drop-down list. For example, =. Enter the attribute value. For example, admin.
To add more than one attribute: Select the conjunction operator from the drop-down list. For example, AND. Note: This field is available for the previous attribute only when you add a new attribute.
Conjunction Operator
Click to add multiple attributes. Click One level to search at the same level or click Sub-tree level to search at the sub-tree level. Click OK. The query appears in the Search Filter text area. For example, (samaccountname=admin). 8. Click Browse to display all the immediate child nodes for the given base DN and search filter. Click Search to display all the direct and indirect child nodes for the given base DN and search filter. The search results are displayed in the left panel. 9. Click a child node to view its attributes. The attributes are displayed in the right panel.
7.
212
LDAP
11
Click Test. On a successful connection to the LDAP server, a list of possible base DNs available on that directory is displayed. You can use these base DNs as a starting point to browse and search the directory. If the connection was not established, the Operation Failed message appears. Check the following causes: The IP or Host Name provided is incorrect. The LDAP server is not up. The login credentials provided are incorrect.
5.
Click a Base DN, or click Next. A new window displays the Search Base DN and the Search Filter fields. The Search Base DN field is populated on the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN and Search Filter values.
6.
Click the Go to LDAP Easy Search link. The LDAP EasySearch page appears.
7.
Enter any key word for search, and click GO. For more a specific search, you can click the Indexed field option or Non-Indexed field option. You can also specify Other attributes, separated by comma.
213
11
LDAP
Click Test. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names) available on that directory is displayed. You can use these base DNs as a starting point to browse and search the directory. If the connection was not established, the Operation Failed message appears. Check the following causes: The IP or Host Name provided is incorrect. The LDAP Server is not up. The login credentials provided are incorrect.
5.
Click Next or one of the base DNs to advance to the next step. A new window displays the Search Base DN and Search Filter fields. The Search Base DN is populated on the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN and Search Filter field values.
6.
214
LDAP
11
The Query Builder is displayed. 7. Specify the following information: Enter the attribute name. For example: samaccountname. Select the Relational Operator from the drop-down list. For example: =. Enter the attribute value. For example: admin.
To add more than one attribute: Select the Conjunction Operator from the drop-down list. For example, AND. Note: This field is available for the previous attribute only when you add a new attribute. Click to add multiple attributes. Click One level to search at the same level or click Sub-tree level to search at the sub tree level. Click OK. The query appears in the Search Filter text area. For example, (samaccountname=admin).
Conjunction Operator
9.
10. Click Browse to display all the immediate child nodes for the given base DN and search filter or click Search to display all the direct and indirect child nodes for the given base DN and Search Filter. The search results are displayed in the left panel. 11. Click a child node to view its attributes. The attributes are displayed in the right panel. 12. Click Next to confirm the LDAP configuration. 13. Click Next to use the displayed settings.
215
11
LDAP
1.
Click Settings > Control Panel. The Settings: Control Panel page appears.
2.
3. 4.
Click Edit Mode. Specify the authentication method you want to use:
K1000 (local) Select this option to enable local authentication. (This is the default.) Authentication) If local authentication is enabled, the password is authenticated against the existing entries in the local database at Service Desk > Users. External LDAP Server Authentication Select this option to enable external user authentication. You can use external authentication against an LDAP server or Active Directory server. If External LDAP Server Authentication is enabled, the password is authenticated against the External LDAP Server. Contact KACE customer support if you need assistance with this process.
If the External LDAP Server Authentication is enabled, provide credentials for administrative login. The LDAP user configured should at least have READ access to the search base area. If you do not specify an LDAP user name, an anonymous bind is attempted. 5. 6. Click Edit Mode to edit External LDAP Server Authentication fields. Click the appropriate icons next to the server name to perform described actions: Icon Description Schedules a user import for this server. Modifies the server definition. Removes the server. Changes the order of the server in the list of servers. 7. Click Add New Server to add a new LDAP Server. You can have more than one LDAP Server/Directory configured. All servers must have a valid IP address or Hostname. Otherwise, the appliance will timeout, resulting in login delays when using LDAP authentication.
216
LDAP
11
8.
Complete the LDAP server definition by specifying the following information: Enter a name for the server. Enter the IP or Host Name of the LDAP server. Note: For connecting through SSL, use the IP or the Host Name. For example: ldaps://HOSTNAME. If you have a non-standard SSL certificate installed on your LDAP server, contact KACE Support for assistance before proceeding. A non-standard certificate can be an internallysigned or a chain certificate that is not from a major certificate provider such as Verisign. Enter the LDAP Port number, either 389 or 636 (LDAPS). Enter the Search Base DN. For example: CN=Users,DC=hq,DC=corp,DC=kace,DC=com.
Search Filter
LDAP Login
Enter the password for the LDAP login. Required. Enter the users role: Admin Role: This user can log on to and access all features of the administrator UI and Service Desk. The Admin Role is the default role. Read-Only Admin Role: This user can log on but cannot modify any settings in the administrator UI or Service Desk. User Role: This user can log on only to the Service Desk. Login Not Allowed: This user cannot log on to the Service Desk. Note: The roles listed above are system provided roles and are not editable. To create a new role, refer to the Service Desk Administrator Guide.
9.
10. To test the LDAP settings, enter a password in the Test User password, and then click Test LDAP Settings. If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP Browser Wizard. For more information on how to use the LDAP Browser Wizard, refer to Using the LDAP Browser Wizard, on page 214.
217
11
LDAP
The User Import : Schedule Choose attributes to import: Step 1 of 3 page appears. The LDAP Server Details are displayed, which are read-only: LDAP Server LDAP Port Search Base DN Search Filter LDAP Login LDAP Password 3. The IP or Host Name of the LDAP Server. The LDAP Port number, which is either 389 (LDAP) or 636 (LDAPS). The Search Base DN. For example: OU=users,DC=domain,DC=com The Search Filter. The LDAP login. The LDAP login password.
Specify the attributes to import. Specify the attributes to retrieve. For example: samaccountname, objectguid, mail, memberof, displayname, sn, cn, userPrincipalName, name, description If you leave this field blank, it retrieves all attributes. This may make the import process slow, and is not recommended. Enter a label attribute. For example: memberof. Label Attribute is the attribute on a customer item that returns a list of groups this user is a member of. The union of all the label attributes will form the list of labels you can import. Enter the label prefix. For example: ldap_ The Label Prefix is a string that is added to the front of all the labels. Enter the Binary Attributes. For example: objectsid. Binary Attributes indicates which attributes should be treated as binary for purposes of storage. Enter the maximum rows. This limits the result set that is returned in the next step. Click the check box to view the debug output in the next step. If you are unable to complete the information for Search Base DN and Search Filter, you can use the LDAP Browser Wizard. For more information on how to use the LDAP Browser Wizard, refer to Using the LDAP Browser Wizard, on page 214.
Attributes to retrieve
Label Attribute
4.
In Email Notification section, click to enter the recipients e-mail address, or choose Select user to add from the drop-down list.
218
LDAP
11
5.
In Scheduling section, specify the scan schedule: Select this to not have the user import run on a schedule. (Default)
Run Every day/ Run daily or a specific day of the week at the specified time. specific day at HH:MM AM/PM Run on the nth of every month/ specific month at HH:MM AM/ PM 6. Click Next. The User Import : Schedule - Define mapping between User attributes and LDAP attributes: Step 2 of 3 page opens. 7. Select the value from the drop-down list next to each LDAP attribute to map the values from your LDAP server into the User record on the appliance. The fields in red are mandatory. The LDAP Uid must be a unique identifier for the user record. 8. Select a label to add to the appliance. Press CTRL and click to select more than one label. This list displays a list of all the Label Attribute values that were discovered in the search results. 9. Click Next. Run on a specific date or day of the month at the specified time.
10. Review the information displayed in the tables below: The Users to be Imported table displays list of users reported. The Labels to be Imported table displays the list of labels reported. The Existing Users table and the Existing Labels table display the list of Users and Labels that are currently on the appliance. Only users with a LDAP UID, User Name, and E-mail value will be imported. Any records that do not have these values are listed in the Users with invalid data table.
11. Click Next to start the import. The User Import : Schedule - Import data into the K1000: Step 3 of 3 page opens. 12. Click Import Now to save the schedule information and load the user information into the appliance. After importing, the User list page appears, where you can edit the imported user records. 13. Click Save to save schedule information.
219
11
LDAP
The Settings: Authentication page opens. The imported user can log on to and access all features of the administrator UI and Service Desk depending on the role assigned.
220
12
Running the K1000 Appliance Reports
The Dell KACE K1000 Management Appliance provides a variety of reporting and alert features that enable you get a detailed view of the activity on your organizations implementation. The K1000 Management Appliance 5.3 includes a new reporting engine. If you are upgrading from an earlier version, the previous Reports and the reporting engine are still available. These Reports are listed under the Classic Reports tab. Appendix G: K1000 Classic Reports, starting on page 321, contains instructions for using this deprecated feature.
Reporting Overview, on page 221 Running Reports, on page 222 Creating and Editing Reports, on page 223 Scheduling Reports, on page 229 Using Alert Messages, on page 233 E-mail Alerts, on page 234
Reporting Overview
The K1000 Management Appliance is shipped with many stock reports. To view the list, select Reporting > Reports. The reporting engine generate reports in HTML, CSV, and TXT formats. By default, the appliance provides reports in the following general categories:
221
12
iPhone Inventory K1000 Network Patching Power Management Security Software Template Virtual Kontainers
You can duplicate and modify these reports as necessary. However, a strong knowledge of SQL is required to successfully change a report. Opening a CSV file containing multi byte characters with Microsoft Excel may yield garbage characters" in the resulting worksheet. See Dell KACE Support for instructions on how to import the CSV file into an Excel worksheet.
Running Reports
The K1000 Reports page displays a list of the available reports. The View by menu allows you to filter which reports are displayed by category. To use, create, delete or modify Reports, be sure to select your organization from the Organization drop-down list in the top-right hand corner of the page. To run any of the K1000 Management Appliance reports, click the desired format type: HTML, CSV, or TXT. For the HTML format, the report is displayed in a new window. For other formats, you can open the file or save it to your computer.
222
12
Duplicate an existing report and modify the copy to suit your needs. See To duplicate an existing report on page 229. Create a new report using the Report Wizard. See To create a new report using the Report Wizard on page 225. Create an SQL report. See To create a new SQL report on page 228.
Report Layout
To make the analysis of your data easier, the K1000 Management Appliance can lay out reports by:
Column and row order. Group rows under a subheading row. Order rows by ascending or descending alphanumeric sequence. Prioritize row sorting.
The following graphic shows an example of grouping rows. In this example, suppose you want to create a list of Windows machines that have Adobe Illustrator installed, and for license reasons, you want them separated by operating system. The report criteria looks for Illustrator and makes the operating system (OS_Name) the break column (displayed as a
223
12
subheading). The report returns a list of machines divided into Windows XP, Windows Vista, Windows 7, and shows the number of machines in each group.
224
12
The following graphics shows an example of sorting using two criteria. In this example, suppose that you want to create a list of the last time the agent was synced sorted by operating system and domain. The Sort on fields selection is:
The report returns a list of computers first sorted by operating system and then domain. The sort criteria first groups the computers by the type of operating system and then by the domain:
Report Title
225
12
Report Category
Category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page and displayed in the Report list on the K1ooo Reports page. Information that the report will provide. Adds number column for each row. The available topics are displayed in the menu. This sets which fields are available for the report, which you define in step 6.
4. 5.
Click the appropriate topic name from the Available Topics list. For example, software. Click Next. The Define a New Report: Fields to include page is displayed.
6.
Select the fields that you want to include in your report. Clicking a Section title toggles the fields in the section.
7.
Click Next. The Define a New Report: Fields order page is displayed.
8.
Using drag and drop, place the fields in the order you want the columns to appear on the Report.
9.
Click Next. The Define a New Report: Sort on fields page is displayed.
226
12
Order By: Specify how the results are sorted based on the fields defined in step 6. These fields organize the data by priority with the top field having the highest priority. Report data is organized by the selection in the first field, and then by the second field, and then by the third field. For an example, see Report Layout, on page 223.
Sequence: Orders the results in either ascending or descending alphanumeric order. Break Header: Groups results under a subheading using the name of the field selected in the Order by column.
11. Click Next. The Define a New Report: Filters page is displayed. 12. (Optional) Use filter criteria if you don't want to return the entire data set in your report: a. To add a filter, click or to add a nested group
b. Select the AND/OR operator from the and/or drop-down list. AND: Match all of the following fields. OR: Match any of the following fields. c. Select the appropriate field from the Field Name list. For example, Supported Operating Systems. d. Select the appropriate operator from the Operator drop-down list. For example, contains. e. In the Value field, enter the appropriate value. For example, Windows. This rule filters the data and displays only Windows machines. f. Save the filter.
g. To add another filter, repeat the preceding steps. 13. Click Save.
227
12
The K1000 Reports page is displayed with the new report listed. The View by field is automatically set to the category of the new report.
14. To run the new report, click the desired format. If you select CSV or TXT, you can open the file or save it to your computer.
Title Category
Description Output Types SQL Select Statements Break on Columns Show Line Number Column 4. Click Save.
The K1000 Management Appliance checks the syntax for your report and reports any errors. 5. To run the new report, click the desired format. If you select CSV or TXT, you can open the file or save it to your computer.
228
12
To edit an SQL report, use the same steps as described in To create a new SQL report, on page 228. To edit a report using the Report Wizard, use the same steps as described in To create a new report using the Report Wizard, on page 225.
1.
2.
Click the report title you want to duplicate. Depending on the type of report, either of the following pages are displayed. Wizard Report: Define a New Report page SQL Report: The K1000 Reports : Edit Report page Depending on the type of report, either the The K1000 Reports : Edit Report page is displayed, where you can modify the report for your needs, or the Reporting wizard is started where you can modify the duplicated report.
3.
4. 5.
Scheduling Reports
Reports schedules allow you to specify a specific time to run reports and send email notifications of the results to one or more recipients. The Reports Schedules page displays a list of scheduled reports
229
12
The Schedule Reports : Edit Detail page is displayed. 2. On the Schedule Reports : Edit Detail page, specify the details for the report schedule, as described in the following sections. To select a report if starting from the Schedule icon To select a report if starting from the Schedule Reports tab To define email notifications To schedule the time the report runs
2.
Report Output Formats: The available output formats (CSV, TXT, or HTML) for the scheduled report.
