KACE® Systems Management Appliance 8.0

KACE® Systems Management Appliance 8.0
Administrator Guide
Table of Contents
About the KACE Systems Management Appliance (SMA)...................................................................26
About KACE SMA components.....................................................................................................26
About the Administrator Console...................................................................................................27
Components available in Admin mode without the Organization component........................31
Components available in Admin mode with the Organization component enabled............... 34
Components available in System mode with the Organization component enabled............. 36
Using the Home component.................................................................................................. 38
About Dashboards..........................................................................................................38
View the Dashboard in Admin mode............................................................................. 38
View the Dashboard in System mode........................................................................... 39
Customize Dashboard pages.........................................................................................40
About Dashboard widgets.............................................................................................. 41
View Dashboard details................................................................................................. 48
View the KACE SMA version, model, and license information...................................... 50
View KACE SMA license information............................................................................ 51
About appliance software updates.................................................................................52
About labels....................................................................................................................52
Searching for information and filtering lists........................................................................... 53
Search at the Admin level..............................................................................................53
Search at the page level................................................................................................53
Searching at the page level with advanced options...................................................... 54
Create Custom Views using Advanced Search criteria................................................. 56
Access product documentation...................................................................................... 57
Log in to the Administrator Console: First login following initial network configuration.......... 59
Getting started....................................................................................................................................... 61
Configuring the appliance..............................................................................................................61
Requirements and specifications........................................................................................... 61
Power-on the appliance and log in to the Administrator Console..........................................61
Access the Command Line Console..................................................................................... 63
Tracking configuration changes............................................................................................. 64
Configuring System-level and Admin-level General Settings................................................ 64
Configure appliance General Settings with the Organization component enabled........ 64
Configure Admin-level or organization-specific General Settings.................................. 69
Configure appliance General Settings without the Organization component.................73
Configure appliance date and time settings.......................................................................... 78
Verifying port settings, NTP service, and website access.....................................................79
KACE Systems Management Appliance 8.0 Administrator Guide
2
Verify port settings......................................................................................................... 79
Verifying the status of the NTP service......................................................................... 80
Make necessary websites accessible to the KACE SMA.............................................. 81
Configuring network and security settings.............................................................................81
Change appliance network settings............................................................................... 81
Configure local routing tables........................................................................................ 84
Configure local web server settings and whitelist hosts................................................ 85
Configure security settings for the appliance.................................................................86
Configure Active Directory as the single sign on method.............................................. 90
Generate an SSL certificate...........................................................................................92
Configuring Agent settings.....................................................................................................93
About Konea...................................................................................................................93
Configure Agent settings................................................................................................93
Configuring session timeout and auto-refresh settings......................................................... 95
Set session timeout........................................................................................................95
Set auto-refresh properties............................................................................................ 96
Configuring locale settings.....................................................................................................96
How locale settings are applied..................................................................................... 96
Configure locale settings for the Administrator Console and the Command Line
Console.................................................................................................................................................. 97
Configure locale settings for the User Console............................................................. 97
Configure locale settings for organizations....................................................................98
Configure locale settings for users................................................................................ 99
Configure data sharing preferences...................................................................................... 99
About DIACAP compliance requirements............................................................................100
Enable or disable the Acceptable Use Policy.............................................................. 100
Configuring Mobile Device Access...................................................................................... 101
Enable Mobile Device Access for the appliance..........................................................101
Enable Mobile Device Access for users...................................................................... 102
Download and use KACE GO..................................................................................... 103
Disable Mobile Device Access on the appliance......................................................... 104
Disable Mobile Device Access for users..................................................................... 104
Enable fast switching for organizations and linked appliances........................................... 104
Linking Quest KACE appliances..........................................................................................105
Enable appliance linking.............................................................................................. 106
Add Names and Keys to appliances............................................................................106
Enable access to Federation API settings................................................................... 107
Disable appliance linking..............................................................................................108
Configuring history settings..................................................................................................108
KACE Systems Management Appliance 8.0 Administrator Guide
3
About history settings...................................................................................................108
Managing settings history............................................................................................ 109
Managing asset history................................................................................................ 110
Managing object history............................................................................................... 111
Using change history information.................................................................................112
Setting up and using labels to manage groups of items.............................................................113
About labels......................................................................................................................... 113
About Smart Labels......................................................................................................114
About LDAP Labels......................................................................................................114
About label groups....................................................................................................... 115
About organization filters..............................................................................................115
Tracking changes to label settings...................................................................................... 115
Managing manual labels...................................................................................................... 115
Add or edit manual labels............................................................................................ 115
View manual label details............................................................................................ 117
Delete manual labels....................................................................................................117
Managing Smart Labels....................................................................................................... 118
Add Smart Labels.........................................................................................................118
Example: Combine Smart Labels to identify devices...................................................119
Edit Smart Labels.........................................................................................................120
Setting up labels for user accounts............................................................................. 121
Using Smart Labels for patching..................................................................................122
Using Smart Labels with Discovery Results................................................................ 124
Adding Smart Labels for devices................................................................................. 125
Assign the Smart Label run order................................................................................129
Delete Smart Labels.....................................................................................................129
Managing label groups........................................................................................................ 130
Add, view, or edit label groups.................................................................................... 130
Assign labels to or remove labels from label groups...................................................131
Delete label groups...................................................................................................... 131
Managing LDAP Labels....................................................................................................... 132
Add or edit LDAP Labels............................................................................................. 132
Enable LDAP Labels.................................................................................................... 134
Delete LDAP Labels.....................................................................................................134
Use the LDAP Browser................................................................................................ 135
Configuring user accounts, LDAP authentication, and SSO....................................................... 136
About user accounts and user authentication..................................................................... 136
About locale settings............................................................................................................136
KACE Systems Management Appliance 8.0 Administrator Guide
4
Managing System-level user accounts................................................................................ 137
Add or edit System-level user accounts...................................................................... 137
Manage appliance administrator email notifications.................................................... 138
Delete System-level user accounts..............................................................................139
Managing organization user accounts................................................................................. 140
Add or edit User Roles................................................................................................ 140
Delete User Roles........................................................................................................ 141
Add or edit organization user accounts....................................................................... 141
Customize user details.................................................................................................143
Archive user accounts..................................................................................................144
View or edit user profiles..................................................................................................... 144
Using an LDAP server for user authentication.................................................................... 146
About the login account on your LDAP server............................................................ 146
Configure and test LDAP user authentication..............................................................147
Importing users from an LDAP server................................................................................. 149
Import user information manually.................................................................................149
Import user information according to a schedule.........................................................152
About single sign on (SSO)................................................................................................. 155
Using external LDAP or Active Directory servers for single sign on............................ 155
Enabling and disabling single sign on................................................................................. 155
Enable single sign on...................................................................................................156
Disable single sign on..................................................................................................156
Using Active Directory for single sign on.............................................................................156
Configure Active Directory as the single sign on method............................................ 156
Configuring browser settings for single sign on...........................................................158
Unjoin the domain and disable Active Directory single sign on................................... 159
Using Replication Shares............................................................................................................ 160
Create Replication Shares................................................................................................... 161
View Replication Share details............................................................................................ 163
Managing credentials...................................................................................................................164
Tracking changes to Credentials Management settings......................................................164
Add and edit Secret Key credentials................................................................................... 164
Add and edit User/Password credentials.............................................................................165
Add and edit Google OAuth credentials.............................................................................. 166
Add and edit SNMP credentials.......................................................................................... 167
View credential usage..........................................................................................................169
Create reports from the Credentials Management list.........................................................169
Export credentials information............................................................................................. 170
KACE Systems Management Appliance 8.0 Administrator Guide
5
Delete credentials................................................................................................................ 170
Configuring assets....................................................................................................................... 171
About the Asset Management component.......................................................................... 171
Using the Asset Management Dashboard...........................................................................171
About the Asset Management Dashboard widgets......................................................172
Customize the Asset Management Dashboard........................................................... 173
About managing assets....................................................................................................... 174
How asset information differs from inventory information............................................ 174
Identifying the assets to track...................................................................................... 175
View assets and search for asset information............................................................. 175
Add barcodes to assets............................................................................................... 176
Change device owners.................................................................................................176
View and configure asset lifecycle settings................................................................. 177
Adding and customizing Asset Types and maintaining asset information........................... 178
About Asset Types....................................................................................................... 178
Customizing Asset Types.............................................................................................179
About Asset Subtypes, custom fields, and device detail preferences..........................184
Managing Software assets...................................................................................................191
Customize the Software Asset Type............................................................................191
Adding Software assets............................................................................................... 192
Managing physical and logical assets................................................................................. 194
Add physical Asset Types............................................................................................194
Archive device Assets.................................................................................................. 196
Maintaining and using manual asset information................................................................ 196
Managing locations.............................................................................................................. 197
Manage locations......................................................................................................... 197
Add or edit locations.................................................................................................... 198
Customize location fields............................................................................................. 199
Managing contracts..............................................................................................................200
Manage contracts.........................................................................................................201
Add or edit contracts....................................................................................................201
Managing licenses............................................................................................................... 204
Manage licenses.......................................................................................................... 204
Add or edit licenses..................................................................................................... 204
Setting up License Compliance...................................................................................................208
About License Compliance for Software Catalog applications............................................ 208
About license upgrades................................................................................................208
About license downgrades........................................................................................... 209
KACE Systems Management Appliance 8.0 Administrator Guide
6
Customize the License Asset Type..................................................................................... 209
Add License assets for Software Catalog inventory............................................................210
Add License assets for Software page inventory................................................................ 214
Importing license data in CSV files..................................................................................... 218
How asset information is handled during import..........................................................218
Importing asset data using CSV files...........................................................................218
Managing License Compliance................................................................................................... 220
View License Compliance information for Software Catalog applications........................... 221
Update software License Compliance information manually............................................... 223
Customize license usage warning thresholds..................................................................... 223
View License Compliance and Configuration information................................................... 224
Setting up Service Desk.............................................................................................................. 225
Setting up roles for user accounts.......................................................................................225
About default roles....................................................................................................... 225
Create a Service Desk staff role..................................................................................226
Assign user roles..........................................................................................................228
Apply labels and roles to Service Desk staff............................................................... 228
Create the DefaultTicketOwners account.................................................................... 229
Configuring email settings....................................................................................................230
About email notifications.............................................................................................. 230
About Ticket Rules....................................................................................................... 231
About POP3 email accounts........................................................................................ 231
Create and configure POP3 email accounts................................................................231
Configure email preferences........................................................................................ 232
Configuring email triggers and email templates...........................................................233
Configure CC lists for ticket categories....................................................................... 240
Automatically add email addresses to ticket CC List fields......................................... 241
Exclude addresses from ticket CC List fields.............................................................. 242
Prevent email loops......................................................................................................242
Configure the Cache Lifetime for Service Desk widgets.............................................................243
Creating and managing organizations.........................................................................................244
About organizations............................................................................................................. 244
About the Default organization.....................................................................................244
Tracking changes to organization settings.......................................................................... 244
Managing Organization Roles and User Roles................................................................... 244
Available default roles.................................................................................................. 245
Add or edit Organization Roles....................................................................................246
Duplicate Organization Roles.......................................................................................246
KACE Systems Management Appliance 8.0 Administrator Guide
7
Delete roles.................................................................................................................. 247
Adding, editing, and deleting organizations.........................................................................248
Add or edit organizations............................................................................................. 248
Delete organizations.....................................................................................................252
Customizing the logos used for the User Console and organization reports............... 252
Managing user accounts for organizations..........................................................................252
Managing organization filters............................................................................................... 253
How organization filters work....................................................................................... 253
Add or edit organization Data Filters........................................................................... 253
Add or edit organization LDAP Filters......................................................................... 254
Test organization filters................................................................................................ 256
Delete organization filters.............................................................................................256
Managing devices within organizations............................................................................... 256
Using Advanced Search...............................................................................................257
Filter devices................................................................................................................ 257
Redirect devices...........................................................................................................257
Understanding device details...............................................................................................257
Running single organization and consolidated reports........................................................258
Importing and exporting appliance resources............................................................................. 258
About importing and exporting resources............................................................................258
Transferring resources among appliances using Samba share directories.........................258
Export resources from an appliance............................................................................ 259
Import resources to an appliance................................................................................ 259
Transferring resources among organizations...................................................................... 260
Export resources from organizations........................................................................... 260
Import resources to organizations................................................................................261
Managing exported resources at the System level............................................................. 261
View or delete shared resources................................................................................. 261
Move shared resources from the local KACE SMA to network locations.................... 261
View or delete the status of resource exports............................................................. 262
Managing inventory............................................................................................................................. 263
Using Device Discovery...............................................................................................................263
About Device Discovery and device management.............................................................. 263
Tracking changes to Discovery settings.............................................................................. 263
Discovering devices on your network.................................................................................. 263
Add a Discovery Schedule to perform a quick "what and where" scan of your
network.................................................................................................................................................264
Add a Discovery Schedule for a thorough scan of managed Windows, Mac, Linux, and
UNIX computers.................................................................................................................................. 271
KACE Systems Management Appliance 8.0 Administrator Guide
8
Obtain a Client ID and Client Secret for use in discovering Chrome devices.............. 274
Add a Discovery Schedule for a KACE Cloud Mobile Device Manager device........... 275
Add a Discovery Schedule for a G Suite device......................................................... 276
Add a Discovery Schedule for an AirWatch device..................................................... 278
Add a Discovery Schedule for a VMware ESXi host or a vCenter Server................... 279
Add a Discovery Schedule for SNMP-enabled non-computer devices........................ 280
About Discovery Results.............................................................................................. 282
View and search Discovery Results............................................................................ 283
Provision the Agent using the discovered IP address or hostname............................ 283
Stop a running discovery scan.................................................................................... 284
Delete Discovery Schedules........................................................................................ 284
Managing device inventory.......................................................................................................... 285
About managing devices......................................................................................................285
Features available for each device management method...................................................285
About inventory information................................................................................................. 292
Tracking changes to inventory settings............................................................................... 292
Managing inventory information...........................................................................................293
Add custom data fields................................................................................................ 293
Schedule inventory data collection for managed devices............................................294
View device inventory and details................................................................................296
Groups and sections of items in device details........................................................... 296
About Dell Data Protection | Encryption (DDP|E) and encryption information in device
details...................................................................................................................................................313
Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E
client devices....................................................................................................................................... 318
About Intel AMT information in device details............................................................. 322
Finding and managing devices............................................................................................ 323
Finding devices in inventory.........................................................................................323
Labeling devices to group them...................................................................................324
Run actions on devices................................................................................................325
View devices that have been added manually............................................................ 325
Delete devices from inventory......................................................................................326
Provisioning the KACE SMA Agent..................................................................................... 326
Enabling file sharing.....................................................................................................327
Provisioning the KACE SMA Agent using the GPO Provisioning Tool for Windows
devices................................................................................................................................................. 329
Provisioning the KACE SMA Agent using onboard provisioning................................. 331
Managing provisioning schedules................................................................................ 334
Managing Agent communications................................................................................ 337
KACE Systems Management Appliance 8.0 Administrator Guide
9
Updating the KACE SMA Agent on managed devices................................................ 341
Manually deploying the KACE SMA Agent..........................................................................344
Obtaining Agent installation files..................................................................................344
Manually deploying the KACE SMA Agent on Windows devices................................ 344
Manually deploying and upgrading the KACE SMA Agent on Linux devices...............346
Performing Agent operations on Linux devices........................................................... 347
Manually deploying and upgrading the KACE SMA Agent on Mac devices................ 348
Performing other Agent operations on Mac devices....................................................350
Viewing information collected by the Agent................................................................. 351
Using Agentless management............................................................................................. 351
About Agentless device management......................................................................... 351
Managing Agentless devices....................................................................................... 352
Using SNMP Inventory Configurations to identify specific SNMP objects and noncomputer devices to add to inventory.................................................................................................358
Adding devices manually in the Administrator Console or by using the API....................... 361
About managing devices..............................................................................................361
Tracking changes to inventory settings....................................................................... 361
Add devices manually with the Administrator Console................................................ 362
Adding devices manually using the API...................................................................... 365
Forcing inventory updates....................................................................................................374
Force inventory updates from the appliance................................................................374
Force inventory updates from Windows devices......................................................... 375
Force inventory updates from Mac OS X devices....................................................... 375
Force inventory updates from Linux devices............................................................... 375
Managing MIA devices.........................................................................................................375
Configure MIA settings.................................................................................................376
Apply labels to MIA devices.........................................................................................376
Delete MIA devices manually.......................................................................................377
Troubleshoot devices that fail to appear in inventory.................................................. 377
Obtaining Dell warranty information.....................................................................................379
Obtain Dell warranty information on a single Dell device instantly.............................. 379
Renew a Dell warranty.................................................................................................379
Run Dell warranty reports............................................................................................ 380
Managing applications on the Software page............................................................................. 380
About the Software page..................................................................................................... 380
View items in Software page inventory........................................................................380
Tracking changes to inventory settings............................................................................... 381
Adding and deleting applications in Software page inventory............................................. 381
Add applications to Software page inventory manually............................................... 381
KACE Systems Management Appliance 8.0 Administrator Guide
10
Delete applications....................................................................................................... 382
Creating Software assets.....................................................................................................383
Add Software assets in the Inventory section..............................................................383
Add Software assets in the Assets section..................................................................383
Attach digital assets to applications and select supported operating systems.............384
Copy files to the KACE SMA Client Drop location.......................................................385
Using software threat levels and categories........................................................................386
Assign threat levels to applications..............................................................................386
Assign categories to applications.................................................................................386
Finding and labeling applications........................................................................................ 386
About finding applications using Advanced Search.....................................................387
Add manual software labels.........................................................................................387
Apply manual labels to or remove labels from software.............................................. 387
Add software Smart Labels..........................................................................................387
Managing the ITNinja feed.................................................................................................. 388
Enable the ITNinja feed............................................................................................... 389
Viewing ITNinja information......................................................................................... 389
Disable the ITNinja feed.............................................................................................. 390
Managing Software Catalog inventory........................................................................................ 390
About the Software Catalog.................................................................................................390
Application classifications.............................................................................................391
About cataloged applications....................................................................................... 391
About Locally Cataloged applications.......................................................................... 391
About Not Allowed applications................................................................................... 392
Application categories.................................................................................................. 392
How Software Catalog information is collected........................................................... 392
How the Software Catalog is used with the Organization component......................... 392
How Software Catalog information is localized............................................................392
How you can help improve the Software Catalog....................................................... 392
Differences between the Software page and the Software Catalog page................... 393
Viewing Software Catalog information.................................................................................394
View lists of Discovered and Not Discovered applications.......................................... 395
View the list of Uncataloged applications.................................................................... 396
View the list of Locally Cataloged applications............................................................397
View details of Software Catalog applications............................................................. 398
Adding applications to the Software Catalog.......................................................................401
Submitting cataloging requests automatically adds applications to the local Software
Catalog.................................................................................................................................................401
How Locally Cataloged applications change to Cataloged applications...................... 401
KACE Systems Management Appliance 8.0 Administrator Guide
11
How custom names are resolved when Locally Cataloged applications are added to the
Software Catalog................................................................................................................................. 402
Submit cataloging requests..........................................................................................402
Cancel cataloging requests and remove local cataloging............................................403
Managing License assets for Software Catalog applications.............................................. 404
Add License assets for Software Catalog inventory.................................................... 404
Migrate License assets to applications in the Software Catalog..................................407
Using software metering...................................................................................................... 408
About software metering.............................................................................................. 408
About metering information.......................................................................................... 408
Enabling and configuring metering for devices and applications................................. 409
Viewing Software Catalog metering information.......................................................... 414
Disabling metering for Software Catalog applications and managed devices............. 416
Managing metering and scheduling inventory collection............................................. 417
Using Application Control.....................................................................................................418
Requirements for blacklisting applications................................................................... 418
How applications are blacklisted..................................................................................419
About blacklisting application editions that share executable files...............................419
Applications that cannot be blacklisted........................................................................419
Apply the Application Control label to devices.............................................................419
Mark applications and suites as Not Allowed.............................................................. 419
View applications and suites that are marked as Not Allowed.................................... 420
Create reports showing applications marked as Not Allowed......................................420
Remove the Not Allowed designation from applications..............................................421
Update or reinstall the Software Catalog.............................................................................422
Managing process, startup program, and service inventory....................................................... 423
Managing process inventory................................................................................................ 423
View and edit process details...................................................................................... 423
Add labels for processes............................................................................................. 424
Apply labels to or remove labels from processes........................................................ 424
Categorize processes...................................................................................................424
Assign threat levels to processes................................................................................ 425
Delete processes..........................................................................................................425
Managing startup program inventory................................................................................... 425
View and edit startup program details......................................................................... 425
Add labels for startup programs...................................................................................426
Apply labels to or remove labels from startup programs............................................. 426
Categorize startup programs........................................................................................427
Assign threat levels to startup programs..................................................................... 427
KACE Systems Management Appliance 8.0 Administrator Guide
12
Delete startup programs...............................................................................................427
Managing service inventory................................................................................................. 428
View and edit service details....................................................................................... 428
Add labels for services.................................................................................................429
Apply labels to and remove labels from services........................................................ 429
Categorize services......................................................................................................429
Assign threat levels to services................................................................................... 429
Delete services.............................................................................................................430
Writing custom inventory rules.................................................................................................... 430
About Custom Inventory rules............................................................................................. 430
Types of Custom Inventory rules.........................................................................................431
Create Custom Inventory rules............................................................................................ 431
How Custom Inventory rules are implemented............................................................432
Syntax for Custom Inventory rules...............................................................................432
Checking for conditions (conditional rules)..........................................................................434
Getting values from a device (Custom Inventory Field)...................................................... 440
Matching filenames to regular expressions......................................................................... 443
Understanding regular expressions............................................................................. 443
Regular Expression Rule Reference............................................................................445
Defining rule arguments.......................................................................................................446
Test Custom Inventory rules................................................................................................449
Deploying packages to managed devices.......................................................................................... 450
Distributing software and using Wake-on-LAN............................................................................450
About software distribution...................................................................................................450
About testing software distribution............................................................................... 451
Tracking changes to distribution settings............................................................................ 451
Types of distribution packages............................................................................................ 452
Attaching digital assets to applications and selecting supported operating systems... 452
Distributing packages from the appliance............................................................................452
Distributing packages from alternate download locations and Replication Shares..............453
About alternate download locations............................................................................. 453
About Replication Shares.............................................................................................453
Distributing applications to Mac OS X devices....................................................................453
Using Managed Installations................................................................................................454
Adding applications to inventory.................................................................................. 454
About creating Managed Installations..........................................................................454
About installation parameters.......................................................................................455
Identify parameters that are supported by installer files.............................................. 455
KACE Systems Management Appliance 8.0 Administrator Guide
13
Create Managed Installations for Windows devices.................................................... 455
Examples of common deployments on Windows........................................................ 459
Create Managed Installations for ZIP files...................................................................459
Create Managed Installations for RPM files................................................................ 460
Create Managed Installations for TAR.GZ files........................................................... 465
Create Managed Installations for Mac OS X devices.................................................. 465
Create and use File Synchronizations.................................................................................469
Using Wake-on-LAN............................................................................................................ 471
Issue Wake-on-LAN requests...................................................................................... 472
Schedule Wake-on-LAN requests................................................................................472
Troubleshooting Wake-on-LAN.................................................................................... 473
Exporting Managed Installations..........................................................................................474
Broadcasting alerts to managed devices.................................................................................... 474
Create alerts to be broadcast.............................................................................................. 474
Running scripts on managed devices......................................................................................... 476
About scripts........................................................................................................................ 476
Obtaining script dependencies.....................................................................................477
Tracking changes to scripting settings................................................................................ 477
About default scripts............................................................................................................ 477
Adding and editing scripts................................................................................................... 479
Token replacement variables....................................................................................... 480
Add offline KScripts or online KScripts........................................................................ 481
Edit scripts....................................................................................................................487
Delete scripts from the Scripts page............................................................................487
Delete scripts from the Script Detail page................................................................... 488
Structure of importable scripts..................................................................................... 488
Import scripts................................................................................................................489
Duplicate scripts........................................................................................................... 489
Using the Run and Run Now commands............................................................................ 489
Run scripts from the Run Now page........................................................................... 490
Run scripts from the Script Detail page.......................................................................490
Run scripts from the Scripts page............................................................................... 491
Monitor Run Now status and view script details.......................................................... 491
About configuration policy templates................................................................................... 492
Using Windows configuration policies................................................................................. 492
About starting Windows Automatic Updates on Windows devices.............................. 493
Add Automatic Update scripts......................................................................................493
About Dell Command | Monitor....................................................................................494
KACE Systems Management Appliance 8.0 Administrator Guide
14
Add Dell Command | Monitor scripts........................................................................... 498
Add Desktop Wallpaper scripts....................................................................................499
Add Desktop Shortcuts scripts.....................................................................................499
Add Event Log Reporter scripts...................................................................................500
Add MSI Installer scripts.............................................................................................. 501
About power management and power consumption................................................... 502
Add power management scripts for Windows devices................................................ 502
Add Registry scripts..................................................................................................... 503
Add Remote Desktop Control Troubleshooter scripts..................................................504
Add UltraVNC scripts................................................................................................... 504
Add Uninstaller scripts................................................................................................. 506
Using Mac OS X configuration policies............................................................................... 506
Add Active Directory scripts......................................................................................... 507
Add Power Management scripts.................................................................................. 507
Add VNC scripts...........................................................................................................508
Edit policies and scripts....................................................................................................... 509
Search the scripting logs..................................................................................................... 509
Exporting scripts...................................................................................................................510
Managing Mac profiles................................................................................................................ 510
Tracking changes to Mac profile settings............................................................................ 511
Adding, editing, and uploading Mac profiles........................................................................511
Add or edit Mac user profiles.......................................................................................511
Add or edit Mac system profiles.................................................................................. 518
Add Mac profiles using existing profiles as templates................................................. 523
Upload Mac profiles to the KACE SMA....................................................................... 523
Installing and managing Mac profiles.................................................................................. 524
Distribute Mac profiles on a schedule..........................................................................524
Install Mac profiles on devices using the Run option.................................................. 525
Identify devices that have Mac profiles installed......................................................... 526
View Mac profiles......................................................................................................... 526
Export the Mac profiles list.......................................................................................... 527
Removing and deleting Mac profiles................................................................................... 528
Remove Mac profiles from managed devices..............................................................528
Example: Remove a profile that has been deployed to specified devices................... 530
Delete Mac profiles from the KACE SMA.................................................................... 531
Patching devices and maintaining security......................................................................................... 533
About patch management........................................................................................................... 533
Patching workflow................................................................................................................ 533
KACE Systems Management Appliance 8.0 Administrator Guide
15
About patch signature files.................................................................................................. 534
About patch packages......................................................................................................... 535
About patch testing and security......................................................................................... 535
About the patch testing environment........................................................................... 535
About the patch quality assurance process.........................................................................536
Best practices for patching.................................................................................................. 537
Subscribing to and downloading patches....................................................................................539
About patch subscription and downloads............................................................................ 539
Websites that must be accessible to the KACE SMA......................................................... 540
Overview of first-time patch-subscription workflow..............................................................541
View details about operating systems and applications...................................................... 542
Subscribing to patches and configuring download settings.................................................542
Subscribe to patches....................................................................................................542
Select patch download settings................................................................................... 545
Viewing available patches and download status................................................................. 546
View available patches.................................................................................................547
View patch download status........................................................................................ 547
Creating and managing patch schedules....................................................................................547
About scheduling critical OS patches for desktops and servers......................................... 548
Workflow for critical OS patches for desktops and servers......................................... 548
About scheduling critical patches for laptops...................................................................... 548
Workflow for critical patches for laptops...................................................................... 548
About scheduling non-critical patches................................................................................. 549
Configuring patch schedules................................................................................................549
Fields on the Patch Schedule Details page.................................................................550
Configure Detect-only patch schedules....................................................................... 556
Configure Detect and Deploy patch schedules............................................................556
Configure Deploy-only patch schedules...................................................................... 557
Configure Detect and Rollback patch schedules......................................................... 558
Configure Rollback-only patch schedules....................................................................558
Viewing patch schedules, status, and reports..................................................................... 559
View patch schedules.................................................................................................. 559
View patch status......................................................................................................... 561
View patch status by device........................................................................................ 562
View files within patches.............................................................................................. 562
View patch reports....................................................................................................... 562
Managing patch rollbacks.................................................................................................... 562
Determine whether a patch can be rolled back........................................................... 563
KACE Systems Management Appliance 8.0 Administrator Guide
16
Undo the last patching job........................................................................................... 563
Managing patch inventory........................................................................................................... 564
Prerequisites for managing patch inventory........................................................................ 564
Viewing patch information....................................................................................................564
View downloaded patches........................................................................................... 564
View patch details........................................................................................................ 566
Resetting the number of patch deploy attempts.......................................................... 567
View patch information for devices in inventory.......................................................... 568
View devices missing patches..................................................................................... 568
Viewing patch statistics and logs.........................................................................................568
View patch statistics.....................................................................................................568
View the patch log....................................................................................................... 569
Mark patches as inactive..................................................................................................... 569
Patch Mac OS X devices.....................................................................................................569
Managing Dell devices and updates........................................................................................... 570
Managing Dell devices with Dell Updates........................................................................... 570
Differences between patching and Dell Updates................................................................ 570
Configuring Dell Updates..................................................................................................... 571
Configure Dell Update catalog updates....................................................................... 571
Create Dell Update schedules..................................................................................... 572
Maintaining device and appliance security..................................................................................573
Testing device security........................................................................................................ 573
About OVAL security checks....................................................................................... 573
Understanding OVAL tests and definitions.................................................................. 574
About SCAP................................................................................................................. 578
About benchmarks....................................................................................................... 581
How a SCAP scan works.............................................................................................581
Editing SCAP scan schedules..................................................................................... 584
About security policy templates................................................................................... 587
Using Windows security policy templates.................................................................... 587
Using Mac security policy templates............................................................................593
Resolve Windows security issues that prevent Agent provisioning............................. 595
Maintaining appliance security.............................................................................................596
Security run output....................................................................................................... 596
Using reports and scheduling notifications......................................................................................... 597
About reports and notifications....................................................................................................597
About reports........................................................................................................................597
About notifications................................................................................................................597
KACE Systems Management Appliance 8.0 Administrator Guide
17
Tracking changes to report settings.................................................................................... 597
Creating and modifying reports................................................................................................... 598
Creating reports................................................................................................................... 598
Create reports using the report wizard........................................................................ 598
Create reports using SQL queries............................................................................... 600
Create reports from list pages..................................................................................... 601
Duplicate reports.......................................................................................................... 602
Edit SQL statements on reports created with the report wizard.................................. 603
Create reports from history lists...................................................................................603
Modifying reports..................................................................................................................603
Edit reports................................................................................................................... 604
Delete reports...............................................................................................................604
Customizing logos used for reports..................................................................................... 604
Create or modify linked reports........................................................................................... 604
Scheduling reports and notifications........................................................................................... 606
Running single-organization and consolidated reports........................................................606
Run single-organization reports................................................................................... 606
Run consolidated organization reports........................................................................ 607
Scheduling reports............................................................................................................... 607
Add report schedules................................................................................................... 607
Delete report schedules............................................................................................... 608
Scheduling notifications....................................................................................................... 609
Add notification schedules from the Reporting section................................................609
Add notification schedules from list pages.................................................................. 610
Edit notification schedules............................................................................................611
Delete notification schedules....................................................................................... 612
Monitoring servers............................................................................................................................... 613
Getting started with server monitoring........................................................................................ 614
Enable monitoring for a device............................................................................................615
Enable monitoring for one or more servers from the Devices inventory list.................615
Enable monitoring for a server from its Device Detail page........................................ 616
Obtain a new license key to increase server monitoring capacity.......................................617
Apply a new license key to increase server monitoring capacity........................................ 617
Working with monitoring profiles................................................................................................. 617
Edit a profile.........................................................................................................................619
Configure SNMP trap messages and alerting criteria......................................................... 620
Create a new profile using a default profile as a template.................................................. 622
Profile log paths for MySQL and Apache............................................................................ 624
KACE Systems Management Appliance 8.0 Administrator Guide
18
Upload a profile that was created by another user............................................................. 624
Download a profile so that it can be used by others........................................................... 625
Bind an additional profile to a device.................................................................................. 625
Define nonstandard log date format.................................................................................... 625
Configuring application and threshold monitoring with Log Enablement Packages............ 626
Install one or more LEPs on monitored devices..........................................................627
Set up a Windows Server 2003 device with an ITNinja monitoring Log Enablement
Package (LEP).....................................................................................................................................627
Edit the monitoring Log Enablement Package (LEP) for a Windows Server 2008 or
higher device....................................................................................................................................... 629
Edit the monitoring Log Enablement Package (LEP) for a Windows Server 2003
device...................................................................................................................................................630
Managing monitoring for devices................................................................................................ 631
Pause monitoring for a device.............................................................................................631
Pause or resume monitoring for multiple devices............................................................... 632
Set the polling interval and any automatic dismissal or deletion of alerts........................... 632
Disable ping probe............................................................................................................... 633
Receive alerts when device configurations change.............................................................633
Schedule a Maintenance Window during which time alerts are not collected from a
device...................................................................................................................................................634
Create and assign monitoring-specific roles........................................................................635
Disable monitoring for one or more devices........................................................................637
Enable monitoring for one or more devices........................................................................ 637
Working with alerts...................................................................................................................... 638
Add notification schedules from the Monitoring Alerts list page.......................................... 638
Create a Service Desk ticket from an alert......................................................................... 640
Search for alerts using Advanced Search criteria............................................................... 642
Filtering alerts using the Include Text and Exclude Text capability.....................................643
Filter alerts using the Include Text and Exclude Text capability from the Profile Details
page..................................................................................................................................................... 643
Filter alerts using the Exclude Text capability from the Monitoring Alerts list page......644
Examples of Include Text and Exclude Text for monitoring profiles............................ 645
Dismiss an alert................................................................................................................... 647
Retrieve and review alerts that have been dismissed from the alerts list............................647
Delete alerts......................................................................................................................... 647
Using the Service Desk.......................................................................................................................649
Configuring Service Desk............................................................................................................ 649
System requirements........................................................................................................... 649
About Service Desk............................................................................................................. 649
Overview of setup tasks...................................................................................................... 650
KACE Systems Management Appliance 8.0 Administrator Guide
19
Configuring Service Desk business hours and holidays..................................................... 651
Configure Service Desk business hours......................................................................651
Configure Service Desk holidays................................................................................. 651
Configuring Service Level Agreements............................................................................... 652
Enable Service Level Agreements...............................................................................652
Configuring Service Desk ticket queues..............................................................................653
Configure ticket queues............................................................................................... 653
Configure queue-specific email settings...................................................................... 656
Rename Service Desk titles and labels....................................................................... 659
Enable or disable the conflict warning......................................................................... 660
Configuring ticket settings....................................................................................................661
Customize the Ticket Detail page................................................................................ 661
Customizing the User Console home page.........................................................................664
Change the User Console logo and text at the System level...................................... 664
Change the User Console logo and login text at the Admin-level............................... 665
Show or hide action buttons and widgets on the User Console home page................667
Show or hide links to Knowledge Base articles on the User Console home page....... 668
Add, edit, hide, or delete User Console announcements............................................ 669
Prioritize User Console announcements or mark an announcement as urgent........... 671
Add, edit, or delete custom links on the User Console home page............................. 671
Add ticket links to the User Console home page.........................................................672
Add a quick-action link for reporting problems on the User Console home page........ 673
About the session timeout period................................................................................ 673
Using the Satisfaction Survey..............................................................................................673
Changing the Satisfaction Survey default behavior..................................................... 674
Enable or disable security for Service Desk attachments................................................... 675
Managing Service Desk tickets, processes, and reports............................................................ 675
Overview of Service Desk ticket lifecycle............................................................................ 676
Creating tickets from the Administrator Console and User Console................................... 676
Create tickets from the User Console..........................................................................676
Create tickets from the Administrator Console Ticket page.........................................677
Create tickets from the Device Detail page................................................................. 682
Create tickets from the Asset Detail page................................................................... 683
Create a Service Desk ticket from an alert..................................................................684
Creating and managing tickets by email............................................................................. 686
About attachments to tickets created through email....................................................686
Enable email ticket creation......................................................................................... 686
Modifying ticket attributes using email......................................................................... 687
KACE Systems Management Appliance 8.0 Administrator Guide
20
Clearing a ticket field using email................................................................................ 687
Changing ticket fields using email............................................................................... 687
Changing ticket approval fields using email................................................................ 688
Viewing tickets and managing comments, work, and attachments..................................... 689
Navigate among tickets, related devices, and assets..................................................689
Add work information for tickets...................................................................................689
Use default views for tickets........................................................................................ 690
Create custom views for tickets................................................................................... 692
Set a view as the default view for tickets.................................................................... 692
Add comments to tickets..............................................................................................693
Add owner-only comments to tickets........................................................................... 693
View ticket comments.................................................................................................. 694
Add or delete screenshots and attachments to Service Desk tickets.......................... 694
View ticket activity history............................................................................................ 696
Send ticket information through email......................................................................... 696
Run Device Actions from tickets.................................................................................. 696
Using the ticket escalation process..................................................................................... 697
Understanding ticket states..........................................................................................697
Understanding the escalation time limit....................................................................... 697
Understanding escalation.............................................................................................697
Changing ticket escalation settings..............................................................................698
Change the list of escalation email recipients............................................................. 698
Change the escalation time limits................................................................................ 698
Change the default escalation email message............................................................ 699
Using Service Desk processes............................................................................................ 699
Add, edit, and enable process templates.................................................................... 699
Define process types....................................................................................................704
Create process tickets to manage related tasks..........................................................705
View process information............................................................................................. 705
Cancel or complete process tickets............................................................................. 706
Delete process templates.............................................................................................707
Convert process tickets to regular tickets.................................................................... 707
Convert regular tickets to process tickets.................................................................... 707
Using Ticket Rules............................................................................................................... 708
Using and configuring system Ticket Rules.................................................................708
Understanding and customizing system Ticket Rules................................................. 708
Create custom Ticket Rules.........................................................................................709
Duplicate a custom Ticket Rule................................................................................... 711
KACE Systems Management Appliance 8.0 Administrator Guide
21
Delete a custom Ticket Rule........................................................................................712
Move a Ticket Rule from one queue to another.......................................................... 712
Run Service Desk reports....................................................................................................712
Archiving, restoring, and deleting tickets............................................................................. 713
Enable ticket archival................................................................................................... 713
Configure queue archive settings................................................................................ 714
Archive selected tickets................................................................................................715
Restore archived tickets...............................................................................................716
Delete archived tickets................................................................................................. 716
Managing ticket deletion...................................................................................................... 716
Configure ticket deletion settings................................................................................. 716
Delete tickets................................................................................................................717
Managing Service Desk ticket queues........................................................................................ 717
About Service Desk ticket queues.......................................................................................717
Adding and deleting queues................................................................................................ 717
Add a queue.................................................................................................................718
Add a queue by duplicating an existing queue............................................................718
Delete a queue or queues........................................................................................... 719
Viewing tickets in queues.................................................................................................... 719
View tickets across all queues.....................................................................................719
Setting the default queue.....................................................................................................719
Set the default queue at the system level................................................................... 720
Set the default queue at the user level........................................................................720
Set the default fields for the All Queues ticket list...............................................................721
Move tickets between queues............................................................................................. 722
About User Downloads and Knowledge Base articles................................................................ 723
Managing User Downloads..................................................................................................723
Add User Downloads................................................................................................... 723
Apply labels to User Downloads.................................................................................. 725
Remove labels from User Downloads......................................................................... 725
Delete User Downloads............................................................................................... 725
Managing Knowledge Base articles.....................................................................................726
Add, edit, or duplicate Knowledge Base articles......................................................... 726
Delete Knowledge Base articles.................................................................................. 727
View user ratings and the number of views for Knowledge Base articles....................728
Customizing Service Desk ticket settings................................................................................... 728
About customizing Service Desk ticket settings.................................................................. 728
Create ticket categories and subcategories........................................................................ 729
KACE Systems Management Appliance 8.0 Administrator Guide
22
Customizing ticket values.................................................................................................... 731
Customize ticket status values.....................................................................................731
Customize ticket priority values................................................................................... 732
Customize ticket impact values....................................................................................733
Customizing ticket layout..................................................................................................... 734
Customize Layout and Related Ticket Fields.............................................................. 734
Configure Comment Field Options...............................................................................736
Define custom ticket fields........................................................................................... 737
Preview ticket layout.................................................................................................... 739
Customize the ticket list layout.................................................................................... 739
Using parent-child ticket relationships................................................................................. 740
Enable parent-child ticket relationships for a queue.................................................... 740
Enable parent tickets to close child tickets.................................................................. 741
Create child tickets for any ticket.................................................................................741
Designate tickets as parents and add existing tickets as their children....................... 742
Use a parent ticket as a to-do list................................................................................743
Use parent tickets to organize duplicate tickets.......................................................... 743
Using ticket approvers......................................................................................................... 744
Configure ticket approvers........................................................................................... 744
Approving tickets by email........................................................................................... 745
Configuring SMTP email servers.................................................................................................745
Connect your email server to the KACE SMA.................................................................... 745
Using internal and external SMTP servers..........................................................................746
Use the internal SMTP server......................................................................................746
Use an external SMTP server or Secure SMTP server...............................................746
Maintenance and troubleshooting....................................................................................................... 749
Maintaining the appliance............................................................................................................ 749
Tracking changes to settings...............................................................................................749
About appliance backups.....................................................................................................749
Set the daily backup schedule and the number of backups to retain.......................... 750
Back up the appliance manually.................................................................................. 750
Download backup files from the Administrator Console.............................................. 751
Access backup files through FTP................................................................................ 751
About deleting appliance backup data.........................................................................752
Restoring the appliance....................................................................................................... 753
Restore the appliance using the most recent backup..................................................753
Upload backup files to the appliance...........................................................................753
Restore the appliance from backups........................................................................... 754
KACE Systems Management Appliance 8.0 Administrator Guide
23
Restore the appliance to factory settings.................................................................... 755
Updating appliance software................................................................................................755
Check for and apply advertised appliance updates..................................................... 755
Upload an update file to the appliance manually.........................................................756
Verify updates.............................................................................................................. 757
Update the appliance license key................................................................................ 757
Reboot or shut down the appliance.....................................................................................757
Update OVAL definitions from KACE.................................................................................. 758
Understanding the daily run output..................................................................................... 758
Disk status....................................................................................................................758
Appliance network interface status.............................................................................. 759
Appliance up-time and load averages......................................................................... 759
Email system health..................................................................................................... 759
Appliance backup status.............................................................................................. 760
Status of RAID drives.................................................................................................. 760
Troubleshooting the KACE SMA................................................................................................. 760
Using Troubleshooting Tools............................................................................................... 761
Verify the status of devices on the network.................................................................761
Enable a tether to Quest Support................................................................................ 761
Troubleshooting appliance issues........................................................................................762
View appliance logs..................................................................................................... 762
Download appliance activity logs................................................................................. 764
Viewing the daily run output........................................................................................ 765
Troubleshooting and debugging the KACE SMA Agent...................................................... 765
Resolve Windows security issues that prevent Agent provisioning............................. 765
Testing and troubleshooting email communication............................................................. 766
Test outgoing email......................................................................................................766
Test incoming email..................................................................................................... 766
Use Telnet to test incoming email............................................................................... 767
Access appliance logs to view Microsoft Exchange Server errors.............................. 767
Troubleshooting email errors....................................................................................... 768
About Two-Factor Authentication.........................................................................................768
Appendixes.......................................................................................................................................... 769
Database table names.................................................................................................................769
Adding steps to task sections of scripts......................................................................................789
LDAP variables............................................................................................................................ 798
Glossary............................................................................................................................................... 801
About us...............................................................................................................................................813
KACE Systems Management Appliance 8.0 Administrator Guide
24
We are more than just a name................................................................................................... 813
Our brand, our vision. Together.................................................................................................. 813
Contacting Quest......................................................................................................................... 813
Technical support resources....................................................................................................... 813
Legal notices........................................................................................................................................814
Index.................................................................................................................................................... 815
KACE Systems Management Appliance 8.0 Administrator Guide
25
About the KACE Systems
Management Appliance (SMA)
®
®
Quest KACE Systems Management Appliance (SMA) is a physical or virtual appliance designed to automate
device management, application deployment, patching, asset management, reporting, and Service Desk ticket
management.
For more information about KACE SMA series appliances, go to the Quest website, https://www.quest.com/
products/kace-systems-management-appliance/.
About KACE SMA components
KACE SMA components include software, hardware, web-based interfaces, and a mobile app interface.
Table 1. KACE SMA components
Component
Description
Physical appliance or virtual
appliance
The KACE SMA is available as a physical or hardware-based appliance,
and as a virtual appliance. The virtual KACE SMA uses a VMware®
infrastructure. The same system management features are available on
both the physical and virtual appliances. For the latest information about
KACE SMA hardware, requirements for managed devices, and browser
requirements for accessing the Administrator Console, see the technical
specifications:
•
For physical appliances: Go to https://support.quest.com/technicaldocuments/kace-sma/8.0/technical-specifications-for-physicalappliances/.
•
For virtual appliances: Go to https://support.quest.com/technicaldocuments/kace-sma/8.0/technical-specifications-for-virtualappliances/.
•
For KACE as a Service: Go to https://support.quest.com/technicaldocuments/kace-sma/8.0/technical-specifications-for-kace-as-aservice/.
Command Line Console
The Command Line Console is a terminal window interface to the KACE
SMA. The interface is designed primarily to configure the appliance
and enforce policies. See Power-on the appliance and log in to the
Administrator Console.
Administrator Console
The Administrator Console is the web-based interface used to
control the KACE SMA. To access the Administrator Console, go to
http://KACE_SMA_hostname/admin where KACE_SMA_hostname is
the hostname of your appliance. If the Organization component is enabled,
you can access the System-level settings of the Administrator Console
at http://KACE_SMA_hostname/system. To view the full path of
URLs in the Administrator Console, which can be useful when searching
KACE Systems Management Appliance 8.0 Administrator Guide
About KACE SMA components
26
Component
Description
the database or sharing links, add ui to the URL you use to log in. For
example: http://KACE_SMA_hostname/admin.
User Console
The User Console is the web-based interface that makes applications
available to users on a self-service basis. It also enables users to file
Service Desk support tickets to request help or report issues. To access
the User Console, go to http://KACE_SMA_hostname/user where
KACE_SMA_hostname is the hostname of your appliance.
The User Console provides:
•
A repository of applications that users can download as needed.
•
A way for users to submit and track tickets requesting help.
•
Assistance for routine tasks, such as software installation,
and access to the Quest Support Knowledge Base, https://
support.quest.com/kace-systems-management-appliance/kb.
To customize the User Console, see:
KACE SMA Agent
•
Configure appliance General Settings with the Organization
component enabled.
•
Configure appliance General Settings without the Organization
component.
The KACE SMA Agent is an application that can be installed on devices
to enable device management through the KACE SMA. Agents that are
installed on managed devices communicate with the KACE SMA through
AMP (Agent Messaging Protocol). Agents perform scheduled tasks, such
as collecting inventory information from, and distributing software to,
managed devices. Agentless management is available for devices that
cannot have Agent software installed, such as printers and devices with
operating systems that are not supported by the Agent.
See Provisioning the KACE SMA Agent.
KACE GO
KACE GO is an app that enables administrators to access Service Desk
tickets, inventory information, and application deployment features from
their smart phones or tablets. The app also allows non-admin users to
submit Service Desk tickets, view the status of submitted tickets, and read
Knowledge Base articles from their mobile devices. You can download
SM
KACE GO from the Apple® App Store
for iOS devices, or from the
Google Play™ store for Android™ devices.
See Configuring Mobile Device Access.
About the Administrator Console
The components available in the Administrator Console might differ, depending on the license key, organization
settings, appliance settings, and user role.
In addition, if the Organization component is enabled, the Administrator Console has two levels: The Admin level,
which shows organization-related features, and the System level, which shows appliance-related features.
If the Organization component is not enabled, Admin- and System-level features are available at the Admin level.
KACE Systems Management Appliance 8.0 Administrator Guide
About the Administrator Console
27
NOTE: Your license key determines whether the Organization component is enabled or disabled. See
View KACE SMA license information and About organizations.
There are three login modes:
•
Admin mode without the Organization component enabled: If the Organization component is not
enabled on your appliance, go to http://KACE_SMA_hostname/admin, where KACE_SMA_hostname
is the hostname of your appliance, to log in to this mode. For components available in this mode, see
Components available in Admin mode without the Organization component.
•
Admin mode with the Organization component enabled: If the Organization component is enabled
on your appliance, go to http://KACE_SMA_hostname/admin to log in to the Default organization.
KACE_SMA_hostname is the hostname of your appliance. Admin mode enables you to manage
the components available to the selected organization. For components available in this mode, see
Components available in Admin mode with the Organization component enabled.
If the Login Organization option is enabled in the appliance settings, the Organization box appears. You can
type the name of an organization in the Organization box to log in to that organization directly.
If you have multiple organizations and the fast switching option is enabled, you can switch between
organizations and the System level using the drop-down list in the top-right corner of the page next to the
login information. See Enable fast switching for organizations and linked appliances.
•
System mode with the Organization component enabled: If the Organization component is
enabled on your appliance, go to http://KACE_SMA_hostname/system, to log in to System mode.
KACE_SMA_hostname is the hostname of your appliance. In this mode you can manage the components
available at the System level. For components available in this mode, see Components available in System
mode with the Organization component enabled.
In addition, if the fast switching option is enabled, and the passwords for the default admin accounts of the
organizations are the same, you can switch between organizations using the drop-down list in the top-right
corner of the page. See Enable fast switching for organizations and linked appliances.
Each mode has the following types of pages:
•
Dashboards. These pages show status information for the appliance. If the Organization component is
enabled, Dashboards are available at the organization and appliance level.
KACE Systems Management Appliance 8.0 Administrator Guide
About the Administrator Console
28
•
List pages. These pages enable you to view items available on the appliance or, if the Organization
component is enabled, in the selected organization.
•
Detail pages. These pages enable you to view and edit details of the selected item.
KACE Systems Management Appliance 8.0 Administrator Guide
About the Administrator Console
29
•
Configuration pages. These pages enable you to configure settings.
•
Panels. These pages provide access to related components and settings.
KACE Systems Management Appliance 8.0 Administrator Guide
About the Administrator Console
30
Components available in Admin mode without the
Organization component
When the Organization component is not enabled, Admin mode shows all of the Admin-level components and the
System-level (appliance-level) settings.
KACE Systems Management Appliance 8.0 Administrator Guide
Components available in Admin mode without the Organization component
31
Table 2. Components available in Admin mode without the Organization component
Component
Home
Inventory
UI page
Used to...
Review appliance statistics,
manage labels, view historical
information, and search for data.
See Using the Home component.
•
Dashboard
•
Label Management
•
Search
•
Devices
•
Software
•
Software Catalog
•
Managing device inventory
•
Processes
•
•
Startup Programs
Managing applications on
the Software page
•
Services
•
•
Discovery Schedules
Managing Software Catalog
inventory
•
Discovery Results
•
•
SNMP Inventory Configurations
Managing process, startup
program, and service
inventory
•
Using Device Discovery
•
Using SNMP Inventory
Configurations to identify
specific SNMP objects and
Manage the devices, software,
processes, services, scans, and
other items on your network. See:
KACE Systems Management Appliance 8.0 Administrator Guide
Components available in Admin mode without the Organization component
32
Component
UI page
Used to...
non-computer devices to
add to inventory
Monitoring
•
Devices
•
Alerts
•
Profiles
•
Maintenance Windows
•
Log Enablement Packages
Manage basic event monitoring
for 5 servers with your standard
license, gathering event data
from core Windows® event logs,
syslogs, and application logs.
With the Monitoring Module
license, manage event monitoring
for up to 200 servers.
See Monitoring servers
Assets
Distribution
Scripting
Security
Track physical assets, such as
devices, software, printers, and so
on, and view the history of assets
and their configuration. See:
•
Assets
•
Asset Types
•
Contracts
•
Licences
•
Managing inventory
•
License Compliance
•
•
Locations
Managing License
Compliance
•
Import Assets
•
Managed Installations
•
File Synchronizations
•
Wake-on-LAN
•
Replication
•
Alerts
•
Scripts
•
Run Now
•
Run Now Status
•
Search Scripting Logs
•
Configuration Policies
•
Security Policies
•
Mac Profiles
•
Patch Management
•
OVAL Scan
•
SCAP Scan
•
Dell Updates
Distribute and manage software,
including updates from Quest,
remotely.
See Deploying packages to
managed devices.
Automate tasks performed on
managed devices.
See Running scripts on managed
devices.
Reduce the risks from malware,
spyware, and viruses. OVAL
(Open Vulnerability Assessment
Language) is a battery of tests
that can be run to identify security
vulnerabilities on managed
devices.
KACE Systems Management Appliance 8.0 Administrator Guide
Components available in Admin mode without the Organization component
33
Component
UI page
Used to...
See Patching devices and
maintaining security.
Service Desk (also
known as Help Desk
on appliances that
have been upgraded
from early versions)
Reporting
Settings
Provide a repository of software
and documentation for users to
access and download. Includes
a full-featured service desk for
creating and tracking tickets.
•
Tickets
•
User Downloads
•
Knowledge Base
•
Announcements
•
Archive (available only if ticket
archival is enabled)
•
Configuration
•
Reports
•
Report Schedules
•
Notifications
See Using reports and scheduling
notifications.
•
Control Panel
•
Users
Administer your appliance and
Agent provisioning. See:
•
Credentials
•
Roles
•
Logs
•
See Using the Service Desk.
Run pre-packaged reports and
report-creating tools to monitor
your appliance implementation.
•
Configuring the appliance
•
Configuring user accounts,
LDAP authentication, and
SSO
Appliance Updates
•
Managing credentials
•
Provisioning
•
Maintaining the appliance
•
Resources
•
•
History
Provisioning the KACE
SMA Agent
•
Support
•
Importing and exporting
appliance resources
•
Managing settings history
•
Using Troubleshooting
Tools
Components available in Admin mode with the
Organization component enabled
When the Organization component is enabled, the Admin mode shows components and settings for the current
organization only. Appliance-level components are available in System mode.
If the Organization component is enabled on your appliance, and you log in to http://KACE SMA_hostname/
admin, the Settings component shows features available to the selected organization only.
KACE Systems Management Appliance 8.0 Administrator Guide
Components available in Admin mode with the Organization component enabled
34
All other components are the same, regardless of whether the Organization component is enabled. See
Components available in Admin mode without the Organization component for components, and see the following
illustration.
KACE Systems Management Appliance 8.0 Administrator Guide
Components available in Admin mode with the Organization component enabled
35
Table 3. Components available in Admin mode with the Organization component enabled
Component
Settings
UI page
Used to...
Manage general settings for
the organization, such as
user authentication and Agent
provisioning. See:
•
Control Panel
•
Users
•
Credentials
•
Roles
•
Configuring the appliance
•
Provisioning
•
•
Resources
Configuring user accounts,
LDAP authentication, and
SSO
•
History
•
Managing credentials
•
Support
•
Provisioning the KACE
SMA Agent
•
Importing and exporting
appliance resources
•
Managing settings history
•
Using Troubleshooting
Tools
Components available in System mode with the
Organization component enabled
When the Organization component is enabled, System mode shows components related to appliance settings.
Organization-level components are available in Admin mode.
When you log in to the KACE SMA System Administration Console, http://KACE SMA_hostname/system, or
select System in the drop-down list in the top-right corner of the Administrator Console, the following components
are available.
KACE Systems Management Appliance 8.0 Administrator Guide
Components available in System mode with the Organization component enabled
36
Table 4. Components available in System mode with the Organization component enabled
Component
Home
Sub-tabs
•
Used to...
Review summary statistics for the
appliance.
Dashboard
See Using the Home component.
Settings
Reporting
Manage the appliance and
access resources such as Quest
Support. See:
•
Control Panel
•
Administrators
•
Logs
•
Configuring the appliance
•
Appliance Updates
•
Maintaining the appliance
•
Resources
•
•
History
Importing and exporting
appliance resources
•
Support
•
Managing settings history
•
Using Troubleshooting
Tools
•
Reports
•
Report Schedules
Run pre-packaged reports and
report-creating tools to monitor
your appliance implementation.
See Using reports and scheduling
notifications.
Organizations
•
Organizations
•
Roles
•
Filters
•
Devices
Add and manage organizations
(requires the Organization
component).
See Creating and managing
organizations.
KACE Systems Management Appliance 8.0 Administrator Guide
Components available in System mode with the Organization component enabled
37
Using the Home component
The Home component includes the Dashboard, Label Management, and Search features.
About Dashboards
Dashboards provide overviews of organization or appliance activity. They also provide alerts and links to news
and Knowledge Base articles.
If the Organization component is enabled on the appliance, and you are logged in to the Administrator Console
(http://KACE_SMA_hostname/admin), the Dashboard shows information for the selected organization.
When you are logged in to the System Administration Console (http://KACE_SMA_hostname/system), the
Dashboard shows information for the appliance, including all organizations.
TIP: The appliance updates the summary widgets periodically. To update all of the widgets any time, click
the Refresh button in the upper right of the page:
then click the Refresh button above the widget.
. To update individual widgets, hover over the widget,
View the Dashboard in Admin mode
View the Admin mode Dashboard to find summary information for the appliance or, if the Organization component
is enabled, for the selected organization.
•
Log in to the KACE SMA Administrator Console , http://KACE_SMA_hostname/admin. Or, if Show
organization menu in admin header is enabled, select an organization in the drop-down list in the top-right
corner of the page next to the login information.
The Dashboard page appears.
KACE Systems Management Appliance 8.0 Administrator Guide
View the Dashboard in Admin mode
38
View the Dashboard in System mode
If the Organization component is enabled on your appliance, view the System Dashboard to find summary
information for the appliance.
•
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system, or
select System from the drop-down list in the top-right corner of the page.
The System Dashboard page appears.
KACE Systems Management Appliance 8.0 Administrator Guide
View the Dashboard in System mode
39
Customize Dashboard pages
You can customize Dashboard pages to show or hide widgets as needed.
1.
Do one of the following:
•
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if
Show organization menu in admin header is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
•
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system,
or select System from the drop-down list in the top-right corner of the page.
The Dashboard or System Dashboard page appears.
2.
Mouse over the widget, then use any of the following buttons:
◦
◦
◦
◦
◦
3.
: Refresh the information in the widget.
: Display information about the widget.
: Hide the widget.
: Resize the widget.
: Drag the widget to a different position on the page.
Click the Customize button in the top-right corner of the page to view available widgets.
KACE Systems Management Appliance 8.0 Administrator Guide
Customize Dashboard pages
40
4.
To view all installed widgets, click View By > All Items
5.
To view only the Service Desk widgets, click View By > Service Desk
6.
To view only the Device widgets, click View By > Devices
7.
To view only the Asset Management widgets, click View By > Asset Management
8.
To show a widget that is currently hidden, click Install.
About Dashboard widgets
Dashboard widgets provide overviews of organization or appliance activity.
This section describes the widgets available on the Dashboard. If the Organization component is enabled on your
appliance, widgets show the information for the selected organization at the Admin level and for the appliance at
the System level.
Widget
Description
General widgets
This section provides a high-level overview of your appliance activity. The information
appearing in these widgets allows you to focus on specific indicators that can help
you understand any potential issues.
Latest News
Articles and Top
Knowledge Base
Articles
These widgets provide links to news and information from Quest. News articles are
displayed according to date or importance. Knowledge Base articles are displayed
according to their priority in the Technical Support system.
Connections
This widget shows the number of connections to the KACE SMA web server. A high
number indicates a high load on the server, which might reduce appliance response
time. If the Organization component is enabled on your appliance, the widget shows
the information for the selected organization.
File
Synchronizations
This widget shows the number of File Synchronizations that are in progress on Agentmanaged devices. If the Organization component is enabled on your appliance, the
widget shows the information for the selected organization.
Managed
Installations
This widget shows the number of Managed Installations that are in progress
on Agent-managed devices. If the Organization component is enabled on your
appliance, the widget shows the information for the selected organization.
Current Scripts
This widget shows the number of scripts that are enabled to run on Agent-managed
devices. If the Organization component is enabled on your appliance, the widget
shows the information for the selected organization.
Patch Installation
Progress
This widget shows the progress of patching tasks that are running on managed
devices. If the Organization component is enabled on your appliance, the widget
shows the information for the selected organization.
KACE Systems Management Appliance 8.0 Administrator Guide
About Dashboard widgets
41
Widget
Description
Patching Tasks
Completed
This widget shows the progress of patching tasks, such as detect, deploy, and
rollback tasks, on managed devices. If the Organization component is enabled on
your appliance, the widget shows the information for the selected organization.
Critical Patch
Compliance
This widget shows the deployment progress of patches that are marked as critical.
If the Organization component is enabled on your appliance, the widget shows the
information for the selected organization.
License
Compliance
If you have created License assets for software, this widget shows the number of
Agent-managed devices that have a particular licensed software installed, and the
number of licenses available. If the Organization component is enabled on your
appliance, the widget shows the information for the selected organization.
License assets can be created for applications listed on the Software page and the
Software Catalog page, and the license mode for applications must be Unit License
or Enterprise for license information to appear on this widget. Applications with other
license modes, such as Shareware, Freeware, or Not Specified, are not displayed on
this widget.
This widget is for information only, and the KACE SMA does not enforce license
compliance. For example, the appliance does not prevent software from being
installed on Agent-managed devices if a license is expired or otherwise out of
compliance.
The following colors indicate threshold levels:
•
Red: Usage is at or above the critical threshold setting.
•
Orange: Usage is at or above the warning threshold setting but below the
critical threshold setting.
•
Green: Usage is below the warning threshold setting.
To change the threshold levels, see Configure appliance General Settings without the
Organization component.
For information about managing License assets, see Managing inventory.
Provisioning
This widget shows the status of KACE SMA Agent provisioning or installation tasks.
If the Organization component is enabled on your appliance, the widget shows the
information for the selected organization.
Provision Platforms
This widget shows the percentage of operating systems installed on KACE SMA
Agent-managed devices. If the Organization component is enabled on your
appliance, the widget shows the information for the selected organization.
Tasks in Progress
This widget displays the number of tasks in progress on the KACE SMA. This
number includes tasks related to scripting, inventory, metering, replication, patching,
bootstrapping, and cache queries. You can view the load average on the appliance,
and change the task throughput, as needed. See Configure Agent communication
and log settings.
If the Organization component is enabled on your appliance, the widget is available
on the System Dashboard page.
SCAP Summary
This widget provides information about SCAP scans that have been performed on
devices. If the Organization component is enabled on your appliance, the widget
shows the information for the selected organization.
KACE Systems Management Appliance 8.0 Administrator Guide
About Dashboard widgets
42
Widget
Description
Device Check-In
Rate
This widget displays the number of devices that have connected to the KACE SMA in
the past 60 minutes. If the Organization component is enabled on your appliance, this
widget is available at the System level.
Software License
Configuration
If you set up License assets for software, and specify the license type, such as site,
subscription, or unit, that information is displayed in this widget. If the Organization
component is enabled on your appliance, the widget shows the information for the
selected organization.
Disk Capacity
This widget displays the amount of disk space that is free or in use on the appliance.
If the Organization component is enabled on your appliance, this widget is available
at the System level.
Software
Publishers
This widget displays the publishers defined in the Software Catalog, with the
highest number of software titles installed on managed devices. If the Organization
component is enabled on your appliance, the widget shows the information for the
selected organization.
Software Titles
This widget displays the software titles defined in the Software Catalog, with the
highest number of installations on managed devices. If the Organization component
is enabled on your appliance, the widget shows the information for the selected
organization.
Expiring Dell
Warranties
This widget displays information on any Dell Warranties, and links to the Reports list
page for Dell Warranty reports.
If the Organization component is enabled on your appliance, the widget shows the
information for the selected organization.
Dell Updates
This widget displays the number of Dell applications, BIOSs, and firmware updates
that can be applied to managed devices. The updates are categorized as urgent,
recommended, or optional depending on the urgency of the update. After a Dell
Update schedule is created, data appears in the widget. See Create Dell Update
schedules.
If the Organization component is enabled on your appliance, the widget shows the
information for the selected organization.
Monitoring Alert
Summary
This widget displays the number of unacknowledged alerts, grouped by alert level.
The following icons indicate alert level:
•
: Critical
•
: Error
•
•
•
: Warning
: Information
: Recovered
If the Organization component is enabled on your appliance, the widget shows the
information for the selected organization.
Low-resource alerts.When the appliance resources are low, Critical alerts appear
on the Dashboard, providing the recommended course of action such as contacting
Support. These alerts are generated when the appliance is detected to use a high
KACE Systems Management Appliance 8.0 Administrator Guide
About Dashboard widgets
43
Widget
Description
amount of disk, CPU, and memory resources, or when a high number of emails is
received.
Critical low-resource alerts are displayed when the related condition is detected within
the last ten minutes, and it persisted for one hour before being displayed.
The settings for these alerts are tracked in the history settings. You can disable
that by clearing any of the Low Resource Alerts options on the Settings History
Configuration page. For more information, see Configure System-level settings
history subscriptions with the Organization component enabled.
Monitored Devices
This widget displays the status of the devices for which monitoring has been enabled.
If the Organization component is enabled on your appliance, the widget shows the
information for the selected organization.
Monitoring Alerts
This widget displays the alert messages for the devices being monitored. If the
Organization component is enabled on your appliance, the widget shows the
information for the selected organization.
Service Desk
widgets
This section provides a high-level overview of your Service Desk ticket performance.
Use it to quickly review the state of your tickets and look for any indicators that can
improve your customer experience. For example, you can review the numbers of
overdue tickets and focus on specific issues, as needed.
NOTE: Service Desk widgets display data for the default queue associated
with the logged-in user. If there is no default set for the user, or if All Queues is
set as the default, the widgets display data from all the queues owned by the
user.
NOTE: If the user does not own any queues, or if their default queue is no
longer valid, the widgets do not display any data.
Active Tickets by ...
Tickets Closed on
Time by ...
These widgets display the numbers of active tickets sorted by different parameters:
•
Priority
•
Category
•
Technician
•
Queue
•
Date Range (today, seven days, 30 days, 30+ days)
These widgets display the numbers of tickets that have been closed on time, sorted
by different parameters:
•
Priority
•
Category
•
Technician
•
Queue
•
Date Range (today, seven days, 30 days, 30+ days)
KACE Systems Management Appliance 8.0 Administrator Guide
About Dashboard widgets
44
Widget
Description
Tickets Closed
Overdue by ...
These widgets display the numbers of tickets that have been closed as overdue,
sorted by different parameters:
Overdue Tickets
by ...
Overdue Ticket
Percentage by ...
Tickets Due Today
by ...
Reopened Tickets
by ...
•
Priority
•
Category
•
Technician
•
Queue
•
Date Range (today, seven days, 30 days, 30+ days)
These widgets display the numbers of tickets that are currently overdue, sorted by
different parameters:
•
Priority
•
Category
•
Technician
•
Queue
•
Overdue Threshold
These widgets display the percentages of currently overdue tickets compared to the
number of all open tickets, sorted by different parameters:
•
Priority
•
Category
•
Technician
•
Queue
•
Overdue Threshold
These widgets display the numbers of tickets that are due today, sorted by different
parameters:
•
Priority
•
Category
•
Technician
•
Queue
These widgets display the numbers of tickets that have been reopened, sorted by
different parameters:
•
Priority
•
Category
•
Technician
•
Queue
•
Date Range (today, seven days, 30 days, 30+ days)
KACE Systems Management Appliance 8.0 Administrator Guide
About Dashboard widgets
45
Widget
Description
Average Ticket
Resolution Time
by ...
These widgets display the length of time it took to resolve tickets, sorted by different
parameters:
•
Priority
•
Category
•
Technician
•
Queue
•
Month (for the past 12 months)
Device widgets
This section provides a high-level overview of your managed devices. Use it to
quickly review the state of your devices and look for any indicators that can improve
their performance. For example, you can review the percentages of available disk
space, and focus on specific issues, as needed.
Devices By
Memory
This widget shows a bar chart, where each bar represents a number of devices that
have an indicated amount of RAM installed on them.
Devices By
Processor
This widget shows a bar chart, where each bar represents a number of devices that
have a specific processor configuration.
Devices by Disk
Capacity
This widget shows a pie chart, where each section of the chart indicates the
percentage of free disk space on the managed devices. Hovering over each section
of the chart displays the percentage of managed devices that have the selected
percentage of free disk space. For example, if you hover over the red part of the
chart, the widget displays the percentage of devices whose free disk space is lower
than 25%.
Managed Operating This widget shows the percentage of managed devices that are running each
Systems
operating system. If the Organization component is enabled on your appliance, this
widget shows the percentage of devices in the selected organization.
Devices By
Manufacturer
This widget shows the top device manufacturers represented in device inventory.
If the Organization component is enabled on your appliance, this widget shows the
percentage of devices in the selected organization.
Devices By Model
This widget shows the top device models represented in KACE SMA device
inventory. If the Organization component is enabled on your appliance, this widget
shows the percentage of devices in the selected organization.
Devices By
Subtype
This widget shows a pie chart, where each section of the chart indicates the
percentage of the managed devices by device subtype.
Asset
Management
widgets
This section provides a high-level overview of your asset usage. Use it to quickly
review the state of your assets and look for any indicators that can improve your
asset configuration. For example, you can focus on how your software licenses are
used and identify which software titles need to have their license renewed.
Assets By Type
This widget shows a pie chart, where each section of the chart indicates the
percentage of your assets by their asset type, such as device, software, location,
license, and others. Hovering over each section of the chart displays the percentage
of the assets of the selected type.
KACE Systems Management Appliance 8.0 Administrator Guide
About Dashboard widgets
46
Widget
Description
Assets By Status
This widget shows a pie chart, where each section of the chart indicates the
percentage of your assets by their status, such as Active, Disposed, Missing, or
other. Hovering over each section of the chart displays the percentage of the assets
in the selected status.
Cost ($) of Unused
Licenses By
Product
This widget shows a bar chart, where each bar represents the cost of unused
licenses for each product. You can use this information to reassign or cancel unused
licenses, and to redirect your resource where they are most needed.
License
Compliance
If you have created License assets for software, this widget shows the number of
Agent-managed devices that have a particular licensed software installed, and the
number of licenses available. If the Organization component is enabled on your
appliance, the widget shows the information for the selected organization.
License assets can be created for applications listed on the Software page and the
Software Catalog page, and the license mode for applications must be Unit License
or Enterprise for license information to appear on this widget. Applications with other
license modes, such as Shareware, Freeware, or Not Specified, are not displayed on
this widget.
This widget is for information only, and the KACE SMA does not enforce license
compliance. For example, the appliance does not prevent software from being
installed on Agent-managed devices if a license is expired or otherwise out of
compliance.
The following colors indicate threshold levels:
•
Red: Usage is at or above the critical threshold setting.
•
Orange: Usage is at or above the warning threshold setting but below the
critical threshold setting.
•
Green: Usage is below the warning threshold setting.
To change the threshold levels, see Configure appliance General Settings without the
Organization component.
For information about managing License assets, see Managing inventory.
Software Titles
This widget displays the software titles defined in the Software Catalog, with the
highest number of installations on managed devices. If the Organization component
is enabled on your appliance, the widget shows the information for the selected
organization.
Software
Publishers
This widget displays the publishers defined in the Software Catalog, with the
highest number of software titles installed on managed devices. If the Organization
component is enabled on your appliance, the widget shows the information for the
selected organization.
Assets by Location
This widget shows a pie chart, where each section of the chart indicates the
percentage of your assets by their location. Hovering over each section of the chart
displays the percentage of the assets in the selected location.
Software Installed
But Not Used in 60
Days
This widget shows a bar chart, where each bar represents a software title and the
corresponding number of instances of that product that have not been in use in the
last 60 days. You can use this information to further investigate whether these titles
are needed, to reassign or uninstall unused software, and to redirect your resource
where they are most needed.
KACE Systems Management Appliance 8.0 Administrator Guide
About Dashboard widgets
47
Widget
Description
Expiring
Software License
Maintenance
This widget shows a vertical bar chart, where each bar represents the number of
software licenses that are about expire in the given time period.
Expired Software
License
Maintenance
This widget shows a pie chart representing the ration of expired and current licenses.
Hovering over each section of the chart displays the percentage of the software
licenses that are either expired or current, as selected.
Expiring Contracts
This widget shows a vertical bar chart, where each bar represents the number of
contracts that are about expire in the given time period.
Expired Contracts
This widget shows a pie chart representing the ration of expired and current
contracts. Hovering over each section of the chart displays the percentage of the
contracts that are either expired or current, as selected.
Software License
Configuration
If you set up License assets for software, and specify the license type, such as site,
subscription, or unit, that information is displayed in this widget. If the Organization
component is enabled on your appliance, the widget shows the information for the
selected organization.
View Dashboard details
Dashboard details show statistics for the appliance or the selected organization.
If the Organization component is enabled on your appliance, and you are logged in to the Administrator Console
(http://KACE_SMA_hostname/admin), the statistics are shown for the selected organization. When you are
logged in to the System Administration Console (http://KACE_SMA_hostname/system), the statistics are
shown for the appliance, including all organizations.
On new appliances that have no managed devices, the Dashboard Detail page shows zero or no records.
1.
2.
Do one of the following:
•
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if
Show organization menu in admin header is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
•
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system,
or select System from the drop-down list in the top-right corner of the page.
Click Home.
The Dashboard or System Dashboard page appears.
3.
In the top-right corner of the page, click View Details.
The Dashboard Detail page appears. It shows the following information:
Summary Section
Description
Alerts
Information about license capacity and usage for managed devices in inventory.
Devices
Information about managed devices, including a breakdown of the operating systems
in use.
In addition, if the number of managed devices exceeds the number allowed by your
license key, you are notified of it here.
KACE Systems Management Appliance 8.0 Administrator Guide
View Dashboard details
48
Summary Section
Description
Software
A summary of the applications that are available in inventory on the appliance. This
includes applications listed on the Software page and the Software Catalog page.
Distributions
The applications that have been distributed to managed devices, separated by
distribution method. This section also indicates the number of packages that are
enabled and disabled.
Monitoring Alerts
Summary
The number of unacknowledged alerts for monitored devices, grouped by alert level.
The following icons indicate alert level:
•
: Critical
•
: Error
•
•
•
Alert Summary
: Warning
: Information
: Recovered
The alerts that have been distributed to managed devices, separated by the alert
type. This summary also indicates the number of alerts that are active and expired.
The IT Advisory refers to the number of Knowledge Base articles in User Console.
Patches
The patches received from software vendors such as Microsoft® and Apple. The
summary includes the date and time of the last patch (successful and attempted),
total patches, and total packages downloaded.
OVAL
Information about the Open Vulnerability Assessment Language (OVAL), a battery
of tests that can be run to identify security vulnerabilities on managed devices. OVAL
information includes:
Discovery
(Network Scan)
•
The definitions received
•
The date and time of the last OVAL download (attempted and successful)
•
The number of OVAL tests in the appliance
•
The number of devices scanned
•
The number of vulnerabilities detected on managed devices
The results of Discovery scans that have run on the network, including the number of
IP addresses scanned, the number of services discovered, and the number of scans
that have been performed.
NOTE: When this page is refreshed, the record count is updated. New KACE SMA installations
contain zero records.
For more information about OVAL, see Maintaining device and appliance security.
KACE Systems Management Appliance 8.0 Administrator Guide
View Dashboard details
49
View the KACE SMA version, model, and license information
The About KACE SMA link in the Help panel displays the KACE SMA version, model, and license information.
1.
Log in to the User Console, Administrator Console, or System Console.
2.
In the upper right of the Administrator Console, click Need Help.
A help pane appears on the right containing high-level information about the related Administrator Console
page. The bottom of the help pane includes the following buttons:
◦
Appliance Administrator Guide( ): Provides access to the KACE System Management Appliance
help contents.
◦
Knowledge Base ( ): Allows you to browse the Knowledge Base articles associated with the related
Administrator Console page.
◦
Live Chat ( ): Starts a chat with a KACE System Management Appliance product specialist.
◦
NOTE: This option is available if the appliance is configured to interact with the K1 GO Mobile
App. It only appears in the Administrator Console and the System Console. It does not appear
in the User Console For more information on enabling mobile access, see Configuring Mobile
Device Access.
About KACE SMA ( ): Displays information about your KACE System Management Appliance
installation.
3.
NOTE: This option is only available in the Administrator Console and the System Console. It does
not appear in the User Console.
KACE GO Mobile App ( ): Displays a dialog containing links for downloading the KACE GO Mobile
App. The app is available for iOS and Android platforms.
◦
NOTE: This option is only available in the Administrator Console and the System Console. It does
not appear in the User Console.
Support ( ): Links to the Settings > Support page. This page provides resources for troubleshooting
system management issues and contacting Quest Support.
◦
NOTE: This option is only available in the Administrator Console and the System Console. It does
not appear in the User Console.
Open Ticket ( ): Links to the Support page (https://support.quest.com/create-service-request) that
allows you to create a service request.
◦
NOTE: This option is only available in the Administrator Console and the System Console. It does
not appear in the User Console.
NOTE: This option is only available in the Administrator Console and the System Console. It does
not appear in the User Console.
Click the About KACE SMA link located at the bottom-right corner of the panel.
The KACE SMA license information is displayed.
◦
The appliance version, model, and serial numbers.
◦
The license expiration date, in month/day/year format.
◦
The number of Managed Computers, Monitored Servers, and Assets that your license entitles you to
manage.
Managed Computers are devices in KACE SMA inventory that 1) have Windows, Mac, Linux, or
UNIX operating systems, 2) are categorized as PCs or servers, and 3) were not added to inventory
manually, through the WSAPI, or through mobile device management.
KACE Systems Management Appliance 8.0 Administrator Guide
View the KACE SMA version, model, and license information
50
Monitored Servers are servers that 1) meet the requirements for Managed Computers and 2) have
Monitoring enabled.
Assets that count toward your license limit include devices that 1) have been added to the KACE SMA
inventory but do not meet the definition of Managed Computers or Monitored Servers and 2) were
not added to inventory manually, through the WSAPI, or through mobile management. Examples of
Assets include printers, projectors, network gear, and storage devices. The assets you create and
manage using the Asset Management component do not count toward the license limit.
NOTE: Your KACE SMA license agreement entitles you to manage a specified number of
devices. Be aware that devices count toward these limits even if devices are MIA (missing in
action) or no longer in use. However, devices that are added to inventory manually, or through
the API, do not count toward license limits. For more information, see https://quest.com/docs/
Product_Guide.pdf.
NOTE: To increase your license capacity, go to the Quest website: https://quest.com/buy.
◦
License terms and conditions.
◦
Third-party code attributions.
Optional: View KACE SMA license information with enabled components. See View KACE SMA license
information.
View KACE SMA license information
KACE SMA license information appears in the Appliance Updates section of the Administrator Console.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Appliance Updates.
3.
In the License Information section, click the Help button:
.
The following information appears:
◦
Managed Computers: The number of Managed Computers your license entitles you to manage.
Managed Computers are devices in KACE SMA inventory that 1) have Windows, Mac, Linux, or
UNIX operating systems, 2) are categorized as PCs or servers, and 3) were not added to inventory
manually, through the WSAPI, or through mobile device management
◦
Monitored Servers: The number of Monitored Servers your license entitles you to manage.
Monitored Servers are servers that 1) meet the requirements for Managed Computers and 2) have
Monitoring enabled.
◦
Assets: Assets that count toward your license limit include devices that 1) have been added to the
KACE SMA inventory but do not meet the definition of Managed Computers or Monitored Servers
and 2) were not added to inventory manually, through the WSAPI, or through mobile management.
Examples of Assets include printers, projectors, network gear, and storage devices. The assets you
create and manage using the Asset Management component do not count toward the license limit.
KACE Systems Management Appliance 8.0 Administrator Guide
View KACE SMA license information
51
NOTE: Your KACE SMA license agreement entitles you to manage a specified number of
devices. Be aware that devices count toward these limits even if devices are MIA (missing in
action) or no longer in use. However, devices that are added to inventory manually, or through
the API, do not count toward license limits. For more information, see http://quest.com/docs/
Product_Guide.pdf.
NOTE: To increase your license capacity, go to the Quest website: https://quest.com/buy.
◦
Expires: The license expiration date, in month/day/year format.
◦
Components: The components enabled under your license.
Optional: View the KACE SMA serial number, model number, license terms and conditions, and third-party code
attributions. See View the KACE SMA version, model, and license information.
About appliance software updates
The KACE SMA checks with the servers at Quest daily for software updates. These updates are referred to as
advertised updates.
If updates are available, an alert appears on the Home page of the Administrator Console the next time you log in
with Administrator account privileges.
Related topics
Upload an update file to the appliance manually.
About labels
Labels are containers that enable you to organize and categorize items, such as devices, so that you can manage
them as a group.
For example, you can use labels to identify devices that have the same operating system or that are in the same
geographic location. You can then initiate actions, such as distributing software or deploying patches, on all of
the devices with that label. Labels can either be manually assigned to specific items or automatically assigned to
items when they are associated with criteria, such as SQL or LDAP queries.
You can add labels from the Labels section as well as from other sections of the Administrator Console where
labels are used, such as the Devices page.
The following labels are available:
•
Labels: Labels that are applied manually and used to organize users, devices, software, Managed
Installations, and more. See Managing manual labels.
•
Smart Labels: Labels that are applied and removed automatically based on criteria you specify. For
example, to track laptops in a specific office, you could use a label called “San Francisco Office,” and add
a Smart Label based on the IP address range or subnet for devices located in the San Francisco office.
Whenever a device that falls within the IP address range is inventoried, the Smart Label “San Francisco” is
automatically applied. When the device leaves the IP address range, and is inventoried again, the label is
automatically removed. See Managing Smart Labels.
•
LDAP Labels: Labels that are applied to and removed from users and devices automatically based on
LDAP or Active Directory® queries. See Managing LDAP Labels.
Related topics
Managing Smart Labels
Managing LDAP Labels
KACE Systems Management Appliance 8.0 Administrator Guide
About labels
52
Searching for information and filtering lists
You can search the KACE SMA databases, and filter list pages, to find information on the appliance.
If the Organization component is enabled on your appliance, you can search the database of each organization
separately. You cannot search the databases of all organizations at once, and you cannot search at the System
level.
Search at the Admin level
You can search the Admin-level databases to find information on the appliance.
If the Organization component is enabled on your appliance, you can search the database of each organization
separately. You cannot search the databases of all organizations at once, and you cannot search at the System
level.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Do one of the following:
•
Click the Search button in the top-right corner of the page to display the Search field. Then type at
least four characters in the Global Search field and press Enter or Return. The following illustration
shows this Search field:
•
Click Home > Search. Then type at least four characters in the Search field that appears above the
list on the right, and press Enter or Return. The following illustration shows this Search field:
TIP: Use the percent sign (%) as a wildcard. For example, you can use the percent sign in a search string
to find all items that match the criteria before and after the percent sign.
Search at the page level
Page-level Search enables you to search for information on the current page.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Go to a list page. For example, on the left navigation bar, click Inventory. The Devices page appears.
3.
On the list page, Devices in this example, enter the search text into the Search field in the top-right corner
of the page. Press Enter or Return to begin the page level search.
The following illustration shows the Page-level Search field:
KACE Systems Management Appliance 8.0 Administrator Guide
Search at the page level
53
TIP: Use the percent sign (%) as a wildcard. For example, you can use the percent sign in a search string
to find all items that match the criteria before and after the percent sign.
Searching at the page level with advanced options
Advanced page-level Search enables you to search for information on the current page using various
combinations of criteria. Advanced page-level Search is available on most list pages, such as the Devices page
and the Software page.
Example: Search for managed devices using Advanced Search criteria
This example shows how to use Advanced page-level Search to find Windows devices that are running low on
disk space.
When a scoped user performs an advanced search on devices, and their user role is associated with a Smart
Label, the results only include the devices that are associated with the Smart Label. To see additional devices,
you can change the scope of Smart Label, as needed. For more information on how to configure a device scope
for a user role, see Add or edit User Roles. For details about Smart Labels, see Managing Smart Labels.
1.
2.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
Click the Advanced Search tab above the Devices list on the right.
The Advanced Search panel appears.
3.
Specify the criteria required to find Windows devices:
Operating System: Name | contains | Windows
4.
With AND selected in the operator drop-down list, click Add Line to add a new line, then specify the criteria
required to find devices that are low on disk space:
Drive Information: Disk % Capacity | > | 95
5.
Click Search.
The list is refreshed to show devices that match the specified criteria.
Add Smart Labels and Notifications using Advanced Search criteria
You can add Smart Labels and notifications using criteria in the Advanced Search panel.