230
12
Schedule Title: The display name for the schedule. Make this as descriptive as possible, so you can distinguish this schedule from others. Description: The information that the schedule provides. Select the Reports or Classic Reports radio button based on the type of report you are scheduling. This determines which of reports are listed in the Select report to schedule drop-down list. Report to Schedule: From the Select report to schedule drop-down list, select the report that you want to schedule. Use the Filter to limit the number of reports displayed in the Select report to schedule menu.
The Filter filters by character. For example, entering dell displays report titles containing dell.
2.
Report Output Formats: The available output formats (CSV, TXT, or HTML) for the scheduled report.
231
12
The Recipients field and Select user to add drop-down list are displayed.
2.
Enter the email addresses in following ways: Enter a comma-separated list of email addresses in the Recipients field. Use the Filter to limit the number of email address displayed in the Select user to add menu. The Filter filters by character. For example, entering mgt would display email addresses [email protected], [email protected], and so on.
3.
In the Subject field, enter the subject of the schedule. The subject can help the reader to quickly identify what the report is about.
4. 5.
In the Message Text field, enter the message text in the notification. If desired, select Only send when results are present.
Dont Run on a Schedule Run Every n hours Run Every day/specific day at hour:minute Run on the nth of every month/specific month at hour:minute 2. Click Save.
232
12
The Report Schedules page is displayed listing the newly scheduled report.
Click a report to open it. Use keywords to search schedules. From the Choose Action menu, you can create new schedules or delete them.
233
12
If you have information that you want to distribute to your network, you can review and modify previous messages you have deployed, or you can create a new message. 1. 2. Click Reporting > Alerts. In the Choose Action menu, click Add New Item. The Alerts: Edit Detail page appears. 3. 4. In the Message Content field, type the text of your message. In the Keep Alive field, specify the length of time the message will be valid. Messages will be broadcast to users until either the user's desktop has received the message or the specified time interval has elapsed. To set the time interval for downloading scripts, go to: Settings >K1000 Agent >K1000 Agent Settings. 5. In the Limit Broadcast To area, select the recipient labels to send this message to. Press CTRL and click to select multiple labels. 6. 7. Select the Enable Scheduled Run check box to specify the alert schedule. Select the appropriate day and time from the drop-down lists. Click Save. The pending alert messages are displayed in the AMP Message Queue until they are pushed to the target machine. The alert messages remain in the queue until the target machine checks in. This is true even if the Keep Alive time interval elapses or if the connection between the appliance Agent and the appliance has been lost or interrupted.
E-mail Alerts
E-mail Alerts differ from Alerts (broadcast messages) in an e-mail alert you can send out messages to administrators based on more detailed criteria. The E-mail Alert feature relies on the Inventory > Computers engine to create a notification that will be sent to administrators when computers meet the criteria you specify. The K1000 Management Appliance checks the computers listed in the inventory against the criteria in the E-mail Alert once in every hour until one or more computers meet the criteria; then a message is sent to the administrators specified in the alert details.
234
12
2.
In the Choose Action menu, click Add New Computer Notification. The Inventory > Computers tab appears with the Create Email Notification fields exposed.
3. 4.
Enter the search criteria. In the Title field, enter a title for the alert. The Title will appear in the Subject field.
5.
In the Recipient field, enter the e-mail address(es) of the message recipient. The e-mail addresses must be fully qualified e-mail addresses. The recipients address can be a single e-mail address or a list of addresses separated by commas.
6.
235
12
236
13
Using Organizational Management
The Organizational Management component allows you to create different organizations within your appliance that you administer separately. You can assign roles within each organizations to limit user access to specific tabs.
Overview of Organizational Management, on page 237 Creating and editing Organizations, on page 237 Organizational Roles, on page 245 Creating and editing Organizational Roles, on page 245 Organizational Filters, on page 248 Creating and Editing Organizational Filters, on page 249 Computers, on page 252
Default Organization
The default organization will have everything coming into the appliance. The default organization will allow the administrator to view or perform activities on machines in all organizations. If a machine is not set in a filter, then the machine will go to the default organization.
237
13
To create an organization
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. In the Choose Action menu, click Add New Item. The K1000 Organization: Edit Detail page appears. 3. Name Description Role Enter Organization information as follows: Enter a name for the new organization. This field is mandatory. Enter a description for the new organization. Select the appropriate role from the drop-down list. Note: First, create the role by going to Organizations > Roles, before you can select that specific role from this list. 4. Click Save. The K1000 Organization: Edit Detail page appears with more content. 5. 6. Name Description Scroll down and click the Edit Mode link. Enter the following information: Enter a name for the organization. This field retains the information you specified in the previous page. You can modify the name if required. Enter the description for the organization. This field retains the information you specified in the previous page. You can modify the description if required. Select the appropriate role from the drop-down list. This field retains the role you selected in the previous page. You can modify this selection if required. Note: You must first create the role by going to Organizations > Roles, before you can select that specific role from this list. Select the filter that will be used to direct a new machine that is checking into the appliance to the this organization. Press CTRL and click to select more than one filter. Note: Create the filter by going to Organizations > Filters. Then, you can select that specific filter from this list. (Read-only) Displays the number of computers checking in to the organization. (Read-only) Displays the name of the database the organization is using.
Role
Organization Filters
238
13
Report User
Displays the report user name used to generate all reports in the specific organization. By having a report user name, you can provide access to the organizational database (for additional reporting tools), but not give write access to anyone. Enter the report user password.
Specify the agent settings for the organization: Suggested Setting 12:00 am to 12:00 am Notes The interval during which the agent is allowed to communicate with the appliance. For example, to allow the Agent to connect between 1 AM and 6 AM only, select 1:00 am from the first dropdown list, and 6:00 am from the second drop-down list. The frequency with which the agent checks into the appliance. Each time an agent connects, it resets its connect interval based on this setting. The default setting is once every hour. The interval (in hours) during which the appliance will inventory the computers on your network. If set to zero, the appliance will inventory nodes at every Run Interval. The message that appears to users when communicating with the appliance.
Agent Run interval Agent Inventory Interval Agent Splash Page Text
1 hours
The appliance is verifying your PC Configuration and managing software updates. Please Wait... 15 minutes
The frequency with which the agent downloads new script definitions. The default interval is 15 minutes. This option disallows the server to store the scripting result information that comes up from the agents. The default is to store all the results, which can impact performance. Turning this off provides less information about each node but enables faster agent check-ins.
8.
Click Save.
239
13
1.
If you set up the appliance in your DNS using a host name other than the default name kbox or if you need agents to reach the appliance by using the IP address rather than the DNS name, you must install the agent specifying the SERVER property. For example: Windows: c:\>KInstallerSetup.exe -server=myk1000 -display_mode=silent or c:\>KInstallerSetup.exe -server=192.168.2.100 display_mode=silent Mac OS: /Library/KBOXAgent/Home/bin/setkbox myk1000 or /Library/KBOXAgent/Home/bin/setkbox 192.168.2.100 Linux: /KACE/bin/setKBOX myk1000 or /KACE/bin/setKBOX 192.168.2.100
2.
To correct the server name for a node that is already installed, edit the host= value in: Windows: c:\program files\KACE\KBOX\smmp.conf Mac OS: /var/kace/kagentd/kbot_config.yaml Linux: /var/KACE/kagentd/kbot_config.yaml
3. 4. 5.
Verify that you are able to ping the appliance, and reach it through a Web browser at http://k1000_hostname. Verify that Internet Options are not set to use proxy. Verify that proxy is excluded for the local network or k1000_hostname. Verify that no firewall or anti-spyware software is blocking communication between the appliance and any of the agent components, including: KBOXManagementService.exe KBOXClient.exe KUpdater.exe kagentd (OS X/ Unix)
6.
Verify that the KBOXManagementService.exe (Windows) or the kagentd (OS X/ Unix) processes are running. The agent shows as perl in the OS X Activity Monitor.
240
13
If, after verifying these items, you are still unable to get the agent to connect to the appliance, contact KACE Support.
To edit an organization
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click the linked name of the organization. The K1000 Organization : Edit Detail page appears. 3. 4. Name Description Scroll down and click the Edit Mode link. Edit the organization details as follows: Enter a name for the organization. This field retains the information you specified in the previous page. You can modify the name if required. Enter the description for the organization. This field retains the information you specified in the previous page. You can modify the description if required. Select the appropriate role from the drop-down list. This field retains the role you selected in the previous page. You can modify this selection if required. Note: You must first create the role by going to Organizations > Roles, before you can select that specific role from this list. Select the filter that will be used to direct a new machine that is checking into the appliance to the this organization. Press CTRL and click to select more than one filter. Note: Create the filter by going to Organizations > Filters. Then, you can select that specific filter from this list. (Read-only) Displays the number of computers checking in to the organization. (Read-only) Displays the name of the database the organization is using. Displays the report user name used to generate all reports in the specific organization. By having a report user name, you can provide access to the organizational database (for additional reporting tools), but not give write access to anyone. Enter the report user password.
Role
Organization Filters
241
13
5. Field
Specify the agent settings for the organization: Suggested Setting 12:00 am to 12:00 am Notes The interval during which the agent is allowed to communicate with the appliance. For example, to allow the Agent to connect between 1 AM and 6 AM only, select 1:00 am from the first dropdown list, and 6:00 am from the second drop-down list. The frequency with which the agent checks into the appliance. Each time an agent connects, it resets its connect interval based on this setting. The default setting is once every hour. The interval (in hours) during which the appliance will inventory the computers on your network. If set to zero, the appliance will inventory nodes at every Run Interval. The message that appears to users when communicating with the appliance.
Communications Window
1 hours
The appliance is verifying your PC Configuration and managing software updates. Please Wait... 15 minutes
The frequency with which the agent downloads new script definitions. The default interval is 15 minutes. This option disallows the server to store the scripting result information that comes up from the agents. The default is to store all the results, which can impact performance. Turning this off provides less information about each node but enables faster agent check-ins.
6.
Click Save. The default credentials admin/admin are automatically created when you create an organization.
To delete an organization
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click the linked name of the organization. The K1000 Organization: Edit Detail page appears. 3. 4. Scroll down and click Edit Mode. Click Delete to delete the organization.
242
13
To add a user
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. 3. Select K1000 Settings > Control Panel. Click Users. The K1000 System Admin Users page appears. 4. In the Choose Action menu, select Add New Item. The K1000 System Admin: Edit Detail page appears. 5. Enter the necessary user details. Do not specify legal characters in any field. User Name Full Name Email Domain Budget Code Location Work Phone Home Phone Mobile Phone Pager Phone Enter a user name for accessing the system administrator console. Enter the users full name. Enter the users email address. (Optional) Enter an active directory domain. (Optional) Enter the financial department code. (Optional) Enter the name of a site or building. (Optional) Enter the users work phone number. (Optional) Enter the users home phone number. (Optional) Enter the users mobile phone number. (Optional) Enter the users pager phone number.
243
13
Custom 1 Custom 2 Custom 3 Custom 4 Password Enter the password for the new user. Null passwords are not valid for new users. The user will be created but cannot be activated without a valid password. Re-enter the users password. Specify the users logon permissions: AdminThis user can log on to and access all features in the system administrator console. ReadOnly AdminThis user can log on but cannot modify any settings in the system administrator console. 6. Click Save. (Optional) Enter additional information in the custom fields as necessary.
To delete a user
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click K1000 Settings > Control Panel. The K1000 Settings : Control Panel page appears. 3. Click Users. The K1000 System Admin Users page appears. 4. 5. 6. Click the check boxes for the users you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click OK to confirm deleting the selected user.
You can also delete users from the K1000 System Admin: Edit Detail page.
244
13
The K1000 Organizations page appears. 2. 3. Click K1000 Settings > Control Panel. Click Users. The K1000 System Admin Users page appears. 4. Click the user name whose password you want to change. The K1000 System Admin: Edit Detail page appears. 5. Modify the password as follows: Enter the password for the user. Null passwords are not valid. This field is mandatory. Re-enter the users password. This field is mandatory.
Organizational Roles
Roles are assigned to each organization to limit access to different tabs in the Administrator Console and the User Portal. You can restrict what tabs an organization is allowed to see when the administrator logs in to the Administrator Console and the user logs in to the User Portal. The following are the permissions that can be applied for each tab.
Write The organization will have write access for the tab. The administrator or user will be able to edit the fields present on the page. Read The organization will have only read access for the tab. The administrator or user will be not be able to edit the fields present on the page. The administrator or user will be not be able to add, edit, or delete any item present in the list. Hide The tab will be hidden and the administrator or user will not be able to view that tab.
Default role
The default role has access to all tabs in the Administrator Console and the User Portal. The default role will have write access for all tabs. The administrator or user will be able to edit the fields present on the page.
245
13
To create a role
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Roles. The Organizational Roles page appears. 3. In the Choose Action menu, click Add New Item. The Organizational Role : Edit Detail page appears. 4. Enter the role information as follows: Enter a name for the new role. This field is mandatory. (Optional) Enter a description for the new role.
In the Permissions ADMIN Console, click a component link to expand it. You can also click the Expand All link to expand all component sections.
6.
To assign the same access level to all areas of a component, click one of the following: All Write All Read All Hide
7.
To assign different permission levels to different areas of the component, click the Custom option. If you clicked the Custom option, select the appropriate permission from the dropdown menu next to the names of each tab.
8. 9.
Under Permissions USER Console, click the UserUI link to expand it. To assign the same access level to all areas of a the User Console, click one of the following: All Write All Read All Hide
10. To assign different permission levels to different areas of the User Console, click the Custom option.
246
13
11. Click Save. If you assign HIDE permission to General Settings and User Authentication under K1000 Settings, the Control Panel tab is hidden. For users upgrading from 1100 to 1200: When using 1100, if you assign HIDE permission to all tabs other than Logs and Server Maintenance under K1000 Settings. Then after upgrading to 1200, the K1000 Settings tab gets hidden from the Administrator console.
To edit a role
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Roles. The Organizational Roles page appears. 3. Click the linked name of the role. The Organizational Role: Edit Detail page appears. 4. Edit the role details: Enter the name for the new organization. This field is mandatory. (Optional) Enter the description for the new organization.
Name Description 5. 6.
Under Permissions ADMIN Console, click the individual tab link to expand it. Or, click the Expand All link to expand all the tabs. Under each tab, select All Write, All Read, or All Hide to assign the respective permission to all the sub tabs. Or, select the Custom option to assign custom permissions to individual sub tabs. If you select the Custom option, select the appropriate permission from the drop-down list next to each tab. Under Permissions USER Console, click the UserUI link to expand it. Under each tab, select All Write, All Read, or All Hide to assign the respective permission to all the sub tabs. Or, select the Custom option to assign custom permissions to individual sub tabs.
7. 8. 9.
10. If you select the Custom option, select the appropriate permission from the drop-down list next to each tab. 11. Click Save.
247
13
To delete a role
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Roles. The Organizational Roles page appears. 3. To delete a role, do one of the following: 4. Select the check box beside the role, and then select Delete Selected Item(s) from the Choose Action menu. From the Organizational Role: Edit detail page, click Delete.
Click OK.
To duplicate a role
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. 3. Click Roles. Click the role you want to duplicate. The Organizational Role : Edit Detail page appears. 4. Click Duplicate to duplicate the organization details. The page refreshes. 5. Enter the role information as follows: Enter a name for the role. This is a mandatory field. Enter a description for the role.
The Associated Organizations table displays the list of organizations associated with this role.
Organizational Filters
Filters are used to direct a new machine checking into the appliance to the appropriate organization. An organization can be assigned more than one filter. The filters are executed
248
13
according to the ordinal specified when the filters are created. If a machine is not set in a filter, it will go to the default organization. A machine can be directed to the appropriate organizations in the following ways:
One or more filters will be executed against the machine that is checking in. If one of the filters is successful, the machine will be redirected to the correct organization. If no filter matches the machine, it will be put into the default organization. The system administrator can then manually move that machine from the default organization to the appropriate organization.
Data Filter Allows the automatic organization of machines based on a search criteria. Whenever machines that check in meet the criteria, they will be directed to the specific organization. LDAP Filter The LDAP label allows the automatic organization of machines based on LDAP or Active Directory interaction. The filter will be applied to the LDAP server, and if any entries are returned, they are automatically organized. If the LDAP server requires credentials for administrative login (that is, nonanonymous login), supply those credentials. If no LDAP user name is given, an anonymous bind is attempted. Each LDAP filter may connect to a different LDAP/AD server
249
13
Evaluation Order
Enter a number. The filter will be executed according to the evaluation order specified.
5. 6. 7. 8.
Enter the Machine Filter Criteria. Select an attribute from the drop-down list. For example, IP Address. Select the condition from the drop-down list. For example, contains. Enter the attribute value in the provided field. For example, to filter machines from the specified IP range and direct them to the organization, enter: XXX.XX.* You can add multiple criteria.
9.
Select the Conjunction Operator (AND or OR) from the drop-down list to add more criteria.
10. Click the Add Criteria link to add more criteria. 11. Click Save.
Enter the LDAP Machine Filter Criteria. Specify the IP or Host Name of the LDAP Server. Note: To connect through SSL, use the IP or the Host Name. For example: ldaps://HOSTNAME. Specify the LDAP Port number. For example: 389 or 636 (LDAPS).
Server Hostname
250
13
Search Base DN
Specify the Search Filter. For example: samaccountname=admin. Specify the LDAP login. For example: LDAP Login: CN=Administrator,CN=Users,DC=hq,DC=corp, DC=kace,DC=com
LDAP Password 6. 7.
To edit a filter
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Filters. The K1000 Organization Filters page appears. 3. Click the linked name of the filter. The K1000 Organization Filter : Edit Detail page appears. 4. Edit the filter details: Select to enable this filter. (You have to enable the filter to use it.) Enter a name for the filter. Enter a description for the filter. Enter a number. The filter will be executed according to the evaluation order specified.
5. 6.
Edit the machine filter criteria. Select an attribute from the drop-down list. For example: IP Address.
7.
Select the condition from the drop-down list. For example: contains.
8.
Specify the attribute value in the provided field. For example, XXX.XX.* In the above example, machines from the specified IP range are filtered and directed to the organization to which this filter is applied.
251
13
Note: You can add multiple criteria. 9. Select a conjunction operator (AND or OR) from the drop-down list to add more criteria.
10. Click the Add Criteria link to add more criteria. 11. To test your filter, click Test Filter. 12. Click Save.
To delete a filter
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Select Organizations. The K1000 Organizations page appears. 2. Click Filters. The K1000 Organization Filters page appears. 3. To delete a filter, do one of the following: 4. Select the check box beside the filter, and then select Delete Selected Item(s) from the Choose Action menu. Click Delete.
Click OK.
Computers
The K1000 Computers page lists all the nodes that are checking into the appliance. It displays details for each computer such as the Name, the Organization the computer is checking into, the Last Sync (when the computer last checked into the appliance), the Description, and the IP Address.
Advanced Search
If you need more granularity than keyword searches provide, try using an advanced search. The advanced search allows you to specify values for each field present in the inventory record and search the entire inventory listing for that value. For example, if you need to know which computers have a particular version of BIOS installed to upgrade only those affected machines, you can search for these.
252
13
1. 2. 3.
Go to Inventory > Computers. Click Advanced Search. Select an attribute from the drop-down list. For example: IP Address.
4.
Select the condition from the drop-down list. For example: contains.
5.
Specify the attribute value in the provided field. For example: XXX.XX.* In the above example, machines from the specified IP range are searched. Note: You can add more than one criteria.
6.
Select the Conjunction Operator from the drop-down list to add more criteria. For example: AND.
7.
Click Search. The search results are displayed below. You can refilter the computers displayed in the list, for more information refer to Refiltering Computers, on page 253.
You can refilter the computers displayed in the list. For more information, refer to Refiltering Computers, on page 253. Note: If you do not see any computers listed in the test results, no existing computers match the machine filter criteria you set upor the machine filter criteria is invalid. You can edit the machine filter criteria. For more information on how to edit a filter, refer to Creating and Editing Organizational Filters, on page 249.
Refiltering Computers
You can refilter the computers, which will recheck the computers against all filters. For example, you can check if the filter created by you is applied correctly to the intended computers. You first create the new filter by going to Organizations > Filters. In the Computers page, refilter the computers. The organizations column will display the new
253
13
organization name in red besides the old organization name, against those computers on which the filter has been applied.
To refilter computers
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Go to Organizations > Computers. The K1000 Computers page appears. 2. 3. Select the check boxes next to the computers that you want to refilter. In the Choose Action menu, click Refilter Selected Computers to recheck the computers against all filters.
Redirecting Computers
You can redirect a computer to a different organization. For example, a computer checks into organization A. You can redirect that computer to organization B. The next time the computer checks in, it will check into organization B.
To redirect computers
To perform these steps, be sure to select System from the Organization drop-down list in the top-right hand corner of the page. 1. Go to Organizations > Computers. The K1000 Computers page appears. 2. 3. Select the check boxes next to the computers that you want to redirect. Select the appropriate organization name under Change Sync to Organization, from the Choose Action menu, to redirect the computers to the appropriate organization.
254
13
The following table describes each of the detail areas on this page. To expand the sections, select Expand All. The fields that are displayed depend on the type of computer and its operating system. Item Summary Name Model Chassis Type IP Address MAC RAM Total Processors OS Name Service Pack Agent Version User Name AMP Connection Last Inventory Record Created Disk Inventory Information Hardware RAM Total Ram Used Manufacturer Model Domain Motherboard Processors CD/DVD Drives Sound Devices Video Controllers Total amount of RAM. How much RAM is used. Computer manufacturer. Computer model. Name of domain. Main and peripheral buses. CPU count, type, and manufacturer. Configuration of drives installed on the computer. Installed audio devices. Installed video controllers Name of the computer. Computer model. Type of computer, such as desktop or laptop. IP address of the computer. Media Access Control address number. Amount of Random-access memory. Number of CPUs and type. Type of operating system, such as Windows, Macintosh, or Linux. Service Pack version number (Windows only). K1000 Agent version number. Name of most recent user. (Some computers might have multiple users). Time of last connection to the K1000 Agent. Time of latest inventory. Time that the inventory record was created. Number of disk drives, type and size of the file system, and amount of disk space used. Description
255
13
Item Monitor BIOS Name BIOS Version BIOS Manufacturer BIOS Description BIOS Serial Number Disk Printers Network Interfaces K1000 Agent Agent Version AMP Version AMP Connected KACE ID Database ID Last Inventory Last Sync Last Agent Update User User Logged User Name User Domain Operating System Name Version Build Number Architecture Installed Date Last System Reboot Last System ShutDown Uptime Since Last Reboot Agent Version.
Description Type and manufacturer of the monitor. BIOS version. BIOS version. BIOS Manufacturer. BIOS Description. BIOS serial number. Number of disk drives, type and size of file system, and amount of disk space used. The printers that the computer is configured to use. Type of network interface, IP Address, MAC address, and whether DHCP is enabled or disabled.
Version of Agent Messaging Protocol. Time of the last connection to the K1000 Agent. KACE ID. Database ID. Time of latest inventory. Time the computer last checked in to the appliance. Time when the Agent was updated. The user currently logged into the computer. User name. The domain that the user belongs to. Name of the operating system. Version number of the operating system. Build of the operating system. Build number of the operating system. Operating system architecture, such as PPC or x64. Date of operating system installation. Last time the operating system was rebooted. Last time the operating system was turned off. How long the operating system has been up.
256
13
Item System Directory Registry Size Registry Max Size Notes Software Installed Programs Custom Inventory Fields. Virtual Application Kontainers Uploaded Files
Description Location of the system directory. Size of the registry. Maximum size of the registry. You can enter any additional information in this field. List of the software and versions installed on the computer. Lists any Custom Inventory fields created for this machine, along with the field name and value. List any Virtual Kontainers on the computer. You use Virtual Kontainers to create virtual versions of supported applications, and deploy and run them on the nodes you administer. Lists the files that have been uploaded to the K1000 Management Appliance from this computer using the upload a file script action. Installed Microsoft Patches. List of running processes. List of startup programs. List of services. The labels assigned to this computer. Labels are used to organize and categorize inventory and assets. Lists any failed managed installs. Managed installations allow deploying software that require installation files. List of managed installations that will be sent to the computer the next time it connects with the appliance. Lists any Service Desk Tickets assigned or submitted by any user of the computer. Lists the patches detected and deployed on the computer. Lists any threats that are harmful to any software, process, startup item, or service. Results of OVAL Vulnerability tests run on this computer. Results of FDCC/SCAP Configuration Scans run on this computer.
Installed Patches via Inventory Running Processes Startup Programs Services Activities Labels Failed Managed Installs To Install List Service Desk Tickets Security Patching Detect/Deploy Status Threat Level 5 List OVAL Vulnerabilities FDCC/SCAP Configuration Scans Logs
257
13
Item K1000 Agent Logs Portal Install Logs Scripting Logs Asset Asset Information Related Assets Asset History
Description Contains the logs for the K1000 Agent application. A question mark indicates that its status is unknown. Details about User Portal packages installed on this machine. Configuration Policy scripts that have been run on this computer, along with the available status of any scripts in progress. Lists when the record was created and last modified; the asset type, such as computer; and the name of the asset. Lists any related assets. Lists the changes done to the asset of the computer along with the date and time when each change was done.
258
A
Administering Mac OS Nodes
This appendix lists Dell KACE K1000 Management Appliance information and behaviors that are specific to Apple Mac OS nodes. For the supported versions of the Mac OS operating system, see Chapter 4: System requirements for Agents, starting on page 66.
Mac OS Inventory, on page 259. Distributing Software to Mac OS Nodes, on page 260. Patching Mac OS Nodes, on page 263.
Mac OS Inventory
Your K1000 Management Appliance manages Mac OS X nodes the same manner it manages Windows nodes. See the Chapter 5: Managing Software and Hardware Inventories, starting on page 83, for details. You search for Macintosh nodes using Inventory > Computer > Advanced Search. In the Advanced Search tab, identify the nodes using attributes such as OS Name. For more information on how to use the Advanced Search tab, see Using Advanced Search for Software Inventory, on page 91. You can select the Create Notification tab to set up searches for Mac OS nodes with specific criteria and sends the administrator an email when it finds them. For example, if you wanted to know when computers had a critically low amount of disk space left, you could specify the search criteria to look for a value of 5 MB or smaller in the Disk Free field, and then notify an administrator who can take appropriate action. For more information on how to create notifications, see Searching for Computers by Creating Computer Notifications, on page 86. Inventory filtering provides a way to dynamically apply a label based on search criteria. It is often helpful to define filters by inventory attribute. For example, you can create a label called San Francisco Office and create a filter based on the IP range or subnet for machines in San Francisco. Whenever machines check in that meet the criteria you have set up, they would receive the San Francisco label. This is particularly useful if your network includes laptops that often travel to remote locations. You can also create a label to group all your Mac OS nodes. Once grouped by label, you can more easily manage software, reports, or software deployments on your Mac OS nodes. For more information on labeling, refer to Managing Labels, on page 54.
259
Create or delete managed installations Execute or disable managed installations Specify a Managed Action Apply or remove a label Search managed installations by keyword
260
3.
Select the software from the Software drop-down list. By default, the agent attempts to install the .pkg file using the following command:
installer -pkg packagename.pkg -target / [Run Parameters] If you have selected a .zip/.tgz/tar.gz file, the contents are unpacked and the system searches the root directory for all .pkg files. The installation command runs against each of these .pkg files and executes on all of these files in alphabetical order. Next, the appliance searches for all plain applications (.app) on the top level of the archive and copies them to the Applications folder using the following command: ditto -rscs Application.app /Applications/Application.app To execute a script or change any of the these command lines, you can specify the appropriate script invocation as the Full Command Line. You can specify wildcards in the filenames you use. Enclose the filename in single or double quotation marks if it contains spaces. The files are extracted into a directory in /tmp, and that becomes the current working directory of the command. On Mac OS, you do not need to include any other files in your archive other than your script, if this is all you want to execute. 4. If your package requires additional options, you can enter the following installation details: You cannot apply Run Parameters to the above-mentioned commands. You do not need to specify an installation command The server executes the installation command by itself. The Mac OS node tries to install this using: installer -pkg packagename.pkg -target / [Run Parameters] or ditto -rsrc packagename.app /Applications/theapp If you do not want to use the default command at all, you can replace it completely by selecting the Configure Manually option and specifying the complete command line. If you have specified an archive file, this command runs against all of the .pkg files or .app files it can find. Select this check box to uninstall software. If the Installation Command field above is filled in, it is run. Otherwise, by default, the agent attempts to run the command, which is generally expected to remove the package. Select this check box to run the command line only. This will not download the actual digital asset. Enter additional information in this field, if any.