KACE Systems Management Appliance 8.0 Administrator Guide
Searching at the page level with advanced options
54
When a scoped user performs an advanced search on devices, and their user role is associated with a Smart
Label, the results only include the devices that are associated with the Smart Label. To see additional devices,
you can change the scope of Smart Label, as needed. For more information on how to configure a device scope
for a user role, see Add or edit User Roles. For details about Smart Labels, see Managing Smart Labels.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Go to a list page. For example, on the left navigation bar, click Inventory to display the Devices page.
3.
Click the Advanced Search tab above the list on the right and enter the search criteria.
See Example: Search for managed devices using Advanced Search criteria.
4.
Click the Smart Label tab above the list on the right.
The Smart Label panel appears, and the selected search criteria remain available.
5.
6.
In the Choose label drop-down list, do one of the following:
•
Select an existing label to associate with the Smart Label. Type in the Choose label field to search for
existing labels.
•
Enter a new name for the Smart Label in the Choose label field, then press Enter or Return.
NOTE: Press Enter or Return after you enter a new Smart Label name to move the text from the
search field to the label field.
Click Create.
Smart Labels are applied as follows:
7.
◦
Smart Labels are automatically applied to or removed from devices when devices check in to the
appliance, based on whether the devices meet the specified criteria.
◦
If a specific application Smart Label is edited using Home > Labels > Smart Labels, it is applied to or
removed from all applications immediately.
◦
Smart Labels are automatically applied to or removed from applications when the items are updated
on the Inventory > Software page, based on whether the items meet the specified criteria.
Click the Notification tab above the list on the right.
The Notification panel appears, and the selected search criteria remain available.
8.
Provide the following information:
Field
Description
Title
The information that you want to appear in the Subject line of the email.
KACE Systems Management Appliance 8.0 Administrator Guide
Searching at the page level with advanced options
55
Field
Description
Recipient
The email address or addresses of intended recipients. Email addresses must be fully
qualified email addresses. To send email to multiple addresses, use commas to separate
each address, or use email distribution lists.
Frequency
The interval at which the appliance runs the query to compare the selected criteria with
items in inventory. If criteria are met, the notification is sent.
9.
Optional: To verify the criteria, click Test Notification.
The list is refreshed to show items that match the specified criteria. No email notifications are sent during
the test.
10. Click Create Notification.
The notification is added and it appears on the Email Alerts page.
For information about scheduling the frequency of the notification, see Edit notification schedules.
Related topics
Example: Search for managed devices using Advanced Search criteria
Load Smart Labels from the Advanced Search tab
You can load Smart Labels from list pages on which the Advanced Search tab is available.
When a scoped user performs an advanced search on devices, and their user role is associated with a Smart
Label, the results only include the devices that are associated with the Smart Label. To see additional devices,
you can change the scope of Smart Label, as needed. For more information on how to configure a device scope
for a user role, see Add or edit User Roles. For details about Smart Labels, see Managing Smart Labels.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Go to a list page. For example, click Inventory to display the Devices list.
3.
Click the Advanced Search tab above the list on the right to display the Advanced Search panel.
4.
At the top of the Advanced Search panel, in the Smart Label drop-down list, select the Smart Label you
want to load.
The drop-down list shows Smart Labels that match the list page you are viewing. For example, on the
Devices page, the drop-down list shows Device Smart Labels. In addition, labels are displayed only if the
underlying SQL has not been edited outside of the Smart Label wizard. This is because the wizard cannot
be used to display custom SQL.
5.
Click Load.
The criteria of the selected Smart Label appears in the Advanced Search panel.
Create Custom Views using Advanced Search criteria
You can create Custom Views using Advanced Search criteria. Custom Views display list items using predefined
Advanced Search criteria. Custom Views are available on list pages such as the Software Catalog page, the
Assets page, and the Service Desk Tickets page.
KACE Systems Management Appliance 8.0 Administrator Guide
Create Custom Views using Advanced Search criteria
56
Custom Views are user-specific. Users cannot access the Custom Views that are created by other users.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Go to a page that has the Custom View option, such as the Software Catalog page or the Assets page.
3.
Click the Advanced Search tab on the top-right corner of the page and enter the search criteria.
4.
Click the Custom View tab on the top-right corner of the page to display the Custom View panel.
5.
Select Custom View criteria. For example, to create a view on the Software Catalog page that displays
all Windows devices that have metered applications in the category of Infrastructure Applications, do the
following:
a.
Specify the criteria required to find applications categorized as Infrastructure Applications:
Category | = | Infrastructure Applications
b.
With AND selected in the operator drop-down list, click Add Line to add a new line.
c.
Specify the criteria required to find applications that are metered:
Metered | is | True
d.
With AND selected in the operator drop-down list, click Add Line to add a new line.
e.
Specify the criteria required to find Windows devices:
Platform | = | Windows
6.
Optional: Click Test to refresh the list to show items that match the specified criteria.
7.
In the View Name field, type a name for the Custom View, then click Create.
The Custom View appears in the View By drop-down list.
Related topics
Example: Search for managed devices using Advanced Search criteria
Access product documentation
The Administrator Console provides access to help contents and documentation search. It also allows you to
browse related Knowledge Base articles, and to chat with product specialists, when needed.
1.
Log in to the User Console, Administrator Console, or System Console.
2.
In the upper right of the Administrator Console, click Need Help.
A help pane appears on the right containing high-level information about the related Administrator Console
page. The bottom of the help pane includes the following buttons:
◦
Appliance Administrator Guide( ): Provides access to the KACE System Management Appliance
help contents.
◦
Knowledge Base ( ): Allows you to browse the Knowledge Base articles associated with the related
Administrator Console page.
KACE Systems Management Appliance 8.0 Administrator Guide
Access product documentation
57
◦
Live Chat ( ): Starts a chat with a KACE System Management Appliance product specialist.
◦
NOTE: This option is only available in the Administrator Console and the System Console. It does
not appear in the User Console.
KACE GO Mobile App ( ): Displays a dialog containing links for downloading the KACE GO Mobile
App. The app is available for iOS and Android platforms.
◦
NOTE: This option is only available in the Administrator Console and the System Console. It does
not appear in the User Console.
Support ( ): Links to the Settings > Support page. This page provides resources for troubleshooting
system management issues and contacting Quest Support.
◦
NOTE: This option is only available in the Administrator Console and the System Console. It does
not appear in the User Console.
Open Ticket ( ): Links to the Support page (https://support.quest.com/create-service-request) that
allows you to create a service request.
◦
NOTE: This option is only available in the Administrator Console and the System Console. It does
not appear in the User Console.
NOTE: This option is available if the appliance is configured to interact with the K1 GO Mobile
App. It only appears in the Administrator Console and the System Console. It does not appear
in the User Console For more information on enabling mobile access, see Configuring Mobile
Device Access.
About KACE SMA ( ): Displays information about your KACE System Management Appliance
installation.
NOTE: This option is only available in the Administrator Console and the System Console. It does
not appear in the User Console.
3.
Click a link in the page-level Help topic.
4.
Click the Search tab in the left pane of the Help system.
The main Help system appears, displaying the selected topic.
All search terms use an implicit Boolean AND statement. For example, if you search for Windows
provisioning, Search displays results that contain both words.
TIP: For a PDF version of the Help system, click the Acrobat button on the right side of the main
5.
Help system navigation bar (
).
Administrator or System Console only. Search for Knowledge Base articles associated with the related
Administrator Console or the System Console page.
a.
At the bottom of the help pane, click
.
The help pane displays a list of related Knowledge Base articles.
NOTE: Knowledge Base articles are currently only available in English.
b.
Use the navigation buttons to look for a specific article.
c.
Search the listed articles for a specific keyword, as needed.
d.
When you find a desired article, click the link in the help pane.
The selected Knowledge Base article appears on a new tab in your browser.
KACE Systems Management Appliance 8.0 Administrator Guide
Access product documentation
58
6.
IMPORTANT: To see the article contents, you must log in to the Quest Support site using your
Quest user name and password.
Administrator or System Console only. Chat with a product specialist.
a.
Click
.
The Live Chat dialog box appears.
7.
NOTE: You can only use this feature when product specialists are available to respond to your
questions. If Live Chat is not available, this is indicated in the dialog box.
b.
In the Live Chat dialog box, in the provide your full name and email address.
c.
Click Product, and in the list that appears, select KACE Systems Management Appliance.
d.
Click Start Chat.
Administrator or System Console only. Open a Support ticket.
a.
Click
.
Your browser displays the Submit a Service Request page (https://support.quest.com/createservice-request) in a new tab or window.
b.
8.
Use this page to open a service ticket, as required.
Administrator or System Console only. Click
.
The Settings > Support page appears. This page provides resources for troubleshooting system
management issues and contacting Quest Support.
9.
Administrator or System Console only, when mobile access is enabled on the appliance.
NOTE: For more information on enabling mobile access, see Configuring Mobile Device Access.
a.
Click
.
A dialog box appears, allowing you to download KACE GO. The app is available for iOS and
Android platforms from their respective app stores.
b.
Click the link for your mobile device OS, as needed, to download the app.
For more information about downloading and configuring KACE GO, seeDownload and use KACE
GO.
10. Administrator or System Console only. Review information about your KACE System Management
Appliance installation.
a.
Click
.
A dialog box displaying product information appears.
b.
To close it, click Close.
11. To close the help pane, click Need Help.
Log in to the Administrator Console: First login
following initial network configuration
After the network settings are configured and the appliance restarts, you can log in to the appliance Administrator
Console from any computer on the LAN (local area network).
During the first login following initial network configuration, you must provide your appliance license key and set
the password for the admin account.
KACE Systems Management Appliance 8.0 Administrator Guide
Log in to the Administrator Console: First login following initial network configuration
59
1.
NOTE: Your browser setting determines the language displayed in the Administrator Console the first time
you log in. To change this setting after you log in, see Configuring locale settings.
Open a web browser and enter the Administrator Console URL:
http://KACE_SMA_hostname/admin. For example, http://kace_sma/admin.
2.
Provide the following information:
Option
Description
License Key
Enter the license key you received in the Welcome email from Quest. Include the dashes. If
you do not have a license key, contact Quest Support at https://support.quest.com/contactsupport.
Password
Enter a password for the default admin account, which is the account you use to log in to
the appliance Administrator Console. The default admin account is the only account on the
appliance at this time. If you forget the password for this account, the system might have to
be reset to factory defaults which can result in loss of data.
NOTE: If you have multiple KACE SMA or SDA appliances, Quest recommends
that you use the same password for the admin account on all appliances. Using a
common password enables you to link the appliances later.
Company
Name
Enter the name of your company or group.
Timezone
Select the timezone where the appliance is located.
3.
Click Apply Settings and Reboot.
The appliance restarts.
4.
When the appliance has restarted, refresh the browser page.
5.
Accept the End User License Agreement (EULA), then log in using the login ID admin and the password
you chose on the initial setup page.
6.
Select or clear the check boxes next to the notification fields to enable or disable email notifications
for the administrator account. You can change these settings later as needed. See Manage appliance
administrator email notifications.
Option
Description
Enable Quest Enable Quest to send security notifications to the email address of this administrator.
This feature is available only to System-level administrator accounts. It is not available to
Security
Notifications Admin-level administrator accounts, or non-administrator user accounts.
Enable Quest Enable Quest to send sales and marketing notifications to the email address of this
administrator. This feature is available only to System-level administrator accounts; it is not
Sales and
available to Admin-level administrator accounts, or non-administrator user accounts.
Marketing
Notifications
The Administrator Console appears and the appliance is ready for use.
KACE Systems Management Appliance 8.0 Administrator Guide
Log in to the Administrator Console: First login following initial network configuration
60
Getting started
To use the KACE Systems Management Appliance (SMA), you need to configure appliance settings to match
your network configuration.
In addition, you can set up Labels, User Authentication, Replication Shares, Credentials Management, Assets,
License Compliance, and Service Desk features to meet the needs of your environment. If the Organization
component is enabled on your appliance, you can add or edit organizations and organization settings as needed.
Configuring the appliance
Appliance configuration consists of setting up network, security, locale, and other settings on the appliance.
Requirements and specifications
KACE SMA technical specifications describe appliance capacity and requirements for managing devices.
For the latest information about KACE SMA hardware, requirements for managed devices, and browser
requirements for accessing the Administrator Console, see the technical specifications:
•
For physical appliances: Go to https://support.quest.com/technical-documents/kace-sma/8.0/technicalspecifications-for-physical-appliances/.
•
For virtual appliances: Go to https://support.quest.com/technical-documents/kace-sma/8.0/technicalspecifications-for-virtual-appliances/.
•
For KACE as a Service: Go to https://support.quest.com/technical-documents/kace-sma/8.0/technicalspecifications-for-kace-as-a-service/.
NOTE: To run Device Actions, you must have the Administrator Console open in Internet Explorer®,
because ActiveX® is required to launch these programs on the local device. Other browsers do not support
ActiveX.
Power-on the appliance and log in to the
Administrator Console
When the appliance is powered on for the first time, you can log in to the KACE SMA Administrator Console from
any computer on your LAN, provided that a DHCP server is available to assign an IP address to the appliance.
This enables you to use the setup wizard to configure initial network settings.
•
If you have the virtual version of the virtual KACE SMA, download the appliance software and set up the
virtualization infrastructure. For more information, see the setup guide for the virtual appliance. Go to
https://support.quest.com/kace-systems-management-appliance/release-notes-guides.
•
If you are installing the physical version of the appliance, review and follow the safety instructions in the Dell
PowerEdge R430 Getting Started With Your System document and any other safety instructions shipped
with the appliance. The Quest appliance is a specially configured platform and does not require you to
KACE Systems Management Appliance 8.0 Administrator Guide
Power-on the appliance and log in to the Administrator Console
61
install or remove internal components, update firmware, or modify BIOS settings. To set up the appliance,
follow the instructions in this document only.
•
In the A record of your internal DNS (domain name system) server, enter the appliance’s hostname. The A
record defines the hostname for the MX record, and this enables users to send email tickets to the Service
Desk. By default, the appliance’s host name is k1000, but you can change it during initial setup.
•
Decide whether to use a split DNS. Using a split DNS is useful if the appliance connects to the internet
using a reverse proxy, or if you place the appliance in a DMZ (demilitarized zone) or screened subnet. A
DMZ adds an additional layer of security to a LAN (local area network).
•
(Optional) Obtain a static IP address for the appliance.
If a DHCP server is not available, you can configure network settings using the Command Line Console. See
Access the Command Line Console.
1.
NOTE: For information about logging in to KACE as a Service, see the KACE as a Service Setup Guide.
Go to https://support.quest.com/kace-systems-management-appliance/release-notes-guides.
If you are configuring the physical version of the appliance:
a.
Install the appliance in its rack and connect a monitor directly to the appliance.
b.
Connect a network cable to the port indicated:
c.
Power on the appliance.
The Command Line Console login screen appears on the monitor connected to the appliance.
The login screen shows the appliance's DHCP network settings.
2.
If you are configuring the virtual version of the appliance, power on the virtual machine to boot the
appliance.
This first-time startup takes 5 to 10 minutes.
The Command Line Console login screen appears showing the appliance's DHCP network settings.
3.
On any computer connected to your LAN, open a browser and go to the URL shown on the Command Line
Console login screen. For example, http://kace_sma.local/admin.
The Software Transaction Agreement page appears.
4.
Accept the agreement.
5.
Verify that you have the information required to configure the appliance, then click Next.
6.
Review the information on the System Support Two-Factor Authentication page that appears, and record
the secret key and offline tokens in a secure place, as instructed.
7.
On the Licensing and Administrator Settings page, provide the following information:
The Initial Setup wizard appears.
Option
Description
License Key
The license key you received in the Welcome email
from Quest. Include the dashes. If you do not have
a license key, contact Quest Support at https://
support.quest.com/contact-support.
Company Name
The name of your company or group.
Administrator Email
The email address where you want to receive
communications from Quest.
KACE Systems Management Appliance 8.0 Administrator Guide
Power-on the appliance and log in to the Administrator Console
62
Option
Description
Password
The password for the default admin account, which
is the account you use to log in to the appliance
Administrator Console. The default admin account
is the only account on the appliance at this time. If
you forget the password for this account, the system
might have to be reset to factory defaults, which can
result in loss of data.
8.
NOTE: If you have multiple KACE SMA or
SDA appliances, Quest recommends that
you use the same password for the admin
account on all appliances. Using the same
admin account password enables you to
link the appliances later. See Linking Quest
KACE appliances.
Follow the onscreen instructions to complete the initial setup.
When the initial setup is complete, the appliance restarts and the Administrator Console login page
appears.
9.
NOTE: If you changed the appliance IP address, go to the new address to display the login page.
Log in to the Administrator Console using the login ID admin and the password you chose during initial
setup.
The Administrator Console appears and the appliance is ready for use. Your browser setting determines
locale formats used for date and time information displayed in the Administrator Console the first time you
log in. For information about changing the language settings, see Configuring locale settings.
Access the Command Line Console
The Command Line Console is a terminal window interface to the KACE SMA. You can use this interface to
configure appliance settings, just as you would in the appliance Administrator Console. This is useful if a DHCP
server is not available and you cannot log in to the Administrator Console.
The Command Line Console is not used with K1 as a Service.
1.
If you have a physical version of the appliance:
a.
Connect a monitor and keyboard directly to the appliance.
b.
Connect a network cable to the port indicated:
c.
Power on the appliance.
The Command Line Console login screen appears on the monitor connected to the appliance.
2.
If you have a virtual version of the appliance, power on the virtual machine to boot the appliance.
3.
At the prompts, enter:
The Command Line Console login screen appears.
Login: konfig
KACE Systems Management Appliance 8.0 Administrator Guide
Access the Command Line Console
63
Password: konfig
4.
Choose the language to use for the Command Line Console. Use the up- and down-arrow keys to move
between fields.
5.
Configure network settings. See Change appliance network settings.
TIP: Use the right- and left-arrow keys to select options in a field; use the up- and down-arrow
keys to move between fields.
6.
Use the down-arrow key to move the cursor to Save, then press Enter or Return.
The appliance restarts.
Tracking configuration changes
If History subscriptions are configured to retain information, you can view the details of the changes made to
settings, assets, and objects.
This information includes the date the change was made and the user who made the change, which can be useful
during troubleshooting.
Related topics
About history settings
Configuring System-level and Admin-level General
Settings
If the Organization component is enabled on your appliance, General Settings are available at the System level
and at the Admin level. If the Organization component is not enabled on your appliance, all General Settings are
available at the Admin level.
If the Organization component is enabled on your appliance, see:
•
Configure appliance General Settings with the Organization component enabled.
•
Configure Admin-level or organization-specific General Settings.
If the Organization component is not enabled, see:
•
Configure appliance General Settings without the Organization component.
Configure appliance General Settings with the Organization
component enabled
If the Organization component is enabled on your appliance, configure appliance General Settings at the System
level.
If the Organization component is not enabled on your appliance, see Configure appliance General Settings
without the Organization component.
1.
Go to the System-level General Settings page:
a.
b.
c.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Settings.
On the Control Panel, click General Settings.
In the top section, provide the following information:
KACE Systems Management Appliance 8.0 Administrator Guide
Configure appliance General Settings with the Organization component enabled
64
Option
Description
Company Name
Enter the name of your company.
Default Locale
Select the language to use in the Command Line Console, which uses the konfig
user account.
Company Email
Suffix
Enter the domain from which your users send email. For example: quest.com.
Appliance
Administrator
Email
Enter the email address of the appliance administrator. System-related messages,
including critical alerts, are sent to this address.
Session Timeout
Set the number of inactive hours to allow before closing user sessions and requiring
users to log in again. The default is 1. The User Console and Administrator Console
have Timeout Session counters to alert users of this time limit. Only periods of
inactivity are counted. The counter restarts when the user performs any action
that causes the console to interact with the appliance server, such as refreshing a
window, saving changes, and changing windows. When the counter reaches the limit,
the user is logged out, unsaved changes are lost, and the login screen appears. The
Timeout Session counter appears in the upper right of each console.
Enable mobile
device access
Enable or disable Mobile Device Access to the appliance. Mobile device access
enables you to interact with the KACE SMA using the KACE GO app on iOS and
Android smart phones and tablets. Administrators can use the app to access Service
Desk, inventory, and application deployment features. See Configuring Mobile Device
Access.
Require
organization
selection at login
Display the Organization drop-down list on the Administrator Console login
page, http://KACE_SMA_hostname/admin, where KACE_SMA_hostname
is the hostname of your appliance. This enables you to choose an organization
when you log in. If this option is disabled, the Organization drop-down list is not
displayed on the login page, and you can only log in to the Default organization from
http://KACE_SMA_hostname/admin. If organization fast switching is enabled,
however, you can switch between organizations after you log in to the Default
organization.
Show
organization
menu in admin
header
Display the fast-switching drop-down list in the top-right corner of the Administrator
Console next to the login information. This drop-down list makes it possible to bypass
the login page when you switch from one organization to another. To appear in
the drop-down list, organizations must have the same admin account password;
only those organizations whose admin account passwords match appear in the list.
Changes to the drop-down list are displayed only after you log out and then log in
again.
Enable linked
reporting
Select to allow the generation of reports from Federated (linked) KACE SMAs.
3.
In the Agent section, view or configure KACE SMA Agent task throughput:
Option
Description
Last Task
Throughput
Update
This value indicates the date and time when the appliance task throughput was last
updated.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure appliance General Settings with the Organization component enabled
65
Option
Description
Current Load
Average
The value in this field depicts the load on an appliance at any given point of time. For
the appliance to run normally, the value in this field must be between 0.0 and 10.0.
Task Throughput
The value that controls how scheduled tasks, such as inventory collection, scripting,
and patching updates, are balanced by the appliance.
4.
NOTE: This value can be increased only if the value in the Current Load
Average is not more than 10.0, and the Last Task Throughput Update time is
more than 15 minutes.
In the User Console section, modify the text as needed:
Option
Description
Title
The heading that appears on the User Console login page.
Welcome Message A welcome note or description of the User Console. This text appears below the title
on the User Console login page.
5.
In the Acceptable Use Policy section, select policy settings:
Option
Description
Enabled
Enable the appliance to display your policy, and require users to accept the terms
of your policy, when they access the Administrator Console, User Console, or
Command Line Console, or log in using SSH or FTP.
Title
The heading of the policy to be displayed on the login page of the User Console.
Message
Details of the policy, which are displayed below the Title on the login page. Users
must agree to the terms of the policy before they can log in to the User Console.
6.
In the Reporting section, specify the password for the reporting system:
Option
Description
Username
(Read-only) The username used to generate reports. The report username provides
access to the database (for additional reporting tools), but does not give write access
to anyone.
User Password
The report user password. This password is used only by the reporting system and
MySQL™.
7.
In the Log Retention section, select the number of days to retain log information. Log entries that are older
than the selected number of days are automatically deleted from the log. See View appliance logs.
8.
In the Share with Quest section, select data sharing options:
To validate the KACE SMA product license, Quest collects minimal license-related information, such as the
MAC Address of the KACE SMA, the version of the KACE SMA software, the license key, and the number
of managed devices, regardless of the data sharing options selected in this section.
Option
Description
Share summary
usage data...
(Recommended) Share summary information with Quest. This information includes
appliance status, uptime, and load averages, as well as the number of devices,
Managed Installations, and applications being managed by the appliance. This option
is recommended because it provides additional information to Quest Support if you
KACE Systems Management Appliance 8.0 Administrator Guide
Configure appliance General Settings with the Organization component enabled
66
Option
Description
need assistance. In addition, data shared with Quest is used when planning product
enhancements.
Share detailed
usage data...
(Recommended) Share detailed information with Quest and share anonymous
information with ITNinja.com. This information includes Agent and appliance crash
reports, user interface usage statistics, and inventory information, such as application
titles. Quest uses this information to help improve the Software Catalog, and ITNinja
uses anonymous data to identify relevant content on http://www.itninja.com for
dynamic feeds to the KACE SMA Administrator Console.
ITNinja.com is a community website where IT professionals can share information
and research on a wide variety of systems management and deployment topics. The
ITNinja feed is a feature that dynamically displays software deployment tips and other
contextual information on relevant pages in the KACE SMA Administrator Console.
To enable the ITNinja feed, you need to select Share detailed Usage data.... This
setting shares information anonymously with ITNinja. The ITNinja feed is available
only if Share Summary Usage Data... is selected, and it is available only on pages
related to software or deployment, such as the software, Managed Installation, and
File Synchronization detail pages. The feed is not available on the Software Catalog
detail page.
Clear this option to prevent the appliance from sharing inventory data with the ITNinja
community. However, clearing this option does not remove any information that has
already been shared. For more information, contact Quest Support.
9.
To use a custom logo in the User Console, select images in the Logo Overrides section. Click Browse or
Choose File to select the logo file.
NOTE: You can change the logo in the User Console only; you cannot change the logo in the
Administrator Console.
Option
Description
User Console
The logo or other graphic displayed at the top of the User Console. The User
Console is the web-based interface that makes applications available to users
on a self-service basis. It also enables users to file Service Desk support tickets
to request help or report issues. To access the User Console, go to http://
<KACE_SMA_hostname>/user where <KACE_SMA_hostname> is the hostname of
your appliance. Follow these guidelines for User Console graphics:
Report
•
224 pixels wide by 50 pixels high is the default size.
•
104 pixels wide by 50 pixels high stays inside the blue highlight around the Log
Out link.
•
300 pixels wide by 75 pixels high is the maximum size that does not impact the
layout.
This setting controls the logo used when generating System-level reports.
Upload a logo or other graphic to be displayed at the top of reports. The graphic must
be 201 pixels wide by 63 pixels high as specified in the auto-generated XML layout.
To use a different size, adjust the output of the XML report.
To see the default report logo and a customized version, refer to the following
illustrations.
Figure 1. Default User Console logo
KACE Systems Management Appliance 8.0 Administrator Guide
Configure appliance General Settings with the Organization component enabled
67
Figure 2. Custom User Console logo
Figure 3. Default report logo
Figure 4. Custom report logo
Figure 5. Default Alert logo
KACE Systems Management Appliance 8.0 Administrator Guide
Configure appliance General Settings with the Organization component enabled
68
Figure 6. Custom Alert logo
10. Click Save and Restart Services.
Related topics
Configuring locale settings
Configuring Mobile Device Access
Creating and managing organizations
Configure Admin-level or organization-specific General Settings
If the Organization component is enabled on your appliance, configure organization-specific General Settings at
the Admin level. You configure the General Settings for each organization separately.
See Adding, editing, and deleting organizations.
If the Organization component is not enabled on your appliance, see Configure appliance General Settings
without the Organization component.
1.
2.
Go to the Admin-level General Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click General Settings.
In the General Options section, view or enter the following information.
Option
Description
Last Updated
and Organization
Name
(Read-only) The date the information was changed and the name of the organization.
Organization Name can be edited at the System level. See Add or edit organizations.
Company Name
Enter the name of your company.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure Admin-level or organization-specific General Settings
69
Option
Description
Administrator
Email
Enter the email address of the appliance administrator. System-related messages,
including critical alerts, are sent to this address.
Company Email
Suffix
Enter the domain from which your users send email. For example: example.com.
3.
Optional: In the Locale Settings section, specify locale settings. See Configuring locale settings.
Option
Description
Organization
Locale
Select the locale to use for the selected organization’s Administrator Console and
User Console. If you have multiple organizations, you can select different locales for
each one. See:
4.
•
Adding, editing, and deleting organizations
•
Configuring locale settings
Optional: In the Samba Share Settings section, select file sharing options then click Save Samba Settings.
If File Shares are disabled, you need to enable them at the System level before you can enable them for
the organization. See Configure security settings for the appliance.
Option
Description
Enable File
Sharing
Use the appliance's client share to store files, such as files used to install applications
on managed devices.
The appliance’s client share is a built-in Windows file server that can be used by
the provisioning service to assist in distributing the Samba client on your network.
Quest recommends that this file server only be enabled when you perform application
installations on managed devices.
File Share User
‘admin’ Password
Enter the password to use for admin account access to the file share directory.
5.
In the Ignore Client IP Address Settings section, enter the IP address or addresses to ignore. Separate
each address with a comma. Ignoring IP addresses is useful when multiple devices could report
themselves with the same IP address, such as a proxy address.
6.
In the License Usage Warning Configurations section, select the percentage to use for the warning
threshold and critical threshold for software license usage. If you have configured software License assets,
threshold information is displayed on the license-related widgets on the Dashboard
7.
In the Data Retention section, select the options for retaining data in the KACE SMA database.
Option
Description
Retain Device
Uptime Data
The number of months that device uptime information is retained in the KACE SMA
database.
Device uptime refers to the number of hours of each day that managed devices are
running. You can retain this data for a specified number of months, Forever, or never
save it (Disabled).
Retain Metering
Data
The number of months that metering data is retained in the KACE SMA database.
Metering data is information about how applications are installed and used on the
Windows and Mac devices that you manage. Metering data that is older than the
selected number of months is deleted on the first day of every month. See About
metering information.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure Admin-level or organization-specific General Settings
70
Option
Description
Retain
Uncataloged data
in the Software
Catalog
Whether to retain information about Uncataloged applications in the KACE SMA
database.
Uncataloged applications are executables that are in the KACE SMA inventory but
that do not appear in the Software Catalog, and the KACE SMA retains information
about those applications by default. For organizations with a large number of
managed devices, however, retaining this data might greatly increase the size of the
database. This size increase could increase the time it takes to load pages in the
Administrator Console and the time it takes to perform database backups.
Select this check box to retain data for Uncataloged software in the KACE SMA
database. Clear the check box to disable data retention.
If data retention for Uncataloged software is disabled:
•
Agents on managed devices continue to upload full inventory information, and
raw data related to applications is fingerprinted. If data sharing is enabled, data
is also uploaded to the Quest KACE Software Catalog. See Configure data
sharing preferences.
•
The appliance continues to store information related to Cataloged applications
and Locally Cataloged applications in the organization database.
•
Information related to Uncataloged applications is not stored in the organization
database, and the Uncataloged applications list in the Administrator Console is
empty.
•
Reports for Cataloged applications continue to work as expected. However,
reports related to Uncataloged applications show only those applications that
are part of Cataloged software titles.
8.
In the Asset Archive section, type the number of days that you want to keep the assets marked for
archiving, before actually archiving them. The default value is 3 days.
9.
In the User Archive section, indicate if you want to enable user archival, as needed.
a.
To have the ability to archive user accounts, select the Enable User Archival check box.
NOTE: When user archival is enabled, user accounts can only be deleted only if they are marked
as archived.
b.
In the Archive Tag field, type a label that you want to associate with the state of archived users.
For example, Archived or Inactive.
c.
Indicate if you want to maintain Service Desk ticket and asset associations with archived users.
Set each of the Ticket Associations and Asset Associations fields to one of the following options:
▪
Maintain Users: Select this option if you want to continue to associate tickets or assets with
archived users. If you select this option, the configured Archive Tag appears next to the archived
user name, to indicate that the user is no longer active.
▪
Remove Users: Select this option if you want to remove all ticket or asset associations with
archived users.
For more information on how to archive user accounts, see Archive user accounts.
10. In the Device Assignment section, indicate how you want to match users with devices: One-time sync,
Continuous sync, or Disabled.
11. In the Device Actions section, click Add New Action, the select the scripted actions to enable.
Device Actions are scripted actions that can be performed on managed devices. There are several preprogrammed actions available. To add your own action, select Custom Action in the Action menu, then
enter the command in the Command Line text box.
The following variables are available for device actions:
KACE Systems Management Appliance 8.0 Administrator Guide
Configure Admin-level or organization-specific General Settings
71
KACE_HOST_IP
KACE_HOST_NAME
KACE_CUSTOM_INVENTORY_*
When device actions run, the appliance replaces variables with their appropriate values.
For KACE_CUSTOM_INVENTORY_ * replace the asterisk (*) with the name of a software application
associated with a custom inventory rule. When the device action runs, the name is replaced with the
custom inventory rule value for the device. Enter the software application name in uppercase characters.
The allowed characters are: [A-Z0-9.-]."
If you are using Internet Explorer, you can define any valid statement to perform a task on a remote device,
then assign a name to it to use the next time you want to perform that task. For example, you can enter
the statement, ping.exe –t KACEHOSTIP and name it Ping. A valid statement is a maximum of 150
characters, and the name that you assign to it must be any printable character of up to 20 characters. For
information about running Device Actions, see Run actions on devices.
NOTE: Most actions in the Action drop-down list require you to install additional applications for them
to function. For example, using DameWare requires you to install TightVNC on your device as well as
on the device you want to access.
NOTE: To run Device Actions, you must have the Administrator Console open in Internet Explorer,
because ActiveX is required to launch these programs on the local device. Other browsers do not
support ActiveX. See https://support.quest.com/kb/148787.
12. In the Patch Schedule section, if you want disable administrators to apply patches to all devices, select the
Hide All Devices check box.
NOTE: You can only apply this setting if you do not have any patch schedules set up to run against all
devices. Otherwise, a warning appears.
13. To use a custom logo in the User Console, select images in the Logo Overrides section.
NOTE: You can change the logo in the User Console only; you cannot change the logo in the
Administrator Console.
Option
Description
User Console
The logo or other graphic displayed at the top of the User Console. Follow these
guidelines for graphics:
•
224 pixels wide by 50 pixels high is the default size.
•
104 pixels wide by 50 pixels high stays inside the blue highlight around the Log
Out link.
•
300 pixels wide by 75 pixels high is the maximum size that does not impact the
layout.
To see the default login page and a customized version, see Configure appliance
General Settings with the Organization component enabled.
Report
This setting controls the logo used when generating reports for the selected
organization.
Upload a logo or other graphic to be displayed at the top of reports. The graphic must
be 201 pixels wide by 63 pixels high as specified in the auto-generated XML layout.
To use a different size, adjust the output of the XML report.
To see the default report logo and a customized version, see Configure appliance
General Settings with the Organization component enabled.
If the Organization component is enabled on your appliance, you can specify different
logos for the reports produced for each organization and for the System.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure Admin-level or organization-specific General Settings
72
Option
Description
For information about using custom logos at the System level, see Configure
appliance General Settings with the Organization component enabled.
Upload a logo or graphic to be used in pop-up messages on Agent-managed
devices. These pop-ups include snooze dialogs, installation progress messages, alert
messages, and message windows created by scripts. After you upload a graphic, it
becomes available to managed devices the next time they check in to the appliance.
Agent Alert
Graphics for pop-up messages must be in BMP format with a maximum color depth
of 256 and a size of 100 pixels wide by 38 pixels high.
To see the default alert logo and a customized version, see Configure appliance
General Settings with the Organization component enabled.
You can customize Alert message text and options as well. See Adding and editing
scripts.
14. Click Save and Restart Services.
15. If you have multiple organizations, repeat the preceding steps for each organization.
Configure appliance General Settings without the Organization
component
If the Organization component is not enabled on your appliance, all appliance General Settings are available at
the Admin level.
If the Organization component is enabled on your appliance, see Configure Admin-level or organization-specific
General Settings.
1.
Go to the Admin-level General Settings page:
a.
b.
2.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
On the left navigation bar, click Settings, then click General Settings.
In the General Options section, provide the following information:
Option
Description
Last updated
Read-only: The date the information was changed and the name of the organization.
Company Name
Enter the name of your company.
Administrator
Email
Enter the email address of the appliance administrator. System-related messages,
including critical alerts, are sent to this address.
Company Email
Suffix
Enter the domain from which your users send email. For example: example.com.
Enable mobile
device access
Enable or disable Mobile Device Access to the appliance. Mobile device access
enables you to interact with the KACE SMA appliance using the KACE GO app on
iOS and Android smart phones and tablets. Administrators can use the app to access
Service Desk, inventory, and application deployment features.
See Configuring Mobile Device Access.
Session Timeout
Set the number of inactive hours to allow before closing user sessions and requiring
users to log in again. The default is 1. The User Console and Administrator Console
have Timeout Session counters to alert users of this time limit. Only periods of
inactivity are counted. The counter restarts when the user performs any action
KACE Systems Management Appliance 8.0 Administrator Guide
Configure appliance General Settings without the Organization component
73
Option
Description
that causes the console to interact with the appliance server, such as refreshing a
window, saving changes, and changing windows. When the counter reaches the limit,
the user is logged out, unsaved changes are lost, and the login screen appears. The
Timeout Session counter appears in the upper right of each console.
3.
In the Client Drop File Size Filter section, specify a file size.
Options
Description
Client Drop File
Size Filter
A file-size filter for the organization's Client Drop location.
The Client Drop location is a storage area (Samba share) for the organization on
the KACE SMA appliance. This storage area is used to upload large files, such as
application installers and appliance backup files, to the appliance. Uploading files to
the Client Drop location is an alternative to uploading files through the Administrator
Console using the default HTTP mechanism, which can result in browser timeouts for
large files.
The Client Drop Size filter determines whether files uploaded to the organization's
Client Drop location are displayed on the Upload and Associate Client Drop File list
on the Software Detail page. For example, if the Client Drop Size filter is set to 1 GB,
the Upload and Associate Client Drop File list shows files that are 1 GB in size or
larger. Files that are less than 1 GB in size are not displayed on the list.
Application files are moved from the organization's Client Drop location to the
appropriate area when the file is selected on the Software Detail page and saved.
Appliance backup files that are placed in the Client Drop location are automatically
identified as appliance backup files, and they become available for selection on the
Backup Settings page within five minutes. See Copy files to the KACE SMA Client
Drop location.
4.
In the User Console section, specify customizations for the User Console text:
Option
Description
Title
The heading that appears on the User Console login page. The User Console
is the web-based interface that makes applications available to users on a
self-service basis. It also enables users to file Service Desk support tickets to
request help or report issues. To access the User Console, go to http://
<KACE_SMA_hostname>/user where <KACE_SMA_hostname> is the hostname of
your appliance.
Welcome Message A welcome note or description of the User Console. This text appears below the title
on the User Console login page.
5.
In the Acceptable Use Policy section, select policy settings:
Option
Description
Enabled
Enable the appliance to display your policy, and require users to accept the terms
of your policy, when they access the Administrator Console, User Console, or
Command Line Console, or log in using SSH or FTP.
Title
The heading of the policy to be displayed on the login page of the User Console.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure appliance General Settings without the Organization component
74
Option
Description
Message
Details of the policy, which are displayed below the Title on the login page. Users
must agree to the terms of the policy before they can log in to the User Console.
6.
In the Log Retention section, select the number of days to retain log information. Log entries that are older
than the selected number of days are automatically deleted from the log. See Access appliance logs to
view Microsoft Exchange Server errors.
7.
In the Share With Quest section, specify data sharing options.
NOTE: To validate the KACE SMA product license, Quest collects minimal license-related information,
such as the MAC Address of the KACE SMA appliance, the version of the KACE SMA software, the
license key, and the number of managed devices, regardless of the data sharing options selected in
this section.
Option
Description
Share summary
usage data...
(Recommended) Share summary information with Quest. This information includes
appliance status, uptime, and load averages, as well as the number of devices,
Managed Installations, and applications being managed by the appliance. This option
is recommended because it provides additional information to Quest Support if you
need assistance. In addition, data shared with Quest is used when planning product
enhancements.
Share detailed
usage data...
(Recommended) Share detailed information with Quest and share anonymous
information with ITNinja.com. This information includes Agent and appliance crash
reports, user interface usage statistics, and inventory information, such as application
titles. Quest uses this information to help improve the Software Catalog, and ITNinja
uses anonymous data to identify relevant content on http://www.itninja.com for
dynamic feeds to the KACE SMA Administrator Console.
ITNinja.com is a community website where IT professionals can share information
and research on a wide variety of systems management and deployment topics. The
ITNinja feed is a feature that dynamically displays software deployment tips and other
contextual information on relevant pages in the KACE SMA Administrator Console.
To enable the ITNinja feed, you need to select Share detailed Usage data.... This
setting shares information anonymously with ITNinja. The ITNinja feed is available
only if Share Summary Usage Data... is selected, and it is available only on pages
related to software deployment, such as the software, Managed Installation, and File
Synchronization detail pages. The feed is not available on the Software Catalog detail
page.
Clear this option to prevent the appliance from sharing inventory data with the ITNinja
community. However, clearing this option does not remove any information that has
already been shared. For more information, contact Quest Support.
8.
In the Locale Settings section, specify locale preferences. These preferences determine the formats used
for date and time information displayed in the Administrator Console.
Option
Description
Organization
Locale
The locale to use for the organization’s Administrator Console and User Console.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure appliance General Settings without the Organization component
75
Option
Description
Command Line
Console Locale
The locale to use in the Command Line Console, which uses the konfig user
account.
9.
In the Ignore Client IP Address Settings section, enter the IP address or addresses to ignore. Separate
each address with a comma. Ignoring IP addresses is useful when multiple devices could report
themselves with the same IP address, such as a proxy address.
10. In the License Usage Warning Configurations section, select the percentage to use for the warning
threshold and critical threshold for software license usage. If you have configured software License assets,
threshold information is displayed on the license-related widgets on the Dashboard.
11. In the Update Reporting User Password section, provide the password of the account required to run
reports on the organization. You cannot change the Database Name or the Report Username.
12. In the Data Retention section, select the options for retaining data on the appliance. You can retain this
data for a specified number of months, Forever, or never save it (Disabled).
Option
Description
Retain Device
Uptime Data
The amount of uptime data to save for devices. Device uptime data refers to the
number of hours of each day that your managed devices are running. You can retain
this data for a specified number of months, Forever, or never save it (Disabled).
Retain Metering
Data
The number of months that metering data is retained in the KACE SMA appliance
database.
Metering data is information about how applications are installed and used on the
Windows and Mac devices that you manage. Metering data that is older than the
selected number of months is deleted on the first day of every month. See About
metering information.
Retain
Uncataloged data
in the Software
Catalog
Whether or not to retain information about Uncataloged applications in the KACE
SMA appliance database.
Uncataloged applications are executables that are in the KACE SMA inventory but
that do not appear in the Software Catalog, and the KACE SMA retains information
about those applications by default. For organizations with a large number of
managed devices, however, retaining this data might greatly increase the size of the
database. This could increase the time it takes to load pages in the Administrator
Console and the time it takes to perform database backups.
Select this check box to retain data for Uncataloged software in the KACE SMA
database. Clear the check box to disable data retention.
If data retention for Uncataloged software is disabled:
•
Agents on managed devices continue to upload full inventory information, and
raw data related to applications is fingerprinted. If data sharing is enabled, data
is also uploaded to the Quest KACE Software Catalog. See Configure data
sharing preferences.
•
The appliance continues to store information related to Cataloged applications
and Locally Cataloged applications in the organization database.
•
Information related to Uncataloged applications is not stored in the organization
database, and the Uncataloged applications list in the Administrator Console is
empty.
•
Reports for Cataloged applications continue to work as expected. However,
reports related to Uncataloged applications show only those applications that
are part of Cataloged software titles.
13. In the Device Actions section, click Add New Action, then select the scripted actions to enable.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure appliance General Settings without the Organization component
76
Device Actions are scripted actions that can be performed on managed devices. There are several preprogrammed actions available. To add your own action, select Custom Action in the Action menu, then
enter the command in the Command Line text box.
The following variables are available for device actions:
KACE_HOST_IP
KACE_HOST_NAME
KACE_CUSTOM_INVENTORY_*
When device actions run, the appliance replaces variables with their appropriate values.
For KACE_CUSTOM_INVENTORY_ * replace the asterisk (*) with the name of a software application
associated with a custom inventory rule. When the device action runs, the name is replaced with the
custom inventory rule value for the device. Enter the software application name in uppercase characters.
The allowed characters are: [A-Z0-9.-]."
If you are using Internet Explorer, you can define any valid statement to perform a task on a remote device,
then assign a name to it to use the next time you want to perform that task. For example, you can enter
the statement, ping.exe –t KACEHOSTIP and name it Ping. A valid statement is a maximum of 150
characters, and the name that you assign to it must be any printable character of up to 20 characters. For
information about running Device Actions, see Run actions on devices.
NOTE: Most actions in the Action drop-down list require you to install additional applications for them
to function. For example, using DameWare requires you to install TightVNC on your device as well as
on the device you want to access.
NOTE: To run Device Actions, you must have the Administrator Console open in Internet Explorer,
because ActiveX is required to launch these programs on the local device. Other browsers do not
support ActiveX. See https://support.quest.com/kb/148787.
14. To use a custom logo in the User Console, select images in the Logo Overrides section.
NOTE: You can change the logo in the User Console only; you cannot change the logo in the
Administrator Console.
Option
Description
User Console
The logo or other graphic displayed at the top of the User Console. Follow these
guidelines for graphics:
•
224 pixels wide by 50 pixels high is the default size.
•
104 pixels wide by 50 pixels high stays inside the blue highlight around the Log
Out link.
•
300 pixels wide by 75 pixels high is the maximum size that does not impact the
layout.
To see the default login page and a customized version, see Configure appliance
General Settings with the Organization component enabled.
Report
This setting controls the logo used when generating reports for the selected
organization.
Upload a logo or other graphic to be displayed at the top of reports. The graphic must
be 201 pixels wide by 63 pixels high as specified in the auto-generated XML layout.
To use a different size, adjust the output of the XML report.
To see the default report logo and a customized version, see Configure appliance
General Settings with the Organization component enabled.
If the Organization component is enabled on your appliance, you can specify different
logos for the reports produced for each organization and for the System.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure appliance General Settings without the Organization component
77
Option
Description
For information about using custom logos at the System level, see Configure
appliance General Settings with the Organization component enabled.
Agent Alert
Upload a logo or graphic to be used in pop-up messages on Agent-managed
devices. These pop-ups include snooze dialogs, installation progress messages, alert
messages, and message windows created by scripts. After you upload a graphic, it
becomes available to managed devices the next time they check in to the appliance.
Graphics for pop-up messages must be in BMP format with a maximum color depth
of 256 and a size of 100 pixels wide by 38 pixels high.
To see the default alert logo and a customized version, see Configure appliance
General Settings with the Organization component enabled.
You can customize Alert message text and options as well. See Adding and editing
scripts.
15. Click Save and Restart Services.
The appliance restarts.
Configure appliance date and time settings
Configure appliance date and time settings in the Settings section of the Administrator Console. If the
Organization component is enabled on your appliance, date and time settings are available at the System level.
It is important to keep the appliance date and time settings accurate, because many calculations are based on
these settings.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Date and Time Settings.
3.
Specify the following settings:
The Date and Time Settings page appears.
Option
Description
Timezone
Select a timezone in the drop-down list.
Time Setting
Select an option:
Server
4.
•
Configure Network Time Protocol. Use an Internet time server. If you select
this option, provide the server web address in the Server field.
•
Manually configure date and time. Set the appliance clock manually. Specify
the time and date in the drop-down lists. The Hour drop-down list uses a 24hour clock format.
Use an Internet time server to set the appliance time. Enter the web address of the
time server in the text box. For example: time.example.com.
Click Save and Reboot.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure appliance date and time settings
78
The web server restarts and the settings are applied.
NOTE: During the restart, active connections might be dropped. When changes are saved, the page
automatically refreshes after 15 seconds. After the appliance web server restarts, the updated date
and time appear in the bottom right of the Administrator Console.
Verifying port settings, NTP service, and website
access
Port settings, NTP service, and website access must be configured correctly to enable features such as Agent
communications, Software Catalog updates, and patch downloads.
Verify port settings
Appliance ports must be configured correctly to enable device management and database or file access.
•
Ensure that the appropriate appliance ports are not blocked by firewall settings:
Port
Use
Direction
20 and 21
(Optional and not recommended) Used
to access backup files on the appliance
through FTP from outside the firewall.
Inbound to the appliance
22
(Recommended) Used to create an SSH
tunnel to quest.com.
Outbound from the appliance
25
(Optional) Used by the appliance SMTP
server for email (non-SSL). This is
required only if you configure SMTP
email. See Configuring SMTP email
servers.
Outbound from the appliance
80
(Required unless SSL is enabled) Used
Inbound to the appliance
for standard HTTP (web) access to the
Administrator Console and User Console.
110
(Optional) Used for POP3 email (nonSSL)
Inbound to the appliance
161
(Optional) Used for SNMP monitoring.
See Discovering devices on your
network.
Outbound from the appliance
443
(Required) Used for SSL access. Devices Inbound to the appliance
use this port when they check in to the
appliance using HTTPS.
587
(Optional) Used by the appliance SMTP
server for secure email (SSL enabled).
This is required only if you configure
secure SMTP email. See Configuring
SMTP email servers.
Outbound from the appliance
KACE Systems Management Appliance 8.0 Administrator Guide
Verify port settings
79
Port
Use
Direction
995
(Optional) Used for POP3 email (SSL
enabled).
Inbound to the appliance
3306
(Optional) Used to access the appliance
database with external tools. For
example, this port is used to run reports
on the KACE SMA database using
Microsoft Access® or Excel®.
Inbound to the appliance
52230
(Required) Used for AMP (Agent
Messaging Protocol) communications.
The appliance listens on this port for
communications from devices on which
the KACE SMA Agent is installed.
Inbound to the appliance
•
•
TIP: On a number keypad, this
port number spells out KACE+0.
Ensure that the appropriate device ports are accessible to the appliance:
Port
Use
7
(Optional) Used by the appliance for UDP traffic on the network, which is used for Wakeon-LAN. See Using Wake-on-LAN.
139
(Optional) Used during KACE SMA Agent provisioning on Windows devices.
161
(Optional) Used for SNMP monitoring. This port should be open and bound to SNMP. See
Discovering devices on your network.
445
(Optional) Used during KACE SMA Agent provisioning. See Provisioning the KACE SMA
Agent.
To use an LDAP server for authentication, ensure that the appropriate ports are accessible from the
appliance:
Port
Use
389
(Optional) Used for LDAP access.
636
(Optional) Used for secure LDAP access.
Verifying the status of the NTP service
When downloading patches using HTTPS, the NTP (Network Time Protocol) service must be running on the
KACE SMA. The NTP service is required because the secure protocol uses the current date stamps from the
appliance to ensure certificate validity.
If the NTP service is not running, patch download failures, suggesting invalid certificates, might result.
KACE Systems Management Appliance 8.0 Administrator Guide
Verifying the status of the NTP service
80
Make necessary websites accessible to the KACE SMA
To complete patch downloads, access product information, and interact with Quest Support, firewall, DNS server,
and proxy server settings must allow the KACE SMA to access domains on both port 80 and port 443.
•
Ensure that the KACE SMA Administrator Console has links to the following websites:
Website
Description
https://twitter.com/quest
Twitter®
https://www.facebook.com/questsoftware
Facebook®
http://linkedin.com/
LinkedIn®
http://my.kace.com/inKpadsubscriptioncenter
Quest KACE Inkpad
https://www.quest.com/community/b/en/p/endpoint-management
Quest KACE blog
https://kace.uservoice.com/forums/82699-k1000
Quest KACE Uservoice
Configuring network and security settings
Appliance network settings include the hostname, web server name, IP address, and other information required to
access the appliance over the network.
Change appliance network settings
You can change the appliance network settings to meet the needs of your environment any time after the initial
configuration.
For virtual and physical versions of the appliance, network settings are initially configured during the first login to
the Administrator Console or the Command Line Console. See Change appliance network settings.
For K1 as a Service, the appliance is preconfigured with a static IP address, subnet mask, and default gateway.
For configuration information, see the KACE as a Service Setup Guide. Go to https://support.quest.com/k1000-asa-service/release-notes-guides.
Changing the majority of appliance network settings requires that you reboot the appliance. Total reboot downtime
is one to two minutes, provided that the changes result in a valid configuration.
1.
TIP: Testing an external SMTP server does not require the appliance reboot. You can test the SMTP
configuration before saving your changes.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Network Settings to display the Network Settings page.
3.
On the Network Settings page, in the Appliance Network Configuration section, provide the following
information:
KACE Systems Management Appliance 8.0 Administrator Guide
Change appliance network settings
81
Option
Description
DNS Hostname
Enter the hostname of the appliance. The default is k1000.
Web Server Name
Enter the fully-qualified domain name of the appliance. This is the Hostname
concatenated with Domain. For example: k1000.example.com. Devices connect
to the appliance using this name. Quest recommends that you add a static IP
address entry for the appliance to your DNS server. If you use an SSL certificate, the
hostname must be fully qualified and it must match the name on the certificate.
Automatically
generate server
name
Select this check box to enable the system to generate the KACE SMA web server
name using this format: Hostname.Domain. For example: k1000.example.com.
Clear this check box to enter a custom web server name.
4.
In the IPv4 Configuration section, provide the following information:
Option
Description
Configure
Network Using
DHCP
Select this option if you want to use DHCP (Dynamic Host Configuration Protocol) to
automatically obtain the IPv4 address and other network configuration information for
the appliance.
Configure
Network Manually
Select this option if you want to manually specify the IPv4 address, domain, subnet
mask, default gateway, and DNS settings for the appliance:
•
IP Address: Enter the static IP address of the appliance.
5.
CAUTION: If the IP address is incorrect, you cannot access the appliance
through the web interfaces (Administrator Console and User Console). If
this happens, open the appliance Command Line Console, and use the
konfig login to enter the correct IP address.
•
Domain: Enter the domain that the appliance is on. For example,
example.com.
•
Subnet Mask: Enter the subnet (network segment) that the appliance is on.
The default is 255.255.255.0.
•
Default Gateway: Enter the network gateway for the appliance.
•
Primary DNS: Enter the IP address of the primary DNS server the appliance
uses to resolve host names.
•
Secondary DNS: (Optional) Enter the IP address of the secondary DNS server
the appliance uses to resolve host names.
In the IPv6 Configuration section, provide the following information:
Option
Description
Configure
Network Using
SLAAC
Select this option if you want to use the SLAAC (stateless address autoconfiguration), offered by IPv6, to configure the appliance's network settings.
SLAAC allows devices to select their own IPv6 addresses based on the prefix that is
advertised from their connected interface.
Configure
Network Manually
Select this option if you want to manually specify the IPv6 address, prefix length, and
default gateway for the appliance:
•
IPv6 Address: Enter the static IPv6 address of the appliance.
KACE Systems Management Appliance 8.0 Administrator Guide
Change appliance network settings
82
Option
Description
Disable IPv6
6.
CAUTION: If the IP address is incorrect, you cannot access the appliance
through the web interfaces (Administrator Console and User Console). If
this happens, open the appliance Command Line Console, and use the
konfig login to enter the correct IP address.
•
Prefix Length: Enter the number of bits in the IPv6 address prefix. An IPv6
prefix typically consists of 64 bits.
•
Default Gateway: Enter the network gateway for the appliance.
Select this option if you want to disable an IPv6 address for the appliance. This is the
default setting.
Optional: To set a proxy server, select the Enable Proxy Server in the Proxy Configuration section, then
specify proxy server settings:
Option
Description
Type
Enter the proxy type, either HTTP or SOCKS5.
Server
Enter the name of the proxy server.
Port
Enter the port for the proxy server. The default port is 8080.
Enable
Basic Proxy
Authentication
Select the check box to use the local credentials for accessing the proxy server.
Login
Enter the username for accessing the proxy server.
Password and
Enter the password for accessing the proxy server.
Confirm Password
7.
NOTE: The appliance supports proxy servers that use basic, realm-based authentication, requiring
usernames and passwords. If your proxy server uses a different kind of authentication, add the
appliance’s IP address to the proxy server’s exception list.
To use an external SMTP server, select Enable SMTP Server in the Email Configuration section, then
specify SMTP server options:
Option
Description
Server
Specify the hostname or IP address of an external SMTP server, such as
smtp.gmail.com. External SMTP servers must allow anonymous (non-authenticated)
outbound email transport. Ensure that your network policies allow the appliance to
contact the SMTP server directly. In addition, the mail server must be configured to
allow the relaying of email from the appliance without authentication. If you specify an
IP address, enclose the address in brackets. For example [10.10.10.10].
Port
Enter the port number to use for the external SMTP server. For standard SMTP, use
port 25. For secure SMTP, use port 587.
Login
Enter the username of an account that has access to the external SMTP server, such
as your_account_name@gmail.com.
KACE Systems Management Appliance 8.0 Administrator Guide
Change appliance network settings
83
Option
Description
Password and
Enter the password of the specified server account.
Confirm Password
8.
Test the SMTP configuration.
a.
Click Test Connection.
b.
In the Connection Test SMTP dialog box that appears, type the email address to which you want
to send a test email using the newly configured SMTP server, and click Send Test Email.
The Connection Test SMTP dialog box refreshes, showing the test results. status of the email
operation. If the test fails, verify your configuration, and try again.
9.
Click Save.
The appliance reboots. Total reboot downtime is one to two minutes, provided that the changes result in a
valid configuration.
10. If you changed the appliance IP address, go to the new address to display the Administrator Console login
page.
Configure local routing tables
Configure local routing tables to enable the KACE SMA to route traffic through multiple gateways on a network.
Local routing tables are useful when the physical appliance is located in one office, and managed devices are
located in a different location. For example, if the appliance is located in Texas, and managed devices are located
in California, the KACE SMA would serve devices on the Texas subnet. Using the a local routing table, the
appliance could be pointed to the network in California, so that it could host the California devices as well as the
Texas devices.
1.
2.
3.
4.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
Click Local Routing Table to display the Local Routing Table Settings page.
Click the Add button to add an entry:
.
Specify the following settings:
Option
Description
Name
Enter a name for the route.
Destination
Enter the IP address or network for the destination with which you want your KACE
SMA to communicate.
Subnet Mask or
CIDR
Enter the subnet mask of the specified network. For example: 24,
255.255.240.0. This is applied to the host.
Gateway
Enter the IP address of the router that routes traffic between the KACE SMA and the
destination network.
5.
Click Save at the end of the row to save the entry.
6.
Click Save and Reboot at the bottom of the page to save all changes.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure local routing tables
84
A warning appears indicating that the Apache™ service needs to be restarted.
7.
Click OK to continue.
Configure local web server settings and whitelist hosts
You can configure local web server settings to specify a whitelist of hosts that are allowed to access the
Administrator Console, System Administration Console, and the User Console. After you create the whitelist,
access is restricted to the hosts on the whitelist.
1.
NOTE: After an IP address or domain name is whitelisted (added to the Allow List), only that IP address or
domain has access. All others are blocked.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Access Control List to display the Access Control List Details page.
3.
Specify the following options:
Option
Description
No access
restrictions
Select this option to allow access from any web address.
Restrict access as Select this option to restrict access to web addresses on the Allow List. To whitelist IP
addresses on the appliance’s subnet in addition to the specified destinations, select
specified below
Allow all IP addresses in the same subnet as the appliance.
4.
5.
In the Allow List section, click the Add button to add an entry:
.
Specify the following options.
Option
Description
Destination
Specify the destination:
IP Address/
Domain Name
•
adminui: This is the Administrator Console, Admin level. A whitelist of users
who can log in to http://KACE_SMA_hostname/admin.
•
userui: This is the User Console. A whitelist of users who can log in to
http://KACE_SMA_hostname/user.
•
systemui: This is the System Administration Console (available only if the
Organization component is enabled on the appliance). A whitelist of users who
can log in to http://KACE_SMA_hostname/system.
Provide the address to be allowed. This can be either:
•
A domain name (full or partial)
•
An IP address (full or partial)
KACE Systems Management Appliance 8.0 Administrator Guide
Configure local web server settings and whitelist hosts
85
Option
Description
Subnet Mask/
CIDR
(Optional) Provide a subnet mask/CIDR (Classless Inter-Domain Routing) to be
allowed. This enables a finer-grained subnet control.
6.
Click Save at the end of the row to save the entry.
7.
Click Save at the bottom of the page to save all changes.
8.
Click OK to continue.
A warning appears indicating that the Apache service needs to be restarted.
NOTE: After an IP address or domain name is added to the Allow List, only that IP address or domain
can access that page. All others are blocked.
Configure security settings for the appliance
You must configure appliance security settings to enable certain capabilities such as Samba share, SSL, SNMP,
SSH, database access, and FTP access.
To enable SSL, you need to have the correct SSL private key file and a signed SSL certificate. If your private
key has a password, the appliance cannot restart automatically. If you have this issue, contact Quest Support at
https://support.quest.com/contact-support.
1.
NOTE: Saving changes to security settings reboots the appliance.
NOTE: In some cases, the Firefox® browser does not display the Administrator Console login page
correctly after you enable access to port 443 and restart the appliance. If that happens, clear the Firefox
browser cache and cookies, then try again.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Security Settings to display the Security Settings page.
3.
In the top section, specify the following settings:
Option
Description
Enable SSH
Permit SSH logins to the appliance. When SSH is enabled, SSH encrypted
communications are permitted over port 22.
Enable webserver
compression
Enable the appliance to compress web pages. This compression reduces the time it
takes to load Administrator Console and User Console pages in the browser.
Enable inventory
API access
Use API (application programming interface) commands to update inventory
information. If you want to upload device information using the API, you must enable
this setting. See Adding devices manually using the API.
API Password
The password for API (application programming interface) access to inventory
information. This password is used only for API access and it does not need to match
any other passwords.
Enable SNMP
READ access
Enable unidirectional (read-only) SNMP access to managed devices on the network.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure security settings for the appliance
86
Option
Description
SNMP Community
String
The SNMP community string that enables read-only SNMP access. The default value
is public.
Enable SNMP Trap Enable SNMP (Simple Network Management Protocol), a protocol for monitoring
managed devices on a network. SNMP is supported by Dell Open Manage and many
monitoring
third-party products. If you do not want to receive SNMP traps from network devices,
clear this option.
When you enable this feature on the appliance, and the related devices are also
enabled for monitoring, the appliance can receive SNMP traps from the monitored
network devices such as printers, projectors, and routers. This feature only applies to
network devices managed through the SNMP-managed devices, such as agentless
devices using SNMP connections.
For information on how to enable device monitoring, see Enable monitoring for one or
more devices.
SNMP traps are messages initiated by network devices and sent to the trap receiver
on the appliance. For example, a router can send a message when its power supply
fails. Or, a printer initiates a message when it runs out of paper. The appliance
receives these traps and generates alerts when certain pre-defined thresholds are
reached.
•
SNMP version 1 or 2: This version only requires a valid community string.
A community string is required to allow the appliance to receive SNMP trap
messages from monitored network devices. The appliance supports multiple
security strings. To add a community string, open the v1/v2 tab, click
the community string, and click Save.
•
, type
SNMP version 3: This version implements enhanced security and remote
configuration features and requires a valid user name and encryption
information. To add a security name, open the v3 tab, click
following information:
, and provide the
◦
Security Name: The name of the User-based Security Model (USM)
account that sends the SNMP trap.
◦
Engine ID: The ID of the SNMP application engine that sends the SNMP
trap.
◦
Authentication Password: The password associated with the Security
Name.
◦
Authentication Protocol: The protocol used for authenticating the user:
MD5 or SHA.
◦
Privacy Password: The encryption key for the data packet.
◦
Privacy Protocol: The encryption protocol: AES or DES.
◦
Security Level: Indicates the level of security:
▪
authPriv: The identity of the sender is verified and the information is
encrypted.
▪
authNoPriv: The identity of the sender is verified, but the information
is not.
▪
noAuthNoPriv: The identity of the sender is not verified and the
information is not encrypted.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure security settings for the appliance
87
Option
Description
MIB Files
Upload vendor-specific MIB (management information base) files. A MIB file allows
the trap receiver on the appliance to translate SNMP traps into human-readable
messages. These files are optional.
Enable Secure
backup files
•
To upload a MIB file, on the Security Settings page, under MIB Files, in the
Upload MIB area, click Browse, and select a MIB file.
•
A MIB file must meet certain standards. The appliance validates every MIB file
that you upload. If you upload an invalid MIB file, an error message appears
along the top of the Security Settings page. If you do not want to validate the
contents of the MIB file, select the Skip MIB validation check box.
Require username and password authentication for access to KACE SMA backup
files, which are available by entering a URL in a browser.
Clear this option to enable access to backup files through a URL without username or
password authentication. This is useful for external process that require access. See
About appliance backups.
Enable backup via Enable access to the database backup files through a read-only FTP server. This
enables you to create a process on another server to access the backup files.
FTP
If you do not need this access, clear this option.
Make FTP writable Enable the upload of backup files using FTP. FTP is useful for backup files that are
too large for the default HTTP mechanism and cause browser timeouts.
New FTP user
password
Require a password for FTP access to the backup files.
Enable mDNS
Enable the appliance to respond to multicast Domain Name System (mDNS) and
DNS Service Discovery (DNS-SD) requests. This option makes it easier for users and
administrators to locate the Administrator Console and User Console. If you do not
need the appliance to respond to these requests, clear this option.
Enable webserver
diagnostic graphs
Enable the KACE SMA to display usage information for the appliance web server,
such as Apache access and volume statistics. This information appears in graphs
in the System Performance log. If this option is cleared, the graphs are not updated.
See View appliance logs.
Enable database
access
Enable users to run reports on the KACE SMA database using an external tool,
such as Microsoft Access or Excel, over port 3306. If you do not need to expose the
database in this way, clear this option.
Enable secure
database access
(SSL)
Enable SSL access to the database and access additional SSL options.
4.
Optional: In the Appliance Encryption Key section, click Generate Key to generate a new encryption key.
This key is used to enable Quest Support to access your appliance for troubleshooting using a tether. It is
not necessary to generate a new key unless you believe that the current key has been compromised. See
Enable a tether to Quest Support.
5.
In the Single Sign On section, specify authentication settings:
The time stamp shows the time the key was generated.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure security settings for the appliance
88
Option
Description
Disabled
Prevent the KACE SMA from using single sign on. Single sign on enables users who
are logged on to the domain to access the KACE SMA Administrator Console and
User Console without having to re-enter their credentials on the KACE SMA login
page.
Active Directory
Use Active Directory for authentication. Active Directory uses the domain to
authenticate users on the network. See Using Active Directory for single sign on.
6.
In the Samba Share Settings section, specify the following settings:
Option
Description
For appliances with
the Organization
component
enabled:
Use the appliance's client share to store files, such as files used to install applications
on managed devices.
Enable
Organization File
Shares
For appliances
without the
Organization
component:
The appliance’s client share is a built-in Windows file server that can be used by
the provisioning service to assist in distributing the Samba client on your network.
Quest recommends that this file server only be enabled when you perform application
installations on managed devices.
NOTE: If the Organization component is enabled on your appliance, you can
select additional file sharing options for each organization. See Enable file
sharing at the System level.
Enable File
Sharing
Require NTLMv2
to appliance file
shares
Enable NTLMv2 authentication for the KACE SMA files shares. When this is enabled,
managed devices connecting to the KACE SMA File Shares require support for
NTLMv2 and they authenticate to the KACE SMA using NTLMv2. Although NTLMv2
is more secure than NTLM and LANMAN, non-NTLMv2 configurations are more
common and this option is usually turned off. Enabling this option disables lanman
auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are supported. If you
need NTLM v2 Level 5, consider manually provisioning the KACE SMA Agent. See
Manually deploying the KACE SMA Agent.
Require NTLMv2
to off-board file
shares
Force certain KACE SMA functions that are supported through the Samba client,
such as Agent Provisioning, to authenticate to off-board network file shares using
NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, nonNTLMv2 configurations are more common and this option is usually disabled.
Enabling this option enables the client ntlmv2 auth option for Samba client
functions.
7.
Optional: In the SSL section, specify SSL settings:
IMPORTANT: Enabling SSL is a one-way automatic shift for managed devices. Devices must be
reconfigured manually if you disable SSL.
Option
Description
Enable Port 80
access
Enable access to the appliance over port 80.
Quest recommends that you enable port 80 access because, by default, the Agent
installers contact the appliance using port 80. Agents switch to SSL over port 443
after they acquire the server configuration.
If you disable port 80 access, contact Quest Support to adjust the Agent deployment
scripts to handle SSL.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure security settings for the appliance
89
Option
Description
Enable SSL
Enable managed devices to connect to the appliance using SSL (HTTPS).
Enable this setting only after you have properly deployed the appliance on your LAN
in non-SSL mode.
To enable SSL, you need to load an SSL certificate as described in step 8.
8.
9.
To load an SSL certificate, do one of the following:
•
Click SSL Certificate Form to generate certificate requests or load self-signed certificates. See
Generate an SSL certificate.
•
If you have an SSL certificate and private key, click Browse or Choose File in the SSL Private Key
File or SSL Certificate File fields to select them. These files must be in Privacy Enhance Mail (PEM)
format, similar to those used by Apache-based web servers.
•
Select Enable Intermediate SSL Certificate to enable and upload intermediate SSL certificates,
which are signed certificates provided by certificate issuers as proxies for root certificates.
Intermediate SSL certificates must be in PEM format.
•
If your certificate is in PKCS-12 format, click Browse or Choose File in the PKCS-12 File field to
select it, then enter the password for the file in the Password for PKCS-12 file field.
In the Secure Attachments in Service Desk section, choose whether to add security for files that are
attached to Service Desk tickets:
◦
Select the check box to enable security for files attached to tickets. If you choose this option, users
can access files attached to tickets only from within the KACE SMA Administrator Console or User
Console.
◦
Clear the check box to enable users to access files by clicking ticket links from outside the
Administrator Console or User Console.
10. Click Save and Restart Services to save changes and restart the appliance.
NOTE: In some cases, the Firefox browser does not display the Administrator Console login page
correctly after you enable access to port 443 and restart the appliance. If that happens, clear the
Firefox browser cache and cookies, then try again.
Configure Active Directory as the single sign on method
Active Directory single sign on enables users who are logged on to the domain to access the KACE SMA
Administrator Console and User Console without having to re-enter their logon credentials each time.
Before you connect the KACE SMA to an Active Directory server, verify that:
•
Network and DNS settings are configured to enable the KACE SMA to access the Active Directory server.
See Change appliance network settings.
•
The time settings on the Active Directory server match the time settings on the KACE SMA. For information
on setting the time on the KACE SMA, see Configure appliance date and time settings.
1.
Go to the appliance Control Panel:
2.
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
In the Single Sign On section of the Security Settings page, select Active Directory, then provide the
following information:
KACE Systems Management Appliance 8.0 Administrator Guide
Configure Active Directory as the single sign on method
90
Option
Description
Domain
The host name of the domain of your Active Directory® server, such as example.com.
Username
The user name of the administrator account on the Active Directory server. For
example, username@example.com.
Password
The password of the administrator account on the Active Directory server.
Computer Object
Container
The name of the computer object container of the administrator account on the Active
Directory server.
Computer Object
Name
The name of the computer object container of the administrator account on the Active
Directory server.
Service Account
Container
The name of the service account container of the administrator account on the Active
Directory server.
3.
Click Join.
The appliance performs the following tests, which require read-only permission, to determine whether the
domain is configured correctly to allow the KACE SMA to join the domain:
◦
Check for supported operating system and correct operating system patches
◦
Check for sufficient disk space to install QAS
◦
Check that the hostname of the system is not 'localhost'
◦
Check if the name service is configured to use DNS
◦
Check resolv.conf for proper formatting of name service entries and that
the host can be resolved
◦
Check for a name server that has the appropriate DNS SRV records for Active
Directory
◦
Detect a writable domain controller with UDP port 389 open
◦
Detect Active Directory site if available
◦
Check if TCP port 464 is open for Kerberos kpasswd
◦
Check if UDP port 88 and TCP port 88 are open for Kerberos traffic
◦
Check if TCP port 389 is open for LDAP
◦
Check for a global catalog server and if TCP port 3268 is open for
communication with global catalog servers
◦
Check for a valid time skew against Active Directory
◦
Check for the QAS application configuration in Active Directory
◦
Check if TCP port 445 is open for Microsoft CIFS traffic
These tests do not need write access and they do not check for permission to write to any directory. In
addition, these tests do not verify username and password credentials. If the credentials are incorrect, the
KACE SMA might not be able to join the domain even if the tests are successful.
A message appears stating the results of the test. To view errors, if any, click Logs, then in the Log dropdown list, select Server Errors.
4.
Optional: Select Force Join to join the server to ignore errors and join the domain.
5.
Click Save and Restart Services.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure Active Directory as the single sign on method
91
When users are logged in to devices that are joined to the Active Directory domain, they can access the KACE
SMA User Console without having to re-enter their credentials. If users are on devices that are not joined to the
Active Directory domain, the login window appears and they can log in using a local KACE SMA user account.
See Add or edit System-level user accounts.
NOTE: To use single sign on with Internet Explorer and Firefox browsers, users must configure their
browser settings to use the appropriate authentication. See Configuring browser settings for single sign on.
Generate an SSL certificate
You can generate a self-signed SSL certificate, or generate a certificate signing request for third-party certificates,
using the Administrator Console.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Security Settings to display the Security Settings page.
3.
In the SSL section, click Enable SSL.
4.
Click SSL Certificate Form to display the SSL Certificate Form page.
Additional SSL options are displayed.
NOTE: If a certificate signing request has previously been generated, it appears on the page. To
generate a new request, you need to update the information in the Configure section, then click Save
before you click Generate Self-Signed Certificate.
5.
In the Configure section, provide the following information:
Option
Description
Company Name
The name of your company.
Organization Name
The name of your organizational unit or business group.
Common Name
The common name of the appliance you are creating the SSL certificate for.
Email
Your email address.
City Name
The name of your locality.
State or Province Name The name of your state or province.
Country Name
6.
The name of your country.
Click Save.
If this is the first time the SSL Certificate Form has been saved, the Certificate Signing Request section
appears. If the form has previously been saved, the Certificate Signing Request section is updated.
7.
Do one of the following:
•
To generate a certificate using a third-party certificate issuer:
1.
Copy all of the text in the Certificate Signing Request section, including the lines "-----BEGIN
CERTIFICATE REQUEST-----" and "-----END CERTIFICATE REQUEST-----" and
KACE Systems Management Appliance 8.0 Administrator Guide
Generate an SSL certificate
92
everything in between, then send it to the certificate issuer or the person who provides your
company with web server certificates.
2.
•
When you receive a certificate from the third party, return to the Security Settings page and upload
the certificate. See Configure security settings for the appliance.
To generate a self-signed certificate:
1.
Click Generate Self-Signed Certificate to generate and display the certificate below the Certificate
Signing Request section.
2.
Click Deploy Self-Signed Certificate, then click Yes.
3.
On the Security Settings page, click Save and Restart Services.
Self-signed certificates are converted to PEM files, named kbox.pem, and the files are placed in KACE
SMA Agent data folders.
NOTE: Your private key appears in the Private Key field. It is deployed to the appliance when you
deploy a valid certificate. Do not send the private key to anyone. It is displayed here in case you want
to deploy this certificate to another web server.
NOTE: The certificate and private key for SSL are not included in the appliance’s daily backups for
security reasons. Retain these two files for your own records.
Configuring Agent settings
Agent settings determine the port and security settings used by the KACE SMA Agent. These settings are specific
to the Agent infrastructure and do not affect other appliance configuration settings or runtime operations.
NOTE: Changing Agent settings temporarily interrupts communications between the appliance and the
Agents installed on managed devices, so use caution. For more information, contact Quest Support at
https://support.quest.com/contact-support.
About Konea
Konea is a component that enables the communication between the KACE SMA Agent, which is installed on
Agent-managed devices, and the KACE SMA.
Konea provides optimized real-time communications for systems-management operations.
Configure Agent settings
You can configure KACE SMA Agent settings on the appliance. These settings are System-level settings. If the
Organization component is enabled on the appliance, Agent settings apply to all organizations.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Agent Settings to display the Agent Settings page.
3.
Specify the following settings:
Option
Description
Enable Pre-7.0
Agent Support
Select this option if you want to enable the appliance to communicate with KACE
SMA Agents version 6.4.x and earlier.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure Agent settings
93
Option
Description
Enable SSL
(Read only) Agent SSL settings are controlled by the appliance security settings. See
Configure security settings for the appliance.
Require SSL
Configure the KACE SMA Agent to use secure connections. SSL (Secure Sockets
Layer) connections allow the Agent to establish encrypted link to ensure that all data
passed from and to the Agent remains private and integral.
Verify SSL
Certificates
IMPORTANT: After changing this setting, you must restart the Agent manually
using the AMPTools restart command, to ensure these changes are reflected
on the Client machine.
Verify SSL certificates prior to establishing a connection. An SSL certificate contains
a public key used to encrypt and information about its owner identity.
IMPORTANT: After changing this setting, you must restart the Agent manually
using the AMPTools restart command, to ensure these changes are reflected
on the Client machine.
Enable server
debug
Enable different levels of server debugging or logging to the server's log file. See
Troubleshooting appliance issues.
Compress Server
Uploads
Indicate if you want to compress the files uploaded by the appliance. This can help
the overall Agent performance.
Disable Duplicate
Device Detection
Disable the process that detects duplicate devices in the inventory. In some unique
cases, this process is too aggressive and needs to be disabled.
CAUTION: Do not select this check box unless instructed by Quest Support.
Process Timeouts
Specify the amount of time after which the Agent suspends a running process.
File Transfer
Timeout
Specify the amount of time after which the Agent suspends a file transfer process.
Read/Write
Connection
Timeout
The length of time that the messaging protocol processor waits before determining
that KACE SMA Agents have disconnected.
IMPORTANT: Do not adjust this parameter unless you have discussed the
ramifications with Quest Support.
The messaging protocol processor monitors KACE SMA Agent connections, and
it assumes that Agents are connected while it waits for responses. If Agents do
not respond within the timeout period, the processor concludes that they have
disconnected.
For appliances that have fewer than 1,500 managed devices, a 40-second timeout
would be appropriate. In environments with network limitations, or for appliances with
more than 1,500 managed devices, a timeout of 90-120 seconds might be better. The
minimum timeout is 30 seconds, and the maximum is 180 seconds.
Disable duplicate
device detection
Prevent the Agent from detecting duplicate devices. In some unique cases, this
duplicate detection is too aggressive and needs to be disabled.
IMPORTANT: Do not select this setting unless you have discussed the
ramifications with Quest Support.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure Agent settings
94
Option
Description
Connected Agents The number of KACE SMA Agents currently connected to the appliance.
4.
Click Save and Restart Services to save the settings and restart the messaging protocol processor.
5.
To restart the messaging protocol processor without saving settings, click Restart services.
NOTE: Restarting the processor does not restart the KACE SMA.
Related topics
Configure security settings for the appliance
Troubleshooting appliance issues
Optional: Configure Agent communication settings, which determine the frequency at which Agents communicate
with the appliance. See Managing Agent communications.
Configuring session timeout and auto-refresh
settings
Session timeout is a System-level setting that specifies the amount of inactive time that can pass before users
are automatically logged out of the Administrator Console or User Console. Auto-refresh settings are user-level
settings that determine the frequency with which console pages are refreshed.
Set session timeout
You can configure session timeout to meet your security requirements.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click General Settings to display the General Settings page.
3.
In the top section, configure the session timeout:
Options
Description
Session Timeout
Set the number of inactive hours to allow before closing user sessions and requiring
users to log in again. The default is 1. The User Console and Administrator Console
have Timeout Session counters to alert users of this time limit. Only periods of
inactivity are counted. The counter restarts when the user performs any action
that causes the console to interact with the appliance server, such as refreshing a
window, saving changes, and changing windows. When the counter reaches the limit,
the user is logged out, unsaved changes are lost, and the login screen appears. The
Timeout Session counter appears in the upper right of each console.
4.
Click Save and Restart Services.
KACE Systems Management Appliance 8.0 Administrator Guide
Set session timeout
95
Set auto-refresh properties
You can set auto-refresh to show the latest results on list pages, or you can turn auto-refresh off so that pages are
refreshed only when they are reloaded in the browser.
Setting the refresh frequency to 30 seconds or less is useful for pages that display status, such as the
Provisioning Results page and the Devices page. On other pages, such as the Software Catalog page, a longer
refresh rate, or turning auto refresh off, might be more appropriate, because these pages can take longer to
refresh.
Auto-refresh settings are page-specific and user-specific. The settings for each page and each user account are
separate.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Go to a page that has information to be refreshed, such as Inventory > Devices.
3.
In the Auto Refresh drop-down list, above the list to the right, select a frequency.
The Devices page appears.
The list is updated according to the selected frequency.
4.
Click the Refresh button in the top-right corner of the page to refresh the page immediately.
5.
Optional: In the Auto Refresh drop-down list, above the list to the right, select OFF to turn off auto-refresh.
Auto-refresh is disabled. Information on the page is no longer updated automatically.
Configuring locale settings
Locale settings determine the language used for text in the Command Line Console, Administrator Console,
and User Console.Locale settings determine the formats used for date and time information displayed in the
Administrator Console and User Console. All text in the interfaces is displayed in English regardless of locale
settings.
The locale options available through your license agreement. See View the KACE SMA version, model, and
license information.
How locale settings are applied
Locale settings are applied in a particular order.
When choosing the locale for text in the Command Line Console, Administrator Console, and User Console, the
appliance uses the following priority:
1.
User: If the user locale is set, use it.
2.
Organization: If the user locale is not set, use the organization setting (available only if the Organization
component is enabled on the appliance).
3.
Browser: If neither the user nor organization locales are set, use the browser setting.
4.
System (Command Line Console): If the user, organization, and browser locales are not set, use the
System setting.
5.
Default: If none of the preceding options are set, use the default locale (English).
KACE Systems Management Appliance 8.0 Administrator Guide
How locale settings are applied
96
Configure locale settings for the Administrator Console and the
Command Line Console
You can configure the locale setting for the Administrator Console at the System-level. This also controls the
locale of the Command Line Console, which is accessed through the konfig user account.
Locale settings determine the formats used for date and time information displayed in the Administrator Console.
All text in the interface is displayed in English regardless of locale settings. Locale settings also determine the
date and time formats used in email sent from the Service Desk.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click General Settings to display the General Settings page.
3.
If the Organization component is enabled on your appliance, do the following:
4.
a.
Select a locale in the Default Locale drop-down list in the top section.
b.
Click Save and Restart Services at the bottom of the page.
If the Organization component is not enabled on your appliance, do the following:
a.
In the Locale Settings section, select a locale from the Organization Locale drop-down list.
b.
In the Locale Settings section, select a locale from the Command Line Console drop-down list.
c.
Click Save and Restart Services.
The locale you selected is used for the Administrator Console and the Command Line Console.
Configure locale settings for the User Console
The KACE Systems Management Appliance (SMA) supports several locales. The Administrator Console, System
Console, and online help can be displayed in English, French, German, Japanese, Portuguese (Brazil), and
Spanish.
In addition to these languages, you can translate the User Console into other non-supported locales, such as
Afrikaans (South Africa), as needed. When you translate the User Console to a non-supported language, its help
contents appear in English, while other elements of the KACE Systems Management Appliance (SMA), such as
the Administrator Console, System Administration Console, and the associated online help, are displayed in the
selected language.
By default, the browser locale determines the language in which the User Console is displayed. When the User
Console is translated to another languages and properly configured (as described below), any users whose
browsers use that locale display the User Console in the translated language.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Localization to display the User Console Localization Settings page.
3.
Export the text strings associated with the locale from which you want to tranlate to a Gettext portable
object (PO) file, along with a portable object template (POT) for translation. For more information about
Gettext PO files, see https://www.gnu.org/software/gettext/manual/html_node/PO-Files.html.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure locale settings for the User Console
97
a.
On the User Console Localization Settings page, under Export Gettext PO (portable object) File,
click Export Locale, and select the locale from which you want to translate. The list that appears
includes all of the supported languages, as well as any languages to which you previously
translated the User Console.
b.
Click Export.
After a few moments, a ZIP file with the following contents is available for download:
◦
A PO (portable object) file contains all of the User Console text strings that exist in your selected
locale.
◦
A POT (portable object template) file contains a template file, used to generate the empty PO file
using the GetText utilities (optional).
4.
Translate the User Console text strings, as required, and create a PO file.
5.
Import the translated User Console strings.
You can use a PO file editor to translate the strings in the PO file. For more information, see:
6.
◦
GNU gettext utilities documentation: https://www.gnu.org/software/gettext/manual/html_node/
index.html
◦
GNU Web Translators Manual: https://www.gnu.org/software/trans-coord/manual/web-trans/
html_node/index.html#SEC_Contents https://www.gnu.org/software/gettext/manual/html_node/POFiles.html
◦
PO File Format: https://www.gnu.org/software/trans-coord/manual/web-trans/html_node/POEditors.html
◦
Additional information about editing PO (portable object) files with editor suggestions: https://
www.gnu.org/software/trans-coord/manual/web-trans/html_node/PO-Editors.html
a.
Under Import Gettext PO (portable object) File, click Import Locale, and select the locale you
want to associate with the PO file you are importing. This is the locale to which the User Console
is translated using the translations from the imported PO file when the browser locale matches.
b.
Under Translated PO (portable object) File, click Choose File, and navigate to the translated PO
file.
c.
Click Import.