261
Managed Action
Select the most appropriate time for this package to be deployed. Execute anytime (next available) and Disabled are the only options available for Macintosh platform.
5.
Specify the deployment details: Select this check box to deploy to all the machines. Select one or more labels to limit deployment only to machines grouped by these label(s) You can limit deployment to one or more machines. From the dropdown list, select a machine to add to the list. You can add more than one machine, and filter the list by entering filter options. The lowest deploy number is installed first. Enter the maximum number of attempts, between 0 and 99, to indicate the number of times the appliance tries to install the package. If you specify 0, the appliance enforces the installation forever. Enter the time (using a 24-hour clock) to deploy the package. Deployment Window times affect the Managed Action options. Also, the run intervals defined in the System Console, under Organizations > Organizations for this specific organization, override and/or interact with the deployment window of a specific package.
Deploy to All Machines Limit Deployment To Selected Labels Limit Deployment To Listed Machines Deploy Order Max Attempts
6. Allow Snooze
Set user interaction details: This option is not available for Mac OS nodes. This option is not available for Mac OS nodes. This option is not available for Mac OS nodes.
Delete Downloaded Files Select this check box to delete the package files after installation.
262
Select this check box to specify details for alternate download. When you select this check box, the following fields appear: Alternate Download LocationEnter the location from where the Agent can retrieve digital installation files. Alternate ChecksumEnter an Alternate Checksum (MD5) that matches the MD5 checksum on the remote file share (for security purposes). Alternate Download UserEnter a user name with the necessary privileges to access the Alternate Download Location. Alternate Download PasswordEnter the password for the user name specified above. Note: If the target node is part of a replication label, the K1000 Management Appliance does not fetch software from the alternate download location. For more information, refer to Distributing Packages from an Alternate Location, on page 128. Specify an alternate download location only for a specific managed installation. You can also edit an existing label or create a new label that can be used for specifying the alternate location globally. However, since that label will not be specific to any managed installation, you cannot specify an alternate checksum for matching the checksum on the remote file share. For more information on how to create or edit labels, refer to To add or edit a new label, on page 57.
7.
Click Save.
For more information about distribution, refer to Chapter 8: Distributing Software from Your K1000 Management Appliance, starting on page 125. For more information about managed installations, refer to Managed Installations, on page 129.
263
264
B
Adding Steps to a Script
The steps documented here are available on the Scripting component. For details on scripting, see Chapter 9: Using the Scripting Features, starting on page 161.
X X X
X X X X X
265
Description Install "%{name}" with arguments "%{install_cmd}". Note: This step requires you to choose from a list of software packages already uploaded using the functionality in the Inventory/ Software tab. For more information, see Adding Software to Inventory, on page 92. Kill the process "%{name}". Launch "%{path}\%{program}" with params "%{parms}". Log %{key}!%{name}. Log %{attrib} from %{path}\%{file}. Log %{message} to %{type}. Restart service %{name} Run the batch file "%{_fake_name}" with params "%{parms}". Note: In this step, you do not need to upload the batch file. You create the batch file by pasting the script in the space provided.
OS X
R X
ORS ORF
Kill a process Launch a program Log a registry value Log file information Log message Restart a service Run a batch file
X X
X X
X X X X X X
X X
X X
Search for "%{name}" in "%{startingDirectory}" on "%{drives}" and "%{action}". Set "%{key}". Set "%{key}!%{name}" to "%{newValue}". Restart service %{name}. Stop service %{name} Unzip "%{path}\%{file}" to "%{target}". Set the text in the message window named "%{name}" to "%{text}". Update policy and job schedule from the appliance. Upload "%{path}\%{file}" to the server. Verify that the directory "%{path}" exists. Verify that the file "%{path}\%{file}" exists. Verify that the file "%{path}\%{file}" has version "%{expectedValue}".
Set a registry key Set a registry value Start a service Stop a service Unzip a file Update message window text Update policy and job schedule Upload a file Verify a directory exists Verify a file exists Verify a file version is exactly
X X
X X X X
X X X X X X X
X X
X X
X X
266
Step Verify a file version is greater than Verify a file version is greater than or equal to Verify a file version is less than Verify a file version is less than or equal to Verify a file version is not Verify a file was modified since
Description Verify that the file "%{path}\%{file}" has version greater than "%{expectedValue}". Verify that the file "%{path}\%{file}" has version greater than or equal to "%{expectedValue}. Verify that the file "%{path}\%{file}" has version less than "%{expectedValue}". Verify that the file "%{path}\%{file}" has version less than or equal to "%{expectedValue}. Verify that the file "%{path}\%{file}" does not have version "%{expectedValue}". Verify that the file "%{path}\%{file}" was modified since "%{expectedValue}".
V X X
OS
ORS ORF
X X
X X X X X X
Verify a process is not Verify the process "%{name}" is not running. running Verify a process is running Verify a product version is exactly Verify a product version is greater than Verify a product version is greater than or equal to Verify a product version is less than Verify the process "%{name}" is running. Verify that the product "%{path}\%{file}" has version "%{expectedValue}". Verify that the product "%{path}\%{file}" has version greater than "%{expectedValue}". Verify that the product "%{path}\%{file}" has version greater than or equal to "%{expectedValue}. Verify that the product "%{path}\%{file}" has version less than "%{expectedValue}".
X X
Verify a product Verify that the product "%{path}\%{file}" has version is less than or version less than or equal to equal to "%{expectedValue}. Verify a product version is not Verify a registry key does not exist Verify a registry key exists Verify a registry keys subkey count is exactly Verify that the product "%{path}\%{file}" does not have version "%{expectedValue}". Verify that "%{key}" does not exist. Verify that "%{key}" exists. Verify that "%{key}" has exactly "%{expectedValue}" subkeys.
X X X X
267
Step Verify a registry keys subkey count is greater than Verify a registry keys subkey count is greater than or equal to Verify a registry keys subkey count is less than Verify a registry keys subkey count is less than or equal to Verify a registry keys subkey count is not Verify a registry keys value count is exactly Verify a registry keys value count is greater than Verify a registry keys value count is greater than or equal to Verify a registry keys value count is less than Verify a registry keys value count is less than or equal to Verify a registry keys value count is not Verify a registry pattern doesnt match Verify a registry pattern match
Description Verify that "%{key}" has greater than "%{expectedValue}" subkeys. Verify that "%{key}" has greater than or equal to "%{expectedValue}" subkeys.
V X
OS
ORS ORF
Verify that "%{key}" has less than "%{expectedValue}" subkeys. Verify that "%{key}" has less than or equal to "%{expectedValue}" subkeys. Verify that "%{key}" does not have exactly "%{expectedValue}" subkeys. Verify that "%{key}" has exactly "%{expectedValue}" values. Verify that "%{key}" has greater than "%{expectedValue}" values. Verify that "%{key}" has greater than or equal to "%{expectedValue}" values. Verify that "%{key}" has less than "%{expectedValue}" values. Verify that "%{key}" has less than or equal to "%{expectedValue}" values. Verify that "%{key}" does not have exactly "%{expectedValue}" values. Verify that "%{key}!%{name}=%{expectedValue}" doesn't match. Verify that "%{key}!%{name}=%{expectedValue}" matches.
X X X
X X
Verify a registry value Verify that "%{key}!%{name}" does not exist. does not exist Verify a registry value Verify that "%{key}!%{name}" exists. exists
X X
268
Step
Description
V X X X
OS
ORS ORF
Verify a registry value Verify that "%{key}!%{name}" is equal to is exactly "%{expectedValue}". Verify a registry value Verify that "%{key}!%{name}" is greater than is greater than "%{expectedValue}". Verify a registry value Verify that "%{key}!%{name}" is greater than is greater than or or equal to "%{expectedValue}" . equal to Verify a registry value Verify that "%{key}!%{name}" is less than is less than "%{expectedValue}". Verify a registry value Verify that "%{key}!%{name}" is less than or is less than or equal equal to "%{expectedValue}". to Verify a registry value Verify that "%{key}!%{name}" is not equal to is not "%{expectedValue}". Verify a service exists Verify the service "%{name}" exists. Verify a service is running Verify the service "%{name}" is running.
X X
X X X
X X X
X X X
X X X
X X X
X X X
269
Description Search for "%{name}" in "%{startingDirectory}" on "%{drives}" and "%{action}". Unzip "%{path}\%{file}" to "%{target}". Set the text in the message window named "%{name}" to "%{text}". Update policy and job schedule from the appliance. Upload "%{path}\%{file}" to the server. Verify that the directory "%{path}" exists. Verify that the file "%{path}\%{file}" exists. Verify that the file "%{path}\%{file}" was modified since "%{expectedValue}".
V X
OS
ORS ORF
Unzip a file Update message window text Update policy and job schedule Upload a file Verify a directory exists Verify a file exists Verify a file was modified since
X X X X X X X X X
X X
X X
X X
Verify a process is not Verify the process "%{name}" is not running. running Verify a process is running Verify a plist value equals Verify a plist value exists Verify a plist value greater than Verify a plist value less than Verify an environment variable equals Verify an environment variable exists Verify an environment variable greater than Verify an environment variable less than Verify at least one file matching regex exists Verify the process "%{name}" is running.
270
Step Verify count of filenames matching regex is greater than Verify count of filenames matching regex is less than Verify count of filenames matching regex Verify file info equals Verify file info greater than Verify file info less than
Description
OS
ORS ORF
Unzip a file Update policy and job schedule Upload a file Verify a directory exists
X X X
271
Description Verify that the file "%{path}\%{file}" exists. Verify that the file "%{path}\%{file}" was modified since "%{expectedValue}".
V X X X X
OS
ORS ORF
Verify a process is not Verify the process "%{name}" is not running. running Verify a process is running Verify an environment variable equals Verify an environment variable exists Verify an environment variable greater than Verify an environment variable less than Verify at least one file matching regex exists Verify count of filenames matching regex is greater than Verify count of filenames matching regex is less than Verify count of filenames matching regex Verify file info equals Verify file info greater than Verify file info less than Verify the process "%{name}" is running.
272
C
Writing Custom Inventory Rules
This chapter describes how to inventory items that are not appearing in Software list by default. Custom Inventory rules allow you to automatically detect software and other items on a node. Capturing this information allows you to manage your custom Software items with Smart Labels, Distribution and Managed Installations, Scripting, and include additional details in Reports. Use the Custom Inventory rules if:
The software or item you want to inventory is not listed in Add/Remove Programs. Different versions of the same software have the same entry in Add/Remove Programs, either with incorrect or incomplete Display Version information. To write deployment rules, scripts, reports based on the presence of a Software Item or value that is not reported by the agent.
Conditional rules that test whether or not a condition exists on the node. When a rule returns true, the agent reports the item as an Installed Program; when the rule returns false, the item does not appear as an Installed Program. Value Return rules that get data from the node and if the value exists the agent reports the item as an Installed Program and sets a corresponding Custom Inventory field.
273
See Chapter 5: To add software to Inventory manually, starting on page 93 for details.
274
The Installed Program and Custom Inventory Field name. For example BIOSDATE, is the custom Software Items Display name (Title): BIOSDATE. The Software Items with Value Return rules that set a Custom Inventory Field also appear as Installed Programs. If the results you expect dont appear, verify that the node recently checked in. The check in time is shown in the Last Inventory field of the Inventory > Computers Detail page.
Checking for conditions (Conditional rules), on page 276 Getting values from a node (Custom Inventory Field), on page 283 Matching file names with Regular Expressions, on page 287
Function syntax
Enter the functionName followed by an opening parentheses, enclose the arguments with a closing parentheses. No spaces are allowed between the name of the function and the opening parentheses.
Argument syntax
Enter argument syntax for all rules except command and regex (regular expression) as follows:
Separate arguments by commas. Commas are not allowed anywhere else in the string.
275
Do not include single or double quotes. White space is trimmed from the front and back of each argument.
For example, the following syntaxes are the same: RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector, IE, 6.000) RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector,IE,6.000)
The following sections describe the rules that test for conditions:
Conditional rule reference Verifying if a Condition exists (Exists rules) Evaluating node settings (Equals rules) Comparing node values (Greater and Less Than rules) Testing for multiple conditions
When the rule returns false, the Software Item does not appear in Installed Programs in the nodes inventory list. You can also display a list of nodes that have the item installed from the Inventory > Software > Custom_item: Details page.
276
DirectoryExists(path) FileExists(path)
X X
X X
X X
Checks for a directory at the specified path on the node. Checks for a file at the specified path on the node. Include the name of the file and extension in the path. Verifies that the Version > File Version property of the file specified in the path matches the NUMBER value you entered. Verifies that the Version > File Version property of the file you specified as the path is lower than the NUMBER value you entered.
FileVersionEquals(path, version)
FileVersionLessThan(path, version)
Verifies that the Version > File Version property of the file you specified is higher than the NUMBER value you entered. Verifies that the Version > Product Version property of the executable or installation file you specified matches the NUMBER value you entered. Verifies that the Version > Product Version property of the executable or installation file you specified is lower than the NUMBER value you entered. Verifies that the Version > Product Version property of the executable or installation file you specified is higher than the NUMBER value you entered. X X Verifies that the File Info property of the executable or installation file you specified is higher than the value you entered. Verifies that the File Info property of the executable or installation file you specified is lower than the value you entered.
ProductVersionLessThan(path, version)
ProductVersionGreaterThan(path, version)
277
Syntax Windows
OS Mac OS X Linux
Description
FileInfoEquals(fullpath, attribute, type, value) RegistryKeyExists(registryPath) RegistryValueEquals(registryPath, valueName, value) RegistryValueLessThan(registryPath , valueName, value) RegistryValueGreaterThan(registryP ath, valueName, value) EnvironmentVariableExists(var) EnvironmentVariableGreaterThan(var , type, value)
Verifies that the attribute of the executable or installation file you specified matches the value you entered. Verifies that a registry key exists. Verifies that a registry entry exactly matches the value you specify. Value is compared as TEXT. Verifies that the registry entry is lower than the value you specify. Value is a NUMBER. Verifies that the registry entry is higher than the value you specify. Value is a NUMBER.
X X
X X
Verifies that an environment variable with the name you specify exists. Verifies that the environment variable definition is higher than the value you specify. Only DATE (in the full format mm/dd/ yyyy hh:mm:ss) and NUMBER are valid types.
Verifies that the environment variable definition is lower than the value you specify. Only DATE (in the full format mm/dd/ yyyy hh:mm:ss) and NUMBER are valid types. Verifies that the environment variable definition exactly matches the value you specify. All three types are valid, TEXT, DATE (in the full format mm/dd/yyyy hh:mm:ss), and NUMBER. Verifies that a named value exists in a PLIST file. Verifies that the named value is a DATE (in the full format mm/dd/yyyy hh:mm:ss) or NUMBER higher than the value you specified.
X X
278
Syntax Windows
OS Mac OS X Linux
Description
Verifies that the named value is a DATE (in the full format mm/dd/yyyy hh:mm:ss) or NUMBER lower than the value you specified. Verifies that the named value is a TEXT, DATE (in the full format mm/dd/yyyy hh:mm:ss), or NUMBER that exactly matches the value you specified. You can specify a colon separated list of entries to match the value. Arrays and other valid PLIST datatypes are not supported.
279
FileExists(C:\WINDOWS\notepad.exe)
FileVersionEquals(path, version) ProductVersionEquals(path, version) FileInfoEquals(fullpath, attribute, type, value) RegistryValueEquals(registryPath, valueName, value) EnvironmentVariableEquals(var, type, value) PlistValueEquals(fullpath, entry, type, value) FilenamesMatchingRegexEqual(fullpath,regex,value)
280
FileVersionGreaterThan(path, version) and FileVersionLessThan(path, version) ProductVersionGreaterThan(path, version) and ProductVersionLessThan(path, version) FileInfoGreaterThan(fullpath, attribute, type, value) and FileInfoLessThan(fullpath, attribute, type, value) RegistryValueGreaterThan(registryPath, valueName, value) and RegistryValueLessThan(registryPath, valueName, value) EnvironmentVariableGreaterThan(var, type, value) and EnvironmentVariableLessThan(var, type, value) PlistValueGreaterThan(fullpath, entry, type, value) and PlistValueLessThan(fullpath, entry, type, value) FilenamesMatchingRegexGreaterThan(fullpath,regex,value) and FilenamesMatchingRegexLessThan(fullpath,regex,value)
ExampleTesting if the Product Version is higher than 6.0 To verify that the product version is higher than 6.0:
281
ProductVersionGreaterThan(C:\Program Files\Internet Explorer\iexplorer.exe, 6.0) To verify that the production version is 6 (that is equal to 6.0) or higher, enter the following: ProductVersionEquals(C:\Program Files\Internet Explorer\iexplorer.exe, 6.0) OR ProductVersionGreaterThan(C:\Program Files\Internet Explorer\iexplorer.exe, 6.0)
AND operator: All the rules must return true in order for the results to return true and report the Software Item as an Installed Program. OR operator: Only one rule must return true for the Software Item to be reported as an Installed Program.
282
Use the Custom Inventory Field values to manage installs and distribute software as well as in reports, View by filtering, and Smart Label search criteria, or any other process that can be performed with a automatically detected setting. This section covers the following topics:
283
Value Return rule reference Getting Registry key values Getting command output Getting PLIST values Getting multiple values
Returns the value of a registry entry, and sets the datatype to the one you specified. Returns the value of an environment variable, and sets the datatype to the one your specified. Returns the value of a file attribute, see valid types in Specifying a file attribute, on page 290. Returns the output of the command, and sets the datatype to TEXT. Returns the output of the command, and sets the datatype to DATE. Returns the output of the command, and sets the datatype to NUMBER. Returns the value of the PLIST key, and sets the datatype to TEXT, NUMBER, or DATE.
X X X
X X X
X X X X
284
FileInfoReturn(C:\Program Files\Internet Explorer\iexplore.exe,ProductVersion,NUMBER) However, if the value contained a special or alpha character, specify the TEXT as the type. TEXT limits the operators you can use in queries in other features, such as Smart Label Search Criteria.
285
The Uptime Return custom Software Item displays in the Custom Inventory Field.
286
In the Custom Inventory field, join rules using the following syntax: Function(arguments...) AND Function(arguments) AND ... Separate the conditional statements from the operator with spaces. Do not join AND and OR operators in the same rule.
Dot matches any single character. When entered alone it matches all files.
File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg File.doc Myabc.txt abcFile.xls MyFile.abc Example.jpg
Backslash escapes a special character, suppressing the special regular expression quantifier meaning. For example, to match all text files, enter: .*\.txt$
\.
287
Character ^
Description Caret (and \A) matches the characters you specify to the start of the file name. Pipe separates a list of options to match. Dollar (and \Z or \z) matches the characters your specify to the end of the file name. Question mark makes the preceding character optional in matches.
Example Expression ^k Matches kinstaller.exe From install.exe runkbot.bat kinstaller.exe install.exe kinstaller.exe runkbot.bat MyStartupBat.doc MyStartup.bat
\.log10?$
a.log11 mylog.log10
app.log appconf.log2 mylog.log10 a.log11 afile.txt app.log appconf.log12 mylog.log10 a.log11 afile.txt app.log appconf.log12 mylog.log10 a.log11 afile.txt3 app.log appconf.log12 mylog.log10 a.log11 afile.txt3 app.log appconf.log12 mylog.log10 a.log11 afile.txt3
\.log1*$
ap+.*\.log
app.log appconf.log12
[]
[123] Brackets enclose a character class and matches any character within the brackets. Note that character class special character rules differ from normal regular expressions. Parentheses enclosing characters creates a back reference and matches the preceding characters and/or the enclosed characters. ap?+\.(log) [123]$
()
appconf.log12 a.log11
288
Character {n}
Description Curly brackets repeats the preceding character the number of specified times, where n is greater than or equal to 1.
Example Expression a.{3}?+\. (log)[123]$ Matches appconf.log12 From app.log appconf.log12 mylog.log10 a.log11 afile.txt3
FilenamesMatchingRegexExist(fullpath,regex)
Returns true if any files in the specified directory match the file name you entered using a regular expression. True if the number of files that match is more than the value. True if the number of files that match is less than the value. True if the number of files that match is the same as the value. Sets the Custom Inventory Field to the matching file names (includes path).
FilenamesMatchingRegexGreaterThan(fullpat h,regex,value)
X X X X
X X X X
289
Specifying a version
version is an integer (datatype is NUMBER) that the agent compares to the version of the item being tested on the node. For example, the FileVersionGreaterThan test returns true if the value you specify is higher than the version number of the file or folder and otherwise returns false. To test a range, join a Less Than and Greater Than rule as follows: FileVersionGreaterThan(C:\Program Files\Adobe\Acrobat\7.0\Acrobat\Acrobat.exe, 6.99) AND FileVersionLessThan(C:\Program Files\Adobe\Acrobat\7.0\Acrobat\Acrobat.exe, 8.00)
FunctionName(fullpath, attribute, type, value) You can specify any type but the datatype indicated in the table below shows the Windows supported type: AccessedDate Comments CompanyName CreatedDate FileBuildPart FileDescription FileMajorPart FileMinorPart FileName FilePrivatePart FileVersion DATE TEXT TEXT DATE Last date and time the file was accessed. Additional information provided for diagnostic purposes. Name of the company that produced the file. When the file was created.
NUMBER/ Third position of the File Version, for example TEXT in version 1.2.3, 3=Build. TEXT File Description of the Windows file properties Details tab.
NUMBER/ First position of the File Version, for example TEXT in version 1.2.3, 1=Major. NUMBER/ Second position of the File Version, for TEXT example in version 1.2.3, 2=Minor. TEXT TEXT Current name of the file. Also see FileExists. Fourth position of the File Version, for example in version 1.2.3.4, 4=Private.
NUMBER/ Complete File Version shown on the file TEXT properties Details tab. Also see FileVersionEquals, FileVersionGreatThan, and FileVersionLessThan TEXT Internal name of the file, if one exists, such as the module name. If the file has no internal name, it is equal to the original filename, without an extension. Returns True (1) if the file contains debugging information or was compiled with debugging enabled; otherwise returns False (0). Returns True (1) if the provider marked the file as modified and it is not identical to the original shipped version; otherwise returns False (0). Returns True (1) if the provider marked the file as a development version, not a commercially released product; otherwise returns False (0).
InternalName
IsDebug
IsPatched
IsPreRelease
TEXT/ NUMBER
291
IsPrivateBuild
TEXT/ NUMBER
Returns True (1) if the provider marked the file as not built using standard release procedures; otherwise returns False (0). When True, file also has a PrivateBuild string. Returns True (1) if the provider marked the file as built by the original company using standard release procedures but is a variation of the standard file of the same version number; otherwise returns False (0). When True, file also has a SpecialBuild string. Language code, displays corresponding name on the File Properties Details tab. Copyright notices that apply to the file. Trademarks and registered trademarks that apply to the file. Last day and time the file was modified. Provides the full name of the file when it was put or installed on the node. Information about the version of the file.
IsSpecialBuild
TEXT/ NUMBER
Language LegalCopyright LegalTrademarks ModifiedDate OriginalFilename PrivateBuild ProductBuildPart ProductMajorPart ProductMinorPart ProductName
NUMBER/ Third position of the Product Version, for TEXT example in version 1.2.3, 3=Build. NUMBER/ First position of the Product Version, for TEXT example in version 1.2.3, 1=Major. NUMBER/ Second position of the Product Version, for TEXT example in version 1.2.3, 2=Minor. TEXT String that matches the Product Name of the Windows property. Fourth position of the Product Version, for example in version 1.2.3.4, 4=Private.
NUMBER/ The full production version. TEXT Also see ProductVersionEquals, ProductVersionGreaterThan, and ProductVersionLessThan. TEXT Additional information about the build.
SpecialBuild
292
Group name of the file owner. File size. Time stamp of the last time the user or system accessed the file. Last time a change that was mode to the file was saved. When the file was created. The block size of the file. The number of blocks used by the file.
TEXT a string. Only valid for exactly matching in conditional rules such as Equals. In ValueReturn rules, sets the Custom Inventory Field type to string and therefore limits search criteria and filtering to matching operators. NUMBER an integer. Valid in all conditional rules, allows you to specify a whole number for comparison. DATE must be in the format of MM/dd/yyyy HH:mm:ss for example 09/28/2006 05:03:51. Time is required, for example in a comparison such as greater than you must at least specify the time as 00:00:00.
293
Defining commands
The shell command functions allow you to specify the command you want to run on the computer. The guidelines for writing rule arguments do not apply to command. However white space after the opening parentheses and immediately before the closing one is stripped from the command.
294
D
Database Tables
This appendix contains a list of the table names used in the Dell KACE K1000 Management Appliance database.
295
Database Tables
Table CUSTOM_FIELD_DEFINITION CUSTOM_VIEW DELL_INVENTORY DELL_INVENTORY_APPLICATION _DEVICE_JT DELL_INVENTORY_DEVICE_JT DELL_INVENTORY_LOG DELL_MACHINE_PKG_UPDATE_S TATUS DELL_MACHINE_STATUS DELL_PKG_LABEL_JT DELL_PKG_STATUS DELL_PKG_UPDATE_HISTORY DELL_SCHEDULE DELL_SCHEDULE_LABEL_JT DELL_SCHEDULE_OS_JT DELL_SCHEDULE_UPDATE_LABE L_JT FILTER FS FS_LABEL_JT FS_MACHINE_JT GLOBAL_OPTIONS HD_ATTACHMENT HD_CATEGORY HD_EMAIL_EVENT HD_FIELD HD_IMPACT HD_MAILTEMPLATE HD_PRIORITY HD_QUEUE HD_QUEUE_APPROVER_LABEL_J T HD_QUEUE_OWNER_LABEL_JT
Component Custom Fields Custom Fields Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Dell Updates Labeling File Synchronization File Synchronization File Synchronization Appliance Administration Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk
Service Desk
296
Database Tables
Table HD_QUEUE_SUBMITTER_LABEL_ JT HD_SERVICE HD_SERVICE_TICKET HD_SERVICE_USER_LABEL_JT HD_STATUS HD_TICKET HD_TICKET_CHANGE HD_TICKET_CHANGE_FIELD HD_TICKET_FILTER HD_TICKET_RELATED HD_TICKET_RULE HD_WORK IM_CRON IPHONE_PROFILE IPHONE_PROFILE_LABEL_JT KBOT KBOT_CRON_SCHEDULE KBOT_DEPENDENCY KBOT_EVENT_SCHEDULE KBOT_FORM KBOT_FORM_DATA KBOT_LABEL_JT KBOT_LOG KBOT_LOG_DETAIL KBOT_LOG_LATEST KBOT_OS_FAMILY_JT KBOT_OS_JT KBOT_RUN KBOT_RUN_MACHINE KBOT_RUN_TOKEN KBOT_SHELL_SCRIPT KBOT_UPLOAD KBOT_VERIFY
Component Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Service Desk Appliance Administration iPhone iPhone Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting Scripting
297
Database Tables
Table KBOT_VERIFY_STEPS LABEL LABEL_LABEL_JT LDAP_FILTER LDAP_IMPORT_USER MACHINE MACHINE_CUSTOM_INVENTORY MACHINE_DAILY_UPTIME MACHINE_DISKS MACHINE_LABEL_JT MACHINE_NICS MACHINE_NTSERVICE_JT MACHINE_PROCESS_JT MACHINE_REPLITEM MACHINE_SOFTWARE_JT MESSAGE MESSAGE_LABEL_JT METER METER_COUNTER MI MI_ATTEMPT MI_LABEL_JT MSP_MI_TEMPLATE NODE NODE_LABEL_JT NODE_PORTS NODE_SNMP_IF NODE_SNMP_SYSTEM NOTIFICATION NTSERVICE NTSERVICE_LABEL_JT OBJECT_HISTORY
Component Scripting Labeling Labeling Labeling User Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Inventory Alerts Alerts Software Metering Software Metering Managed Installs Managed Installs Managed Installs Patching Network Scan Network Scan Network Scan Network Scan Network Scan Alerts Inventory Inventory Appliance Administration
MACHINE_STARTUPPROGRAM_JT Inventory
298
Database Tables
Table OPERATING_SYSTEMS OVAL_STATUS PATCHLINK_MACHINE_STATUS PATCHLINK_PATCH_LABEL_JT PATCHLINK_PATCH_STATUS PATCHLINK_SCHEDULE PATCHLINK_SCHEDULE_DEPLOY _LABEL_JT PATCHLINK_SCHEDULE_DETECT _LABEL_JT PATCHLINK_SCHEDULE_LABEL_ JT PATCHLINK_SCHEDULE_OS_JT PATCHLINK_SCHEDULE_ROLLBA CK_LABEL_JT PATCH_FILTER PORTAL PORTAL_LABEL_JT PROCESS PROCESS_LABEL_JT PROVISION_CONFIG PROVISION_NODE REPLICATION_LANGUAGE REPLICATION_PLATFORM REPLICATION_SCHEDULE REPLICATION_SHARE REPORT REPORT_FIELD REPORT_FIELD_GROUP REPORT_JOIN REPORT_OBJECT REPORT_SCHEDULE SAVED_SEARCH SCAN_FILTER SCAN_SETTINGS
Component Inventory OVAL Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Patching (Security) Labeling Service Desk Service Desk Inventory Inventory Appliance Administration Appliance Administration Replication Replication Replication Replication Reporting Reporting Reporting Reporting Reporting Reporting Appliance Administration Labeling Network Scan
299
Database Tables
Table SETTINGS SOFTWARE SOFTWARE_LABEL_JT SOFTWARE_OS_JT STARTUPPROGRAM STARTUPPROGRAM_LABEL_JT THROTTLE USER USERIMPORT_SCHEDULE USER_HISTORY USER_KEYS USER_LABEL_JT USER_ROLE USER_ROLE_PERMISSION_VALU E
Component Appliance Administration Inventory Inventory Inventory Inventory Inventory Appliance Administration Service Desk Service Desk Service Desk Service Desk Service Desk Appliance Administration Appliance Administration
300
E
Manually Deploying Agents
This appendix explains how to manually deploy the Dell KACE K1000 Management Appliance Agent on nodes using a command-line or terminal.