If you want to delete any locales that you previously imported, under Delete an Uploaded Locale, click
Delete Locale, and select the locale that you want to delete. Click Delete.
Configure locale settings for organizations
If the Organization component is enabled on your appliance, you configure locale settings for each organization
separately.
Locale settings determine the formats used for date and time information displayed in the Administrator Console
and User Console. All text in the interfaces is displayed in English regardless of locale settings. Locale settings
also determine the date and time formats used in email sent from the Service Desk.
1.
2.
3.
Go to the General Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click General Settings.
If the Organization component is enabled on your appliance, do the following:
a.
In the Locale Settings section, select a locale in the Organization Locale drop-down list.
b.
Click Save and Restart Services at the bottom of the page.
c.
If you have multiple organizations, repeat the preceding steps for each organization.
If the Organization component is not enabled on your appliance, do the following:
KACE Systems Management Appliance 8.0 Administrator Guide
Configure locale settings for organizations
98
a.
In the Locale Settings section, select a locale from the Organization Locale drop-down list.
b.
In the Locale Settings section, select a locale from the Command Line Console drop-down list.
c.
Click Save and Restart Services.
The selected locale is applied. Organization users who log in to the Administrator Console and User Console see
the formats for this locale, provided that the browser settings are also set to display the locale. However, user
locale settings take precedence over organization locale settings.
Configure locale settings for users
You can configure locale settings for each user. User locale settings take precedence over organization and
System-level locale settings.
Locale settings determine the formats used for date and time information displayed in the Administrator Console
and User Console. All text in the interfaces is displayed in English regardless of locale settings.
1.
Go to the User Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Users.
c.
Click the name of a user.
2.
In the Locale drop-down list, select a locale.
3.
Click Save.
The locale you selected is used when the user logs in to the Administrator Console or User Console, provided
that the browser settings are also set to display the locale. User locale settings take precedence over the locale
settings of the user’s organization.
Configure data sharing preferences
Configure data sharing preferences at the System level. Data sharing preferences determine how much of your
KACE SMA information is shared with Quest. In addition, data sharing preferences determine whether information
from ITNinja is displayed in the Administrator Console.
To validate the KACE SMA product license, Quest collects minimal license-related information, such as the MAC
Address of the KACE SMA, the version of the KACE SMA software, the license key, and the number of managed
devices, regardless of the data sharing options selected in this section.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click General Settings to display the General Settings page.
3.
In the Share With Quest section, select from the following options:
Option
Description
Share summary
usage data...
(Recommended) Share summary information with Quest. This information includes
appliance status, uptime, and load averages, as well as the number of devices,
Managed Installations, and applications being managed by the appliance. This option
is recommended because it provides additional information to Quest Support if you
KACE Systems Management Appliance 8.0 Administrator Guide
Configure data sharing preferences
99
Option
Description
need assistance. In addition, data shared with Quest is used when planning product
enhancements.
Share detailed
usage data...
(Recommended) Share detailed information with Quest and share anonymous
information with ITNinja.com. This information includes Agent and appliance crash
reports, user interface usage statistics, and inventory information, such as application
titles. Quest uses this information to help improve the Software Catalog, and ITNinja
uses anonymous data to identify relevant content on http://www.itninja.com for
dynamic feeds to the KACE SMA Administrator Console.
ITNinja.com is a community website where IT professionals can share information
and research on a wide variety of systems management and deployment topics. The
ITNinja feed is a feature that dynamically displays software deployment tips and other
contextual information on relevant pages in the KACE SMA Administrator Console.
To enable the ITNinja feed, you need to select Share detailed Usage data.... This
setting shares information anonymously with ITNinja. The ITNinja feed is available
only if Share Summary Usage Data... is selected, and it is available only on pages
related to software or deployment, such as the software, Managed Installation, and
File Synchronization detail pages. The feed is not available on Software Catalog
detail page.
Clear this option to prevent the appliance from sharing inventory data with the ITNinja
community. However, clearing this option does not remove any information that has
already been shared. For more information, contact Quest Support.
4.
Click Save and Restart Services.
About DIACAP compliance requirements
You can configure the KACE SMA to support regulations, such as DIACAP (Department of Defense Information
Assurance Certification and Accreditation Process).
To comply with DIACAP, administrators perform the following tasks:
•
Enable the Acceptable Use Policy. See Enable or disable the Acceptable Use Policy.
•
Disable SSH and database access. See Configure security settings for the appliance.
•
Disable Samba file sharing. See Configure security settings for the appliance.
Enable or disable the Acceptable Use Policy
To comply with policies and regulations, such as DIACAP (Department of Defense Information Assurance
Certification and Accreditation Process), you can display an Acceptable Use Policy to users when they access the
Administrator Console, User Console, or Command Line Console, or log in using SSH or FTP.
KACE Systems Management Appliance 8.0 Administrator Guide
Enable or disable the Acceptable Use Policy
100
The Acceptable Use Policy is a System-level setting. If the Organization component is enabled on your appliance,
you enable or disable the Acceptable Use Policy at the System level for all organizations. You cannot enable or
disable the policy for individual organizations.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click General Settings to display the General Settings page.
3.
In the Acceptable Use Policy section, select policy settings:
Option
Description
Enabled
Enable the appliance to display your policy, and require users to accept the terms
of your policy, when they access the Administrator Console, User Console, or
Command Line Console, or log in using SSH or FTP.
Title
The heading of the policy to be displayed on the login page of the User Console.
Message
Details of the policy, which are displayed below the Title on the login page. Users
must agree to the terms of the policy before they can log in to the User Console.
4.
Click Save and Restart Services.
When users go to the Administrator Console, User Console, or Command Line Console, or log in using
SSH or FTP, they must first agree to the Acceptable Use Policy before they can log in.
NOTE: If single sign on is enabled, the login page is not displayed, so users do not see the
Acceptable Use Policy before being logged in automatically. See About single sign on (SSO).
Configuring Mobile Device Access
Mobile Device Access enables you to interact with the KACE SMA using the KACE GO app.
KACE GO is an app that enables administrators to access Service Desk tickets, inventory information, and
application deployment features from their smart phones or tablets. The app also allows non-admin users to
submit Service Desk tickets, view the status of submitted tickets, and read Knowledge Base articles from their
mobile devices. You can download KACE GO from the Apple App Store for iOS devices, or from the Google Play
store for Android devices.
NOTE: KACE GO is only available in English.
To use Mobile Device Access, you must enable mobile device access for the appliance and for the users, and
download and install KACE GO on a mobile device.
Enable Mobile Device Access for the appliance
By default, Mobile Device Access is disabled. To enable users to access the KACE SMA using the KACE GO
app, you must first enable Mobile Device Access for the appliance.
KACE Systems Management Appliance 8.0 Administrator Guide
Enable Mobile Device Access for the appliance
101
Mobile Device Access is enabled at the System level. If the Organization component is enabled on your
appliance, and you enable Mobile Device Access, the feature is enabled for all organizations.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click General Settings to display the General Settings page.
3.
In the top section, select the Enable mobile device access check box.
4.
Download the KACE GO app.
a.
Click Get Mobile App.
A dialog box appears, allowing you to download KACE GO. The app is available for iOS and
Android platforms from their respective app stores.
TIP: You can also access this dialog box from the help pane. For more information, see
Access product documentation.
b.
Click the link for your mobile device OS, as needed, to download the app.
For more information about downloading and configuring KACE GO, seeDownload and use KACE
GO.
5.
Click Save and Restart Services.
Mobile Device Access is enabled on the appliance. Before users can access the KACE SMA using the
KACE GO app, however, you must enable Mobile Device Access for their accounts. See Enable Mobile
Device Access for users.
If the Organization component is enabled on your appliance, enable Mobile Device Access for user
accounts at the Organization or Admin level. Mobile Device Access cannot be enabled or disabled for user
accounts at the System level.
Enable Mobile Device Access for users
After you enable Mobile Device Access for the appliance, you must enable access for users. If the Organization
component is enabled on your appliance, you enable access for users in each organization separately.
1.
2.
Go to the User Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Users.
c.
Click the name of a user.
Select the Mobile Device Access check box.
TIP: If the Mobile Device Access check box is not displayed, verify that Mobile Device Access is
enabled for the appliance.
3.
Click Save.
4.
To enable Mobile Device Access for multiple users:
a.
Select the check boxes for the users on the Users page.
b.
Select Choose Action > Mobile Device Access > Enable.
Mobile Device Access is enabled.
KACE Systems Management Appliance 8.0 Administrator Guide
Enable Mobile Device Access for users
102
Related topics
Enable Mobile Device Access for the appliance
The selected users can download the KACE GO app from the Apple App Store or from Google Play.
Download and use KACE GO
You can download KACE GO to your smart phone or tablet from the Apple App Store for iOS devices, or from the
Google Play store for Android devices.
1.
On your mobile device, go to the Apple App Store or Google Play, and search for KACEGO.
2.
Download and start the app.
3.
If prompted, choose whether to enable Push Notifications.
When Push Notifications are enabled, the app sends notifications for Service Desk tickets to the mobile
device. These notifications are based on the Service Desk Email on Events configuration.
4.
Provide the following information and choose initial settings:
Option
Description
KACE SMA URL
The IP address or fully qualified domain name of the appliance.
User name and Password
The username and password of an account that has Mobile Device
Access enabled.
Save Password
Enable the app to remember your password on the device. If you choose
this option, Quest requires that you create a PIN (personal identification
number) for security. KACE GO does not cache or save user data unless
you select Save Password.
Use SSL
Enable SSL communications between the device and the KACE SMA. To
use this setting, SSL must be enabled on the KACE SMA. If SSL is not
enabled on the appliance, and you select Use SSL, the login fails.
For more information, see the Help Center in the KACE GO app or go to https://quest.com/products/kacesystems-management-appliance/.
Related topics
Configure email triggers
Configure security settings for the appliance
KACE Systems Management Appliance 8.0 Administrator Guide
Download and use KACE GO
103
Disable Mobile Device Access on the appliance
To prevent all users from accessing the appliance using KACE GO, you can disable Mobile Device Access at the
appliance or System level.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click General Settings to display the General Settings page.
3.
In the top section, clear the Enable mobile device access check box.
4.
Click Save and Restart Services.
KACE GO access is disabled for all users. Users who are currently logged in to the appliance using KACE
GO are disconnected.
However, individual user settings are retained and reinstated if the feature is subsequently re-enabled on the
appliance. For example, if Mobile Device Access was enabled for an account, and you re-enable Mobile Device
Access on the appliance, Mobile Device Access is also re-enabled on the account.
Disable Mobile Device Access for users
To prevent selected users from accessing the appliance using KACE GO, you can disable Mobile Device Access
at the user level.
1.
Go to the Users list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Users.
2.
Select the check boxes next to one or more users.
3.
Select Choose Action > Mobile Device Access > Disable.
Mobile Device Access is disabled for the selected users. If the selected users are currently logged in to the
appliance using KACE GO, they are disconnected.
Enable fast switching for organizations and linked
appliances
Fast switching makes it possible to switch between interfaces without logging in to each item separately. On
appliances with the Organization component enabled, these interfaces include the Admin and System levels of
the Administrator Console the User Console, and linked K-Series appliances,
Fast switching is enabled by default on appliances without the Organization component enabled. In addition, the
link to the User Console appears by default, provided that the logged-in user has permission to access both the
Administrator Console and the User Console.
To appear in the drop-down list for fast switching, organizations must have the same admin account password;
only those organizations whose admin account passwords match appear in the list. Linked appliances have
similar requirements.
1.
Go to the General Settings page:
KACE Systems Management Appliance 8.0 Administrator Guide
Enable fast switching for organizations and linked appliances
104
2.
b.
On the left navigation bar, click Settings, then click General Settings.
NOTE: This setting is available only if the Organization component is enabled on your appliance.
Optional: Select the Require organization selection at login check box to require users to select an
organization when they log in.
4.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
Select the Show organization menu in admin header check box.
3.
a.
NOTE: This setting is available only if the Organization component is enabled on your appliance.
Click Save and Restart Services.
Changes are displayed on the login page and in the top section of the Administrator Console after you log
out and then log in again. The drop-down list shows the available options.
Related topics
Linking Quest KACE appliances
Linking Quest KACE appliances
Appliance linking enables you to log in to one Quest KACE appliance and access all linked appliances from the
Administrator Console.
Appliance linking enables you to log in to one appliance and access all linked appliances from the drop-down list
in the top-right corner of the Administrator Console, without having to log in to each appliance separately. You can
link all of the Quest KACE K-Series appliances you manage.
To link appliances you need to:
•
Enable fast switching on each KACE SMA that has the Organization component enabled. See Enable fast
switching for organizations and linked appliances.
•
Enable linking on each K-Series appliance. See Enable appliance linking.
When you enable linking, Names and Keys are created for each appliance. You then copy and paste the Names
and Keys into the Linked Appliance Detail page for each appliance.
You can access multiple Quest KACE appliances from the same Administrator Console, but you cannot transfer
resources or information among them through linking. See Importing and exporting appliance resources.
NOTE: If you have multiple Quest KACE SMA or SDA appliances, and you plan to link them, the admin
user account for each appliance must have the same password.
KACE Systems Management Appliance 8.0 Administrator Guide
Linking Quest KACE appliances
105
Enable appliance linking
You can enable appliance linking in the appliance or System-level General Settings. For KACE SDA instructions,
see the Help for that appliance.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Link Settings to display the Linked Appliance Enablement page.
3.
Select the Enable Appliance Linking check box.
4.
Provide the following information:
Option
Description
Name
A unique, logical name for this appliance. This name appears in the drop-down list
in the top-right corner of the page next to the login information when appliances are
linked.
Login Expiration
The number of minutes to keep the link open. When this time period expires, you
need to provide login credentials when switching to a linked appliance. The default is
120 minutes.
Timeout
The number of minutes the appliance waits for a remote appliance to respond to a
linking request. The default is ten seconds.
5.
Select the Enable Federation API access settings check box.
NOTE: Enabling this option allows you to configure Federation API settings for linked appliances. For
more information, see Enable access to Federation API settings.
6.
Click Save to display appliance linking information.
7.
Copy the text in the Name field and the text in the Key field and paste it in a central location, such as a
Notepad file.
8.
Repeat the preceding steps on each appliance you want to link.
When linking is enabled on all appliances, configure the links. See Add Names and Keys to appliances.
Add Names and Keys to appliances
To link Quest KACE appliances, add the appliance names and keys in the Administrator Console.
These instructions describe how to link KACE SMAs. For KACE SDA instructions, see the Help for that appliance.
KACE Systems Management Appliance 8.0 Administrator Guide
Add Names and Keys to appliances
106
Before you can link appliances, you need to enable linking on each appliance and copy the Name and Key of
each appliance to a central location. See Enable appliance linking.
1.
2.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
Click Linked Appliances to display the Linked Appliances page.
NOTE: If appliance linking is not enabled, you are redirected to the Linked Appliance Enablement
page.
3.
Select Choose Action > New to display the Linked Appliance Details page.
4.
In the Hostname field, paste the name of the appliance that you want to link.
This is the name that you copied following the instructions in Enable appliance linking.
5.
Select Disable port 80 access to use port 443 for secure communications. Communication over both port
80 and 443 are encrypted.
6.
In the Key field, paste the key of the appliance that you want to link.
This is the key that you copied following the instructions in Enable appliance linking.
7.
Click Save to display the Test Connection button.
8.
Click Test Connection to verify the connection between the two linked appliances.
9.
Log in to the second appliance and repeat the preceding steps to add the first appliance’s Name and Key to
the second appliance.
If the settings are configured correctly, the Connection Successful message appears.
10. Click Save to display the Test Connection button.
11. Click Test Connection to verify the connection between the two linked appliances.
If the settings are configured correctly, the Connection Successful message appears.
When you re-log in to the appliance, the other linked appliances appear on the drop-down list in the top-right
corner of the page next to the login information. To switch to an appliance, select its name in the drop-down list.
Enable access to Federation API settings
If your Environment uses Federated KACE SMAs, the Federation API Settings page allows you to enable API
access for linked appliances.
The following options must be selected on the Linked Appliance Enablement page:
•
Enable Appliance Linking
•
Enable Federation API access settings
For more information, see Enable appliance linking.
1.
Log in to the KACE SMA Administrator Console , http://KACE_SMA_hostname/admin, then click
Settings.
2.
On the appliance Control Panel, click Federation API Settings to display the Federation API Settings
page.
3.
On the Federation API Settings page, select the Enable access check box.
4.
In the Remote Systems area that appears, specify the level of access for each linked appliance, as
required.
a.
In the row containing the appliance whose role you want to configure, click the Role column, and select
one of the following options: Administrator, Read Only Administrator, or User Console.
KACE Systems Management Appliance 8.0 Administrator Guide
Enable access to Federation API settings
107
b.
Click Save.
5.
IMPORTANT: To enable linked reporting, you must assign the Administrator role to each linked
appliance.
Click Save to display appliance linking information.
Disable appliance linking
If Quest KACE appliances have been linked, you can disable linking as needed. After appliance linking is
disabled, you can continue to switch to, and control, other appliances until you log off.
1.
NOTE: This section explains how to disable linking on the KACE SMA. For KACE SDA instructions, see
the Help for that appliance.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Link Settings to display the Linked Appliance Enablement page.
3.
Clear the Enable Appliance Linking check box.
4.
Click Save.
Configuring history settings
You can configure (subscribe to) and view the history of changes made to settings, assets, and objects on the
KACE SMA.
About history settings
The KACE SMA enables you to configure (subscribe to) and view the history of changes to settings, assets, and
objects.
•
Settings: Tracked items include general settings as well as settings for MIA devices, patch subscriptions,
and user authentication, among others. See Managing settings history.
•
Assets: Tracked items include devices, cost centers, departments, licenses, locations, applications,
vendors, and user-created Asset Types. See Managing asset history.
•
Objects: Tracked items include alerts, labels, patch schedules, Replication Shares, reports, scripts, and
applications among others. See Managing object history.
This history includes the date the change was made, the user who was logged in when the change was made,
and the nature of the change. This information can help in troubleshooting system management issues, and you
can export this information in CSV (comma-separated value) or custom report format.
History lists are informational only. You cannot use history lists to revert to previous states or undo changes.
KACE Systems Management Appliance 8.0 Administrator Guide
About history settings
108
Managing settings history
You can configure (subscribe to) and view the history of changes made to settings. Configuration options differ,
depending on whether the Organization component is enabled on your appliance.
•
If the Organization component is not enabled: View all history lists and configuration settings under
Settings > History. For instructions, see Configure settings history subscriptions for organizations.
•
If the Organization component is enabled: View history lists and configuration settings for each
organization, and for the System level, separately. For instructions, see Configure System-level settings
history subscriptions with the Organization component enabled.
Configure settings history subscriptions for organizations
You can configure settings history subscriptions for the appliance or, if the Organization component is enabled, for
the selected organization.
1.
Go to the Settings History Configuration page:
a.
b.
c.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Settings, then click History.
In the Subscriptions section, click Settings.
The options on this page differ, depending on whether the Organization component is enabled on your
appliance. For appliances with the Organization component enabled, additional options are available
at the System level.
2.
In the drop-down list for history retention, select the length of time for changes to be retained by the
appliance and to appear in the history list. Select Forever to keep all changes. Select Disabled to erase
the existing history list and prevent the appliance from adding changes to the list.
IMPORTANT: Setting history retention to very long periods, such as several months or Forever, might
result in slower page loading for items in the Inventory section.
3.
In the Category and Field Selection section, select the check boxes next to the settings you want to track;
clear the check boxes next to the settings you do not want to track.
4.
To select fields within a setting:
a.
With the check box for a setting selected, click the Edit button next to the setting:
.
The field selection dialog appears.
b.
Choose the fields whose history you want to track, then click OK.
5.
Click Save.
6.
Optional: If you have multiple organizations, repeat the preceding steps for each organization.
Related topics
Configure System-level settings history subscriptions with the Organization component enabled
Configure System-level settings history subscriptions with the Organization
component enabled
If the Organization component is enabled on your appliance, you can configure settings history subscriptions at
the System level.
For information about organization-level history settings, see Managing settings history.
1.
Go to the Settings History Configuration page:
a.
b.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Settings, then click History.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing settings history
109
c.
On the History Panel in the Subscriptions section, click Settings.
2.
In the Category and Field Selection section, select the check boxes next to the settings you want to track;
clear the check boxes next to the settings you do not want to track.
3.
To select fields within a setting:
a.
With the check box for a setting selected, click the Edit button next to the setting:
.
The field selection dialog appears.
b.
4.
Choose the fields whose history you want to track, then click OK.
Click Save.
View settings history
If history subscriptions are configured to retain information, you can view the history of changes made to settings.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click History.
3.
In the Reporting section, click Settings to display the Settings History page.
4.
To filter the list, select Type or User in the View By drop-down list, which appears above the table on the
right.
The list is redisplayed and shows only those items that match the Type or User you selected.
Managing asset history
You can configure (subscribe to) and view the history of changes made to asset information such as devices, cost
centers, departments, licenses, locations, applications, vendors and user-created Asset Types.
Configure asset history subscriptions
You can configure asset history subscriptions for the appliance or, if the Organization component is enabled, for
the selected organization.
1.
2.
Go to the Asset History Configuration page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click History.
c.
On the History Panel in the Subscriptions section, click Assets.
In the drop-down list for history retention, select the length of time for changes to be retained by the
appliance and to appear in the history list. Select Forever to keep all changes. Select Disabled to erase
the existing history list and prevent the appliance from adding changes to the list.
IMPORTANT: Setting history retention to very long periods, such as several months or Forever, might
result in slower page loading for items in the Inventory section.
3.
In the Asset Type and Field Selection section, select the check boxes next to the Asset Types you want to
track; clear the check boxes next to the Asset Types you do not want to track.
4.
To select fields within an Asset Type:
a.
With the check box for an Asset Type selected, click the Edit button next to an Asset Type:
KACE Systems Management Appliance 8.0 Administrator Guide
Managing asset history
.
110
The field selection dialog appears.
b.
Choose the fields whose history you want to track, then click OK.
5.
Click Save.
6.
Optional: If you have multiple organizations, repeat the preceding steps for each organization.
View asset history
If history subscriptions are configured to retain information, you can view the history of changes made to assets.
1.
2.
Go to the Asset History list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click History.
c.
On the History Panel in the Reporting section, click Assets.
To filter the list, select Type or User in the View By drop-down list, which appears above the table on the
right.
The list is redisplayed and shows only those items that match the Type or User you selected.
Managing object history
You can configure (subscribe to) and view the history of changes made to objects such as labels, patch
schedules, Replication Shares, users, and other objects.
Configure object history
You can configure object history subscriptions for the appliance or, if the Organization component is enabled, for
the selected organization.
1.
2.
Go to the Object History Configuration page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click History.
c.
On the History Panel in the Subscriptions section, click Objects.
In the drop-down list for history retention, select the length of time for changes to be retained by the
appliance and to appear in the history list. Select Forever to keep all changes. Select Disabled to erase
the existing history list and prevent the appliance from adding changes to the list.
IMPORTANT: Setting history retention to very long periods, such as several months or Forever, might
result in slower page loading for items in the Inventory section.
3.
In the Object Type and Field Selection section, select the check boxes next to the object types you want to
track; clear the check boxes next to the object types you do not want to track.
4.
To select fields within an object type:
a.
With the check box for an object type selected, click the Edit button next to the object type:
.
The field selection dialog appears.
b.
Choose the fields whose history you want to track, then click OK.
5.
Click Save.
6.
Optional: If you have multiple organizations, repeat the preceding steps for each organization.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing object history
111
View object history
If history subscriptions are configured to retain information, you can view the history of changes made to objects.
1.
2.
Go to the Objects page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click History.
c.
On the History Panel in the Reporting section, click Objects.
To filter the list, select Type or User in the View By drop-down list, which appears above the table on the
right.
The list is redisplayed and shows only those items that match the Type or User you selected.
Using change history information
You can view an item’s change history, search for items in change history lists, delete history records, export
history records, and create reports from history records.
View the change history of items
You can view an item’s change history when you are viewing details about the item.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Go to the Detail page for an item. For example, click Scripting, then click the name of a script.
3.
Click the Show All History link at the top of the page.
Changes are listed. The page is empty if no changes have been made, or if change history is not enabled.
Search for items in change history lists
You can search for items in change history lists.
1.
Go to the history listing for settings, assets, or objects:
◦
View settings history
◦
View asset history
◦
View object history
2.
Click the Advanced Search tab above the list on the right to display the Advanced Search panel.
3.
Select search properties, then click Search.
The search results are displayed.
KACE Systems Management Appliance 8.0 Administrator Guide
Using change history information
112
Delete history records
You can delete history records from history lists.
1.
Go to the history list for settings, assets, or objects:
◦
View settings history
◦
View asset history
◦
View object history
2.
Select the check box next to one or more entries.
3.
Select Choose Action > Delete, then click Yes to confirm.
Export history records
You can export history records to CSV, Excel, and TSV format.
1.
2.
Go to the history list for settings, assets, or objects:
◦
View settings history
◦
View asset history
◦
View object history
Optional: To export items of a specific type, such as Addition, select the item type in the View-By dropdown list.
If you do not filter the list, all list items are exported. Selecting an item’s check box does not select the item
for export.
3.
Select Choose Action > Export > format.
Setting up and using labels to manage
groups of items
You can set up manual labels, Smart Labels, LDAP Labels, and label groups to manage groups of items, such as
devices.
About labels
Labels are containers that enable you to organize and categorize items, such as devices, so that you can manage
them as a group.
For example, you can use labels to identify devices that have the same operating system or that are in the same
geographic location. You can then initiate actions, such as distributing software or deploying patches, on all of the
devices that in that label. Labels can either be manually assigned to specific items or automatically assigned to
KACE Systems Management Appliance 8.0 Administrator Guide
About labels
113
items when they are associated with criteria, such as SQL or LDAP queries. You can apply labels to these types
of items:
•
Inventory items, such as devices, applications, processes, startup items, and services
•
Asset items, such as location, license, and vendor
•
Discovery results
•
Patches
•
Dell Update Packages
•
Users
Manual labels are applied and removed manually, whereas Smart Labels and LDAP Labels are applied and
removed automatically. See:
•
About Smart Labels
•
About LDAP Labels
About Smart Labels
Smart Labels are labels that are applied and removed automatically based on specified criteria.
For example, to track or manage laptops in a specific location, such as the San Francisco office, you could create
Smart Label named San Francisco Office based on the IP address range or subnet of devices in that location.
When devices are inventoried, the Smart Label, San Francisco Office is automatically applied to devices in the
IP address range. When devices leave the IP address range and are inventoried again, the label is automatically
removed.
Smart Labels are applied to and removed from managed devices when the appliance processes device inventory.
So if you create a Smart Label that enables metering on devices, it might take time for the Smart Label to be
applied to devices and for devices to report metering information. Metering is enabled for devices that match the
Smart Label criteria only after the appliance processes device inventory and the Smart Label is applied.
Related topics
Managing Smart Labels
About LDAP Labels
LDAP Labels are labels that interact with LDAP servers. These labels are automatically assigned to device and
user records using LDAP queries or search filters.
There are two types of LDAP Labels:
•
Device: Labels applied to device records. This is useful if you want to automatically group devices by
name, description, and other LDAP criteria. Each time a device is inventoried, this query runs against the
LDAP server. the admin value in the Search Filter field is replaced with the name of the user that is logged
in to the device. If a result is returned, the device is assigned the label specified in the Associated Label
Name field.
•
User: Labels applied to user records. This is useful if you want to automatically group users by domain,
location, budget code, or other LDAP criteria. LDAP Labels are applied to or removed from user records
when users are imported to the appliance manually or according to a schedule.
Related topics
Managing LDAP Labels
KACE Systems Management Appliance 8.0 Administrator Guide
About LDAP Labels
114
About label groups
You can organize labels by assigning them to label groups. Label groups share their types with the labels they
contain.
Not only can a label group include multiple labels, but a label can be associated with more than one label group.
Labels inherit any restrictions of the groups to which they belong.
Related topics
Add, view, or edit label groups
About organization filters
Organization filters are similar to labels, but they serve a specific purpose: Organization filters automatically
assign devices to organizations when devices are inventoried.
There are two types of organization filters:
•
Data Filters: Assigns devices to organizations automatically based on search criteria. When devices are
inventoried, they are assigned to the organization if they meet the criteria. This filter is similar to Smart
Labels in that it assigns devices to organizations automatically if they match specified criteria.
•
LDAP Filters: Assigns devices to organizations automatically based on LDAP or Active Directory
interaction. When devices are inventoried, the query runs against the LDAP server. If devices meet the
criteria, they are automatically assigned to the organization.
Related topics
Managing organization filters
Tracking changes to label settings
If History subscriptions are configured to retain information, you can view the details of the changes made to
settings, assets, and objects.
This information includes the date the change was made and the user who made the change, which can be useful
during troubleshooting.
Related topics
About history settings
Managing manual labels
You can manage labels from the Label section of the Administrator Console. Labels can also be added and
applied from list pages in other sections, such as Inventory and Security by selecting Choose Action > Add
Label.
Add or edit manual labels
You can add or edit manual labels as needed.
1.
Go to the Label Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit manual labels
115
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click Labels.
d.
Display the Label Detail page by doing one of the following:
▪
Click the name of a label.
▪
Select Choose Action > New > Manual Label.
2.
TIP: Avoid using backslashes (\) in label names. If you need to use a backslash in a label
name, add a second backslash (\\) to escape it.
Provide the following information:
Option
Description
Name
The name of the label. This name appears on the Labels list.
Description
Any additional information you want to provide.
Alternate Location (Optional) The alternate download location for Managed Installations, File
Synchronizations, and other deployments that are performed on items assigned to
this label. The location you specify replaces the string KACE_ALT_LOCATION.
CAUTION: You should not have a device in two labels that both specify a
value in this field.
Path
If you specify an alternate download location, specify the path to the location.
Login
If you specify an alternate download location, specify the username and password for
the location.
Password
Restrict Label
Usage To
(Optional) The categories of items to which the label or label group can be applied.
If you do not restrict label usage, the label or label group can be applied to any item.
However, if you restrict the label or label group to categories such as Applications
and Patches, that label or label group can be applied only to Applications and
Patches; it cannot be applied to other items, such as Devices.
Meter Software
Usage
Enable metering on devices that have the label assigned. This enables metering on
the devices only. To meter software, you need to also enable metering for individual
applications.
Allow Application
Control
Enable Application Control on devices. Software marked as Not Allowed is prevented
from running on devices to which the label is applied.
Label Group
(Optional) The label group to which the label is assigned. To assign the label to a
label group, click Edit next to the Label Group field, then select a label group. This is
useful if you have a large number of labels and you want to organize them into sublabels. For example, you could include the labels of your licensed applications in a
group label named Licenses. In addition, labels inherit any restrictions of the groups
to which they belong.
Scoped to User
Role
The user role associated with this label. When a label is associated with a user role,
the user actions are limited to only those devices, scripts, and schedules that are
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit manual labels
116
Option
Description
associated with that label. For more information about user roles, see Add or edit
User Roles.
3.
Click Save.
Related topics
Apply the Application Control label to devices
View manual label details
You can view manual label details, such as the members of a label, label usage restrictions, and alternate location
information.
1.
Go to the Label Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click Labels.
2.
To show or hide label groups, select Show Label Groups or Hide Label Groups in the Choose Action
menu.
3.
To view the members of a label, click a number in a column, such as Devices, Users, Software, and so on.
4.
To view label details, click the linked name of a label.
The Label Detail page appears.
5.
In the Labeled Items section, click the Add button next to the section headers to expand or collapse the
view:
.
Delete manual labels
Before you can delete a manual label, you must remove the label from any items to which it is applied. You
cannot delete manual labels that are applied to any items.
In addition, if a manual label contains a Smart Label or an LDAP Label, you must delete the Smart Label or LDAP
Label before you can delete the manual label. Manual labels cannot be deleted if they contain Smart Labels or
LDAP Labels.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Remove the label from any items to which it has been applied. For example, to remove the label from
devices:
a.
Click Inventory.
The Devices page appears.
b.
In the View By drop-down list, select Label > Label Name.
The Devices page shows the items to which the label is applied.
3.
c.
Select all of the items in the list.
d.
Select Choose Action > Remove Label > Label Name.
After the label has been removed from all items, click Home > Labels > Label Management.
KACE Systems Management Appliance 8.0 Administrator Guide
Delete manual labels
117
The Labels page appears.
4.
Select the check boxes next to one or more labels.
5.
Select Choose Action > Delete, then click Yes to confirm.
Managing Smart Labels
You can add Smart Labels for devices, applications on the Software page, patches, Discovery Results, and Dell
Update packages.
In version 6.4 of the KACE SMA, however, Smart Labels cannot be created for applications on the Software
Catalog page.
Add Smart Labels
You can add Smart Labels from the Labels section and from list pages where Smart Labels are used, such as the
Devices list.
1.
Go to the Label Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click Smart Labels.
d.
Select Choose Action > New > Smart Label type.
The appliance displays the Smart Label criteria for the type of label that you selected. For
example, if you select New > Software Smart Label, the software criteria are displayed. If you
select New > Device Smart Label, the Devices criteria are displayed.
2.
Specify the search criteria using the available fields.
◦
To add a row, click Add line.
◦
To add a subset of rules, select AND or OR from the operator drop-down list at the right of the Smart
Label criteria, then click Add Group.
3.
Click Test to display items that match the specified criteria.
4.
Adjust the criteria as needed until the results are what you expect.
5.
In the Choose label drop-down list, do one of the following:
6.
•
Select an existing label to associate with the Smart Label. Type in the Choose label field to search for
existing labels.
•
Enter a new name for the Smart Label in the Choose label field, then press Enter or Return.
NOTE: Press Enter or Return after you enter a new Smart Label name to move the text from the
search field to the label field.
Click Save.
Related topics
KACE Systems Management Appliance 8.0 Administrator Guide
Add Smart Labels
118
Labeling devices to group them
Using Smart Labels with Discovery Results
Example: Combine Smart Labels to identify devices
This example demonstrates how to combine three Smart Labels to identify devices running Windows XP or
Windows 7 that do not have the McAfee® VirusScan® application installed.
The following are the three Smart Labels created in this example:
•
The first Smart Label, WinXP7, is applied to devices that have Windows XP or Windows 7 operating
systems. This label has a run order of 1.
•
The second Smart Label, MissingVirusScan, is applied to devices that do not have the VirusScan
application installed. This label also has a run order of 1.
•
The third Smart Label, WinXP7MissingVirusScan, is applied to devices that have both the WinXP7 and
MissingVirusScan Smart Labels applied. This label has a run order of 2, so that it runs after the first two
labels.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Create a device Smart Label to identify the operating system:
a.
On the left navigation bar, click Inventory.
b.
Click the Smart Label tab above the list on the right.
The Smart Label panel appears.
c.
Specify the criteria required for the Windows XP operating system:
Operating System: Name | contains | Windows XP
d.
With AND selected in the operator drop-down list, click Add Line, then specify the criteria
required for the Windows 7 operating system:
Operating System: Name | contains | Windows 7
e.
3.
In the Choose label drop-down list, type a name for the label, such as WinXP7, then click Smart
Label.
Create a device Smart Label to find devices that are missing the VirusScan application:
a.
In the Smart Label panel on the Devices page, specify the criteria required to find devices that do
not have the VirusScan application installed:
Software: Software Titles | does not contain | VirusScan
b.
In the Choose label drop-down list, type a name for the label, such as MissingVirusScan, then
click Smart Label.
4.
Create a device Smart Label that uses the Smart Labels created in the preceding steps.
5.
Create a Smart Label for the application:
a.
In the Smart Label panel on the Devices page, specify the criteria to identify devices with the
WinXP7 Smart Label applied:
KACE Systems Management Appliance 8.0 Administrator Guide
Example: Combine Smart Labels to identify devices
119
Device Identity Information: Label Names | = | WinXP7
b.
With AND selected in the operator drop-down list, click Add Line, then specify the criteria to
identify devices with the MissingVirusScan Smart Label applied:
Device Identity Information: Label Names | = | MissingVirusScan
c.
6.
In the Choose label drop-down list, type a name for the label, such as WinXP7MissingVirusScan,
then click Smart Label.
Set the order in which to run the Smart Labels:
a.
On the left navigation bar, in the Home section, click Label Management.
b.
On the Label Management panel, click Smart Labels.
c.
Select Choose Action > Order Labels > Device Smart Labels.
The Order Device Smart Labels page appears.
d.
e.
f.
g.
h.
Click the Edit button at the far right in the WinXP7 label row:
.
In the Order column, type 1, then click Save.
Click the Edit button at the far right in the MissingVirusScan label:
.
In the Order column, type 1, then click Save.
Click the Edit button at the far right in the WinXP7MissingVirusScan label row:
i.
In the Order column, type 2, then click Save.
j.
Click Save at the bottom of the list.
.
The WinXP7 label and the MissingVirusScan label are set to run before the
WinXP7MissingVirusScan label. This ensures that Windows XP and 7 devices that are missing
the VirusScan application are labeled before the WinXP7MissingVirusScan label runs.
Edit Smart Labels
You can change the SQL queries used in Smart Labels as needed.
When you change the SQL query used for a software Smart Label, the Smart Label is applied to or removed
from items immediately, based on whether the items meet the new criteria. Device Smart Labels are applied to or
removed from devices when the device’s inventory information is updated.
If you manually edit the SQL of a Smart Label, you can no longer edit the label using the Smart Label template.
This is because the template cannot be used to edit custom SQL.
1.
Go to the Label Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click Smart Labels.
d.
Click the name of a Smart Label, or click the Edit button to the left of the Smart Label name.
KACE Systems Management Appliance 8.0 Administrator Guide
Edit Smart Labels
120
2.
NOTE: If the SQL of the Smart Label has been edited manually, the Edit button is not displayed.
Do any of the following:
•
Select or clear the Enable Metering check box to enable or disable metering for device Smart Labels.
•
In the Assigned Label field, select the label you want to associate with the Smart Label.
•
Click Details to go to the detail page for the assigned label.
•
If the Smart Label was created using the Smart Label template, and the SQL has not been edited
manually, click the link next to using the original editor.
•
To edit the Smart Label SQL manually, click the link next to using this editor.
CAUTION: If you manually edit the SQL of a Smart Label, you can no longer edit the label
using the Smart Label template. This is because the wizard cannot be used to edit custom
SQL.
3.
Optional: Click Duplicate to create a new Smart Label that uses the same SQL query.
4.
Click Save.
NOTE: When you click Duplicate to create a label, you can assign it to a new label only.
Setting up labels for user accounts
You can use labels to group user accounts the same way you use labels to group devices and software in the
Inventory section. In addition, you can use Smart Labels to grant levels of access to users. For example, you
could use labels to designate who can submit, accept, reject, work on, and resolve Service Desk tickets.
Additionally, any labels you create in the Inventory section can work as user labels in Service Desk, provided that
you created those labels without restrictions. If the labels were created with restrictions, you can modify them, or
create labels in the Inventory sections without restrictions.
Add an All Ticket Owners label
To give users permission to own Service Desk tickets, you can create an All Ticket Owners label that you can
apply to user accounts.
1.
Go to the Label Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click Labels.
d.
Select Choose Action > New Manual Label.
2.
TIP: Avoid using backslashes (\) in label names. If you need to use a backslash in a label
name, add a second backslash (\\) to escape it.
Provide the following information:
Option
Description
Name
The name of the label. This name appears on the Labels list.
Type a name such as All Ticket Owners.
KACE Systems Management Appliance 8.0 Administrator Guide
Setting up labels for user accounts
121
Option
Description
Description
Any additional information you want to provide.
3.
Click Save.
The new label is available in the Choose Action > Apply Label menu on the Users page. To assign the label to
Service Desk staff when you import user data, see Importing users from an LDAP server.
Using Smart Labels for patching
You can use Smart Labels to automatically group patches and devices. You can also label patches and devices
manually, but Smart Labels are usually more efficient because they are applied and removed automatically.
For example, you can create a Smart Label that matches all Windows XP server patches. Each time one of these
patches becomes available to the appliance, the label is applied to the patch. If you set up a patching schedule
to automatically detect and deploy devices with this label, the patch is automatically deployed to Windows XP
servers in inventory.
You can create a labeling scheme that organizes patches by operating system and importance, such as P (Patch)
Operating System Importance. For example:
•
P Win7
•
P Win7 Critical
•
P Win7 Important
•
P MS Office
•
P Leopard
•
P Mac10.8 Critical Test
Similarly, you create device Smart Labels to specify the devices (D), on which you want to install patches:
•
D All Desktops
•
D All Servers
•
D All Laptops
The appliance evaluates the information provided by the Agents when they check in, and it applies device Smart
Labels if the data matches the label criteria.
Patch Smart Labels are immediately applied to existing patches that meet the criteria. The label is added to new
patches that meet the criteria when they are downloaded.
Add a Smart Label for critical OS patches
You can create a Smart Label to identify critical OS (operating system) patches.
1.
2.
Go to the Patch Catalog list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Security.
c.
On the Patch Management panel, click Catalog.
Click the Smart Label tab above the list on the right.
The Smart Label panel appears.
KACE Systems Management Appliance 8.0 Administrator Guide
Using Smart Labels for patching
122
3.
Specify Smart Label criteria:
a.
Specify criteria that identify active patches:
Patch Listing Information: Status | is | Active
b.
Click Add Line, then specify criteria that identify critical patches:
AND | Patch Listing Information: Impact | is | Critical
c.
Click Add Line, then specify criteria that identify Windows patches:
AND | Patch Listing Information: Operating System | is | Windows
d.
Click Add Line, then specify criteria that identify operating system patches:
AND | Patch Listing Information: Category | is | OS
4.
Click Test to display items that match the search criteria.
5.
Adjust the criteria as needed until the results are what you expect.
6.
In the Choose label drop-down list, do one of the following:
7.
•
Select an existing label to associate with the Smart Label. Type in the Choose label field to search for
existing labels.
•
Enter a new name for the Smart Label in the Choose label field, then press Enter or Return.
NOTE: Press Enter or Return after you enter a new Smart Label name to move the text from the
search field to the label field.
Click Save.
The Smart Label is applied to existing patches that meet the criteria. The label is added to new patches that meet
the criteria when they are downloaded.
Subscribe to patches. See Subscribing to and downloading patches.
Add a Smart Label for new patches
You can create a Smart Label to quickly identify new patches that must be deployed.
1.
2.
Go to the Patch Catalog list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Security.
c.
On the Patch Management panel, click Catalog.
Click the Smart Label tab above the list on the right.
The Smart Label panel appears.
KACE Systems Management Appliance 8.0 Administrator Guide
Using Smart Labels for patching
123
3.
Specify Smart Label criteria:
a.
Specify criteria that identify patches added after a specific date:
Patch Listing Information: Release Date | > <date yyyy-mm-dd>
b.
Click Add Line, then specify criteria that identify non-critical patches:
AND | Patch Listing Information: Impact | is not | Critical
c.
Click Add Line, then specify criteria that identify active patches:
AND | Patch Listing Information: Status | is | Active
4.
Click Test.
5.
In the Choose label drop-down list, do one of the following:
All non-critical patches added after the specified date are displayed.
6.
•
Select an existing label to associate with the Smart Label. Type in the Choose label field to search for
existing labels.
•
Enter a new name for the Smart Label in the Choose label field, then press Enter or Return.
NOTE: Press Enter or Return after you enter a new Smart Label name to move the text from the
search field to the label field.
Click Save.
The Smart Label is applied to existing patches that meet the criteria. The label is added to new patches that
meet the criteria when they are downloaded.
Subscribe to patches. See Subscribing to and downloading patches.
Using Smart Labels with Discovery Results
Smart Labels can be used to automatically assign labels to Discovery Results that meet specified criteria. This
includes DNS, Socket, and SNMP results across a single subnet or multiple subnets.
Add Discovery Results Smart Labels
You can add Smart Labels for Discovery Results to group and manage results.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Select Inventory > Discovery Results to display the Discovery Results page.
3.
Click the Smart Label tab above the list on the right to display the Smart Label panel.
KACE Systems Management Appliance 8.0 Administrator Guide
Using Smart Labels with Discovery Results
124
4.
Select Smart Label criteria:
•
Select an attribute in the left-most drop-down list. For example: Device Info: Ping Test.
•
Select a condition in the middle drop-down list. For example: has.
•
Select the status attribute in the next drop-down list. For example: Failed.
5.
Click Test to display items that match the search criteria.
6.
Adjust the criteria as needed until the results are what you expect.
7.
In the Choose label drop-down list, do one of the following:
8.
•
Select an existing label to associate with the Smart Label. Type in the Choose label field to search for
existing labels.
•
Enter a new name for the Smart Label in the Choose label field, then press Enter or Return.
NOTE: Press Enter or Return after you enter a new Smart Label name to move the text from the
search field to the label field.
Click Save.
The Smart Label is automatically applied to or removed from Discovery Results that meet the specified criteria.
The next time the Discovery Schedule runs, the Smart Label is applied to discovered devices.
Changing the run order of Discovery Results Smart Labels
You can specify the order in which Smart Labels run by changing their order values.
Smart Labels have a default order value of 100, and Smart Labels with lower values run before those with higher
values. See Assign the Smart Label run order.
Adding Smart Labels for devices
You can create Smart Labels to organize devices by type, such as desktop, server, and laptop. After you create
Smart Labels for devices, you can schedule patches to be deployed to devices based on their labels.
Add a Smart Label for desktops
You can create a Smart Label to identify devices that require desktop patches.
1.
2.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
Click the Smart Label tab above the list on the right.
The Smart Label panel appears.
KACE Systems Management Appliance 8.0 Administrator Guide
Adding Smart Labels for devices
125
3.
Specify Smart Label criteria:
a.
Specify the criteria required to eliminate servers:
Operating System: Name | does not contain | Server
b.
Click Add Line, then specify the criteria required to eliminate laptops:
AND | Manufacturer and BIOS info: Chassis Type | does not contain | Laptop
Other useful criteria for identifying desktops include:
▪
System Names, if you give all of your desktops a similar name.
▪
System Models, such as all systems with XPS in the model name.
▪
IP addresses, or partial IP addresses using the contains criteria.
▪
BIOS Serial Numbers, or use the Includes partial serial number criteria. This is useful if you
have purchased desktops with sequential numbers. For more information, contact your vendor.
▪
Software Title, if desktops have a title in common.
4.
Click Test to display items that match the search criteria.
5.
In the Choose label drop-down list, do one of the following:
•
Select an existing label to associate with the Smart Label. Type in the Choose label field to search for
existing labels.
•
Enter a new name for the Smart Label in the Choose label field, then press Enter or Return.
NOTE: Press Enter or Return after you enter a new Smart Label name to move the text from the
search field to the label field.
6.
Click Save to create the Smart Label.
7.
Optional: To confirm that the new label appears on the Labels list, select Home > Labels > Smart Labels
or Label Management.
The new label appears empty at first. When devices are inventoried, the label is applied to them if they
match the Smart Label criteria.
8.
Test the Smart Label:
a.
Click Inventory to display the Devices page.
b.
Click the name of a device that matches the criteria, but to which the label has not yet been
applied.
c.
On the Device Detail page, click Force Inventory.
If the Smart Label is working correctly, the device checks in, and the label is applied to it.
Force Inventory is available only if the AMP connection to an Agent-managed device is active, or for
Agentless devices, if the device is reachable.
Add a Smart Label for servers
You can create a Smart Label to identify devices that require server patches.
1.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
KACE Systems Management Appliance 8.0 Administrator Guide
Adding Smart Labels for devices
126
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
2.
On the left navigation bar, click Inventory.
Click the Smart Label tab above the list on the right.
The Smart Label panel appears.
3.
Specify search criteria:
a.
Specify the criteria required to identify servers:
Operating System: Name | contains | Server
b.
Click Add Line, then specify the criteria required to eliminate laptops:
AND | Manufacturer and BIOS info: Chassis Type | does not contain | Laptop
Other useful criteria for identifying servers include:
▪
System Names, if you give all of your servers a similar name.
▪
IP addresses, or partial IP addresses using the contains criteria.
▪
BIOS Serial Numbers, or use the Includes partial serial number criteria. This is useful if you
have purchased servers with sequential numbers. For more information, contact your vendor.
▪
Software Title, if servers have a title in common.
4.
Click Test to display items that match the search criteria.
5.
In the Choose label drop-down list, do one of the following:
•
Select an existing label to associate with the Smart Label. Type in the Choose label field to search for
existing labels.
•
Enter a new name for the Smart Label in the Choose label field, then press Enter or Return.
NOTE: Press Enter or Return after you enter a new Smart Label name to move the text from the
search field to the label field.
6.
Click Save.
7.
Optional: To confirm that the new label appears on the Labels list, select Home > Labels > Smart Labels
or Label Management.
The new label appears empty at first. When devices are inventoried, the label is applied to them if they
match the Smart Label criteria.
8.
Test the Smart Label:
a.
Click Inventory to display the Devices page.
b.
Click the name of a device that matches the criteria, but to which the label has not yet been
applied.
c.
On the Device Detail page, click Force Inventory.
If the Smart Label is working correctly, the device checks in, and the label is applied to it.
Force Inventory is available only if the AMP connection to an Agent-managed device is active, or for
Agentless devices, if the device is reachable.
KACE Systems Management Appliance 8.0 Administrator Guide
Adding Smart Labels for devices
127
Add a Smart Label for laptops
You can create a Smart Label to identify devices that require laptop patches.
1.
2.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
Click the Smart Label tab above the list on the right.
The Smart Label panel appears.
3.
Specify search criteria:
a.
Specify the criteria required to eliminate servers:
Operating System: Name | does not contain | Server
b.
Click Add Line, then specify the criteria required to identify laptops:
AND | Manufacturer and BIOS Info: Chassis Type | contains | Laptop
Other useful criteria for identifying laptops include:
▪
System Names, if you give all of your laptops a similar name.
▪
IP addresses, or partial IP addresses using the contains criteria.
▪
BIOS Serial Numbers, or use the Includes partial serial number criteria. This is useful if you
have purchased laptops with sequential numbers. For more information, contact your vendor.
▪
Software Title, if laptops have a title in common.
4.
Click Test to display items that match the search criteria.
5.
In the Choose label drop-down list, do one of the following:
•
Select an existing label to associate with the Smart Label. Type in the Choose label field to search for
existing labels.
•
Enter a new name for the Smart Label in the Choose label field, then press Enter or Return.
NOTE: Press Enter or Return after you enter a new Smart Label name to move the text from the
search field to the label field.
6.
Click Save to create the Smart Label.
7.
Optional: To confirm that the new label appears on the Labels list, select Home > Labels > Smart Labels
or Label Management.
The new label appears empty at first. When devices are inventoried, the label is applied to them if they
match the Smart Label criteria.
8.
Test the Smart Label:
a.
Click Inventory to display the Devices page.
b.
Click the name of a device that matches the criteria, but to which the label has not yet been
applied.
c.
On the Device Detail page, click Force Inventory.
KACE Systems Management Appliance 8.0 Administrator Guide
Adding Smart Labels for devices
128
If the Smart Label is working correctly, the device checks in, and the label is applied to it.
Force Inventory is available only if the AMP connection to an Agent-managed device is active, or for
Agentless devices, if the device is reachable.
Assign the Smart Label run order
You can run Smart Labels sequentially by assigning the run order in the Smart Label properties.
Assigning the Smart Label run order can be useful when you want to run a specific Smart Label before other
Smart Labels. For example, you might have a Smart Label that identifies a set of devices. If you want to use a
second Smart Label to further refine the set of devices based on the first label being applied, you could set the run
order so that the first Smart Label runs before the second one. Smart Labels have a default order value of 100,
and Smart Labels with lower values run before those with higher values.
1.
Go to the Smart Label list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click Smart Labels.
2.
In the Choose Action menu, in the Order section, select the type of label whose run order you want to
change.
3.
To change a Smart Label’s order value:
The Order page appears, showing all Smart Labels of the selected type.
a.
b.
4.
Click the Edit button to the right of the Order column:
.
Enter an order value, then click Save.
Click Save.
Delete Smart Labels
Deleting Smart Label is useful if you need to make extensive changes to Smart Label criteria while preserving
labels used in tasks such as Managed Installations.
For example, you could delete all the criteria from a Smart Label, then re-apply new criteria to the container
label. In effect, this would create a new Smart Label using the existing container label required for Managed
Installations.
Deleting a Smart Label removes the criteria associated with the Smart Label, but it does not delete any other
labels associated with the Smart Label.
1.
Go to the Smart Label list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click Smart Labels.
2.
Select the check box next to one or more Smart Labels.
3.
Select Choose Action > Delete, then click Yes to confirm.
KACE Systems Management Appliance 8.0 Administrator Guide
Delete Smart Labels
129
Managing label groups
You manage label groups in the Labels section.
Add, view, or edit label groups
You can add, view, and edit label groups as needed.
1.
2.
Go to the Label Group Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click Labels.
d.
Display the Label Group Detail page by doing one of the following:
▪
Click the name of a label group
▪
Select Choose Action > New Label Group
Provide the following information:
Option
Description
Name
The name of the label group.
Description
Any additional information you want to provide.
Restrict Label
Group Usage To
(Optional) The categories of items to which the label or label group can be applied.
If you do not restrict label usage, the label or label group can be applied to any item.
However, if you restrict the label or label group to categories such as Applications
and Patches, that label or label group can be applied only to Applications and
Patches; it cannot be applied to other items, such as Devices.
Meter Software
Usage
Select or clear this check box to enable or disable metering for Device labels.
Allow Application
Control
Enable Application Control on devices. Software marked as Not Allowed is prevented
from running on devices to which the label is applied.
Label Group
(Optional) The label group to which the label is assigned. To assign the label to a
label group, click Edit next to the Label Group field, then select a label group. This is
useful if you have a large number of labels and you want to organize them into sublabels. For example, you could include the labels of your licensed applications in a
group label named Licenses. In addition, labels inherit any restrictions of the groups
to which they belong.
3.
Click Save.
Related topics
Apply the Application Control label to devices
KACE Systems Management Appliance 8.0 Administrator Guide
Add, view, or edit label groups
130
Assign labels to or remove labels from label groups
Labels can be assigned to groups, and they can be associated with more than one label group. Labels inherit the
restrictions of the groups to which they belong.
1.
Go to the Labels list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click Labels.
2.
Select the check boxes next to the labels you want to assign to a group.
3.
Select Choose Action > Apply Label Groups, then select the label group to which you want to assign the
label.
Apply Label Groups appears only if you have label groups on your appliance.
The name of the label group appears next to the name of the label or labels you selected.
4.
Select the check box next to the labels you want to remove from a group.
5.
Select Choose Action > Remove Label Groups, then select the label group from which you want to
remove the labels.
Remove Label Groups appears only if you have label groups on your appliance.
The name of the label group no longer appears next to the name of the label or labels you selected.
Delete label groups
You can delete label groups only if they do not contain any labels or subgroups.
If a label group contains labels or subgroups, you must remove them from the label group before you can delete
the group.
1.
2.
Go to the Labels list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click Labels.
If the label group does not contain any labels or subgroups:
a.
Select the check box next to the group’s name
b.
Select Choose Action > Delete, then click Yes to confirm.
The label group is removed.
3.
If the group contains labels or subgroups:
a.
Click the name of the label group to display the Label Group Detail page.
b.
In the Labeled Items section toward the bottom of the page, click the Add button to expand the
Labels section:
.
c.
Click the name of a label or label group to display the detail page for that label or label group.
d.
In the Label Group field, click Edit.
e.
In the Assign to Label Group window, click the Delete button next to the label you want to
remove:
.
KACE Systems Management Appliance 8.0 Administrator Guide
Delete label groups
131
f.
Click OK, then click Save.
g.
When you have removed all labels and subgroups from the label group, select the check box next
to the label group’s name on the Labels page.
h.
Select Choose Action > Delete, then click Yes to confirm.
Managing LDAP Labels
You manage LDAP Labels in the Labels section.
Add or edit LDAP Labels
You can add and edit LDAP Labels as needed. Be sure to test LDAP Labels before you enable them.
1.
2.
Go to the LDAP Label Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click LDAP Labels.
d.
Display the LDAP Label Detail page by doing one of the following:
▪
Click the name of an LDAP label.
▪
Select Choose Action > New.
Provide the following information:
Option
Description
Enabled
Enable the appliance to run the LDAP Label.
Type
NOTE: Select the Enabled check box only after you have tested the LDAP
Label to verify that the LDAP criteria is correct and labels are applied as
expected.
The LDAP Label type. There are two types of LDAP Labels:
•
Device: Labels applied to device records. This is useful if you want to
automatically group devices by name, description, and other LDAP criteria.
When devices are inventoried, this query runs against the LDAP server to
determine whether any devices contain LDAP attributes with values that
correspond to the LDAP search filter criteria. If a result is returned, the device
is assigned the label specified in the Associated Label Name field.
You must include at least one KACE SMA variable, such as
KBOX_COMPUTER_NAME, in device labels for the LDAP label to be applied to
a device. During LDAP label processing, the variable is used to compare an
attribute's value in the LDAP directory to determine whether relationships exists
between the LDAP object and a KACE SMA object. See LDAP variables.
•
User: Labels applied to user records. This is useful if you want to automatically
group users by domain, location, budget code, or other LDAP criteria. LDAP
Labels are applied to or removed from user records when users are imported
to the appliance manually or according to a schedule. You can use user
variables, such as KBOX_USER_NAME, in user labels. During LDAP label
processing, the variable is used to compare an attribute's value in the LDAP
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit LDAP Labels
132
Option
Description
directory to determine whether relationships exists between the LDAP object
and a KACE SMA object. See LDAP variables.
TIP: To test a label, replace the KBOX_ variables with the appropriate
values for your environment, then select Test.
Associated Label
The manual label, or container label, to associate with this LDAP Label. Each LDAP
Label must have an associated label.
Associated Label
Description
Notes from the label selected in the Associated Label Name field.
Server
The IP address or the hostname of the LDAP server. If the IP address is not valid, the
appliance waits to timeout, resulting in login delays during LDAP authentication.
NOTE: To connect through SSL, use an IP address or hostname. For
example: ldaps://hostname.
If you have a non-standard SSL certificate installed on your LDAP server, such as
an internally-signed certificate or a chain certificate that is not from a major certificate
provider such as VeriSign®, contact Quest Support at https://support.quest.com/
contact-support for assistance.
Port
The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).
Base DN
The criteria used to search for accounts.
This criteria specifies a location or container in the LDAP or Active Directory
structure, and the criteria should include all the users that you want to authenticate.
Enter the most specific combination of OUs, DCs, or CNs that match your criteria,
ranging from left (most specific) to right (most general). For example, this path leads
to the container with users that you need to authenticate:
OU=end_users,
DC=company,DC=com.
Advanced Search
The search filter. For example:
(&(sAMAccountName=KBOX_USERNAME)
(memberOf=CN=financial,DC=example,DC=com))
Login
The credentials of the account the KACE SMA uses to log in to the LDAP server to
read accounts. For example:
LDAP Login:CN=service_account,CN=Users,DC=company,DC=com.
If no username is provided, an anonymous bind is attempted. Each LDAP Label can
connect to a different LDAP or Active Directory server.
Password
The password of the account the KACE SMA uses to log in to the LDAP server.
Label Attribute
For User-type labels: Enter a label attribute, such as: memberOf.
This setting returns a list of groups this user is a member of. The union of all the label
attributes forms the list of labels you can import. If the search filter contains both the
label names and user names, the label attribute is not required.
Label Prefix
For User-type labels only: Enter the label prefix. For example: ldap_
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit LDAP Labels
133
Option
Description
The label prefix is a string that is added to the beginning of all the labels.
If you are unsure of the Base DN and Advanced Search information, use the LDAP Browser. See Use the
LDAP Browser.
NOTE: Negative search filters are formatted as follows: (!(sAMAccountName=David)). Any other
format using negatives will result in an error.
3.
Click the Test button to test the new label. Change the label parameters and test again as needed.
4.
If the LDAP Label is ready to use, select the Enabled check box. Otherwise, save the label without enabling
it.
5.
Click Save.
Related topics
Use the LDAP Browser
Enable LDAP Labels
After you have added and tested an LDAP Label, you can enable it. Device LDAP Labels that are enabled run
against the LDAP server when devices check in to the appliance. User LDAP Labels that are enabled run against
the LDAP server when users are imported manually or imported according to a schedule.
Add and test an LDAP Label. See Add or edit LDAP Labels.
1.
Go to the LDAP Label Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click LDAP Labels.
d.
Click the name of an LDAP label.
2.
Select the Enabled check box.
3.
Click Save.
Delete LDAP Labels
Deleting an LDAP Label removes the criteria associated with the LDAP Label, but it does not delete any other
labels associated with the LDAP Label.
1.
Go to the LDAP Label Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click LDAP Labels.
2.
Select the check box next to one or more LDAP Labels.
3.
Select Choose Action > Delete, then click Yes to confirm.
KACE Systems Management Appliance 8.0 Administrator Guide
Delete LDAP Labels
134
Use the LDAP Browser
The LDAP Browser enables you to browse and search data located on an LDAP server, such as an Active
Directory server.
To use the LDAP Browser, you must have the Bind DN and the LDAP password to log on to the LDAP server.
The LDAP Browser can be useful when you need to enter information in the Search Base DN and the Search
Filter fields for LDAP queries.
1.
2.
Go to the LDAP Browser:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, in the Home section, click Label Management.
c.
On the Label Management panel, click LDAP Browser.
Specify LDAP Server settings:
Option
Description
IP Address or
Hostname
The IP address or the hostname of the LDAP server. If the IP address is not valid, the
appliance waits to timeout, resulting in login delays during LDAP authentication.
NOTE: To connect through SSL, use an IP address or hostname. For
example: ldaps://hostname.
If you have a non-standard SSL certificate installed on your LDAP server, such as
an internally-signed certificate or a chain certificate that is not from a major certificate
provider such as VeriSign, contact Quest Support at https://support.quest.com/
contact-support for assistance.
Port
The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).
Login
The credentials of the account the KACE SMA uses to log in to the LDAP server to
read accounts. For example:
LDAP Login:CN=service_account,CN=Users,
DC=company,DC=com.
If no username is provided, an anonymous bind is attempted. Each LDAP Label can
connect to a different LDAP or Active Directory server.
Password
3.
The password of the account the KACE SMA uses to log in to the LDAP server.
Click Test.
Upon successful connection to the LDAP server, the Next button becomes active.
If the operation fails, verify the following:
4.
◦
The IP address or hostname is correct.
◦
The LDAP server is running.
◦
The login credentials are correct.
Click Next.
The Narrow the Search window appears.
5.
Enter a search filter to limit the number of results displayed at the bottom of the screen.
KACE Systems Management Appliance 8.0 Administrator Guide
Use the LDAP Browser
135
Option
Description
LDAP EasySearch
Type a string that you want to search for.
Search on
Indicate if you want to search for indexed or non-indexed fields by
selecting the appropriate option, as required.
Other attributes
Type a comma-separated list of Active Directory fields that you want to
search for.
6.
NOTE: The search does not check if the specified fields actually
exist in the Active Directory.
Click Go.
The search results appear at the bottom of the screen, on the left panel.
7.
Click a child node to view its attributes.
The attributes appear in the right panel.
Configuring user accounts, LDAP
authentication, and SSO
You can configure and manage user accounts, authenticate users with LDAP information, and enable single sign
on (SSO) for users.
About user accounts and user authentication
User accounts can be created and managed on the appliance. Users who access the Administrator Console and
User Console using these accounts are referred to as locally authenticated.
As an alternative to local authentication, you can set up external authentication through an external LDAP server.
See Using an LDAP server for user authentication.
Types of locally authenticated user accounts include:
•
System-level user accounts. Accounts that enable users to log in to the System Administration Console
to manage appliance settings, such as the appliance host name and network settings. System-level user
accounts include the default admin account for the appliance. These accounts also enable access to
organization-level components (admiui) and the User Console. See Managing System-level user accounts.
•
Organization user accounts. Accounts that enable users to log in to the Administrator Console
Organization level (Administrator Console ) to manage organization-specific components. These
components may include Inventory, Assets, Distribution, Scripting, Security, Service Desk, and User
Console depending on the user's role. See Managing organization user accounts.
About locale settings
Locale settings determine the language used for text in the interfaces. You can select locale settings for the
Command Line Console, Administrator Console, and User Console.
See Configuring locale settings.
KACE Systems Management Appliance 8.0 Administrator Guide
About locale settings
136
Managing System-level user accounts
System-level user accounts enable users to log in to the System Administration Console to manage appliance
settings, such as the appliance host name and network settings. System-level user accounts authenticate users
locally on the appliance.
To use an LDAP server for user authentication, see Using an LDAP server for user authentication.
NOTE: You cannot change the username of the default admin account, and you cannot delete the
account. However, you can change the password of the admin account. See Add or edit System-level user
accounts.
NOTE: In addition, if the Organization component is enabled on your appliance, or if you want to link
multiple K-Series appliances, use caution when changing the password of the admin account. The admin
account passwords on all linked appliances and organizations must be the same if you want to switch
among them using the drop-down list in the top-right corner of the Administrator Console. The drop-down
list shows only those appliances and organizations whose admin account passwords are the same.
NOTE: See Enable fast switching for organizations and linked appliances.
Add or edit System-level user accounts
You can add or edit System-level user accounts as needed. These accounts enable users to log in to the System
Administration Console to manage appliance settings.
If the Organization component is enabled on your appliance, you can also add or edit organization-specific user
accounts. See Managing organization user accounts.
NOTE: You cannot change the username of the default admin account, and you cannot delete the
account. However, you can change the password of the admin account. See Add or edit System-level user
accounts.
NOTE: In addition, if the Organization component is enabled on your appliance, or if you want to link
multiple K-Series appliances, use caution when changing the password of the admin account. The admin
account passwords on all linked appliances and organizations must be the same if you want to switch
among them using the drop-down list in the top-right corner of the Administrator Console. The drop-down
list shows only those appliances and organizations whose admin account passwords are the same.
NOTE: See Enable fast switching for organizations and linked appliances.
1.
Go to the Administrator Detail page:
a.
b.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Settings, then click Administrators.
c.
Display the Administrator Detail page by doing one of the following:
▪
Click the name of an administrator
▪
Select Choose Action > New.
Enter or change the user information.
Option
Description
Login
(Required) The name the user types in the Login ID field on the login page.
You cannot change the login of the default admin account.
Full Name
The user’s full name.
Email
The user’s email address.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit System-level user accounts
137
Option
Description
Domain
The Active Directory domain associated with the user.
Budget Code
The code of the financial department associated with the user.
Location
The name of the work site or building where the user is located.
Work Phone,
The user’s telephone numbers.
Home Phone,
Mobile Phone, and
Pager Number
Custom 1-4
Any additional information about the user or the user’s account.
Password and
(Required) The password the user types when logging in.
Confirm Password If the Organization component is enabled on your appliance, or if you want to link
multiple K-Series appliances, use caution when changing the password of the admin
account. Admin account passwords for the System-level, for organizations, and for
linked appliances must be the same if you want to switch among them using the dropdown list in the top-right corner of the Administrator Console. The drop-down list
shows only those organizations and appliances whose admin account passwords are
the same.
Role
(Required) Roles are assigned to user accounts to control access to the Administrator
Console and User Console. Default administrator roles include:
•
Administrator: This user can log in to and access all features in the
Administrator Console.
•
Read Only Administrator: This user can log in but cannot modify any settings
in the Administrator Console.
You cannot change the role of the default admin account.
Make default
Select this option if you want the selected role to become the default role for new
users.
Locale
The locale to use for the Administrator Console and User Console for the user. You
cannot change the locale of the default admin account.
Enable KACE
Security
Notifications
Enable Quest to send security notifications to the email address of this administrator.
This feature is available only to System-level administrator accounts. It is not
available to Admin-level administrator accounts, or non-administrator user accounts.
Enable KACE
Sales and
Marketing
Notifications
Enable Quest to send sales and marketing notifications to the email address of this
administrator. This feature is available only to System-level administrator accounts;
it is not available to Admin-level administrator accounts, or non-administrator user
accounts.
3.
Click Save.
Manage appliance administrator email notifications
Quest notifies appliance administrators of security issues and sales and marketing opportunities using email. You
can enable or disable the email notifications for System-level (appliance) administrator accounts.
KACE Systems Management Appliance 8.0 Administrator Guide
Manage appliance administrator email notifications
138
Email notifications are available only to appliance administrator accounts. Notifications are not available to nonadministrator users. If the Organization component is enabled on your appliance, notifications are not available to
Admin-level administrator accounts in organizations.
1.
Go to the User Detail page or the Administrator Detail page:
To go the User Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Users.
c.
Display the User Detail page by doing one of the following:
▪
Click the name of a user.
▪
Select Choose Action > New.
To go the Administrator Detail page:
a.
b.
2.
On the left navigation bar, click Settings, then click Administrators.
c.
Display the Administrator Detail page by doing one of the following:
▪
Click the name of an administrator
▪
Select Choose Action > New.
Verify the user information, email address, and role.
3.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
NOTE: To enable notifications, the user must have an appliance administrator role.
At the bottom of the form, select or clear the check boxes next to the notification fields to enable or disable
email notifications for the administrator.
Option
Description
Enable KACE
Security
Notifications
Enable Quest to send security notifications to the
email address of this administrator. This feature
is available only to System-level administrator
accounts. It is not available to Admin-level
administrator accounts, or non-administrator user
accounts.
Enable KACE
Sales and
Marketing
Notifications
Enable Quest to send sales and marketing
notifications to the email address of this
administrator. This feature is available only to
System-level administrator accounts; it is not
available to Admin-level administrator accounts, or
non-administrator user accounts.
4.
Click Save.
Delete System-level user accounts
If the Organization component is enabled on your appliance, you can delete user accounts at the System level.
This option is available only if the Organization component is enabled on the appliance.
If the Organization component is not enabled on your appliance, follow the instructions in Managing organization
user accounts.
KACE Systems Management Appliance 8.0 Administrator Guide
Delete System-level user accounts
139
1.
NOTE: You cannot delete the default admin account.
Go to the Administrators list:
a.
b.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Settings, then click Administrators.
2.
Select the check box next to one or more accounts.
3.
Select Choose Action > Delete, then click Yes to confirm.
Managing organization user accounts
Organization user accounts provide the credentials that enable users to log in to the Administrator Console or
User Console and access components based on the user role assigned to their account. You can add or edit user
roles and user accounts as needed.
Organization user accounts authenticate users locally on the appliance. To use an LDAP server for user
authentication, see Using an LDAP server for user authentication.
Add or edit User Roles
User Roles are assigned to user accounts to control access to the Administrator Console and User Console. You
can add or edit User Roles as needed.
However, you cannot edit the predefined roles: Administrator, No Access, Read Only Administrator, and User.
If the Organization component is enabled on your appliance, the permissions available to User Roles depends on
the Organization Role assigned to the organization. See Managing Organization Roles and User Roles.
1.
2.
Go to the Role Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Roles.
c.
Display the Role Detail page by doing one of the following:
▪
Click the name of a role.
▪
Select Choose Action > New.
In the Name field, provide a name, such as Service Desk Staff.
You cannot change the name of the predefined roles.
3.
If you want this role to be a default role for new roles, select the Default role for new users check box.
4.
In the Description field, provide a brief description of the role, such as Used for Service Desk
Administrators.
This description appears on the Roles list. You cannot change the description of predefined roles.
5.
6.
7.
Set the Administrator Console permissions.
a.
Under Administrator Console Permissions, click the Expand All.
b.
Set the permissions for each component, as applicable.
Set the User Console permissions.
a.
Under End User Console Permissions, click User Console to expand the list of permissions.
b.
Set the permissions for each component, as applicable.
Under Device Scope, specify the devices to which you want to grant full access with this role.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit User Roles
140
Role-based user access allows administrators to restrict actions to users based on the devices associated
with their user role. You can grant access to all devices with a user with a specific role (a scoped user), or
only to selected devices that are associated with a label.
8.
TIP: Labels are containers that enable you to organize and categorize items, such as devices, so
that you can manage them as a group. For more information about labels, see About labels.
TIP: When a Smart Label is associated with a role, this is indicated on the Smart Labels list, in
the Name column.
◦
To grant access to all devices in the appliance or organization (as applicable), select All Devices.
◦
To grant access only to devices associated with a specific label, click Manage Associated Labels,
and select a label, as required.
Click Save.
The Roles page appears. When a user who is assigned to the role logs in, the appliance component bar shows
the available features.
Delete User Roles
You can delete User Roles provided that they are not assigned to any users and that they are not predefined User
Roles. If the Organization component is enabled on your appliance, you delete User Roles for each organization
separately.
1.
NOTE: You cannot delete User Roles that are associated with one or more labels.
Go to the Roles list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Roles.
2.
Select the check box next to one or more roles.
3.
Select Choose Action > Delete, then click Yes to confirm.
Add or edit organization user accounts
You can add or edit user accounts at the organization level. If the Organization component is enabled on your
appliance, you add and edit users accounts for each organization separately.
1.
2.
Go to the User Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Users.
c.
Display the User Detail page by doing one of the following:
▪
Click the name of a user.
▪
Select Choose Action > New.
NOTE: There can be a maximum of 50 organization in your system. Any attempts to create more
organizations result in an error message.
Add or edit the following information:
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit organization user accounts
141
Option
Description
Login
(Required) The name the user types in the Login ID field on the login page.
You cannot change the login of the default admin account.
Name
The user’s full name.
Primary Email
The user’s primary email address.
Additional Emails
One or more additional emails the user has access to. Separate multiple entries with
commas.
Domain
The Active Directory domain associated with the user.
Budget Code
The code of the financial department associated with the user.
Location
The name of the work site or building where the user is located. Click and select a
location from the drop-down list that appears.
Work Phone,
The user’s telephone numbers.
Home Phone,
Mobile Phone, and
Pager Number
Custom 1-4
Any additional information about the user or the user’s account.
Password and
(Required) The password the user types when logging in.
Confirm Password
Role
(Required) The role associated with the user. Roles are assigned to user accounts to
control access to the Administrator Console and User Console. Default system roles
include:
•
Administrator: This user can log in to and access all features in the
Administrator Console.
•
Read Only Administrator: This user can log in but cannot modify any settings
in the Administrator Console.
•
Administrator Console only: This user can log in to the Administrator
Console only.
•
No Access: The user cannot log in to the Administrator Console or the User
Console.
You cannot change the role of the default admin account.
Locale
The locale that is displayed when the user logs in to the Administrator Console or the
User Console.
Assign To Label
The label associated with the user.
Default Queue
The queue used as the default for Service Desk tickets submitted by the user.
Mobile Device
Access
Enable or disable Mobile Device Access for the user. Mobile device access enables
you to interact with the KACE SMA using the KACE GO app on iOS and Android
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit organization user accounts
142
Option
Description
smart phones and tablets. Administrators can use the app to access Service Desk,
inventory, and application deployment features.
NOTE: This field is available when mobile device access is enabled on the
appliance. See Configuring Mobile Device Access.
Service Desk
Tickets
(Read only) Links to tickets created by the user.
Associated
Assets
(Read only) Assets assigned to the user. For each user, the list shows the asset
name, its type (for example, Software or Device), and the asset subtype (if
applicable). You can sort the list by any column heading, as needed.
Assigned Devices
Devices assigned to the user. For each user, the list shows the device name, its
subtype (if applicable), and an indication of whether a device is a primary user's
device. You can sort the list by any column heading, as needed.
To assign a device to a user, click
, and select an asset. If you choose a device
that is already assigned to another user, the ownership of that device shifts to this
user.
The first device assigned to the user becomes the primary device by default. When
multiple devices are assigned to a user, any device can be set as a primary device.
3.
Click Save.
Related topics
Add or edit User Roles
Configuring locale settings
About labels
Configuring Mobile Device Access
Customize user details
You can modify the custom fields available in user accounts as needed.
Every user account comes with a set of custom fields. You can edit these fields so that they can contain
meaningful user-specific information, such as their badge number.
1.
Go to the User Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Users.
c.
Select Choose Action > New to display the User Detail page.
2.
On the User Detail page, click Customize Additional Fields.
3.
For each custom field, you can specify the following information:
The User Custom Fields page appears.
Option
Description
Field Name
The name of the custom field.
KACE Systems Management Appliance 8.0 Administrator Guide
Customize user details
143
Option
Description
Required
An indicator of whether the field is required.
Default Value
The default value.
4.
Manage the collection of custom fields, as needed, using the available controls.
5.
Click Save.
Archive user accounts
When users are removed from your system, you have an option to archive their accounts prior to deleting them.
In order to archive user accounts, user archival must be enabled on the General Settings page. For more
information, see Configure Admin-level or organization-specific General Settings.
Archived user accounts are maintained on the appliance in read-only mode. You can delete them, as needed.
If you archive a user account, and add it to appliance again, a new user account is created, while the archived
account is maintained until being removed. For example, if an employee leaves the organization and its user
account becomes archived, if they join the organization again, a new user account is created without any
association with the archived account. Similarly, if you archive a user account on the appliance without updating
your organization's Active Directory, an LDAP import results in a new user account, that is not associated with the
previously archived user.
NOTE: When user archival is enabled, user accounts can only be deleted only if they are marked as
archived.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
On the left navigation bar, click Control Panel > Users.
3.
Complete one of the following steps:
4.
•
On the Users list, select one or more user accounts that you want to archive and select Choose
Action > Archive.
•
On the Users list, click the name of the user that you want to archive. On the User Detail page that
appears, click Archive.
In the dialog box that appears, click Confirm.
The dialog box closes, and the Users list refreshes, indicating that the user is in the Archived state (
5.
).
If you want to review the details for an archived user, on the Users list, in the Name column, click the user
name.
The User Details page appears, showing the user details in read-only mode.
Next, you can delete archived user accounts, if needed.
View or edit user profiles
You can view general information about your user profile, and edit some settings, when needed.
The User Profile dialog box allows every user to quickly change their password, review the devices and assets
assigned to them, and any Service Desk Tickets that they created. Users with administrative-level permissions
can also edit some additional parameters, such as their name, email, manager, and locale. They can also quickly
go to the User Detail page to review additional information about their account, and to make any changes, as
needed.
KACE Systems Management Appliance 8.0 Administrator Guide
View or edit user profiles
144
For more information about editing user accounts using the User Detail page, see the following topics:
•
Add or edit organization user accounts
•
Add or edit System-level user accounts
1.
Do one of the following:
•
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin, where
KACE_SMA_hostname is the hostname of your appliance. Or, if Show organization menu in admin
header is enabled in the appliance General Settings, select an organization in the drop-down list in the
top-right corner of the page next to the login information.
•
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/system,
where KACE_SMA_hostname is the hostname of your appliance, or select System from the dropdown list in the top-right corner of the page.
•
Log in to the KACE SMA User Console, http://KACE_SMA_hostname/user, where
KACE_SMA_hostname is the hostname of your appliance, or select User Console from the dropdown list in the top-right corner of the page.
2.
From the drop-down list in the top-right corner of the page, select My Profile.
3.
Review and edit the information on the User Profile dialog box, as needed.
The User Profile dialog box appears.
NOTE: Users without administrative privileges can only update their passwords and view a limited set
of information in this dialog box without making any additional changes or accessing the User Detail
page.
Tab
Option
Description
Profile
Login
The name the user types in the Login ID field on
the login page.
NOTE: You cannot change the login of the
default admin account.
Name
The user’s full name.
Primary Email
The user’s email address.
Manager
The user’s manager.
Locale
The locale to use for the Administrator Console
and User Console for the user.
Update Password
The password the user types when logging in.
If the Organization component is enabled on
your appliance, or if you want to link multiple KSeries appliances, use caution when changing
the password of the admin account. Admin
account passwords for the System-level, for
organizations, and for linked appliances must be
the same if you want to switch among them using
the drop-down list in the top-right corner. The
drop-down list shows only those organizations
and appliances whose admin account passwords
are the same.
KACE Systems Management Appliance 8.0 Administrator Guide
View or edit user profiles
145
Tab
Option
Description
Devices
Name
The device name.
Subtype
The Asset Subtype for this device, if one is
assigned.
Primary Device
Indicates if the device is the primary device for
the selected user.
Name
The asset name.
Type
The asset type.
Subtype
The Asset Subtype for this device, if one is
assigned.
Number
The number of the Service Desk ticket the user
logged.
Title
The title of the Service Desk ticket the user
logged.
Status
The status of the Service Desk ticket the user
logged.
Assets
Service Desk
Tickets
4.
Optional. To access the User Detail page, in the top-left corner, click View Full Profile, and continue
reviewing and editing the user profile on that page.
5.
NOTE: This link only appears if your account has administrative privileges.
To save your changes, click Update.
Using an LDAP server for user authentication
User authentication can be done locally, using accounts created on the KACE SMA, or externally, using an LDAP
server.
If you use external LDAP server authentication, the appliance accesses a directory service to authenticate users.
This allows users to log in to the appliance Administrator Console or User Console using their domain username
and password.
For information about adding user accounts to the KACE SMA for local user authentication, see:
•
About user accounts and user authentication
•
Managing user accounts for organizations
About the login account on your LDAP server
To set up LDAP user authentication, you need to create a login account for the KACE SMA on your LDAP server.
The KACE SMA uses this account to read and import user information from the LDAP server.
The account needs read-only access to the Search Base DN field on the LDAP server. The account does not
need write access, because the appliance does not write to the LDAP server.
KACE Systems Management Appliance 8.0 Administrator Guide
About the login account on your LDAP server
146
In addition, the account must have a password that never expires. Because the password never expires,
make sure it is very secure. The user can change the password (that complies with the appropriate security
requirements), however, the password must be updated in the KACE SMA. You can give the account a
username, such as KACE_Login, or you can attempt to connect to the LDAP server using an anonymous bind.
Configure and test LDAP user authentication
You can configure and test connections from the KACE SMA to an external LDAP server.
1.
2.
Go to the Admin-level Authentication Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings.
c.
On the Control Panel, click User Authentication.
Select the LDAP Authentication option:
Option
Description
Local
Authentication
Enable local authentication (the default). If local authentication is enabled, the
password is authenticated against the existing entries in the local database at
Settings > Users.
LDAP
Authentication
Enable external user authentication using an LDAP server or Active Directory server.
If LDAP Authentication is enabled, the password is authenticated against the external
LDAP server.
For assistance with authentication, contact Quest Support at https://
support.quest.com/contact-support.
3.
Click the buttons next to the server names to perform the following actions:
Button
Action
Schedule a user import for the server.
Modify the server definition. For information about the fields in this section, see Table
5.
Remove the server.
Change the order of the server in the list of servers.
4.
Optional: Click New to add an LDAP server. You can have more than one LDAP server configured.
5.
NOTE: All servers must have a valid IP address or hostname. Otherwise, the operation times out,
which results in login delays when using LDAP authentication.
To add a server, provide the following information:
Table 5. Server information
Option
Description
Name
The name you want to use to identify the server.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure and test LDAP user authentication
147
Option
Description
Host Name or IP
Address
The IP address or the hostname of the LDAP server. If the IP address is not valid, the
appliance waits to timeout, resulting in login delays during LDAP authentication.
NOTE: To connect through SSL, use an IP address or hostname. For
example: ldaps://hostname.
If you have a non-standard SSL certificate installed on your LDAP server, such as
an internally-signed certificate or a chain certificate that is not from a major certificate
provider such as VeriSign, contact Quest Support at https://support.quest.com/
contact-support for assistance.
Port
The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).
Base DN
The criteria used to search for accounts.
This criteria specifies a location or container in the LDAP or Active Directory
structure, and the criteria should include all the users that you want to authenticate.
Enter the most specific combination of OUs, DCs, or CNs that match your criteria,
ranging from left (most specific) to right (most general). For example, this path leads
to the container with users that you need to authenticate:
OU=end_users,DC=company,DC=com.
Advanced Search
NOTE: Domain Users is a special group that is not added to the
memberof attribute values. For Domain Users members, use this format:
(primaryGroupId=513).
The search filter. For example:
(&(sAMAccountName=KBOX_USERNAME)
(memberOf=CN=financial,DC=example,DC=com))
Login
The credentials of the account the KACE SMA uses to log in to the LDAP server to
read accounts. For example:
LDAP Login:CN=service_account,CN=Users,
DC=company,DC=com.
If no username is provided, an anonymous bind is attempted. Each LDAP Label can
connect to a different LDAP or Active Directory server.
Password
The password of the account the KACE SMA uses to log in to the LDAP server.
Role
(Required) The user’s role:
•
Administrator: The user can log in to and access all features of the
Administrator Console and User Console.
•
Read Only Administrator: The user can log in, but cannot modify any settings
in the Administrator Console or User Console.
•
User Console Only: The user can log in only to the User Console.
•
No Access: The user cannot log in to the Administrator Console or User
Console. No Access is the default role.