Email To deploy Agents through email, you can send an email to your users that contains one of the following: Install file. Link to the appliance. Other Web location to retrieve the required installation file.
Using this method, your users can click a link and install the Agent.
Logon Scripts Logon scripts provide a great mechanism to deploy the Agent when you log onto a computer. If you use logon scripts, simply post the appropriate file in an accessible directory and create a logon script for the Agents to retrieve it.
You can find the installers for Windows, Macintosh, and Red Hat Linux in the following directory: \\k1000_hostname\client\agent_provisioning File share must be enabled to access the installers. See Enabling file sharing on page 67.
For 5.1 or later, install the Agent as described in this chapter for your platform.
301
For 5.0 or earlier, you must first uninstall the Agent on each target computer. See the documentation included with your version of the K1000 Management Appliance.
Go to Dell KACE Support. Support contains whitepapers, articles, and a Knowledge Base that can help you with this issue and many other issues. Windows platforms: Windows security issues, on page 304 Windows debugging, on page 304
Windows XP or earlier: C:\Program Files\Dell\KACE\ Window Vista and Windows 7: C:\Program Files (x86)\Dell\KACE\
The Agent configuration files, logs, and other data are stored in: Window Vista and Windows 7: C:\ProgramData\Dell\KACE Windows XP or earlier: C:\Documents and Settings\All Users\Dell\KACE
2. 3.
Copy the ampagent-5.3.buildnumber-x86.msi file to your local computer. Double-click the file to start the installation and follow the instructions in the install wizard. Be sure to enter the name of your K1000 server.
302
The node information appears in the appliance Inventory within a few minutes. Although the Agent automatically checks in, you can force a check in using the following command line: runkbot 4 0
In a batch file, as part of a logon script, which runs the installer (msiexec) and sets various parameters, such as the value of the host. Set an environment variable for the server name and then run the installer. Change name of the installer, which automatically sets the server name during the install.
This method provides the following parameters: Table E-1: Command line parameters for the Agent Description Windows Installer Tool Install flag Uninstall flag Silent install Log verbose output Auto set host name msiexec or msiexec.exe /i Example: msiexec /i ampagent-5.3.12345-x86 /x Example: msiexec /x ampagent-5.3.12345-x86 /qn Example: msiexec /qn /i ampagent-5.3.12345-x86 /L*v log.txt rename agent_installer.msi_hostname.msi (Renames the install file to the name of the server name, which automatically sets the host name.) Example: msiexec /qn /i ampagent-5.3.32941x86_k1000.kace.com.msi PROPERTY=value (Must use ALL CAPS.) Example: msiexec /qn /i ampagent-5.3.32941-x86.msi HOST=k1000.kace.com Parameter
Set properties
303
Table E-1: Command line parameters for the Agent Description Set server name Parameter set KACE_SERVER=k1000name (Must be followed by an msiexec call to install.) Example: set KACE_SERVER=kbox msiexec /i ampagent-5.2.12345-x86
The ordering of setting the host is as follows: 1. 2. 3. 4. If the installer contains the name of host, use that. If KACE_SERVER is set, use that. If amp.conf has a server, use that. If smmp.conf has a server, use that (when updating from 5.1).
Do not leave empty. Do not set to kbox. Otherwise, the agent will NOT connect to the server.
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v ForceGuest /t REG_DWORD /d 0 /f reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system / v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v FdenyTSConnections /t REG_DWORD /d 0 /f netsh.exe firewall set service type=FILEANDPRINT mode=ENABLE scope=ALL netsh.exe firewall set service type=REMOTEADMIN mode=ENABLE scope=ALL
Windows debugging
1. 2. Open a command window. (Windows Vista and Windows 7 require Run as administrator privileges.) Stop the Agent: net stop ampagent 3. Add the following line to the amp.conf file: debug=true This file is located in: Window Vista and Windows 7: C:\ProgramData\Dell\KACE
304
Windows XP or earlier: C:\Documents and Settings\All Users\Dell\KACE 4. Start the Agent: net start ampagent The output is recorded in various K1000 Agent logs. The Agent normally checks in using the Run Interval schedule specified in the K1000 Agent Settings page. However, you can force a check in outside of the normal schedule by going to C:\Program Files\Dell\KACE\ or C:\Program Files (x86)\Dell\KACE\ and entering: runkbot 4 0
305
4.
Do not leave empty. Do not set to kbox. Otherwise, the agent will NOT connect to the server.
306
Ssl
Mar03
0:00 /
Linux Debugging
1. 2. Open a terminal from Applications > System Tools. Stop the Agent: sudo /etc/rc.d/init.d/AMPctl stop 3. Set debug to true in the amp.conf file in /var/dell/kace/data: cat<<eof/var/dell/kace/data/amp.conf debug=true eof 4. Start the Agent: sudo /etc/rc.d/init.d/AMPctl start The output is recorded in various K1000 Agent Logs. The Agent normally checks in using the Run Interval schedule specified in K1000 Agent Settings page. However, you can force a check in outside the normal schedule by going to /Library/Application Support/Dell/ KACE/bin/ and running: runkbot 2 0
307
308
4.
5.
Macintosh Debugging
1. Open a terminal from Applications > Utilities.
309
2.
3.
4.
Add the following line to the end of the amp.conf file in /Library/Application\ Support/Dell/KACE/data: debug=true
5.
The output is recorded in various K1000 Agent logs. The Agent normally checks in using the Run Interval schedule specified in K1000 Agent Settings page. However, you can force a check in outside the normal schedule by going to /Library/Application Support/Dell/ KACE/bin/ and running: runkbot 2 0
Do not leave empty. Do not set to kbox. Otherwise, the agent will NOT connect to the server. For information about using shell scripts and command lines, see http:// developer.apple.com.
311
Item Domain Motherboard Processors CD/DVD Drives Sound Devices Video Controllers Monitor BIOS Name BIOS Version BIOS Manufacturer BIOS Description BIOS Serial Number Disk Printers Network Interfaces K1000 Agent Agent Version AMP Version AMP Connected KACE ID Database ID Last Inventory Last Sync Last Agent Update User User Logged User Name User Domain Operating System Name Version Build Agent Version. Name of domain.
Description
Main and peripheral buses. CPU count, type, and manufacturer. Configuration of drives installed on the computer. Installed audio devices. Installed video controllers Type and manufacturer of the monitor. BIOS version. BIOS version. BIOS Manufacturer. BIOS Description. BIOS serial number. Number of disk drives, type and size of file system, and amount of disk space used. The printers that the computer is configured to use. Type of network interface, IP Address, MAC address, and whether DHCP is enabled or disabled.
Version of Agent Messaging Protocol. Time of the last connection to the K1000 Agent. KACE ID. Database ID. Time of latest inventory. Time the computer last checked in to the appliance. Time when the Agent was updated. The user currently logged into the computer. User name. The domain that the user belongs to. Name of the operating system. Version number of the operating system. Build of the operating system.
312
Item Number Architecture Installed Date Last System Reboot Last System ShutDown Uptime Since Last Reboot System Directory Registry Size Registry Max Size Notes Software Installed Programs Custom Inventory Fields. Virtual Application Kontainers Uploaded Files
Description Build number of the operating system. Operating system architecture, such as PPC or x64. Date of operating system installation. Last time the operating system was rebooted. Last time the operating system was turned off. How long the operating system has been up. Location of the system directory. Size of the registry. Maximum size of the registry. You can enter any additional information in this field. List of the software and versions installed on the computer. Lists any Custom Inventory fields created for this machine, along with the field name and value. List any Virtual Kontainers on the computer. You use Virtual Kontainers to create virtual versions of supported applications, and deploy and run them on the nodes you administer. Lists the files that have been uploaded to the K1000 Management Appliance from this computer using the upload a file script action. Installed Microsoft Patches. List of running processes. List of startup programs. List of services. The labels assigned to this computer. Labels are used to organize and categorize inventory and assets. Lists any failed managed installs. Managed installations allow deploying software that require installation files. List of managed installations that will be sent to the computer the next time it connects with the appliance. Lists any Service Desk Tickets assigned or submitted by any user of the computer. Lists the patches detected and deployed on the computer.
Installed Patches via Inventory Running Processes Startup Programs Services Activities Labels Failed Managed Installs To Install List Service Desk Tickets Security Patching Detect/Deploy Status
313
Item Threat Level 5 List OVAL Vulnerabilities FDCC/SCAP Configuration Scans Logs K1000 Agent Logs Portal Install Logs Scripting Logs Asset Asset Information Related Assets Asset History
Description Lists any threats that are harmful to any software, process, startup item, or service. Results of OVAL Vulnerability tests run on this computer. Results of FDCC/SCAP Configuration Scans run on this computer. Contains the logs for the K1000 Agent application. A question mark indicates that its status is unknown. Details about User Portal packages installed on this machine. Configuration Policy scripts that have been run on this computer, along with the available status of any scripts in progress. Lists when the record was created and last modified; the asset type, such as computer; and the name of the asset. Lists any related assets. Lists the changes done to the asset of the computer along with the date and time when each change was done.
314
F
Understanding the Daily Run Output
The daily run output is automatically sent to the System Administrator by email every night at 2:00 AM. This appendix contains a sample of the daily run output. Your output may differ from the sample shown. The following syntaxes are the standard freebsd maintenance messages:
Filesystem /dev/ twed0s1a devfs /dev/ twed0s1f /dev/ twed0s1e /dev/ twed0s1d /dev/ twed1s1d
Removing stale files from /var/preserve: Cleaning out old system announcements: Removing stale files from /var/rwho: Backup password and group files: Verifying group file syntax: Backing up mail aliases: Disk status:
315
The above table reports information about your disks. Those of interest are /kbox and /kbackup. /kbox contains all the software for the appliance server. It is also contains the software packages uploaded to the server. If this drive starts getting close to full you must remove old unused packages or contact KACE for an upgrade. /kbackup is the drive where /kbox is backed up. It is generally as full as the / kbox. If it is close to full, you must remove old unused packages or contact KACE for an upgrade.
Network interface status: Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll em0 1500 00:30:48:73:07:4c 332146 0 204673 0 0 em0 1500 192.168.2 kboxdev 308055 201832 em0 1500 fe80:1::230:4 fe80:1::230:48ff: 0 4 em1* 1500 00:30:48:73:07:4d 0 0 0 0 0 plip0 1500 0 0 0 0 0 lo0 16384 699 0 699 0 0 lo0 16384 your-net localhost 699 699 lo0 16384 localhost ::1 0 0 lo0 16384 fe80:4::1 fe80:4::1 0 0
316
The above table reports information about the network status of the appliance. Make sure the Ierrs/Oerrs are zero. Other values indicate some sort of network failure. If you notice consistent errors, contact KACE support for assistance.
Local system status: 3:04PM up 3 days, 4:12, 0 users, load averages: 0.05, 0.20, 0.15 The above indicates the amount of time the appliance has been up since the last time it was powered off. There will not be any users logged onto the machine. The load averages vary depending on the load on appliance was when this report was run.
Mail in local queue: /var/spool/mqueue is empty Total requests: 0 Mail in submit queue: /var/spool/clientmqueue is empty Total requests: 0 Security check: (output mailed separately) Checking for rejected mail hosts:
317
Checking for denied zone transfers (AXFR and IXFR): tar: Removing leading /' from member names The messages above are the standard freebsd messages regarding the health of the mail systems. There should not be mail in the queues. However, if an item still exists, check your SMTP settings from the Settings > Network Settings page.
[Thu Mar 17 15:05:31 PST 2005] K1000 Backup: Backup Complete. Backup files available for off-box storage via ftp. The above message indicates an appliance-specific message telling you that the backups have been successfully completed and are on the /kbackup disk, available through the ftp interface.
[Thu Mar 17 15:05:31 PST 2005] K1000 RAID Status Disk Array Detail Info not available during a rebuild. If Rebuild in progress,% completion listed below Disk Array Detail Status: Unit UnitType Status %Cmpl Port Stripe Size(GB) Blocks ---------------------------------------------------------------------u0 RAID-1 OK 149.05 312579760 u0-0 DISK OK p0 149.05 312579760 u0-1 DISK OK p1 149.05 312579760 Disk Array REBUILD Status: /c0/u0 is not rebuilding, its current state is OK The above table indicates the status of your raid drives. If you ever see the disks degraded or not rebuilding properly, contact KACE support to address the problem.