NOTE: These roles are predefined and you cannot edit them. However, you
can create and edit custom roles as needed.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure and test LDAP user authentication
148
NOTE: Record the search and filtering criteria you use for filling out this form. You use this same
information to import user data, and later to schedule user import on a regular basis.
6.
Click Save.
7.
Test authentication on an external LDAP server as follows:
a.
b.
c.
d.
e.
Select the LDAP Authentication.
Click the Edit button next to the server on which the user account you are testing is located
.
In the Advanced Search: box, replace KBOX_USER with the username to test. The syntax is
sAMAccountName=username.
Enter the user’s password in the Password for test field.
Click Test.
If the test is successful, the authentication setup is complete for this user, and other users in the same
LDAP container.
Importing users from an LDAP server
You can import user information from LDAP servers to create user accounts on the KACE SMA. This provides
administrators, such as Service Desk staff, with a richer set of data to use when working with users.
There are two ways to import user information:
•
Manually: See Import user information manually
•
According to a schedule: See Import user information according to a schedule
NOTE: User information is overwritten each time users are imported to the appliance. Password
information, however, is not imported. Users must enter their passwords each time they log in to the
Administrator Console or User Console.
Import user information manually
You can import user information manually by specifying criteria to identify the users you want to import.
1.
2.
Go to the Users page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Users.
c.
Select Choose Action > Import Users.
Provide the following information:
NOTE: Use the LDAP Browser to specify the Search Base DN and Search Filter. See Use the LDAP
Browser.
Option
Description
Server
The IP address or the hostname of the LDAP server. If the IP address is not valid, the
appliance waits to timeout, resulting in login delays during LDAP authentication.
NOTE: To connect through SSL, use an IP address or hostname. For
example: ldaps://hostname.
If you have a non-standard SSL certificate installed on your LDAP server, such as
an internally-signed certificate or a chain certificate that is not from a major certificate
KACE Systems Management Appliance 8.0 Administrator Guide
Import user information manually
149
Option
Description
provider such as VeriSign, contact Quest Support at https://support.quest.com/
contact-support for assistance.
Port
The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).
Base DN
The criteria used to search for accounts.
This criteria specifies a location or container in the LDAP or Active Directory
structure, and the criteria should include all the users that you want to authenticate.
Enter the most specific combination of OUs, DCs, or CNs that match your criteria,
ranging from left (most specific) to right (most general). For example, this path leads
to the container with users that you need to authenticate:
OU=end_users,DC=company,DC=com.
Advanced Search
NOTE: Use the LDAP Browser to specify the Search Base DN and Search
Filter. Use the LDAP Browser.
The search filter. For example:
(&(sAMAccountName=KBOX_USERNAME)
(memberOf=CN=financial,DC=example,DC=com))
Login
The credentials of the account the KACE SMA uses to log in to the LDAP server to
read accounts. For example:
LDAP Login:CN=service_account,CN=Users,
DC=company,DC=com.
If no username is provided, an anonymous bind is attempted. Each LDAP Label can
connect to a different LDAP or Active Directory server.
Password
3.
The password of the account the KACE SMA uses to log in to the LDAP server.
Specify the LDAP attributes to import.
Option
Description
Attributes to
retrieve
Specify the LDAP attributes to retrieve. For example:
sAMAccountName, objectguid, mail, memberof, displayname, sn,
cn, userPrincipalName, name, description, manager
The LDAP attributes specified in this field can be mapped to KACE SMA User
attributes on the next page. If this field is blank, the appliance retrieves all LDAP
attributes. Leaving this field blank increases the time required to import attributes and
is not recommended.
Label Attribute
IMPORTANT: To retrieve the manager object associated with the user, you
must add the manager attribute to the list, and to specify this mapping in a
later step.
Enter a label attribute. For example: memberof.
This setting returns a list of groups this user is a member of. The union of all the label
attributes forms the list of labels you can import. If the search filter contains both the
label names and user names, the label attribute is not required.
Label Prefix
Enter the label prefix. For example: ldap_
The label prefix is a string that is added to the beginning of all the labels.
KACE Systems Management Appliance 8.0 Administrator Guide
Import user information manually
150
Option
Description
Binary Attributes
Enter the binary attributes. For example: objectsid.
Binary attributes indicates which attributes should be treated as binary for purposes
of storage.
Maximum Number
of Rows
Enter the maximum number of rows to retrieve. This limits the result set that is
returned in the next step.
Debug Output
Select the check box to view the debug output.
4.
Click Next.
5.
In the drop-down list next each attribute, select the value to use for KACE SMA User attributes during
import. Values in the drop-down list are the values specified in the Attributes to retrieve field on the previous
page.
The Define mapping between User attributes and LDAP attributes page appears.
The following attribute mappings are required:
Option
Description
Ldap Uid
The identifier for the user. Recommended value: objectguid.
User Name
The name of the user. Recommended value: name.
Email
The email address for the user. Recommended value: mail.
Manager
The manager of the user. This mapping is mandatory only if you want to retrieve the
manager information. Recommended value: manager.
IMPORTANT: To retrieve the manager object associated with the user, you
must also add the manager attribute to the Attributes to retrieve box.
The following attribute mappings are not required, but they are recommended:
Option
Description
Api Enabled
Whether users are enabled to access the KACE SMA using the KACE GO app.
Access is enabled if the field contains a numerical value. Access is disabled if the
field contains no value. Therefore, to enable access, select an attribute that returns a
numerical value. To disable access, select No Value.
Ams Id
Not used in the KACE SMA 6.4 release. Recommended value: No Value.
6.
Optional: In the Role drop-down list, select the role for the imported users. See Add or edit User Roles.
7.
Optional: In the Labels drop-down list, select the label to apply to imported users. See About labels.
8.
In the Search Results section below the attribute mapping drop-down lists, verify that the list of users to
import is correct, and the information listed for each user is what you expect. To refine your search, click the
Back button and revise the search parameters and attributes.
For example, to change the number of Search Results, change the Maximum Number of Rows on the
Choose attributes to import page.
9.
Click Next to display the Import Data into the KACE SMA page.
10. Review the tables of users to ensure that the data is valid and includes the data that you expect.
KACE Systems Management Appliance 8.0 Administrator Guide
Import user information manually
151
Only users with values for the required attributes, Ldap Uid, User Name, Email, and Manager are imported.
Records that do not have these values are listed in the Users with invalid data section.
11. Click Import Now to start the import.
The Users page appears, and the imported users appear on the list. The imported users can access the features
of the Administrator Console, User Console based on the role to which they are assigned.
Import user information according to a schedule
To keep user data current, schedule regular user data imports from your LDAP server.
1.
2.
Go to the Admin-level Authentication Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings.
c.
On the Control Panel, click User Authentication.
Select LDAP Authentication, then click the Schedule button next to the server name in the list of servers
to schedule a user import:
.
The User Import: Schedule – Choose attributes to import page appears.
The following Read Only Administrator Server Details are displayed:
Option
Description
Server
The IP address or the hostname of the LDAP server. If the IP address is not valid, the
appliance waits to timeout, resulting in login delays during LDAP authentication.
NOTE: To connect through SSL, use an IP address or hostname. For
example: ldaps://hostname.
If you have a non-standard SSL certificate installed on your LDAP server, such as
an internally-signed certificate or a chain certificate that is not from a major certificate
provider such as VeriSign, contact Quest Support at https://support.quest.com/
contact-support for assistance.
Port
The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).
Base DN
The criteria used to search for accounts.
This criteria specifies a location or container in the LDAP or Active Directory
structure, and the criteria should include all the users that you want to authenticate.
Enter the most specific combination of OUs, DCs, or CNs that match your criteria,
ranging from left (most specific) to right (most general). For example, this path leads
to the container with users that you need to authenticate:
OU=end_users,DC=company,DC=com.
Advanced Search
NOTE: Use the LDAP Browser to specify the Search Base DN and Search
Filter. Use the LDAP Browser.
The search filter. For example:
(&(sAMAccountName=KBOX_USERNAME)
(memberOf=CN=financial,DC=example,DC=com))
Login
The credentials of the account the KACE SMA uses to log in to the LDAP server to
read accounts. For example:
KACE Systems Management Appliance 8.0 Administrator Guide
Import user information according to a schedule
152
Option
Description
LDAP Login:CN=service_account,CN=Users,
DC=company,DC=com.
If no username is provided, an anonymous bind is attempted. Each LDAP Label can
connect to a different LDAP or Active Directory server.
Password
3.
The password of the account the KACE SMA uses to log in to the LDAP server.
Specify the LDAP attributes to import.
Option
Description
Attributes to
retrieve
Specify the LDAP attributes to retrieve. For example:
sAMAccountName, objectguid, mail, memberof, displayname, sn,
cn, userPrincipalName, name, description, manager
The LDAP attributes specified in this field can be mapped to KACE SMA User
attributes on the next page. If this field is blank, the appliance retrieves all LDAP
attributes. Leaving this field blank increases the time required to import attributes and
is not recommended.
Label Attribute
IMPORTANT: To retrieve the manager object associated with the user, you
must add the manager attribute to the list, and to specify this mapping in a
later step.
Enter a label attribute. For example: memberof.
This setting returns a list of groups this user is a member of. The union of all the label
attributes forms the list of labels you can import. If the search filter contains both the
label names and user names, the label attribute is not required.
Label Prefix
Enter the label prefix. For example: ldap_
The label prefix is a string that is added to the beginning of all the labels.
Binary Attributes
Enter the binary attributes. For example: objectsid.
Binary attributes indicates which attributes should be treated as binary for purposes
of storage.
Maximum Number
of Rows
Enter the maximum number of rows to retrieve. This limits the result set that is
returned in the next step.
Debug Output
Select the check box to view the debug output.
4.
In the Email Recipients section, click the Edit button to enter the recipient’s email address
5.
Select users in the Recipients drop-down list.
6.
In the Scheduling section, specify schedule options:
.
Option
Description
Don’t Run on a
Schedule
Run in combination with an event rather than on a specific date or at a specific time.
Run Every day/
specific day at
HH:MM
Run daily at a specified time, or run on a designated day of the week at a specified
time.
KACE Systems Management Appliance 8.0 Administrator Guide
Import user information according to a schedule
153
Option
Description
Run on the nth
of every month/
specific month at
HH:MM
Run on the same day every month, or a specific month, at the specified time.
7.
Click Next to display the User Import: Schedule - Define mapping between User attributes and LDAP
Attributes page.
8.
In the drop-down list next each attribute, select the value to use for KACE SMA User attributes during
import. Values in the drop-down list are the values specified in the Attributes to retrieve field on the previous
page.
The following attribute mappings are required:
Option
Description
Ldap Uid
The identifier for the user. Recommended value: objectguid.
User Name
The name of the user. Recommended value: name.
Email
The email address for the user. Recommended value: mail.
Manager
The manager of the user. This mapping is mandatory only if you want to retrieve the
manager information. Recommended value: manager.
IMPORTANT: To retrieve the manager object associated with the user, you
must also add the manager attribute to the Attributes to retrieve box.
The following attribute mappings are not required, but they are recommended:
Option
Description
Api Enabled
Whether users are enabled to access the KACE SMA using the KACE GO app.
Access is enabled if the field contains a numerical value. Access is disabled if the
field contains no value. Therefore, to enable access, select an attribute that returns a
numerical value. To disable access, select No Value.
Ams Id
Not used in the KACE SMA 6.4 release. Recommended value: No Value.
9.
Optional: In the Role drop-down list, select the role for the imported users. See Add or edit User Roles.
10. If you want the selected role to be a default role for new roles, select the Make default check box.
11. Optional: In the Labels drop-down list, select the label to apply to imported users. See About labels.
12. In the Search Results section below the attribute mapping drop-down lists, verify that the list of users to
import is correct, and the information listed for each user is what you expect. To refine your search, click the
Back button and revise the search parameters and attributes.
For example, to change the number of Search Results, change the Maximum Number of Rows on the
Choose attributes to import page.
13. Click Next to display the Import Data into the KACE SMA page.
14. Review the tables of users to ensure that the data is valid and includes the data that you expect.
KACE Systems Management Appliance 8.0 Administrator Guide
Import user information according to a schedule
154
Only users with values for the required attributes, Ldap Uid, User Name, Email, and Manager, are imported.
Records that do not have these values are listed in the Users with invalid data section.
15. Do one of the following:
•
Click Back to change settings.
•
Click Import to save the schedule and import user information immediately. The import begins, and
the schedule is set to run according to the options selected in Scheduling section.
•
Click Finish to save the schedule without importing user information. The schedule is set to run
according to the options selected in the Scheduling section.
User information is imported according to the specified schedule.
About single sign on (SSO)
Single sign on enables users who are logged on to the domain, or authenticated through a third-party, to access
the KACE SMA Administrator Console and User Console without having to re-enter their credentials on the KACE
SMA login page.
You can use Active Directory for single sign on.
Single sign on is available for:
•
One domain only: If you have multiple domains, only one can be enabled for single sign on. This is true
even if the Organization component is enabled on the KACE SMA, and you have multiple organizations
that are on different domains. Single sign on is a System-level configuration, and organizations cannot be
configured independently for single sign on.
•
Microsoft Active Directory servers: You can enable single sign on using Microsoft Active Directory
servers with 2003 R2 or higher schema versions. Earlier schema versions cannot be used. If the
Organization component is enabled on your appliance, the Active Directory single sign on method can be
used with multiple organizations.
Using external LDAP or Active Directory servers for single sign
on
When using Active Directory for authentication for single sign on, the external LDAP or Active Directory server
must have the same entries as the Active Directory server specified for single sign on. The KACE SMA matches
user credentials on the joined domain, and then it uses the external LDAP configuration to determine user roles
and privileges.
To authenticate users by using local accounts on the KACE SMA, you need to either import accounts from an
LDAP or Active Directory server to the appliance, or manually create accounts on the appliance. See:
•
Importing users from an LDAP server
•
Managing System-level user accounts
•
Managing organization user accounts
Enabling and disabling single sign on
You can enable or disable single sign on in the KACE SMA security settings.
KACE Systems Management Appliance 8.0 Administrator Guide
Enabling and disabling single sign on
155
Enable single sign on
To enable single sign on, you need to configure the appliance Security Settings to establish a connection between
an Active Directory server and the appliance.
•
To configure single sign on for Active Directory, see Configure Active Directory as the single sign on
method
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Security Settings to display the Security Settings page.
3.
In the Single Sign On section, select a single sign on method.
•
Configure Active Directory as the single sign on method
Disable single sign on
You can disable single sign on without removing the KACE SMA from the domain.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Security Settings to display the Security Settings page.
3.
In the Single Sign On section, select Disable.
Single sign on is disabled. Users who are currently logged in to the Administrator Console or User Console
remain logged in until their sessions end. The next time they attempt to access the Administrator Console
or User Console, however, they are required to enter their credentials.
Using Active Directory for single sign on
When single sign on is configured to use Active Directory, authenticated users can access the Administrator
Console or the User Console without having to enter login credentials.
To do so, users must type the hostname of the KACE SMA in the browser address field. If users enter an IP
address, they are directed to the appliance login page, instead of being signed on automatically, and they must
enter their credentials to log in.
If you use Active Directory for single sign on, you must configure Internet Explorer and Firefox browsers to use the
appropriate security settings.
Configure Active Directory as the single sign on method
Active Directory single sign on enables users who are logged on to the domain to access the KACE SMA
Administrator Console and User Console without having to re-enter their logon credentials each time.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure Active Directory as the single sign on method
156
Before you connect the KACE SMA to an Active Directory server, verify that:
•
Network and DNS settings are configured to enable the KACE SMA to access the Active Directory server.
See Change appliance network settings.
•
The time settings on the Active Directory server match the time settings on the KACE SMA. For information
on setting the time on the KACE SMA, see Configure appliance date and time settings.
1.
Go to the appliance Control Panel:
2.
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
In the Single Sign On section of the Security Settings page, select Active Directory, then provide the
following information:
Option
Description
Domain
The host name of the domain of your Active Directory® server, such as example.com.
Username
The user name of the administrator account on the Active Directory server. For
example, username@example.com.
Password
The password of the administrator account on the Active Directory server.
Computer Object
Container
The name of the computer object container of the administrator account on the Active
Directory server.
Computer Object
Name
The name of the computer object container of the administrator account on the Active
Directory server.
Service Account
Container
The name of the service account container of the administrator account on the Active
Directory server.
3.
Click Join.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure Active Directory as the single sign on method
157
The appliance performs the following tests, which require read-only permission, to determine whether the
domain is configured correctly to allow the KACE SMA to join the domain:
◦
Check for supported operating system and correct operating system patches
◦
Check for sufficient disk space to install QAS
◦
Check that the hostname of the system is not 'localhost'
◦
Check if the name service is configured to use DNS
◦
Check resolv.conf for proper formatting of name service entries and that
the host can be resolved
◦
Check for a name server that has the appropriate DNS SRV records for Active
Directory
◦
Detect a writable domain controller with UDP port 389 open
◦
Detect Active Directory site if available
◦
Check if TCP port 464 is open for Kerberos kpasswd
◦
Check if UDP port 88 and TCP port 88 are open for Kerberos traffic
◦
Check if TCP port 389 is open for LDAP
◦
Check for a global catalog server and if TCP port 3268 is open for
communication with global catalog servers
◦
Check for a valid time skew against Active Directory
◦
Check for the QAS application configuration in Active Directory
◦
Check if TCP port 445 is open for Microsoft CIFS traffic
These tests do not need write access and they do not check for permission to write to any directory. In
addition, these tests do not verify username and password credentials. If the credentials are incorrect, the
KACE SMA might not be able to join the domain even if the tests are successful.
A message appears stating the results of the test. To view errors, if any, click Logs, then in the Log dropdown list, select Server Errors.
4.
Optional: Select Force Join to join the server to ignore errors and join the domain.
5.
Click Save and Restart Services.
When users are logged in to devices that are joined to the Active Directory domain, they can access the KACE
SMA User Console without having to re-enter their credentials. If users are on devices that are not joined to the
Active Directory domain, the login window appears and they can log in using a local KACE SMA user account.
See Add or edit System-level user accounts.
NOTE: To use single sign on with Internet Explorer and Firefox browsers, users must configure their
browser settings to use the appropriate authentication. See Configuring browser settings for single sign on.
Configuring browser settings for single sign on
To use Active Directory single sign on with Internet Explorer and Firefox browsers, users must configure their
browser settings to use the appropriate authentication. The Chrome™ browser does not require any special
configuration.
KACE Systems Management Appliance 8.0 Administrator Guide
Configuring browser settings for single sign on
158
Configure Internet Explorer browser settings
To use Active Directory single sign on with the Internet Explorer, you must configure the browser's security
settings.
1.
In the Internet Explorer browser, click Tools > Internet Options > Security.
2.
Select the appropriate security policy:
•
If the KACE SMA is available on the Internet select Trusted Sites.
•
If the KACE SMA is not available on the Internet, select local intranet.
3.
Click custom level, then scroll to the bottom of the list.
4.
Select automatic logon with current username and password. If this option is not selected, Internet
Explorer cannot automatically log in to the Administrator Console or User Console even if single sign on is
enabled on the KACE SMA.
Configure Firefox browser settings
To use Active Directory single sign on with Firefox, you must configure the browser's authentication settings.
1.
In the Firefox browser, type about:config in the address bar.
2.
In the Search field type the following network.negotiate-auth.trusted-uris.
3.
In the search results, double-click the name of the preference.
4.
In the string value box, enter the URL of the KACE SMA. For example, http://kace_sma.example.com, then
click OK.
Use Active Directory single sign on to access the Administrator Console or User
Console
When Active Directory single sign on is enabled on the appliance, users who are logged in to the domain can
access the Administrator Console or User Console without entering their credentials on the KACE SMA login
page.
Single sign on must be enabled through Active Directory. See Enable single sign on.
1.
Log in to the domain.
2.
In a web browser, type the hostname of the KACE SMA in the browser address field. To identify the host
name, see Change appliance network settings.
TIP: If you enter the appliance IP address, you are directed to the appliance login page instead of
being signed on automatically.
The Administrator Console or User Console appears, depending on user account privileges.
Unjoin the domain and disable Active Directory single sign on
You can remove the KACE SMA from the Active Directory domain. Removing the appliance from the domain
automatically disables single sign on as well.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Security Settings to display the Security Settings page.
3.
In the Single Sign On section, click Unjoin Domain.
KACE Systems Management Appliance 8.0 Administrator Guide
Unjoin the domain and disable Active Directory single sign on
159
NOTE: Users who are currently logged in to the User Console or Administrator Console remain
logged in until their session ends. The next time they attempt to access the User Console or
Administrator Console, however, they are required to enter their credentials.
Using Replication Shares
Replication Shares are devices that keep copies of files for distribution, and they are especially useful if your
managed devices are deployed across multiple geographic locations.
For example, using a Replication Share, a device in New York could download files from another device at the
same office, rather than downloading those files from a KACE SMA in Los Angeles. A Replication Share is a full
replication of all digital assets and is managed automatically by the appliance. Whenever a Replication Share is
specified for a label, devices in that label go to the Replication Share to get files.
In addition, you can use Replication Shares to deploy of Managed Installations, patches, or Dell Updates where
network bandwidth and speed are issues. Replication Shares are good alternatives to downloading directly from
an appliance.
Replication Shares enable an appliance to replicate application installers, patches, upgrades, and script
dependencies to a shared folder on a device. If any replication item is deleted from the appliance, it is marked for
deletion in the Replication Share and deleted in the replication task cycle. The figure shows a Replication Share
configuration and task flow.
Figure 7. Replication Share configuration
To create a Replication Share, identify one device at each remote location to act as a Replication Device.
The appliance copies all the replication items to the Replication Device at the specified destination path. The
replication process automatically restarts if it is stopped due to a network failure or replication schedule. If
stopped, the replication process restarts at the point it was stopped.
Sneaker net share: You can create a folder and copy the contents of an existing replication folder to it. You can
then specify this folder as the new replication folder in the appliance. The appliance determines whether the new
folder has all the replication items present and replicates only the new ones, which conserves bandwidth. You can
KACE Systems Management Appliance 8.0 Administrator Guide
Using Replication Shares
160
manually copy the contents of replication folder to a new folder. The replication folder created in a device follows
following hierarchy:
\\machinename\foldername\repl2\replicationitems folder
The device name and folder name is user defined while repl2 is automatically created by appliance. The
replication items folder includes the folder for patches, kbots, upgrade files, and applications.
All the replication items are first listed in the replication queue and then copied one at a time to the destination
path. Any new replication item is first listed in the replication queue and then copied after an interval of 10
minutes.
Replication items are copied in this order:
1.
Script dependencies
2.
Applications
3.
Agent upgrades
4.
Patches
Create Replication Shares
You can create Replication Shares on managed devices.
To create a Replication Share you must:
•
Have write permission on the destination path to write the software files.
•
Install the KACE SMA Agent on the Replication Share.
•
Create a label for your devices before starting the process.
Replication Shares can be created only on devices that appear on the Devices list in Inventory. If the device you
want to use is not on the Devices list, you need to create an inventory record for the device before you can use it
as a Replication Share.
See Managing inventory information.
1.
Go to the Replication Schedule Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Distribution, then click Replication.
c.
Select Choose Action > New.
2.
In the Configure section, select the Enabled check box.
3.
Optional: Select Failover To Appliance to use the KACE SMA when the Replication Share is not
available.
4.
NOTE: Enable Failover To Appliance only after testing the Replication Share.
In the Device drop-down list, select the device to use as a Replication Share.
The Replication Share can be created by two methods:
•
Locally
•
On a shared network drive
5.
Select the Operating System and Locales of the patches to replicate. The lists are populated based on
the operating systems and locales selected in the patch subscription.
6.
Select the Include Application Patches and Include Dell Updates check boxes to copy the patch and
update files to the Replication Share.
7.
Specify the Destination Share settings:
KACE Systems Management Appliance 8.0 Administrator Guide
Create Replication Shares
161
Option
Description
Path
The path the Replication device uses for the Replication Share. Applications are
copied from the KACE SMA to this location. For a local drive, use local drive syntax,
for example: C:\kace_sma_share
For a network drive, use UNC format, for example: \\kaceRep\kace_sma_share\
NOTE: $ notation, for example \\KaceRep\e$, is not supported.
Local Share or
UNC
Select whether to use a Local Share or UNC.
Credentials
The details of the service account required to connect to the device and run
commands. Select existing credentials from the drop-down list, or select Add new
credential to add credentials not already listed.
See Add and edit User/Password credentials.
Label
8.
The label of the devices using the Replication Share. Verify that the selected label
does not have KACE_ALT_LOCATION specified. KACE_ALT_LOCATION takes
precedence over the Replication Share for downloading files to devices.
Specify the Download Share settings:
Option
Description
Path
The path used by devices in the replication label to copy items from the replication
drive.
For example, a UNC path:
\\fileservername\directory\kace_sma\
Other devices need read permission to copy replication items from this shared folder.
Credentials
The details of the service account required to connect to the device and run
commands. Select existing credentials from the drop-down list, or select Add new
credential to add credentials not already listed.
See Add and edit User/Password credentials.
9.
Specify the following settings in the Schedule section:
Option
Description
High Bandwidth
The maximum bandwidth to use for replication. If this field is blank, the maximum
bandwidth available for replication is used. This field is specified in bytes per second.
Low Bandwidth
The restricted bandwidth to use for replication. If this field is blank, the maximum
bandwidth available for replication is used. This field is specified in bytes per second.
Schedule table
The bandwidth used for each hour of the day (24-hour clock format) and each day of
the week.
•
To change the bandwidth selection, click in a square.
•
To select hours (columns), click the hour number.
•
To select days (rows), click the day of the week.
KACE Systems Management Appliance 8.0 Administrator Guide
Create Replication Shares
162
Option
Description
Bandwidth is color-coded:
•
White: Replication is off
•
Light blue: Replication is on with low bandwidth
•
Blue: Replication is on with high bandwidth
Copy Schedule
From
Select an existing Replication Schedule in the drop-down list to replicate items
according to that schedule.
Notes
Any additional information you want to provide.
10. Click Save.
The Replication page appears.
11. Optional: After you have tested the Replication Share, return to 3 and enable Failover To Appliance.
Related topics
Add or edit manual labels
About patch management
View Replication Share details
You can view details of devices used as Replication Shares.
1.
Go to the Replication list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Distribution, then click Replication.
This page displays a list of the Replication Shares that are available on the appliance. For each Replication
Share, a default view shows its Status, replication Task, associated Device, Destination Path, KACE SMA
Agent Version, Label, an indication if the Replication Share is Enabled, and the number of files remaining
to be copied along with the total size of files remaining to be copied (in the ToDo column). The information
appearing in the ToDo column allows you to review the state of replication process for each Replications
Share in this list, instead of reviewing individual shares to find out if their replication process is complete.
2.
In the Device column, click the name of a Replication Share to display the Replication Schedule Detail
page.
On this page you can:
◦
View the Replication queue: To view items that are queued for replication, click Show Replication
Queue below the configuration information. This view is displayed by default when you access the
page.
◦
View the Replication inventory: To view items that have been replicated to the share, click Show
Share Inventory below the configuration information.
◦
Delete the Replication queue: To view replication items that are marked for deletion, click Show
Delete Queue below the configuration information.
KACE Systems Management Appliance 8.0 Administrator Guide
View Replication Share details
163
Managing credentials
The KACE SMA enables you to manage the usernames and passwords required for logging in to other systems,
such as managed computers and servers, and the information required for Google or SNMP authentication, from
a central location.
Credentials that have been added to the appliance's Credentials Management page are available for selection
on drop-down lists in the Inventory (Discovery, Provisioning, and Agentless device management), Distribution
(Managed Installations, File Synchronizations, and Replication), and Scripting (Configuration Policies and Security
Policies) sections.
In addition, credentials that are updated on the Credentials Management page are automatically updated
wherever they are used in the various KACE SMA components. You do not need to independently update each
item that uses the credentials.
However, the credentials you add to the appliance must match the credentials on the target systems. If you
change the credentials on target systems, you must change them on the appliance's Credentials Management
page as well.
If the Organization component is enabled on your appliance, you manage credentials for each organization
separately.
NOTE: The Credentials Management drop-down list is not available on LDAP configuration pages, and
the feature is not used to manage user credentials for accessing the KACE SMA Administrator Console
or User Console, which use single sign on and LDAP authentication. See About user accounts and user
authentication.
Tracking changes to Credentials Management
settings
If History subscriptions are configured to retain information, you can view the details of the changes made to
settings, assets, and objects. This information includes the date the item was created, changed, or deleted, and
the user who performed the action, which can be useful during troubleshooting.
See About history settings.
Add and edit Secret Key credentials
To streamline the management of Secret Key credentials used in Inventory, Distribution, and Scripting, add those
credentials to the Credentials Management page. Secret Key credentials can be created for devices managed
using the KACE Cloud Mobile Device Manager.
•
You have the secret key from the KACE Cloud Mobile Device Manager.
•
You have administrator privileges in the Administrator Console.
After you add credentials, you can select them on configuration pages instead of entering the credentials
manually each time. In addition, you can add credentials from any of the configuration pages that use them.
Credentials added on configuration pages are automatically added to the Credentials Management page.
1.
Go to the Credentials Management page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
KACE Systems Management Appliance 8.0 Administrator Guide
Add and edit Secret Key credentials
164
b.
On the left navigation bar, click Settings, then click Credentials.
2.
Select Choose Action > New.
3.
On the Add Credential form, specify credential properties:
NOTE: You can also access this form from pages that use credentials, such as the Discovery
Schedule Detail page. Credentials added on these pages are automatically added to the Credentials
Management list.
Option
Description
Name
A unique name for the credential. This name appears on the Credentials
Management list and in the credential selection drop-down lists in component
sections, such as Scripting. This name is used for identification in Administrator
Console, and it is not part of the actual credential on the target device.
Type
The classification of the credential. Select Secret Key to specify credentials that
contain secret keys from the KACE Cloud Mobile Device Manager.
Secret
The secret key of the KACE Cloud Mobile Device Manager environment.
Show typing
Show the characters in the Password field on the Add Credential form. This option is
available only when you are adding credentials. If you are editing existing credentials,
the password characters cannot be displayed.
Notes
Any additional information you want to provide about the credential.
4.
Click Save.
The credential appears on the Credentials Management list and it is available for selection in components
that use credentials.
Add and edit User/Password credentials
To streamline the management of username and password credentials used in Inventory, Distribution, and
Scripting, add those credentials to the Credentials Management page. User/Password credentials can be created
for Mac, Windows, and Linux operating systems as well as VMware ESXi hosts and vCenter Servers.
•
You have the usernames and passwords of the credentials you want to manage.
•
You have administrator privileges in the Administrator Console.
After you add credentials, you can select them on configuration pages instead of entering the credentials
manually each time. In addition, you can add credentials from any of the configuration pages that use them.
Credentials added on configuration pages are automatically added to the Credentials Management page.
1.
Go to the Credentials Management page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Credentials.
2.
Select Choose Action > New.
3.
On the Add Credential form, specify credential properties:
NOTE: You can also access this form from pages that use credentials, such as the Discovery
Schedule Detail page. Credentials added on these pages are automatically added to the Credentials
Management list.
KACE Systems Management Appliance 8.0 Administrator Guide
Add and edit User/Password credentials
165
Option
Description
Name
A unique name for the credential. This name appears on the Credentials
Management list and in the credential selection drop-down lists in component
sections, such as Scripting. This name is used for identification in Administrator
Console, and it is not part of the actual credential on the target device.
Type
The classification of the credential. Select User/Password to specify credentials that
have usernames and passwords.
User or Domain
\User
The username required for the credential.
Password
The password required for the credential.
Show typing
Show the characters in the Password field on the Add Credential form. This option is
available only when you are adding credentials. If you are editing existing credentials,
the password characters cannot be displayed.
Targets
The device types on which the credential can be used.
TIP: You can select multiple device types, or operating systems, if the
specified credentials can be used for authentication on multiple operating
systems.
Any additional information you want to provide about the credential.
Notes
4.
TIP: The Domain\User format might be required for some Windows
configurations.
Click Save.
The credential appears on the Credentials Management list and it is available for selection in components
that use credentials.
Add and edit Google OAuth credentials
To streamline the management of Google OAuth credentials used in Inventory, Distribution, and Scripting, add
those credentials to the Credentials Management page.
•
You have a Google Apps for Business domain or Google Apps for Education domain, with Chrome Device
Management support.
•
You have a Google User admin account that is a member of the business or education domain. The
account must be assigned the super user role.
•
You have a Google account to be used as your developer account, and have created a project with a Client
ID and Client Secret. See Obtain a Client ID and Client Secret for use in discovering Chrome devices.
•
You have administrator privileges in the Administrator Console.
After you add credentials, you can select them on configuration pages instead of entering them manually each
time. In addition, you can add credentials from any of the configuration pages that use them. Credentials added
on configuration pages are automatically added to the Credentials Management page.
1.
Go to the Credentials Management page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
KACE Systems Management Appliance 8.0 Administrator Guide
Add and edit Google OAuth credentials
166
b.
On the left navigation bar, click Settings, then click Credentials.
2.
Select Choose Action > New.
3.
On the Add Credential form, specify credential properties:
Option
Description
Name
A unique name for the credential. This name appears on the Credentials
Management list and in the credential selection drop-down lists in component
sections, such as Scripting. This name is used for identification in Administrator
Console, and it is not part of the actual credential.
Type
The classification of the credential. Select Google OAuth to specify credentials for
Chrome devices.
Client ID
Your Google developer API Client ID.
Client Secret
Your Google developer API Client Secret.
Show typing
Show the characters in the Client Secret field on the Add Credential form. This
option is available only when you are adding credentials. If you are editing existing
credentials, the characters in the Client Secret field cannot be displayed.
Approval Code
The approval code for access. To obtain this code, provide your Client ID and Client
Secret, then click Generate a new code.
Generate a new
code
A link to the code-generator. To generate a new code:
a.
Click Generate a new code.
b.
Sign in with your Google Admin Account credentials on the Google sign-in
page.
If a Google sign-in page does not appear, your Google account credentials are
already cached. If the cached account is not the preferred Admin Account, log
out and log back in with the preferred Admin Account.
Notes
4.
c.
Click Accept to generate a code that allows the KACE SMA access to view
user and Chrome OS devices on the Google Domain.
d.
Copy the generated code and close the Google window.
e.
Paste the code into Approval Code.
Any additional information you want to provide about the credential.
Click Save.
The credential is available for selection in components that use credentials.
Add and edit SNMP credentials
To streamline the management of SNMP credentials used in Inventory, Distribution, and Scripting, add those
credentials to the Credentials Management page.
•
You have the information required for SNMP authentication.
•
You have administrator privileges in the Administrator Console
KACE Systems Management Appliance 8.0 Administrator Guide
Add and edit SNMP credentials
167
After you add credentials, you can select them on configuration pages instead of entering them manually each
time. In addition, you can add credentials from any of the configuration pages that use them. Credentials added
on configuration pages are automatically added to the Credentials Management page.
1.
Go to the Credentials Management page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Credentials.
2.
Select Choose Action > New.
3.
On the Add Credential form, provide the following information:
Option
Description
Name
A unique name for the credential. This name appears on the Credentials
Management list and in the credential selection drop-down lists in component
sections, such as Scripting. This name is used for identification in Administrator
Console, and it is not part of the actual credential.
Type
The classification of the credential. Select SNMP to specify SNMP credentials.
4.
For SNMP v1 or v2c, provide the following information:
Option
Description
SNMP v1 or v2c
SNMP credentials that do not use authentication or encryption.
Community String
For SNMP v1 or v2c, the community string to query. The default is Public. The Public
String is required for SNMP v1 or v2c.
Notes
Any additional information you want to provide about the credential.
5.
For SNMP v3, provide the following information:
Option
Description
SNMP v3
SNMP credentials that require authentication and encryption algorithms to increase
security.
Security Name
For SNMP v3, the name of the USM (user-based security model) user account. This
account, and any passwords required for authentication and encryption, must be set
up on target devices.
Security Level
For SNMP v3, the level of security. Security levels include:
•
authPriv: The highest level of SNMP v3 security, which uses both
authentication and encryption. To use this level, you must specify all the SNMP
V3 Authentication and Privacy settings.
•
authNoPriv: The mid-range of SNMP v3 security, which uses authentication
only. Communications are not encrypted. To use this level, you must specify
the Authentication settings.
•
noAuthNoPriv: The lowest level of SNMP v3 security. Communications are
not encrypted.
KACE Systems Management Appliance 8.0 Administrator Guide
Add and edit SNMP credentials
168
Option
Description
Authentication
Password
For SNMP v3, the password used to authenticate communications when authPriv or
authNoPriv security levels are selected. This password is associated with the USM
user and must be set up on target devices.
Protocol
For SNMP v3, the protocol used for communications. Protocols include:
•
SHA: Secure hash algorithm, SHA-1.
•
MD5: Message Digest 5. Faster than SHA, but considered to be less secure.
Privacy Password
For SNMP v3, the password used to authenticate communications when the authPriv
security level is selected. This password is associated with the USM user and must
be set up on target devices.
Protocol
For SNMP v3, the protocol used for the privacy password. Protocols include:
DES: Data Encryption Standard. This algorithm has a 56-bit key size and is
considered to be less secure than AES.
•
AES: Advanced Encryption Standard. The appliance supports the 128-bit key
size.
Any additional information you want to provide about the credential.
Notes
6.
•
Click Save.
The credential is available for selection in components that use credentials.
View credential usage
You can view credential usage on the Credentials Management page.
•
Credentials have been added to the Credentials Management page. See Managing credentials.
•
You have administrator privileges in the Administrator Console.
1.
Go to the Credentials Management page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Credentials.
The In Use column shows the components using the credentials.
2.
To sort the list, select a Type from the View By drop-down list above the table.
Create reports from the Credentials Management
list
If history subscriptions are configured to retain credential information, you can generate reports that show when
credentials were created, edited, and deleted.
•
Credentials have been added to the KACE SMA, and they appear on the Credentials Management page.
•
History subscriptions are configured to retain credential information. See Configure object history.
KACE Systems Management Appliance 8.0 Administrator Guide
Create reports from the Credentials Management list
169
When you create reports from the Credentials Management page, you can include information about the
credentials, such as the name, type, creation date, and usage information. Authentication details, however, such
as the password or client secret, are not included in reports.
1.
NOTE: If the Organization component is enabled on your appliance, you create credential reports for each
organization separately.
Go to the Credentials Management page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Credentials.
2.
Select Choose Action > Create Report.
3.
On the Report Detail page, provide a name for the report.
4.
Select additional report settings, then click Save. See Create reports from list pages.
5.
To generate the report, select a format in the Generate Report column.
The report appears on the Reports list.
Export credentials information
You can export the list of credentials, or selected credentials, that appear on the Credentials Management page.
Credentials have been added to the KACE SMA, and they appear on the Credentials Management page.
You can export information about the credentials, such as the name, type, the date the credential was last
modified, and usage information. Authentication details, such as the password or Client Secret, cannot be
exported.
1.
NOTE: If the Organization component is enabled on your appliance, you export credential information for
each organization separately.
Go to the Credentials Management page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Credentials.
2.
Select Choose Action > Export, then select whether to export all credentials or only the selected
credentials, and select the format for the exported information.
3.
Open or save the exported file.
Delete credentials
You can delete credentials provided that they are not being used in any components, such as Inventory,
Distribution, or Scripting.
•
Credentials have been removed from any components that are using them. See View credential usage.
•
You have administrator privileges in the Administrator Console
1.
Go to the Credentials Management page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
KACE Systems Management Appliance 8.0 Administrator Guide
Delete credentials
170
b.
2.
Select the check box next to the credentials you want to delete.
3.
On the left navigation bar, click Settings, then click Credentials.
NOTE: If any of the selected credentials are in use, an error message appears. You cannot delete
groups of credentials if any of the selected credentials are in use.
Select Choose Action > Delete, then click Yes to confirm.
Configuring assets
You can configure assets and Asset Types as needed.
About the Asset Management component
The Asset Management component includes assets and Asset Types (templates). It enables you to manage
assets added automatically through inventory and assets you add manually.
Default Asset Types include: Device, Cost Center, Department, License, Location, Software, and Vendor. You
can create custom Asset Types as needed. See Customizing Asset Types.
Using the Asset Management component you can:
•
Manage items throughout their lifecycle. Track software and other items from procurement to
deployment, usage, and end of life. Or, track peripherals such as printers, network devices, and phones.
See Identifying the assets to track.
•
Manage software License Compliance. Track the licenses you own, as well as the number of copies of
applications installed on devices. Options for managing License Compliance differ for items in the Software
Catalog inventory and the Software page inventory. See Setting up License Compliance.
•
Track data. Track purchase orders (POs) by entering each PO as an asset and linking it to the items
purchased, received, and distributed. See Add License assets for Software page inventory.
•
Track physical assets. Track physical assets, such as device hardware and software, as well as other
physical assets, such as office furniture. You can track the use of these items as well as the status of their
warranties. See Managing physical and logical assets.
•
Track logical assets. Track logical assets, such as geographic locations, cost centers, departments,
vendors, and so on. Logical assets are normally used as the basis for reporting. For example, logical assets
answer questions such as “how many devices does this department have?” and “when do the licenses we
bought from a software vendor expire?” See Managing physical and logical assets.
•
Create and track relationships between assets. Create peer-to-peer and parent-child relationships
between assets. These relationships enable you to track assets by PO (purchase order), location,
department, project, and other criteria. See Establishing relationships between asset fields.
Using the Asset Management Dashboard
The Asset Management Dashboard provides an overview of managed assets for the selected organization (if
applicable), or the appliance.
If the Organization component is enabled on the appliance, and you are logged in to the Administrator Console
(http://KACE_SMA_hostname/admin), the Asset Management Dashboard shows information for the selected
organization. When you are logged in to the System Administration Console (http://KACE_SMA_hostname/
system), the Asset Management Dashboard shows information for the appliance, including all organizations.
KACE Systems Management Appliance 8.0 Administrator Guide
Using the Asset Management Dashboard
171
TIP: The appliance updates the summary widgets periodically. To update most of the widgets any time,
click the Refresh button in the upper right of the page:
. To update most individual widgets, hover over
the widget, then click the Refresh button above the widget. Some widgets may require additional steps.
About the Asset Management Dashboard widgets
Asset Management Dashboard widgets provide overviews of managed assets for the organization or appliance,
as selected.
This section describes the widgets available on the Asset Management Dashboard. If the Organization
component is enabled on your appliance, widgets show the information for the selected organization at the Admin
level and for the appliance at the System level.
This dashboard provides a high-level overview of your asset usage. Use it to quickly review the state of your
assets and look for any indicators that can improve your asset configuration. For example, you can focus on how
your software licenses are used and identify which software titles need to have their license renewed.
Widget
Description
Assets By Type
This widget shows a pie chart, where each section of the chart indicates the
percentage of your assets by their asset type, such as device, software, location,
license, and others. Hovering over each section of the chart displays the percentage
of the assets of the selected type.
Assets By Status
This widget shows a pie chart, where each section of the chart indicates the
percentage of your assets by their status, such as Active, Disposed, Missing, or
other. Hovering over each section of the chart displays the percentage of the assets
in the selected status.
Cost ($) of Unused
Licenses By
Product
This widget shows a bar chart, where each bar represents the cost of unused
licenses for each product. You can use this information to reassign or cancel unused
licenses, and to redirect your resource where they are most needed.
License
Compliance
If you have created License assets for software, this widget shows the number of
Agent-managed devices that have a particular licensed software installed, and the
number of licenses available. If the Organization component is enabled on your
appliance, the widget shows the information for the selected organization.
License assets can be created for applications listed on the Software page and the
Software Catalog page, and the license mode for applications must be Unit License
or Enterprise for license information to appear on this widget. Applications with other
license modes, such as Shareware, Freeware, or Not Specified, are not displayed on
this widget.
This widget is for information only, and the KACE SMA does not enforce license
compliance. For example, the appliance does not prevent software from being
installed on Agent-managed devices if a license is expired or otherwise out of
compliance.
The following colors indicate threshold levels:
•
Red: Usage is at or above the critical threshold setting.
•
Orange: Usage is at or above the warning threshold setting but below the
critical threshold setting.
•
Green: Usage is below the warning threshold setting.
To change the threshold levels, see Configure appliance General Settings without the
Organization component.
KACE Systems Management Appliance 8.0 Administrator Guide
About the Asset Management Dashboard widgets
172
Widget
Description
For information about managing License assets, see Managing inventory.
Software Titles
This widget displays the software titles defined in the Software Catalog, with the
highest number of installations on managed devices. If the Organization component
is enabled on your appliance, the widget shows the information for the selected
organization.
Software
Publishers
This widget displays the publishers defined in the Software Catalog, with the
highest number of software titles installed on managed devices. If the Organization
component is enabled on your appliance, the widget shows the information for the
selected organization.
Assets by Location
This widget shows a pie chart, where each section of the chart indicates the
percentage of your assets by their location. Hovering over each section of the chart
displays the percentage of the assets in the selected location.
Software Installed
But Not Used in 60
Days
This widget shows a bar chart, where each bar represents a software title and the
corresponding number of instances of that product that have not been in use in the
last 60 days. You can use this information to further investigate whether these titles
are needed, to reassign or uninstall unused software, and to redirect your resource
where they are most needed.
Expiring
Software License
Maintenance
This widget shows a vertical bar chart, where each bar represents the number of
software licenses that are about expire in the given time period.
Expired Software
License
Maintenance
This widget shows a pie chart representing the ration of expired and current licenses.
Hovering over each section of the chart displays the percentage of the software
licenses that are either expired or current, as selected.
Expiring Contracts
This widget shows a vertical bar chart, where each bar represents the number of
contracts that are about expire in the given time period.
Expired Contracts
This widget shows a pie chart representing the ration of expired and current
contracts. Hovering over each section of the chart displays the percentage of the
contracts that are either expired or current, as selected.
Software License
Configuration
If you set up License assets for software, and specify the license type, such as site,
subscription, or unit, that information is displayed in this widget. If the Organization
component is enabled on your appliance, the widget shows the information for the
selected organization.
Customize the Asset Management Dashboard
You can customize the Asset Management Dashboard to show or hide widgets as needed.
1.
Go to the Asset Management Dashboard.
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
KACE Systems Management Appliance 8.0 Administrator Guide
Customize the Asset Management Dashboard
173
b.
2.
On the left navigation bar, click Asset Management.
Mouse over the widget, then use any of the following buttons:
◦
◦
◦
◦
◦
: Refresh the information in the widget.
: Display information about the widget.
: Hide the widget.
: Resize the widget.
: Drag the widget to a different position on the page.
3.
Click the Customize button in the top-right corner of the page to view available widgets.
4.
To show a widget that is currently hidden, click Install.
About managing assets
Assets are the entities that contain information about the devices, software, licenses, and other items you want to
manage. Assets are based on Asset Types, which are templates used to create assets.
How asset information differs from inventory information
Asset and inventory information differ in the ways that the information is collected and managed.
The following table compares asset information and inventory information:
Item
Asset Component
Inventory Component
Where information In the Assets section.
appears
In the Inventory section.
The type of
information
managed
Asset information includes details
about devices, software, licenses,
physical assets, logical assets, and the
relationships between them.
Inventory information includes details
about devices and the software,
processes, startup programs, and
services on managed devices. The
Software Catalog provides additional
information about applications that
are categorized as Discovered or Not
Discovered.
How the
information is
managed
Asset information is static and changes
only when you import data or change it
manually. Device assets are exceptions
to this rule, because Device assets are
updated whenever managed devices
report inventory. For License assets,
however, the number of installations or
seats is updated when managed devices
Inventory information is automatically
generated and overwritten each time
managed devices report data to the
appliance.
KACE Systems Management Appliance 8.0 Administrator Guide
How asset information differs from inventory information
174
Item
Asset Component
Inventory Component
report data to the appliance. Asset history
is stored on the appliance and displayed
in the Administrator Console; it remains
with the asset until the asset is deleted.
How licenses are
tracked
The Asset Management component
enables you to manage software License
Compliance as well as physical and
logical assets.
On the Software page, inventory
information includes the number of
Software assets, but it does not show the
number of licenses.
On the Software Catalog page, license
information is displayed if License assets
are associated with applications.
Identifying the assets to track
One of the first tasks in setting up Asset Management is identifying the assets to track.
Spreadsheets often contain asset details, such as purchasing data, vendor contact information, product keys,
license details, and device information. These details are candidates for asset tracking.
You can import asset information into the Asset Management component to create assets that can be managed
and tracked by the KACE SMA. In addition, you can set up relationships among the imported assets to make the
information more useful. For example, you can create License and Vendor assets, associate them with devices,
and quickly identify devices related to a license or vendor. For information on importing asset information, see
Importing license data in CSV files.
View assets and search for asset information
You can view assets and search for asset information as needed.
1.
2.
Go to the Assets list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Assets.
To search across all Asset Types using the advanced search:
a.
In the View By drop-down list, select All Items.
b.
Click the Advanced Search tab above the list on the right to display the Advanced Search panel.
c.
Specify the search criteria.
For example, to search for all assets whose Vendor is Smith, specify the following criteria:
Vendor | contains | Smith
d.
Click Search.
Assets of any type, including Device, License, Software, or Vendor, that match the criteria
appear.
3.
To search for an asset across all Asset Types using the simple search, in the Search List field, type full or
partial contents of the field contained in the asset that you want to search for. For example, if you want to
find an asset whose barcode contains zz, type it in the field, and press Enter.
Assets that match the criteria appear.
4.
To search a single Asset Type:
a.
In the View By drop-down list, select Asset Type > Asset Type.
KACE Systems Management Appliance 8.0 Administrator Guide
View assets and search for asset information
175
b.
Click the Advanced Search tab above the list on the right to display the Advanced Search panel.
c.
Specify the search criteria.
For example, to search for License assets that are scheduled to expire within the next two months,
select the License Asset Type in the View By drop-down list, then specify the following criteria:
Expiration Date | is within next | 2 months
d.
Click Search.
License assets whose expiration date is within the next two months appear.
5.
To create a custom view that uses the specified search criteria, click the Custom View tab above the list on
the right, then save the view.
The custom view appears in the View By drop-down list. Custom views are user-specific. Users can access
their own custom views, but they cannot access custom views created by other users.
Add barcodes to assets
You can view assets and search for asset information as needed.
Specify one or more barcode tags for the type of the asset for which you want to specify barcodes. For more
information, see Add or customize Asset Types.
1.
2.
Go to the Asset Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Assets.
c.
Click the name of an asset.
Under Barcodes, click
, and provide the following information:
Option
Description
Barcode Data
The barcode number. Barcode numbers are always unique, they cannot
be shared between multiple assets. However, it is possible for an active
asset to share a barcode with an archived asset.
Barcode Name
The barcode tag associated with this asset type. There can be only one
barcode of the same type per asset.
Barcode Format
The barcode format. For example, UPC-A, Code 11, or UPC-E.
You can add as many barcodes as needed.
3.
Optional. To see additional information about each barcode tag, such as its first or last scanned date, in the
Barcodes area, click Show all columns. To return to the previous view with fewer columns per barcode,
click Show less columns.
4.
Click Save.
Change device owners
You can change asset and device owners as needed.
This topic describes the process of changing device owners using the Assets list. You can also change device
owners using the Asset Detail or Device Detail page.
1.
Go to the Assets list:
KACE Systems Management Appliance 8.0 Administrator Guide
Change device owners
176
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Assets.
2.
In the View By drop-down list, select Asset Type > Device.
3.
In the Assets list, select one or more devices that you want to assign to a specific owner.
4.
Select Choose Action > Assign to.
5.
In the Assign To dialog box that appears, click Unassigned, and select a user account that you want to
assign as an owner of the selected assets.
The list that appears displays the full name, account name, and email address for each user.
6.
Click Save.
The Assign To dialog box closes and the Assets list refreshes, showing the asset owner name in the
Assignee Name column.
7.
Add more owner-related columns to the Assets list.
a.
In the Assets list, click
b.
Select any of the following options, as required, to view these columns in the Assets list:
Assignee Login, Assignee Email, Assignee Domain, Assignee Budget Code, Assignee
Location, Assignee Role, or Assignee Locale.
.
The selected columns appear in the Assets list.
8.
If you changed the owner for a device, you can observe this change on the Devices list.
a.
On the left navigation bar, click Inventory, then click Devices.
b.
In the Devices list, observe the Assignee Name column of the row containing the device whose
owner you changed.
The Assignee Name column displays the name of the device owner
TIP: Alternatively, you can change the asset or device owner on the Asset Detail or Device Detail
page.
View and configure asset lifecycle settings
With the exception of locations, each asset type can have a status indicating its use or purpose, such as Active,
Disposed, Expired, or others.
In order to configure applicable asset lifecycle settings, your user role must be granted a write-level Asset
Lifecycle permission. To view asset lifecycle settings, a read-level permission is sufficient. For more information
about user roles, see Managing Organization Roles and User Roles.
Use the Asset Lifecycle Settings page to view the list of existing asset status entries, and to add new ones, as
required.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Complete one of the following steps:
3.
•
On the left navigation bar, click Asset Management, then click Assets.
•
On the left navigation bar, click Asset Management, then click Contracts.
•
On the left navigation bar, click Asset Management, then click Licenses.
On the list page that appears, click Choose Action > Configure Lifecycle Settings.
TIP: You can quickly change an asset status by selecting the asset on the list page, clicking
Choose Action > Change Asset Status, and selecting the appropriate status in the Change
KACE Systems Management Appliance 8.0 Administrator Guide
View and configure asset lifecycle settings
177
Asset Status dialog box. Access to this command requires a write-level Assets, Contracts,
or Licenses permission, as applicable. For more information about user roles, see Managing
Organization Roles and User Roles.
The Asset Lifecycle Settings page appears.
4.
On the Asset Lifecycle Settings page, under Asset Status, review the list of default asset statuses.
The following default asset statuses are available:
5.
◦
Active: Any asset that is deployed, active, or in use.
◦
Disposed: An asset that is no longer available for use.
◦
Expired: A software license or contract asset that has expired.
◦
In Stock: A recently received asset.
◦
Missing: Any asset that cannot be located.
◦
Repair: An asset that is being repaired.
◦
Reserved: An asset that is set aside for a specific person or use.
◦
Retired: Any asset that reached its end-of-life state, or is no longer in use.
◦
Stolen: An asset that has been reported as stolen.
Add, delete, or edit a custom asset status.
◦
◦
◦
6.
TIP: Default asset statuses cannot be modified or deleted.
To add a new asset status, click
Add.
, specify the Name and Description for the asset status, and click
To delete a custom asset status, in the row containing the asset status, click
To edit a custom asset status, in the row containing the asset status, click
or Description of the asset status, as applicable.
.
, and edit the Name and/
If you made any changes to the Asset Lifecycle Settings page, click Save. Otherwise, click Cancel to return
to the previous page.
Adding and customizing Asset Types and
maintaining asset information
You can add or customize Asset Types as needed. You can also maintain real-time information on assets by
scanning your network at regularly scheduled intervals.
In addition, you can add subtypes to your Asset Types. Asset Subtypes enable you to track asset properties, such
as toner or ink levels of printers.
About Asset Types
Asset Types are templates for creating assets. Asset Types contain the fields and other information that define
assets.
Default Asset Types include: Device, Cost Center, Department, License, Contract, Location, Software, and
Vendor, and you can add custom Asset Types as needed.
KACE Systems Management Appliance 8.0 Administrator Guide
About Asset Types
178
In addition, you can add Asset Subtypes and custom fields for any Asset Type. This is especially useful for
collecting additional information about non-computer Device assets, such as printers. See About Asset Subtypes,
custom fields, and device detail preferences.
Customizing Asset Types
You can rename fields, create fields, and delete fields in Asset Types as needed. Customizations to Asset Types
are preserved during appliance updates.
About renaming fields and changing field types in Asset Types
When you rename a field in an Asset Type, the field is renamed in all assets that are based on the Asset Type.
Values for the renamed field are retained.
However, if you change the Type to a type that does not support the data already entered in a field, that data is
lost. For example, you might have a field named Model Number that is of the Type, Text, and that contains the
value A123. If you change the Type from Text to Number, the system cannot convert A123 to a valid number. The
value for the Model Number field is set to 0.
About adding and deleting asset fields
When you add a field to an Asset Type, the field is available to all assets of that type. Similarly, if you delete a
custom asset field, that field, and any values entered in that field, are removed from all assets of that type.
For example, if you created a custom field named BIOS Serial Number in the Device Asset Type, that field would
be available to all Device Asset Types. However, if you delete the BIOS Serial Number custom asset, that field,
and any values entered in the field, are removed from all Device Asset Types.
If you delete an asset field, the asset association is removed from any assets that point to the deleted field.
Add or customize Asset Types
You can have as many custom Asset Types as you need. In addition, you can create custom fields in any Asset
Type. When you create a custom field in an Asset Type, that field becomes available to all assets that are based
on that Asset Type.
If the Organization component is enabled on your appliance, you add and customize Asset Types for each
organization separately.
1.
2.
Go to the Asset Type Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Asset Types.
c.
Display the Asset Type Detail page by doing one of the following:
▪
Click the name of an Asset Type.
▪
Select Choose Action > New.
All asset types except Locations. In the Defaut Asset Status field, enter a default asset status, or a
custom one (if they exist).
KACE Systems Management Appliance 8.0 Administrator Guide
Customizing Asset Types
179
A default installation of the KACE SMA includes the following asset statuses:
◦
Active: Any asset that is deployed, active, or in use.
◦
Disposed: An asset that is no longer available for use.
◦
Expired: A software license or contract asset that has expired.
◦
In Stock: A recently received asset.
◦
Missing: Any asset that cannot be located.
◦
Repair: An asset that is being repaired.
◦
Reserved: An asset that is set aside for a specific person or use.
◦
Retired: Any asset that reached its end-of-life state, or is no longer in use.
◦
Stolen: An asset that has been reported as stolen.
3.
Device assets only. In the Defaut Archive Asset Status field, enter an asset status that you want to
automatically assign to a device when it becomes archived.
4.
In the Name field, add or change the name as needed.
5.
TIP: Additional options are available for Device and License Asset Types. See About customizing
the Device Asset Type and Customize the License Asset Type.
If you want the instances of this asset type to use barcodes, specify one or more tags in the Barcode Tags
area.
Any assets of this type that you create will have the barcode tags available for configuration. For example, if
you specify a Corporate Tag and a Dell Asset Tag, barcodes identified with these two tags will be available
for selection in on the Asset Detail page, when you create or edit an asset of this asset type.
To add a barcode, click
6.
, type the barcode name, and click Save.
In the Asset Fields area, click
.
A new line appears.
7.
Provide the following information:
Item
Description
Name
The name of the custom asset field, such as Asset Code, Purchase Date, or Building
Address Line 1. This name appears on the form used to create assets of the selected
Asset Type.
Available Values
The values that appear in fields that contain lists of values. This field is enabled when
you select Single Select or Multiple Select from the Type drop-down list. If you
select Single Select or Multiple Select, you must enter at least one value in this
field. To use multiple values, separate each value with a comma.
Default Values
The value that appears in the field by default. If you select Single Select or Multiple
Select from the Type drop-down list, you must type one of the values given in the
Available Values field.
Required
Whether the field is mandatory or optional. If this check box is selected, users must
enter a value in the field when creating assets of the selected type.
KACE Systems Management Appliance 8.0 Administrator Guide
Customizing Asset Types
180
Item
Description
Type
The type of field. Field types include:
Multiselect
•
Attachment: Enables users to add attachments to the asset.
•
Currency: Used for monetary values.
•
Software Catalog: Enables users to associate the asset with an application in
the Software Catalog.
•
Date: Used for calendar information.
•
Label: Enables users to associate a label with the asset.
•
Link: Used for Internet links. Links must be valid URLs, such as http://
quest.com.
•
Multiple Select: Displays a list where multiple values can be selected. The
maximum length for each value is 255 characters.
•
Notes: Used for additional information.
•
Number: Used for numerical values expressed as whole numbers.
•
Parent: Enables the asset to point to the same type of asset in a parent-child
relationship. For example, you might allow Location types to have a Parent
connection, allowing New York to point to a North America location. This can
then be used in the reporting system to show all assets in North America.
•
Single Select: Displays a value list where only a single value can be selected.
The maximum length for each value is 255 characters.
•
Text: Used for additional text. The maximum length is 255 characters.
•
Timestamp: Used to add a day and time to the record.
•
User: Used to associate user records with an asset.
•
Assets Asset Type: Used to specify relationships among Asset Types.
Whether the asset field points to other assets. A check box is enabled when you
select Assets Asset Type from the Type drop-down list. Select the check box to allow
this custom field to point to multiple records.
For example, you might want a field to point to multiple devices that are approved for
a particular license. In that case, you would select the check box. To create a single
relationship field, such as a printer that is used by only one department, clear the
check box.
Device Section
8.
NOTE: When you create an asset, this field is populated with the available
assets of the specified Asset Type. The field is empty if there are no assets of
the specified type.
For subtypes of the device type asset only: The location, on the Device Detail page,
where the field is reported. For example, if you are creating a printer Asset Subtype,
with a field named Toner Level, you might select Hardware because that field is
related to printer hardware. However, you can choose any section in the drop-down
list for any field.
Click Save at the end of the row, then click Save at the bottom of the page.
Optional: Add Asset Subtypes for Asset Types. See Add Asset Subtypes and select Device Detail page
preferences.
KACE Systems Management Appliance 8.0 Administrator Guide
Customizing Asset Types
181
About customizing the Device Asset Type
Almost all Device asset data, whether displayed in the Assets or Inventory sections, originates from the Assets
section.
The only device inventory or asset information that comes from the Inventory section is data for the Mapped
Inventory Field and the Matching Asset Field. The values for those fields are collected each time devices are
inventoried. During the inventory process, the appliance determines whether devices already have mapped
assets. If no asset is found, the appliance creates one.
The default data type for Mapped Inventory Field is System Name, and the default data type for Matching Asset
Field is Name. However, if you re-image your systems, the information under the old system name is lost to the
Asset Management component. To prevent this loss, consider using BIOS serial numbers, IP addresses, MAC
addresses, or something similar for tracking.
You can import Device asset data or change it manually in the Assets section any time.
CAUTION: If you change the default Asset Type, you lose the asset history prior to the change because
the appliance automatically creates assets with the new information. Therefore, it is important to decide
whether you want to change the default values as early as possible in the setup process.
Example: Add custom fields to the Device Asset Type
This example shows how to add fields to the Device Asset Type and select them in the Mapped Inventory Field
and the Matching Asset Field.
1.
2.
Go to the Asset Type Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Asset Types.
c.
Click the Device Asset Type.
Click the Add button on the right side of the page:
.
A new line appears.
3.
4.
Provide the following information:
a.
In the Name field, enter BIOS Serial Number.
b.
In the Type drop-down list, select Text.
Click Save at the end of the row, then add a row:
a.
Click the Add button:
.
A new line appears.
b.
Provide the following information for the new line:
In the Name field, enter Serial Number.
In the Type drop-down list, select Text. Reserve the Number Type for fields on which you perform
calculations. Using the Number Type might strip leading zeros in a serial number.
5.
Click Save at the end of the row, then add a row:
a.
Click the Add button:
.
A new line appears.
b.
Provide the following information for the new line:
In the Name field, enter Purchase Date.
KACE Systems Management Appliance 8.0 Administrator Guide
Customizing Asset Types
182
In the Type drop-down list, select Text.
6.
Click Save at the end of the row, then add a row:
a.
Click the Add button:
.
A new line appears.
b.
Provide the following information for the new line:
In the Name field, enter Location.
In the Type drop-down list, select Asset Location.
7.
Click Save at the end of the row.
8.
In the Mapped Inventory Field drop-down list, change the value to BIOS Serial Number.
9.
In the Matching Asset Field, select Serial Number.
10. Click Save at the bottom of the page.
Establishing relationships between asset fields
You can edit Asset Types to establish relationships among assets and track them together.
These relationships can be:
•
Peer-to-peer, such as printer and device.
•
Parent-child, such as a cost center and the devices associated with it.
Example: Add fields to the Location Asset Type shows how to make a parent-child relationship with locations by
adding a field to the Location Asset Type.
Example: Add fields to the Location Asset Type
You can add fields to the Location Asset Type as needed.
1.
2.
Go to the Asset Type Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Asset Types.
c.
Click the Location Asset Type.
Click the Add button on the right side of the page:
.
A new line appears.
3.
In the Name field, enter Parent Location.
4.
In the Type drop-down list, select Parent.
5.
Click Save at the end of the row, then click Save at the bottom of the page.
When you open a Location asset, the Parent Relationship field is shown on the Asset Detail page.
Add parent relationships to Location assets
Parent-child relationships can be useful when managing assets, such as Location assets.
Add Parent Location custom fields as described in Example: Add fields to the Location Asset Type.
When adding parent relationships, start with the highest level (parent level) in the relationship.
1.
Go to the Assets list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
KACE Systems Management Appliance 8.0 Administrator Guide
Customizing Asset Types
183
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Assets.
2.
Optional: In the View By drop-down list, which appears above the table on the right, select Asset Type >
Location.
3.
If the highest level (parent level) Location asset does not exist, create it:
The view is restricted to Location assets.
4.
a.
Select Choose Action > New > Location to display the Location Asset Detail page.
b.
Enter the name for the new field. For example, Western Division.
c.
Leave the Parent Location Unassigned, then click Save to display the Assets page.
NOTE: The Parent Location field is a user-created custom field.
If the second-level asset exists, select it. If the second-level asset does not exist, create it:
a.
Select Choose Action > New > Location to display the Location Asset Detail page.
b.
Enter the name for the new asset. For example, San Jose.
c.
For this example, select Western Division for the Parent Location. If you have many Location
assets, enter the first characters in the Filter field to limit the choices available in the Parent
Location field.
5.
Click Save.
6.
Create additional Location assets as needed.
For example, you could create Location assets for each building on a campus or each rack in a data center.
Delete Asset Types
You can delete Asset Types, provided that no assets are assigned to those types.
You have Asset Types that do not have any assets assigned to them.
1.
Go to the Asset Types list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Asset Types.
2.
Click the check box next to an Asset Type.
3.
Select Choose Action > Delete, then click Yes to confirm.
About Asset Subtypes, custom fields, and device detail
preferences
Asset Subtypes are subcategories of assets that you can add to any Asset Type, including custom Asset Types.
This enables you to identify and manage subtypes of assets, such as Device assets that are computers, printers,
or routers, and Software assets that run on Windows, Mac, or Linux systems in the KACE SMA inventory.
Asset Subtypes inherit the fields from the Asset Type, and you can add custom fields to enable the KACE SMA
inventory process to collect relevant information about the Asset Subtype. For example, you could add the Asset
Subtype Printer to the Device Asset Type. You could then add a custom field for the Printer subtype, such as
Toner. The Toner field would then be available to Device Assets with the subtype Printer.
KACE Systems Management Appliance 8.0 Administrator Guide
About Asset Subtypes, custom fields, and device detail preferences
184
NOTE: To enable the KACE SMA to populate Asset Subtype fields from Agentless devices, you must
assign the appropriate Asset Subtype when the device is configured, you must obtain the appropriate
object identifier (OID), and you must map that identifier to the subtype field on the SNMP Inventory
Configuration Detail page. You cannot add or change SNMP device subtypes after they have been
configured. See Obtain a list of object identifiers (OIDs) using the Administrator Console.
In addition, you can choose whether to show or hide the details that appear for each Device Asset Subtype on
the Device Detail page. For example, you can hide information that is irrelevant to printers, such as Installed
Programs, Discovered Software, and Metered Software, from the Device Detail page of assets with the subtype
Printer.
Workflow for using Asset Subtypes with SNMP devices
To use Asset Subtypes, you need to add them, and any custom fields you want to use, to your Asset Types.
To populate the fields with data from SNMP (Simple Network Management Protocol) devices, you can also add
object identifiers (OIDs) to the custom fields.
The workflow for using Asset Subtypes with SNMP devices includes these tasks:
1.
Add a Device Asset Subtype to the Asset Type, and add custom fields to the subtype. See Add Asset
Subtypes and select Device Detail page preferences.
2.
Add assets that use the Asset Type and Asset Subtype. See Assign or change Device Asset Subtypes from
the Devices page.
3.
IMPORTANT: You must assign the appropriate Asset Subtype when the device is configured. You
cannot add or change SNMP device subtypes after they have been configured.
Optional: Populate the fields:
◦
To enable the system to populate fields with data from SNMP devices, obtain the object identifiers
(OIDs) to use for the custom fields, then add the field for Agentless devices on the SNMP Inventory
Configuration Detail page, select the Asset Subtype, then add the OID information for the fields. See
Obtain a list of object identifiers (OIDs) using the Administrator Console.
◦
Manually update the fields as needed. See Update custom asset fields manually.
KACE Systems Management Appliance 8.0 Administrator Guide
About Asset Subtypes, custom fields, and device detail preferences
185
Add Asset Subtypes and select Device Detail page preferences
You can add Asset Subtypes to any Asset Type, including custom Asset Types, and you can add custom fields for
each Asset Subtype.
In addition, you can choose which fields to display on the Device Detail page, and the sections where you want
those fields to appear. This enables you to customize the Device Detail page and emphasize the most important
information.
NOTE: If the Organization component is enabled on your appliance, you manage Asset Subtypes for each
organization separately.
1.
2.
Go to the Asset Type Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Asset Types.
c.
Display the Asset Type Detail page by doing one of the following:
▪
Click the name of an Asset Type.
▪
Select Choose Action > New.
In the Subtypes section, click Add Subtype.
The Asset Subtype Detail page appears. The Inherited Fields section shows fields that are available to the
Asset Subtype because they have been added to the Asset Type.
3.
In the top section, provide the following information and choose whether to make the Asset Subtype the
default:
Option
Description
Name
The name of the Asset Subtype. This name appears
in the list on the Asset Type Detail page.
Default
Whether to use the Asset Subtype as the default
for new assets of the selected type. If you select
this check box, new assets of the selected type are
automatically assigned to this Asset Subtype. You
can change this setting any time.
4.
5.
In the Subtype Fields section, click the Add button in the heading row on the right side of the table:
.
Provide the following information:
Item
Description
Name
The name of the Asset Subtype. This name identifies the Asset Subtype on the Asset
Detail page.
Available Values
The values that appear in fields that contain lists of values. This field is enabled when
you select Single Select or Multiple Select from the Type drop-down list. If you
select Single Select or Multiple Select, you must enter at least one value in this
field. To use multiple values, separate each value with a comma.
Default Values
The value that appears in the field by default. If you select Single Select or Multiple
Select from the Type drop-down list, you must type one of the values given in the
Available Values field.
KACE Systems Management Appliance 8.0 Administrator Guide
About Asset Subtypes, custom fields, and device detail preferences
186
Item
Description
Required
Whether the field is mandatory or optional. If this check box is selected, users must
enter a value in the field when creating assets of the selected type.
Type
The type of field. Field types include:
•
Attachment: Enables users to add attachments to the asset.
•
Currency: Used for monetary values.
•
Software Catalog: Enables users to associate the asset with an application in
the Software Catalog.
•
Date: Used for calendar information.
•
Label: Enables users to associate a label with the asset.
•
Link: Used for Internet links. Links must be valid URLs, such as http://
quest.com.
•
Multiple Select: Displays a list where multiple values can be selected. The
maximum length for each value is 255 characters.
•
Notes: Used for additional information.
•
Number: Used for numerical values expressed as whole numbers.
•
Parent: Enables the asset to point to the same type of asset in a parent-child
relationship. For example, you might allow Location types to have a Parent
connection, allowing New York to point to a North America location. This can
then be used in the reporting system to show all assets in North America.
•
Single Select: Displays a value list where only a single value can be selected.
The maximum length for each value is 255 characters.
•
Text: Used for additional text. The maximum length is 255 characters.
•
Timestamp: Used to add a day and time to the record.
•
User: Used to associate user records with an asset.
•
Assets Asset Type: Used to specify relationships among Asset Types.
Whether the asset field points to other assets. A check box is enabled when you
select Assets Asset Type from the Type drop-down list. Select the check box to allow
this custom field to point to multiple records.
Multiselect
For example, you might want a field to point to multiple devices that are approved for
a particular license. In that case, you would select the check box. To create a single
relationship field, such as a printer that is used by only one department, clear the
check box.
Device Section
NOTE: When you create an asset, this field is populated with the available
assets of the specified Asset Type. The field is empty if there are no assets of
the specified type.
The location, on the Device Detail page, where the field is reported. For example, if
you are creating a printer Asset Subtype, with a field named Toner Level, you might
select Hardware because that field is related to printer hardware. However, you can
choose any section in the drop-down list for any field.
6.
Click Save at the end of the row.
7.
For Device Asset Subtypes, choose the information you want to show or hide on the Device Detail page:
a.
Scroll down to Subtype, Device Details: Show/Hide sections.
KACE Systems Management Appliance 8.0 Administrator Guide
About Asset Subtypes, custom fields, and device detail preferences
187
b.
Select the check boxes next to the items you want to show.
For a printer subtype, you might want to show Inventory Information such as Hardware, Printers,
Network Interfaces, and SNMP Data.
c.
Clear the check boxes next to the items you want to hide.
For a printer subtype, you might want to hide the Software and Dell Command | Monitor sections
because they are not relevant to printers.
8.
Click Save at the bottom of the page.
To enable the system to automatically populate custom fields with data on the Device Detail page, you must
obtain the appropriate object identifiers and map the fields OIDs. See:
•
Map Object Identifiers to fields in the KACE SMA inventory table
•
Obtain a list of object identifiers (OIDs) using the Administrator Console
To manually update custom fields, go to the Asset Detail page. See Update custom asset fields manually.
Edit Asset Subtypes
You can edit Asset Subtypes as needed. If the Organization component is enabled for your appliance, you edit
Asset Subtypes for each organization separately.
1.
2.
Go to the Asset Type Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Asset Types.
c.
Click the name of an Asset Type to display the Asset Type Detail page.
In the Subtypes section click the Edit button next to the subtype you want to edit:
.
The Asset Subtype Detail page appears. For information on the options available to Asset Subtypes, see
Add Asset Subtypes and select Device Detail page preferences.
3.
Click Save at the end of the row, then click Save at the bottom of the page.
Set an Asset Subtype as the default
To automatically assign new assets to a subtype, you can mark an Asset Subtype as the default.
1.
2.
Go to the Asset Type Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Asset Types.
c.
Display the Asset Type Detail page by doing one of the following:
▪
Click the name of an Asset Type.
▪
Select Choose Action > New.
In the Subtypes section click the Edit button next to the subtype you want to edit:
.
The Asset Subtype Detail page appears.
3.
In the top section, select the check box next to Default.
4.
Click Save at the end of the row, then click Save at the bottom of the page.
The Asset Subtype is marked as the default subtype for the Asset Type. New assets of the selected type
are automatically assigned to this Asset Subtype.
KACE Systems Management Appliance 8.0 Administrator Guide
About Asset Subtypes, custom fields, and device detail preferences
188
View subtypes available to Asset Types
You can view the Asset Subtypes that are available to the Asset Types you manage. If the Organization
component is enabled for your appliance, you view and manage Asset Subtypes for each organization separately.
•
Go to the Asset Type Detail page:
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
2.
On the left navigation bar, click Asset Management, then click Asset Types.
3.
Display the Asset Type Detail page by doing one of the following:
▪
Click the name of an Asset Type.
▪
Select Choose Action > New.
The subtypes available to the Asset Type are listed in the Subtypes table.
View Asset Subtypes on the Assets page
You can use the View By menu to sort the Assets page by subtypes.
1.
Go to the Assets page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Assets.
The Subtypes column shows the subtype assignments for assets. None indicates that the asset is not
assigned to a subtype.
2.
To view the subtypes assigned to a specific Asset Type, go to the View By menu in the upper right and
select an Asset Type.
3.
To view a single subtype for an Asset Type, go to the View By menu, select an Asset Type, then select a
subtype.
Fields related to the subtype, such as Ink Level for a Printer subtype, appear as columns on the Assets
page.
Assign or change Device Asset Subtypes from the Devices page
If you have existing Device assets that are not assigned to subtypes, you can assign them to subtypes or change
their subtype assignments, from the Devices page, provided that those devices are not SNMP (Simple Network
Management Protocol) devices. Subtypes for SNMP devices must be assigned when the devices are initially
configured.
You have existing device assets in KACE SMA inventory and you have created subtypes for the Device Asset
Type. See Add Asset Subtypes and select Device Detail page preferences.
IMPORTANT: For SNMP devices, you must assign the appropriate Asset Subtype when the device is
configured. You cannot add or change SNMP Asset Subtypes after they have been configured.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Click Inventory to display the Devices page.
3.
To filter the list to show only those devices that are assigned to a subtype:
a.
Click the Advanced Search tab above the list on the right to display the Advanced Search panel.
b.
Specify the criteria required to find devices.
KACE Systems Management Appliance 8.0 Administrator Guide
About Asset Subtypes, custom fields, and device detail preferences
189
c.
Click Search.
TIP: You can also use the View By drop-down list to identify devices that belong to a specific
Asset Subtype.
4.
Select the check boxes next to the devices you want to assign to a subtype. To select all devices, click the
check box next to Name at the top of the table.
5.
Select Choose Action > Change Subtype to.
The subtype is selected, and the change is reflected on the Device Detail page the next time inventory is
reported for the device.
Assign assets to subtypes or change subtype assignments from the Assets page
If you have existing assets that are not assigned to Asset Subtypes, you can assign them to subtypes or change
their subtypes, from the Assets page, provided that those devices are not SNMP (Simple Network Management
Protocol) devices. Subtypes for SNMP devices must be assigned when devices are initially configured.
You have existing assets in KACE SMA inventory and you have created subtypes for Asset Types. See Add
Asset Subtypes and select Device Detail page preferences.
1.
2.
IMPORTANT: For SNMP devices, you must assign the appropriate Asset Subtype when the device is
configured. You cannot add or change SNMP Asset Subtypes after they have been configured.
Go to the Assets list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Assets.
To filter the list to show only those assets that are assigned to a subtype:
a.
Click the Advanced Search tab above the list on the right to display the Advanced Search panel.
b.
Specify the criteria required to find the assets whose subtypes you want to assign or change.
c.
Click Search.
TIP: You can also use the View By drop-down list to identify assets that belong to a specific
Asset Subtype.
3.
Select the check boxes next to the assets you want to assign to a subtype. To select all assets, click the
check box next to Name at the top of the table.
4.
Select Choose Action > Change Subtype to.
The selected assets are assigned to the selected subtype.
Update custom asset fields manually
You can update custom asset fields manually as needed. This is useful when you have asset information that
cannot be collected automatically, or supplemental information you want to track with an asset.
You have added custom Asset Subtypes or custom asset fields.
1.
TIP: As an alternative to manually updating custom assets fields, you can import information from
spreadsheets. See Importing license data in CSV files.
Go to the Asset Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Assets.
KACE Systems Management Appliance 8.0 Administrator Guide
About Asset Subtypes, custom fields, and device detail preferences
190
c.
Click the name of the asset you want to update.
2.
Modify the custom asset fields as needed.
3.
Click Save.
Delete Asset Subtypes
You can delete Asset Subtypes provided that no assets are assigned to those subtypes.
You have Asset Subtypes that do not have any assets assigned to them.
1.
2.
3.
Go to the Asset Type Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Asset Types.
c.
Click the name of an Asset Type to display the Asset Type Detail page:
In the Subtypes section click the Delete button next to the subtype you want to edit:
.
In the dialog window, click Yes.
The Asset Subtype is deleted from the Asset Type, and any related fields are removed immediately.
Managing Software assets
You can customize the Software Asset Type, and add Software assets for applications in the Software page
inventory as needed.
Software assets can be added for Software page inventory only. Software assets are not required for applications
in the Software Catalog inventory.
Customize the Software Asset Type
You can add, change, or delete the fields available to the Software Asset Type as needed. The Software Asset
Type is the template that determines the fields available when you add Software assets.
If the Organization component is enabled on your appliance, you customize the Software Asset Type for each
organization separately.
1.
2.
Go to the Asset Type Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Asset Types.
c.
In the Name column, click Software.
Optional: Modify fields or values on the Asset Fields table.
a.
b.
c.
d.
Click the Edit button at the end of a row:
.
Change the field information as needed, then click Save at the end of the row.
To add a field, click the Add button in the table heading:
Save at the end of the row.
. Add field information, then click
To change the order of fields, click the Reorder button at the end of the row:
.
KACE Systems Management Appliance 8.0 Administrator Guide
Customize the Software Asset Type
191
e.
3.
To remove a field, click the Delete button:
.
Click Save at the bottom of the page.
Adding Software assets
Software assets enable you to track information about applications in the Software page inventory. For example,
after you add Software assets for applications, you can associate those assets with License assets to track
license information.
You can create Software assets for applications that have been added to the appliance automatically or manually.
NOTE: Software assets are not required to set up License Compliance for applications in the Software
Catalog inventory. See About License Compliance for Software Catalog applications.
If the Organization component is enabled on your appliance, you create Software assets for each organization
separately.
Add Software assets on the Software list
You can add Software assets for one or more applications at once by selecting applications on the Software list.
Software assets can be added for Software list inventory only. Software assets are not required for applications in
the Software Catalog inventory.
1.
Go to the Software list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Software.
2.
Select the check box next to one or more applications.
3.
Select Choose Action > Create Asset.
The assets are created, and they appear on the Assets list.
Add Software assets in the Assets section
You can create Software assets one-at-a-time in the Assets section.
Software assets can be added for Software list inventory only. Software assets are not required for applications in
the Software Catalog inventory.
1.
2.
Go to the Software Asset Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Assets.
c.
Select Choose Action > New > Software.
Complete the asset fields as follows:
Option
Description
Subtype
The asset subtype, if applicable.
Asset Status
The asset status, if applicable. You can select a
default asset status, or a custom one (if they exist).
KACE Systems Management Appliance 8.0 Administrator Guide
Adding Software assets
192
Option
Description
A default installation of the KACE SMA includes the
following asset statuses:
•
Active: Any asset that is deployed, active, or
in use.
•
Disposed: An asset that is no longer available
for use.
•
Expired: A software license or contract asset
that has expired.
•
In Stock: A recently received asset.
•
Missing: Any asset that cannot be located.
•
Repair: An asset that is being repaired.
•
Reserved: An asset that is set aside for a
specific person or use.
•
Retired: Any asset that reached its end-of-life
state, or is no longer in use.
•
Stolen: An asset that has been reported as
stolen.
For more information, see View and configure asset
lifecycle settings.
Select the location for this asset from the dropdown list. The values in this list contain all locations
defined on the appliance. See Managing locations
Location
TIP: Locations can be defined for all default
asset types, including Cost Centers,
Departments, Devices, Licenses, Software,
and Vendors.
Name
The asset name. For example, Office Pro SW Asset.
Software
The name of the application to associate with the
asset. To search for items, begin typing in the field.
Software Label
Select a label from the drop-down list. The list is
empty unless you have created a Smart Label. You
can type in the box to look for specific labels.
Barcode Data
Review or add barcodes that you want to associate
with this asset. See Add barcodes to assets.
Barcode Name
Barcode Format
a.
In the Name field, enter a name for the asset. For example, Office Pro SW Asset.
b.
Optional: In the Software field, select the name of the application to associate with the asset. To
search for items, begin typing in the field.
KACE Systems Management Appliance 8.0 Administrator Guide
Adding Software assets
193
c.
3.
Optional: In the Software Label field, select a label in the Select label drop-down list. The list is
empty unless you have created a Smart Label. To filter the labels list, enter a few characters of
the label name in the Filter field.
Click Save.
The new asset appears on the Assets list.
Managing physical and logical assets
Physical assets include device hardware and software, as well as other physical assets, such as office furniture.
Logical assets include locations, cost centers, and vendors.
The KACE SMA Inventory component automatically provides the Asset Management component with information
about physical assets, such as devices, that report software and hardware inventory to the KACE SMA. For
physical and logical assets that do not report inventory to the KACE SMA, however, information is added and
updated manually. See Update custom asset fields manually.
Managing logical assets enables you to:
•
Identify and protect logical assets.
•
Establish relationships between logical assets and use them in reports. For example, geographical
relationships or the relationships of business entities.
You can also add custom logical assets, such as support contracts, to track additional metadata about those
objects.
Add physical Asset Types
You can add physical Asset Types as needed.
1.
Go to the Asset Type Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Asset Types.
c.
Select Choose Action > New.
2.
In the Name field, enter a descriptive name for the asset, such as Laptop.
3.
In the Defaut Asset Status field, enter a default asset status, or a custom one (if they exist).
A default installation of the KACE SMA includes the following asset statuses:
4.
◦
Active: Any asset that is deployed, active, or in use.
◦
Disposed: An asset that is no longer available for use.
◦
Expired: A software license or contract asset that has expired.
◦
In Stock: A recently received asset.
◦
Missing: Any asset that cannot be located.
◦
Repair: An asset that is being repaired.
◦
Reserved: An asset that is set aside for a specific person or use.
◦
Retired: Any asset that reached its end-of-life state, or is no longer in use.
◦
Stolen: An asset that has been reported as stolen.
Under Barcodes, click
, and provide the following information:
KACE Systems Management Appliance 8.0 Administrator Guide
Add physical Asset Types
194
Option
Description
Barcode Data
The barcode number. Barcode numbers are always unique, they cannot
be shared between multiple assets. However, it is possible for an active
asset to share a barcode with an archived asset.
Barcode Name
The barcode tag associated with this asset type. There can be only one
barcode of the same type per asset.
Barcode Format
The barcode format. For example, UPC-A, Code 11, or UPC-E.
You can add as many barcodes as needed.
5.
Click the Add button on the right side of the page:
.
A new line appears.
6.
Provide the following information in the new line. For example:
a.
In the Name field, enter Brand.
b.
In the Required column, select the check box to make the field required.
c.
In the Type drop-down list, select Single Select.
The Available Values field is enabled.
d.
Go back to the Available Values field and enter the brands you use. These will appear in the
select list. Separate each brand with a comma.
For example: Apple, Dell, IBM. This ensures that brand names, such as IBM, are referred to
consistently instead of using variations, such as IBM and International Business Machines.
7.
Click Save at the end of the row, then add a row:
a.
b.
Click the Add button:
.
Provide additional information in the new line.
For example:
8.
▪
In the Name field, enter Serial Number.
▪
In the Type drop-down list, select Text.
Click Save at the end of the row, then add a row:
a.
b.
Click the Add button:
.
Provide additional information in the new line.
For example:
9.
▪
In the Name field, enter Location.
▪
In the Type drop-down list, select Asset Location.
Click Save at the end of the row, then add a row:
a.
b.
Click the Add button:
.
Provide additional information in the new line.
For example:
▪
In the Name field, enter Department, and in the Type drop-down list select Asset Department.
▪
In the Name field, enter Cost Center, and in the Type drop-down list select Asset Cost Center.
10. Click Save at the end of the row, then add a row:
a.
Click the Add button:
.
KACE Systems Management Appliance 8.0 Administrator Guide
Add physical Asset Types
195
b.
Provide additional information in the new line.
For example:
▪
In the Name field, enter Warranty Expiration.
▪
In the Type drop-down list, select Date. The format is yyyy-mm-dd. The supported range is
1000-01-01 to 9999-12-31.
11. Click Save at the end of the row, then click Save at the bottom of the page.
Archive device Assets
You can archive device Assets as needed.
KACE SMA administrators can archive device Assets that are no longer in use. When you archive a device Asset,
that device is no longer included in the node license count for the KACE SMA. Devices marked for archiving are
archived after a pre-defined number of days, as specified in the General Settings. The default period is three
days. This allows administrators to revert the device from being marked from archiving, if needed.
For more information about changing the length of time during which device Assets are marked for archiving, see
Configure Admin-level or organization-specific General Settings
Once a device is archived, its record is deleted, and it can no longer be reverted to the previous active state. You
can review the device details for an archived device Asset, if required.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
On the left navigation bar, click Assets.
3.
Complete one of the following steps:
4.
•
On the Assets list, select a device Asset. Select Choose Action > Archive.
•
On the Assets list, click the name of a device Asset. On the Asset Detail page that appears, click
Archive.
In the Archive Asset dialog box that appears, in the Archive Reason field, type the reason for this action,
and click Save.
The Archive Asset dialog box closes, and the Assets list refreshes, indicating that the device Asset is in the
Pending Archive state (
). When the Pending Archive period expires, the appliance archives the device
Asset, and it enters the Archived state (
5.
).
If you want to remove a device Asset from the Pending Archive state:
a.
On the Assets list, click the name of a device Asset that is in the Pending Archive state.
b.
On the Asset Detail page that appears, click Undo Pending Archive.
The Asset Detail page closes, and the Assets list refreshes, indicating that the device Asset is no longer in
the Pending Archive state.
6.
If you want to review the device details for an archived device Asset, on the Assets list, in the Name
column, click the device name enclosed in brackets.
The Device Details page appears. This page contains a subset of the information typically shown for a
non-archived device Asset. For more information about the fields appearing on this page, see Groups and
sections of items in device details.
Maintaining and using manual asset information
For assets that do not report inventory to the KACE SMA automatically, you can manually add asset information.
This is useful for logical assets such as locations, cost centers, and vendors, and physical assets, such as office
KACE Systems Management Appliance 8.0 Administrator Guide
Maintaining and using manual asset information
196
furniture and equipment. Asset information that is imported or added manually must be updated manually when
that information changes.
There are two ways to keep manual asset information up to date:
•
Manage the information in spreadsheets and re-import them to the KACE SMA periodically.
•
Maintain the information manually in the Asset Management component.
Whichever method you choose, use it consistently to ensure that data remains current.
Creating an asset administrator role
You can create an asset administrator role to permit other users to update assets in the appliance.
For information on creating roles, see Setting up roles for user accounts.
Scheduling regular imports
To maintain asset information efficiently, you can continue updating source spreadsheets. Each time you
import, the Asset Management component determines whether to import or update records based on what was
designated as the primary key (PK) when the asset was created:
•
If the primary key matches an existing record, the Asset Management component compares the data and
updates the existing record.
•
If there is no matching primary key in the row, a new record is generated.
See Importing license data in CSV files.
TIP: Before importing new data, consider running a report to export the current data. That way you can
return to the original data if there is anything wrong with the structure of the new data.
Using asset data in reports
You can export data from the Asset Management component in standard reports.
Some standard reports are:
•
Unapproved Software Installation: Software found on devices where no license has been approved.
•
Software Compliance Simple: License counts, such as those found on the Assets list.
•
Software License Compliance Complete: A list of software and devices that are impacted by each
license.
In addition, you can create your own reports. See About reports.
Managing locations
A location entity represents a physical site that contains one or more of your assets.
You can add, move, or delete location entities, as needed.
Manage locations
Locations represents physical sites containing one or more of your assets. They are based on location types.
You can add, move, or delete location entities, or export location details into a file, as needed.
1.
Go to the Locations list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
KACE Systems Management Appliance 8.0 Administrator Guide
Manage locations
197
b.
2.
On the left navigation bar, click Asset Management, then click Locations.
To add a location, select Choose Action > New.
See Add or edit locations for more information.
3.
To delete a location:
4.
a.
Select the row containing the location that you want to delete.
b.
Select Choose Action > Delete.
c.
Optional. In the Delete location dialog box that appears, specify the replacement location to
which you want to move all the assets associated with the location you are about to delete.
d.
Click Confirm.
NOTE: Deleting a parent location does not remove its child locations from the system.
To move a location:
a.
Select the row containing the location that you want to move.
b.
Select Choose Action > Move.
c.
In the Move location dialog box that appears, specify the parent location to which you want to
move the location.
d.
Click Confirm.
The Locations list refreshes, no longer showing the newly moved locations. To view child locations
associated with the specific parent, in the row containing the parent location, click on the right of the
location name.
5.
In the Name field, add or change the name as needed.
TIP: Additional options are available for Device and License Asset Types. See About customizing
the Device Asset Type and Customize the License Asset Type.
6.
To export one or more locations to a file:
a.
Select the rows containing the locations that you want to export.
b.
Select Choose Action > Export, and then choose the appropriate option.
For example, to export all locations to a CSV file, select them in the list, and then select Choose
ActionExportExport All To CSV Format.
You can import location information from a file using the Import Assets wizard. For more information, see
Importing asset data using CSV files.
Add or edit locations
The Location Detail page shows the details of the selected location.
Location information is static and changes only when you import data or change it manually.
1.
Go to the Location Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Locations.
c.
Display the Location Detail page by doing one of the following:
▪
Click the name of a location.
▪
Select Choose Action > New.
2.
Provide the following information about the location: Subtype, Name (required), Description, Web site,
Address, Locale, and Phone Number.
3.
Click Save.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit locations
198
Customize location fields
You can rename, create, and delete fields on the Location Detail page, as needed.
1.
2.
Go to the Location Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Locations.
c.
Display the Location Detail page by doing one of the following:
▪
Click the name of a location.
▪
Select Choose Action > New.
Specify location subtypes, if needed.
a.
In the Subtypes section, click Add Subtype.
The Location Asset Subtype Detail page appears. The Inherited Fields section shows fields that
are available to the Asset Subtype because they have been added to the Asset Type.
b.
On the Location Asset Subtype Detail page that appears, review, and edit the following options,
as needed:
Options
Description
Name
The name of the Location Subtype. This name appears in the list on the Location
Detail page.
Default
Indicates whether to use the Location Subtype as the default for new locations. If you
select this check box, new locations are automatically assigned to this Asset Subtype.
You can change this setting any time.
Inherited Fields
This section displays the default location fields. You cannot make any changes to this
section.
Subtype Fields
c.
3.
Add any fields that are specific to this Subtype, as needed. To add a field, click
and specify the required information.
,
Click Save.
If you want the locations to use barcodes, specify one or more tags in the Barcode Tags area.
Any locations that you create going forward will have the barcode tags available for configuration. For
example, if you specify a Corporate Tag and a Dell Location Tag, barcodes identified with these two tags
will be available for selection in on the Location Detail page, when you create or edit a location.
To add a barcode, click
4.
, type the barcode name, and click Save.
Specify additional location fields, as needed.
a.
b.
To add a field, in the Asset Fields area, click
.
Provide the following information for each new field:
Option
Description
Name
The field name.
KACE Systems Management Appliance 8.0 Administrator Guide
Customize location fields
199
Option
Description
Available Values
The values that appear in fields that contain lists of values. This field is enabled when
you select Single Select or Multiple Select from the Type drop-down list. If you
select Single Select or Multiple Select, you must enter at least one value in this
field. To use multiple values, separate each value with a comma.
Required
Indicates whether the field is mandatory or optional. If this check box is selected,
users must enter a value in the field when creating assets of the selected type.
Type
The type of field. Field types include:
c.
5.
•
Attachment: Enables users to add attachments to the asset.
•
Currency: Used for monetary values.
•
Software Catalog: Enables users to associate the asset with an application in
the Software Catalog.
•
Date: Used for calendar information.
•
Label: Enables users to associate a label with the asset.
•
Link: Used for Internet links. Links must be valid URLs, such as http://
quest.com.
•
Multiple Select: Displays a list where multiple values can be selected. The
maximum length for each value is 255 characters.
•
Notes: Used for additional information.
•
Number: Used for numerical values expressed as whole numbers.
•
Parent: Enables the asset to point to the same type of asset in a parent-child
relationship. For example, you might allow Location types to have a Parent
connection, allowing New York to point to a North America location. This can
then be used in the reporting system to show all assets in North America.
•
Publisher: Allows you to select from the current list of publishers available in
the Software Catalog.
•
Single Select: Displays a value list where only a single value can be selected.
The maximum length for each value is 255 characters.
•
Text: Used for additional text. The maximum length is 255 characters.
•
Timestamp: Used to add a day and time to the record.
•
User: Used to associate user records with an asset.
•
Assets Asset Type: Used to specify relationships among Asset Types.
Click Save.
Click Save.
Managing contracts
A contract is a form of purchase agreement between the vendor and the end user, that describes the usage
terms. Contracts can be associated with software and hardware items your business uses, and also for physical
items such as office furniture or coffee machines.
You can add, edit, or delete contracts, as needed.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing contracts
200
Manage contracts
Contracts represent purchase or service agreements for hardware and software items your business uses, and
also for any physical products or services, such as office chairs or coffee suppliers.
You can add, edit, or delete contracts, or export contract details into a file, as needed.
1.
2.
Go to the Contracts list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Contracts.
To add a contract, select Choose Action > New.
See Add or edit contracts for more information.
3.
4.
To delete a contract:
a.
Select the row containing the contract that you want to delete.
b.
Select Choose Action > Delete.
To export one or more contract entries to a file:
a.
Select the rows containing the contracts that you want to export.
b.
Select Choose Action > Export, and then choose the appropriate option.
For example, to export all contracts to a CSV file, select them in the list, and then select Choose
Action > Export > Export All To CSV Format.
You can import contract information from a file using the Import Assets wizard. For more information, see
Importing asset data using CSV files.
Add or edit contracts
The Contract Detail page shows the details of the selected contract.
Use this page to add or edit contracts, as needed.
1.
2.
Go to the Contract Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Contracts.
c.
Display the Contract Detail page by doing one of the following:
▪
Click the name of a contract.
▪
Select Choose Action > New > Contract-Hardware.
▪
Select Choose Action > New > Contract-Software.
▪
Select Choose Action > New > Contract-Other.
Provide general information about the contract.
Contracts are a form of asset types, and apart from the Name field which is always required, the collection
of the fields available with each contract type can be changed to suit your needs. For more information
about Asset Types, see About Asset Types
The following fields typically appear on a contract record:
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit contracts
201
Option
Description
Subtype
The subtype assignment for this contract asset, if applicable. None
indicates that the asset is not assigned to a subtype.
You can specify the contract subtypes in the applicable contract Asset
Subtype (Contract-Software, Contract-Hardware, or Contract-Other).
For more information about asset subtypes, see About Asset Subtypes,
custom fields, and device detail preferences.
Asset Status
The contract status, if applicable. You can select a default asset status,
or a custom one (if they exist). A default installation of the KACE SMA
includes the following asset statuses:
•
Active: Any asset that is deployed, active, or in use.
•
Disposed: An asset that is no longer available for use.
•
Expired: A software license or contract asset that has expired.
•
In Stock: A recently received asset.
•
Missing: Any asset that cannot be located.
•
Repair: An asset that is being repaired.
•
Reserved: An asset that is set aside for a specific person or use.
•
Retired: Any asset that reached its end-of-life state, or is no longer
in use.
•
Stolen: An asset that has been reported as stolen.
For more information, see View and configure asset lifecycle settings.
Location
The location of this asset.
Name
The name of the contract.
Contract Number
The contract number.
Contract Description
Additional information about the contract.
Contract Start Date
The date when the contract is activated.
Contract End Date
The date when the contract ends.
Anniversary
Software and hardware contracts only. An indicator of when the
contract is up for renewal.
Publisher
Software and hardware contracts only. The contract publisher.
Publisher Program
Software contracts only. The entries available for selection are
populated from the Software Catalog, depending on what you set in the
Publisher field. When you select a Publisher, the entries available for
selection in this field are populated with the program entries associated
with the selected Publisher, that exist in your Software Catalog.
Vendor
The name of the vendor associated with the contract. You can select from
the available vendor entries.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit contracts
202
Option
Description
Vendor Agreement Number
The number of the vendor agreement associated with the contract.
Manufacturer
Hardware contracts only. The manufacturer of the device associated
with this contract.
Hardware Type
Hardware contracts only. The type of the hardware device associated
with this contract, such as laptop or server.
Hardware Series
Hardware contracts only. The series of the hardware device associated
with this contract.
Hardware Model
Hardware contracts only. The model number of the hardware device
associated with this contract.
Purchase Order Number
The number of the purchase order associated with the contract.
Purchase Order Date
The date of the purchase order associated with the contract.
Linked Contract
Another contract that is associated with this contract entry.
Contact Name
The contact name associated with the contract.
Contact Email
The contact email address associated with the contract.
Contact Phone
The contact phone number associated with the contract.
Notes
Additional information about this contract.
Attachment 1, Attachment 2
Any file attachments associated with the contract.
3.
Optional. Add one or more barcodes to the contract, as needed.
a.
Under Barcodes, click
, and provide the following information:
Option
Description
Barcode Data
The barcode number. Barcode numbers are always unique, they cannot
be shared between multiple assets. However, it is possible for an active
asset to share a barcode with an archived asset.
Barcode Name
The barcode tag associated with this asset type. There can be only one
barcode of the same type per asset.
Barcode Format
The barcode format. For example, UPC-A, Code 11, or UPC-E.
4.
Review the information in the Service Desk section. If you are editing an existing contract associated with
one or more Service Desk tickets, they are listed in this section.
5.
Review the information in the Related Assets section. If you are editing an existing contract associated with
one or more licenses, they are listed in this section.
6.
Click Save.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit contracts
203
Managing licenses
A license agreement allows you to use a logical or physical asset, such as software or hardware.
You can add, edit, or delete licenses, as needed, and associate them with your physical or logical assets, as
needed.
Manage licenses
Licenses allow you to use your logical or physical assets, such as software or hardware that your business uses.
You can add, edit, or delete licenses, or export license details into a file, as needed.
1.
2.
Go to the Licenses list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Licenses.
To add a license, select Choose Action > New.
See Add or edit licenses for more information.
3.
4.
To delete a license:
a.
Select the row containing the license that you want to delete.
b.
Select Choose Action > Delete.
To export one or more license entries to a file:
a.
Select the rows containing the licenses that you want to export.
b.
Select Choose Action > Export, and then choose the appropriate option.
For example, to export all licenses to a CSV file, select them in the list, and then select Choose
Action > Export > Export All To CSV Format.
You can import license information from a file using the Import Assets wizard. For more information, see
Importing asset data using CSV files.
Add or edit licenses
The License Detail page shows the details of the selected license.
Use this page to add or edit licenses, as needed.
1.
2.
Go to the License Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Licenses.
c.
Display the License Detail page by doing one of the following:
▪
Click the name of a license.
▪
Select Choose Action > New.
Provide general information about the license.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit licenses
204
Licenses are a form of asset types, and apart from the Name field which is always required, the collection
of the fields available with a license record can be changed to suit your needs. For more information about
Asset Types, seeAbout Asset Types
The following fields typically appear on a license record:
Option
Description
Subtype
The Asset Subtype to associate with the license. See About Asset Subtypes, custom
fields, and device detail preferences.
Asset Status
The license status, if applicable. You can select a default asset status, or a custom
one (if they exist). A default installation of the KACE SMA includes the following asset
statuses:
•
Active: Any asset that is deployed, active, or in use.
•
Disposed: An asset that is no longer available for use.
•
Expired: A software license or contract asset that has expired.
•
In Stock: A recently received asset.
•
Missing: Any asset that cannot be located.
•
Repair: An asset that is being repaired.
•
Reserved: An asset that is set aside for a specific person or use.
•
Retired: Any asset that reached its end-of-life state, or is no longer in use.
•
Stolen: An asset that has been reported as stolen.
For more information, see View and configure asset lifecycle settings.
Name
The name of the license, such as Office Professional PO #1234. This is the name
that you use to find the asset. If you plan to have multiple licenses associated with an
application, provide the purchase order number or purchase date in the fields below to
differentiate the licenses.
License Count
The number of installations or seats the license allows. For example, 50.
Contract
The contract asset associated with the license.
Applies to
Cataloged
Software
Applications in the Software Catalog inventory to which the license applies. You
can associate License assets with multiple applications in the Software Catalog if
necessary. However, it is not necessary to associate a License asset with multiple
versions of the same application because the appliance does this automatically to
support upgrades and downgrades. You can simply associate the current version with
the License asset when you add the license information.
In addition, if you assign applications from different publishers, such as Microsoft Office
and Adobe Acrobat, to the same License asset, the total number of seats specified in
the License asset is assigned to each application. For example, if the License asset
has 100 seats, both Microsoft Office and Adobe Acrobat are assigned 100 seats.
Applies to
Software
Leave this field blank. A software license cannot be associated with applications from
the Software Catalog inventory and the Software page inventory at the same time.
For more information on how to create license assets for cataloged software, see Add
License assets for Software page inventory.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit licenses
205
Option
Description
License Mode
The mode of the License asset. For applications that require licenses, and to display
license usage information on the License Compliance page, select either Enterprise or
Unit License.
NOTE: Most modes, including Not Specified, Client License, Subscription,
Shareware, Freeware, OpenSource, No Licensing, and Site License, are not
used for License Compliance.
The license mode is used in these sections of the Administrator Console:
•
The License Compliance list. See View License Compliance information for
Software Catalog applications.
•
The License Compliance chart that is displayed on the Dashboard. Values that
are marked as ignored on the Asset Detail page are shown with a usage level of
100 percent. See About Dashboard widgets.
Product Key and Additional information about the license. You can modify and edit the default
information, which can be captured for a License Asset Type.
Unit Cost
Vendor
The name of the Vendor asset you want to associate with the application. the Vendor
drop-down list is empty unless you have added a Vendor asset. To search for a vendor,
begin typing in the list.
NOTE: Assigning multiple vendors to a single software License asset is
not recommended because it can result in inaccurate License Compliance
information.
Purchase Order
Number
The purchase order number associated with the license.
Purchase Date
The date the license was obtained. Click in the field, then select a date on the calendar.
Includes
Upgrade Rights
Indicates if the license includes upgrade rights. Upgrade rights refer to the ability to
upgrade to a newer version of the licensed software, when such versions become
available. For more information, see About license upgrades. Select one of the
following options:
•
Yes: Upgrade rights are calculated by comparing the number of existing licenses
for the selected software with the counts of available licenses for newer versions
of the same software.
•
Yes - Select from list: Choose one or more software versions for which you
want to grant upgrade rights. Click Select cataloged software to add. The list
that appears is populated with higher versions of the selected software to which
the license can be upgraded. When you click an entry in the list, your selection
appears in the Upgrade Software list box. You can add one or more versions, as
needed. To delete an item from the list, select it in the Upgrade Software list box,
and click Remove.
•
No: If you do not want to grant upgrade rights to the selected software, select this
option.
Includes
Maintenance
Whether the license entitles users to upgrade the installed version of the application.
See About License Compliance for Software Catalog applications.
Expiration Date
If the license includes maintenance, the expiration date of the maintenance period.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit licenses
206
Option
Description
The KACE SMA License Compliance feature leverages Software Catalog information,
such as application release dates. If new application versions are released during the
maintenance period, they are automatically covered by this License asset.
Indicates if the license includes downgrade rights. Downgrade rights refer to the ability
to apply licenses for newer software versions to older versions of the same software.
For more information, see About license downgrades. Select one of the following
options:
Includes
Downgrade
Rights
•
Yes: Downgrade rights are calculated by comparing the number of existing
licenses for the selected software with the counts of available licenses for older
versions of the same software.
•
Yes - Select from list: Choose one or more software versions for which you
want to grant downgrade rights. Click Select cataloged software to add. The
list that appears is populated with lower versions of the selected software to
which the license can be downgraded. When you click an entry in the list, your
selection appears in the Downgrade Software list box. You can add one or more
versions, as needed. To delete an item from the list, select it in the Downgrade
Software list box, and click Remove.
•
No: If you do not want to grant downgrade rights to the selected software, select
this option.
Department
The business group or department that owns the application.
Cost Center
The cost center associated with the department that owns the application.
Approved for
Device
The devices that are approved to use the license. This information is used in License
Compliance reporting. For example, if devices have the application installed, but
are not on the list of approved devices, the devices are listed in the report titled,
Unapproved Software Installation. However, the KACE SMA does not enforce license
compliance. For example, the appliance does not prevent applications from being
installed on managed devices if a license is expired or otherwise out of compliance.
Notes
Any additional information you want to provide.
License Text
Any supplemental information about the license, such as a license number.
Custom Fields
Additional information. You can modify the License Asset Type to include as many
additional fields as necessary to meet your business objectives.
3.
Optional. Add one or more barcodes to the license, as needed.
a.
Under Barcodes, click
, and provide the following information:
Option
Description
Barcode Data
The barcode number. Barcode numbers are always unique, they cannot
be shared between multiple assets. However, it is possible for an active
asset to share a barcode with an archived asset.
Barcode Name
The barcode tag associated with this asset type. There can be only one
barcode of the same type per asset.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit licenses
207
Option
Description
Barcode Format
The barcode format. For example, UPC-A, Code 11, or UPC-E.
4.
Click Save.
Setting up License Compliance
To track License Compliance information for applications, you need to create License assets. License assets can
be associated either with applications in the Software Catalog inventory or the Software page inventory. License
assets cannot be associated with both inventory types at the same time.
The options for tracking licenses, and the requirements for setting up License Compliance, differ for Software
Catalog inventory and for Software page inventory.
About License Compliance for Software Catalog
applications
The KACE SMA enables you to view License Compliance information for applications in the Software Catalog
inventory. This information appears on the License Compliance page and in the License Compliance Dashboard
widget.
After you configure License assets for applications in the Software Catalog inventory, you can view the number
of seats installed on Agent-managed devices, the number of seats available, the type of licenses applied, and,
if metering is enabled for the application, usage information. In addition, the KACE SMA leverages information
in the Software Catalog to automatically apply the correct licenses to application versions that are classified as
upgraded or downgraded.
To set up License Compliance for applications in the Software Catalog inventory:
•
(Optional) Customize the License Asset Type to meet your information management requirements. See
Customize the License Asset Type.
•
(Optional) Enable metering for Software Catalog applications. When metering is enabled, the License
Compliance page shows whether applications have or have not been used in the past 90 days. See About
software metering.
•
Create License assets and associate them with applications in the Software Catalog inventory. See Add
License assets for Software Catalog inventory.
•
(Optional) Set the threshold levels for License Compliance used on the Dashboard widget. The default
Warning Threshold is 90. The default Critical Threshold is 100. See Customize license usage warning
thresholds.
About license upgrades
Application maintenance plans often enable users to upgrade to newer versions of applications when those
versions become available, and the License Compliance page shows the number of installations that are
considered to be upgrades.
To track upgrades, the KACE SMA uses the information in the Software Catalog and the license details to
determine whether to associate new versions of applications with existing licenses. For example, if a License
asset was created for the 1.0 version of an application, and the maintenance plan entitles users to upgrade, the
KACE Systems Management Appliance 8.0 Administrator Guide
About license upgrades
208
2.0 version of the application is automatically covered by the License asset when it is released. In this example,
the License asset must be configured as follows:
•
The Includes Maintenance field must be set to Yes.
•
The Maintenance Expiration Date must be later than the version 2.0 GA (General Availability) date in the
Software Catalog.
•
The License Mode must be Enterprise or Unit License.
•
The Include Upgrade Rights must be set to Yes or Yes - Select from list.
For more information about these settings, see Add License assets for Software Catalog inventory.
About license downgrades
Vendors often allow users to apply licenses for newer versions of applications to older versions, and these types
of installations are referred to as downgrades. The License Compliance page shows the number of installations
that are considered to be downgrades.
License seats are first allocated to installations of the latest version of the application. If additional seats are
available, and if the vendor allows downgrades, the seats are automatically allocated to installations that are
considered downgrades.
Licenses for upgrades are always allocated before licenses for downgrades.
Customize the License Asset Type
You can add, change, or delete the fields available to the License Asset Type as needed. The License Asset Type
is the template that determines the fields available when you add License assets.
If the Organization component is enabled on your appliance, you customize the License Asset Type for each
organization separately.
1.
Go to the Asset Types list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Asset Types.
2.
In the Name column, click License to display the Asset Type Detail page.
3.
In the Defaut Asset Status field, enter a default asset status, or a custom one (if they exist).
A default installation of the KACE SMA includes the following asset statuses:
4.
◦
Active: Any asset that is deployed, active, or in use.
◦
Disposed: An asset that is no longer available for use.
◦
Expired: A software license or contract asset that has expired.
◦
In Stock: A recently received asset.
◦
Missing: Any asset that cannot be located.
◦
Repair: An asset that is being repaired.
◦
Reserved: An asset that is set aside for a specific person or use.
◦
Retired: Any asset that reached its end-of-life state, or is no longer in use.
◦
Stolen: An asset that has been reported as stolen.
In the Name field, type the name of the Asset Type.
KACE Systems Management Appliance 8.0 Administrator Guide
Customize the License Asset Type
209
The default for this type of asset is License.
5.
Optional: In the For License Compliance Reporting section, select the fields to use for License
Compliance.
Information from the selected License Mode field appears on the Dashboard License Compliance widget.
6.
Do one of the following:
•
In the License Mode Field drop-down list, keep the default as Select Field. This makes all of the
values in the License Mode Field available for License Compliance. If you have more than one singleselect or multiple-select field on the Asset Fields list, the first field that appears on the list, and all of its
values, is used in the License Compliance widget.
•
In the License Mode Field drop-down list, select a field, such as License Mode, to be used for
License Compliance. By default, this drop-down list contains a single field, but you can add fields as
needed. If you select a field, such as License Mode as shown in the following illustration, only the
selected field is used for License Compliance.
In addition, when you select a field, you can choose the values, if any, you want to ignore in the
License Compliance chart. Values that are ignored are listed at 100 percent usage and displayed in
gray.
By default License Mode is the only single- or multiple-select field available, so it is the only field
listed. If you add single- or multiple-select fields on the Asset Fields table, they appear in this list as
well, and they appear on the Asset Detail page when you add a License asset. However, only the
selected field, or the first field on the Asset Fields list, is used in the License Compliance widget.
7.
Optional: Modify the License Mode field or values on the Asset Fields table.
a.
b.
c.
d.
e.
8.
Click the Edit button at the end of a row:
.
Change the field information as needed, then click Save at the end of the row.
To add a field, click the Add button in the table heading:
Save at the end of the row.
To change the order of fields, drag the Reorder button:
To remove a field, click Delete button:
. Add field information, then click
.
.
Click Save at the bottom of the page.
Related topics
View License Compliance and Configuration information.
Add License assets for Software Catalog inventory
You can add License assets for applications in the Software Catalog inventory. Adding License assets enables
you to view license compliance information on the License Compliance list and on the License Compliance
Dashboard widget.
KACE Systems Management Appliance 8.0 Administrator Guide
Add License assets for Software Catalog inventory
210
Software Catalog applications must be classified as Discovered, Not Discovered, or Locally Cataloged. You
cannot add License assets for applications classified as Uncataloged.
When you associate License assets with applications, you can also view license information on the Software
Catalog Detail page. If the Organization component is enabled on your appliance, you manage license information
for each organization separately.
1.
TIP: To add License assets for multiple applications at once, you can import the information from
spreadsheets or CSV files. See Example: Import license data from prepared spreadsheets.
Go to the Software Catalog list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Software Catalog.
2.
Click the name of an application to display the Software Catalog Detail page.
3.
Near the bottom of the page, click Add New License to display the License Asset Detail page.
4.
Provide the following information:
Option
Description
Subtype
The Asset Subtype to associate with the license. See About Asset Subtypes, custom
fields, and device detail preferences.
Asset Status
The license status, if applicable. You can select a default asset status, or a custom
one (if they exist). A default installation of the KACE SMA includes the following asset
statuses:
•
Active: Any asset that is deployed, active, or in use.
•
Disposed: An asset that is no longer available for use.
•
Expired: A software license or contract asset that has expired.
•
In Stock: A recently received asset.
•
Missing: Any asset that cannot be located.
•
Repair: An asset that is being repaired.
•
Reserved: An asset that is set aside for a specific person or use.
•
Retired: Any asset that reached its end-of-life state, or is no longer in use.
•
Stolen: An asset that has been reported as stolen.
For more information, see View and configure asset lifecycle settings.
Name
The name of the license, such as Office Professional PO #1234. This is the name
that you use to find the asset. If you plan to have multiple licenses associated with an
application, provide the purchase order number or purchase date in the fields below to
differentiate the licenses.
License Count
The number of installations or seats the license allows. For example, 50.
Contract
The contract asset associated with the license.
Applies to
Cataloged
Software
Applications in the Software Catalog inventory to which the license applies. You
can associate License assets with multiple applications in the Software Catalog if
necessary. However, it is not necessary to associate a License asset with multiple
versions of the same application because the appliance does this automatically to
KACE Systems Management Appliance 8.0 Administrator Guide
Add License assets for Software Catalog inventory
211
Option
Description
support upgrades and downgrades. You can simply associate the current version with
the License asset when you add the license information.
In addition, if you assign applications from different publishers, such as Microsoft Office
and Adobe Acrobat, to the same License asset, the total number of seats specified in
the License asset is assigned to each application. For example, if the License asset
has 100 seats, both Microsoft Office and Adobe Acrobat are assigned 100 seats.
Applies to
Software
Leave this field blank. A software license cannot be associated with applications from
the Software Catalog inventory and the Software page inventory at the same time.
For more information on how to create license assets for cataloged software, see Add
License assets for Software page inventory.
License Mode
The mode of the License asset. For applications that require licenses, and to display
license usage information on the License Compliance page, select either Enterprise or
Unit License.
NOTE: Most modes, including Not Specified, Client License, Subscription,
Shareware, Freeware, OpenSource, No Licensing, and Site License, are not
used for License Compliance.
The license mode is used in these sections of the Administrator Console:
•
The License Compliance list. See View License Compliance information for
Software Catalog applications.
•
The License Compliance chart that is displayed on the Dashboard. Values that
are marked as ignored on the Asset Detail page are shown with a usage level of
100 percent. See About Dashboard widgets.
Product Key and Additional information about the license. You can modify and edit the default
information, which can be captured for a License Asset Type.
Unit Cost
Vendor
The name of the Vendor asset you want to associate with the application. the Vendor
drop-down list is empty unless you have added a Vendor asset. To search for a vendor,
begin typing in the list.
NOTE: Assigning multiple vendors to a single software License asset is
not recommended because it can result in inaccurate License Compliance
information.
Purchase Order
Number
The purchase order number associated with the license.
Purchase Date
The date the license was obtained. Click in the field, then select a date on the calendar.
Includes
Upgrade Rights
Indicates if the license includes upgrade rights. Upgrade rights refer to the ability to
upgrade to a newer version of the licensed software, when such versions become
available. For more information, see About license upgrades. Select one of the
following options:
•
Yes: Upgrade rights are calculated by comparing the number of existing licenses
for the selected software with the counts of available licenses for newer versions
of the same software.
•
Yes - Select from list: Choose one or more software versions for which you
want to grant upgrade rights. Click Select cataloged software to add. The list
that appears is populated with higher versions of the selected software to which
the license can be upgraded. When you click an entry in the list, your selection
KACE Systems Management Appliance 8.0 Administrator Guide
Add License assets for Software Catalog inventory
212
Option
Description
appears in the Upgrade Software list box. You can add one or more versions, as
needed. To delete an item from the list, select it in the Upgrade Software list box,
and click Remove.
•
No: If you do not want to grant upgrade rights to the selected software, select this
option.
Includes
Maintenance
Whether the license entitles users to upgrade the installed version of the application.
See About License Compliance for Software Catalog applications.
Expiration Date
If the license includes maintenance, the expiration date of the maintenance period.
The KACE SMA License Compliance feature leverages Software Catalog information,
such as application release dates. If new application versions are released during the
maintenance period, they are automatically covered by this License asset.
Includes
Downgrade
Rights
Indicates if the license includes downgrade rights. Downgrade rights refer to the ability
to apply licenses for newer software versions to older versions of the same software.
For more information, see About license downgrades. Select one of the following
options:
•
Yes: Downgrade rights are calculated by comparing the number of existing
licenses for the selected software with the counts of available licenses for older
versions of the same software.
•
Yes - Select from list: Choose one or more software versions for which you
want to grant downgrade rights. Click Select cataloged software to add. The
list that appears is populated with lower versions of the selected software to
which the license can be downgraded. When you click an entry in the list, your
selection appears in the Downgrade Software list box. You can add one or more
versions, as needed. To delete an item from the list, select it in the Downgrade
Software list box, and click Remove.
•
No: If you do not want to grant downgrade rights to the selected software, select
this option.
Department
The business group or department that owns the application.
Cost Center
The cost center associated with the department that owns the application.
Approved for
Device
The devices that are approved to use the license. This information is used in License
Compliance reporting. For example, if devices have the application installed, but
are not on the list of approved devices, the devices are listed in the report titled,
Unapproved Software Installation. However, the KACE SMA does not enforce license
compliance. For example, the appliance does not prevent applications from being
installed on managed devices if a license is expired or otherwise out of compliance.
Notes
Any additional information you want to provide.
License Text
Any supplemental information about the license, such as a license number.
Custom Fields
Additional information. You can modify the License Asset Type to include as many
additional fields as necessary to meet your business objectives.
5.
Click Save.
KACE Systems Management Appliance 8.0 Administrator Guide
Add License assets for Software Catalog inventory
213
The new asset appears on the Assets page. The License Count number does not change until you update
the asset. However, the number in the Installed column changes when managed devices that have the
software installed check in to the appliance. This enables you to track the number of licenses that have
been purchased and installed.
Perform the following optional tasks:
•
Enable metering for Software Catalog inventory. When metering is enabled, the License Compliance page
shows whether applications have or have not been used in the past 90 days. See About software metering.
•
Set license usage warning thresholds. These thresholds are used by the License Compliance Dashboard
widget to identify license compliance issues.
Add License assets for Software page inventory
You can create License assets to track information for applications that require licenses.
Before you create License assets, you should have information such as the number of installations, or seats,
allowed by the license, the product key, the purchase order number, and any other information you want to
manage in the License asset.
NOTE: To create License assets for applications in the Software page inventory, you first must create
Software assets for those applications. You do not need to create Software assets for applications in the
Software Catalog page inventory.
If the Organization component is enabled on your appliance, you can create License assets for each organization
separately.
1.
2.
TIP: You can customize License Asset Types to meet your needs. See Customize the License Asset Type.
Go to the License Asset Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
Do one of the following:
▪
On the left navigation bar, click Assets. Select Choose Action > New > License.
▪
On the left navigation bar, click Inventory, then click Software Catalog. Click the name of an
application. On the Software Catalog Detail page, click Add New License.
Provide the following information:
Option
Description
Subtype
The Asset Subtype to associate with the license.
See About Asset Subtypes, custom fields, and
device detail preferences.
Asset Status
The license status, if applicable. You can select a
default asset status, or a custom one (if they exist).
KACE Systems Management Appliance 8.0 Administrator Guide
Add License assets for Software page inventory
214
Option
Description
A default installation of the KACE SMA includes the
following asset statuses:
•
Active: Any asset that is deployed, active, or
in use.
•
Disposed: An asset that is no longer available
for use.
•
Expired: A software license or contract asset
that has expired.
•
In Stock: A recently received asset.
•
Missing: Any asset that cannot be located.
•
Repair: An asset that is being repaired.
•
Reserved: An asset that is set aside for a
specific person or use.
•
Retired: Any asset that reached its end-of-life
state, or is no longer in use.
•
Stolen: An asset that has been reported as
stolen.
For more information, see View and configure asset
lifecycle settings.
Name
The name of the license, such as Office
Professional PO #1234. This is the name that you
use to find the asset. If you plan to have multiple
licenses associated with an application, provide
the purchase order number or purchase date in the
fields below to differentiate the licenses.
License Count
The number of installations or seats the license
allows. For example, 50.
Applies to Cataloged Software
Leave this section blank. A software license cannot
be associated with applications from the Software
page inventory and the Software Catalog inventory
at the same time. For more information on how to
create license assets for cataloged software, see
Add License assets for Software Catalog inventory.
Applies to Software
Applications in the Software page inventory to which
the license applies. You can associate licenses with
multiple applications on the Software page.
If this field is blank, you need to create a Software
asset as described in Adding Software assets.
License Mode
The mode of the License asset. For applications that
require licenses, select either Enterprise or Client
Access License.
KACE Systems Management Appliance 8.0 Administrator Guide
Add License assets for Software page inventory
215
Option
Description
NOTE: Most modes, including Not Specified,
Unit License, Subscription, Shareware,
Freeware, OpenSource, No Licensing,
and Site License, are not used for License
Compliance.
The license mode is used in these sections of the
Administrator Console:
•
The License Compliance list (Software
Catalog inventory only). See View License
Compliance information for Software Catalog
applications.
•
The License Compliance chart that is
displayed on the Dashboard. Values that are
marked as ignored on the Asset Detail page
are shown with a usage level of 100 percent.
See About Dashboard widgets.
Product Key and Unit Cost
Additional information about the license. You can
modify and edit the default information, which can be
captured for a License Asset Type.
Vendor
The name of the Vendor asset you want to associate
with the application. the Vendor drop-down list is
empty unless you have added a Vendor asset. To
search for a vendor, begin typing in the list.
NOTE: Assigning multiple vendors to a single
software License asset is not recommended
because it can result in inaccurate license
compliance information. If you do assign
multiple vendors to an asset, each vendor is
assigned the total number of license seats
specified in the License Count field.
Purchase Order Number
The purchase order number associated with the
license.
Purchase Date
The date the license was obtained. Click in the field,
then select a date on the calendar.
Includes Upgrade Rights
Indicates if the license includes upgrade rights.
Upgrade rights refer to the ability to upgrade to a
newer version of the licensed software, when such
versions become available.
This setting, however, only applies to licenses for
cataloged software. For non-cataloged software, set
this option to No.
For more information on how to create license
assets for cataloged software, see Add License
assets for Software Catalog inventory.
Includes Maintenance
Whether or not the license entitles users to upgrade
or downgrade the version of the application.
KACE Systems Management Appliance 8.0 Administrator Guide
Add License assets for Software page inventory
216
Option
Description
Expiration Date
If the license includes maintenance, the expiration
date of the maintenance period.
The KACE SMA License Compliance feature
leverages Software Catalog information, such as
application release dates. If new application versions
are released during the maintenance period, they
are automatically covered by this License asset.
Includes Downgrade Rights
Indicates if the license includes downgrade rights.
Downgrade rights refer to the ability to apply
licenses for newer software versions to older
versions of the same software.
This setting, however, only applies to licenses for
cataloged software. For non-cataloged software, set
this option to No.
For more information on how to create license
assets for cataloged software, see Add License
assets for Software Catalog inventory.
Department
The business group or department that owns the
application.
Cost Center
The cost center associated with the department that
owns the application.
Approved for Device
The devices that are approved to use the license.
This information is used in License Compliance
reporting. For example, if devices have the
application installed but are not on the list of
approved devices, the devices are listed in the
report titled Unapproved Software Installation.
However, the KACE SMA does not enforce license
compliance. For example, the appliance does
not prevent applications from being installed on
managed devices if a license is expired or otherwise
out of compliance.
Notes
Any additional information you want to provide.
License Text
Any supplemental information about the license such
as the license number.
Custom Fields
Additional information. You can modify the License
Asset Type to include as many additional fields as
necessary to meet your business objectives.
3.
Click Save.
The new asset appears on the Assets page. The License Count number does not change until you update the
asset. However, the number in the Installed column changes when managed devices that have the software
installed check in to the appliance. This enables you to track the number of licenses that have been purchased
and installed.
Related topics
KACE Systems Management Appliance 8.0 Administrator Guide
Add License assets for Software page inventory
217
Customize the License Asset Type
View License Compliance and Configuration information
About reports
Importing license data in CSV files
If your license data is in a spreadsheet, you can export it to CSV (comma-separated value) format, then import it
into the KACE SMA. Or, you can use a text editor to create a CSV file that contains the data, then import that file.
If the CSV file contains new assets for Asset Types that you have defined, the new assets are added.
How asset information is handled during import
When asset information is imported, the appliance compares the new information to existing information to
determine how the new information should be handled.
Depending on whether the information is new, existing, or duplicated, the appliance performs the following
actions:
•
Creates the asset: If the Primary Key value does not match an existing value, the asset is created.
•
Updates the asset: If the Primary Key value matches an existing value, the asset information is updated.
•
Flags the asset as a duplicate: If multiple records for the Asset Type match the value of the CSV field
chosen as the Primary Key, OR if multiple records match the associated asset, the asset is flagged as a
duplicate. Duplicate records are not imported.
Importing asset data using CSV files
You can import asset data, such as software license data, using CSV (comma separated value) files.
Prepare asset data before importing
Verify that asset data is appropriate and formatted properly before importing it.
1.
Define the basic fields for your assets. If you use product names, make sure they are useful and help to
identify the asset. See Adding Software assets.
2.
Add header rows to your data. In the Asset Management component, columns without headers are referred
to by their column number, so using column header rows can make it easier to identify data.
3.
Verify that all columns map to equivalent Asset Fields in the Asset Type.
Asset Types include default fields, such as Asset Name, Purchase Order Number, and Vendor, but you can
add custom asset fields if necessary. See About adding and deleting asset fields.
4.
TIP: To view default fields go to the Asset Detail page. See Customizing Asset Types.
Decide what field or fields to use for the primary key (PK) for the imported assets.
Primary Keys are the fields, or combinations of fields, used as unique identifiers for assets being imported.
When assets are imported, the appliance uses Primary Keys to determine whether to update an existing
record or create a record. You can select one field, or a combination of fields, as the PK.
5.
Save the spreadsheet as a CSV file, in a location you can access from the Administrator Console.
Example: Import license data from prepared spreadsheets
You can import license data from prepared CSV files.
KACE Systems Management Appliance 8.0 Administrator Guide
Importing asset data using CSV files
218
This example describes how to import License assets for Software Catalog inventory. The example shows only
the fields that are required for License asset import. You can add additional files, such as unit cost, publisher,
product keys, and so on to meet your information management needs.
If you want to assign the imported assets to an Asset Subtype, add the subtype before you import the assets. See
Add Asset Subtypes and select Device Detail page preferences.
1.
Create a file in a spreadsheet program such as Excel.
2.
Add the following columns and rows. The first row is a header column:
Asset Name
License Count
License Mode
Includes
Maintenance
Applies to
Software Catalog
Software Title 1
100
Enterprise
Yes
Software Title 1
Software Title 2
150
Enterprise
Yes
Software Title 2
Software Title 3
200
Enterprise
Yes
Software Title 3
Software Title 4
500
Enterprise
Yes
Software Title 4
3.
4.
Save the file in CSV format.
The values in each column are separated by commas. For example: Software Title
1,100,Enterprise,Yes,Software Title 1
Go to the Upload File page in the Import Assets section:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Asset Management, then click Import Assets.
5.
Click Browse or Choose File, then select the CSV file.
6.
If the CSV file contains a header row, as it does in this example, select the File Header Row check box,
then click Next.
7.
Select the Asset Type and Asset Subtype:
The Asset Type Selection page appears.
a.
In the Asset Type drop-down list, select License.
b.
In the Asset Subtype drop-down list, select Productivity.
NOTE: In this example, the Asset Subtype, Productivity, has been added to the License Asset
Type. The Subtype drop-down list is empty if you have not added subtypes for the License Asset
Type. During import, all assets are assigned to the selected subtype.
c.
Click Next.
The Mapping page appears.
8.
9.
In the CSV Fields drop-down list, select the fields that correspond to the appliance Required Standard
Fields and Required Asset Fields. The mapping of these fields depends on the contents of your CSV file
and the Asset Type. For the example in this section, use the following values:
◦
Asset Name=Asset Name
◦
License Count=License Count
◦
Applies to Cataloged Software=Software Catalog
◦
License Mode=Mode
Select the PK check box next to the Asset Name field.
KACE Systems Management Appliance 8.0 Administrator Guide
Importing asset data using CSV files
219
NOTE: Primary Keys are the fields, or combinations of fields, used as unique identifiers for assets
being imported. When assets are imported, the appliance uses Primary Keys to determine whether to
update an existing record or create a record. You can select one field, or a combination of fields, as
the PK.
10. If the assets you are importing use barcodes, in the Barcode Fields area, indicate how you want to import
the barcodes.
Option
Description
Update asset barcodes with selected
Check if the barcodes supplied in this area already
exist, and if they do, update them. If they do not
exist, they are created for the specified assets.
Replace all asset barcodes with selected
Replace the existing barcodes with the specified
barcodes.
Barcode Data
The field in the CSV file that contains the barcode.
There can be only one barcode of the same type per
asset.
Barcode Name
The field in the CSV file that contains the barcode
tag. Barcode numbers are always unique, they
cannot be shared between multiple assets.
However, it is possible for an active asset to share a
barcode with an archived asset.
Barcode Format
The field in the CSV file that contains the barcode
format. For example, UPC-A, Code 11, or UPC-E.
11. Click Preview to verify the data on the Confirmation page.
12. Click Import to complete the import process.
The Result for Asset Import page appears.
13. Click Done to return to the Assets page.
When the import is complete, the assets appear in the Assets list. If the titles of the software matched titles
in the Software Catalog inventory, the assets are associated with the inventory items and you can view
them on the Software Catalog Detail page for the items.
Managing License Compliance
You can track the number of software licenses that have been purchased, the number in use on managed
devices, and the number that are available. This type of tracking helps you to ensure that your company complies
with software license requirements.
For example, if you have 100 licenses for the Adobe® Creative Suite, you might want to know how many of those
licenses are actually being used on managed devices. In addition, you might want to know when 80 or 90 percent
of those licenses are in use so that you can increase license capacity if necessary. You can customize license
usage warning thresholds to track license compliance.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing License Compliance
220
View License Compliance information for Software
Catalog applications
To ensure that your organization has the correct licenses for installed software, you can view License Compliance
information on the License Compliance list and on the License Compliance Dashboard widget. The License
Compliance list shows all the software license information you have added through License assets, as well as
information from the Software Catalog about applications that require licenses.
•
The Agent-managed devices in your KACE SMA inventory have software applications that are available in
the Software Catalog.
•
You have specified the number of seats available to installed Software Catalog applications as License
assets, and you have specified the license mode. See Add License assets for Software page inventory.
•
You have established warning thresholds for license usage in the appliance or organization general
settings. See Configure Admin-level or organization-specific General Settings.
1.
To view complete license compliance information, go to the License Compliance page:
2.
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click License Compliance.
NOTE: Information on the License Compliance list is updated every day after the appliance daily
backup is complete. If the list is empty, either there are no applications in the Software Catalog
inventory, or the information on the page has not been updated. In addition, if all the variances show
negative numbers, which indicates that there are more installations than license seats, verify that
you have added License assets for the applications. See Add License assets for Software Catalog
inventory.
To force the appliance to update License Compliance information, click Update Now above the list on the
left. Depending on the number of applications in inventory, this process might take a few minutes.
TIP: When you click Update Now, the appliance updates the data for each of the items on the
list. However, when you click the Refresh button above the list on the right, the appliance simply
redisplays the information already collected. It does not obtain new license usage information.
Information on the License Compliance page includes:
Column name
Description
Name
The name of the application.
Publisher
The name of the application publisher.
Installed
The number of application installations on Agent-managed devices.
Licensed
The number of seats remaining under the license.
Variance
The difference, if any, between the number of license seats available and the number
of application installations. A negative number indicates that the application has
been installed on more devices than the license allows, and therefore it is out of
compliance.
Used Last 90 Days The number of application installations that have been launched in the previous 90
days. A dash in this column indicates that metering is not enabled for the application.
KACE Systems Management Appliance 8.0 Administrator Guide
View License Compliance information for Software Catalog applications
221
Column name
Description
Not Used Last 90
Days
The number of application installations that have not been launched in the previous
90 days. A dash in this column indicates that metering is not enabled for the
application.
Coverage
NOTE: To obtain accurate usage information, metering must be enabled for
the application and for the devices on which the application is installed. See
Enabling and configuring metering for devices and applications.
NOTE: To obtain accurate usage information, metering must be enabled for
the application and for the devices on which the application is installed. See
Enabling and configuring metering for devices and applications.
The license type. License types include:
•
Upgrade: The installed application has been upgraded from an earlier version
(requires a maintenance agreement).
•
Downgrade: The installed application is using a license for a later version
(requires downgrade rights).
•
Original: The installed application is using a license that matches its version
number.
•
None: The application is installed without a license.
Platform
The operating system on which the application runs.
Edition
The name of the edition related to the application, such as Professional Edition or
Standard Edition.
3.
To sort the list, click View By, then select a view.
You can view applications by Product, such as Microsoft Office, or by Product and Edition, such as
Microsoft Office Professional and Office Standard. For example, if you wanted to see all editions of
Microsoft Office applications under one heading, you could select Product in the View By drop-down list.
The Licensed column shows the number of seats available to all applications in the Microsoft Office group.
To show Microsoft Office applications by edition, select Product and Edition in the View By drop-down list.
The Licensed column shows the number of seats available to each edition of Microsoft Office.
TIP: When a group, such as Office, is collapsed to show only the top-level item, a warning icon
is displayed to the left of the Name column if any item in the group has a negative variance or is
using more seats than the license allows:
4.
To view the License Compliance widget, click Home on the left navigation bar to go to the Admin-level
Dashboard page.
5.
.
TIP: If the License Compliance widget is not visible, click Customize in the upper right to install
it. See Customize Dashboard pages.
To view or change information about the number of seats available under a license, go to the detail page
for the License asset. See View assets and search for asset information.
KACE Systems Management Appliance 8.0 Administrator Guide
View License Compliance information for Software Catalog applications
222
Update software License Compliance information
manually
You can manually update software License Compliance information any time. If you have a large number of
applications, however, the process of updating the information might take several minutes.
The Agent-managed devices in your KACE SMA inventory have software applications that are available in the
Software Catalog.
Software License Compliance information is updated automatically every day after the appliance daily backup
process runs. Manually updating License Compliance information enables you to get the latest information
available.
1.
2.
NOTE: If you have not added License assets for applications in inventory, the License Compliance page
shows the number of seats available to applications as 0, and the variance is the number of software
installations.
Go to the License Compliance page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click License Compliance.
Click Update Now above the list.
The appliance checks for the latest license usage information and the list is updated.
TIP: Clicking the Refresh button above the list on the right simply redisplays the information
already collected. It does not obtain new license usage information.
Customize license usage warning thresholds
You can customize license usage warning thresholds to specify the license usage percentage that is considered
to be at warning or critical levels.
License compliance information appears on the appliance Dashboard. If the Organization component is enabled
on your appliance, you customize license usage warning thresholds for each organization separately.
1.
Go to Admin-level General Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings.
c.
On the Control Panel, click General Settings.
2.
Scroll down to the License Usage Warning Configurations section.
3.
In the Warning Threshold and Critical Threshold fields, enter new values.
The default Warning Threshold is 90. The default Critical Threshold is 100.
4.
To save, click Save and Restart Services.
Threshold limits are set. If you have created License assets, License Compliance information appears on
the Dashboard page of the Administrator Console.
Related topics
KACE Systems Management Appliance 8.0 Administrator Guide
Customize license usage warning thresholds
223
Add License assets for Software page inventory
View License Compliance and Configuration information
View License Compliance and Configuration
information
If you have set up License assets for applications, you can view License Compliance and Configuration
information for those applications.
Information is available for License assets associated with applications listed under the Software tab and
applications listed under the Software Catalog tab. See Setting up License Compliance.
If you have multiple organizations, you view license information for each organization separately.
1.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
2.
Click Home.
Software compliance information appears in the License Compliance widget.
NOTE: The appliance updates the data in the License Compliance widget every eight hours. Clicking
the Refresh button, however, does not update the data; it simply redisplays the data that has already
been collected.
The following colors indicate the usage level:
Color
Description
Red
Usage is at or above the critical threshold setting.
Orange
Usage is at or above the warning threshold setting but below the critical threshold setting.
Green
Usage is below the warning threshold setting.
The Software License Configuration widget displays the percentage of software licenses that are
categorized as unit licenses, site licenses, and other license modes.
KACE Systems Management Appliance 8.0 Administrator Guide
View License Compliance and Configuration information
224
Optional: View additional information on the License Compliance page. See View License Compliance information
for Software Catalog applications.
Setting up Service Desk
Setting up Service Desk entails setting up roles for Service Desk staff, and configuring ticket and email settings.
Setting up roles for user accounts
Service Desk uses permission-based roles to control access to Service Desk features and information. These
roles can be assigned to users automatically when they log in. You can use the default roles, or create roles as
needed.
About default roles
Default roles are available for standard user account types such as administrator, end-user, and limited-access.
The following roles are available by default. For more information about managing Organizational roles, see
Managing Organization Roles and User Roles.
Role
Description
Organization
Roles
Organization Roles are supersets of permissions that are assigned to organizations,
and they define the permissions that are available to organization users. For
example, if an organization is assigned an Organization Role that has the Distribution
tab hidden, users in that organization, including the Admin user, cannot access the
Distribution tab.
NOTE: Organization Roles are available only on appliances with the
Organization component enabled.
Default Role
The Default Role in the Organization Roles section has Write and Read permission
for all tabs. You can create additional Organization Roles, but you cannot edit or
delete the Default Role.
User Roles
Roles assigned to users to control their access to the Administrator Console and
User Console. If the Organization component is enabled on your appliance, the
permissions available to these roles depends on the Organization Role assigned to
the organization.
Administrator
The most powerful user role on the KACE SMA. By default, users with the
Administrator role have permission to see or change information and settings.
This includes promoting or demoting other users by changing their roles. The
KACE Systems Management Appliance 8.0 Administrator Guide
About default roles
225
Role
Description
Administrator role cannot be altered or deleted. Assign this role only to trusted
administrators.
Staff members assigned the Administrator role have permission to manage and
modify Service Desk tickets from the Tickets tab in the Administrator Console, though
they might not be able to own tickets themselves.
Users with the Administrator role can also use the security, scripting, and distribution
features to resolve Service Desk tickets, then document the issues in the Knowledge
Base.
The Administrator role primarily interacts with the KACE SMA through the
Administrator Console.
No Access
Users with this role cannot log on to the Administrator Console or User Console.
Read Only
Administrator
This role has the ability to view but not change any information or settings in the
KACE SMA. This role is useful for oversight personnel, such as supervisors.
This role primarily interacts with the KACE SMA through the Administrator Console.
User ConsoleOnly
This role is for appliance users. By default, this role has permission to create, view,
and modify Service Desk tickets.
This role interacts with the appliance exclusively through the User Console.
Create a Service Desk staff role
You can create a Service Desk staff role to establish permissions for users who work on Service Desk settings
and components.
By default, users with the Administrator role have permission to change all Service Desk components, including
creating and removing users. In addition, you can create a more limited Service Desk role for your organization.
Users with this role have permission to work on tickets, add items that can be downloaded from the User Console,
add articles to the Knowledge Base, and manage announcements that appear on the User Console home page.
However, they do not manage users, run reports, or change appliance settings. This guide refers to this group as
Service Desk Admin.
If the Organization component is enabled on your appliance, you can create separate Service Desk Admin roles
for each organization.
1.
Go to the Role Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Roles.
c.
Select Choose Action > New.
2.
In the Name field, provide name, such as Service Desk Admin.
3.
In the Description field, provide a brief description of the role, such as Used for Service Desk
Administrators.
This appears on the Roles list.
4.
Click the [Expand All] link next to Administrator Console Permissions to display the permissions settings
for all categories.
5.
Select these custom permissions for the new role:
KACE Systems Management Appliance 8.0 Administrator Guide
Create a Service Desk staff role
226
Category
Item
Permission level
Home
All
All Read
Inventory
Devices
WRITE
Software
WRITE
Software Catalog
WRITE
License Compliance
HIDE
Processes
HIDE
Startup Programs
HIDE
Services
HIDE
Discovery Schedules
HIDE
Discovery Results
HIDE
SNMP Inventory Configurations
HIDE
Devices
READ
Alerts
WRITE
Profiles
HIDE
Maintenance Windows
HIDE
Log Enablement Packages
HIDE
Assets
All
HIDE
Distribution
All
HIDE
Scripting
All
HIDE
Security
All
HIDE
Service Desk
Tickets
WRITE
User Downloads
WRITE
Knowledge Base
WRITE
Announcements
WRITE
Monitoring
KACE Systems Management Appliance 8.0 Administrator Guide
Create a Service Desk staff role
227
Category
Item
Permission level
Archive
READ
Configuration
READ
Reporting
All
All Hide
Settings
All
All Hide
User Console
All
All Read
6.
Click Save.
The Roles page shows the new role. When a user who is assigned to this role logs in, the appliance component
bar shows the available features.
Assign user roles
After you import or create user accounts, you can assign user roles to those accounts.
1.
2.
NOTE: User accounts can be imported from an LDAP server. See Importing users from an LDAP server.
Go to the Users list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Users.
Assign the Administrator role to your Service Desk administrators:
a.
Select the check box next to one or more users.
b.
Select Choose Action > Apply Role > Administrator.
By default, Administrator users have owner/submitter permissions.
3.
4.
Assign the Service Desk Staff role to your team users:
a.
Select the check box next to one or more users.
b.
Select Choose Action > Apply Role > Service Desk Staff.
Assign the All Ticket Owners label to your Service Desk team members:
a.
Select the check box next to one or more users.
b.
Select Choose Action > Apply Label > All Ticket Owners.
The label is applied, and it appears next to the username.
5.
Create a label named User, then apply the User label and role to users.
Related topics
Define custom ticket fields
Create a Service Desk staff role
Add an All Ticket Owners label
Apply labels and roles to Service Desk staff
You can apply labels and roles to Service Desk staff members to manage their permissions.
KACE Systems Management Appliance 8.0 Administrator Guide
Apply labels and roles to Service Desk staff
228
For instructions on creating labels and roles, see Setting up roles for user accounts and Setting up labels for user
accounts.
1.
Add a user to the DefaultTicketOwners@mydomain.com alias.
2.
Go to the User Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Users.
c.
Display the User Detail page by doing one of the following:
▪
Click the name of a user.
▪
Select Choose Action > New.
3.
In the Assign To Label field, click Edit.
4.
In the label window, drag the All Ticket Owners label to the Assign To field, then click Save.
NOTE: If the label does not exist, you need to create it.
5.
In the Role field, select the Service Desk Staff role.
6.
Click Save.
The user has permission to own, modify, fix, and close tickets. The user automatically receives email when a
ticket is created.
Related topics
Add an All Ticket Owners label
Create a Service Desk staff role
Create the DefaultTicketOwners account
If you want your Service Desk staff to receive email notifications when new tickets are created, you can create a
DefaultTicketOwners user account.
You can then configure the Ticket Detail page to use that account as described in Configuring ticket settings.
To learn about email notifications, see About email notifications.
1.
2.
Go to the User Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Users.
c.
Select Choose Action > New.
At minimum, provide the following details:
Field
Description
Login
DefaultTicketOwners
Name
DefaultTicketOwners
Email
DefaultTicketOwners@mydomain.com
KACE Systems Management Appliance 8.0 Administrator Guide
Create the DefaultTicketOwners account
229
Field
Description
Password
Enter a password
Confirm Password
Enter the password again
Role
No Access
Assign to Label
All Ticket Owners
3.
Click Save.
4.
To assign this new user as the default ticket owner, choose the DefaultTicketOwners as described in
Configuring ticket settings.
NOTE: The first default owner always remains the default owner of a ticket. For example, if you move
an existing ticket to another category with a different default owner, the default owner of the ticket
does not change.
Configuring email settings
You can set up an email notification strategy for a queue. If you have multiple queues, you can configure email
settings for each queue separately.
An email notification strategy is described in the System requirements.
By default, Service Desk automatically sends an email to alert your staff if a ticket remains in a particular state
too long. In addition, a ticket with a priority of High is escalated if it is not modified or closed within 30 minutes. To
change the escalation times and the list of tickets to which they apply, see Customize the Ticket Detail page.
In general, the KACE SMA should never be configured to email itself. For example, if a queue's email address is
helpdesk@example.com, the helpdesk@example.com email address should not be a valid selection for the
Category CC list or any of the settings where email addresses can be specified.
The following email notification strategy is used by most Quest KACE customers to prevent their staff from being
inundated with unnecessary notifications:
•
When a ticket is created, all Service Desk staff receive email notification. To learn about email notification
caveats, see About email notifications.
•
After a Service Desk staff member takes ownership of a ticket, the remaining staff does not receive email
about the ticket unless it is escalated, although they can search for it.
•
The ticket submitter and owner are notified by email each time their ticket’s State or Status changes.
•
The ticket owner is notified of any changes to the ticket.
•
If a ticket is escalated, the ticket owner, and anyone else in the Category CC list, is notified.
About email notifications
When Service Desk tickets are created or changed, the appliance sends email notifications based on the ticket
submission method, Email on Events settings, and actions taken.
The following rules are applied to email notifications:
•
When tickets are submitted or modified through the Administrator Console or User Console, the ticket
submitter does not receive an email confirmation. However, other users associated with the ticket, such as
KACE Systems Management Appliance 8.0 Administrator Guide
About email notifications
230
the Owner, Approver, CC List, and Category CC, receive email notifications as specified in the Email on
Events section of the Queue Detail page. See Configuring email triggers and email templates.
•
When tickets are created through email, the ticket submitter receives an email confirmation. However, when
a ticket is modified by email, the submitter does not receive a confirmation.
•
Change notification email messages are intentionally delayed when tickets are changed. This delay is
designed to reduce the number of email notifications sent when changes are made. For example, a ticket
owner might add a comment and save the ticket, then make a second, immediate change to the ticket. Only
one change notification is sent.
•
NOTE: Email messages are prepended with: +++++ Please reply above this line to add a comment +
++++.
When managed devices or user accounts are deleted from inventory, email notifications for any Service
Desk tickets related to those devices are suppressed to avoid unnecessary notifications.
About Ticket Rules
If the standard email behavior does not meet your needs, you can use Ticket Rules to change the behavior.
For more information about Ticket Rules, see Using Ticket Rules.
Many of the more complex Ticket Rules, such as modifying the behavior of email notifications, are published on
the Quest Support site, https://support.quest.com/contact-support.
About POP3 email accounts
You can configure the KACE SMA to receive email from POP3 servers.
To do so, you need to:
•
Enable and configure an external SMTP server in the appliance network settings. See Use an external
SMTP server or Secure SMTP server.
•
Optional. Configure Service Desk email preferences. See Configure email preferences.
•
Configure SMTP server and POP3 settings in Service Desk ticket queues. See Configure queue-specific
email settings.
If you do not use a POP3 email server, you can use the KACE SMA's built-in SMTP server to accept incoming
email messages from your internal email server.
IMPORTANT: The SMA appliance POP3 email server must pass authentication information and the email
text itself as clear text.
Create and configure POP3 email accounts
You can create and configure POP3 email accounts for use by the Service Desk users and staff.
The two accounts are:
•
Support@mydomain.com. This email address is used to:
◦
Receive all new tickets when they are created.
◦
Allow users and Service Desk staff to automatically create and modify tickets.
◦
Serve as the email address to which your users can reply.
KACE Systems Management Appliance 8.0 Administrator Guide
Create and configure POP3 email accounts
231
The email delivered to this address is not read, but Service Desk staff is notified of the ticket changes resulting
from the email.
•
DefaultTicketOwners@mydomain.com. This email alias is used to:
◦
Allow Service Desk staff to communicate with each other.
◦
Allow the appliance to send automated email notification about new and open tickets.
1.
Create Support@mydomain.com as a valid email address on your POP3 email server.
2.
Configure DefaultTicketOwners@mydomain.com as the Service Desk staff email alias, and add all of your
Service Desk staff email addresses to it. This is the general-purpose email alias that your Service Desk
staff uses to communicate with each other.
3.
If you want to use an external SMTP server used by the appliance, configure it on the Network Settings
page in the System Administration Console. See Change appliance network settings.
TIP: If you want to use POP3 for Service Desk ticket emails, you can configure the POP3
settings on the queue level.
4.
Optional. Configure Service Desk email preferences. See Configure email preferences.
5.
If you want to use different SMTP or POP3 settings for each queue, you can specify them on the queue
level. See Configure queue-specific email settings.
Configure email preferences
You can create and configure preferences for the email sent to and from the Service Desk users and staff.
By default, the Service Desk is configured to use an internal SMTP server for sending ticket-related emails. You
have an option to use an external SMTP server, however, you must configure it in the appliance network settings.
For more information, see Change appliance network settings.
1.
2.
Go to the Service Desk Email Preferences page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Service Desk, then click Configuration.
c.
On the Configuration panel, in the Email Configuration section, click Configure Service Desk
Email Preferences.
On the Service Desk Email Preferences page that appears, in the Outbound Email section, select the
Include "Reply above this line" text on outbound email communications check box.
It is recommended to use this feature to prevent the entire email chain from being added to each comment.
3.
Specify the text that you want to detect in the email subject. When the Service Desk receives a ticketrelated email with the specified subject, it will stop processing that email.
a.
4.
In the Inbound Email section, in the Ignore emails with following text in the subject field, type
the words that you want to detect. You can specify multiple entries, using a semi-colon as a
separator. For example: Out of Office;Mail Delivery Failure.
Configure the thresholds for all inbound email notifications during a specific period. When these levels are
reached, the Service Desk will stop sending email notifications.
NOTE: When the overall threshold is reached, notifications will pause for all tickets. If a per-ticket
threshold is reached, notifications will be paused only for the affected ticket. When the number of
email updates in the given period becomes lower than the configured threshold, the notifications will
resume.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure email preferences
232
Option
Description
Total Emails
The maximum number of all emails the Service Desk receives and responds with
email notifications. The default value is 100 emails.
Received within the
interval of x minutes
The time interval in minutes during which the specified number of emails are
received. The default value is one minute.
To disable this restriction, you can set to a high number such as 99999.
5.
Configure the thresholds for inbound email notifications per ticket, during a specific period. When these
levels are reached, the Service Desk will stop sending email notifications.
Option
Description
Total Emails per Ticket The maximum number of all emails the Service Desk receives for each ticket,
and responds with email notifications. The default value is 5 emails per ticket.
Received within the
interval of x minutes
6.
Specify the time interval in minutes during which the specified number of emails
for each ticket are received. The default value is one minute. To disable this
restriction, set this option to a high number such as 99999.
Click Save.
Next, you can configure POP3 email accounts for specific Service Desk queues. For more information, see
Configure queue-specific email settings.
Configuring email triggers and email templates
You can set up triggers that automatically send email from the KACE SMA and use templates to set the content of
those email messages.
The Email on Events section determines which actions trigger an email to the various KACE SMA users. Email
templates determine the content of the messages.
Timing of email messages
The following email events trigger the KACE SMA to send email immediately:
•
Comment: The system sends email notifications for comments when users add comments and click
Submit on the ticket form. When users add comments and click Save on the ticket form, however, only the
Any Change notification is sent.
•
Ticket Closed: If the Satisfaction Survey is enabled, an email that describes the Satisfaction Survey is sent
immediately when tickets are closed.
The following email events trigger the KACE SMA to send email every few minutes to prevent email overload:
•
Any Change
•
Owner Change
•
Status Change
•
Approval Change
•
Resolution Change
•
Escalation
•
SLA Violation
•
New Ticket Via Email
KACE Systems Management Appliance 8.0 Administrator Guide
Configuring email triggers and email templates
233
Configure email triggers
You can configure email triggers for a queue. If you have multiple queues, you can configure the email triggers for
each queue separately.
1.
2.
Go to the Service Desk Queue Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Service Desk, then click Configuration.
c.
On the Configuration panel, click Queues.
d.
Display the Queue Detail page by doing one of the following:
▪
Click the name of a queue.
▪
Select Choose Action > New.
In the Email on Events section, select the options for sending email when the specified events occur. Each
column represents a type of Service Desk user (role) and each row represents a ticket event.
Service Desk user (role)
Description
Owner
The person who is expected to resolve the ticket.
Submitter
The person whose issue is being resolved.
Approver
The person who can approve or reject the ticket for
processing.
Ticket CC
One or more email addresses that are stored in the
CC field of the ticket.
Category CC
One or more email addresses that are stored in
the CC List of the Category Value of the ticket. See
Configure CC lists for ticket categories.
When a ticket event occurs, email is sent to the selected roles or users. For example, if you select the Any
Change box in the Owner column, email is sent to the ticket owner whenever the ticket is changed. For the
Comment and Ticket Closed triggers, email is sent immediately. For other ticket changes, however, email is
sent every few minutes to prevent email overload.
NOTE: If users have the KACE GO mobile app installed on their smart phone or tablet, the system
sends push notifications for the selected Service Desk ticket events.
Option
Description
Any Change
Any information on the ticket is changed.
Owner Change
The ticket's Owner field is changed.
Status Change
The ticket's Status field is changed.
Comment
Information, attachments, or screen shots are added
to the ticket's Comments section. The system sends
email notifications for comments when users add
comments and click Submit on the ticket form.
When users add comments and click Save on
KACE Systems Management Appliance 8.0 Administrator Guide
Configuring email triggers and email templates
234
Option
Description
the ticket form, however, only the Any Change
notification is sent.
Approval Change
The ticket's approval status has changed.
Resolution Change
The ticket's resolution has changed.
Escalation
The ticket has not been updated to a stalled or
closed status within the escalation time defined by
the ticket priority.
SLA Violation
The ticket has not been resolved by its due date.
Ticket Closed
The ticket's Status field is changed to Closed. This
event is used to present a Satisfaction Survey to
submitters. See Using the Satisfaction Survey.
New Ticket Via Email
A user sends an email message to the Service Desk
and a ticket is created.
3.
Click Save.
Related topics
Configuring Mobile Device Access
Configure email templates
You can configure the email templates that Service Desk uses to generate email messages for a queue. If you
have multiple queues, you customize the email templates for each queue separately.
1.
Go to the Service Desk Queue Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Service Desk, then click Configuration.
c.
On the Configuration panel, click Queues.
d.
Display the Queue Detail page by doing one of the following:
▪
Click the name of a queue.
▪
Select Choose Action > New.
2.
In the Email on Events section, click Customize Emails to display the Service Desk Email Notifications
page.
3.
Change the following email templates as needed.
NOTE: If the default text for any of the templates is changed, the email messages will not be
translated into different languages.
Ticket-related
template
Description
Default recipients
Ticket Escalated
Used to send periodic notifications according to the
Escalation Time configured for the ticket priority in
the queue. For example, if tickets with the priority
of High have an Escalation Time of 30 minutes,
Owners, the ticket CC list, and
ticket Category CC list
KACE Systems Management Appliance 8.0 Administrator Guide
Configuring email triggers and email templates
235
Ticket-related
template
Description
Default recipients
this email is sent every 30 minutes for High priority
tickets until the ticket priority changes or until the
ticket is closed.
Ticket Created
from Email
Used to acknowledge that a ticket has been created
through email.
Submitters
Ticket Modified
Used to notify recipients when ticket information is
changed or added.
Owners and the ticket CC list
Comment
Submitted
Used to notify recipients that comments have been
added to tickets.
Owners, submitters,
approvers, the ticket CC list,
and the ticket Category CC list
Ticket Closed
Used to present a Satisfaction Survey to submitters
when tickets are closed. See Using the Satisfaction
Survey.
Submitters
Email Ticket
Manually
Used to for messages that are forwarded using the
Email Ticket action on Ticket Detail pages.
Manually entered by the
sender
TIP: If you use HTML/Markdown, the
$ticket_fields_visible token must be enclosed
in the <pre> tag to prevent formatting, such
as line breaks, from being discarded. For
example:
<pre>$ticket_fields_visible</pre>
SLA Violated
Used to notify recipients that a ticket has remained
open past the due date calculated using the SLA
(Service Level Agreement) settings and the ticket
priority.
None. Configurable on the
Queue Detail page
Error-related template
Description
Recipients
Error Creating Ticket from
Email
Used to notify senders that the ticket could not be created for
reasons other than unknown email address.
Submitters
Unknown Email Address
Response
Used to notify senders that the ticket could not be created
because the submitter's email address is unknown.
Submitters
Table 6. Tokens used in all email templates
Token
Description
$helpdesk_email
The email address associated with the Service Desk queue. This
address is configured on the Queue Detail page.
$helpdesk_name
The name of the Service Desk queue. This name is configured on
the Queue Detail page.
$userui_url
A link to the User Console. Access to the User Console requires
login credentials.
KACE Systems Management Appliance 8.0 Administrator Guide
Configuring email triggers and email templates
236
Table 7. Tokens used in ticket-related email templates
Token
Description
$change_desc
A formatted representation of the changes that were made the
last time the ticket was saved, including both field changes and
comments.
$last_attachment
The most recent attachment added to the ticket.
$last_comment
The most recent comment added to the ticket.
$mobile_ticket_url
A link to the ticket KACE GO mobile app. When displayed in an email
on an Android or iOS mobile device, this links opens the associated
ticket in the KACE GO mobile app.
$process_description
The process description. It can include important pre-requisites that
the users need to complete before proceeding to create a ticket
based on a process template.
$process_name
The name of the process template.
$process_status
The status of the process template such as Approval Required,
Approval Timed Out, Approval Received, Approval Rejected,
Process Cancelled, and Process Complete.
$process_type
The type of the process. In a default installation, only the Service
Desk process type is included. You can create new process types,
as required. For example, you can create a process type for
accessing a specific application, or a group of applications. For more
information, see Define process types.
$ticket_approver_email
The email address of the ticket approver. Having this address is
especially useful for Comments email notifications.
$ticket_approver_name
The name of the ticket approver.
NOTE: The approver name and contact information is derived
from the USER record associated with the fields on the ticket.
$ticket_approver_phone_home
Contact information for the ticket approver.
$ticket_approver_phone_mobile
Contact information for the ticket approver.
$ticket_approver_phone_pager
Contact information for the ticket approver.
$ticket_approver_phone_work
Contact information for the ticket approver.
$ticket_custom_X_label
The label and value used for a custom field, where X represents the
index number of the custom field.
$ticket_custom_X_value
For example, if a queue has a ticket field labeled, CUSTOM_5, and
that field is configured with the label Location Name, the system
replaces $ticket_custom_5_label with the text, Location
Name. The token, $ticket_custom_5_value is replaced with the
KACE Systems Management Appliance 8.0 Administrator Guide
Configuring email triggers and email templates
237
Token
Description
ticket value that was saved for the Location Name field, such as,
Topeka or Albuquerque.
By default, all ticket queues are configured with 15 custom fields, but
this number can be increased as needed.
NOTE: Each queue can have different custom fields and
different email template configurations.
$ticket_due_date
The due date as saved on the ticket. Administrators can override
automatic due dates with manual due dates if necessary.
$ticket_escalation_minutes
The time, in minutes, between periodic notifications. This time is
determined by the Escalation Time configured for the ticket priority
in the queue. For example, if tickets with the priority of High have
an Escalation Time of 30 minutes, this email is sent every 30
minutes for High priority tickets until the ticket priority changes or
until the ticket is closed. This token is typically used in the Ticket
Escalated email template, to inform recipients of the frequency of
email notifications.
$ticket_fields_visible
Include all the ticket fields that are visible for the user who is
forwarding the ticket by email.
TIP: If you use HTML/Markdown, the $ticket_fields_visible
token must be enclosed in the <pre> tag to prevent
formatting, such as line breaks, from being discarded. For
example:
<pre>$ticket_fields_visible</pre>
$ticket_history
The complete history of the ticket.
NOTE: For some tickets, the history information can become
very detailed and too large to send through email. If the
complete history is not needed, use $ticket_history_X to
limit the number of records to include.
$ticket_history_X
A specified number of records in the ticket history. X indicates the
number of records to include, beginning with the most recent.
$ticket_id
A unique identifier assigned to the ticket, also called the ticket
number. Using this identifier is the primary method for users to
identify tickets.
$ticket_number
A formatted version of the ticket ID. This version begins with TICK
followed by a minimum of five digits. For example, a ticket with ID
4321 is displayed as TICK:04321. This format is especially useful
in email Subject lines to make sure that email replies link to the
correct tickets.
$ticket_owner_email
The email address of the Service Desk administrator assigned to the
ticket.
$ticket_owner_name
The name of the Service Desk administrator assigned to the ticket.
KACE Systems Management Appliance 8.0 Administrator Guide
Configuring email triggers and email templates
238
Token
Description
NOTE: The owner name and contact information is derived
from the USER record associated with the fields on the ticket.
$ticket_owner_phone_home
Contact information for the Service Desk administrator assigned to
the ticket.
$ticket_owner_phone_mobile
Contact information for the Service Desk administrator assigned to
the ticket.
$ticket_owner_phone_pager
Contact information for the Service Desk administrator assigned to
the ticket.
$ticket_owner_phone_work
Contact information for the Service Desk administrator assigned to
the ticket.
$ticket_priority
The priority assigned to the ticket. Default values include High,
Medium, and Low.
$ticket_resolution
Information about what was done to resolve the ticket as described in
the ticket’s Resolution field.
$ticket_status
The status of the ticket. Defaults include New, Opened, Closed,
Need More Info, Reopened, Waiting Overdue, Waiting on Customer,
and Waiting on Third Party.
$ticket_submitter_email
The email address of the submitter.
$ticket_submitter_name
The name of the submitter.
NOTE: The submitter name and contact information is derived
from the USER record associated with the fields on the ticket.
$ticket_submitter_phone_home
Contact information for the submitter.
$ticket_submitter_phone_mobile
Contact information for the submitter.
$ticket_submitter_phone_pager
Contact information for the submitter.
$ticket_submitter_phone_work
Contact information for the submitter.
$ticket_title
The title of the ticket as it appears on the Ticket Detail page.
$ticket_url
A link to the ticket in the User Console. Access to the User Console
requires login credentials.
$ticket_http_url
A link to the ticket in the User Console. This format is used for
backward compatibility on older systems. Access to the User
Console requires login credentials.
KACE Systems Management Appliance 8.0 Administrator Guide
Configuring email triggers and email templates
239
Token
Description
$ticket_https_url
A secure link to the ticket in the User Console. Use this token if SSL
is enabled on your appliance. This ensures that links sent through
email work correctly.
$userui_url
A link to the home page of the User Console. Access to the User
Console requires login credentials.
Table 8. Tokens used in error-related email templates
Token
Description
$error_text
Used to identify a problem processing the submitted tokens. This error appears when:
•
The system does not recognize a variable
•
A variable is recognized, but the user does not have permission to change the
field
•
The variable attempts to change the approval status of the ticket but the user is
not the approver
$quoted_mail
The content of the original email message.
$subject
The subject of the original email message.
4.
NOTE: Tokens that are invalid are ignored and they are not replaced in email messages. For
example, if you add an unknown token such as $today, it is ignored, and it appears in the email
message as $today.
Optional: Select Use HTML/Markdown to use a simple HTML-based email instead of plain text.
NOTE: To use HTML/Markdown feature, the email text must be fully formatted in HTML/Markdown.
The default email text will not automatically convert to HTML/Markdown without the appropriate tags
in the email text.
For example:
Default Email Notification
Email Notification with HTML
$helpdesk_name created a ticket
in response to your email to
$helpdesk_email.
<p> $helpdesk_name created a
ticket in response to your email to
$helpdesk_email.</p>
$ticket_url
<p>You can see more details and track
progress on your new ticket at:
You can see more details and track
progress on your new ticket at:
<br/>
<a href="$ticket_url">Click here</a>
</p>
5.
Click Save.
For instructions on how to configure the appliance to use SMTP email, see Configuring SMTP email servers.
Configure CC lists for ticket categories
You can automatically notify users, or groups of users, when tickets are filed in specified categories, such as
hardware, software, or networking. To do this, add email addresses to the CC List value of each ticket category.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure CC lists for ticket categories
240
Configuring the CC List values of ticket categories is useful if you want to notify users, or groups of users, when
tickets are filed in categories that interest them. For example, you could add all of your system administrators to
the CC List of the Network category to ensure that they are notified of networking issues as they arise.
If you have multiple queues, you configure the ticket category CC List values for each queue separately.
1.
Go to the Service Desk Queue Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Service Desk, then click Configuration.
c.
On the Configuration panel, click Queues.
d.
Display the Queue Detail page by doing one of the following:
▪
Click the name of a queue.
▪
Select Choose Action > New.
2.
In the Email on Events section, select all of the check boxes under the Category CC column. See Configure
email triggers.
3.
Click Save.
4.
In the Ticket Defaults section, click Customize These Values.
5.
In the Category Values section, add email addresses to the CC List entries:
a.
6.
Click the Edit button in a category row:
.
b.
In the CC List field, enter a default email address for the category. Use commas to separate email
addresses. To enter multiple email addresses, consider using a distribution list.
c.
Click Save at the end of the row.
d.
Repeat this process to add CC List entries for other categories.
Click Save at the bottom of the page.
Create a default email address for ticket owners. See Create the DefaultTicketOwners account.
Automatically add email addresses to ticket CC List fields
You can enable Service Desk to automatically add email addresses to the CC List field of tickets whenever those
addresses appear in the To and Cc fields of tickets submitted or updated through email.
When this setting is enabled, any email addresses in the To and Cc fields are automatically added to ticket CC
List fields unless those addresses are specified in the System Email Exclusion List. See Exclude addresses from
ticket CC List fields.
1.
NOTE: If your Service Desk was created on a KACE SMA running version 6.3 or earlier, this setting is
disabled by default. If the Organization component is enabled on your system, and you create a new
organization, however, the setting is enabled by default. The setting is also enabled on new KACE SMAs
running version 6.4 or later.
Go to the Service Desk Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Service Desk, then click Configuration.
c.
On the Configuration panel, click Settings.
2.
In the Inbound Email section, select the check box next to Add email addresses from the CC List to ticket.
3.
Click Save.
KACE Systems Management Appliance 8.0 Administrator Guide
Automatically add email addresses to ticket CC List fields
241
Configure the email exclusion list to prevent Service Desk from automatically adding unwanted email addresses
to ticket CC List fields. See Exclude addresses from ticket CC List fields.
Exclude addresses from ticket CC List fields
Service Desk can automatically add email addresses to ticket CC List fields when tickets are submitted or
updated through email. However, some addresses, such as distribution lists and general company email
addresses, should not be added automatically because they increase unnecessary email traffic. To prevent
Service Desk from adding unwanted email addresses, you can specify the email addresses you want to exclude.