[Thu Mar 17 15:05:31 PST 2005] K1000 Database Maintenance Daily routines to maintain database performance. DB Table Maintenance Log: # Connecting to localhost... # Disconnecting from localhost... ORG.ADVISORY OK ORG.AUTHENTICATION OK ORG.CATEGORY OK ORG.CLIENT_DISTRIBUTION OK ORG.FILTER OK
318
ORG.FS ORG.FS_LABEL_JT ORG.GLOBAL_OPTIONS ORG.LABEL ORG.LDAP_FILTER ORG.LICENSE ORG.LICENSE_MODE ORG.MACHINE ORG.MACHINE_CUSTOM_INVENTORY ORG.MACHINE_DISKS ORG.MACHINE_LABEL_JT ORG.MACHINE_NICS ORG.MACHINE_PROCESS ORG.MACHINE_SOFTWARE_JT ORG.MACHINE_STARTUP_PROGRAMS ORG.MESSAGE ORG.MESSAGE_LABEL_JT ORG.MI ORG.MI_LABEL_JT ORG.NETWORK_SETTINGS ORG.NOTIFICATION ORG.OPERATING_SYSTEMS ORG.PORTAL ORG.PORTAL_LABEL_JT ORG.PRODUCT_LICENSE ORG.REPORT ORG.SCHEDULE ORG.SERVER_LOG ORG.SOFTWARE ORG.SOFTWARE_LABEL_JT ORG.SOFTWARE_OS_JT ORG.THROTTLE ORG.TIME_SETTINGS ORG.TIME_ZONE ORG.USER ORG.USER_HISTORY ORG.USER_KEYS ORG.USER_LABEL_JT -- End of daily output --
OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK OK
The database is checked every night for any inconsistencies, and these are automatically repaired. If you see any failures from this output, contact Dell KACE Support for assistance.
319
320
G
K1000 Classic Reports
The Dell KACE K1000 Management Appliance 5.3 includes a new reporting engine. See Running the K1000 Appliance Reports on page 221. This appendix contains information on using Reporting from the 5.2 version. These reports are listed under the Classic Reports tab.
Reporting Overview, on page 321 Running Reports, on page 322 Creating and Editing Reports, on page 322 Scheduling Reports, on page 328
Reporting Overview
The K1000 Management Appliance is shipped with many stock reports; select Reporting > Reports to view the list. The reporting engine utilizes XML-based report layouts to generate reports in HTML, PDF, CSV, TXT, and XSL formats. By default, the appliance provides reports in the following general categories:
Compliance Dell updates Hardware Service Desk iPhone K1000 Network Patching Power Management
321
You can duplicate and modify these reports as necessary. However, a strong knowledge of SQL is required to successfully change a report. Opening a CSV file containing multibyte characters with Microsoft Excel may yield "garbage characters" in the resulting worksheet. See Dell KACE Support for instructions on how to import the CSV file into an Excel worksheet.
Running Reports
To run any of the K1000 Management Appliance reports, click the desired format type (HTML, PDF, CSV, XLS, or TXT). For the HTML format, the report is displayed in a new window. If you select PDF, CSV, XLS, or TXT formats, you can open the file or save it to your computer.
Create a new report from scratch. Modify one of the templates provided in the K1000 Management Appliance Template category. Duplicate an existing reportanother way to create a report is to open an existing report and create a copy of it. You can modify the copy to suit your needs. Create a new report using the Report Wizard.
You can create a report using the Table or Chart presentation type:
The Table presentation type is a tabular report with optional row groupings and summaries. The Chart presentation type is a bar, line, or pie chart.
322
2. 3.
In the Choose Action menu, click Add New Report. Enter the report details as shown: Enter a display name for the report. Make this as descriptive as possible, so you can distinguish this report from others. Enter the category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page. Describe the information that the report will provide.
Click the appropriate topic name from the Available Topics list. For example, software. Click the Table presentation type icon. Click Next. Choose table columns: a. Click the Appropriate column name from the Available columns list. b. Click to add that column to the Display Columns list. You can change the column order by clicking or . c. To remove a column from the Display list, click the appropriate column and click .
8. 9.
Click Next. To define the criteria for displaying records in the report: a. Click the appropriate field name from the Available Fields list. Columns that you chose in the previous step appear under display fields. You can also choose a field from among all fields available for that topic. For example, Threat Level. b. Click Add. c. Select the appropriate operator from the comparison drop-down list. For example, Greater Than. d. Enter the appropriate value in the text field, for example, 3. This rule will filter the data and display only software that has Threat Level greater than 3. e. Click OK. The rule is added in the list of Current Rules. You can add more than one rule. f. Click to remove a rule from the list of Current Rules.
g. Select the Use Expanded logic check box to use expanded logic. Expanded logic enables you to define a syntactic structure for your rules to override operator precedence. h. Click Check Syntax to check whether the rule syntax is valid. i. Once you add more than one rule, you can click Move Up or Move Down to change the order of rules. 10. Click Next.
323
11. To choose columns to be displayed in the report: a. Click the Appropriate column name from the Available columns list. b. Click to add that column to the Display Columns list. You can change the column order by clicking or . c. To remove a column from the Display list, click the appropriate column and click 12. Click Next. 13. (Optional) Customize the report layout. You can drag to set column order, width and add spacers. You can drag and drop between columns as well as between columns and spacer. Click on the column and report headings for further menu of labels, grouping, summary, and other options. The available options are: Title Spacer Column Click the report title to select title and page options. Click spacer to add an empty column. Click column to select various column options. .
14. Click Save to save the report. The K1000 Reports page is displayed with the new report in the list. To run the new report, click the desired format (HTML, PDF, CSV, XLS, or TXT). For the HTML format, the report is displayed in a new window. If you select PDF, CSV, XLS, or TXT formats, you can open the file or save it to your computer. You can jump to steps 1-5 of the Reporting Wizard. Step 1 and Step 2 are mandatory and cannot be left blank.
324
4. 5. 6. 7.
Click the appropriate topic name from the Available Topics list. For example, software. Click the Chart presentation type icon. Click Next. To choose table columns: a. Click the Appropriate column name from the Available columns list. b. Click to add that column to the Display Columns list. You can change the column order by clicking or . c. To remove a column from the Display list, click the appropriate column and click .
8. 9.
Click Next. To define the criteria for displaying records in the report: a. Click the Appropriate field name from the Available Fields list. Columns that you chose in the previous step appear under display fields. You can also choose a field from among all fields available for that topic. For example, Threat Level. b. Click Add. c. Select the appropriate operator from the comparison drop-down list. For example, Greater Than. d. Enter the appropriate value in the text field. For example, 3. This rule will filter the data and display only software that has Threat Level greater than 3. e. Click OK. The rule is added in the list of Current Rules. You can add more than one rule. f. Click to remove a rule from the list of Current Rules.
g. Select the Use Expanded logic check box to use expanded logic. Expanded logic enables you to define a syntactic structure for your rules to override operator precedence. h. Click Check Syntax to check whether the rule syntax is valid. i. Once you add more than one rule, you can click Move Up or Move Down to change the order of rules. 10. Click Next. 11. Select the appropriate chart type from the following: Simple 3-D Bar: Displays categories along the X-axis, values along the Y-axis. 3-D Pie: Displays a slice for each category. The corresponding value determines the size of the slice. Line: Displays categories or dates along the X-axis, values along the Y-axis.
12. Select the appropriate category field from the Category Field drop-down list.
325
13. Select the summary from the Summary drop-down list, beside appropriate Value field name. If you have more than one Value field, you can change the value field order by clicking or . 14. Select the Show legend check box to display a legend in the chart. 15. Specify the Chart width and Chart height in pixels, in the text fields. 16. Click Save to save the report. The K1000 Reports page is displayed with the new report in the list. You can jump to steps 1-5 of the Reporting Wizard. Step 1 and Step 2 are mandatory and cannot be left blank.
326
Report Category Output File Name Description Output Types SQL Select Statement Break on Columns
The category for the report. If the category does not already exist, it will be added to the drop-down list on the Reports list page. The name for the file generate when this report is run. Describe the information that the report provides. Select the appropriate formats that should be available for this report. The query statement that will generate the report data. For reference, consult the MYSQL documentation. A comma-separated list of SQL column names. The report will generate break headers and sub totals for these columns. This setting refers to the autogenerated layout. Click this check box to regenerate the XML Report Layout using new columns. If you changed only a sort order or a where clause, you don't need to recreate the layout. If you changed the columns that the query returns, the XML Report Layout is regenerated based on your SQL.
4.
Click Save. The K1000 Management Appliance reports use JasperReports open source JRXML format. Use the JasperReports iReports tool to change the way your reports are formatted. Information and documentation are available at: http://jasperforge.org/. Once you click Save, the report wizard is disabled for that report.
327
Output File Name Description Output Types SQL Select Statement Break on Columns
Edit or enter the name for the file generate when this report is run. Describe the information that the report will provide. Select the appropriate formats that should be available for this report. Edit or enter the query statement that will generate the report data. For reference, consult the MYSQL documentation. A comma-separated list of SQL column names. The report will generate break headers and sub totals for these columns. This setting refers to the autogenerated layout. Click this check box to regenerate the XML Report Layout using new columns. If you changed only a sort order or a where clause, you don't need to recreate the layout. If you changed the columns that the query returns, the XML Report Layout is regenerated based on your SQL.
6.
Click Save. If you manually change a reports SQL statement, you cannot use the Report Wizard to change it later.
Scheduling Reports
Reports can be scheduled from the Schedule Reports tab. From the Report Schedules List page you can open existing schedules, create new schedules, or delete them. You can also search schedules using keywords.
328
Reports
Select the Reports or Classic Reports radio button based on the type of report you are scheduling. This determines which of reports are listed in the Select report to schedule drop-down list. Click the desired output report format (PDF, Excel, CSV, or TXT) that should be available for this scheduled report. Recipients Click the icon to enter the recipients e-mail address, or choose Select user to add from the drop-down list. This is a mandatory filed. Enter the subject of the schedule. The subject can help to quickly identify what the schedule is about. Enter the message text in the notification.
Specify the scan schedule as follows: Run in combination with an event rather than on a specific date or time. Run the scan at a specified hour interval. Run daily at a specified time. -orRun on specified day of the week at a specified time. Run monthly at the specified time. -orRun on a specified day of the month at a specified time.
Dont Run on a Schedule Run Every n hours Run Every day/specific day at hour:minute Run on the nth of every month/specific month at hour:minute 5.
To run a schedule
To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Click Reporting > Schedule Reports. The Report Schedules page appears. 2. 3. Click the check boxes for the schedules you want to run. In the Choose Action menu, click Run Selected Schedules Now.
To delete a schedule
To perform these steps, be sure to select your organization from the Organization dropdown list in the top-right hand corner of the page. 1. Click Reporting > Schedule Reports.
329
The Report Schedules page appears. 2. 3. 4. Click the check box for the schedules you want to delete. In the Choose Action menu, click Delete Selected Item(s). Click Yes to confirm deleting the schedules.
330
H
Warranty, Licensing, and Support
Apache EZ GPO FreeBSD Knoppix Microsoft Windows OpenSSL PHP Samba Sendmail
Apache
This product (Dell KACE K1000 Management Appliance) includes software developed by The Apache Software Foundation (http://www.apache.org/). Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
331
1.
Definitions. License shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. Licensor shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. Legal Entity shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, control means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. You (or Your) shall mean an individual or Legal Entity exercising permissions granted by this License. Source form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. Object form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. Work shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). Derivative Works shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. Contribution shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, submitted means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as Not a Contribution. Contributor shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
2.
Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, nocharge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You
3.
332
institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: a. You must give any other recipients of the Work or Derivative Works a copy of this License; and b. You must cause any modified files to carry prominent notices stating that You changed the files; and c. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and d. If the Work includes a NOTICE text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. e. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of
6.
7.
333
TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
9.
EZ GPO
Copyright (c) 2003-2007, The Environmental Protection Agency. All of the documentation and software included in the EZ GPO PC Monitor Power Management Tool software is copyrighted by the Environmental Protection Agency. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the Environmental Protection Agency nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE ENVIRONMENTAL PROTECTION AGENCY AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FEDERAL GOVERMENT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
334
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
FreeBSD
This product (Dell KACE K1000 Management Appliance) includes software developed by Free Software Foundation, Inc. GNU GENERAL PUBLIC LICENSE, Version 2, June 1991. Copyright (C) 1989, 1991 Free Software Foundation, Inc.,675 Mass Ave, Cambridge, MA 02139, USA.Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must
Administrator Guide, Version 5.3 335
be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
1.
This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The Program, below, refers to any such program or work, and a work based on the Program means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term modification.) Each licensee is addressed as you. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.
2.
You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
3.
You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b. You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c. If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do
336
not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 4. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a. Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b. Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c. Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 5. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
337
6.
You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
7.
8.
9.
If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
10. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and any later version, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version
338 Administrator Guide, Version 5.3
number of this License, you may choose any version ever published by the Free Software Foundation. 11. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 12. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS
Knoppix
This product (Dell KACE K1000 Management Appliance) includes the Knoppix software developed by Klaus Knopper. Knoppix is a registered trademark of Klaus Knopper. The KNOPPIX software collection and all included programs that are authored by Klaus Knopper, are subject to the terms and conditions of the GNU GENERAL PUBLIC LICENSE Version 2, as quoted herein. Please note that this license does NOT automatically apply to third-party programs included on this CD. Check /usr/share/doc/*/copyright* and other supplied license files of each software package carefully for more information. GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is
339
intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION. 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may
340
charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
3.
The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the
341
executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the
5.
6.
7.
8.
9.
342
present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
NO WARRANTY
1. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. <one line to give the program's name and a brief idea of what it does.> Copyright (C) <year> <name of author> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite
343
330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. <signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License.
Microsoft Windows
This Product is designed for use in supporting the deployment of the following operating systems: Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows 98 Second Edition, Microsoft Windows Millennium Edition, Microsoft Windows NT Workstation 4 Service Pack 5 or later, Microsoft Windows NT Server 4 Service Pack 5 or later, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server (Standard, Advanced and Datacenter Editions), Microsoft Windows XP Professional, Microsoft Windows XP Tablet PC Edition, Microsoft Windows XP Media Center Edition, or Microsoft Windows Server 2003 (Web, Standard, Enterprise and Datacenter Editions). This Product is designed for use on processor architectures supported by the operating system that the Product was built from: e.g., the x86 32-bit version may only deploy X86 32-bit Microsoft operating systems, the Intel Itanium version may only deploy versions of Microsoft Windows designed for this architecture, and the 64-bit extended version may only deploy versions of Microsoft Windows designed for this architecture. The Product may not function properly with other operating system products or other processor architectures.
OpenSSL
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [email protected].
OpenSSL License
Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
344
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. 2. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".
3.
5. 6.
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]).
345
documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]). Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. 2. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young ([email protected])". The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-). 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson ([email protected])".
3.