The email exclusion list is an appliance-level setting. If the Organization component is enabled on your appliance,
the email exclusion list is applied to all organizations and Service Desk queues.
1.
2.
3.
4.
NOTE: The email addresses associated with Service Desk queues are never automatically added to ticket
CC List fields, because sending messages to these addresses could result in new tickets being opened
inadvertently. You do not need to add these addresses to the exclusion list.
Go to the Service Desk Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Service Desk, then click Configuration.
c.
On the Configuration panel, click Settings.
In the Inbound Email section, click Define System Email Exclusion List to display the Define System
Email Exclusion List page.
To add an email address to the list, click add:
.
In the Add Email dialog, type an email address, then click Save.
The email address is added to the exclusion list.
Prevent email loops
When tickets are submitted or updated through email, Service Desk sends ticket notifications to respective
parties. However, if one or more users who receive such email reply with an automated Out of Office response,
Service Desk reacts with another ticket update and yet another email notification, potentially causing an infinite
email loop.
You can prevent the Service Desk from processing an email when an Out of Office response is received. You
also have an option to stop sending email notifications when a high number of incoming ticket-related emails is
detected. Any emails that cause the Service Desk to stop sending email notifications are logged.
1.
2.
Go to the Service Desk Email Preferences page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Service Desk, then click Configuration.
c.
On the Configuration panel, in the Email Configuration section, click Configure Service Desk
Email Preferences.
Specify the text that you want to detect in the email subject. When the Service Desk receives a ticketrelated email with the specified subject, it will stop processing that email.
KACE Systems Management Appliance 8.0 Administrator Guide
Prevent email loops
242
a.
3.
In the Inbound Email section, in the Ignore emails with following text in the subject field, type
the words that you want to detect. You can specify multiple entries, using a semi-colon as a
separator. For example: Out of Office;Mail Delivery Failure.
Configure the thresholds for all inbound email notifications during a specific period. When these levels are
reached, the Service Desk will stop sending email notifications.
NOTE: When the overall threshold is reached, notifications will pause for all tickets. If a per-ticket
threshold is reached, notifications will be paused only for the affected ticket. When the number of
email updates in the given period becomes lower than the configured threshold, the notifications will
resume.
Option
Description
Total Emails
The maximum number of all emails the Service Desk receives and responds with
email notifications. The default value is 100 emails.
Received within the
interval of x minutes
The time interval in minutes during which the specified number of emails are
received. The default value is one minute.
To disable this restriction, you can set to a high number such as 99999.
4.
Configure the thresholds for inbound email notifications per ticket, during a specific period. When these
levels are reached, the Service Desk will stop sending email notifications.
Option
Description
Total Emails per Ticket The maximum number of all emails the Service Desk receives for each ticket,
and responds with email notifications. The default value is 5 emails per ticket.
Received within the
interval of x minutes
5.
Specify the time interval in minutes during which the specified number of emails
for each ticket are received. The default value is one minute. To disable this
restriction, set this option to a high number such as 99999.
Click Save.
Configure the Cache Lifetime for Service
Desk widgets
Service Desk widgets available on the Dashboard page provide insight into the overall activity of your Service
Desk tickets. For example, you can view the number of active tickets sorted by their category or queue. For
performance reasons, underlying data for the Service Desk widgets is cached locally for a fixed duration. The
default minimum is 30 minutes. This can be increased as needed. You can force a data refresh for a specific
widget by clicking the refresh icon in the widget.
For more information about Dashboard widgets, see About Dashboard widgets.
1.
Go to the Service Desk Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Service Desk, then click Configuration.
KACE Systems Management Appliance 8.0 Administrator Guide
Configure the Cache Lifetime for Service Desk widgets
243
c.
On the Configuration panel, click Settings.
2.
Under Service Desk Dashboard Widgets, in the Cache Lifetime field, specify the length of time in minutes
during which the data populating the Service Desk Dashboard widgets will be preserved in the database.
The minimum is 30 minutes.
3.
Click Save.
Creating and managing organizations
If the Organization component is enabled on your appliance, you can create and manage separate organizations,
with separate inventory and settings, to meet your business needs.
TIP: If the Organization component is enabled on your appliance, but you do not see the drop-down list in
the top-right corner of the Administrator Console next to the login information, there are two possibilities:
Either fast switching is not enabled, or your user role does not have permission to manage organizations.
TIP: See Enable fast switching for organizations and linked appliances.
About organizations
Organizations are logical instances of a KACE SMA that run on a single appliance. Each organization is
supported by its own database, and you manage each organization’s inventory and other components separately.
For example, in a school environment, you could create one organization for teachers and another organization
for students. You could then automatically assign managed devices to each organization and manage them
separately. Further, you could assign organization-specific roles to administrators and users to control their
access to the KACE SMA Administrator Console and User Console. Administrators in one organization would not
need to view the devices and inventory items in the other organization. You can add up to 50 organizations on a
single KACE SMA.
For information about configuring general organization settings for the appliance, see Configure appliance
General Settings with the Organization component enabled.
About the Default organization
The organization named Default is the only organization that is available when you first set up the appliance. New
devices that are not assigned to an organization by a filter are assigned to the Default organization.
You can rename the Default organization and edit its settings as needed. See Add or edit organizations.
Tracking changes to organization settings
If History subscriptions are configured to retain information, you can view the details of the changes made to
settings, assets, and objects.
This information includes the date the change was made and the user who made the change, which can be useful
during troubleshooting. See About history settings.
Managing Organization Roles and User Roles
If the Organization component is enabled on your appliance, there are two types of roles: Organization Roles,
which are applied to organizations, and User Roles, which are applied to individual user accounts.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing Organization Roles and User Roles
244
If the Organization component is enabled on your appliance, there are two types of roles: Organization Roles,
which are applied to organizations, and User Roles, which are applied to individual user accounts.
This section describes the default Organization and User Roles, and explains how to manage Organization Roles.
For information about managing User Roles, see About user accounts and user authentication.
Available default roles
Default roles provide a variety of permission settings for organizations and users.
The following roles are available by default.
Role
Description
Organization
Roles
Organization Roles are supersets of permissions that are assigned to organizations,
and they define the permissions that are available to organization users. For
example, if an organization is assigned an Organization Role that has the Distribution
tab hidden, users in that organization, including the Admin user, cannot access the
Distribution tab.
NOTE: Organization Roles are available only on appliances with the
Organization component enabled.
Default Role
The Default Role in the Organization Roles section has Write and Read permission
for all tabs. You can create additional Organization Roles, but you cannot edit or
delete the Default Role.
User Roles
Roles assigned to users to control their access to the Administrator Console and
User Console. If the Organization component is enabled on your appliance, the
permissions available to these roles depends on the Organization Role assigned to
the organization.
Administrator
The most powerful user role on the KACE SMA. By default, users with the
Administrator role have permission to see or change information and settings.
This includes promoting or demoting other users by changing their roles. The
Administrator role cannot be altered or deleted. Assign this role only to trusted
administrators.
Staff members assigned the Administrator role have permission to manage and
modify Service Desk tickets from the Tickets tab in the Administrator Console, though
they might not be able to own tickets themselves.
Users with the Administrator role can also use the security, scripting, and distribution
features to resolve Service Desk tickets, then document the issues in the Knowledge
Base.
The Administrator role primarily interacts with the KACE SMA through the
Administrator Console.
No Access
Users with this role cannot log on to the Administrator Console or User Console.
Read Only
Administrator
This role has the ability to view but not change any information or settings in the
KACE SMA. This role is useful for oversight personnel, such as supervisors.
This role primarily interacts with the KACE SMA through the Administrator Console.
User Console Only
This role is for appliance users. By default, this role has permission to create, view,
and modify Service Desk tickets.
This role interacts with the appliance exclusively through the User Console.
KACE Systems Management Appliance 8.0 Administrator Guide
Available default roles
245
Add or edit Organization Roles
You can add or edit Organization Roles as needed.
Before you create organizations, create the Organization Roles you want to assign to those organizations as
described in this section. Organization Roles define the permissions that are available to organization users.
1.
Go to the Organization Role Detail page:
a.
b.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Organizations, then click Roles.
c.
Display the Organization Role Detail page by doing one of the following:
▪
Click the name of a role.
▪
Select Choose Action > New.
NOTE: You cannot edit the Default Role.
Provide the following information:
Option
Description
Name
(Required) Enter a name for the role.
Description
(Optional) Enter a description of the role.
3.
4.
5.
To assign Administrator Console permissions:
•
In the Administrator Console Permissions section, click a component name to expand it, or click
Expand All to expand all components.
•
To assign the same access level to all sections, select All Write, All Read, or All Hide.
•
To assign different access levels to different sections, select the Custom option, then select an
access level in the drop-down list next to the name of each section.
To assign User Console permissions:
•
In the User Console Permissions section, click the User Console link to expand the permissions
section.
•
To assign the same access level to all sections of the User Console, select All Write, All Read, or All
Hide.
•
To assign different access levels to different sections, select the Custom option, then select an
access level in the drop-down list next to the name of each section.
Click Save.
NOTE: If you assign the Hide permission to General and User Authentication under Settings, the
Control Panel is hidden.
The role appears on the Roles page. When you add an organization, the role appears on the Role drop-down list.
See Adding, editing, and deleting organizations.
Duplicate Organization Roles
When you duplicate an Organization Role, its properties are copied into the new role. If you are creating a role
that is similar to an existing role, duplicating the role can be faster than creating a role from scratch.
1.
Go to the Organization Role Detail page:
KACE Systems Management Appliance 8.0 Administrator Guide
Duplicate Organization Roles
246
a.
b.
c.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Organizations, then click Roles.
Click the name of a role.
Click Duplicate at the bottom of the page to duplicate the organization details.
The page refreshes.
3.
Provide the following information:
Option
Description
Name
(Required) Enter a name for the role.
Description
(Optional) Enter a description of the role.
4.
5.
6.
To assign Administrator Console permissions:
•
In the Administrator Console Permissions section, click a component name to expand it, or click
Expand All to expand all components.
•
To assign the same access level to all sections, select All Write, All Read, or All Hide.
•
To assign different access levels to different sections, select the Custom option, then select an
access level in the drop-down list next to the name of each section.
To assign User Console permissions:
•
In the User Console Permissions section, click the User Console link to expand the permissions
section.
•
To assign the same access level to all sections of the User Console, select All Write, All Read, or All
Hide.
•
To assign different access levels to different sections, select the Custom option, then select an
access level in the drop-down list next to the name of each section.
Click Save.
Delete roles
With the exception of the Default Role, you can delete Organization Roles as needed. You cannot delete the
Default Role, and you cannot delete a role if it is assigned to an organization.
The following roles cannot be deleted:
•
the Default Role
•
any roles assigned to an organization
•
any roles associated with a label
1.
Go to the Roles list:
a.
b.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Organizations, then click Roles.
2.
Select the check box next to one or more roles.
3.
Select Choose Action > Delete, then click Yes to confirm.
KACE Systems Management Appliance 8.0 Administrator Guide
Delete roles
247
Adding, editing, and deleting organizations
You can add, edit, and delete organizations as needed. In addition, you can rename the Default organization and
edit its settings.
Add or edit organizations
You can add or edit up to 50 organizations on a single KACE SMA.
When you add organizations, you need to assign them Organization Roles. You can use the Default Role, but
if you want to use a custom Organization Role, add that role before you add the organization. See Add or edit
Organization Roles.
1.
Go to the Organization Detail page:
a.
b.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Organizations.
c.
Display the Organization Detail page by doing one of the following:
▪
Click the name of an organization.
▪
Select Choose Action > New.
If you are adding an organization, provide the following information, then click Save.
Option
Description
Name
Enter a name for the organization. You can modify the name later if required. If the
fast switching option is enabled, this name appears in the drop-down list in the topright corner of the page. See Enable fast switching for organizations and linked
appliances.
Description
A description of the organization. You can modify the description later if necessary.
Role
The user role you want to assign to the organization. You can modify this selection
later if required.
Client Drop Size
NOTE: To create a role, go to Organizations > Roles.
A file-size filter for the organization's Client Drop location.
The Client Drop location is a storage area (Samba share) for the organization on
the KACE SMA. This storage area is used to upload large files, such as application
installers and appliance backup files, to the appliance. Uploading files to the Client
Drop location is an alternative to uploading files through the Administrator Console
using the default HTTP mechanism, which can result in browser timeouts for large
files.
The Client Drop Size filter determines whether files uploaded to the organization's
Client Drop location are displayed on the Upload and Associate Client Drop File list
on the Software Detail page. For example, if the Client Drop Size filter is set to 1 GB,
the Upload and Associate Client Drop File list shows files that are 1 GB in size or
larger. Files that are less than 1 GB in size are not displayed on the list.
Application files are moved from the organization's Client Drop location to the
appropriate area when the file is selected on the Software Detail page and saved.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit organizations
248
Option
Description
Appliance backup files that are placed in the Client Drop location are automatically
identified as appliance backup files, and they become available for selection on the
Backup Settings page within five minutes.
If you have multiple organizations, each organization has its own Client Drop location
and Client Drop Size filter setting. See Copy files to the KACE SMA Client Drop
location.
3.
Add, edit, or view the following information:
Option
Description
Name
Modify the name of the organization as needed. If the fast switching option is
enabled, this name appears in the drop-down list in the top-right corner of the page.
See Enable fast switching for organizations and linked appliances.
Locale
The language to use for the organization’s Administrator Console and User Console.
Description
A description of the organization. You can modify the description later if necessary.
Database Name
(Read-only) Displays the name of the database the organization is using.
Report User
(Read-only) The username used to generate reports. The report username provides
access to the database (for additional reporting tools), but does not give write access
to anyone.
Report User
Password
The report user password. This password is used only by the reporting system and
MySQL.
Role
The user role you want to assign to the organization. You can modify this selection
later if required.
Client Drop Size
NOTE: To create a role, go to Organizations > Roles.
A file-size filter for the organization's Client Drop location.
The Client Drop location is a storage area (Samba share) for the organization on
the KACE SMA. This storage area is used to upload large files, such as application
installers and appliance backup files, to the appliance. Uploading files to the Client
Drop location is an alternative to uploading files through the Administrator Console
using the default HTTP mechanism, which can result in browser timeouts for large
files.
The Client Drop Size filter determines whether files uploaded to the organization's
Client Drop location are displayed on the Upload and Associate Client Drop File list
on the Software Detail page. For example, if the Client Drop Size filter is set to 1 GB,
the Upload and Associate Client Drop File list shows files that are 1 GB in size or
larger. Files that are less than 1 GB in size are not displayed on the list.
Application files are moved from the organization's Client Drop location to the
appropriate area when the file is selected on the Software Detail page and saved.
Appliance backup files that are placed in the Client Drop location are automatically
identified as appliance backup files, and they become available for selection on the
Backup Settings page within five minutes.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit organizations
249
Option
Description
If you have multiple organizations, each organization has its own Client Drop location
and Client Drop Size filter setting. See Copy files to the KACE SMA Client Drop
location.
Filters
The filters you want to use to assign new devices to the organization when devices
check in to the appliance. To select multiple filters, use Ctrl-click or Command-click.
Devices
(Read-only) Displays the number of devices assigned to the organization.
4.
In the Communication Settings section, specify the following settings:
NOTE: To reduce the load on the KACE SMA, limit the number of Agent connections to 500 per
hour. The number of connections that appears next to the inventory, scripting, and metering intervals,
applies to the current organization only. If the Organization component is enabled on your appliance,
the total number of Agent connections for all organizations should not exceed 500 per hour.
Option
Suggested
Setting
Notes
Agent
Logging
Enabled
Whether the KACE SMA stores scripting results provided by Agents
installed on managed devices. Agent logs can consume as much as 1GB
of disk space in the database. If disk space is not an issue, enable Agent
Logging to keep all log information for Agent-managed devices. These
logs can be useful during troubleshooting. To save disk space, and enable
faster Agent communication, disable Agent Logging.
Agent
Inventory
12 hours
The frequency at which Agents on managed devices report inventory. This
information is displayed in the Inventory section.
Agentless
Inventory
1 Day
The frequency at which Agentless devices report inventory. This
information is displayed in the Inventory section.
Catalog
Inventory
24 hours
The frequency at which managed devices report inventory to the Software
Catalog page.
Metering
4 hours
The frequency at which managed devices report metering information
to the KACE SMA. Requires metering to be enabled on devices and
applications.
Scripting
Update
4 hours
The frequency at which Agents on managed devices request updated
copies of scripts that are enabled on managed devices. This interval does
not affect how often scripts run.
Disable Wait
for Bootup
Tasks
Disabled
If selected, this option stops the agent from executing bootup tasks.
Disable Wait
for Login
Tasks
Disabled
If selected, this option stops the agent from executing login tasks.
5.
In the Notify section, specify the message to use for Agent communications:
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit organizations
250
Option
Suggested Setting
Notes
Agent Splash
Bitmap
As required
The path to an existing .bmp file that you
want to use as the splash logo.
Disable Bootup
Splash
Disabled
If selected, this option stops the agent
from displaying the bootup splash logo.
Disable Login
Splash
Disabled
If selected, this option stops the agent
from displaying the login splash logo.
Agent Splash
Page Message
Default text:
The message that appears to users when
Agents are performing tasks, such as
running scripts, on their devices.
6.
KACE Systems Management
Appliance (SMA) is verifying
your PC Configuration and
managing software updates.
Please Wait...
In the Schedule section, specify the Communication Window for Agent-managed devices:
Option
Suggested Setting
Notes
Communication
Window
00:00 to 00:00 (+1
day)
The period of time during which Agents on managed devices
are allowed to connect with the KACE SMA. For example, to
allow Agents to connect between the hours of 01:00 and 06:00
only, select 01:00 from the first drop-down list, and 06:00 from
the second drop-down list.
You can set the communications window to avoid times when
your devices are busiest.
7.
In the Agentless section, specify communications settings for Agentless devices:
Option
Description
SSH/Telnet
Timeout
The time, in seconds, after which the connection is closed if there is no activity.
SNMP Timeout
The time, in seconds, after which the connection is closed if there is no activity.
Maximum
Attempts
The number of times the connection is attempted.
WinRM Timeout
The time, in seconds, after which the connection is closed if there is no activity.
VMware Timeout
The amount of time in seconds to wait for a connection to the VMware vSphere API
service running on a VMware host.
8.
Click Save.
The organization is added. If fast switching is enabled, and the default admin account passwords for the
System and for your organizations are the same, you can switch between organizations and the System
using the drop-down list in the top-right corner of the page. To see new organizations in the list, you need
to log out of the Administrator Console and then log back in. In addition, if the option to require organization
selection at login is enabled at the System level, the organization is available in the drop-down list on the
Administrator Console login page, http://KACE SMA_hostname/admin, where KACE SMA_hostname
is the hostname of your appliance.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit organizations
251
NOTE: For new organizations, the password for the default admin account is the same as the
password for the default admin account at the System level. This is assigned automatically. To
change the admin account password, edit the admin user account.
NOTE: However, be aware that organizations with different admin account passwords are not
available for fast switching using the drop-down list in the top-right corner of the page.
For more information about System-level settings, see Configure appliance General Settings with the
Organization component enabled.
Related topics
Managing organization filters
View appliance logs
Managing user accounts for organizations
Delete organizations
You can delete organizations as needed. However, if you have a single organization on your appliance, you
cannot delete that organization until you add another one. The appliance must always have at least one
organization available.
1.
Go to the Organization Detail page:
a.
b.
c.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Organizations.
Click the name of an organization.
Select Choose Action > Delete, then click Yes to confirm.
The organization, including information in the organization database, is removed from the appliance.
Customizing the logos used for the User Console and
organization reports
You can change the logo displayed on the User Console and in organization reports to match your company
branding.
The User Console, and the reports you run when logged in to the organization through the Administrator Console,
use the Quest logo by default. To upload your own logo, see the Logo Overrides section in Configure appliance
General Settings without the Organization component.
Managing user accounts for organizations
Organization user accounts enable users to access the features of the Administrator Console, User Console, and
Service Desk based on their roles assigned to their accounts.
You can use LDAP servers for user authentication, or you can add and edit user accounts manually. See:
•
Managing organization user accounts
•
Managing System-level user accounts
•
Using an LDAP server for user authentication
KACE Systems Management Appliance 8.0 Administrator Guide
Managing user accounts for organizations
252
CAUTION: Use caution when changing the password for the default admin account of an
organization. Organizations whose admin account passwords differ are not available for fast switching
using the drop-down list in the top-right corner of the page.
CAUTION: See Enable fast switching for organizations and linked appliances.
Managing organization filters
Organization filters assign devices to organizations when devices are inventoried.
Organization filters are similar to labels, but they serve a specific purpose: Organization filters automatically
assign devices to organizations when devices are inventoried.
There are two types of organization filters:
•
Data Filter: Assigns devices to organizations automatically based on search criteria. When devices are
inventoried, they are assigned to the organization if they meet the criteria. This filter is similar to Smart
Labels in that it assigns devices to organizations automatically if they match specified criteria.
•
LDAP Filter: Assigns devices to organizations automatically based on LDAP or Active Directory interaction.
When devices are inventoried, the query runs against the LDAP server. If devices meet the criteria, they are
automatically assigned to the organization.
To add or edit organization filters, see:
•
Add or edit organization Data Filters
•
Add or edit organization LDAP Filters
After you add a filter, you can associate it with an organization on the Organization Detail page. See Adding,
editing, and deleting organizations.
How organization filters work
Organizations can use multiple filters, but the same filter cannot be assigned to multiple organizations.
Organization filters run according to the following rules:
•
When devices are inventoried, one or more filters runs against them. If there are multiple filters, they run
according to the Order or Evaluation Order number in the filter details.
•
If devices match the criteria, they are assigned to the organization.
•
If devices do not match the criteria, they are assigned to the Default organization. An administrator can
then manually move devices from the Default organization to the appropriate organization. See Redirect
devices.
Add or edit organization Data Filters
You can add or edit organization Data Filters to automatically assign devices to organizations.
1.
Go to the Organization Filters Detail page:
a.
b.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Organizations, then click Filters.
c.
Display the Organization Filter Detail page by doing one of the following:
▪
Click the name of a filter.
▪
Select Choose Action > New Data Filter
Provide the following information:
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit organization Data Filters
253
Option
Description
Enabled
Whether the filter is enabled. Filters have to be enabled before they can be applied.
Name
The name of the filter. This name appears on the Organization Filters list.
Description
A description of the filter.
Order
The run order of the filter. Filters run according to the number specified. Low numbers
run before high numbers.
3.
In the Device Filter Criteria section, select filter criteria:
a.
Select a device attribute in the left-most drop-down list in the top row.
For example: IP Address.
TIP: The KACE SMA supports both IPv6 (Internet Protocol version 6) and IPv4 addresses.
b.
Select a condition in the second drop-down list.
For example: contains.
c.
In the text box, enter a value for the attribute.
For example, to find devices from a specified IP address range, such as the entire subnet
67.18.250.255, use the percent sign (%) as a wildcard as follows: 67.18.250.%.
d.
Optional: To add attributes, select an operator, such as [and ], in the left-most drop-down list of
the second row.
The fields in the row become active.
e.
Optional: To add rows to the criteria section, click Add Criteria.
An additional row appears.
4.
Click Save.
Add or edit organization LDAP Filters
You can add LDAP Filters to automatically assign devices to organizations using LDAP criteria.
1.
NOTE: If the LDAP server requires credentials for administrative login (that is, non-anonymous login),
supply those credentials. If no LDAP username is given, an anonymous bind is attempted. Each LDAP
Filter might connect to a different LDAP server.
Go to the Organization Filters Detail page:
a.
b.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Organizations, then click Filters.
c.
Display the Organization Filter Detail page by doing one of the following:
▪
Click the name of a LDAP filter.
▪
Select Choose Action > New LDAP Filter
Provide the following information:
Option
Description
Enabled
Whether the filter is enabled. Filters have to be enabled before they can be applied.
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit organization LDAP Filters
254
Option
Description
Name
The name of the filter. This name appears on the Organization Filters list.
Description
A description of the filter.
Evaluation Order
The run order of the filter. Filters run according to the number specified. Low numbers
run before high numbers.
3.
Specify LDAP criteria:
Option
Description
LDAP Server
The IP address or the hostname of the LDAP server. If the IP address is not valid, the
appliance waits to timeout, resulting in login delays during LDAP authentication.
NOTE: To connect through SSL, use an IP address or hostname. For
example: ldaps://hostname.
If you have a non-standard SSL certificate installed on your LDAP server, such as
an internally-signed certificate or a chain certificate that is not from a major certificate
provider such as VeriSign, contact Quest Support at https://support.quest.com/
contact-support for assistance.
Port
The LDAP port number, which is usually 389 (LDAP) or 636 (secure LDAP).
Base Dn
The LDAP criteria used to filter the main location for devices.
This criteria specifies a location or container in the LDAP or Active Directory
structure, and the criteria should include all the devices that you want to identify.
Enter the most specific combination of OUs, DCs, or CNs that match your criteria,
ranging from left (most specific) to right (most general). For example, this path might
lead to the container with devices that you want to identify:
OU=computers,DC=company,DC=com.
Advanced Search
The search filter. For example:
(&(objectCategory=Computer)(sAMAccountName=KBOX_COMPUTER_NAME))
LDAP Login
The credentials of the account the KACE SMA uses to log in to the LDAP server to
read accounts. For example:
LDAP Login:CN=service_account,CN=Users,DC=company,DC=com.
If no username is provided, an anonymous bind is attempted. Each LDAP Label can
connect to a different LDAP or Active Directory server.
LDAP Password
The password of the account the KACE SMA uses to log in to the LDAP server.
During the filter processing, the KACE SMA will replace all KBOX_ defined variables with their respective
runtime values.
Currently supported variables for organization device filters:
KBOX_COMPUTER_NAME
KBOX_COMPUTER_DESCRIPTION
KBOX_COMPUTER_MAC
KBOX_COMPUTER_IP
KBOX_USERNAME
KBOX_USER_DOMAIN
KBOX_DOMAINUSER
KACE Systems Management Appliance 8.0 Administrator Guide
Add or edit organization LDAP Filters
255
Should the external server require credentials for administrative login (aka non-anonymous login) please
supply those credentials. If no LDAP user name is given then an anonymous bind will be attempted. Each
LDAP filter may connect to a different LDAP/AD server.
4.
NOTE: To test your Filter, replace any KBOX_ variables with real values. Click Test and review the
results.
Click Save.
Test organization filters
You can test organization filters to verify that they produce expected results.
1.
Go to the Organizations Devices list:
a.
b.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Organizations, then click Devices.
2.
Click the Test Organization Filter tab above the list on the right side of the page.
3.
Select a filter in the Select a Filter drop-down list.
4.
Click Test.
Test results are displayed. If necessary, you can refilter the devices displayed in the list. See Filter devices.
NOTE: If you do not see any devices listed in the test results, either no existing devices match the
criteria, or the criteria are invalid. To edit the criteria, see Add or edit organization Data Filters.
Delete organization filters
You can delete organization filters provided that they are not associated with an organization.
1.
Go to the Organizations list:
a.
b.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Organizations.
If the filter is associated with an organization:
a.
Click the name of an organization to display the Organization Detail page.
b.
In the Filters field, click the x next to the filter you want to delete.
c.
At the bottom of the page, click Save.
Filters are updated only after you click Save.
The filter is no longer associated with the organization.
3.
Click Organizations > Filters to display the Organization Filters page.
4.
To delete a filter, do one of the following:
5.
•
Select the check box next to one or more filters, then select Choose Action > Delete.
•
Click the linked name of a filter, then on the Organization Filter Detail page, click Delete.
Click Yes to confirm.
Managing devices within organizations
You can search for, filter, and redirect, devices assigned to organizations.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing devices within organizations
256
Using Advanced Search
If you need more granularity than keyword searches provide, you can use Advanced Search. Advanced Search
enables you to specify values for each field in the inventory record and search the entire inventory listing for that
value.
For example, if you need to know which devices have a particular version of BIOS installed to upgrade only those
affected devices, you can search for BIOS information. See Searching at the page level with advanced options.
TIP: You can apply filters to devices displayed in search results.
Filter devices
If you have organization filters, you can filter devices to verify that the filters are being applied correctly.
1.
Go to the Organization Devices list:
a.
b.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Organizations, then click Devices.
2.
Select the check box next to one or more devices.
3.
Select Choose Action > Apply Filter.
The selected devices are checked against existing filters. If devices were reassigned to organizations, the
new organization name appears next to the old organization name in the Organization column.
Redirect devices
You can redirect, or manually reassign, devices to organizations as needed.
For example, a device that has been assigned to organization A can be manually redirected to organization B so
that it appears in the organization B inventory.
1.
Go to the Organization Devices list:
a.
b.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Organizations, then click Devices.
2.
Select the check box next to one or more devices.
3.
Select Choose Action > Assign, then select an organization name to redirect the selected devices to the
organization.
Understanding device details
The Device Details page in the System-level Organizations section provides details about devices that are
assigned to organizations.
To access the Device Details page in the Organizations section, go to the appliance System level and select
Organizations > Devices, then select a device name in the list. For information about device details, see
Managing inventory information.
KACE Systems Management Appliance 8.0 Administrator Guide
Understanding device details
257
Running single organization and consolidated
reports
If the Organization component is enabled on your appliance, and if you have multiple organizations on your
appliance, you can run single-organization reports for each organization separately. In addition, you can run
consolidated reports that provide information for all organizations in a single report.
For information on report creation, see Creating reports.
Importing and exporting appliance
resources
You can transfer resources among organizations on a KACE SMA, and if you have multiple appliances, you can
transfer resources among appliances as well.
About importing and exporting resources
Resources, such as Managed Installations and Smart Labels, can be imported and exported among organizations
and appliances.
If you have multiple KACE SMAs, you can transfer resources among them using the built-in Samba share
directories on the appliances. In addition, if the Organization component is enabled on your appliance, you can
transfer resources among organizations. This is useful for resources, such as scripts, that are created for one
organization, but that might be useful to other organizations as well.
You can import and export the following resources:
•
Notifications
•
Managed Installations
•
Reports
•
Scripts
•
Smart Labels
•
Software
•
Service Desk processes, ticket queues, and ticket rules
Transferring resources among appliances using
Samba share directories
You can use Samba share directories as staging areas to transfer resources among appliances.
To do this, export the resources from one appliance, then import them to a different appliance.
KACE Systems Management Appliance 8.0 Administrator Guide
Transferring resources among appliances using Samba share directories
258
Export resources from an appliance
Export resources from an appliance to make those resources available for import to other appliances.
1.
Log in to the Administrator Console of the appliance where the resources are located.
2.
Enable Samba share file sharing.
See Enable file sharing at the System level.
3.
4.
Go to the Share Resources list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Resources.
c.
On the Resources Panel, click Export.
Optional: To filter the list, use the View By drop-down list and Search field, which appear above the table
on the right.
For example, select a resource in the View By drop-down list to display only that resource category, or
enter a term in the Search field to display items that match that term.
5.
Select the check box next to one or more resources.
6.
Do one of the following:
◦
Choose Action > Export to Local Share
◦
Choose Action > Export to Network Share
NOTE: Select Export to Network Share to save the data to a shared location that exists on the
network and can be accessed from other devices. Select Export to Local Share to save the data to a
location on a device that is only accessible from that device.
7.
Optional: On the Annotate Exported Resource(s) page, enter any additional information in the Note field.
8.
Click Save.
The exported resources first appear on the Resource Sharing Status page with a Status of New Request.
When the export is complete, the Status changes to Completed. The exported resources are available on the
Samba share for import. See Import resources to organizations.
Most import and export tasks take only a moment to complete, but very large resources take more time.
Import resources to an appliance
You can import resources to appliances as needed.
KACE Systems Management Appliance 8.0 Administrator Guide
Import resources to an appliance
259
You have exported resources from an appliance. See Transferring resources among appliances using Samba
share directories.
1.
To view the Samba share location, do one of the following:
•
If the Organization component is not enabled on your appliance, select Settings > Security Settings.
•
If the Organization component is enabled on your appliance, select an organization in the drop-down
list in the top-right corner of the page, then select Settings > General Settings.
2.
Using a third-party file copying utility, copy the resources from the exporting appliance Samba share to the
importing appliance Samba share.
3.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin. Or, if the
Show organization menu in admin header option is enabled in the appliance General Settings, select an
organization in the drop-down list in the top-right corner of the page next to the login information.
4.
On the importing appliance, select Settings > Resources to display the Resources panel.
5.
Click Import to display the Import KACE SMA Resources page, which shows all of the appliance resources
available to import.
6.
Select Choose Action > Import from Network Share to display the Import Resources From SAMBA
Directory page.
7.
Select the resources to import, then click Import Resources.
The imported resources first appear on the Resource Manager Queue page with a Status of New Request.
When the import is complete, the Status changes to Completed. The imported resources are available and listed
on their respective tabs, such as Reporting.
Most import and export tasks take only a moment to complete, but very large resources take more time.
Transferring resources among organizations
If the Organization component is enabled on your appliance, you can transfer resources among organizations by
exporting them from one organization and importing them into other organizations.
Export resources from organizations
Export resources from organizations to make those resources available for import to other organizations.
1.
In the top-right corner of the page, select the organization you want to export resources from.
2.
Go to the Export Resources list:
a.
On the left navigation bar, click Settings, then click Resources.
b.
On the Resources Panel, click Export.
The Export Resources page appears, listing all of the organization resources available for export.
3.
Select the check box next to one or more resources.
4.
Select Choose Action > Export to Local Share or Export to Network Share to display the Annotate
Exported Resource(s) dialog.
5.
Optional: Enter any additional information in the Note field.
6.
Click Save.
The exported resource first appears on the Resource Manager Queue page with a Status of New Request.
When the export is complete, the Status changes to Completed. The exported resources are available for other
organizations on your appliance to import. For instructions, see Import resources to organizations.
Most import and export tasks take only a moment to complete, but very large resources take more time.
KACE Systems Management Appliance 8.0 Administrator Guide
Export resources from organizations
260
Import resources to organizations
You can import resources to organizations as needed.
You have exported resources from an organization. See Transferring resources among organizations.
To import appliance resources from another appliance, follow the instructions in Transferring resources among
appliances using Samba share directories.
1.
In the drop-down list in the top-right corner of the page, select the organization to which you want to import
resources.
2.
Go to the Import Resources list:
a.
On the left navigation bar, click Settings, then click Resources.
b.
On the Resources Panel, click Import.
3.
Select the check box next to one or more resources.
4.
Select Choose Action > Import from Local Share.
The imported resource first appears on the Resource Sharing Status page with a Status of New Request.
When the import is complete, the Status changes to Completed. The imported resources are available and listed
on their respective tabs, such as Reporting.
Most import and export tasks take only a moment to complete, but very large resources take more time.
Managing exported resources at the System level
If the Organization component is enabled on the appliance, you can manage exported or shared resources at the
System level.
This provides access to resources that have been exported or made available for sharing from any organization
on the appliance.
View or delete shared resources
If the Organization component is enabled on your appliance, you can view resources that have been exported
from any organization on the appliance.
1.
Go to the Shared Resources list:
a.
b.
c.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Settings, then click Resources.
Click Shared.
To delete a resource:
a.
Select the check box next to one or more resources.
b.
Select Choose Action > Delete, then click Yes to confirm.
Move shared resources from the local KACE SMA to network
locations
If the Organization component is enabled on your appliance, you can move shared resources from the local
KACE SMA to a network share.
1.
Go to the Shared Resources list:
KACE Systems Management Appliance 8.0 Administrator Guide
Move shared resources from the local KACE SMA to network locations
261
a.
b.
c.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Settings, then click Resources.
Click Shared.
Select Choose Action > Export to Network Share, then click Yes to confirm.
View or delete the status of resource exports
If the Organization component is enabled on your appliance, you can view the status of resources that have been
exported from any organization at the System level.
Status information is automatically deleted after 24 hours, but you can delete the status manually as needed.
1.
Go to the Resource Sharing Status list:
a.
b.
c.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Settings, then click Resources.
On the Resources Panel, click Status.
To delete a status:
a.
Select the check box next to a status.
b.
Select Choose Action > Delete, then click Yes to confirm.
KACE Systems Management Appliance 8.0 Administrator Guide
View or delete the status of resource exports
262
Managing inventory
You can use the KACE SMA to manage devices, software, processes, and services in inventory.
Using Device Discovery
Use device Discovery to identify devices that are connected to your network and to retrieve information about
those devices.
Use Discovery Results to label devices or add devices to inventory.
About Device Discovery and device management
Devices that can be discovered include laptops, desktops, servers, mobile devices, virtual devices, printers,
network devices, wireless access points, routers, switches and more.
These devices can be discovered even if they do not have the KACE SMA Agent installed on them. You can run
Discovery scans on-demand or schedule scans to run at specific times.
Discovery Results show the availability and details of devices. After devices are discovered, you can add devices
to inventory by:
•
Installing the KACE SMA Agent on devices. The KACE SMA Agent can be installed on Windows, Mac®,
Red Hat®, SUSE®, and Ubuntu® devices. See Provisioning the KACE SMA Agent.
•
Enabling Agentless management for devices. Agentless management is especially useful for devices
that cannot have the KACE SMA Agent installed, such as devices with unsupported operating systems.
See Managing Agentless devices.
Tracking changes to Discovery settings
If History subscriptions are configured to retain information, you can view the details of the changes made to
settings, assets, and objects.
This information includes the date the change was made and the user who made the change, which can be useful
during troubleshooting. See About history settings.
Discovering devices on your network
To discover devices, you can scan your network by creating a Discovery Schedule. The Discovery Schedule
specifies the protocols to use during the scan, the IP Address range to be scanned, and the frequency of the
scan.
KACE Systems Management Appliance 8.0 Administrator Guide
Discovering devices on your network
263
Depending on what you want out of a discovery scan and what devices you are working with, you can choose
from various Discovery types.
•
Quick "what and where" Discovery: See Add a Discovery Schedule to perform a quick "what and where"
scan of your network.
•
Thorough Discovery: You can use this type of discovery to get more device information than what is
available from the "what and where" type. See Add a Discovery Schedule for a thorough scan of managed
Windows, Mac, Linux, and UNIX computers.
•
External Integration Discovery: A different type of thorough discovery that is aimed at certain computer
devices that are not Windows-, Mac Os X-, or Linux-based. For more information, see:
•
◦
Add a Discovery Schedule for a KACE Cloud Mobile Device Manager device
◦
Add a Discovery Schedule for a G Suite device
◦
Add a Discovery Schedule for an AirWatch device
Non-computer Discovery: See Add a Discovery Schedule for SNMP-enabled non-computer devices.
You can scan for devices across a single subnet or multiple subnets. You can also define a scan to search for
devices listening on a particular port.
When adding Discovery Schedules, you should balance the scope of the scan (the number of IP addresses
you are scanning) with the depth of the probe (the number of attributes you are scanning), so that you do not
overwhelm the network or the KACE SMA. For example, if you need to scan a large number of IP addresses
frequently, keep the number of ports, TCP/IP connections, and so on, relatively small. As a rule, scan a particular
subnet no more than once every few hours.
Add a Discovery Schedule to perform a quick "what and where"
scan of your network
Use one of the available schedules to quickly obtain Discovery Results that show the availability of devices.
This type of Discovery scans for any device type in your network: managed computers or non-computer devices.
If you want to add an Nmap Discovery Schedule, there are several issues to consider. See Things to take into
consideration with Nmap discovery.
1.
2.
Go to the Discovery Schedule Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Schedules.
c.
Select Choose Action > New.
Select the Discovery Type to display the form with the options for the selected type.
Depending on the type you select, the following options appear before the Notify section:
◦
Ping. DNS Lookup and Ping discovery options appear.
◦
Socket. DNS Lookup and Socket discovery options appear.
◦
Active Directory. DNS Lookup and Active Directory discovery options appear.
◦
External Integration [KACE Cloud Mobile Device Manager, G Suite, AirWatch]. KACE Cloud
Mobile Device Manager, G Suite, and AirWatch discovery options appear.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule to perform a quick "what and where" scan of your network
264
NOTE: Any devices discovered through External Integration such as KACE Mobile Device
Manager, G Suite, AirWatch devices do not count toward the KACE SMA license limit.
◦
Authenticated [WinRM, SNMP, SSH/Telnet, VMware]. DNS Lookup, WinRM, SNMP, SSH/Telnet,
and VMware discovery options appear.
◦
Nmap. DNS Lookup and Nmap discovery options appear.
◦
Custom. DNS Lookup, Ping, Nmap, WinRM, SNMP, SSH/Telnet, and VMware discovery options
appear.
3.
In the Name field, enter a name for the scan.
4.
In the IP Address Range field, enter an IP address range to scan. Use hyphens to specify individual
IP address class ranges. For example, type 192.168.2-5.1-200 to scan for all IP addresses between
192.168.2-5.1 and 192.168.2-5.200, inclusive.
This name appears on the Discovery Schedules page.
TIP: The KACE SMA supports both IPv6 (Internet Protocol version 6) and IPv4 addresses.
5.
CAUTION: A maximum of 25,000 IP addresses is supported. If you specify an IP range that results in
more than 25,000 addresses, a warning appears when you attempt to save the provisioning schedule.
Select the Discovery options. The options that appear depend on the Discovery Type you have chosen:
Option
Item
Description
Enable Discovery to identify the name of the device. DNS Lookup
is important if you want device names to appear in the Discovery
Results and Inventory lists. You can select the DNS Lookup options
for each Discovery type.
DNS Lookup
Name Server
for Lookup
The hostname or IP address of the name server.
Timeout
The time, in seconds, after which a DNS lookup expires. If an
address is not found during this time, the process “times out.”
TIP: The KACE SMA supports both IPv6 (Internet Protocol
version 6) and IPv4 addresses.
Ping
Perform a ping test during the network scan. During this test,
the appliance sends a ping test to determine whether a system
responds.
Socket
Perform a connection test during the network scan. During this test,
the appliance sends a packet to the port to determine whether the
port is open.
Active Directory
TCP Port List
Enable a port scan using TCP (Transmission Control Protocol). Use
a comma to separate each port number.
UDP Port List
Enable a port scan using UDP (User Datagram Protocol). Use a
comma to separate each port number.
Enable the appliance to check for device information on an Active
Directory server. During Active Directory scans, the status is
indicated as an approximate percentage instead of the number of
devices scanned.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule to perform a quick "what and where" scan of your network
265
Option
Item
Description
Privileged
User
The username of the administrator account on the Active Directory
server. For example, username@example.com.
Privileged
User
Password
The password of the administrator account on the Active Directory
server.
Search
Context
The criteria used to search for devices. This criteria specifies a
location or container in the Active Directory structure to be searched.
Enter the most specific combination of OUs, DCs, or CNs that match
your criteria, ranging from left (most specific) to right (most general).
For example: DC=company,DC=com
This option allows you to access mobile devices such as smart
phones and tablets connected to the KACE Cloud Mobile Device
Manager (MDM). You must obtain a tenant name and a Secret
Key from the KACE Cloud MDM in order to access the devices
associated with it.
KACE Cloud
Mobile Device
Manager
Tenant Name
The name of the tenant on the KACE Cloud MDM associated with
the devices that you want to manage.
Credentials
The details of the account that is used to connect to the KACE Cloud
MDM device. Select an existing credential from the drop-down list, or
select Add new credential to add a new credential, as required.
For more information, see Add and edit Secret Key credentials.
Auto Provision If selected, all mobile devices discovered in the next scan are added
Devices
to inventory.
NOTE: Use this option with care, to avoid expanding your
inventory to an unexpected extent.
Working with G Suite devices requires credentials that grant the
KACE SMA access to a Google Apps Domain using the Admin SDK
API. You must obtain a Client ID and a Client Secret from Google so
that you can get an approval code for the KACE SMA to use.
G Suite
Discover
Chrome
Devices
If selected, any Chrome devices will be discovered in the next scan.
Discover
Mobile
Devices
If selected, any G Suite mobile devices will be discovered in the next
scan.
Credentials
The details of the account that is used to connect to the Chrome
device. Select an existing credential from the drop-down list, or
select Add new credential to add a new credential, as required.
The selected credential must have an approval code that can be
associated with the appropriate device type. For example, if you
want to discover G Suite mobile devices, you cannot use a credential
whose approval code is generated for Chrome devices.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule to perform a quick "what and where" scan of your network
266
Option
Item
Description
For more information, see Add and edit Google OAuth credentials.
Auto Provision If selected, all Chrome and mobile devices discovered in the next
Devices
scan are added to inventory.
NOTE: Use this option with care, to avoid expanding your
inventory to an unexpected extent.
VMware® AirWatch® is an enterprise-level mobility management
platform that allows you to manage a wide range of different device
types.
AirWatch
Host
The host name of the AirWatch administration console.
REST API
Key
The REST API key, available in the AirWatch administration console.
The key must be provided to enable integration with AirWatch
through API calls.
Credentials
The details of the service account required to connect to the device
and run commands. Select an existing credential from the dropdown list, or select Add new credential to add a new credential, as
required.
See Add and edit User/Password credentials.
Auto Provision If selected, all AirWatch devices discovered in the next scan are
Devices
added to inventory.
NOTE: Use this option with care, to avoid expanding your
inventory to an unexpected extent.
WinRM is the connection type to use for Windows devices.
WinRM
Timeout
The time, in seconds, up to 1 minute, after which the connection is
closed if there is no activity.
Require
Kerberos
If selected, Kerberos is required for authentication. NTLM will not be
used as an alternative when Kerberos is unavailable.
Using Kerberos requires DNS Lookup to be enabled in the same
discovery configuration. The DNS Server is also required in the local
KACE SMA network settings.
Port
If this field is left blank, the default port 5985 is used.
Credentials
The details of the service account required to connect to the device
and run commands. Select an existing credential from the dropdown list, or select Add new credential to add a new credential, as
required.
See Add and edit User/Password credentials.
SNMP
SNMP (Simple Network Management Protocol) is a protocol for
monitoring managed devices on a network.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule to perform a quick "what and where" scan of your network
267
Option
Item
Description
SNMP Full
Walk
Enable a Full Walk of data in the MIB (management information
base) on devices. If this option is cleared, the appliance does a Bulk
GET, which searches three core OIDs (object identifiers). When
selecting this option, be aware that a Full Walk can take up to 20
minutes per device. The default, Bulk GET, takes approximately one
second and acquires all of the information needed for Discovery.
IMPORTANT: SNMP inventory walk does not support nonEnglish characters on Windows devices. If it encounters nonEnglish characters, the SNMP inventory process reports an
error and stops loading inventory information.
Timeout
The time, in seconds, after which the scan ends if no response is
returned.
Maximum
Attempts
The number of times the connection is attempted.
Credentials(SNMPv1/
The details of the SNMP v1/v2 credentials required to connect to
v2)
the device and run commands. Select an existing credential from
the drop-down list, or select Add new credential to add a new
credential, as required.
See Add and edit SNMP credentials.
Credentials(SNMPv3)
The details of the SNMP v3 credentials required to connect to
the device and run commands. Select an existing credential from
the drop-down list, or select Add new credential to add a new
credential, as required.
See Add and edit SNMP credentials.
Use SSH or Telnet protocols with authentication.
SSH/Telnet
IMPORTANT: After a Discovery Schedule is saved, you
cannot change SSH and Telnet authentication to SNMP
authentication.
Timeout
The time, up to 5 minutes, after which the connection is closed if
there is no activity.
Try SSH2
Connection
Enable the SSH2 protocol for connecting to and communicating with
devices.
Use SSH2 if you want device communications to be more secure
(recommended).
Try Telnet
Connection
Enable the Telnet protocol for connecting to and communicating with
devices.
Use Telnet for devices that are not SSH-enabled or devices that
have port 22 blocked. Telnet communications are not encrypted.
Credentials
The details of the service account required to connect to the device
and run commands. Select an existing credential from the dropdown list, or select Add new credential to add a new credential, as
required.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule to perform a quick "what and where" scan of your network
268
Option
Item
Description
See Add and edit User/Password credentials.
VMware
Timeout
The time after which the scan ends if no response is returned.
Credentials
The details of the service account required to connect to the device
and run commands. Select an existing credential from the dropdown list, or select Add new credential to add a new credential, as
required.
See Add and edit User/Password credentials.
Nmap
NOTE: Running more than one of the four Nmap discovery
types at a time, although possible, is not recommended. It can
extend the length of a run and can cause erratic OS detection
results.
Timeout
The time after which the scan ends if no response is returned.
Fast Scan
Enable the appliance to quickly scan 100 commonly used ports. If
this option is cleared, all available TCP ports are scanned, which can
take much longer than the fast scan.
Nmap
Operating
System
Detection
(Best Guess)
Enable the appliance to detect the operating system of the device
based on fingerprinting and port information. This option might
increase the time required for the scan.
TCP Port
Scan
Enable a port scan using TCP (Transmission Control Protocol) of
1000 commonly used TCP ports. If this option is cleared, and UDP is
selected, the appliance performs a UDP scan. If both TCP and UDP
are cleared, the appliance uses a TCP scan.
If you select this option, Quest recommends that you set the Timeout
value to 10 minutes to decrease the likelihood of erroneous results.
Do not combine this scan with the Fast Scan option. Doing so results
in only 100 commonly used ports being scanned.
UDP Port
Scan
Enable a port scan using UDP (User Datagram Protocol) of up to
1000 UDP ports. UDP scans are generally less reliable, and have
lower processor overhead, than TCP scans because TCP requires
a handshake when communicating with devices whereas UDP
does not. However, UDP scans might take longer than TCP scans,
because UDP sends multiple packets to detect ports, whereas TCP
sends a single packet.
If you select this option, Quest recommends that you set the Timeout
value to 30 minutes to decrease the likelihood of erroneous results.
Do not combine this scan with the Fast Scan option. Doing so results
in only 100 commonly used ports being scanned.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule to perform a quick "what and where" scan of your network
269
Option
Item
Description
If this option is cleared, the appliance does not scan ports using
UDP.
6.
Optional: Enter an email address for being notified of when the discovery scan completes. The email
includes the name of the discovery schedule.
7.
Specify the scan schedule:
TIP: To maintain the scan inventory without scanning, set the schedule of the scan configuration
to None.
Option
Description
None
Run in combination with an event rather than on a specific date or at a specific time.
Every n minutes/
hours
Run at a specified interval.
Every day/specific Run daily at a specified time, or run on a designated day of the week at a specified
time.
day at HH:MM
On the nth of
every month/
specific month at
HH:MM
8.
Run on the same day every month, or a specific month, at the specified time.
Click Save.
Related topics
About Discovery Results
View and search Discovery Results
Stop a running discovery scan
Delete Discovery Schedules
Things to take into consideration with Nmap discovery
For successful outcomes with Nmap discovery, there are some issues to consider and best practices to adopt to
improve speed and accuracy and to avoid problems.
Best practices for improving the speed and accuracy of discovery
To improve the speed and accuracy of Nmap discovery:
•
Avoid using DNS Lookup. DNS Lookup can slow down scan times by up to 500 percent if you specify an
invalid or unreachable IP address for the DNS.
•
Run one discovery type at a time. Although it is possible to run multiple discovery types simultaneously,
doing so can extend the length of a run and can cause erratic OS detection results.
•
Select Nmap Operating System Detection (Best Guess) if you are unsure what to run. This selection
can give you a reasonable view into your subnet or subnets. At a minimum, using Best Guess can identify
what OSs are on what devices. If you do not get the expected results, for example if some devices appear
with unknown as the Operating System, try increasing the timeout value and rerunning the discovery.
•
Discovery does not work correctly through a VPN. Use another source for access to the devices.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule to perform a quick "what and where" scan of your network
270
Issues that can impede discovery
Be aware that devices that are offline or otherwise inaccessible at the time of a scan are ignored because they
appear to be nonexistent.
If you know that there are devices that should be reported, but are not, they are either:
•
Being blocked by a firewall
•
Actively blocking pings
•
Actually offline (no power)
•
Thwarting fingerprinting, through various methods.
Some devices, typically security devices, hide themselves from view, or misrepresent themselves to avoid
detection.
Troubleshooting unknown operating systems
If the Operating System appears as unknown in the Discovery Results list page:
•
Check to see if the Nmap checkmark is present in the Nmap column. If not, the device was offline during
the scan, and the operating system could not be determined.
•
If the Nmap checkmark is present, but the Operating System is unknown, the most likely cause is a firewall
that is blocking the ports that Nmap is using to determine what OS is running on the device.
For example, if you scan using only UDP ports 7 and 161, the device appears online with the Nmap
checkmark displayed. However, the Operating System appears unknown, because UDP ports alone are not
sufficient to determine what OS is running on the device.
Add a Discovery Schedule for a thorough scan of managed
Windows, Mac, Linux, and UNIX computers
To scan your network for devices and capture information about devices, you use Discovery Schedules. After
devices are discovered using the Active Directory or Authenticated discovery type, you can add those discovered
devices to inventory.
1.
2.
Go to the Discovery Schedule Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Schedules.
c.
Select Choose Action > New.
Select the Discovery Type to display the form with the options for the selected type.
Depending on the type you select, the following options appear before the Notify section:
3.
◦
Active Directory. DNS Lookup and Active Directory discovery options appear.
◦
Authenticated [WinRM, SNMP, SSH/Telnet, VMware]. DNS Lookup, WinRM, SSH/Telnet, and
SNMP discovery options appear.
In the Name field, enter a name for the scan.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule for a thorough scan of managed Windows, Mac, Linux, and UNIX computers
271
This name appears on the Discovery Schedules page.
4.
5.
In the IP Address Range field, do one of the following:
•
If you select the Active Directory Discovery Type, enter the IP address of the Active Directory server
to be scanned.
•
Enter an IP address range to scan. Use hyphens to specify individual IP address class ranges.For
example, type 192.168.2-5.1-200 to scan for all IP addresses between 192.168.2-5.1 and
192.168.2-5.200, inclusive.
TIP: The KACE SMA supports both IPv6 (Internet Protocol version 6) and IPv4 addresses.
CAUTION: A maximum of 25,000 IP addresses is supported. If you specify an IP range that
results in more than 25,000 addresses, a warning appears when you attempt to save the
provisioning schedule.
Select the Discovery options. The options that appear depend on the Discovery Type you have chosen:
Option
Item
Description
Enable Discovery to identify the name of the device. DNS Lookup is
important if you want device names to appear in the Discovery Results
and Inventory lists. You can select the DNS Lookup options for each
Discovery type.
DNS Lookup
Name Server
for Lookup
The hostname or IP address of the name server.
Timeout
The time, in seconds, after which a DNS lookup expires. If an address is
not found during this time, the process “times out.”
TIP: The KACE SMA supports both IPv6 (Internet Protocol version
6) and IPv4 addresses.
Enable the appliance to check for device information on an Active
Directory server. During Active Directory scans, the status is indicated as
an approximate percentage instead of the number of devices scanned.
Active
Directory
Privileged
User
The username of the administrator account on the Active Directory server.
For example, username@example.com.
Privileged
User
Password
The password of the administrator account on the Active Directory server.
Search
Context
The criteria used to search for devices. This criteria specifies a location or
container in the Active Directory structure to be searched. Enter the most
specific combination of OUs, DCs, or CNs that match your criteria, ranging
from left (most specific) to right (most general). For example:
DC=company,DC=com.
WinRM is the connection type to use for Windows devices.
WinRM
Timeout
The time, in seconds, up to 1 minute, after which the connection is closed
if there is no activity.
Require
Kerberos
If selected, Kerberos is required for authentication. NTLM will not be used
as an alternative when Kerberos is unavailable.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule for a thorough scan of managed Windows, Mac, Linux, and UNIX computers
272
Option
Item
Description
Using Kerberos requires DNS Lookup to be enabled in the same discovery
configuration. The DNS Server is also required in the local KACE SMA
network settings.
Port
If this field is left blank, the default port 5985 is used.
Credentials
The details of the service account required to connect to the device and
run commands. Select existing credentials from the drop-down list, or
select Add new credential to add credentials not already listed.
See Add and edit User/Password credentials.
Use SSH or Telnet protocols with authentication.
SSH/Telnet
NOTE: After a Discovery Schedule is saved, you cannot change
SSH and Telnet authentication to SNMP authentication.
Timeout
The time, up to 5 minutes, after which the connection is closed if there is
no activity.
Try SSH2
Connection
Enable the SSH2 protocol for connecting to and communicating with
devices.
Use SSH2 if you want device communications to be more secure
(recommended).
Try Telnet
Connection
Enable the Telnet protocol for connecting to and communicating with
devices.
Use Telnet for devices that are not SSH-enabled or devices that have port
22 blocked. Telnet communications are not encrypted.
Credentials
The details of the service account required to connect to the device and
run commands. Select existing credentials from the drop-down list, or
select Add new credential to add credentials not already listed.
See Add and edit User/Password credentials.
6.
Optional: Enter an email address for being notified of when the discovery scan completes. The email
includes the name of the discovery schedule.
7.
Specify the scan schedule:
TIP: To maintain the scan inventory without scanning, set the schedule of the scan configuration
to None.
Option
Description
None
Run in combination with an event rather than on a specific date or at a specific time.
Every n minutes/
hours
Run at a specified interval.
Every day/specific Run daily at a specified time, or run on a designated day of the week at a specified
time.
day at HH:MM
On the nth of
every month/
Run on the same day every month, or a specific month, at the specified time.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule for a thorough scan of managed Windows, Mac, Linux, and UNIX computers
273
Option
Description
specific month at
HH:MM
8.
Click Save.
Related topics
About Discovery Results
View and search Discovery Results
Stop a running discovery scan
Delete Discovery Schedules
Obtain a Client ID and Client Secret for use in discovering
Chrome devices
Working with Chrome devices requires credentials that grant the KACE SMA access to a Google Apps Domain
using the Admin SDK API. You must obtain a Client ID and a Client Secret from Google so that you can get an
approval code for the KACE SMA to use.
•
You have a Google Apps for Business domain or Google Apps for Education domain, with Chrome Device
Management support.
•
You have a Google User admin account that is a member of the business or education domain. The
account must be assigned the super user role.
•
You have a Google account that can be used as your developer account in this procedure. This account
does not have to be the same as the admin account, nor does it have to be a member of the business or
education domain.
The KACE SMA is enabled to import device information about devices and users from a Google Apps Domain
when the KACE SMA has access to the Admin SDK API. Part of the credentialing process requires setting up a
Google project, enabling the Admin SDK API from within it, and creating a Client ID and Client Secret.
1.
Sign in to your developer account at https://console.developers.google.com/.
2.
Create a project.
a.
Click Projects in the left navigation bar.
b.
Click Create Project to display the New Project dialog.
c.
Type a project name
d.
Use the auto-generated Project ID or type a unique ID of your choice.
e.
Click Create.
The Project Dashboard for the new project appears.
3.
4.
Enable the Admin SDK API.
a.
Click APIs & auth in the left navigation bar to expand the section, and click APIs.
b.
Find Admin SDK under Browse APIs, and click the OFF Status button on the far right of the line to
toggle the status to ON and enable the API.
c.
Read and agree to the terms of service and click Accept.
Create an OAuth Client ID and Client Secret.
NOTE: Quest recommends that you create a separate Client ID for each KACE SMA that is
configured to discover Chrome devices.
a.
In the APIs & auth section of the left navigation bar, click Credentials.
b.
In the OAuth section, click Create new Client ID to display the Create Client ID dialog.
c.
Click Configure consent screen to display the Consent screen dialog.
KACE Systems Management Appliance 8.0 Administrator Guide
Obtain a Client ID and Client Secret for use in discovering Chrome devices
274
d.
Select your email from the EMAIL ADDRESS drop-down list, type the name of your product in
PRODUCT NAME, and click Save to return to the Create Client ID dialog.
e.
Select Installed application.
f.
Select Other as the Installed Application Type, and click Create Client ID.
The Credentials page displays the created Client ID and Client Secret.
g.
Make note of the Client ID and Client Secret values.
The values are needed when you configure authorization credentials in the KACE SMA for Chrome
device discovery.
Add a Third Party Discovery Schedule to scan your network for G Suite devices and capture information about
those devices. See Add a Discovery Schedule for a G Suite device.
Add a Discovery Schedule for a KACE Cloud Mobile Device
Manager device
If you use the KACE Cloud Mobile Device Manager (MDM) to manage access to smart phones and tablets, you
can discover managed mobile devices using discovery scheduling. To scan your network for KACE Cloud MDM
devices and capture information about those devices, add an External Integration Discovery Schedule.
1.
NOTE: Any KACE Cloud MDM devices discovered using this method do not count toward the KACE SMA
license limit.
Go to the Discovery Schedule Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Schedules.
c.
Select Choose Action > New.
2.
Select the Discovery Type to display the form with the options for the selected type, in this case External
Integration [KACE Cloud Mobile Device Manager, G Suite, AirWatch].
3.
In the Name field, enter a name for the scan.
This name appears on the Discovery Schedules page.
4.
Expand KACE Cloud Mobile Device Manager and select the Discovery options.
Option
Description
Tenant Name
The name of the tenant on the KACE Cloud MDM associated with the devices that
you want to manage.
Credentials
The details of the account that is used to connect to the KACE Cloud MDM device.
Select an existing credential from the drop-down list, or select Add new credential to
add a new credential, as required.
For more information, see Add and edit Secret Key credentials.
Auto Provision
Devices
If selected, all mobile devices discovered in the next scan are added to inventory.
NOTE: Use this option with care, to avoid expanding your inventory to an
unexpected extent.
5.
Optional: In the Notify section, enter an email address for being notified of when the discovery scan
completes. The email includes the name of the discovery schedule.
6.
Specify the scan schedule:
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule for a KACE Cloud Mobile Device Manager device
275
TIP: To maintain the scan inventory without scanning, set the schedule of the scan configuration
to None.
Option
Description
None
Run in combination with an event rather than on a specific date or at a specific time.
Every n minutes/
hours
Run at a specified interval.
Every day/specific Run daily at a specified time, or run on a designated day of the week at a specified
time.
day at HH:MM
On the nth of
every month/
specific month at
HH:MM
7.
Run on the same day every month, or a specific month, at the specified time.
Click Save.
Related topics
About Discovery Results
View and search Discovery Results
Stop a running discovery scan
Delete Discovery Schedules
Add a Discovery Schedule for a G Suite device
To scan your network for G Suite devices and capture information about those devices, add an External
Integration Schedule.
•
You have a Google Apps for Business domain or Google Apps for Education domain, with Chrome Device
Management support.
•
You have a Google User admin account that is a member of the business or education domain. The
account must be assigned the super user role.
•
You have a Google account to be used as your developer account, and have created a project with a Client
ID and Client Secret. See Obtain a Client ID and Client Secret for use in discovering Chrome devices.
1.
NOTE: Any G Suite devices discovered using this method do not count toward the KACE SMA license
limit.
Go to the Discovery Schedule Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Schedules.
c.
Select Choose Action > New.
2.
Select the Discovery Type to display the form with the options for the selected type, in this case External
Integration [KACE Cloud Mobile Device Manager, G Suite, AirWatch].
3.
In the Name field, enter a name for the scan.
4.
Expand G Suite and select the Discovery options.
This name appears on the Discovery Schedules page.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule for a G Suite device
276
Option
Description
Discover Chrome
Devices
If selected, any Chrome devices will be discovered in the next scan.
Discover Mobile
Devices
If selected, any G Suite mobile devices will be discovered in the next scan.
Credentials
The details of the account that is used to connect to the Chrome device. Select
existing credentials from the drop-down list, or select Add new credential to add
credentials not already listed.
IMPORTANT: The selected credential must have an approval code that can
be associated with the appropriate device type. For example, if you want to
discover G Suite mobile devices, you cannot use a credential whose approval
code is generated for Chrome devices.
For more information, see Add and edit Google OAuth credentials.
Auto Provision
Devices
If selected, all Chrome devices discovered in the next scan are added to inventory.
NOTE: Use this option with care, to avoid expanding your inventory to an
unexpected extent.
5.
Optional: In the Notify section, enter an email address for being notified of when the discovery scan
completes. The email includes the name of the discovery schedule.
6.
Specify the scan schedule:
TIP: To maintain the scan inventory without scanning, set the schedule of the scan configuration
to None.
Option
Description
None
Run in combination with an event rather than on a specific date or at a specific time.
Every n minutes/
hours
Run at a specified interval.
Every day/specific Run daily at a specified time, or run on a designated day of the week at a specified
time.
day at HH:MM
On the nth of
every month/
specific month at
HH:MM
7.
Run on the same day every month, or a specific month, at the specified time.
Click Save.
Related topics
About Discovery Results
View and search Discovery Results
Stop a running discovery scan
Delete Discovery Schedules
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule for a G Suite device
277
Add a Discovery Schedule for an AirWatch device
VMware® AirWatch® is an enterprise-level mobility management platform that allows you to manage a wide
range of different device types. You can integrate with AirWatch to collect discover devices managed with
AirWatch using REST API calls.
1.
NOTE: Any AirWatch devices discovered using this method do not count toward the KACE SMA license
limit.
Go to the Discovery Schedule Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Schedules.
c.
Select Choose Action > New.
2.
Select the Discovery Type to display the form with the options for the selected type, in this case External
Integration [KACE Cloud Mobile Device Manager, G Suite, AirWatch].
3.
In the Name field, enter a name for the scan.
This name appears on the Discovery Schedules page.
4.
Expand AirWatch and select the Discovery options.
Option
Description
Host
The host name of the AirWatch administration console.
REST API Key
The REST API key, available in the AirWatch administration console. The key must
be provided to enable integration with AirWatch through API calls.
Credentials
The details of the service account required to connect to the device and run
commands. Select existing credentials from the drop-down list, or select Add new
credential to add credentials not already listed.
See Add and edit User/Password credentials.
Auto Provision
Devices
If selected, all AirWatch devices discovered in the next scan are added to inventory.
NOTE: Use this option with care, to avoid expanding your inventory to an
unexpected extent.
5.
Optional: In the Notify section, enter an email address for being notified of when the discovery scan
completes. The email includes the name of the discovery schedule.
6.
Specify the scan schedule:
TIP: To maintain the scan inventory without scanning, set the schedule of the scan configuration
to None.
Option
Description
None
Run in combination with an event rather than on a specific date or at a specific time.
Every n minutes/
hours
Run at a specified interval.
Every day/specific Run daily at a specified time, or run on a designated day of the week at a specified
time.
day at HH:MM
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule for an AirWatch device
278
Option
Description
On the nth of
every month/
specific month at
HH:MM
Run on the same day every month, or a specific month, at the specified time.
7.
Click Save.
Related topics
About Discovery Results
View and search Discovery Results
Stop a running discovery scan
Delete Discovery Schedules
Add a Discovery Schedule for a VMware ESXi host or a
vCenter Server
If your business uses a virtual VMware-based environment, you can discover VMware ESXi hosts or vCenter
Servers using discovery scheduling. To scan your network for VMware ESXi hosts or vCenter Servers and
capture information about those devices, add an Authenticated Discovery Schedule.
1.
Go to the Discovery Schedule Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Schedules.
c.
Select Choose Action > New.
2.
Select the Discovery Type to display the form with the options for the selected type, in this case
Authenticated [WinRM, SNMP, SSH/Telnet, VMware].
3.
In the Name field, enter a name for the scan.
This name appears on the Discovery Schedules page.
4.
Expand the VMware section and configure the Discovery options.
Option
Description
Timeout
The time after which the scan ends if no response is returned.
Credentials
The details of the service account required to connect to the device and run
commands. Select existing credentials from the drop-down list, or select Add new
credential to add credentials not already listed.
See Add and edit User/Password credentials.
5.
Optional: In the Notify section, enter an email address for being notified of when the discovery scan
completes. The email includes the name of the discovery schedule.
6.
Specify the scan schedule:
TIP: To maintain the scan inventory without scanning, set the schedule of the scan configuration
to None.
Option
Description
None
Run in combination with an event rather than on a specific date or at a specific time.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule for a VMware ESXi host or a vCenter Server
279
Option
Description
Every n minutes/
hours
Run at a specified interval.
Every day/specific Run daily at a specified time, or run on a designated day of the week at a specified
time.
day at HH:MM
On the nth of
every month/
specific month at
HH:MM
7.
Run on the same day every month, or a specific month, at the specified time.
Click Save.
Related topics
About Discovery Results
View and search Discovery Results
Stop a running discovery scan
Delete Discovery Schedules
Add a Discovery Schedule for SNMP-enabled non-computer
devices
To scan your network for non-computer devices and capture information about those devices, you can add an
Authenticated—SNMP Discovery Schedule.
To enable SNMP, port 161 must be open on the appliance and on the device.
SNMP (Simple Network Management Protocol) is a protocol for monitoring managed devices on a network.
SNMP v3 uses authentication and encryption algorithms to increase the security of SNMP communications. When
you configure the SNMP v3 options, the appliance performs an SNMP v3 scan on selected devices. If that scan
fails, the appliance attempts an SNMP v2 or v1 scan using the specified Public String.
SNMP scan results include all SNMP-capable devices. Remote shell extensions enable the KACE SMA to
connect to devices, run commands, and capture Discovery information.
1.
2.
NOTE: After a Discovery Schedule is saved, you cannot change SNMP authentication to SSH and Telnet
authentication.
Go to the Discovery Schedule Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Schedules.
c.
Select Choose Action > New.
Select the Discovery Type to display the form with the options for the selected type, in this case
Authenticated [WinRM, SNMP, SSH/Telnet, VMware].
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule for SNMP-enabled non-computer devices
280
The following options appear before the Notify section:
◦
DNS Lookup
◦
WinRM
◦
SSH/Telnet
◦
SNMP
For this procedure only DNS Lookup and SNMP are pertinent
3.
In the Name field, enter a name for the scan.
4.
In the IP Address Range field, enter an IP address range to scan. Use hyphens to specify individual
IP address class ranges. For example, type 192.168.2-5.1-200 to scan for all IP addresses between
192.168.2-5.1 and 192.168.2-5.200, inclusive.
This name appears on the Discovery Schedules page.
TIP: The KACE SMA supports both IPv6 (Internet Protocol version 6) and IPv4 addresses.
5.
CAUTION: A maximum of 25,000 IP addresses is supported. If you specify an IP range that results in
more than 25,000 addresses, a warning appears when you attempt to save the provisioning schedule.
Expand DNS Lookup and select the Discovery options.
Including DNS Lookup enables Discovery to identify the name of the device. DNS Lookup is important if
you want device names to appear in the Discovery Results and Inventory lists.
Option
Description
Name Server for
Lookup
The hostname or IP address of the name server.
Timeout
The time, in seconds, after which a DNS lookup expires. If an address is not found
during this time, the process “times out.”
6.
TIP: The KACE SMA supports both IPv6 (Internet Protocol version 6) and IPv4
addresses.
Expand SNMP and select the Discovery options.
Option
Description
SNMP Full Walk
Enable a Full Walk of data in the MIB (management information base) on devices.
If this option is cleared, the appliance does a Bulk GET, which searches three core
OIDs (object identifiers). When selecting this option, be aware that a Full Walk can
take up to 20 minutes per device. The default, Bulk GET, takes approximately one
second and acquires all of the information needed for Discovery.
NOTE: SNMP inventory walk does not support non-English characters on
Windows devices. If it encounters non-English characters, the SNMP inventory
process reports an error and stops loading inventory information.
Timeout
The time, in seconds, after which the scan ends if no response is returned.
Maximum
Attempts
The number of times the connection is attempted.
Credentials
(SNMPv1/v2)
The details of the SNMP v1/v2 credentials required to connect to the device and run
commands. Select existing credentials from the drop-down list, or select Add new
credential to add credentials not already listed.
See Add and edit SNMP credentials.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Discovery Schedule for SNMP-enabled non-computer devices
281
Option
Description
Credentials
(SNMPv3)
The details of the SNMP v3 credentials required to connect to the device and run
commands. Select existing credentials from the drop-down list, or select Add new
credential to add credentials not already listed.
See Add and edit SNMP credentials.
7.
Optional: In the Notify section, enter an email address for being notified of when the discovery scan
completes. The email includes the name of the discovery schedule.
8.
Specify the scan schedule:
TIP: To maintain the scan inventory without scanning, set the schedule of the scan configuration
to None.
Option
Description
None
Run in combination with an event rather than on a specific date or at a specific time.
Every n minutes/
hours
Run at a specified interval.
Every day/specific Run daily at a specified time, or run on a designated day of the week at a specified
time.
day at HH:MM
On the nth of
every month/
specific month at
HH:MM
9.
Run on the same day every month, or a specific month, at the specified time.
Click Save.
Related topics
About Discovery Results
View and search Discovery Results
Stop a running discovery scan
Delete Discovery Schedules
About Discovery Results
Discovery Results show information identified during Discovery Schedule scans.
If devices in inventory correspond to records in the Discovery Results, the devices’ current connection status is
displayed. The device name links to the Inventory Detail page for that device, and the Device Action drop-down
list in the DNS Lookup column shows the available Device Actions.
NOTE: For information about browser requirements for Device Actions, go to https://support.quest.com/
kb/148787.
Discovery Results are a "point-in-time" view, and any newly defined devices for management will reflect their state
the next time discovery is run.
See Managing inventory information.
NOTE: To run Device Actions, you must have the Administrator Console open in Internet Explorer,
because ActiveX is required to start these programs on the local device. Other browsers do not support
ActiveX.
KACE Systems Management Appliance 8.0 Administrator Guide
About Discovery Results
282
The results showing the IP address at the time of the scan might not reflect the current IP address of a given
device if the DHCP-assigned IP address has changed.
View and search Discovery Results
You can view and search Discovery Results for device information and for the properties of the scans used to
discover devices.
1.
2.
Go to the Discovery Results list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Results.
To sort the list, do any of the following:
•
Select Choose Action > Include Unreachable Items. The list displays devices that have a
connection to the appliance and devices that cannot currently be reached.
•
In the View By drop-down list, select Discovery Name. The list is sorted to group according to the
name of the Discovery Schedule under which they were discovered.
3.
To view device details, click the link in the Hostname or IP Address [Labels] column.
4.
To search for devices:
a.
Click the Advanced Search tab above the list on the right to display the Advanced Search panel.
b.
Select search criteria:
▪
Select an attribute in the left-most drop-down list. For example: Device Info: Ping Test.
▪
Select a condition in the next drop-down list. For example: has.
▪
Select the status attribute in the next drop-down list. For example: Failed.
c.
Click Search.
Provision the Agent using the discovered IP address or
hostname
You can provision the Agent on devices using the IP address or hostname from the Discovery Results page.
After devices have been identified in Discovery Results, you can provision or install the Agent on those devices
using the links on the Discovery Results page. This discovery identifies the devices to be provisioned at the
outset, rather than requiring a scan during the provisioning phase to identify devices.
Provisioning the Agent is especially useful for Windows devices. Windows devices can be discovered, but there
are few management options available to Windows devices unless the Agent is installed on those devices.
1.
Go to the Discovery Results list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Results.
2.
Select the check box next to one or more devices.
3.
Select Choose Action, then do one of the following:
•
Select Provision > Agent: IP Address.
•
Select Provision > Agent: Hostname.
KACE Systems Management Appliance 8.0 Administrator Guide
Provision the Agent using the discovered IP address or hostname
283
The Provisioning Schedule Detail page appears. Information about the selected devices appears on the
page.
4.
Edit the provisioning options as needed.
See Install the KACE SMA Agent on a device or multiple devices.
Stop a running discovery scan
You can stop a running scan at any point in its progress.
You can stop a running discovery scan from either the Discovery Schedules list or from the Discovery Schedule
Detail page. You can stop multiple scans from the Discovery Schedules list.
When you interrupt a scan with Stop, whatever devices in the IP range that has been scanned up to that point
appear in Discovery Results.
1.
2.
Go to the Discovery Schedules list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Schedules.
Stop a running scan using one of two methods:
•
Stop one or more running scans using the Choose Action menu.
1.
Select the check box next to one or more schedules.
2.
Select Choose ActionStop, then click Yes to confirm.
•
NOTE: If any of the selected schedules are not running, selecting Stop does not prevent
the scan from running at its next scheduled time.
Stop a running scan from its Discovery Schedule Detail page.
1.
Click the Discovery Schedule in the Name column to display the Discovery Schedule Detail page.
2.
Scroll to the bottom of the page, click Stop, then click Yes to confirm.
NOTE: When a scan is running, the Stop button takes the place of the Run Now button.
Scan activity stops for the designated Discovery Schedule. The Progress column on the Discovery Schedules list
displays Stopping until the scan is fully stopped, at which point the progress status changes to Stopped.
Delete Discovery Schedules
You can delete Discovery Schedules as needed. When Discovery Schedules are deleted, scan results related
to those schedules are also deleted. Devices discovered using the schedules, and added to inventory, remain in
inventory.
1.
Go to the Discovery Schedules list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Schedules.
2.
Select the check box next to one or more schedules.
3.
Select Choose Action > Delete, then click Yes to confirm.
KACE Systems Management Appliance 8.0 Administrator Guide
Delete Discovery Schedules
284
Managing device inventory
You can use the KACE SMA to manage devices. Devices managed by the KACE SMA are referred to as device
inventory.
About managing devices
Managing devices is the process of using the KACE SMA to collect and maintain information about devices on
your network and performing tasks such as monitoring device status, creating reports, and so on.
To add devices to the KACE SMA inventory, you can:
•
Install the KACE SMA Agent on devices. Devices are automatically added to inventory after the Agent
is installed on them and the Agent reports inventory to the KACE SMA. See Provisioning the KACE SMA
Agent.
•
Enable Agentless management for devices. Agentless management is especially useful for devices that
cannot have the KACE SMA Agent installed, such as devices with unsupported operating systems. See
Managing Agentless devices.
•
Upload inventory information for devices manually. See Adding devices manually in the Administrator
Console or by using the API.
NOTE: Your KACE SMA license agreement entitles you to manage a specified number of devices that
are classified as Managed Computers, Assets, and Monitored Servers. Devices count toward these limits
even if such devices are MIA (missing in action) or no longer in use. However, devices that are added to
inventory manually, or through the API, do not count toward license limits. See View KACE SMA license
information.
For information about the KACE SMA features available to devices, see Features available for each device
management method.
Features available for each device management
method
Device management features vary, depending on the method used to manage the device and the device’s
operating system.
For Windows devices, installing the Agent provides a full range of features. For Linux® devices and devices
that cannot have the Agent installed, such as printers and network devices, Agentless management is the
recommended option.
The following table provides a high-level view of the components and features available to managed devices.
NOTE: Under Agentless, the Non-Win OSs are Mac OS X, AIX®, CentOS™, Debian®, FreeBSD®, HPUX, Oracle® Enterprise Linux, Red Hat Enterprise Linux, SUSE, Solaris®, and Ubuntu.
KACE Systems Management Appliance 8.0 Administrator Guide
Features available for each device management method
285
Table 9. KACE SMA features available to managed devices
WSAPI
Feature or component
Agent
Agentless
manual
Win, Mac, Linux
Win
NonWin
Dashboard: Includes device
information where appropriate.
See About Dashboards.
X
X
X
X
X
X
X
X
Label Management: Labels can
be assigned to devices. See
About labels.
X
X
X
X
X
X
X
X
X
Search: Devices included in
results. See Searching for
information and filtering lists.
X
X
X
X
X
X
X
X
X
Devices: List includes devices.
See Managing inventory
information.
X
X
X
X
X
X
X
X
X
Devices > Force Inventory. See
Forcing inventory updates.
X
X
X
X
X
X
X
X
Devices > MIA settings. See
Managing MIA devices.
X
X
X
X
X
X
X
X
G
Suite
KACE DMM AirWatch
MDM
SNMP Devices
Home
Inventory
X
Devices > Apply SNMP
Configurations. See Using
SNMP Inventory Configurations
to identify specific SNMP objects
and non-computer devices to add
to inventory.
Software page: List includes
software from devices. See About
the Software page.
X
Software Catalog page: List
includes software from devices.
See Viewing Software Catalog
information.
X
Metering: Metering can be
enabled for devices. See Using
software metering.
X
X
X
X
X
X
X
Windows
and Mac
only
KACE Systems Management Appliance 8.0 Administrator Guide
Features available for each device management method
286
WSAPI
Feature or component
Agent
Agentless
manual
Win, Mac, Linux
Win
NonWin
G
Suite
KACE DMM AirWatch
MDM
SNMP Devices
Windows
and Mac
only
Blacklisting software (Mark
Not Allowed): Software can
be prevented from running on
devices. See Using Application
Control.
X
Processes: Inventory available
for devices. See Managing
process inventory.
X
X
X
Startup programs: Inventory
available for devices. See
Managing startup program
inventory.
X
X
X
Services: Inventory available for
devices. See Managing service
inventory.
X
X
Discovery Schedules: Devices
can be discovered. See About
Device Discovery and device
management.
X
X
X
X
X
X
X
X
Discovery Results: Devices can
be provisioned from results list.
See About Device Discovery and
device management.
X
X
X
X
X
X
X
X
Windows
and Mac
only
X
SNMP Inventory
Configurations: List of devices
can be expanded. See Using
SNMP Inventory Configurations
to identify specific SNMP objects
and non-computer devices to add
to inventory.
Inventory: Custom inventory
rules. See Writing custom
inventory rules.
X
X
Monitoring
KACE Systems Management Appliance 8.0 Administrator Guide
Features available for each device management method
287
WSAPI
Feature or component
Agent
Agentless
manual
Win, Mac, Linux
Win
NonWin
Alerts: Received alerts. See
Working with alerts.
X
X
X
Devices: List includes devices
with monitoring enabled. See
Managing monitoring for devices.
X
X
X
Profiles: Alerts are defined
through profiles. See Working
with monitoring profiles.
X
X
X
Maintenance Windows: Can
X
set regular schedule for pausing
monitoring. See Schedule a
Maintenance Window during
which time alerts are not collected
from a device.
X
X
Log Enablement Packages:
X
These packages enable
performance threshold monitoring
and monitoring for applications
such as Exchange, Internet
Information Services (IIS), and so
on. See Configuring application
and threshold monitoring with Log
Enablement Packages.
X
X
G
Suite
KACE DMM AirWatch
MDM
SNMP Devices
Assets
Assets: Can be created for
devices. See About managing
assets.
X
X
X
X
X
X
X
X
X
Asset Types: Can be created
for devices. See Adding and
customizing Asset Types and
maintaining asset information.
X
X
X
X
X
X
X
X
X
Locations: Can be defined for
devices, users, and assets. See
Managing locations.
X
X
X
X
X
X
X
X
X
Import Assets: Can be imported X
for devices. See Importing license
data in CSV files.
Distribution
KACE Systems Management Appliance 8.0 Administrator Guide
Features available for each device management method
288
WSAPI
Feature or component
Agent
Agentless
manual
Win, Mac, Linux
Win
NonWin
Managed Installations: Can
be used to install software on
devices. See Using Managed
Installations.
X
File Synchronizations: Can
be used to manage files on
devices. See Create and use File
Synchronizations.
X
Wake-on-LAN: Available for
devices with valid IP address and
MAC address. See Using Wakeon-LAN.
X
X
X
Replication: Can be used as
replication shares. See Using
Replication Shares.
X
Alerts: Can be broadcast to
display on devices (different from
server monitoring alerts). See
Broadcasting alerts to managed
devices.
X
G
Suite
KACE DMM AirWatch
MDM
SNMP Devices
X
Windows
and Mac
only
Scripting
Run Now: Can be used to run
scripts on devices. See Using the
Run and Run Now commands.
X
Run Now Status: Can be
displayed for devices. See
Monitor Run Now status and view
script details.
X
Search Scripting Logs: Devices
listed in results. See Search the
scripting logs.
X
Configuration Policies: Can
be used to configure devices.
See About configuration policy
templates.
X
Security Policies: Can be used
to configure devices. See About
security policy templates.
X
Windows
and Mac
only
KACE Systems Management Appliance 8.0 Administrator Guide
Features available for each device management method
289
WSAPI
Feature or component
Agent
Agentless
manual
Win, Mac, Linux
Win
NonWin
X
X
X
X
X
X
X
Knowledge Base. See Managing X
Knowledge Base articles.
X
X
X
X
X
X
X
Announcements: Can create
announcements that appear on
the User Console home page.
X
X
X
X
X
X
X
G
Suite
KACE DMM AirWatch
MDM
SNMP Devices
Windows
and Mac
only
Mac Profiles: Can be used to
configure user-level and systemlevel policies and settings on Mac
OS X devices. See Managing
Mac profiles.
X
Mac only
Security
Patch Management: Can be
used to patch devices. See About
patch management.
X
Windows
and Mac
only
OVAL Scans: Devices included
X
in tests. See About OVAL security Windows
checks.
only
SCAP scans: Devices included in X
scans. See About SCAP.
Windows
only
Dell Updates: Can be used to
update devices. See Managing
Dell devices with Dell Updates .