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed, i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]
PHP
This product (Dell KACE K1000 Management Appliance) includes software developed by The PHP Group. The PHP License, version 3.0. Copyright (c) 1999 - 2004 The PHP Group. All rights reserved.
346
Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following conditions are met: 1. 2. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. The name PHP must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. Products derived from this software may not be called PHP, nor may PHP appear in their name, without prior written permission from [email protected]. You may indicate that your software works in conjunction with PHP by saying Foo for PHP instead of calling it PHP Foo or phpfoo. The PHP Group may publish revised and/or new versions of the license from time to time. Each version will be given a distinguishing version number. Once covered code has been published under a particular version of the license, you may always continue to use it under the terms of that version. You may also choose to use such covered code under the terms of any subsequent version of the license published by the PHP Group. No one other than the PHP Group has the right to modify the terms applicable to covered code created under this License. Redistributions of any form whatsoever must retain the following acknowledgment: This product includes PHP, freely available from <http://www.php.net/>. THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3.
4.
5.
6.
This software consists of voluntary contributions made by many individuals on behalf of the PHP Group. The PHP Group can be contacted via Email at [email protected]. For more information on the PHP Group and the PHP project, please see <http:// www.php.net>. This product includes the Zend Engine, freely available at <http:// www.zend.com>.
Samba
GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA
347
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
348
0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b. You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c. If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
349
Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a. Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b. Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c. Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.
5.
350
6.
Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
7.
8.
If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.
9.
10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be
Administrator Guide, Version 5.3 351
guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS
Sendmail
This product (Dell KACE K1000 Management Appliance) includes software developed by Sendmail, Inc. SENDMAIL LICENSE The following license terms and conditions apply, unless a different license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor, Emeryville, CA 94608, USA, or by electronic mail at [email protected]. License Terms: Use, Modification and Redistribution (including distribution of any modified or derived work) in source and binary forms is permitted only if each of the following conditions is met: 1. Redistributions qualify as freeware or Open Source Software under one of the following terms: a. Redistributions are made at no charge beyond the reasonable cost of materials and delivery. b. Redistributions are accompanied by a copy of the Source Code or by an irrevocable offer to provide a copy of the Source Code for up to three years at the cost of materials and delivery. Such redistributions must allow further use, modification, and redistribution of the Source Code under substantially the same terms as this
352
license. For the purposes of redistribution Source Code means the complete compilable and linkable source code of sendmail including all modifications. 2. Redistributions of source code must retain the copyright notices as they appear in each source code file, these license terms, and the disclaimer/limitation of liability set forth as paragraph 6 below. Redistributions in binary form must reproduce the Copyright Notice, these license terms, and the disclaimer/limitation of liability set forth as paragraph 6 below, in the documentation and/or other materials provided with the distribution. For the purposes of binary distribution the Copyright Notice refers to the following language: Copyright (c) 1998-2003 Sendmail, Inc. All rights reserved. Neither the name of Sendmail, Inc. nor the University of California nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission. The name sendmail is a trademark of Sendmail, Inc. All redistributions must comply with the conditions imposed by the University of California on certain embedded code, whose copyright notice and conditions for redistribution are as follows: a. Copyright (c) 1988, 1993 The Regents of the University of California. All rights reserved. b. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: (i) Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. (ii) Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. (iii) Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY SENDMAIL, INC. AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SENDMAIL, INC., THE REGENTS OF THE UNIVERSITY OF CALIFORNIA OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
3.
4.
5.
353
354
Index
A
active directory settings 192 adding software to inventory 92 Administering 259 administering Mac OS nodes 259 administration applying the server update 201 backing up data 196 disk logs, understanding 206 k1000_dbdata.gz file 196 k1000_file.tgz file 196 logs, accessing 203 restarting your appliance 202 restoring appliance settings 198 restoring factory settings 199 restoring most recent backup 198 troubleshooting 203 troubleshooting your appliance 203 updating appliance software 199 updating OVAL definitions 202 updating the license key 200 upgrading server software 196 verifying minimum server version 199 advanced search using for computer inventory 85 advanced search for software 91 agent running confirmation 309 agents about 16 operating system requirements 66 alert messages to users using 233 alert summary description 30 alerts AMP connection required for 233 broadcast 233 email 234 email, creating 234 license compliance 39 with scripts 167 alternate download location 128 AMP connection about 80 AMP Message Queue 80 AMP message queue 80 Apache software copyright 331 AppDeploy viewing live content 106 AppDeploy Live 106 enabling for your appliance 106 appliance administration overview 195 appliance agent logs 89 appliance revision level 30 applying the server update 201 Auto Provisioning 69 manual 196 bandwidth, replication replication bandwidth 151
C
client bundle 78 clients check-in rate monitor 25 connection meter 27 Clients Connected Meter 27 command line deployment Linux agent 305 Mac OS agent 308 Windows agent 302, 303 components finding 30 compression mode 9 138 computer detail page 87 computer details appliance agent logs 89 viewing by label 55 computer inventory detail page 87 computer notifications 86 computers 86 adding to inventory 89 inventory 83 searching for in inventory 85 statistics 29 configuration KACE K1200 35 policies 178 configuration polices about 178 configuration settings 35 configuring Dell OpenManage catalog updates 158 creating an LDAP label with the browser 211 creating computer notifications 86 creating IP scans 120 Custom Data Fields 94 Custom Inventory ID (rule) 273
D
Daily Run Output 315 data retention 39 database tables 295 debugging logs Mac OS 309 Default Role 245 Delete a configuration 74 Dell Open Manage, with Dell Updates tab 155 Dell Updates configuring the OpenManage catalog 158 patching, compared 156 replication 151 using to maintain your Dell systems 155 workflow 156 deployments compared with updates 156 desktop settings desktop shortcuts wizard 181 desktops settings enforcement 180
B
backing up appliance data 196 backup files downloading 197 backups
355
Index
wallpaper 180 desktops, remote troubleshooting 180 detection inventory term used instead 156 Digital Asset 95 disabling KACE K1000 links 51 disk logs understanding 206 Distribution Distributing Packages from the appliance 127 Distributing Packages through an Alternate Location 128 Types of Distribution Packages 126 distributions monitor 25 download location, alternate 128 downloading backup files 197 Duplicate a configuration 74
E
E-mail Alerts 234 enabling KACE K1000 appliances for switching between KACE K1000 consoles 51 environmental policies Mac OS 190 Windows 188 Event Log Reporter 181 exporting appliance resources 111 exporting resources to other organizations 116 EZ GPO copyright 334
computers, adding 89 computers, searching for 85 creating smart labels 86 detection term used instead 156 overview 83, 84 service 102 software, managing 91 startup programs 100 inventory tab using 83 IP addresses scanning for 119 IP scan 119 creating 120 overview 119 scheduling 119 IP scan inventory in the IP Scan chapter 84 IP Scan Smart Label 123
K
K1000 software deployment components 17 K1000 Agent Update Update K1000 Agent Automatically 79 KACE K1000 components 15 configuration settings 35 hardware specifications 16 installing 15 server, setting up 18 setting up 15 KACE K1000 appliance linking about 49 configuring 49 KACE K1000 appliances linking 50 KACE K1000 Modules 21 KACE K1200 configuration 35 KNOPPIX copyright 339 KScripts about 162
F
file synchronizations 143 creating 143 filters computers by organizational unit 87 data filters 249 organization filter 253 testing 253 for computer inventory 86 FreeBSD copyright 335 FTP making backups writable 44
G
getting started 15
L
Label Groups 59 Labels 105 Label Groups 59 labels 53 Labels tab overview 32, 53 LDAP labels 32, 53 labels, creating with the browser 211 LDAP Browser Wizard 214 LDAP Easy Search 213 LDAP Filters 209 licence compliance configuring alerts 39 License Compliance 26 License Compliance Gauge 39 linking KACE K1000 appliances 50
H
hardware inventory, creating 83 hardware specifications for KACE K1000 16 Home component 23
I
importing KACE K1000 resources 111 inventory advanced search 85 agent logs 89 computer notifications 86 computers 84 computers detail page 87
356
Index
disabling links 51 enabling 50, 51 Linux manual deployment of KACE K1000 appliance agent on 305 log files script 177 Login Script 301 logs agent logs 89
Mac OS agent 308 Windows agent 302, 303 Manual Deployment of KACE K1000 appliance agent 301 MIA inventory 104 MIA Computers 104 MIA Settings 104 Microsoft Windows copyright 344 MSI Installer policy 182
M
Mac OS 259 administering 259 distribution tab differences 260 examples of common deployments on 260 inventory tab differences 259 managed installation for 260 patching tab differences 263 policies 189 power management 190 supported OSs 259 supported releases 66 VNC Settings for 192 Mac OS nodes 308, 309 checking into active directory 193 debugging logs 309 manual agent version check 309 manual inventory check 309 manually removing agent 308 verifying agent 309 Mac OS policies enforce active directory settings 192 Mac OS Users Distribution 260 Inventory 259 Patching 263 Macintosh 259 manual deployment of KACE K1000 appliance agent on 308 make FTP writable 44 managed installation 129 managed installations EXE example 137 Linux examples 139 Mac OS nodes 260 Macintosh examples 143 MSI Example 134 parameters 129 standard RPM Example 139 standard TAR.GZ Example 142 Windows platform 130 ZIP example 137 Managed Operating Systems 27 managing your MIA inventory 104 managing your processes inventory 97 managing your service inventory 102 managing your software inventory 91 managing your startup program inventory 100 manual backups 196 manual deployment Linux Agent 305
N
network scan summary description 30 Network Settings 40, 42 Network Utilities 52 nodes check-in rate 25
O
Offline KScripts 162 Online KScripts 162 alerting users with 167 online shell scripts about 163 Open Manager Dell maintenance 155 OpenSSL copyright 344 operating system requirements 66 Organization File Shares 45 organization filter 253 Organizational Components 17 Organizational Filters 248 LDAP Filter 249 organizational filters data filters 249 Organizational Management 237 upgrading KACE K1000 software with 31 Organizational Roles 245 Organizations 237 organizations transferring KACE K1000 resources between 115 OVAL information (description of field) 30
P
packages enabled and disabled 29 patch agent 78 patching Dell Updates, compared 156 replicating language patches 151 replicating OS patches 151 updating patch definitions from KACE 201 path bulletin information description 30 PHP copyright 346 policies configuration 178 Mac OS-based 189 Windows-based, using 179 Port 443 45
357
Index
Port 80 45 Power Management windows 188 Windows configuration 189 power management Mac OS 190 retaining information about 39 processes inventory, about 97 Provisioning Results 75 provisioning results page 75
Run Now tab using to run scripts 175 running classic reports 321 running reports 221
S
Samba copyright 347 SAMBA share using to transfer resources between KACE K1000 appliances 111 scanning networks for IP addresses 119 scheduling IP scans 119 scripting adding steps to 265 tasks you can automate 162 scripting component Search Logs 177 scripting module overview 161 scripts adding 166 adding steps to 265 alerts with 167 duplicating 174 editing 172 importing 173 log files 177 online shell scripts 163 reusing 174 Run Now function 174 running as local admin 167 running as user 167 running immediately 174 token replacement variables 165 Windows registry settings 179 Windows-based policy Wizards 179 searching for computers in your inventory 85 searching for using computer notifications 86 Security Settings 44 Sendmail copyright 352 servers tasks in progress 28 service inventory, managing 102 Service Desk overview 16 session timeout about 36 resetting 36 setting up your KACE K1000 series 15 setting up your KACE K1000 server 18 shell scripts 163 single sign-on 51 configuring 49 enabling 50, 51 Smart Labels creating 60, 61 editing 61 IP Scan 123 ordering 62 smart labels 53, 86 software
R
Redirecting computer(s) 254 Refiltering computer(s) 253 registry settings Windows, for 179 remote desktops behavior 180 replication copying schedules replication schedules importing 152 Dell Updates 151 language patches 151 OS patches 151 scheduling 151 stopping 152 replication schedule 151 replication share 148 details 152 procedure to create 149 replication shares deleting 152 Report Wizard limitations 328 reports 221, 321 creating a new SQL report 228 creating and running 223 creating using Report Wizard 225 define email notifications 231 delete a scheduled reports 233 duplicating an existing report 229 editing an existing report 229 format types 222 layout 223 overview 221, 321 running 221, 222, 321, 322 schedule time report runs 232 scheduling 229 select a report if starting from the Schedule icon 230 select a report if starting from the Schedule Reports tab 230 SQL, editing 328 resources exporting 116 transferring 111 restoring appliance settings 198 revision of KACE K1000 software 30 Run As feature 167 run as Wizards 179 Run Now function 174
358
Index
inventory, creating 83 statistics 29 un-installer 186 Software Asset 94 Software Deployment Components 17 software deployment components 17 software distribution summary 29 software inventory 91 software revision level 30 Software Threat Level 26 software threat level graph 26 SQL editing 328 SSL Certificate File 45 SSL Certificate Wizard 45 start and stop the agent 308 Startup 100 startup inventory, managing 100 statistics, computer 29 statistics, software 29 Steps for Task sections 265 support information AppDeploy 106 synchronizations, file 143 System Admin Console Users 243 system console 16 System requirements 66
User Authentication 215 users time limit on sessions 36 utility rebates Mac OS 190 Windows 188
V
verifying minimum server version 199 viewing computer details by label 55 VNC controlling on Mac OS X 192 VNC settings Mac OS policies 192
W
Wake-on-LAN overview 146 request, issuing 146 scheduling requests 147 troubleshooting 147 wallpaper controlling 180 warranty Information 331 Windows Automatic Update Settings 186 configuring Power Management 189 manual deployment of KACE K1000 appliance agent on 302, 303 Power Management 188 Windows Debugging 204 Windows operating system requirements 66 Windows policies 179 enforce registry settings 179 WinZip compression levels 138
T
Tasks In Progress 28 time limit on open inactive user sessions 36 token replacement variables 165 transferring appliance resources between organizations 115 transferring resources about 111 transferring resources between KACE K1000 appliances 111 troubleshooting remote desktops 180 Wake-on-LAN 147 Troubleshooting Tools 51 troubleshooting your appliance 203 types of reports 221, 321
U
UltraVNC Wizard 184 Unpacking the Appliance 18 updates compared with deployments 156 Dell Updates and patching 156 updating OVAL definitions 202 updating the license key 200 upgrades, KACE K1000 31 upgrading your appliance 196 uploading files to restore settings 198 uploading large FTP files troubleshooting 44 user alert messages about 233
359
Index
360