X
Windows
only
Service Desk
Tickets: Can be created and
X
assigned to devices. See Creating
tickets from the Administrator
Console and User Console.
User Downloads: Software
can be downloaded from the
User Console to devices. See
Managing User Downloads.
X
X
KACE Systems Management Appliance 8.0 Administrator Guide
Features available for each device management method
290
WSAPI
Feature or component
Agent
Agentless
manual
Win, Mac, Linux
Win
NonWin
X
X
X
X
X
X
X
X
Reports: Device information
X
available for reports. See Creating
reports.
X
X
X
X
X
X
X
Report Schedules: View report
schedules that have been
created. See Scheduling reports.
X
X
X
X
X
X
X
X
Notifications: Devices can be
included in notifications. See
Scheduling notifications.
X
X
X
X
X
X
X
X
Device Actions: Actions can be
performed on devices. See Run
actions on devices.
X
X
X
License Usage Warning levels:
Available for applications on
devices. See Assign threat levels
to applications.
X
X
X
X
X
X
X
X
History: Device information can
be tracked. See Managing asset
history.
X
X
X
X
X
X
X
X
Logs: Device information
available. See View appliance
logs.
X
X
X
X
X
X
X
X
Backup and restore: Device
information included. See About
appliance backups.
X
X
X
X
X
X
X
X
G
Suite
KACE DMM AirWatch
MDM
SNMP Devices
See Add, edit, hide, or delete
User Console announcements.
Configuration. See Setting up
Service Desk.
Reporting
Settings: Control Panel
X
Organizations
KACE Systems Management Appliance 8.0 Administrator Guide
Features available for each device management method
291
WSAPI
Feature or component
Agent
Agentless
manual
Win, Mac, Linux
Win
NonWin
Filters: Organization filters can
be assigned to devices. See
Managing organization filters.
X
X
X
X
X
X
X
X
Redirect Devices: Devices can
be reassigned to organizations.
See Redirect devices.
X
X
X
X
X
X
X
X
Filtering Devices: Devices can
be filtered and reassigned to
organizations. See Filter devices.
X
X
X
X
X
X
X
X
Organization settings: Inventory
intervals configurable. See
Schedule inventory data
collection for managed devices.
X
X
X
X
X
X
X
X
G
Suite
KACE DMM AirWatch
MDM
SNMP Devices
X
About inventory information
Inventory includes information about the devices, applications, processes, startup programs, and services on
managed devices on your network.
Inventory is:
•
Collected by the KACE SMA Agent, which is installed on managed devices
•
Uploaded using the inventory API
•
Obtained through connections to Agentless devices
You can view detailed data about individual managed devices, as well as aggregated data collected across all
managed devices. In addition, you can use inventory information in reports, and in decisions about upgrades,
troubleshooting, purchasing, policies, and so on.
This section focuses on device inventory. For information about other inventory items, see:
•
Managing applications on the Software page
•
Managing Software Catalog inventory
•
Managing process, startup program, and service inventory
Tracking changes to inventory settings
If History subscriptions are configured to retain information, you can view the details of the changes made to
settings, assets, and objects.
This information includes the date the change was made and the user who made the change, which can be useful
during troubleshooting. See About history settings.
KACE Systems Management Appliance 8.0 Administrator Guide
Tracking changes to inventory settings
292
About inventory change history
Change history for devices begins when there is a change to the information collected during the first report.
The first time a managed device reports inventory to the KACE SMA, the information is considered to be a
baseline report. As such, it is not recorded in the change history.
Managing inventory information
To manage inventory information, you can add custom data fields, view devices in inventory, and view device
details.
Add custom data fields
You can add custom data fields for applications added manually from the Software list.
Adding custom data fields enables you to obtain information from the registry and elsewhere on the device. This
information can be viewed on the device detail page and used in reports.
For example, you might want to add custom fields to obtain the DAT file version number from the registry, the file
created date, the file publisher, or other data for a device. You could then create labels based on this information
to group similar devices, or create reports using this information.
1.
Go to the Software list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Software.
2.
Select Choose Action > New.
3.
Enter values in the Name, Version, and Publisher fields.
This information is used to identify the custom data field on detail pages.
4.
In the Custom Inventory Rule field, enter the appropriate syntax for the information you want returned:
•
To return a Registry Value, enter the following, replacing valueType with either TEXT, NUMBER, or
DATE. NUMBER is an integer value: RegistryValueReturn(string absPathToKey, string
valueName, string valueType)
Example: RegistryValueReturn(HKEY_LOCAL_MACHINE\Software\McAfee.com
\Virusscan Online,SourceDisk, TEXT)
•
On Windows, Mac, and Linux devices, you can retrieve the following attributes from the stat()
function:
access_time, creation_time, modification_time, block_size, blocks, size,
device_id, group, inode, mode, number_links, owner, device_number
•
5.
On Windows devices, you can retrieve the following attributes from the VerQueryValue() function:
FileName, Comments, CompanyName, FileDescription, FileVersion,
InternalName, LegalCopyright, LegalTrademarks, OriginalFilename,
ProductName, ProductVersion, PrivateBuild, SpecialBuild, AccessedDate,
CreatedDate, ModifiedDate
Click Save.
See Writing custom inventory rules.
KACE Systems Management Appliance 8.0 Administrator Guide
Add custom data fields
293
Schedule inventory data collection for managed devices
The appliance collects hardware and software inventory data from Agent-managed and Agentless devices
according to the KACE SMA data collection schedule you set.
For Agent-managed devices, software inventory information is available on both the Software and Software
Catalog pages. For more information about these pages, see Differences between the Software page and the
Software Catalog page.
For Agentless devices, software information is listed only on the Software page. See Managing applications on
the Software page.
If the Organization component is enabled on your appliance, you schedule inventory data collection for each
organization separately.
1.
Do one of the following:
•
If the Organization component is enabled on your appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page next to the login information. Then click Organizations.
To display the organization’s information, click the organization’s name.
The Organization Detail page appears.
•
If the Organization component is not enabled on your appliance, select Settings > Provisioning.
Then click Communication Settings on the Provisioning panel.
The Communication Settings page appears.
2.
In the Communications Settings section, specify the following settings:
NOTE: To reduce the load on the KACE SMA, limit the number of Agent connections to 500 per
hour. The number of connections that appears next to the inventory, scripting, and metering intervals,
applies to the current organization only. If the Organization component is enabled on your appliance,
the total number of Agent connections for all organizations should not exceed 500 per hour.
Option
Suggested Setting
Notes
Agent Logging
Enabled
Whether the KACE SMA stores scripting results provided by
Agents installed on managed devices. Agent logs can consume
as much as 1GB of disk space in the database. If disk space is
not an issue, enable Agent Logging to keep all log information
for Agent-managed devices. These logs can be useful during
troubleshooting. To save disk space, and enable faster Agent
communication, disable Agent Logging.
Agent Inventory
12 hours
The frequency at which Agents on managed devices report
inventory. This information is displayed in the Inventory section.
Agentless
Inventory
1 Day
The frequency at which Agentless devices report inventory.
This information is displayed in the Inventory section.
Catalog Inventory
24 hours
The frequency at which managed devices report inventory to
the Software Catalog page.
Metering
4 hours
The frequency at which managed devices report metering
information to the KACE SMA. Requires metering to be enabled
on devices and applications.
KACE Systems Management Appliance 8.0 Administrator Guide
Schedule inventory data collection for managed devices
294
Option
Suggested Setting
Notes
Scripting Update
4 hours
The frequency at which Agents on managed devices request
updated copies of scripts that are enabled on managed
devices. This interval does not affect how often scripts run.
3.
In the Notify section, specify the message to use for Agent communications:
Option
Suggested Setting
Notes
Agent Splash
Page Message
Default text:
The message that appears to users when
Agents are performing tasks, such as
running scripts, on their devices.
4.
Quest KACE Systems Management
Appliance is verifying your
PC Configuration and managing
software updates. Please
Wait...
In the Schedule section, specify the Communication Window for Agent-managed devices:
Option
Suggested Setting
Notes
Communication
Window
00:00 to 00:00 (+1
day)
The period during which Agents on managed devices are
allowed to connect with the KACE SMA. For example, to allow
Agents to connect between the hours of 01:00 and 06:00 only,
select 01:00 from the first drop-down list, and 06:00 from the
second drop-down list.
5.
In the Agentless section, specify communications settings for Agentless devices:
Option
Description
SSH/Telnet
Timeout
The time, in seconds or minutes, after which the connection is closed if there is no
activity.
SNMP Timeout
The time, in seconds, after which the connection is closed if there is no activity.
Maximum
Attempts
The number of times the connection is attempted.
WinRM Timeout
The time, in seconds or minutes, after which the connection is closed if there is no
activity.
6.
If the Organization component is not enabled on your appliance, specify Agent settings.
NOTE: If the Organization component is enabled on your appliance, Agent settings are located on the
appliance General Settings page.
Option
Description
Last Task
Throughput
Update
This value indicates the date and time when the appliance task throughput was last
updated.
Current Load
Average
The value in this field depicts the load on an appliance at any given time. For the
appliance to run normally, the value in this field must be between 0.0 and 10.0.
Task Throughput
The value that controls how scheduled tasks, such as inventory collection, scripting,
and patching updates, are balanced by the appliance.
KACE Systems Management Appliance 8.0 Administrator Guide
Schedule inventory data collection for managed devices
295
Option
Description
NOTE: This value can be increased only if the value in the Current Load
Average is not more than 10.0 and the Last Task Throughput Update time is
more than 15 minutes.
7.
Click Save.
8.
If you have multiple organizations, repeat the preceding steps for each organization.
The changes take effect when Agents check in to the appliance.
Related topics
View appliance logs
Configure appliance General Settings with the Organization component enabled
View device inventory and details
You can view the list of devices in inventory on the Devices page, and you can view information about any
selected device on the Device Detail page.
1.
2.
Go to the Device Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
c.
Click the name of a device.
To expand the sections on the Device Detail page, click Expand All above the Summary section.
The fields that are displayed depend on the type of device and its operating system. For example, if the
device is a virtual machine, the Monitor field is not displayed, although the Video Controller is. In addition,
some fields are available for some operating systems but not for others. For example, System Description
is available for Windows or SNMP devices only.
To view tables describing the contents of the groups and sections that appear on this page, see Groups
and sections of items in device details.
3.
Optional: If change tracking is enabled for inventory information, click Show All History above the
Summary section to see the history of inventory changes.
Related topics
Configuring history settings
Managing Agent communications
Schedule inventory data collection for managed devices
About OVAL security checks
About SCAP
About the Asset Management component
Groups and sections of items in device details
The Device Details page for a device contains inventory information presented in sections that are collected
in groups. The extent and focus of information included on the page depends on the device and any subtypes
indicated.
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
296
NOTE: If you have assigned an Asset Subtype, you can choose whether to show or hide the details that
appear for each Device on the Device Detail page. For example, for the subtype Printer, information that is
irrelevant to printers, such as the items Installed Programs, Discovered Software, and Metered Software,
could be made hidden. Whole groups can be hidden as well. See Add Asset Subtypes and select Device
Detail page preferences.
Scoped users can see the details of all devices, but can only edit the details of those devices that are associated
with their role. For more information about user roles, see Add or edit User Roles.
The following groups can appear on the Device Details page:
•
Summary group
•
Inventory Information group
•
Software group
•
Activities group
•
Security group
•
Dell Command | Monitor group
•
Dell Updates group
•
Logs group
•
Asset group
Summary group
Basic device identification information. The items are not separated into sections as in the other groups on the
page. The entries that appear on the Device Detail page vary depending on the device, operating system (if
relevant), connection type, and so on.
Item
Description
Database field
System Name
The hostname or IP address of the device.
NAME
Asset Subtype
The Asset Subtype for this device, if one has been
assigned. Asset Subtypes are subcategories of
assets that you can add to any Asset Type, including
custom Asset Types. This enables you to identify
and manage subtypes of assets, such as Device
assets that are computers, printers, or routers.
Asset Location
The location of this asset.
N/A
Assigned To
The device owner. This field is only populated if
the device user record exists on the appliance.
When you integrate with the KACE Cloud MDM,
if the appliance is synchronized with the KACE
MDM tenant's Active Directory, the name of the
KACE MDM device owner is displayed. For other
types of external devices, if the device user record
is not found on the appliance, the field is set to
Unassigned.
N/A
Manual Entry
A field that indicates the inventory information was
added manually, either through WSAPI or XML
upload. click Edit to modify the information.
MANUAL_ENTRY
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
297
Item
Description
Database field
Device Entry Type
A field that indicates how the device is being
managed: Agent Device, Agentless Device, or
Manually Entered Record. Click Edit to change
connection protocols.
N/A
System Description
A description of the device, populated by Agentless
inventory for Windows and SNMP devices.
SYSTEM_DESCRIPTION
System Model
The device model.
CS_MODEL
Chassis Type
The type of device, such as desktop or laptop.
CHASSIS_TYPE
IP Address
The IP address of the device.
IP
MAC Address
The device’s Media Access Control (MAC) address
number.
MAC
RAM Total
The total amount of random-access memory (RAM)
on the device.
RAM_TOTAL
Operating System
Name
The operating system of the device, such as
Windows, Mac OS X®, or Linux.
OS_NAME
Service Pack
The service pack version number (Windows or
SUSE Linux Enterprise Server only).
SERVICE_PACK
Uptime Since Last
Reboot
The amount of time the device has been running
since it was restarted.
UPTIME
Agent Version
The version number of the KACE SMA Agent
installed on the device.
CLIENT_VERSION
Device Timezone
The timezone used by the KACE SMA Agent
installed on the device.
TZ_AGENT
Source
The source of the collected device details. For
Agent-managed devices, this field is set to Agent.
For Agentless devices, this field reflects the
connection type. For example, VMware.
N/A
User Name
The name of the most recent user who logged in to
USER
the device. Some devices might have multiple users.
Agent Connection
The time the Agent Messaging Protocol (AMP)
service on the device connected to the KACE SMA
and the current connection status (available for
Agent-managed devices only). Connection status
information includes:
KBSYS.SMMP_CONNECTION
: An Agent-managed device is connected to the
appliance.
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
298
Item
Description
Database field
: An Agent-managed device with server
monitoring enabled is connected to the appliance.
: An Agent-managed device is not connected to
the appliance.
Agentless
Connection
The time the Agentless device connected to the
KACE SMA and the current connection status
(available for Agentless devices only). Connection
status information includes:
N/A
: Agentless-management is enabled for the
device.
: Agentless-management and server monitoring is
enabled for the device.
: Agentless management is enabled for the
device, but the device is not currently reachable.
Agentless
Connection Method
The protocol, such as SNMP, used to collect
inventory information from the device.
N/A
Last Inventory
The time of the most recent inventory report.
LAST_SYNC
Device Created
The date and time that the device’s first inventory
record was created.
CREATED
Device Modified
The date and time that the device’s inventory record
was modified.
MODIFIED
Volume n
The type and size of the disk drive’s file system,
and amount of space used on the disk drive. To
view changes to the drive usage, click Show Usage
History link in this field. This information is updated
when usage increases or decreases by 5% or more.
MACHINE_DISKS
There is one entry for each volume.
For VMware® ESXi® host devices, each datastore
associated with the ESXi host is listed as a volume.
Force Inventory
Click Force Inventory to immediately update
inventory information for the device and synchronize
the device with the appliance.
N/A
Force Inventory is available only if the AMP
connection to an Agent-managed device is active, or
for Agentless devices, if the device is reachable.
VMware UUID
This field is only visible when you select a VMware
device. The UUID is a globally unique identifier for
the vCenter Server or the ESXi host.
INSTANCE_UUID
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
299
Item
Description
Database field
KACE Cloud Mobile When you integrate with the KACE Cloud MDM and
Device Manager
select a KACE Cloud MDM device, an additional set
(MDM) commands of commands is available in this section.
•
Force Inventory: Requests from the KACE
Cloud MDM to initiate a new inventory for
the device. When complete, the KACE SMA
synchronizes the inventory information.
•
Lock: Blocks access to the selected device.
Next time the user interacts with the device,
they are prompted to provide the device's
passcode.
•
Set Passcode: Allows you to specify a new
passcode for the selected device.
NOTE: This command is only available
for Android devices.
•
Clear Passcode: Unlocks the selected
device. The device remains unlocked until a
new passcode is provided.
•
Unenroll Device: Un-enrolls the selected
device from the KACE Cloud MDM.
•
Factory Reset: Restores the factory settings
on the selected device.
N/A
TIP: These commands are also accessible
from the Devices list page, from the Choose
Action menu. The Force Inventory
command appears in the main menu, while
the other commands are available in the
Additional Actions menu.
Inventory Information group
Additional details on items in the Summary section.
Section or Item
Description
Database field
Hardware
Information about the device’s hardware.
If change history is enabled for this section, and the
information in this section has changed, the Show
Changes link appears next to the heading. Click
Show Changes to view only those items that have
changed. Click Hide Changes to view all items.
RAM Total
The total amount of random-access memory (RAM)
installed on the device.
RAM_TOTAL
RAM Used
The amount of random-access memory (RAM) in
use on the device.
RAM_USED
RAM Maximum
The maximum amount of random-access memory
(RAM) that the device can support.
RAM_MAX
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
300
Section or Item
Description
Database field
System
Manufacturer
The device manufacturer.
CS_MANUFACTURER
System Model
The device model.
CS_MODEL
CSP ID Number
The system serial number.
CSP_ID_NUMBER
Asset Tag
Windows only. The BIOS Asset Tag of a system. An
Admin can use a bios utility to set this value on the
system.
ASSET_TAG
Domain
The Windows domain to which the device is joined.
CS_DOMAIN
Motherboard
Primary Bus
The main bus.
MOTHERBOARD_PRIMARY_BUS
Motherboard
Secondary Bus
The peripheral bus.
MOTHERBOARD_SECONDARY_BUS
Processors
The CPU count, type, and manufacturer.
PROCESSORS
Architecture
The architecture of the device operating system,
such as x86 or x64.
SYS_ARCH
Virtual Device
Used to identify devices that are virtual, such as
VIRTUAL
devices running on VMware platforms. Not displayed
for physical devices, such as laptops and servers.
Trusted Platform
Module (TPM)
On devices with the TPM dedicated microprocessor
installed, displays specifications and information
about whether TPM is enabled and activated.
MACHINE_TPM
See About Dell Data Protection | Encryption (DDP|E)
and encryption information in device details.
Intel AMT Device
On Intel-based Windows devices with Intel AMT
technology present, displays information about
configuration.
INTEL_AMT
See About Intel AMT information in device details.
CD/DVD Drives
The configuration of CD-ROM and DVD-ROM drives
installed on the device.
CDROM_DEVICES
Sound Devices
Information about audio devices on the device.
SOUND_DEVICES
Video Controllers
Information about video controllers on the device.
VIDEO_CONTROLLERS
Monitors
The type and manufacturer of the monitor attached
to the device. For virtual devices, this displays
monitor information if it is reported by the operating
system.
MONITOR
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
301
Section or Item
Description
Database field
Apple Support
Information
Link to the Support page at Apple.
N/A
SMC Version
The System Management Controller version of the
device CPU.
BIOS_NAME
Serial Number
The serial number of the device.
BIOS_SERIAL_NUMBER
Boot ROM Version
The Boot ROM or Firmware version of the device.
BIOS_VERSION
Dell Service
Information
Information about Dell hardware, including the
Service Tag, System Type, Ship Date, Country, and
warranty information. This section also includes a
Days Left column, which indicates the number of
days remaining in the warranty period, and Last
Updated column, which indicates the last time the
warranty information was refreshed. To update Dell
Service information, click Refresh.
DELL_WARRANTY
BIOS Name
The BIOS name.
BIOS_NAME
BIOS Version
The BIOS version.
BIOS_VERSION
BIOS Release Date The date the BIOS version was released.
BIOS_DATE
BIOS Manufacturer
The BIOS manufacturer.
BIOS_MANUFACTURER
BIOS Description
The BIOS description.
BIOS_DESCRIPTION
BIOS Serial
Number
The BIOS serial number.
BIOS_SERIAL_NUMBER
Volume n
The type and size of the disk drive’s file system,
and amount of space used on the disk drive. To
view changes to the drive usage, click Show Usage
History link in this field. This information is updated
when usage changes by plus or minus 5%.
MACHINE_DISKS
There is one entry for each volume.
Printers
The printers that the device is configured to use.
PRINTERS
Network
Interfaces
The type of network interface, such as Ethernet card
or Bluetooth adapter, and details like IP address,
whether DHCP (Dynamic Host Configuration
Protocol) is enabled or disabled for the associated
IPv4 (Internet Protocol version 4).
MACHINE_NICS
SNMP Data
The results of a SNMP Full Walk of data in the MIB
(management information base) on a device, if you
set up the Authenticated device discovery type to
perform a Full Walk. This section does not appear if
discovery was made with a Bulk GET.
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
302
Section or Item
Description
Database field
Chrome OS
Chrome-related information.
N/A
NOTE: Chrome values are in the
MACHINE_CHROMEOS_DETAIL table, not
the MACHINE table.
Device ID
The unique ID of the Chrome device.
DEVICE_ID
Serial Number
The Chrome device serial number.
SERIAL_NUMBER
Status
The status of the Chrome device:
ACTIVE, DEPROVISIONED, INACTIVE,
RETURN_APPROVED, RETURN_REQUESTED,
SHIPPED, UNKNOWN.
STATUS
Last Sync
The date and time the device was last synchronized LAST_SYNC
with the policy settings in the Google Admin console.
Support End Date
The final date the device will be supported. This is
applicable only for those devices purchased directly
from Google.
Annotated User
The user of the device as noted by the administrator. ANNOTATED_USER
Annotated Location
The address or location of the device as noted by
the administrator.
ANNOTATED_LOCATION
Notes
Notes about this device added by the administrator.
NOTES
MEID
The Mobile Equipment Identifier (MEID) for the 3G
mobile card in a mobile device.
MEID
Order Number
The device's order number. Only devices directly
purchased from Google have an order number.
ORDER_NUMBER
OS Version
The Chrome device's operating system version.
OS_VERSION
Platform Version
The Chrome device's platform version.
PLATFORM_VERSION
Firmware Version
The Chrome device's firmware version.
FIRMWARE_VERSION
MAC Address
The device's wireless MAC address.
MAC_ADDRESS
DHCP
An indicator of whether DHCP is enabled for the
IPv4 address associated with this network interface.
IPv6 Host
Configuration
A list containing one or more IPv6 ((Internet Protocol
version 6) addresses available on the network
interface. For each listed item, this section displays
its full IPv6 address and the number of bits in the
IPv6 address prefix. An IPv6 prefix typically consists
of 64 bits.
SUPPORT_END_DATE
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
303
Section or Item
Description
Database field
DNS Hostname
The host name associated with this network
interface.
Boot Mode
The boot mode for the device.
BOOT_MODE
Last Enrollment
Time
The date and time the device was last enrolled with
the Google Admin console.
LAST_ENROLLMENT_TIME
Org Unit Path
The full parent path with the Google organization
unit's name associated with the device.
ORG_UNIT_PATH
Wi-Fi
KACE MDM devices only. The IP or MAC address
of the device.
Mobile
Information
Information from devices managed by KACE Mobile
Device Manager (KMDM), and AirWatch®
N/A
UDID
The device’s Unique Device Identifier. For iOS
devices only.
UDID
Modem Firmware
The mobile device's firmware version.
FIRMWARE_VERSION
Device type
DMM devices only. The type of mobile device.
Examples include iPhone, iPad, iPod, Android
Phone, and Android Tablet.
DEVICE_TYPE
ICCID
KACE MDM and DMM devices only. The unique
serial number for the device’s SIM card.
ICCID
IMEI
KACE MDM and DMM devices only. International
Mobile Equipment Identity number for the device.
IMEI
MEID
KACE MDM devices only. The Mobile Equipment
Identifier. This is the unique identifier of the selected
mobile device.
MEID
Phone Number
DMM devices only. Phone number associated with
the device.
PHONE_NUMBER
Mobile Operator
KACE MDM and DMM devices only. The mobile
network carrier.
CARRIER
Bluetooth MAC
Address
DMM devices only. Media access control address
for Bluetooth on the device.
BLUETOOTH_MAC
Battery Level
KACE MDM and DMM devices only. Amount of
battery charge at last update, in percent.
BATTERY_LEVEL
Last Check-in
The time stamp of when the device information was
last updated.
LAST_CHECK_IN
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
304
Section or Item
Description
Database field
Enrolled
KACE MDM and AirWatch devices only.
IS_ENROLLED
The date and time the device was last enrolled with
KMDM or AirWatch console.
Compliant
AirWatch devices only. Indicates if the device
meets pre-configured AirWatch compliance rules.
IS_COMPLIANT
Current Mobile
Network
AirWatch devices onlyThe name of the mobile
network associated with the AirWatch device.
N/A
Agent
Agent-related information.
N/A
Agent Version
The version number of the KACE SMA Agent
installed on the device.
CLIENT_VERSION
Version
The version of Agent Messaging Protocol (AMP)
used to connect the device to the KACE SMA.
AMP_VERSION
Connected
The time the Agent Messaging Protocol (AMP)
service on the device connected to the KACE SMA.
CONNECT_TIME
Disconnected
If disconnected, the time the Agent Messaging
Protocol (AMP) service on the device disconnected
from the KACE SMA.
DISCONNECT_TIME
KACE ID
The character string used to identify the device in
the KACE SMA database.
KUID
Database ID
The unique number used to identify the device in the ID
KACE SMA database.
Manual Entry
A field that indicates the inventory information was
added manually, either through WSAPI or XML
upload.
MANUAL_ENTRY
Device Entry Type
A field that indicates how the device is being
managed: Agent Device, Agentless Device, or
Manually Entered Record. Click Edit to change
connection protocols.
N/A
Last Inventory
The time of the most recent inventory report.
LAST_INVENTORY
Last Sync
For Agent-managed devices, the time the device
last checked in to the KACE SMA. For Agentless
devices, the time the KACE SMA last connected to
the device and collected inventory.
LAST_SYNC
Last Agent Update
The time of the most recent update to the KACE
SMA Agent, if any.
LAST_CLIENT_UPDATE
User
Information related to the device user.
N/A
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
305
Section or Item
Description
Database field
User Logged
The user currently logged in to the device. This entry USER_LOGGED
includes the username and the domain to which the
user belongs.
User Fullname
The full name of the user who owns the device.
USER_FULLNAME
User Name
The name of the current user.
USER_NAME
User Domain
The domain to which the user belongs.
USER_DOMAIN
Operating System
Information about the device's operating system.
N/A
Name
The operating system of the device, such as
Windows, Mac OS X, or Linux.
OS_NAME
Service Pack
The service pack version number (Windows or
SUSE Linux Enterprise Server only).
SERVICE_PACK
Operating System
Version
The version number of the operating system.
OS_VERSION
Operating System
Build Version
The build number of the operating system.
OS_BUILD
Number
The number of the operating system.
OS_NUMBER
Operating System
Architecture
The architecture of the device operating system,
such as x86 or x64.
OS_ARCH
Domain
The Windows domain to which the device is joined.
CS_DOMAIN
Operating System
Installed On
The date the operating system was installed.
OS_INSTALLED_DATE
Last Startup
The length of time the operating system has been
running.
LAST_REBOOT
Uptime Since Last
Reboot
The amount of time the device has been running
since it was restarted.
UPTIME
System Directory
The location of the system directory.
SYSTEM_DIRECTORY
Registry Size
The size of the registry.
REGISTRY_SIZE
Registry Maximum
Size
The maximum size of the registry.
REGISTRY_MAX_SIZE
Pagefile Size
The current size of the Windows Pagefile.
PAGEFILE_SIZE
Pagefile Max Size
The maximum size of the Windows Pagefile.
PAGEFILE_MAX_SIZE
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
306
Section or Item
Description
Database field
IE Version
The version of Internet Explorer installed on the
device.
IE_VERSION
WMI Status
The status of the Windows Management
Instrumentation (WMI) service (Windows Devices
only).
WMI_STATUS
Drive Encryption
Information on encryption if a DDP|E client has
been installed on a device, as well as BitLocker or
FileVault2.
See About Dell Data Protection | Encryption (DDP|E)
and encryption information in device details.
Drive Encryption
Summary
Identifies encryption technology in place, and
whether the encryption is enabled.
N/A
Dell Data
Configuration and status information about DDP|E.
Protection |
Encryption (DDP|E)
N/A
BitLocker
Configuration and status information about Windows
BitLocker.
N/A
FileVault
Configuration and status information about Mac OS
X FileVault 2.
N/A
Location
Information from devices managed by AirWatch.
N/A
Latitude
The latitude of the device detected during the last
update.
LATITUDE
Longitude
The longitude of the device detected during the last
update.
LONGITUDE
Last Update
The time stamp of when the device information was
last updated.
LAST_UPDATE
Notes
Any additional information you want to provide.
NOTES
Virtual Machines
When an ESXi host is selected, this group lists the
virtual machines running on the ESXi host. Some of
the information in this list is only available if VMware
tools are installed on the virtual machines. If some
columns are not populated, this is because VMware
tools are not installed on that virtual machine.
Name
The name of the virtual machine.
NAME
Hostname
The host name assigned to the virtual machine.
If a virtual machine is already provisioned by the
KACE SMA agent, its name in this column appears
as a hyperlink. When you click the link, the page is
HOSTNAME
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
307
Section or Item
Description
Database field
updated to display device details for the provisioned
virtual machine.
IP Address
The primary IP address assigned to the virtual
machine.
IP
State
Indicates if the virtual machine is running. Possible
values:
MACHINE_VIRTUAL_STATE
Status
•
0 - Running: Virtual machine is running
normally.
•
1 - Shutting down: Virtual machine has a
pending shutdown command.
•
2 – Resetting: Virtual machine has a pending
reset command.
•
3 – Pending standby: Virtual machine has a
pending standby command.
•
4 – Not running: Virtual machine is not
running.
•
5 – Unknown: Virtual machine information is
not available.
The virtual machine status. Possible values:
•
0 – OK: No problems.
•
1 – Warning: Possible problem.
•
2 – Error: Definite problems.
•
3 – Unknown: Status is unknown.
MACHINE_VIRTUAL_STATUS
Hypervisors
When a vCenter is selected, this group lists the ESXi
hosts managed by the vCenter.
Hostname
The host name assigned to the ESXi host. If an ESXi N/A
device is already added to the inventory, its name in
this column appears as a hyperlink. When you click
the link, the page is updated to display device details
for the monitored ESXi device.
IP Address
The IP address assigned to the ESXi host.
N/A
Status
The ESXi host status.
N/A
Software group
Details on the applications installed on the device, including patching information, running processes, and startup
programs.
Section
Description
Database field
Installed Programs
A list of the software installed on the device.
N/A
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
308
Section
Description
Database field
If change history is enabled for this section, and the information
in this section has changed, the Show Changes link appears
next to the heading. Click Show Changes to view only those
items that have changed. Click Hide Changes to view all items.
Discovered
Software
Discovered applications are executables in the KACE SMA
inventory that match the definitions of applications in the
Software Catalog. You can enable metering for Discovered
applications and suites, mark them as Not Allowed, and add
license information for them. In addition, the Discovered
application list can be exported in CSV format. You can export
the Discovered application list, the Uncataloged list, and the
Locally Cataloged list; you cannot export the entire Software
Catalog.
N/A
Metered Software
Applications for which metering has been enabled.
N/A
Custom Inventory
Fields
A list of Custom Inventory fields for this device, along with the
field name and value.
N/A
Uploaded Files
The files that have been uploaded to the appliance from this
device using the upload a file script action.
N/A
Patches Reported
Installed in
Software Inventory
Microsoft patches that have been installed on the device.
N/A
Running Processes
A list of processes running on the device.
If change history is enabled for this section, and the information
in this section has changed, the Show Changes link appears
next to the heading. Click Show Changes to view only those
items that have changed. Click Hide Changes to view all items.
N/A
If change history is enabled for this section, and the information
in this section has changed, the Show Changes link appears
next to the heading. Click Show Changes to view only those
items that have changed. Click Hide Changes to view all items.
Startup Programs
A list of startup programs on the device.
N/A
If change history is enabled for this section, and the information
in this section has changed, the Show Changes link appears
next to the heading. Click Show Changes to view only those
items that have changed. Click Hide Changes to view all items.
Services
A list of services that are running on the device.
N/A
If change history is enabled for this section, and the information
in this section has changed, the Show Changes link appears
next to the heading. Click Show Changes to view only those
items that have changed. Click Hide Changes to view all items.
Activities group
Information about actions to be performed on the device.
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
309
Section
Description
Database field
Monitoring
Information related to server monitoring, if enabled and if the
device's operating system is supported.
N/A
If the operating system is not supported, that fact is stated in a
message.
If the device is eligible for monitoring but does not have
monitoring enabled, the Enable Monitoring button appears.
Active/Paused
Whether monitoring is enabled for this device.
N/A
Profiles
Any alert criteria profiles that are assigned to this device.
N/A
Maintenance
Windows
Any Maintenance Windows that are assigned to this device.
N/A
Level/Alert
Alerts that are active for this device, with icons indicating the
level of alert.
N/A
Labels
The labels assigned to this device. Labels are used to organize
and categorize inventory and assets.
N/A
Failed Managed
Installations
A list of Managed Installations that have failed to install. To
access details of the Managed Installations, click the Managed
Installation Detail link.
N/A
Managed Install
List
A list of Managed Installations that are scheduled to be sent to
the device the next time it connects with the appliance.
N/A
Service Desk
Tickets
A list of the tickets associated with this device. These can either N/A
be tickets assigned to the device owner or tickets submitted by
the device owner. To view ticket details, click the ticket ID (for
example, TICK:0032).
SNMP Inventory
Configurations
A list of SNMP Inventory Configurations associated with
this device. To access details of the configurations, or
to add configurations, click Manage Associated SNMP
Configurations.
N/A
Security group
Information related to patching and device vulnerabilities.
Section
Description
Database field
Patching Detect/
Deploy Status
A list of the patches detected and deployed on the device.
N/A
Threat Level 5 List
Threats that are harmful to applications, processes, startup
items, or services on the device.
If patch attempts have been made, but they have failed, you
can click Reset Tries to reset the number of patch attempts to
the maximum allowed.
N/A
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
310
Section
Description
Database field
OVAL
Vulnerabilities
The results of OVAL (Open Vulnerability Assessment
Language) vulnerability tests that have been run on this device.
Only tests that failed on this device are listed by the OVAL ID
and marked as Vulnerable. Tests that passed are grouped and
marked as Safe.
N/A
SCAP
Configuration
Scans
The results of FDCC/SCAP Configuration Scans that have
been run on this device.
N/A
Dell Command | Monitor group
Additional inventory information about selected Dell client systems using Dell Command | Monitor.
Section
Description
Database field
Alerts
DCM log entries. These can indicate hardware errors detected
by firmware.
N/A
Hardware
Collected information that includes detailed battery specs and
usage data, service processor presence and configuration,
memory inventory, and attached Dell monitors.
N/A
For classes and properties queried by the KACE SMA using Dell Command | Monitor, see About Dell Command |
Monitor.
Dell Updates group
Information regarding updates and inventory (for Dell devices only).
Section
Description
Database field
Dell Update
Schedules
The Dell updates that are
scheduled to run on this device,
and the time they are scheduled
to run.
N/A
Dell System
Inventory Report
The Dell devices that are installed N/A
on this device.
Dell Update Catalog
Comparison Report
A list of Dell devices, installed
on this device, that have drivers
in the Dell catalog feed. If the
installed version does not match
the version in the Dell catalog
feed, an icon indicates that the
device needs to be upgraded.
N/A
Dell Update History
A list of the updates, such as
driver updates, that have been
performed on this device.
N/A
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
311
Logs group
Information related to appliance records.
•
Management Service Logs: The primary role of appliance Management Service is to run the offline
KScripts. The Management Service logs display the steps performed by Management
•
Service to run the offline KScripts. These steps include, downloading dependencies and validating the
KBOTS file. Any error in the execution of offline KScript is logged in the Management Service logs.
•
Bootstrap Logs: The appliance sends a bootstrap request to get inventory information for devices that
have checked in for the first time. The logs related to this request are displayed in Bootstrap logs.
•
Client Logs: The appliance sends a request to the Agent to get inventory information periodically. A script
runs on the device, then sends the inventory information to the appliance and inventory is uploaded to the
appliance. The Agent logs display these actions.
•
Scripting Updater: A request is initiated periodically from the device to get the latest information related to
the changes in offline KScripts. Scripting Updater logs display this information.
•
Agentless Inventory Status Messages: The log displays messages related to collecting and submitting
inventory data from Agentless-managed devices.
Section
Description
Database field
Agent Logs
The logs for the KACE SMA Agent. A question mark indicates
that its status is unknown.
N/A
User Console
Installation Logs
Details about User Console packages installed on this device.
N/A
Scripting Logs
Scripts, such as Configuration Policy scripts, that have run on
this device, along with the available status of any scripts in
progress.
N/A
Asset group
This section displays the details of the Asset associated with this device. Clicking the Edit this Asset link enables
you to edit the asset information.
Section
Description
Database field
Asset Information
Details such as the date and time
the record was created and last
modified; the Asset Type, such
as device; and the name of the
asset.
N/A
Barcodes
Barcodes associated with this
asset, if they exist.
N/A
Related Assets
Assets that are related to this
asset, such as parent or child
assets.
N/A
Task History
A list of tasks that have run on the N/A
device.
KACE Systems Management Appliance 8.0 Administrator Guide
Groups and sections of items in device details
312
About Dell Data Protection | Encryption (DDP|E) and encryption
information in device details
If devices in the network have the DDP|E client installed, the KACE SMA can collect status and configuration
information and display it on the Device Detail page.
Registry key needed to be set on Windows DDP|E client
A requirement for the KACE SMA being able to collect detailed inventory from Windows DDP|E clients is to set
the DumpXmlInventory key in the client.
Key: HKLM\SYSTEM\CurrentControlSet\services\DellMgmtAgent\Parameters
DWORD Value: DumpXmlInventory
Data: 0x1
This registry value causes DDP|E to write an inventory.xml file to the target device, which is then parsed
by inventory. See Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client
devices.
This requirement applies only to Windows.
Dell Data Protection | Encryption (DDP|E)
DDP|E consists of applications that enable a user to:
•
Detect data security risks on desktops, laptops, and external media.
•
Protect data on these devices by enforcing access control policies, authentication, and encryption of
sensitive data.
•
Manage data centrally with policies using collaborative tools that integrate into existing user directories.
•
Support key and data recovery, automatic updates, and tracking for protected devices.
Table 10. Supported OSs for DDP|E
Operating system
Versions
Windows
7, 8, 8.1
Mac OS X
10.7.5, 10.8.3–10.8.5, 10.9.2–10.9.3
Table 11. DDP|E information displayed on the Device Detail page
MACHINE_DDPE
Item
Description
Database field
Unique ID
An identification of the DDP|E client used by the
DDP|E server.
MCID
Agent Version
Version of DDP|E client installed.
AGENT_VERSION
Server Hostname
Hostname of the DDP|E server managing this DDP|
E client.
SERVER_HOSTNAME
Protection Status
Example values are Protected and Unprotected.
Values of Locked or Unknown might indicate a
problem.
PROTECTION_STATUS
KACE Systems Management Appliance 8.0 Administrator Guide
About Dell Data Protection | Encryption (DDP|E) and encryption information in device details
313
MACHINE_DDPE
Item
Description
Database field
Last Inventory
Generated
Timestamp of when the last DDP|E client inventory
occurred. Not to be confused with K1 inventory.
PROTECTION_STATUS_UPDATED
Table 12. DDP|E Volume information displayed on the Device Detail page
MACHINE_DDPE_VOLUME
Item
Description
Database field
Device
Name of the device/volume as reported by the
operating system.
DEVICE_ID
Protection Status
Indication of the current level/status of DDP|E
protection on the DDP|E client.
PROTECTION_STATUS
Protection Reason
Manner of protection used on the DDP|E client. The
option is typically VendorProtected, which indicates
DDP|E or BitLocker.
PROTECTION_REASON
BitLocker
BitLocker is a full disk encryption feature included with Windows.
Table 13. Supported OSs for BitLocker
Operating system
Versions
Windows
Vista, 7 (Enterprise and Ultimate)
Windows
8, 8.1 (Pro and Enterprise)
Windows server
2008, 2008 R2, 2012, 2012 R2
Table 14. BitLocker information displayed on the Device Detail page
MACHINE_BITLOCKER_VOLUME
Item
Description
Database field
Device ID
Unique identifier for the volume on the
system.
DEVICE_ID
Persistent Volume
ID
A persistent identifier for the volume on
the system.
PERSISTENT_VOLUME_ID
Protection status
Denotes whether BitLocker is protecting
the volume.
PROTECTION_STATUS
•
Protection Off
•
Protection On
•
Protection Unknown
KACE Systems Management Appliance 8.0 Administrator Guide
About Dell Data Protection | Encryption (DDP|E) and encryption information in device details
314
MACHINE_BITLOCKER_VOLUME
Item
Description
Database field
Metadata Version
Possible values:
VERSION
Encryption Method
•
0
•
1
•
2
Type of encryption used. For example,
AES-128. Possible values:
•
None
•
AES-128 with Diffuser
•
AES-256 with Diffuser
•
AES-128
•
AES-256
•
Encrypted
•
Unknown
Hardware
Encryption Status
NOTE: The Hardware Encryption
Status property is supported on
Windows 8 and higher systems.
SELF_ENCRYPTION_DRIVE
_ENCRYPTION_METHOD
HARDWARE_ENCRYPTION_STATUS
Possible values:
Lock Status
Conversion Status
•
Unknown
•
Not Supported
•
No Protection
•
Uses Software
•
Uses Hardware
Possible values:
•
Unknown
•
Unlocked
•
Locked
LOCK_STATUS
Status of the conversion. Possible values: CONVERSION_STATUS
•
Unknown
•
Fully Decrypted
•
Fully Encrypted
•
Encryption In Progress
•
Decryption In Progress
•
Encryption Paused
•
Decryption Paused
KACE Systems Management Appliance 8.0 Administrator Guide
About Dell Data Protection | Encryption (DDP|E) and encryption information in device details
315
MACHINE_BITLOCKER_VOLUME
Item
Description
Database field
Encryption
Percentage
The extent of conversion, shown as a
percentage.
ENCRYPTION_PERCENTAGE
Wiping Status
Status of any wiping of free space.
Possible values:
WIPING_STATUS
•
Unknown
•
Free Space Not Wiped
•
Free Space Wiped
•
Free Space Wiping In Progress
•
Free Space Wiping Paused
Wiping Percentage
The extent of free space wiping, shown
as a percentage.
WIPING_PERCENTAGE
Key Protectors
Key protectors in place. Possible values:
KEY_PROTECTORS
•
Unknown
•
Trusted Platform Module (TPM)
•
External Key
•
Numerical Password
•
TPM and PIN
•
TPM and Startup Key
•
TPM and PIN and Startup Key
•
Public Key
•
Passphrase
•
TPM Certificate
•
CryptoAPI Next Generation (CNG)
Protector
FileVault 2
FileVault 2 is a full disk encryption feature included with Mac OS X.
Table 15. Supported OSs for FileVault 2
Operating system
Versions
Mac OS X
10.8, 10.9, 10.10
Table 16. FileVault 2 information displayed on the Device Detail page
MACHINE_FILEVAULT_VOLUME
Item
Description
Database field
Enabled
Indicates if FileVault is enabled.
IS_ENABLED
KACE Systems Management Appliance 8.0 Administrator Guide
About Dell Data Protection | Encryption (DDP|E) and encryption information in device details
316
MACHINE_FILEVAULT_VOLUME
Item
Description
Database field
Personal Recovery
Key
Indicates the existence of a Personal Recovery Key.
HAS_PERSONAL_RECOVERY_KEY
Institutional
Recovery Key
Indicates the existence of a corporate-provisioned
X.509-based asymmetric key pair.
HAS_INSTITUTIONAL_RECOVERY
Authorized Users
A list of accounts that can unlock the drive in EFI.
AUTHORIZED_USERS
Conversion Status
The status of the encryption process. Examples
include Pending Conversion, Converting, Encryption
Paused, and Complete.
CONVERSION_STATUS
Conversion
Percentage
The extent of conversion, shown as a percentage.
CONVERSION_PERCENTAGE
Encryption Status
Status of the encryption. For example, Locked or
Unlocked.
ENCRYPTION_STATUS
Encryption Type
Type of encryption used. For example, AES-XTS.
ENCRYPTION_TYPE
Device
Unique identifier for the volume on the system.
DEVICE_ID
Version
_KEY
VERSION
Trusted Platform Module (TPM)
TPM is a dedicated microprocessor that secures hardware by integrating cryptographic keys into devices.
Table 17. Supported OSs for TPM
Operating system
Versions
Windows
Vista, 7, 8, 8.1
Windows Server
2008, 2008 R2, 2012, 2012 R2
Table 18. TPM information displayed on the Device Detail page
MACHINE_TPM
Item
Description
Database field
Manufacturer
Manufacturer of the TPM chip.
MANUFACTURER_ID_TEXT
Manufacturer
Version
Version of the TPM chip.
MANUFACTURER_VERSION
Manufacturer
Version Info
Additional version information that is specific to the
manufacturer.
MANUFACTURER_VERSION_INFO
Specification
Version
The version of the Trusted Computing Group (TCG)
specification that the TPM supports.
SPECIFICATION_VERSION
KACE Systems Management Appliance 8.0 Administrator Guide
About Dell Data Protection | Encryption (DDP|E) and encryption information in device details
317
MACHINE_TPM
Item
Description
Database field
Physical Presence
Version
The version of the Physical Presence Interface
that the device supports. The Physical Presence
Interface is a communication mechanism that runs
device operations that require physical presence.
PHYSICAL_PRESENCE_VERSION
TPM Enabled
Step 1 of TPM initialization.
IS_TPM_ENABLED
TPM Activated
Step 2 of TPM initialization.
IS_TPM_ACTIVATED
TPM Owned
Step 3 of TPM initialization.
IS_TPM_OWNED
_INFO
Add a Dump Inventory registry key to permit inventory collection
on Windows DDP|E client devices
If DumpXmlInventory is absent on a Windows DDP|E client, the KACE SMA cannot get access to the
inventory .xml file in order to collect the relevant field information.
Dell Data Protection | Encryption is installed on the Windows device. Go to http://www.dell.com/support/home/us/
en/19/product-support/product/dell-data-protection-encryption/drivers.
The procedure for adding the key is different for Agent-managed devices and Agentless-managed devices.
•
Add the DumpXmlInventory registry key to an Agent-managed Windows device
•
Add the DumpXmlInventory registry key to an Agentless-managed Windows device
Add the DumpXmlInventory registry key to an Agent-managed Windows device
You must add DumpXmlInventory to a Windows DDP|E client before the KACE SMA can collect field
information from that client's inventory.xml file.
For Agent-managed Windows devices, you can use a default offline KScript from the KACE SMA scripting feature
to set the "dump inventory" registry key. This key is necessary for the DDP|E agent to write the detailed inventory
XML data to the KACE SMA file system.
1.
2.
NOTE: After you set the registry key, the DDP|E service requires a full policy update schedule before the
KACE SMA is able to collect inventory.
Go to the Script Detail page for the KACE SMA Enable Detailed DDPE Inventory (Windows) script.
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Scripting.
c.
From the list, select KACE SMA Enable Detailed DDPE Inventory (Windows).
In the Configure section, specify script settings:
Option
Description
Name
KACE SMA Enable Detailed DDPE Inventory (Windows), the name of this default
script.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices
318
Option
Description
Enabled
Select this check box to run the script on the target devices. Do not enable a script
until you are finished testing it and are ready to run it. Enable the script on a test label
before you enable it on all devices.
Type
The script type is Offline KScripts.
Status
Indicates the readiness of the script to be rolled out to the network. Set the status to
Production.
Description
Contains the brief description of the actions the default script performs.
Notes
Any additional information you want to provide.
3.
In the Deploy section specify deployment options:
Option
Description
All Devices
Deploy to all devices. Clear the check box to limit the deployment to specific labels or
devices.
Labels
Limit deployment to devices that belong to specified labels. To select labels, click
Edit, drag labels to the Limit Deployment to window, then click Save.
If you select a label that has a Replication Share or an alternate download location,
the appliance copies digital assets from that Replication Share or alternate download
location instead of downloading them directly from the appliance.
NOTE: The appliance uses a Replication Share before it uses the KACE Alt
Location.
Devices
Limit deployment to one or more devices. To find devices, begin typing in the field.
Operating
Systems
LThe operating systems on which the application runs. Applications are deployed
only to devices with the selected operating systems.
a.
Click Manage Operating Systems.
b.
In the Operating Systems dialog box that appears, select the OS versions in
the navigation tree, as applicable.
You have an option to select OS versions by their family, product, architecture,
or build version. You can choose a specific build versions, or a parent node, as
needed. Selecting a parent node in the tree automatically selects the associated
child nodes. This behavior allows you to select any future OS versions, as
devices are added or upgraded in your managed environment. For example, to
select all build current and future versions associated with the Windows 10 x64
architecture, under All > Windows > Windows 10, select x64.
4.
In the Schedule section, specify run options:
Option
Description
None
Run in combination with an event rather than on a specific date or at a specific time.
Every nth minutes/ Run at a specified interval.
hours
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices
319
Option
Description
Every day/specific Run daily at a specified time, or run on a designated day of the week at a specified
time.
day at HH:MM
Run on the nth of
Run on the same day every month, or a specific month, at the specified time.
every month or on
a specific month
at HH:MM
Custom Schedule
Run according to a custom schedule.
Use standard 5-field cron format (extended cron format is not supported):
* * * * *
| | | | +────────day of week (0-6)(Sun=0)
| | | +────────month (1-12)
| | +────────day of month (1-31)
| +────────hour (0-23)
+────────minute (0-59)
Use the following when specifying values:
•
Spaces ( ): Separate each field with a space.
•
Asterisks (*): Include the entire range of values in a field with an asterisk. For
example, an asterisk in the hour field indicates every hour.
•
Commas (,): Separate multiple values in a field with a comma. For example,
0,6 in the day of the week field indicates Sunday and Saturday.
•
Hyphens (-): Indicate a range of values in a field with a hyphen. For example,
1-5 in the day of the week field is equivalent to 1,2,3,4,5, which indicates
Monday through Friday.
•
Slashes (/): Specify the intervals at which to repeat an action with a slash. For
example, */3 in the hour field is equivalent to 0,3,6,9,12,15,18,21. The
asterisk (*) specifies every hour, but /3 restricts this to hours divisible by 3.
Examples:
•
15 * * * * Run 15 minutes after every hour every day
•
0 22 * * * Run at 22:00 every day
•
0 0 1 1,6 * Run at 00:00 on January 1 and June 1
•
30 8,12 * * 1-5 Run weekdays at 08:30 and 12:30
•
0 2 */2 * * Run every other day at 02:00
Also run once
at next device
checkin (for offline
KScripts only)
Runs the offline KScript once when new scripts are downloaded from the appliance.
Also Execute
before login (for
offline KScripts
only)
Runs the offline KScript when devices start up. This might cause devices to start up
more slowly than normal.
Also Execute
after login (before
Runs the offline KScript after users enter Windows login credentials.
NOTE: If a device has an Active Directory or Group Policy Object setting that
displays a message that the user must acknowledge before logging on, scripts
do not run until the message is acknowledged.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices
320
Option
Description
desktop loads)
(for offline KScripts
only)
Allow run while
disconnected (for
offline KScripts
only)
Allows the offline KScript to run even if the target device cannot contact the appliance
to report results. In such a case, results are stored on the device and uploaded to the
appliance during the next connection.
Allow run without
a logged-in user
Allows the script to run even if a user is not logged in. To run the script only when the
user is logged in to the device, clear this option.
Run on next
connection if
offline
For online KScripts or Shell Scripts, this option enables the script to run on offline
machines when they become online again.
When a script runs, it calculates the number of machines it is supposed to run on
based on their labels, or their operating systems, or by manually identifying selected
machines. Given that set of machines, the script then determines which of those
machines are currently online, and then queues up a task for the online machines in
the Konductor.
When you select this option, the script skips the step that identifies online machines
and it runs on the online machines. For the offline machines, the task is added to the
Konductor's queue, and it runs when those machine become online.
Any subsequent tasks for running the same script (for example, for an offline machine
that already exists in the Konductor's queue) overwrite the existing tasks, so there
can never be more than one task in the Konductor's queue for the same machine.
Having a high number of tasks in the Konductor may affect the appliance's
performance, so the best practice is to use offline scripts for those machines that are
typically offline, and only use this option with online scripts when the target machines
are expected to be online, to avoid an overpopulating the Konductor's queue.
By default, this option is disabled.
5.
Skip the Dependencies and Tasks sections.
6.
Do one of the following:
•
Click Run Now to immediately push the script to all devices.
Use this option with caution. See Using the Run and Run Now commands.
•
Click Save.
Add the DumpXmlInventory registry key to an Agentless-managed Windows device
You must add DumpXmlInventory to a Windows DDP|E client before the KACE SMA can collect field
information from that client's inventory.xml file.
KACE Systems Management Appliance 8.0 Administrator Guide
Add a Dump Inventory registry key to permit inventory collection on Windows DDP|E client devices
321
For an Agentless-managed Windows device, the process requires that you create a new Group Policy Object on a
Windows Server 2008 or 2012 device so that you can deploy the registry setting to multiple devices in a domain.
1.
On a Windows Server 2008 or 2012 device, open the Group Policy Management Console.
2.
Right-click Group Policy Objects and click New.
3.
Provide a description name for the new GPO (for instance, Dell Data Protection | Encryption: Inventory
Registry Setting) and click OK.
4.
Right-click the new GPO and click Edit.
5.
Browse to Computer Configuration > Preferences > Windows Settings > Registry.
6.
Right-click Registry and select New > Registry Item.
7.
On the General tab, select Update in the Action drop-down menu.
8.
Select HKEY_LOCAL_MACHINE in the Hive drop-down list.
9.
Specify a Key Path of SYSTEM\CurrentControlSet\services\DellMgmtAgent\Parameters.
10. Specify a Value name of DumpXmlInventory.
11. Select REG_DWORD in the Value type drop-down list.
12. Specify 1 in the Value data field.
13. Select the Hexadecimal option in the Base group, and click OK.
14. Close the Group Policy Management Editor.
You can now link this new group policy object to a specific domain, Organizational Unit, and so on.
IMPORTANT: You should test the GPO on a specific computer or set of computers before deploying it to
all systems.
About Intel AMT information in device details
On Intel-based Windows devices with Intel AMT technology present, the KACE SMA can display information
about the AMT configuration.
Intel AMT is hardware-based technology for remotely managing Intel-based computer devices. Intel AMT is a
feature of Intel® Core™ processors with Intel® vPro™ technology.
NOTE: The data collection discussed here is separate from the vPro and AMT data that the KACE SMA
collects using Dell Command | Monitor. See About Dell Command | Monitor.
Intel AMT resources and KACE SMA requirements
For information from the Dell Tech Center, go to http://en.community.dell.com/techcenter/enterprise-client/
w/wiki/7537.dell-command-intel-vpro-out-of-band. For information and download link for the Intel Setup and
Configuration Software (SCS), which contains the components required to configure Intel AMT, go to http://
www.intel.com/content/www/us/en/software/setup-configuration-software.html.
In order for the KACE SMA to get access to the complete inventory information on an AMT device, the
device must have the Intel Management Engine installed. For driver downloads from Intel, go to https://
downloadcenter.intel.com/search?keyword=intel+management+engine.
KACE Systems Management Appliance 8.0 Administrator Guide
About Intel AMT information in device details
322
Intel AMT information
Table 19. Intel AMT information displayed on the Device Detail page
MACHINE_INTEL_AMT
Item
Description
Database field
SKU
The Stock Keeping Unit of the
device. Possible values are:
SKU
Status
Configuration Mode
Control Mode
•
Full AMT Manageability
•
Standard Manageability
Indicates whether AMT is
configured on the device.
STATE
The current configuration mode of
the AMT device. Possible values
are:
CONFIGURATION_MODE
•
SMB Mode
•
Enterprise Mode
•
None
The current Control Mode of the
AMT device. Possible values are:
•
Client control Mode
•
Admin Control Mode
•
None
IS_AMT_CONFIGURED
CONTROL_MODE
Firmware Version
The version of firmware in the
AMT device.
FW_VERSION
MEI Driver
Indicates if the MEI driver is
installed and working, and if so,
the version of the driver.
IS_MEI_ENABLED
MEI_VERSION
Finding and managing devices
Use Advanced Search, labels, and alerts to find and manage devices in inventory.
Finding devices in inventory
Advanced Search enables you to specify values for any field present in the inventory record and search the entire
inventory for those values.
This type of search is useful when you want to find devices with specific characteristics, such as a particular BIOS
version, MAC address, or operating system. See Searching at the page level with advanced options.
You can also run a simple search to quickly find a specific device. For example, you can look for a device whose
barcode contains specific characters.
KACE Systems Management Appliance 8.0 Administrator Guide
Finding devices in inventory
323
Using alerts to find devices
You can configure alerts to automatically send email messages to administrators when devices meet the criteria
you select. For example, if you want to notify administrators when devices approach disk space limits, you can set
up email alerts based on disk usage. See Add notification schedules from the Reporting section.
Filtering devices by Organizational Unit
To filter devices based on Organizational Units found in LDAP or Active Directory servers, you can use LDAP
Labels. See About LDAP Labels.
Labeling devices to group them
You can use manual labels and Smart Labels to group devices. Doing so makes it possible to perform actions,
such as updating software, on devices as a group.
To enable the metering of Software Catalog applications, you must apply a metering-enabled label to the devices
on which the applications are installed. For more information about metering, see Using software metering.
Add, apply, and remove manual device labels
You can add manual labels and apply them to, or remove them from, devices. Manual labels remain associated
with devices until the labels are manually removed from devices.
1.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Devices.
2.
Select the check boxes next to one or more devices.
3.
Select Choose Action > Add Label.
4.
In the Add Label text box, enter a name for the label.
TIP: Avoid using backslashes (\) in label names. If you need to use a backslash in a label name,
add a second backslash (\\) to escape it.
5.
Click Add Label.
6.
To apply an existing label:
a.
Select the check box next to one or more devices.
b.
Select Choose Action > Apply Labels.
c.
Drag labels into Apply these labels, then click Apply Labels.
The label appears next to the device name on the Devices list.
7.
To remove a manual label:
a.
Select the check box next to one or more devices.
b.
Select Choose Action > Remove Label > Label_Name.
The label is removed from the devices.
Using Smart Labels for devices
Use Smart Labels to find and label devices automatically based on specified criteria.
For example, to track laptops in a specific office, you could create a label called “San Francisco Office,” and
create a Smart Label based on the IP address range or subnet for devices located in the San Francisco office.
Whenever a device that falls within the IP address range is inventoried, the Smart Label “San Francisco Office”
KACE Systems Management Appliance 8.0 Administrator Guide
Labeling devices to group them
324
is automatically applied. When the device leaves the IP address range, and is inventoried again, the label is
automatically removed.
Smart Labels are applied to and removed from managed devices when the appliance processes device inventory.
So if you create a Smart Label that enables metering on devices, it might take time for the Smart Label to be
applied to devices and for devices to report metering information. Metering is enabled for devices that match the
Smart Label criteria only after devices are inventoried and the Smart Label is applied.
For more information, see Managing Smart Labels.
The following table lists examples of useful Smart Labels that can be applied to devices based on inventory
attributes:
Sample Label Name
Sample Criteria
Win7 Low Disk
Windows 7 devices with less than 1 GB of free hard disk space
WS2012 No 2916993
Windows Server 2012 devices without Hotfix 2916993 installed
Building 3
Devices in an IP address range known to originate in Building 3
CN Sales
Devices whose device name contains the word sales
Run actions on devices
You can use Device Actions to run actions on devices remotely, provided that those programs are installed on the
remote devices.
You have created Device Actions from which to choose. For information on adding or editing Device Actions, see
Configure appliance General Settings without the Organization component.
1.
2.
NOTE: To run Device Actions, you must have the Administrator Console open in Internet Explorer,
because ActiveX is required to launch these programs on the local device. Other browsers do not support
ActiveX.
Go to the Device Detail page for a device:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Devices.
c.
On the Devices list, in the row that contains the required device, select the check box.
Select an action in the Actions drop-down list.
NOTE: If no Device Actions have been created, the Actions drop-down list does not appear.
TIP: Assigning devices to a user (Choose Action > Assign To) causes all of the assigned
devices to appear listed for the selected user on the My Devices page in the User Console.
When the user attempts to download and install software, they can select a target device, as
required.
View devices that have been added manually
Devices that have been added manually appear on the Devices list along with other managed devices. You can
use Advanced Search to filter the Devices list to show only those devices that have been added manually.
1.
Go to the Devices list:
KACE Systems Management Appliance 8.0 Administrator Guide
View devices that have been added manually
325
2.
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Devices.
To filter the list to show only those devices that have been added manually:
a.
Click the Advanced Search tab above the list on the right to display the Advanced Search panel.
b.
Specify the criteria required to find devices that have been added manually:
Option
Criteria
Field Name
Device Identity Information: Inventory Type
Operator
is
Value
Choose one of the following:
c.
•
Wsapi Agent: Inventory uploaded through the API.
•
XML Import: Inventory uploaded on the Software Detail page.
Click Search.
Devices that have been added manually are displayed.
Delete devices from inventory
If you have unused or obsolete devices in inventory, you can delete them manually. This deletion prevents the
devices from being counted toward the number of devices you are allowed to manage through your Quest KACE
license.
1.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Devices.
2.
Select the check box next to one or more devices.
3.
Select Choose Action > Delete, then click Yes to confirm.
Provisioning the KACE SMA Agent
Agent provisioning is the task of installing the KACE SMA Agent on devices you want to add to KACE SMA
inventory using the Agent.
About the KACE SMA Agent
The KACE SMA Agent is an application that can be installed on devices to enable inventory reporting and other
device management features.
Agents that are installed on managed devices communicate with the KACE SMA through AMP (Agent Messaging
Protocol). Agents perform scheduled tasks, such as collecting inventory information from, and distributing
software to, managed devices. Agentless management is available for devices that cannot have Agent software
installed, such as printers and devices with operating systems that the Agent does not support. See Using
Agentless management.
KACE Systems Management Appliance 8.0 Administrator Guide
Provisioning the KACE SMA Agent
326
Tracking changes to Agent settings
If History subscriptions are configured to retain information, you can view the details of the changes made to
settings, assets, and objects.
This information includes the date the change was made and the user who made the change, which can be useful
during troubleshooting. See About history settings.
Methods for provisioning the KACE SMA Agent
You have a number of ways to deploy the KACE SMA Agent to the devices you want to manage.
•
Provision using the Agent Provisioning Assistant: You can use the Agent Provisioning Assistant
to perform provisioning for devices with Windows, Mac OS X, and Linux operating systems. Within the
Assistant, you can choose between using the KACE SMA GPO Provisioning Tool for deploying the Agent to
Windows devices, or using Onboard Provisioning for deploying the Agent to Windows, Mac OS X, or Linux
devices.
The GPO Provisioning Tool is recommended for Windows devices because using the tool minimizes the
pre-configuration that must happen on the target device. It requires an Active Directory environment. The
onboard provisioning approach requires you to perform client-side configuration on the devices to be
managed before you can start provisioning.
•
Provision using manual deployment: Manual deployment is useful when automated Agent provisioning is
not practical or when you want to deploy the KACE SMA Agent using email or logon scripts.
Related topics
Provisioning the KACE SMA Agent using the GPO Provisioning Tool for Windows devices
Provisioning the KACE SMA Agent using onboard provisioning
Manually deploying the KACE SMA Agent
Enabling file sharing
To provision Agent software, you must enable file sharing.
If the Organization component is enabled on your appliance, see Enable file sharing at the System level.
Otherwise, see Enable file sharing without the Organization component enabled.
Enable file sharing at the System level
If the Organization component is enabled on your appliance, you must enable file sharing at the System level to
provision the Agent.
1.
NOTE: If the Organization component is not enabled on your appliance, follow the instructions in Enable
file sharing without the Organization component enabled.
Go to the Security Settings page:
a.
b.
c.
2.
Log in to the KACE SMA System Administration Console, http://KACE_SMA_hostname/
system, or select System from the drop-down list in the top-right corner of the page.
On the left navigation bar, click Settings.
On the Control Panel, click Security Settings.
In the Samba section, specify the following settings:
Option
Description
For appliances with
the Organization
component
enabled:
Use the appliance's client share to store files, such as files used to install applications
on managed devices.
The appliance’s client share is a built-in Windows file server that the provisioning
service can use to assist in distributing the Samba client on your network. Quest
KACE Systems Management Appliance 8.0 Administrator Guide
Enabling file sharing
327
Option
Description
Enable
Organization File
Shares
recommends that this file server only be enabled when you perform application
installations on managed devices.
Require NTLMv2
authentication
to appliance file
shares
Enable NTLMv2 authentication for the KACE SMA files shares. When this setting
is enabled, managed devices connecting to the KACE SMA File Shares require
support for NTLMv2 and authenticate to the KACE SMA using NTLMv2. Even though
NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are
more common and this option is usually turned off. Enabling this option disables
lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are
supported. If you need NTLM v2 Level 5, consider manually provisioning the KACE
SMA Agent. See Manually deploying the KACE SMA Agent.
Require NTLMv2
to off-board file
shares
Force certain KACE SMA functions that are supported through the Samba client,
such as Agent Provisioning, to authenticate to offboard network file shares using
NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, nonNTLMv2 configurations are more common and this option is usually disabled.
Enabling this option enables the client ntlmv2 auth option for Samba client
functions.
3.
Click Save.
4.
If prompted, restart the appliance.
When the appliance restarts, enable file sharing at the organization level. See Enable organization-level file
sharing with the Organization component enabled.
Enable organization-level file sharing with the Organization component enabled
If the Organization component is enabled on your appliance, you must enable file sharing at the organization level
to provision the Agent.
Verify that organization file shares are enabled. For instructions, see Enable file sharing at the System level.
1.
2.
Go to the Admin-level General Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings.
c.
On the Control Panel, click General Settings.
Select Enable File Sharing in the Samba Share Settings section.
If File Shares are disabled, you must enable them at the System level. See Configure security settings for
the appliance.
3.
Optional: Enter a password for the File Share User.
4.
Click Save Samba Settings.
5.
If prompted, restart the appliance.
6.
If you have multiple organizations, repeat the preceding steps for each organization.
Enable file sharing without the Organization component enabled
If the Organization component is not enabled on your appliance, you must enable file sharing in the appliance
security settings to provision the Agent.
1.
Go to the Security Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
KACE Systems Management Appliance 8.0 Administrator Guide
Enabling file sharing
328
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings.
c.
On the Control Panel, click Security Settings.
2.
In the Samba section, select Enable File Sharing.
3.
Optional: Select authentication options:
Option
Description
Require NTLMv2
to authenticate
appliance file
shares
Enable NTLMv2 authentication for the KACE SMA files shares. When this setting
is enabled, managed devices connecting to the KACE SMA File Shares require
support for NTLMv2 and authenticate to the KACE SMA using NTLMv2. Even though
NTLMv2 is more secure than NTLM and LANMAN, non-NTLMv2 configurations are
more common and this option is usually turned off. Enabling this option disables
lanman auth and ntlm auth on the Samba server. NTLMv2 Levels 1-4 are
supported. If you need NTLM v2 Level 5, consider manually provisioning the KACE
SMA Agent. See Manually deploying the KACE SMA Agent.
Require NTLMv2
authentication
to off-board file
shares
Force certain KACE SMA functions that are supported through the Samba client,
such as Agent Provisioning, to authenticate to offboard network file shares using
NTLMv2. Even though NTLMv2 is more secure than NTLM and LANMAN, nonNTLMv2 configurations are more common and this option is usually disabled.
Enabling this option enables the client ntlmv2 auth option for Samba client
functions.
4.
Click Save.
5.
If prompted, restart the appliance.
Provisioning the KACE SMA Agent using the GPO Provisioning
Tool for Windows devices
Of the methods for provisioning the Agent on Windows devices, Quest recommends the GPO Provisioning Tool
because using the tool minimizes the pre-configuration that must happen on the target devices.
The GPO Provisioning Tool uses Active Directory® and Group Policy to distribute the installation settings and to
perform the installation of the Agent. The tool creates a GPO, or modifies a pre-existing GPO to install the KACE
SMA Agent when a device authenticates with Active Directory.
The first time a target device refreshes Group Policy after the tool has completed the creation or modification
process, a new Group Policy client-side extension dll is registered on the devices applying this GPO. Then the
next time that the device refreshes Group Policy, Windows triggers the newly registered client-side extension to
install the KACE SMA Windows Agent.
For the Quest Knowledge Base article that contains the link to download the GPO Provisioning Tool, go to https://
support.quest.com/kb/133776.
Prepare to use the GPO Provisioning Tool for Agent deployment
Before you can use the GPO Provisioning Tool to deploy Agents to Windows devices, you must ensure that your
system is configured to use the tool.
The following system requirements are necessary for using the GPO Provisioning Tool:
•
Windows Vista and higher: Remote Server Administration Tools (RSAT) enables IT administrators to
remotely manage roles and features in Windows Server 2012 R2, Windows Server 2012, Windows Server
2008 or Windows Server 2008 R2 from a computer that is running Windows 8.1, Windows 8, Windows 7, or
Windows Vista.
KACE Systems Management Appliance 8.0 Administrator Guide
Provisioning the KACE SMA Agent using the GPO Provisioning Tool for Windows devices
329
Go to http://social.technet.microsoft.com/wiki/contents/articles/2202.remote-server-administration-tools-rsatfor-windows-client-and-windows-server-dsforum2wiki.aspx.
•
For Windows XP: Install and enable the Group Policy Console for your Windows operating system.
Go to http://microsoft.com/en-us/download/details.aspx?id=21895.
•
.NET Framework 3.5.
•
Windows Server 2008 or higher Active Directory Functional Level.
•
Distribution Share: Make sure to use a share that everyone can access. For example, do not place the
.msi file on the NETLOGON share, because not every user can reach that share and the lack of access
will cause your upgrade to fail in the future. This location should be a permanently accessible share. The
installer is an MSI (Microsoft Installer) file. To uninstall or upgrade software, MSI needs access to the .msi
file. If it is not accessible, msiexec will not uninstall.
Provision KACE SMA Agents using the KACE SMA GPO Provisioning Tool
You can install the KACE SMA Agent on a single device, or on multiple devices by using the KACE SMA GPO
Provisioning Tool, starting within the Agent Provisioning Assistant. You can use this method to provision Windows
devices.
•
You have an Active Directory environment.
•
You have appropriate access to set up software installations.
•
You have met the system requirement spelled out in Prepare to use the GPO Provisioning Tool for Agent
deployment.
To complete this task, you leave the KACE SMA to work in the Windows Group Policy Management Console or
the Windows Administrative Tools using the KACE SMA GPO Provisioning Tool before returning to the appliance.
1.
Go to the Agent Provisioning Assistant:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Provisioning.
c.
On the Provisioning panel, click Agent Provisioning Assistant.
The Agent Provisioning Assistant: Step 1 of 3 page appears.
2.
Select the check box for Provisioning Using Windows Group Policy (recommended), and click Next to
display the Agent Provisioning Assistant: Step 2 of 3 page.
3.
Click the link to the Knowledge Base article about using the KACE SMA GPO Provisioning Tool for Agent
deployment at https://support.quest.com/kb/133776.
The Knowledge Base article provides a link to download the MSI for the GPO Provisioning Tool.
Installing and starting the tool requires leaving the KACE SMA interface.
4.
Download the MSI, and start it to install the tool.
5.
Start the installed tool from the Start menu.
The deployment wizard leads you through steps to configure and apply a GPO for software deployment.
Where possible, the wizard attempts to use defaults that reduce the amount of configuration required.
NOTE: Only GPOs for which you have permission to edit are displayed in the tool.
6.
Return to the Agent Provisioning: Step 2 of 3 page in the KACE SMA when you have completed working in
the tool, and click Next.
7.
Click Finish on the Agent Provisioning: Step 3 of 3 page.
KACE Systems Management Appliance 8.0 Administrator Guide
Provisioning the KACE SMA Agent using the GPO Provisioning Tool for Windows devices
330
Agents are installed on the client devices after the Group Policy is refreshed on those devices. Depending on the
environment, this installation takes place either when the device reboots, or after a 90-minute refresh cycle occurs
for the Group Policy.
Go to the Devices page to keep track of the progress of devices having the agents installed and checked in.
Provisioning the KACE SMA Agent using onboard provisioning
You can install the KACE SMA Agent on multiple devices by specifying a range of IP addresses as targets
for deployment (onboard provisioning). Windows, Mac OS X, and Linux devices can be targets for onboard
provisioning.
After you have prepared each of your target client devices, you use the Agent Provisioning Assistant in the KACE
SMA to identify the devices and set up a provisioning schedule.
Preparing to install the KACE SMA Agent
Before you install the KACE SMA Agent on devices using onboard provisioning, you must verify system
requirements, enable file sharing, and prepare devices.
For information on file sharing, see Enabling file sharing.
Verifying system requirements for the KACE SMA Agent installation
Before you install the KACE SMA Agent on devices, verify that the required ports are accessible, and that
managed devices meet system requirements.
Managed devices must meet the following system requirements and be able to access the required ports:
•
Go to https://support.quest.com/technical-documents/kace-sma/8.0/technical-specifications-for-physicalappliances/.
•
See Verifying port settings, NTP service, and website access.
Prepare Windows devices to have the Agent installed
Before you install the KACE SMA Agent on Windows devices, you must configure file sharing and User Account
Control (UAC) properly.
•
Prepare a Windows Vista™, Windows 7, or Windows 8 device
Provide Administrator credentials for each device. To install the KACE SMA Agent on multiple devices, the
Administrator credentials must be the same for all devices.
To configure User Account Control (UAC), do one of the following:
◦
Set User Account Control: Run all administrators in Admin Approval Mode to Disabled. This
option is recommended, because it is more secure and can be centrally configured using GPO. To
find this setting, open the Group Policy (type secpol.msc into the Search programs and files field
under the Start menu), then go to Local Policies > Security Options. Restart the device after
applying the settings.
◦
Disable UAC. On Windows Vista, go to Control Panel > User Accounts > User Accounts > Turn
User Account Control on or off. On Windows 7, go to Control Panel > System and Security >
Action Center > Change User Account Control Settings. On Windows 8, go to Control Panel >
System and Security > Administrative Tools > Local Security Policy, then in Security Options in
the Local Policies section choose Disabled for each of the items labeled User Account Control.
On the Advanced Sharing Settings page, enable network discovery and file and printer sharing.
•
Prepare a Windows XP device
Turn off Simple File Sharing. For instructions, go to http://support.microsoft.com/kb/304040 on the Microsoft
Support website.
KACE Systems Management Appliance 8.0 Administrator Guide
Provisioning the KACE SMA Agent using onboard provisioning
331
•
NOTE: If Simple File Sharing is enabled, logon failures occur. This failure is because Simple File
Sharing does not support administrative file shares and the associated access security required for
provisioning. Therefore, Simple File Sharing must be turned off during Agent provisioning.
Prepare Windows Firewall
If Windows Firewall is enabled, you must enable File and Print Sharing in the Exceptions list of the
Firewall Configuration. For instructions, see the Microsoft Support website.
•
Verify port availability
Verify the availability of ports 139 and 445.
The appliance verifies the availability of ports 139 and 445 on target devices before attempting to run any
remote installation procedures.
NOTE: On Windows devices, ports 139 and 445, File and Print Sharing, and Administrator credentials
are required only during Agent installation. You can disable access to these ports and services after
installation if necessary. The Agent uses port 52230 for ongoing communications.
NOTE: After installation, the Agent runs within the context of the Local System Account, which is a
built-in account used by Windows operating systems.
Install the KACE SMA Agent on a device or multiple devices
You can install the KACE SMA Agent on a single device, or on multiple devices by specifying a range of IP
addresses as targets for installation, using the Agent Provisioning Assistant. You can use this method to provision
Windows, Mac, or Linux devices.
•
You have prepared all the target devices. See Preparing to install the KACE SMA Agent.
•
You have information for the administrator account that has the necessary privileges to install Agents on
the target devices.
With the Agent Provisioning Assistant, you can create provisioning schedules to specify how and when to install
the KACE SMA Agent on devices in your network. Provisioning according to a schedule is useful to help ensure
that devices in an IP address range have the Agent installed.
Provisioning schedules configure the KACE SMA to periodically check devices in a specified IP address range
and install, reinstall, or uninstall the KACE SMA Agent as needed.
For provisioning Windows devices, you can also use the KACE SMA GPO Provisioning Tool. Using the tool
minimizes the pre-configuration that must happen on the target device. See Provisioning the KACE SMA Agent
using the GPO Provisioning Tool for Windows devices.
1.
Go to the Agent Provisioning Assistant:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Provisioning.
c.
On the Provisioning panel, click Agent Provisioning Assistant.
The Agent Provisioning Assistant: Step 1 of 3 page appears.
2.
Select Provisioning Using IP Range (Windows, Mac, Linux) and click Next to display the Provisioning
Schedule Detail page.
3.
In the Configure section, name the schedule, enable provisioning, and provide platform information:
Option
Description
Name
A unique name that identifies this configuration. The name appears on the
Provisioning Schedules page.
KACE Systems Management Appliance 8.0 Administrator Guide
Provisioning the KACE SMA Agent using onboard provisioning
332
Option
Description
Enabled
Enable provisioning schedules. Schedules run only if this check box is selected.
Install/Uninstall
Indicates whether the provisioning schedule deals with installing or uninstalling
Agents.
Credentials
Separate rows for the credentials needed to connect to the device and run
commands for the particular platform targeted by the schedule. The first column
contains the operating system. The second column contains the Agent Version in
place for installation. The third column contains a drop-down list from which to select
existing credentials. You can select Add new credential to add credentials not
already listed.
See Add and edit User/Password credentials.
4.
In the Deploy section, identify the devices to be included in the schedule:
Option
Description
Target IP
addresses or
hostnames
A comma-separated list of the IP addresses or host names of the target devices. Use
hyphens to specify individual IP address class ranges.
TIP: The KACE SMA supports both IPv6 (Internet Protocol version 6) and IPv4
addresses.
The Help me pick devices link enables you to add devices to the Target IP
addresses or Hostnames list:
•
Provisioning IP Range: Use hyphens to specify individual IP address class
ranges. For example:
◦
IPv6: fdef:22b9:e8ae:14a9::1a0:f000-f0aa
◦
IPv4: 192.168.2-5.1-200
After specifying a range, click Add All
•
5.
Select Devices from Discovery: This drop-down list is populated from
the Discovery Results. To filter the contents, start typing in the field. After
selecting a device, click Add All.
Set the time for the schedule to run.
Option
Description
None
Run in combination with an event rather than on a specific date or at a specific time.
Every n minutes/
hours
Run at a specified interval.
Every day/specific Run daily at a specified time, or run on a designated day of the week at a specified
time.
day at HH:MM
On the nth of
every month/
Run on the same day every month, or a specific month, at the specified time.
KACE Systems Management Appliance 8.0 Administrator Guide
Provisioning the KACE SMA Agent using onboard provisioning
333
Option
Description
specific month at
HH:MM
6.
7.
Optional: Use Advanced settings to:
◦
Customize the ports the appliance uses to deploy the Agent.
◦
Designate an alternative download location for the Agent installer.
◦
Enable a complete uninstall of the Agent. Selecting Remove KUID during uninstall results in an
existing Agent being removed from the device before the Agent is installed again. In this case, the
KACE SMA generates a new KUID for the asset, and it appears as a new device in the KACE SMA.
Click Run now to display the Provisioning Schedules page and the new configuration.
The appliance saves the configuration with the name you supplied, and then runs the configuration against
the targeted IP addresses.
The Provisioning Schedules page displays the progress of the successful installations after the schedule's start
time.
Related topics
Power-on the appliance and log in to the Administrator Console
Provisioning the KACE SMA Agent using the GPO Provisioning Tool for Windows devices
Manually deploying the KACE SMA Agent
Managing provisioning schedules
To streamline the Agent installation process, you can add provisioning schedules that specify how and when
to install the KACE SMA Agent on devices. You can add, view, edit, run, duplicate, and delete provisioning
schedules.
View, run, edit, or duplicate provisioning schedules
You can view provisioning schedule status and other details on the Provisioning Schedules page. From this page
you can also run and edit provisioning schedules as needed.
When you duplicate provisioning schedule, its properties are copied into the new configuration. If you are creating
a configuration that is similar to an existing configuration, starting with a duplicated schedule can be faster than
creating a configuration from scratch.
1.
Go to the Provisioning Schedules list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Provisioning.
c.
On the Provisioning Panel, click Schedules.
The list displays the following columns:
Option
Description
Name
The name of the provisioning schedule (links to the Provisioning Schedule Detail
page).
Targeted
The total number of target devices in the configuration (links to the Provisioning
Results page).
KACE Systems Management Appliance 8.0 Administrator Guide
Managing provisioning schedules
334
Option
Description
Running
The total number of target devices on which provisioning is running (links to the
Provisioning Results page).
Pending
The total number of target devices on which provisioning has not yet started (links to
the Provisioning Results page).
Succeeded
The total number of target devices on which provisioning has succeeded (links to the
Provisioning Results page).
Failed
The total number of target devices on which provisioning has failed (links to the
Provisioning Results page).
Success Rate
The total number of target devices on which provisioning has succeeded as a
percentage.
IP Range
The IP address range of the target device.
Schedule
The specified provisioning schedule. For example: Everyn minutes, Every n hours, or
Never.
Enabled
Whether the configuration is enabled or disabled. A check mark indicates that the
provisioning schedule is enabled.
2.
3.
Run provisioning schedules:
a.
Select the check boxes for the schedules that you want to run.
b.
Select Choose Action > Run Now.
Edit schedules:
a.
Click the name of a schedule.
b.
Edit the provisioning schedule on the schedule's Provisioning Schedule Detail page, and click
Save.
See Install the KACE SMA Agent on a device or multiple devices.
4.
Duplicate schedules:
a.
Click the name of a schedule.
b.
In the Advanced section, click Duplicate to display the Provisioning Schedules page with the new
schedule listed as Copy of Schedule Name.
Delete provisioning schedules
You can delete provisioning schedules when you want to remove schedules from the appliance.
When provisioning schedules are deleted, results associated with those schedules are also deleted. Devices
provisioned using the schedules, however, are not removed from inventory.
1.
Go to the Provisioning Schedules list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Provisioning.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing provisioning schedules
335
c.
On the Provisioning Panel, click Schedules.
2.
Select the check box next to one or more schedules.
3.
Select Choose Action > Delete, then click Yes to confirm.
View provisioning results
You can view the results of actions performed by provisioning schedules.
1.
2.
Go to the Provisioning Schedules list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Provisioning.
c.
On the Provisioning Panel, click Schedules.
Click a link in the Running, Pending, Succeeded, or Failed column.
The Provisioning Results page appears with the following information:
Item
Description
Status
The status of the Agent connection to the appliance:
: An Agent-managed device is connected to the appliance.
: An Agent-managed device is not connected to the appliance.
Schedule Name
The name of the provisioning schedule.
IP Address
The IP address of the target device.
Hostname
The hostname of the target device. Click the Remote Connection button to open a
Remote Desktop Connection to the target device (Internet Explorer only):
Result
The status of the most recent provisioning attempt.
Action
I indicates a successful installation.
U indicates a successful uninstallation.
Error
The failure error, such as TCP ports not accessible.
Last Run
The last time the schedule ran.
3.
To view additional information about a target device, click its IP Address.
The KACE SMA Agent Provisioning page appears.
This page displays the results of the most recent provisioning run and includes information such as the IP
address, port configuration, and the logs of each provisioning step.
4.
To view inventory information, click the [computer inventory] link next to the MAC address.
NOTE: The [computer inventory] link appears only if the provisioning process can match the MAC
address of the target device with the current inventory data. See Managing MIA devices.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing provisioning schedules
336
Managing Agent communications
Communications between the appliance and Agents installed on managed devices include inventory reports,
alerts, patches, scripts, and crash logs. You can configure and view communications that are queued, or pending.
Configure Agent communication and log settings
Agents installed on managed devices periodically check in to the KACE SMA to report inventory, update scripts,
and perform other tasks.
You can configure the Agent settings, including the interval at which the Agents check in, messages displayed to
users, and log retention time, as described in this section. If you have multiple organizations, you configure Agent
settings for each organization separately.
1.
Do one of the following:
•
If the Organization component is enabled on your appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page next to the login information. Then click Organizations.
To display the organization’s information, click the organization’s name.
The Organization Detail page appears.
•
If the Organization component is not enabled on your appliance, select Settings > Provisioning.
Then click Communication Settings on the Provisioning panel.
The Communication Settings page appears.
2.
In the Communications Settings section, specify the following settings:
To reduce the load on the KACE SMA, limit the number of Agent connections to 500 per hour. The number
of connections that appears next to the inventory, scripting, and metering intervals, applies to the current
organization only. If the Organization component is enabled on your appliance, the total number of Agent
connections for all organizations should not exceed 500 per hour.
Option
Suggested Setting
Notes
Agent Logging
Enabled
Whether the KACE SMA stores scripting results provided by
Agents installed on managed devices. Agent logs can consume
as much as 1GB of disk space in the database. If disk space is
not an issue, enable Agent Logging to keep all log information
for Agent-managed devices. These logs can be useful during
troubleshooting. To save disk space, and enable faster Agent
communication, disable Agent Logging.
Agent Debug
Trace
Enabled
If selected, this option allows you to record the Agent's debug
trace. This information allows administrators to monitor the
Agent's performance, and to diagnose common problems.
Agent Inventory
12 hours
The frequency at which Agents on managed devices report
inventory. This information is displayed in the Inventory section.
Agentless
Inventory
1 day
The frequency at which Agentless devices report inventory.
This information is displayed in the Inventory section.
Catalog Inventory
1 day
The frequency at which managed devices report inventory to
the Software Catalog page.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing Agent communications
337
Option
Suggested Setting
Notes
Metering
4 hours
The frequency at which managed devices report metering
information to the KACE SMA. Requires metering to be enabled
on devices and applications.
Scripting Update
4 hours
The frequency at which Agents on managed devices request
updated copies of scripts that are enabled on managed
devices. This interval does not affect how often scripts run.
Max Download
Speed
As required
The maximum download speed, as required. Choose from the
available options.
Disable Wait for
Bootup Tasks
Disabled
If selected, this option stops the Agent from executing boot-up
tasks.
Disable Wait for
Login Tasks
Disabled
If selected, this option stops the agent from executing login
tasks.
3.
In the Notify section, specify the message to use for Agent communications:
Option
Suggested Setting
Notes
Agent Splash
Page Message
Default text:
The message that appears to users when
Agents are performing tasks, such as
running scripts, on their devices.
Agent Splash
Bitmap
As required
The path to an existing .bmp file that you
want to use as the splash logo.
Disable Bootup
Splash
Disabled
If selected, this option stops the agent
from displaying the boot-up splash logo.
Disable Login
Splash
Disabled
If selected, this option stops the agent
from displaying the login splash logo.
4.
KACE Systems Management
Appliance (SMA) is verifying
your PC Configuration and
managing software updates.
Please Wait...
In the Schedule section, specify the Communication Window:
Option
Suggested Setting
Notes
Communication
Window
00:00 to 00:00 (+1
day)
The period during which Agents on managed devices are
allowed to connect with the KACE SMA. For example, to allow
Agents to connect between the hours of 01:00 and 06:00 only,
select 01:00 from the first drop-down list, and 06:00 from the
second drop-down list.
You can set the communications window to avoid times when
your devices are busiest.
5.
In the Agentless Settings section, specify communications settings for Agentless devices:
Option
Description
SNMP Timeout
The time, in seconds or minutes, after which the connection is closed if there is no
activity.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing Agent communications
338
Option
Description
SSH/Telnet
Timeout
The time, in seconds, after which the connection is closed if there is no activity.
WinRM Timeout
The time, in seconds or minutes, after which the connection is closed if there is no
activity.
Maximum
Attempts
The number of times the connection is attempted.
6.
If the Organization component is not enabled on your appliance, specify Agent settings.
NOTE: If the Organization component is enabled on your appliance, these Agent settings are located
on the appliance KACE SMA System Administration Console General Settings page.
Option
Description
Last Task
Throughput
Update
This value indicates the date and time when the appliance task throughput was last
updated.
Current Load
Average
The value in this field depicts the load on an appliance at any given time. For the
appliance to run normally, the value in this field must be between 0.0 and 10.0.
Task Throughput
The value that controls how scheduled tasks, such as inventory collection, scripting,
and patching updates, are balanced by the appliance.
7.
NOTE: This value can be increased only if the value in the Current Load
Average is not more than 10.0 and the Last Task Throughput Update time is
more than 15 minutes.
Click Save.
The changes take effect when Agents check in to the appliance.
8.
If you have multiple organizations, repeat the preceding steps for each organization.
Related topics
View appliance logs
Configure appliance General Settings with the Organization component enabled
View Agent task status
You can view the status of tasks that are currently running, or that are scheduled to run, on Agent-managed
devices.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
On the left navigation bar, click Support to display the Support page.
3.
In the Troubleshooting Tools section, click Display Agent task status to display the Agent Tasks page.
By default, In Progress tasks are listed. To view other tasks, select different filtering options in the View By
drop-down list, which appears above the list on the right. Task information includes:
KACE Systems Management Appliance 8.0 Administrator Guide
Managing Agent communications
339
Column
Description
Device Name
The name of the device that is the target of the task.
Type
The type of task. Depending on appliance configuration, task types include alerts,
inventory, kbot, krash upload, and scripting updates.
Started
The start time of the task.
Completed
The completion time of the task.
Next Run
The next scheduled run time for the task.
Run Time
How long it took to run the task.
Timeout
The time limit for completing the task.
Priority
The importance or rank of the task.
The options displayed depend on type of tasks available on your appliance. Typical options include:
4.
◦
Ready to Run (connected): Tasks that are connected through the messaging protocol and about to
run.
◦
Ready to Run: Tasks that are queued to run when an messaging protocol connection is established.
◦
Longer than 10 minutes: Tasks that have been waiting longer than 10 minutes for a protocol
connection.
To view details about a device, click its name in the Device Name column.
The Device Detail page appears.
View the Agent Command Queue
The Agent Command Queue list shows messages, such as pop-ups and alerts, that have been queued for
distribution from the appliance to Agent-managed devices.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
On the left navigation bar, click Support to display the Support page.
3.
In the Troubleshooting Tools section, click View Agent command queue to display the Agent Command
Queue page.
Pending messages appear in this queue only during continuous connection between the Agent and the
appliance.
NOTE: Pending alerts appear on the Agent Command Queue page even if there is no connection
between the Agent and the KACE SMA.
The Agent Command Queue page contains the following fields:
KACE Systems Management Appliance 8.0 Administrator Guide
Managing Agent communications
340
Option
Description
Device Name
The name of the device. Click a name to view device details.
Type [Plug-in,
Source]
The type of message, such as Run Process.
Command
The content and information contained in the message.
Expiration
The date and time when the message expires, also called Keep Alive time. Messages
are deleted from the queue automatically when they expire.
Status
The status of the message, such as Completed or Received.
Related topics
Broadcasting alerts to managed devices
Delete messages from the Agent command queue
You can delete messages that are no longer needed from the Agent command queue.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
On the left navigation bar, click Support to display the Support page.
3.
In the Troubleshooting Tools section, click View Agent command queue to display the Agent Command
Queue page.
4.
Select the check box next to one or more messages.
5.
Select Choose Action > Delete, then click Yes to confirm.
Updating the KACE SMA Agent on managed devices
The KACE SMA automatically checks with Quest for KACE SMA Agent updates at approximately 03:40 every
day. In addition, the appliance checks Quest for Agent updates whenever the appliance is rebooted.
When Agent updates are available, they are automatically downloaded to the KACE SMA, provided that the
appliance is connected to the Internet, and an alert appears on the Home page of the KACE SMA Administrator
Console. Until you configure deployment settings, however, Agent updates are not automatically deployed to
managed devices. Click the link in the alert to configure deployment settings.
In addition, you can check for Agent software updates, obtain Agent updates manually, and configure Agent
update settings any time. Obtaining updates manually is useful if your appliance is not connected to the Internet.
KACE Systems Management Appliance 8.0 Administrator Guide
Updating the KACE SMA Agent on managed devices
341
View KACE SMA Agent updates
You can view KACE SMA Agent updates in the Administrator Console.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
On the left navigation bar, click Appliance Updates.
3.
Optional: To check for updates: In the Agent section, click Check for Update.
The Appliance Updates page appears. The current Agent bundle appears in the Agent section.
The appliance checks for updates, and the results appear on the Logs page.
Configure Agent update settings
After Agents are installed on devices, they are designed to update themselves automatically based on the Agent
update settings you choose on the Update Agent Settings page. This is true regardless of the provisioning
methods used to deploy the Agents, including KACE SMA provisioning, GPO wizard, other GPO deployments, or
image deployment.
If you have multiple organizations, you configure Agent update settings for each organization separately.
1.
Go to the Update Agent Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Provisioning.
c.
On the Provisioning Panel, click Update Agents.
If a new Agent update is available, it appears in the Available Agent Bundle section.
2.
Click Apply in the Available Agent Bundle section.
The new Agent version number appears in the Advertised Updates section, and the Enabled check box in
the Agent Settings section is cleared, disabling automatic updates. This enables you to test the updates on
selected devices before deploying them system-wide.
3.
View or specify the following Agent update settings:
Option
Description
Enabled
Deploy the update to the selected KACE SMA devices during the next scheduled
inventory interval. Clear the check box to prevent updates from being installed.
Modified
Read-only: The time the most recent Agent bundle was downloaded.
All Devices
Deploy the update to all devices that have the KACE SMA Agent installed. If this
option is selected, the Devices and Labels elements do not appear on the page.
Devices
Update only specific devices. Select the device names in the drop-down list that
appears when you click in the field, or type the first few characters of a device
name to sort the list. For example, type Dev to list matching device names such
as Device-1, Device-2, and so on. This option is not available when you select All
Devices.
KACE Systems Management Appliance 8.0 Administrator Guide
Updating the KACE SMA Agent on managed devices
342
Option
Description
Manage
Display the Edit Labels dialog. Search for and select labels, and update devices
Associated Labels assigned to the selected labels. This option is not available when you select All
Devices.
Any additional information you want to provide.
Notes
4.
Click Save.
The update is deployed to the selected devices during the next scheduled inventory interval. If you use
Replication Shares, and failover to the KACE SMA is not selected, Agents are updated after the Replication
Shares are updated.
5.
If you limited deployment to specified devices for testing, select additional devices in the Agent Settings
section of the Update Agent Settings page when your testing is complete.
The update is deployed to the selected devices during the next scheduled inventory interval.
6.
If you have multiple organizations, repeat the preceding steps for each organization.
Related topics
Setting up and using labels to manage groups of items
Upload Agent updates manually
In most cases, Agent updates are automatically downloaded to the KACE SMA when they become available.
However, you can download updates from Quest and manually upload Agent updates to the appliance as needed.
This is useful if your appliance is not connected to the Internet, or if Agent updates are available but have not yet
been downloaded to the appliance automatically.
To download Agent updates from Quest, you must obtain customer login credentials by contacting Quest Support
at https://support.quest.com/contact-support.
1.
To manually check for updates, go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
On the left navigation bar, click Appliance Updates to display the Appliance Updates page.
3.
Click Check for Update in the Agent section.
The version of the current Agent bundle appears in the Agent section.
The appliance checks for updates, and the results appear on the Logs page.
4.
To obtain updates:
a.
Log in to the Quest Support site using your customer login credentials:
https://support.quest.com/kace-systems-management-appliance/download-new-releases.
b.
5.
Download the Agent update bundle and save the file locally.
Go to the Update Agent Settings page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Settings, then click Provisioning.
KACE Systems Management Appliance 8.0 Administrator Guide
Updating the KACE SMA Agent on managed devices
343
c.
6.
On the Provisioning Panel, click Update Agents.
Do one of the following:
•
If a new update appears in the Available Agent Bundle section, click Apply.
•
If you manually downloaded an update, go to the Manually Upload Agent Bundle section, click
Browse or Choose File, locate the file that you downloaded, then click Upload.
The new Agent version number appears in the Advertised Updates section, and the Enabled check box in
the Agent Settings section is cleared, disabling automatic updates. This enables you to test the updates on
selected devices before deploying them system-wide.
7.
Specify deployment options In the Agent Settings section. See Configure Agent update settings.
8.
If you have multiple organizations, repeat 6 and 7 for each organization.
Manually deploying the KACE SMA Agent
Manual deployment is useful when automated Agent provisioning is not practical or when you want to deploy the
KACE SMA Agent using email, logon scripts, GPO (Group Policy Objects), or Active Directory.
•
Email: To deploy KACE SMA Agents through email, you would send an email to your users that contains
one of the following:
•
◦
The Agent installation file.
◦
A link to the appliance where the Agent file can be downloaded.
◦
A web location where the required installation file can be downloaded.
Logon scripts: Logon scripts enable you to deploy the KACE SMA Agent when users log on to a device.
If you use logon scripts, you would upload the appropriate file in an accessible directory and create a logon
script to retrieve it.
Obtaining Agent installation files
Agent installation files are available on the appliance.
You can find the KACE SMA Agent installers for Windows, Mac OS X, and Linux devices on the KACE SMA in
the following directory:
\\KACE_SMA_hostname\client\agent_provisioning
NOTE: File sharing must be enabled to access the installers. See Enable file sharing at the System level.
Manually deploying the KACE SMA Agent on Windows devices
You can manually deploy the KACE SMA Agent on Windows devices using the installation wizard or from the
command line on devices.
When you install the Agent manually, the Agent executable files must be installed in the following locations:
•
Windows 32-bit devices: C:\Program Files\Quest\KACE\
•
Window 64-bit devices: C:\Program Files (x86)\Quest\KACE\
The Agent configuration files, logs, and other data are stored in:
•
Windows 32-bit devices: C:\Documents and Settings\All Users\Quest\KACE
•
Window 64-bit devices: C:\ProgramData\Quest\KACE
KACE Systems Management Appliance 8.0 Administrator Guide
Manually deploying the KACE SMA Agent on Windows devices
344
Manually deploy the KACE SMA Agent on Windows devices using the installation
wizard
You can manually deploy the KACE SMA Agent on Windows devices by running the installation wizard on
devices.
1.
Go to the shared directory of the appliance:
\\KACE_SMA_hostname\client\agent_provisioning\windows_platform
2.
3.
Copy the ampagent-6.x.xxxxx-x86.msi file to the device.
Double-click the file to start the installation and follow the instructions in the installation wizard.
The device information appears in the appliance Inventory within a few minutes. See Managing applications on
the Software page.
Manually deploy the KACE SMA Agent on Windows devices using the Command line
There are several ways to deploy the Agent from the command line on Windows devices.
For example:
•
In a batch file as part of a logon script that runs the installer (msiexec) and sets various parameters, such
as the value of the host.
•
Set an environment variable for the server name then run the installer.
•
Change name of the installer, which automatically sets the server name during the installation.
The following table shows command line parameters used to deploy the Agent.
Table 20. Command line parameters for the Agent
Description
Parameter
Windows Installer Tool
msiexec or msiexec.exe
Install flag
/i
Example:
msiexec /i ampagent-6.x.xxxxx-x86
Uninstall flag
/x
Example:
msiexec /x ampagent-6.x.xxxxx-x86
Silent install
/qn
Example:
msiexec /qn /i ampagent-6.x.xxxxx-x86
Log verbose output
/L*v log.txt
Example:
msiexec /qn /L*v C:\temp\log.txt /i
ampagent-6.x.xxxxx-x86
Auto set hostname: Rename the
installation file to the name of the server
name, which automatically sets the
hostname
rename agent_installer.msi_hostname.msi
Example:
KACE Systems Management Appliance 8.0 Administrator Guide
Manually deploying the KACE SMA Agent on Windows devices
345
Description
Parameter
msiexec /qn /i ampagent-6.x.xxxxxx86_kace_sma.example.com.msi
Set properties
PROPERTY=value (Must use ALL CAPS)
Example:
msiexec /qn /i ampagent-6.x.xxxxx-x86.msi
HOST=kace_sma.example.com
Set server name
set KACE_SERVER=kace_sma_name
Must be followed by an msiexec call to install
Example:
set KACE_SERVER=kboxmsiexec /i
ampagent-6.x.xxxxx-x86
Prevent the installation of logon or bootup NOHOOKS=1
hooks, and preserve existing userinit.exe Example:
files
msiexec /qn /i ampagent-6.x.xxxxx-x86.msi
HOST=kace_sma.example.com NOHOOKS=1
Install the Agent but do not start the
service. This enables the Agent to be
imaged and cloned to other devices
CLONEPREP=yes/no
Set the debug level for the Agent when it
generates logs
DEBUG=true/all
Example:
msiexec /qn /i ampagent-6.x.xxxxx-x86.msi
HOST=kace_sma.example.com CLONEPREP=yes
Example:
msiexec /qn /i ampagent-6.x.xxxxx-x86.msi
HOST=kace_sma.example.com DEBUG=true
Force the Agent to communicate through SSLREQUIRED=true
HTTPS only. It cannot fall back to HTTP if Example:
HTTPS is unavailable
msiexec /qn /i ampagent-6.x.xxxxx-x86.msi
HOST=kace_sma.example.com SSLREQUIRED=true
The system looks for the value of host in these locations in the order shown:
1.
The installer file
2.
The HOST property value
3.
4.
KACE_SERVER (environment variable)
The amp.conf file
CAUTION: If you leave the host value empty, you must set the environment variable. Otherwise, the Agent
will not connect to the appliance. Quest recommends that you use the fully qualified domain name as the
hostname.
Manually deploying and upgrading the KACE SMA Agent on
Linux devices
You can manually deploy or upgrade the KACE SMA Agent on Linux devices as needed.
KACE Systems Management Appliance 8.0 Administrator Guide
Manually deploying and upgrading the KACE SMA Agent on Linux devices
346
Manually deploy the KACE SMA Agent on Linux devices
You can manually deploy the KACE SMA Agent on Linux devices by copying the Agent installation files to the
devices and running installation commands.
1.
Copy the KACE SMA Agent installation file to the device.
See Obtaining Agent installation files.
2.
Open a terminal window from Applications > System Tools.
3.
At the command prompt, set the name of the server and install the Agent:
sudo KACE_SERVER=kace_sma_name rpm -Uvh ampagent-6.x.xxxxx-x.i386.rpm
The Agent is installed in the following directories:
◦
/opt/quest/kace/bin/ where the Agent executable files are installed.
◦
/var/quest/kace/ where the Agent configuration, logs, and other data is stored.
The device information appears in the appliance Inventory within a few minutes. See Managing applications on
the Software page.
Deploy the KACE SMA Agent on Linux devices at startup or login
You can schedule the Agent to be deployed when users start or log in to Linux devices.
•
Set the name by adding the following command to the root directory:
export KACE_SERVER=kace_sma_name
The export call must precede the call to the installer. For example: export
KACE_SERVER=kace_sma_name rpm -Uvh kace_sma_agent-12345.i386.rpm
The system looks for the value of host in these locations in the order shown:
1.
The installer file
2.
KACE_SERVER (environment variable)
3.
The amp.conf file
CAUTION: If you leave the host value empty, you must set the environment variable. Otherwise, the
Agent does not connect to the appliance. Quest recommends that you use the fully qualified domain
name as the hostname.
Upgrade the KACE SMA Agent on Linux devices
You can manually upgrade the KACE SMA Agent on Linux devices by running commands on the devices.
1.
Copy the KACE SMA Agent installation file to the device. See Obtaining Agent installation files.
2.
Open a terminal window from Applications > System Tools.
3.
At the command prompt, enter:
rpm -uvh kace_sma_agent-linux_buildnumber.rpm
Performing Agent operations on Linux devices
You can run commands on Agent-managed Linux devices to perform various Agent operations.
KACE Systems Management Appliance 8.0 Administrator Guide
Performing Agent operations on Linux devices
347
Start and stop the Agent on Linux devices
You can run commands on Linux devices to start and stop the Agent. This procedure is useful in troubleshooting
Agent-related issues.
1.
Open a terminal window from Applications > System Tools.
2.
To start the Agent, enter:
/opt/quest/kace/bin/AMPTools start
3.
To stop the Agent, enter:
/opt/quest/kace/bin/AMPTools stop
Manually remove the Agent from Linux devices
You can remove the Agent from Linux devices manually by running commands on the devices.
1.
Open a terminal window from Applications > System Tools.
2.
At the command prompt, enter:
sudo rpm -e ampagent
3.
Optional: Remove the kace directory:
rm -rf /var/quest/kace/
Verify that the Agent is running on Linux devices
You can run a command on Linux devices to determine whether the Agent is running.
1.
Open a terminal window from Applications > System Tools.
2.
At the command line prompt, enter:
ps aux | grep AMPAgent
This output indicates that the process is running:
root 6100 0.0 3.9 3110640 20384 ? Ssl Mar03 0:00 /opt/quest/kace/bin/AMPAgent
--daemon
View the Agent version on Linux devices
You can run a command on Linux devices to verify the version of the Agent installed on those devices.
1.
Open a terminal window from Applications > System Tools.
2.
At the command prompt, enter:
rpm -q ampagent
The version number is displayed.
Collecting inventory information
You can manually collect inventory on Linux devices by forcing inventory updates.
See Forcing inventory updates.
Manually deploying and upgrading the KACE SMA Agent on
Mac devices
You can manually deploy or upgrade the Agent on Mac devices as needed.
KACE Systems Management Appliance 8.0 Administrator Guide
Manually deploying and upgrading the KACE SMA Agent on Mac devices
348
This section provides information for manually deploying the KACE SMA Agent on Mac OS X devices. Additional
options are described in Use shell scripts to deploy the KACE SMA Agent.
NOTE: Some commands must be run as root.
NOTE: Proceed with su or sudo as required.
Deploy or upgrade the KACE SMA Agent to Mac devices using the Agent installer
You can manually deploy the KACE SMA Agent on Mac devices by copying the Agent installation files to the
devices and running the installer.
1.
Copy the KACE SMA Agent installation file to the device.
See Obtaining Agent installation files.
2.
Double-click ampagent-6.x.build_number.dmg.
3.
Double-click AMPAgent.pkg.
4.
Follow the instructions in the installer.
Be sure to enter the name of your KACE SMA.
The installer creates the following directories on your device:
•
/Library/Application Support/Quest/KACE/bin where the Agent executable files are installed.
•
/Library/Application Support/Quest/KACE/data/ where the Agent configuration, logs, and
other data is stored.
Deploy the Agent to Mac devices using the terminal window
You can manually deploy the KACE SMA Agent on Mac devices by copying the Agent installation files to the
devices and running commands.
1.
Copy the KACE SMA Agent installation file to the device.
See Obtaining Agent installation files.
2.
Open a terminal window from Applications > Utilities.
3.
At the command prompt, enter the following commands to set the name of the server and install the Agent:
hdiutil attach ./ampagent-6.x.xxxxx-all.dmg
sudo sh -c 'KACE_SERVER=kace_sma_name installer -pkg /Volumes/Quest_KACE/
AMPAgent.pkg -target /'
hdiutil detach '/Volumes/Quest_KACE'
Use shell scripts to deploy the KACE SMA Agent
You can run shell scripts to deploy the Agent to Mac devices.
When using shell scripts to deploy the Agent, you can use the following command line options:
•
hdiutil attach ./ampagent-6.x.xxxxx-all.dmg
•
sudo sh -c 'KACE_SERVER=kace_sma_name installer -pkg
•
/Volumes/Quest_KACE/AMPAgent.pkg -target /'
•
hdiutil detach '/Volumes/Quest_KACE'
NOTE: The export call must proceed the install call. For example: sudo export
KACE_SERVER=kace_sma_name installer -pkg '/Volumes/Dell KACE/AMPAgent.pkg'
-target /
The system looks for the value of host in these locations in the following order shown:
KACE Systems Management Appliance 8.0 Administrator Guide
Manually deploying and upgrading the KACE SMA Agent on Mac devices
349
1.
The installer file
2.
KACE_SERVER (environment variable)
3.
The amp.conf file
For information about using shell scripts and command lines, go to http://developer.apple.com.
CAUTION: If you leave the host value empty, you must set the environment variable. Otherwise, the Agent
will not connect to the appliance. Quest KACE recommends that you use the fully qualified domain name
as the hostname.
Performing other Agent operations on Mac devices
You can run commands on Agent-managed Mac devices to perform various operations.
Start or stop the Agent on Mac devices
You can run commands on Mac devices to start and stop the Agent. This procedure is useful in troubleshooting
Agent-related issues.
1.
Open a terminal window from Applications > Utilities.
2.
Type the following:
cd "Library/Application Support/Quest/KACE/bin"
3.
To start the Agent, enter:
./AMPTools start
4.
To stop the Agent, enter:
./AMPTools stop
Manually remove the Agent from Mac devices
You can remove the Agent from Mac devices manually by running commands on the devices.
1.
Open a terminal window from Applications > Utilities.
2.
Type the following:
sudo "/Library/Application Support/Quest/KACE/bin/AMPTools" uninstall
The Agent is removed.
Verify that the Agent is running on Mac devices
You can run a command on Mac devices to determine whether the Agent is running.
1.
Open a terminal window from Applications > Utilities.
2.
Enter the following command:
ps aux | grep AMPAgent
This output indicates that the process is running:
root 2159 0.0 1.1 94408 12044 p2 S 3:26PM 0:10.94 /Library/Application Support/
Quest/KACE/AMPAgent
Verify the version of the Agent on Mac devices
You can run a command on Mac devices to verify the version of the Agent installed on those devices.
1.
Open a terminal window from Applications > Utilities.
2.
Enter the following command:
KACE Systems Management Appliance 8.0 Administrator Guide
Performing other Agent operations on Mac devices
350
cat /Library/Application\ Support/Quest/KACE/data/version
The version number is displayed.
Collecting inventory information from Mac devices
You can manually collect information from Mac devices by forcing inventory updates.
See Forcing inventory updates.
Viewing information collected by the Agent
You can view inventory information collected by the Agent on the Device Detail page.
See Managing inventory information.
Using Agentless management
Use Agentless device management if you want to manage devices without the need to deploy and maintain the
KACE SMA Agent software on those devices.
About Agentless device management
Agentless device management is a method of managing devices without the need to deploy and maintain the
KACE SMA Agent software on those devices.
Agentless management uses SSH, Telnet, SNMP, and other methods to connect to Agent-intolerant devices,
such as printers, network devices, and storage devices, and report inventory in the KACE SMA Administrator
Console. Using Agentless management is useful for operating system versions and distributions that are not
supported by the KACE SMA Agent, and where Agentless management is preferred over installing the Agent.
In version 6.4 of the KACE SMA, there are some differences between the features that are supported for Agent
devices and Agentless devices. See Features available for each device management method.
Operating systems supported by Agentless management
Agentless management supports a variety of device operating systems.
The following table shows the device operating systems that are supported by Agentless management:
Operating system
AIX
CentOS
Chrome OS
Debian
Fedora
FreeBSD
HP-UX
KACE Systems Management Appliance 8.0 Administrator Guide
About Agentless device management
351
Operating system
Mac OS X
Oracle Enterprise Linux
Red Hat Enterprise Linux*
SUSE*
Solaris
Ubuntu*
Windows
Windows Server
*Most recent versions can also be managed with the KACE SMA Agent.
NOTE: For non-computer devices such as assets, or devices without operating systems that Agentless
management supports, you can map SNMP (Simple Network Management Protocol) OIDs (Object
Identifiers) to particular fields in the KACE SMA inventory table. As a result, you can identify specific
devices to be inventoried so that you can expand the inventory of Agentless-managed devices. See Using
SNMP Inventory Configurations to identify specific SNMP objects and non-computer devices to add to
inventory.
About enabling Agentless management on Agent-managed devices
Agentless management can be enabled for any discovered device, including devices that have the KACE SMA
Agent installed.
However, using both methods for managing a single device is not recommended. If both methods are enabled for
a device, both the device, and its software, appear twice on inventory lists. As a result, it is better to not to enable
Agentless management on Agent-managed devices.
Managing Agentless devices
To manage devices without installing KACE SMA Agent software, you can enable Agentless management using
Discovery information or by entering device connection details manually.
Features available to Agentless devices differ from those features available to Agent-managed devices. See
Features available for each device management method.
Enable Agentless management using Discovery information
You can enable Agentless management using Discovery information.
1.
Go to the Discovery Results list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Discovery Results.
2.
Select the check box next to one or more devices.
3.
Select Choose Action > Provision > Agentless: Automatic.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing Agentless devices
352
Agentless management is enabled for the selected devices and one of the following icons appears next to
the device names:
: Agentless management is enabled for the device.
: Agentless management is enabled for the device, but the device is not currently reachable.
Depending on the device, the appliance uses various connection types to run commands on the selected
devices, obtain inventory information, and display that information on the Device Detail page. Information is
updated according to the inventory schedule for Agentless devices. See:
◦
Managing inventory information
◦
Schedule inventory data collection for managed devices
Enable Agentless management by entering device information manually
You can enable Agentless management by entering device information manually.
You can choose from the following connection types: SSH/Telnet, SNMP, WinRM, and VMware. WinRM is the
connection type to use for Windows devices.
1.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
2.
Select Choose Action > New > Agentless Device to display the Agentless Device Connection Details
page.
3.
Provide information according to the type of connection.
•
To set up SSH/Telnet connections with devices, provide the following information:
Option
Description
Name
The hostname or IP address of the device.
Asset Subtype
The asset subcategory, if applicable. This information enables you to identify and
manage subtypes of assets, such as Device assets that are computers, printers,
routers, and Software assets that run on Windows, Mac, or Linux systems in the
KACE SMA inventory. See About Asset Subtypes, custom fields, and device detail
preferences.
Connection Type
The connection method to use to connect to the device and obtain inventory
information, in this case, SSH or Telnet.
Protocol
The protocol to use during connections. When SSH/Telnet is selected, options
include:
Use SSH2 if you want device communications to be more secure (recommended).
Use Telnet for devices that are not SSH-enabled or devices that have port 22
blocked. Telnet communications are not encrypted.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing Agentless devices
353
Option
Description
Port
The port number the appliance uses to connect to the device. No input is required for
the following default port numbers:
Credentials
•
SSH: 22
•
Telnet: 23
The details of the service account required to connect to the device and run
commands. Select existing credentials from the drop-down list, or select Add new
credential to add credentials not already listed. Credentials are not required for
SNMPv1 and SNMPv2c.
See Add and edit User/Password credentials.
Sudo Password
The name of a service user account with permission to connect to devices. Using
a service account and Sudo Password is useful when you want to avoid using root
credentials to access devices. On some devices, however, higher privileges enable
the appliance to retrieve more detailed inventory information.
Operating System
The operating system of the device.
Shell
The shell to use during connections. See Shell support for SSH and Telnet
connections.
Log Level
The level of information to display on the Device Detail page. To see only the most
important messages, select Critical. To see all messages, select Debug.
Enable Inventory
The inventory collection option. If this option is selected, the appliance collects
inventory information for the device according to the Agentless device inventory
schedule. If this option is cleared, inventory information is not collected. In both
cases, however, Agentless devices are counted.
DNS Server
The hostname of the DNS server to use when identifying the device hostname and
other information. Providing the DNS server information enables the appliance to
match the device to existing inventory information during updates. If the appliance
cannot detect the device due to changes made to its hostname or IP address,
inventory fails.
•
To set up SNMP connections with devices, provide the following information:
Option
Description
Name
The hostname or IP address of the device.
Asset Subtype
The asset subcategory, if applicable. This information enables you to identify and
manage subtypes of assets, such as Device assets that are computers, printers,
or routers, and Software assets that run on Windows, Mac, or Linux systems in the
KACE SMA inventory. See About Asset Subtypes, custom fields, and device detail
preferences.
Connection Type
The connection method to use to connect to the device and obtain inventory
information, in this case, SNMP.
SNMP (Simple Network Management Protocol) is a protocol for monitoring managed
devices on a network. To enable SNMP, port 161 must be open on the appliance and
on the device.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing Agentless devices
354
Option
Description
SNMP scan results include all SNMP capable devices. Remote shell extensions
enable the KACE SMA to connect, run commands, and capture information that can
be managed as inventory. For more information about SNMP options, see Add a
Discovery Schedule for SNMP-enabled non-computer devices.
SNMP Version
The version of SNMP to use for connections. SNMPv1 and SNMPv2c do not use
authentication or encryption.
SNMP v3 uses authentication and encryption algorithms to increase the security of
SNMP communications. When you configure the SNMP v3 options, the appliance
performs an SNMP v3 scan on selected devices. If that scan fails, the appliance
attempts an SNMP v1 scan using the specified Public String
Read Community
(SNMP v1, SNMP v2c) The community string to query. The default is Public. The
Public String is required if authentication is not required. When authentication is
required, the scan returns SNMP enabled with no system data.
Credentials
The details of the service account required to connect to the device and run
commands using SNMP v3. Select existing credentials from the drop-down list, or
click Add new credential to add credentials not already listed. Credentials are not
required for SNMPv1 and SNMPv2c.
See Add and edit User/Password credentials.
Inventory Type
The method used to collect inventory information.
•
Inventory: Collect a subset of device information, such as the IP Address,
MAC Address, and device name.
•
Inventory/Walk: Conduct a full SNMP walk to collect inventory information.
The full walk results appear on the Device Detail page.
NOTE: SNMP inventory walk does not support non-English characters on
Windows devices. If it encounters non-English characters, the SNMP inventory
process reports an error and stops loading inventory information.
Log Level
The level of information to display on the Device Detail page. To see only the most
important messages, select Critical. To see all messages, select Debug.
Enable Inventory
The inventory collection option. If this option is selected, the appliance collects
inventory information for the device according to the Agentless device inventory
schedule. If this option is cleared, inventory information is not collected. In both
cases, however, Agentless devices are counted.
DNS Server
The hostname of the DNS server to use when identifying the device hostname and
other information. Providing the DNS server information enables the appliance to
match the device to existing inventory information during updates. If the appliance
cannot detect the device due to changes made to its hostname or IP address,
inventory fails.
•
To set up WinRM connections with devices, provide the following information:
Option
Description
Name
The hostname or IP address of the device.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing Agentless devices
355
Option
Description
Asset Subtype
The asset subcategory, if applicable. This information enables you to identify and
manage subtypes of assets, such as Device assets that are computers, printers,
or routers, and Software assets that run on Windows, Mac, or Linux systems in the
KACE SMA inventory. See About Asset Subtypes, custom fields, and device detail
preferences.
Connection Type
The connection method to use to connect to the Windows device and obtain inventory
information, in this case, WinRM.
Port
The port number the appliance uses to connect to the device. No input is required for
the following default port number: 5985.
Credentials
The details of the service account required to connect to the device and run
commands. Select existing credentials from the drop-down list, or select Add new
credential to add credentials not already listed.
See Add and edit User/Password credentials.
Require Kerberos
If selected, Kerberos is required for authentication. NTLM will not be used as an
alternative when Kerberos is unavailable.
Using Kerberos requires DNS Lookup to be enabled in the same discovery
configuration. The DNS Server is also required in the local KACE SMA network
settings.
Log Level
The level of information to display on the Device Detail page. To see only the most
important messages, select Critical. To see all messages, select Debug.
Enable Inventory
The inventory collection option. If this option is selected, the appliance collects
inventory information for the device according to the Agentless device inventory
schedule. If this option is cleared, inventory information is not collected. In both
cases, however, Agentless devices are counted.
DNS Server
The hostname of the DNS server to use when identifying the device hostname and
other information. Providing the DNS server information enables the appliance to
match the device to existing inventory information during updates. If the appliance
cannot detect the device due to changes made to its hostname or IP address,
inventory fails.
•
To set up a VMware® device, provide the following information:
Option
Description
Name
The host name or IP address of the ESXi host or the vCenter Server.
Asset Subtype
The asset subcategory, if applicable. This information enables you to identify and
manage subtypes of assets, such as VMware devices. For example, hypervisors
(ESXi hosts). See About Asset Subtypes, custom fields, and device detail
preferences.
Connection Type
The connection method to use to connect to the VMware device and obtain inventory
information.
VMware Type
The VMware device type: ESXi or vCenter Server.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing Agentless devices
356
Option
Description
NOTE: vCenter Server devices do not count against the total number of
device licenses. That is because these device instances are only used to
establish relationships between the vCenter Servers, ESXi hosts, and the
virtual machines running on them.
Credentials
The details of the service account required to connect to the device and run
commands. Select existing credentials from the drop-down list, or select Add new
credential to add credentials not already listed. An account with read-only access
can be used. See Add and edit User/Password credentials.
Log Level
The level of information to display on the Device Detail page. To see only the most
important messages, select Critical. To see all messages, select Debug.
Enable Inventory
The inventory collection option. If this option is selected, the appliance collects
inventory information for the device according to the Agentless device inventory
schedule. If this option is cleared, inventory information is not collected. In both
cases, however, Agentless devices are counted.
DNS Server
The hostname of the DNS server to use when identifying the device hostname and
other information. Providing the DNS server information enables the appliance to
match the device to existing inventory information during updates. If the appliance
cannot detect the device due to changes made to its hostname or IP address,
inventory fails.
4.
Click Test Connection.
5.
Click Save.
The connection status appears.
The Agentless device is added. If Enable Inventory is selected, inventory information is updated according
to the Agentless device inventory schedule. See Schedule inventory data collection for managed devices.
Shell support for SSH and Telnet connections
Operating systems vary in their support of shells used for SSH and Telnet connections between the appliance and
managed devices.
The following table shows the shells available for SSH and Telnet connections for each operating system.
Table 21. Shell support for SSH and Telnet connections by operating system
Operating system
Default shell
Supported shells
AIX (IBM®)
ksh
bash, ksh, sh
CentOS
bash
bash, sh
Debian Linux
bash
bash, sh
Fedora
bash
bash, sh
FreeBSD
csh
bash, csh, sh
HP-UX
sh
ksh, sh
KACE Systems Management Appliance 8.0 Administrator Guide
Managing Agentless devices
357
Operating system
Default shell
Supported shells
Mac OS X
sh
bash, sh
openSUSE/SLES™
bash
bash, sh
Oracle Enterprise Linux
bash
bash, sh
Red Hat® Enterprise Linux®
bash
bash, sh
Ubuntu
bash
bash, sh
Edit Agentless device connection details or delete Agentless devices
You can edit the device connection details for Agentless devices and you can delete Agentless devices as
needed.
1.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
2.
Click the name of an Agentless device that was entered manually to display the Device Detail page.
3.
In the Summary section, click Edit in the Device Entry Type row to display the Agentless Device
Connection Details page.
4.
Do one of the following:
•
Modify the connection details as needed, then click Save. See Enable Agentless management by
entering device information manually.
•
To delete the device, click Delete.
Using SNMP Inventory Configurations to identify specific SNMP
objects and non-computer devices to add to inventory
You can identify specific SNMP (Simple Network Management Protocol) objects and non-computer devices to
be inventoried so that you can expand or limit the inventory to fit your needs. In addition, the KACE SMA enables
you to map SNMP OIDs (Object Identifiers) to particular fields in the KACE SMA inventory table, using Asset
Subtypes.
IMPORTANT: For SNMP devices, you must assign the appropriate Asset Subtype when the device is
configured. You cannot add or change SNMP Asset Subtypes after they have been configured.
SNMP is one of the possible methods that KACE SMA Agentless Inventory uses to extract data for inventory and
integration into the KACE SMA. The KACE SMA uses the RFC1213 MIB (Management Information Base) as the
primary data gathering layer, because it contains data that is specific to all SNMP-capable devices. All SNMPcapable devices expose RFC1213 data. For more information, go to http://tools.ietf.org/html/rfc1213.
With the KACE SMA SNMP inventory configuration feature, you can define an additional set of OIDs to be
collected during inventory beyond the standard RFC1213 data. This enables instant extensibility and robustness
to what would otherwise be limited in terms of the amount of data that could be gathered from each device.
Related Topics
About Asset Subtypes, custom fields, and device detail preferences
KACE Systems Management Appliance 8.0 Administrator Guide
Using SNMP Inventory Configurations to identify specific SNMP objects and non-computer devices to add to
inventory
358
Obtain a list of object identifiers (OIDs) using the Administrator Console
If you do not have a vendor-provided management information base (MIB) or a generally available MIB for an
object, you can obtain a list of object identifiers by using the KACE SMA to probe the object.
You can define an additional set of OIDs to be collected during inventory beyond the standard RFC1213 data,
which expands the amount of data that can be gathered from each device. To find these OIDs, you can use a MIB
browser on MIBs you have obtained elsewhere. With the KACE SMA, you can perform an SNMP full walk either
through device discovery or device inventory if you do not have access to a MIB otherwise.
1.
2.
Perform an SNMP full walk for an object.
•
Scan using a Discovery Schedule. See Discovering devices on your network.
•
Scan using inventory data collection. See Schedule inventory data collection for managed devices.
Go to the Device Detail page for the scanned object:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
c.
Click the name of the object on the Devices list page.
3.
Click SNMP Data in the Inventory section to display the results of the full walk.
4.
Collect the relevant OIDs from the list.
Map the OIDs to fields in the KACE SMA inventory table so that their information can be integrated into inventory.
See Map Object Identifiers to fields in the KACE SMA inventory table.
Map Object Identifiers to fields in the KACE SMA inventory table
You can map SNMP (Simple Network Management Protocol) OIDs (Object Identifiers) to particular fields that
you have created as Asset Subtypes. You can use the resulting SNMP Inventory Configurations to expand your
inventory information to include data from non-computer devices.
•
•
You have identified the relevant OIDs to be contained in the configuration:
◦
You have used a MIB browser on a vendor-supplied Management Information Base.
◦
You have performed an SNMP Full Walk on a target object with the KACE SMA, and have reviewed
the OIDs displayed in SNMP Data of the Inventory Information section of the object's Device Detail
page. See Discovering devices on your network.
You have created appropriate Asset Subtypes for the non-computers devices you want to manage in
inventory. See Add Asset Subtypes and select Device Detail page preferences.
The SNMP Inventory Configurations list page provides you with the tool to create new mappings or manage
existing ones.
After you have determined the OID data you want to collect, you select a subtype for the device from categories
that are the same as those on the Device Detail page. You then select a property of that category, the result of
which maps the OID to a field in the inventory table. The SNMP object appears in the device inventory after the
next scan.
For example, if you had a printer in inventory, added manually or through a discovery schedule, you could use an
SNMP Inventory Configuration to have the printer report cartridge ink levels to the KACE SMA. In this case, you
would use an Asset Subtype of Printer that you have created as a subtype of device, with a field named Toner
Level.
1.
Go to the SNMP Inventory Configurations list page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
KACE Systems Management Appliance 8.0 Administrator Guide
Using SNMP Inventory Configurations to identify specific SNMP objects and non-computer devices to add to
inventory
359
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click SNMP Inventory Configurations.
2.
Select Choose Action > New.
3.
Type a name for the configuration in the Name field.
IMPORTANT: For SNMP devices, you must assign the appropriate Asset Subtype when the device is
configured. You cannot add or change SNMP device subtypes after they have been configured.
4.
Select an Asset Subtype that identifies the type of device you want to inventory.
5.
Map an OID to a KACE SMA inventory field:
a.
Click the Add button:
.
A new row appears under the headings.
b.
Enter the OID in the text box under Object Identifier (OID).
c.
Select a category from the drop-down list under Category.
The categories match those identified on the Asset Subtype Detail page.
d.
Select a property from the drop-down list under Property.
The properties that appear are dependent on the subtype and the category you selected.
e.
6.
Click Save at the end of the row.
Map as many additional OIDs as you want for your purposes, and click Save at the bottom left of the page.
Apply the configuration to an object. See Apply an SNMP Inventory Configuration to a device.
Apply an SNMP Inventory Configuration to a device
You can apply an SNMP Inventory Configuration to a device so that the additional data can be collected during
the next scan for that device.
You have created the configuration. See Map Object Identifiers to fields in the KACE SMA inventory table.
1.
NOTE: You can apply SNMP Inventory Configurations only to SNMP-managed Agentless devices.
Go to the Devices page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory to display the Devices page.
2.
Select the check boxes next to one or more devices.
3.
Select Choose Action > Apply SNMP Configurations to display the Apply SNMP Configurations dialog.
4.
Drag the configurations you want to apply into the Apply these SNMP configurations box.
You can search for a particular configuration by starting to type its name into the Search SNMP
Configurations field.
5.
Click Apply SNMP Configurations.
The Devices list page reappears after the configuration is applied.
The information appears for the device after the next regularly scheduled reporting time or forced inventory
update.
Related topics
Schedule inventory data collection for managed devices
Forcing inventory updates
KACE Systems Management Appliance 8.0 Administrator Guide
Using SNMP Inventory Configurations to identify specific SNMP objects and non-computer devices to add to
inventory
360
Adding devices manually in the Administrator
Console or by using the API
You can add devices to inventory manually, either within the Administrator Console or by using the inventory API
(application programming interface).
Adding devices manually is useful when you want to track device information, but you do not want to manage
devices by installing the KACE SMA Agent or using Agentless management.
Inventory for manual devices must be updated or uploaded manually. The appliance does not receive scheduled
inventory updates from manual devices.
About managing devices
Managing devices is the process of using the KACE SMA to collect and maintain information about devices on
your network and performing tasks such as monitoring device status, creating reports, and so on.
To add devices to the KACE SMA inventory, you can:
•
Install the KACE SMA Agent on devices. Devices are automatically added to inventory after the Agent
is installed on them and the Agent reports inventory to the KACE SMA. See Provisioning the KACE SMA
Agent.
•
Enable Agentless management for devices. Agentless management is especially useful for devices that
cannot have the KACE SMA Agent installed, such as devices with unsupported operating systems. See
Managing Agentless devices.
•
Upload inventory information for devices manually. See Adding devices manually in the Administrator
Console or by using the API.
NOTE: Your KACE SMA license agreement entitles you to manage a specified number of devices that
are classified as Managed Computers, Assets, and Monitored Servers. Devices count toward these limits
even if such devices are MIA (missing in action) or no longer in use. However, devices that are added to
inventory manually, or through the API, do not count toward license limits. See View KACE SMA license
information.
For information about the KACE SMA features available to devices, see Features available for each device
management method.
Tracking changes to inventory settings
If History subscriptions are configured to retain information, you can view the details of the changes made to
settings, assets, and objects.
This information includes the date the change was made and the user who made the change, which can be useful
during troubleshooting. See About history settings.
About inventory change history
Change history for devices begins when there is a change to the information collected during the first report.
The first time a managed device reports inventory to the KACE SMA, the information is considered to be a
baseline report. As such, it is not recorded in the change history.
KACE Systems Management Appliance 8.0 Administrator Guide
Tracking changes to inventory settings
361
Add devices manually with the Administrator Console
You can add devices to the KACE SMA inventory manually by entering device information on the Device Detail
page.
Once created, manual records are not touched or modified by the KACE SMA or Agents. Subsequently, the fields
in a manual record can only be updated manually by an administrator.
1.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
2.
Select Choose Action > New > Manual Device to display the Device Detail page.
3.
Do one of the following:
•
Under Import device.xml, click Choose File to find and import an XML file that includes device
inventory information. See Valid XML schema for Windows and Upload an XML file using the
Administrator Console.
In the Summary section, enter a Name for the device, then skip to step 10.
•
In the Summary section, provide the following information:
Item
Description
Database field
Name
The hostname or IP address of the device.
NAME
System
Description
A description of the device.
SYSTEM_DESCRIPTION
Model
The device model.
CS_MODEL
Chassis Type
The type of device, such as desktop or laptop.
CHASSIS_TYPE
IP Address
The IP address of the device.
IP
MAC
The device’s Media Access Control (MAC) address
number.
MAC
OS Name
The operating system of the device, such as
Windows, Mac OS X, or Linux.
OS_NAME
Service Pack
The service pack version number (Windows only).
SERVICE_PACK
Device Timezone
The KACE SMA Agent installed on the device uses
this timezone.
TZ_AGENT
User
A user associated with this device.
USER
Domain
The domain of the device.
CS_DOMAIN
KACE Systems Management Appliance 8.0 Administrator Guide
Add devices manually with the Administrator Console
362
Item
Description
Database field
Notes
Any additional information you want to provide.
NOTES
4.
In the Hardware section, provide the following information:
Item
Description
Database field
RAM Maximum
The maximum amount of random-access memory
(RAM) available.
RAM_MAX
Manufacturer
The device manufacturer.
CS_MANUFACTURER
CSP ID Number
Information used to identify the device.
BIOS_SERIAL_NUMBER
Asset Tag
Information used to identify device hardware.
ASSET_TAG
Motherboard
Primary Bus
The main bus.
MOTHERBOARD_PRIMARY_BUS
Motherboard
Secondary Bus
The peripheral bus.
MOTHERBOARD_SECONDARY_BUS
Processors
The CPU count, type, and manufacturer.
PROCESSORS
Architecture
The architecture of the device operating system,
such as x86 or x64.
SYS_ARCH
Virtual Device
Used to identify devices that are virtual, such as
VIRTUAL
devices running on VMware platforms. Not displayed
for physical devices, such as laptops and servers.
CD/DVD Drives
The configuration of CD-ROM and DVD-ROM drives
installed on the device.
CDROM_DEVICES
Sound Devices
Information about audio devices on the device.
SOUND_DEVICES
Monitors
The type and manufacturer of the monitor attached
to the device. This field is not displayed for virtual
devices.
MONITOR
Video Controllers
Information about video controllers on the device.
VIDEO_CONTROLLERS
BIOS Name
The BIOS name.
BIOS_NAME
BIOS Release
Date
The date the BIOS version was released.
BIOS_RELEASE_DATE
BIOS Version
The BIOS version.
BIOS_VERSION
BIOS
Manufacturer
The BIOS manufacturer.
BIOS_MANUFACTURER
KACE Systems Management Appliance 8.0 Administrator Guide
Add devices manually with the Administrator Console
363
Item
Description
Database field
BIOS Description
The BIOS description.
BIOS_DESCRIPTION
BIOS
Identification
Code
The BIOS identification code.
BIOS_IDENTIFICATION_CODE
BIOS Serial
Number
The BIOS serial number.
BIOS_SERIAL_NUMBER
5.
In the Printers section, specify printer information related to the device.
6.
In the Agent section, specify the version number of the KACE SMA Agent installed on the device.
7.
In the User section, provide user information.
Item
Description
User Logged
The user currently logged in to the device. This entry USER_LOGGED
includes the username and the domain to which the
user belongs.
User Fullname
The full name of the user who owns the device.
USER_FULLNAME
User Domain
The domain to which the user belongs.
USER_DOMAIN
Last User
The name of the most recent user who logged in to
USER
the device. Some devices might have multiple users.
8.
Database field
In the Operating System section, provide information about the operating system installed on the device.
Item
Description
Database field
Version
The version number of the operating system.
OS_VERSION
Build
The build number of the operating system.
OS_BUILD
Number
The number of the operating system.
OS_NUMBER
Major Version
The number that identifies the major version of the
operating system.
OS_MAJOR
Minor Version
The number that identifies the minor version of the
operating system.
OS_MINOR
Minor Version (2)
Additional operating system version information.
OS_MINOR2
Architecture
The architecture of the device operating system,
such as x86 or x64.
OS_ARCH
Family
The product family of the operating system.
OS_FAMILY
Domain
The domain of the device.
CS_DOMAIN
Installed Date
The date the operating system was installed.
OS_INSTALLED_DATE
KACE Systems Management Appliance 8.0 Administrator Guide
Add devices manually with the Administrator Console
364
Item
Description
Database field
Last Reboot
The length of time the operating system has been
running.
LAST_REBOOT
Last Startup
The last time the operating system was turned off.
LAST_REBOOT
System Directory
The location of the system directory.
SYSTEM_DIRECTORY
Registry Size
The size of the registry.
REGISTRY_SIZE
Registry
Maximum Size
The maximum size of the registry.
REGISTRY_MAX_SIZE
9.
In the Other section, provide additional information related to the device:
Item
Description
Database field
RAM Total
The total amount of random-access memory (RAM)
on the device.
RAM_TOTAL
RAM Used
The amount of random-access memory (RAM) in
use on the device.
RAM_USED
Internet Explorer
Version
The version of Internet Explorer installed on the
device.
IE_VERSION
.NET Versions
The version or versions of .NET installed on the
device.
DOT_NET_VERSIONS
WMI Status
The status of the Windows Management
Instrumentation (WMI) service (Windows Devices
only).
WMI_STATUS
10. Click Save.
The manual device icon appears in the device’s Status column on the Devices page:
manual devices must be updated manually.
. Inventory for
Adding devices manually using the API
You can add devices to the KACE SMA manually by creating an XML file and uploading that file to the KACE
SMA using the API (application programming interface). Adding devices in this way is useful for devices that might
not be able to run the KACE SMA Agent for security reasons, and devices that cannot connect to the LAN (Local
Area Network) to report inventory.
The XML file you create can be modeled on the sample script in this section.
Devices that are added to inventory through the API do not count toward the KACE SMA license limit. See View
KACE SMA license information.
Application inventory that is uploaded through the API is displayed on the Software page, but it is not displayed
on the Software Catalog page. See:
•
Managing applications on the Software page
•
Managing Software Catalog inventory
KACE Systems Management Appliance 8.0 Administrator Guide
Adding devices manually using the API
365
NOTE: The inventory API supports HTTP and HTTPS communications, depending on your
appliance configuration. To upload inventory information, use the following URL: http://KACE
SMA_hostname/service/wsapi.php, where KACE SMA_hostname is the hostname of your
appliance.
Enable inventory API access
API inventory access enables you to upload inventory data using the API. This access is useful if you want to
import inventory information from devices that do not have the KACE SMA Agent installed.
1.
Go to the appliance Control Panel:
•
If the Organization component is not enabled on the appliance, log in to the KACE SMA Administrator
Console, http://KACE_SMA_hostname/admin, then click Settings.
•
If the Organization component is enabled on the appliance, log in to the KACE SMA System
Administration Console, http://KACE_SMA_hostname/system, or select System in the dropdown list in the top-right corner of the page, then click Settings.
2.
Click Security Settings to display the Security Settings page.
3.
Select Enable Inventory API access.
4.
In the API password field, enter the password you want to use for API access.
This password is used only for API access and it does not need to match any other passwords.
5.
Click Save.
After the appliance restarts, you can use external API commands to upload inventory information.
Submit inventory information using the API
To submit inventory using the API, you first need to generate an XML file that contains the inventory information.
For examples, see:
•
Valid XML schema for Windows
•
Example using the XML schema for Windows devices
•
Valid XML schema for Linux and Mac devices
After you generate an XML file with the expected content, you can submit inventory using the API.
1.
NOTE: To submit inventory information using the API, you must enable inventory API access. See Enable
inventory API access.
(Required) Request a session key:
Submit keyreq=true in the body of the request to get a session string in response.
2.
(Required) Construct the authentication token:
a.
Construct the auth string as:
session_string + '|' + MD5 of API password
b.
3.
Run MD5 on the auth string.
(Required for new devices) Request a device UUID:
Submit req=newuuid&key=$auth in the body of the request to get a UUID in response.
4.
(Required) Submit inventory XML data:
Submit req=loadxml&key=$auth&KUID=$uuid&version=6.0 in the GET line and inventory XML in
the body of the request.
See Sample Perl script.
KACE Systems Management Appliance 8.0 Administrator Guide
Adding devices manually using the API
366
Sample Perl script
You can use Perl scripts to upload XML files with device inventory information to the appliance.
The following is a sample Perl script that uploads a user-created XML file to the KACE SMA. For information
about using this script, contact Quest Support at https://support.quest.com/contact-support.
#!/usr/bin/perl
use strict;
use warnings;
use WWW::Curl::Easy;
use XML::Simple;
use Data::Dumper;
use Digest::MD5 qw(md5 md5_hex md5_base64);
# Curl Output Handler ...
my $response;
sub write_data($$$$) {
$response = shift;
return length($response);
}
# ----------------------------------------------------# KACE SMA Configuration ...
# ----------------------------------------------------my $password = "xxx"; # password set in Settings -> Security Settings
my $host = "hostname";
# hostname or IP address here
my $http = "https";
# HTTP or HTTPS
# -------------------------------------------------------# Build XML Package ...
# -------------------------------------------------------my $simple = new XML::Simple(keeproot => 1, forcearray => 1);
my $data = $simple->XMLin("machine.xml");
my $uuid = $data->{MachineStruct}->[0]->{MAC}->[0];
# -------------------------------------------------------# Setup CURL stuff ...
# -------------------------------------------------------my $url = "$http://$host/service/wsapi.php";
my $ch = WWW::Curl::Easy->new;
$ch->setopt(CURLOPT_URL, $url); # set url to post to
$ch->setopt(CURLOPT_SSL_VERIFYPEER, 0); # ok for self-signed ca
$ch->setopt(CURLOPT_VERBOSE, 0);
$ch->setopt(CURLOPT_WRITEFUNCTION, \&write_data); # return into a variable
$ch->setopt(CURLOPT_HEADER, 0);
$ch->setopt(CURLOPT_TIMEOUT, 40); # times out after 4s
$ch->setopt(CURLOPT_POST, 1);
$ch->setopt(CURLOPT_COOKIEFILE, '/tmp/cookiefile.txt');
# -------------------------------------------------------# STEP 1 - Request Session from KACE SMA ...
# -------------------------------------------------------$ch->setopt(CURLOPT_POSTFIELDS, "keyreq=true"); # add POST fields
my $out = $ch->perform;
if ( $out != 0 ) {
die ("Error: $out " .
$ch->strerror($out) .
" " .
$ch->errbuf . "\n");
}
my $sess = $response;
# -------------------------------------------------------# STEP 2 - Build Authorization Token ...
# -------------------------------------------------------KACE Systems Management Appliance 8.0 Administrator Guide
Adding devices manually using the API
367
my $auth = md5_hex("$sess|".md5_hex($password));
# -------------------------------------------------------# STEP 3 - Request new UUID from KACE SMA (if creating a new
#
device record. If editing an existing device
#
be sure it is set in the XML ...
# -------------------------------------------------------if ( 1 ) {
print "Using UUID From XML File: $uuid\n";
} else {
$ch->setopt(CURLOPT_POSTFIELDS,"req=newuuid&key=$auth");
$out = $ch->perform;
if ( $out != 0 ) {
die ("Error: $out " .
$ch->strerror($out) .
" " .
$ch->errbuf . "\n");
}
$uuid = $response;
$data->{MachineStruct}->[0]->{MAC}->[0] = $uuid;
$data->{MachineStruct}->[0]->{NAME}->[0] = "WSAPI-" . $uuid;
print "Created New UUID: $uuid\n";
}
# convert Simple XML hash back to XML string ...
my $xml = $simple->XMLout(
$data,
KeepRoot => 1,
NoAttr => 1,
);
# -------------------------------------------------------# STEP 4 - Send XML to KACE SMA ...
# -------------------------------------------------------my @curlHeader = ("Content-Type: text/xml");
$url = "$http://$host/service/wsapi.php?req=loadxml&key=$auth&KUID=
$uuid&version=6.0";
$ch->setopt(CURLOPT_URL, $url); # set url to post to
$ch->setopt(CURLOPT_HTTPHEADER, \@curlHeader);
$ch->setopt(CURLOPT_POSTFIELDS, $xml);
$out = $ch->perform;
if ( $out != 0 ) {
die ("Error: $out " . $ch->strerror($out) . " " . $ch->errbuf . "\n");
}
print "Loaded $uuid to KACE SMA ($host)\n";
Valid XML schema for Windows
Files used to upload inventory information for Windows devices must conform to valid XML schemas.
The following is an example of a valid XML schema for Windows devices.
<?xml version="1.0" encoding="utf-8"?>
<MachineStruct xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi=">
http://www.w3.org/2001/XMLSchema-instance"
<NAME>@@__m_computerSystemName__@@</NAME>
<IP>@@__m_IPAddress__@@</IP>
<MAC>@@__m_versionKaceId__@@</MAC>
<OS_NAME>@@__m_operatingSystemCaption__@@</OS_NAME>
<OS_NUMBER>@@__m_operatingSystemVersion__@@</OS_NUMBER>
<OS_MAJOR>@@__m_operatingSystemVersionMajor__@@</OS_MAJOR>
<OS_MINOR>@@__m_operatingSystemVersionMinor__@@</OS_MINOR>
<SERVICE_PACK>@@__m_operatingSystemCsdVersion__@@</SERVICE_PACK>
<USER>@@__m_userAccountName__@@</USER>
KACE Systems Management Appliance 8.0 Administrator Guide
Adding devices manually using the API
368
<USER_FULLNAME>@@__m_userAccountFullName__@@</USER_FULLNAME>
<DOMAIN>@@__m_computerSystemDomain__@@</DOMAIN>
<OS_VERSION>@@__m_operatingSystemVersion__@@</OS_VERSION>
<OS_BUILD>@@__m_operatingSystemBuildNumber__@@</OS_BUILD>
<OS_INSTALLED_DATE>@@__m_operatingSystemInstallDate__@@</OS_INSTALLED_DATE>
<LAST_REBOOT>@@__m_operatingSystemLastBootupTime__@@</LAST_REBOOT>
<LAST_SHUTDOWN>@@__m_operatingSystemLastBootupTime__@@</LAST_SHUTDOWN>
<UPTIME>@@__m_operatingSystemUptime__@@</UPTIME>
<SYSTEM_DIRECTORY>@@__m_operatingSystemWindowsDirectory__@@</SYSTEM_DIRECTORY>
<SYSTEM_DESCRIPTION>@@__m_operatingSystemDescription__@@</SYSTEM_DESCRIPTION>
<RAM_TOTAL>@@__m_physicalMemoryTotalSize__@@</RAM_TOTAL>
<RAM_USED>@@__m_operatingSystemUsedPhysicalMemory__@@</RAM_USED>
<CS_MANUFACTURER>@@__m_computerSystemManufacturer__@@</CS_MANUFACTURER>
<CS_MODEL>@@__m_computerSystemModel__@@</CS_MODEL>
<CHASSIS_TYPE>@@__m_systemEnclosureChassisType__@@</CHASSIS_TYPE>
<TZ_AGENT>@@__m_versionTimeZone__@@</TZ_AGENT>
<USER_LOGGED>@@__m_computerSystemUserName__@@</USER_LOGGED>
<CS_DOMAIN>@@__m_computerSystemDomain__@@</CS_DOMAIN>
<USER_NAME>@@__m_userAccountName__@@</USER_NAME>
<USER_DOMAIN>@@__m_userAccountDomain__@@</USER_DOMAIN>
<BIOS_NAME>@@__m_biosName__@@</BIOS_NAME>
<BIOS_VERSION>@@__m_biosVersion__@@</BIOS_VERSION>
<BIOS_MANUFACTURER>@@__m_biosManufacturer__@@</BIOS_MANUFACTURER>
<BIOS_DESCRIPTION>@@__m_biosDescription__@@</BIOS_DESCRIPTION>
<BIOS_SERIAL_NUMBER>@@__m_biosSerialNumber__@@</BIOS_SERIAL_NUMBER>
<MOTHERBOARD_PRIMARY_BUS>@@__m_motherboardDevicePrimaryBusType__@@
</MOTHERBOARD_PRIMARY_BUS>
<MOTHERBOARD_SECONDARY_BUS>@@__m_motherboardDeviceSecondaryBusType__@@
</MOTHERBOARD_SECONDARY_BUS>
<PROCESSORS>CPU Chip Count: @@__m_processorCount__@@
CPU Core Count: @@__m_processorCoreCount__@@
@@__m_processorList__@@ </PROCESSORS>
<SOUND_DEVICES>@@__m_soundDeviceDescription__@@</SOUND_DEVICES>
<CDROM_DEVICES>@@__m_CDROMDeviceName__@@</CDROM_DEVICES>
<VIDEO_CONTROLLERS>@@__m_videoControllerName__@@</VIDEO_CONTROLLERS>
<REGISTRY_SIZE>@@__m_registryCurrentSize__@@</REGISTRY_SIZE>
<REGISTRY_MAX_SIZE>@@__m_registryMaximumSize__@@</REGISTRY_MAX_SIZE>
<DISK_DRIVES>
@@__m_logicalDiskDriveList__@@ </DISK_DRIVES>
<NETWORK_INTERFACES>
@@__m_networkAdapterConfigurationList__@@ </NETWORK_INTERFACES>
<PRINTERS>@@__m_printerList__@@</PRINTERS>
<STARTUP_PROGRAMS>
@@__m_startupProgramsList__@@ </STARTUP_PROGRAMS>
<PROCESSES>
@@__m_processList__@@ </PROCESSES>
<NT_SERVICES>
@@__m_servicesList__@@ </NT_SERVICES>
<INSTALLED_software>
@@__m_installedProgramsList__@@ </INSTALLED_software>
<CLIENT_VERSION>@@__m_appVersion__@@</CLIENT_VERSION>
</MachineStruct>
Example using the XML schema for Windows devices
You can view an example of a file that conforms to the valid XML schema for Windows devices.
The following is an example of valid XML that uses the schema in Valid XML schema for Windows.
<?xml version="1.0" encoding="utf-8"?>
<MachineStruct xmlns:xsd="http://www.w3.org/2001/XMLSchema"
KACE Systems Management Appliance 8.0 Administrator Guide
Adding devices manually using the API
369
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<NAME>TestComputer</NAME>
<IP>10.10.10.10</IP>
<MAC>F1234567-C2D2-4055-85BB-294E6A3D22D9</MAC>
<OS_NAME>Microsoft Windows XP Professional</OS_NAME>
<OS_NUMBER>5.1.2600</OS_NUMBER>
<OS_MAJOR>5</OS_MAJOR>
<OS_MINOR>1</OS_MINOR>
<SERVICE_PACK>Service Pack 2</SERVICE_PACK>
<USER>Administrator</USER>
<USER_FULLNAME>Tom Silver</USER_FULLNAME>
<DOMAIN>WORK</DOMAIN>
<OS_VERSION>5.1.2600</OS_VERSION>
<OS_BUILD>2600</OS_BUILD>
<OS_INSTALLED_DATE>2011-08-30 14:22:39 -0400</OS_INSTALLED_DATE>
<LAST_REBOOT>2011-08-30 14:25:05 -0400</LAST_REBOOT>
<LAST_SHUTDOWN>2011-08-30 14:25:05 -0400</LAST_SHUTDOWN>
<UPTIME>4 days </UPTIME>
<SYSTEM_DIRECTORY>C:\WINDOWS</SYSTEM_DIRECTORY>
<SYSTEM_DESCRIPTION>XP Machine</SYSTEM_DESCRIPTION>
<RAM_TOTAL>512.00MB</RAM_TOTAL>
<RAM_USED>180MB</RAM_USED>
<CS_MANUFACTURER>VMware, Inc.</CS_MANUFACTURER>
<CS_MODEL>VMware Virtual Platform</CS_MODEL>
<CHASSIS_TYPE>Other</CHASSIS_TYPE>
<USER_LOGGED>Tom</USER_LOGGED>
<CS_DOMAIN>WORK</CS_DOMAIN>
<USER_NAME>Administrator</USER_NAME>
<USER_DOMAIN>Work</USER_DOMAIN>
<BIOS_NAME>PhoenixBIOS 4.0 Release 5.5
</BIOS_NAME>
<BIOS_VERSION>INTEL - 6040000</BIOS_VERSION>
<BIOS_MANUFACTURER>Phoenix Technologies LTD</BIOS_MANUFACTURER>
<BIOS_DESCRIPTION>PhoenixBIOS 4.0 Release 5.5 </BIOS_DESCRIPTION>
<BIOS_SERIAL_NUMBER>VMware-56 4d bd d3 5e 4f a5 4e-6a ce a0 d3 39 bd ae 02
</BIOS_SERIAL_NUMBER>
<MOTHERBOARD_PRIMARY_BUS>PCI</MOTHERBOARD_PRIMARY_BUS>
<MOTHERBOARD_SECONDARY_BUS>ISA</MOTHERBOARD_SECONDARY_BUS>
<PROCESSORS>CPU Chip Count: 1
CPU Core Count: 0
CPU0: Intel Celeron processor (0 cores) </PROCESSORS>
<SOUND_DEVICES>Creative AudioPCI (ES1371,ES1373) (WDM)
</SOUND_DEVICES>
<CDROM_DEVICES>TSSTcorp DVD+-RW TS-U633F
</CDROM_DEVICES>
<VIDEO_CONTROLLERS>VMware SVGA II
</VIDEO_CONTROLLERS>
<REGISTRY_SIZE>1MB</REGISTRY_SIZE>
<REGISTRY_MAX_SIZE>86MB</REGISTRY_MAX_SIZE>
<DISK_DRIVES>
<DiskDrive>
<NAME>Drive C: (Physical Disk) FileSystem: NTFS Used: 2.08GB Total: 39.99GB</NAME>
<DISK_SIZE>39.9906</DISK_SIZE>
<DISK_USED>2.07966</DISK_USED>
<DISK_FREE>37.9109</DISK_FREE>
<PERCENT_USED>5.2</PERCENT_USED>
</DiskDrive>
</DISK_DRIVES>
<NETWORK_INTERFACES>
<NetworkInterface>
<NIC>AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler
KACE Systems Management Appliance 8.0 Administrator Guide
Adding devices manually using the API
370
Miniport</NIC>
<MAC>00:0C:29:BD:AE:03</MAC>
<IP>192.168.220.132</IP>
<DHCP_ENABLED>True</DHCP_ENABLED>
</NetworkInterface>
</NETWORK_INTERFACES>
<PRINTERS></PRINTERS>
<STARTUP_PROGRAMS>
<StartupProgram>
<NAME>desktop</NAME>
</StartupProgram>
<StartupProgram>
<NAME>VMware Tools</NAME>
<COMMAND_EXE>C:\Program Files\VMware\VMware Tools\VMwareTray.exe</COMMAND_EXE>
<COMMAND_ARGS />
<FILE_INFO>
<FILE_NAME>VMwareTray.exe</FILE_NAME>
<FILE_DESCRIPTION>VMware Tools tray application</FILE_DESCRIPTION>
<FILE_VERSION>8.4.6.16648</FILE_VERSION>
<PRODUCT_NAME>VMware Tools</PRODUCT_NAME>
<PRODUCT_VERSION>8.4.6 build-385536</PRODUCT_VERSION>
<COMPANY_NAME>VMware, Inc.</COMPANY_NAME>
</FILE_INFO>
</StartupProgram>
<StartupProgram>
<NAME>VMware User Process</NAME>
<COMMAND_EXE>C:\Program Files\VMware\VMware Tools\VMwareUser.exe</COMMAND_EXE>
<COMMAND_ARGS />
<FILE_INFO>
<FILE_NAME>VMwareUser.exe</FILE_NAME>
<FILE_DESCRIPTION>VMware Tools Service</FILE_DESCRIPTION>
<FILE_VERSION>8.4.6.16648</FILE_VERSION>
<PRODUCT_NAME>VMware Tools</PRODUCT_NAME>
<PRODUCT_VERSION>8.4.6 build-385536</PRODUCT_VERSION>
<COMPANY_NAME>VMware, Inc.</COMPANY_NAME>
</FILE_INFO>
</StartupProgram>
</STARTUP_PROGRAMS>
<PROCESSES>
<MachineProcess>
<NAME>AMPAgent.exe</NAME>
<COMMAND_EXE>C:\Program Files\Quest\KACE\AMPAgent.exe</COMMAND_EXE>
<COMMAND_ARGS />
<FILE_INFO>
<FILE_NAME>AMPAgent.exe</FILE_NAME>
<FILE_DESCRIPTION>AMP Service</FILE_DESCRIPTION>
<FILE_VERSION>5.2.38916</FILE_VERSION>
<PRODUCT_NAME>KACE Agent</PRODUCT_NAME>
<PRODUCT_VERSION>5.2.38916</PRODUCT_VERSION>
<COMPANY_NAME>Quest Software Inc.</COMPANY_NAME>
</FILE_INFO>
</MachineProcess>
</PROCESSES>
<NT_SERVICES>
<NtService>
<NAME>Alerter</NAME>
<DISPLAY_NAME>Alerter</DISPLAY_NAME>
<STATUS>SERVICE_STOPPED</STATUS>
<STARTUP_TYPE>SERVICE_DISABLED</STARTUP_TYPE>
<DESCRIPTION />
KACE Systems Management Appliance 8.0 Administrator Guide
Adding devices manually using the API
371
<LOGON_AS_USER>NT AUTHORITY\LocalService</LOGON_AS_USER>
<CAN_INTERACT_WITH_DESKTOP>False</CAN_INTERACT_WITH_DESKTOP>
<COMMAND_EXE>C:\WINDOWS\system32\svchost.exe</COMMAND_EXE>
<COMMAND_ARGS> -k LocalService</COMMAND_ARGS>
<FILE_INFO>
<FILE_NAME>svchost.exe</FILE_NAME>
<FILE_DESCRIPTION>Generic Host Process for Win32 Services</FILE_DESCRIPTION>
<FILE_VERSION>5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)</FILE_VERSION>
<PRODUCT_NAME>Microsoft® Windows® Operating System</PRODUCT_NAME>
<PRODUCT_VERSION>5.1.2600.2180</PRODUCT_VERSION>
<COMPANY_NAME>Microsoft Corporation</COMPANY_NAME>
</FILE_INFO>
</NtService>
</NT_SERVICES>
<INSTALLED_software>
<software>
<DISPLAY_VERSION>5.2.38916</DISPLAY_VERSION>
<HELP_LINK />
<README />
<INSTALL_DATE>20110830</INSTALL_DATE>
<PUBLISHER>Quest Software Inc.</PUBLISHER>
<UNINSTALL_STRING />
<URLINFO_ABOUT />
<DISPLAY_NAME>Quest KACE Agent</DISPLAY_NAME>
</software>
</INSTALLED_software>
<CLIENT_VERSION>6.0.xxxxx</CLIENT_VERSION>
</MachineStruct>
Valid XML schema for Linux and Mac devices
Files used to upload inventory information for Linux and Mac devices must use valid XML schemas.
The following is an example of an XML schema for Linux and Mac devices.
<?xml version="1.0" encoding="utf-8"?>
<MachineStruct>
<NAME>@@__m_versionHostName__@@</NAME>
<CLIENT_VERSION>@@__m_appVersion__@@</CLIENT_VERSION>
<IP>@@__m_IPAddress__@@</IP>
<MAC>@@__m_versionKaceId__@@</MAC>
<OS_NAME>@@__m_operatingSystemCaption__@@</OS_NAME>
<OS_NUMBER>@@__m_operatingSystemVersion__@@</OS_NUMBER>
<OS_MAJOR>@@__m_operatingSystemVersionMajor__@@</OS_MAJOR>
<OS_MINOR>@@__m_operatingSystemVersionMinor__@@</OS_MINOR>
<SERVICE_PACK></SERVICE_PACK>
<INSTALL_DATE></INSTALL_DATE>
<OS_ARCH>@@__m_operatingSystemOSArchitecture__@@</OS_ARCH>
<OS_FAMILY>@@__m_operatingSystemOSFamily__@@</OS_FAMILY>
<OS_VERSION>@@__m_operatingSystemVersion__@@</OS_VERSION>
<OS_BUILD>@@__m_operatingSystemBuildNumber__@@</OS_BUILD>
<DOMAIN>@@__m_userAccountDomain__@@</DOMAIN>
<CS_DOMAIN>@@__m_userAccountDomain__@@</CS_DOMAIN>
<LAST_REBOOT>@@__m_operatingSystemLastBootupTime__@@</LAST_REBOOT>
<TZ_AGENT>@@__m_versionTimeZone__@@</TZ_AGENT>
<UPTIME>@@__m_operatingSystemUptime__@@</UPTIME>
<RAM_TOTAL>@@__m_operatingSystemTotalVisibleMemorySize__@@</RAM_TOTAL>
<RAM_USED>@@__m_operatingSystemUsedPhysicalMemory__@@</RAM_USED>
<CS_MANUFACTURER>@@__m_biosManufacturer__@@</CS_MANUFACTURER>
<CS_MODEL></CS_MODEL>
<USER_LOGGED>@@__m_userAccountName__@@</USER_LOGGED>
KACE Systems Management Appliance 8.0 Administrator Guide
Adding devices manually using the API
372
<USER>@@__m_userAccountName__@@</USER>
<USER_NAME>@@__m_userAccountName__@@</USER_NAME>
<USER_FULLNAME>@@__m_userAccountFullName__@@</USER_FULLNAME>
<USER_DOMAIN>@@__m_userAccountDomain__@@</USER_DOMAIN>
<BIOS_NAME>@@__m_biosName__@@</BIOS_NAME>
<BIOS_VERSION>@@__m_biosVersion__@@</BIOS_VERSION>
<BIOS_MANUFACTURER>@@__m_biosManufacturer__@@</BIOS_MANUFACTURER>
<BIOS_DESCRIPTION>@@__m_biosName__@@</BIOS_DESCRIPTION>
<BIOS_SERIAL_NUMBER>@@__m_biosSerialNumber__@@</BIOS_SERIAL_NUMBER>
<MOTHERBOARD_PRIMARY_BUS></MOTHERBOARD_PRIMARY_BUS>
<MOTHERBOARD_SECONDARY_BUS></MOTHERBOARD_SECONDARY_BUS>
<PROCESSORS>@@__m_processorList__@@</PROCESSORS>
<SOUND_DEVICES>@@__m_soundDeviceDescription__@@</SOUND_DEVICES>
<CDROM_DEVICES>@@__m_CDROMDeviceName__@@</CDROM_DEVICES>
<MONITOR>@@__m_desktopMonitorDescription__@@</MONITOR>
<VIDEO_CONTROLLERS>@@__m_videoControllerName__@@</VIDEO_CONTROLLERS>
<DISK_DRIVES>
@@__m_logicalDiskDriveList__@@</DISK_DRIVES>
<NETWORK_INTERFACES>
@@__m_networkAdapterConfigurationList__@@</NETWORK_INTERFACES>
<PRINTERS>@@__m_printerList__@@</PRINTERS>
<STARTUP_PROGRAMS>
@@__m_startupProgramsList__@@</STARTUP_PROGRAMS>
<PROCESSES>
@@__m_processList__@@</PROCESSES>
<INSTALLED_software>
@@__m_installedProgramsList__@@</INSTALLED_software>
</MachineStruct>
Upload an XML file using the Administrator Console
You can upload an XML file that contains device inventory information using the Administrator Console. This type
of information is referred to as manual inventory information.
The KACE SMA Agent is installed on the device that is having its inventory information added.
You create the XML file on the device to be inventoried, then move to the KACE SMA to upload the file.
Manual inventory information appears on the Software page but it does not appear on the Software Catalog page.
See:
•
Managing applications on the Software page
•
Managing Software Catalog inventory
1.
Generate an XML file that contains the information.
a.
On a device where the KACE SMA Agent is installed, open a command prompt or terminal
window.
b.
Go to the Quest KACE installation directory.
For example:
▪
Windows 32-bit systems: C:\Program Files\Quest\KACE
▪
Windows 64-bit systems: C:\Program Files (x86)\Quest\KACE
▪
Mac OS X systems: /Library/Application Support/Quest/KACE/bin
▪
Linux systems: /opt/quest/kace/bin
c.
Enter the following command:
KInventory -machine -output filename
KACE Systems Management Appliance 8.0 Administrator Guide
Adding devices manually using the API
373
Where filename is the path to the XML file you want to create. If the path contains spaces, enclose the
entire path in double quotation marks.
The Agent collects the inventory data and generates the XML file.
2.
On the KACE SMA Administrator Console, go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
3.
Select Choose Action > New > Manual Device to display the Device Detail page.
4.
Under Import Device, click Browse.
5.
Select the file, then click Open or Choose.
6.
Click Save.
The device's information is added to inventory. If you uploaded an XML file, the appliance ignores all other
information on the page and uses the XML file for inventory information.
Forcing inventory updates
You can force managed devices to update their inventory information outside of the regularly scheduled reporting
times.
To force inventory updates, one of the following conditions must be met:
•
The KACE SMA Agent must be installed on the devices and there must be an active messaging protocol
connection between the appliance and the devices.
•
Agentless management must be enabled for the devices.
You cannot force an update on devices that are not either Agent-managed or Agentless-managed devices.
Force inventory updates from the appliance
You can use the appliance Administrator Console to force devices to report inventory.
1.
2.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
Select the check boxes next to the devices whose inventory you want to update.
To avoid overwhelming the appliance, do not select more than 50 devices to update at once.
3.
Select Choose Action > Force Inventory.
Inventory information is updated.
KACE Systems Management Appliance 8.0 Administrator Guide
Force inventory updates from the appliance
374
Force inventory updates from Windows devices
You can force Windows devices to report inventory by running commands on the devices.
1.
Log in to the Windows device and open a command prompt.
2.
Go to one of the following directories:
◦
On 32-bit systems: C:\Program Files\Quest\KACE\
◦
On 64-bit systems: C:\Program Files (x86)\Quest\KACE\
3.
NOTE: For Windows Vista and later, use Run as Administrator when running the command.
Enter the following command:
runkbot -s 4 0
Inventory information is updated.
Force inventory updates from Mac OS X devices
You can force Mac OS X devices to report inventory by running commands on the devices.
1.
Log in to the Mac OS X device and open a terminal from Applications > Utilities.
2.
Go to the following directory:
/Library/Application Support/Quest/KACE/bin/
3.
Enter the following command:
sudo ./runkbot 2 0
Inventory information is updated.
Force inventory updates from Linux devices
You can force Linux devices to report inventory by running commands on the devices.
1.
Log in to the Linux device and open a terminal from Applications > System Tools.
2.
Go to the following directory:
/opt/quest/kace/bin/
3.
Enter the following command:
sudo ./runkbot 2 0
Inventory information is updated.
Managing MIA devices
Devices that are under management but that have not communicated with the appliance in the last 1 to 90 days
are considered to be MIA (missing in action) or out-of-reach. You can configure MIA device settings and manage
MIA devices as needed.
KACE Systems Management Appliance 8.0 Administrator Guide
Managing MIA devices
375
NOTE: Your KACE SMA license agreement entitles you to manage a specified number of devices that are
classified as Managed Computers, Monitored Devices, and Assets. Be aware that devices count toward
these limits even if devices are MIA (missing in action) or no longer in use. However, devices that are
added to inventory manually, or through the API, do not count toward license limits. See View KACE SMA
license information.
NOTE: To increase your license capacity, go to the Quest website: https://quest.com/buy.
Configure MIA settings
You can configure the appliance to automatically delete MIA devices from inventory after devices have not
checked in for a specified number of days. Automatically deleting MIA devices can reduce the need to delete MIA
devices manually.
Be aware that the process that deletes MIA devices runs daily at 03:45, and it can delete up to 100 devices during
a single run. If there are more than 100 MIA devices to be deleted, or if you must delete devices immediately,
consider deleting devices manually.
1.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
2.
Select Choose Action > Configure MIA Settings to display the MIA Settings page.
3.
Provide the following information:
Option
Description
Automatically
Remove MIA
Devices
Archive or delete managed devices that are MIA (missing in action) after the specified
period of time. Clear the check box to prevent MIA devices from being Archived or
deleted automatically.
After n days
The number of days MIA devices remain in inventory if Automatically Relete MIA
Devices is selected. Managed devices that do not communicate with the appliance for
the specified number of days are automatically deleted or archived, as specified.
Archive MIA
Asset-Devices
Select this option to archive the MIA devices after the specified number of days.
Delete MIA
Devices
Select this option to permanently delete the MIA devices after the specified number of
days.
4.
Click Save.
Devices are deleted when the deletion process runs daily at 03:45. The process can delete up to 100
devices during a run.
If there are more than 100 MIA devices to be deleted, or if you must delete devices immediately, consider deleting
devices manually. See Delete MIA devices manually.
Apply labels to MIA devices
You can use labels to manage groups of MIA devices.
1.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
KACE Systems Management Appliance 8.0 Administrator Guide
Apply labels to MIA devices
376
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
2.
Optional: To view MIA devices: In the View By drop-down list, which appears above the table on the right,
select MIA, then select the number of syncs the device missed, or the number of days the device has been
missing.
3.
Select the check box next to one or more devices.
4.
Select Choose Action > Apply Labels to display the Apply Labels dialog.
5.
Search for labels, or drag a listed label into Apply these labels, and click Apply Labels.
Delete MIA devices manually
You can delete MIA devices manually as needed.
To configure the appliance to automatically delete MIA devices, see Configure MIA settings.
1.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
2.
Optional: To view MIA devices: In the View By drop-down list, which appears above the table on the right,
select MIA, then select the number of syncs the device missed, or the number of days the device has been
missing.
3.
Select the check box next to one or more devices.
4.
Select Choose Action > Delete, then click Yes to confirm.
Troubleshoot devices that fail to appear in inventory
If Agent-managed devices do not appear in inventory, verify Agent and appliance configuration.
By default, KACE SMA Agents installed on managed devices communicate with the appliance using HTTP over
ports 80, 443, and 52230. If network connectivity is in place, but newly installed Agents do not connect to the
appliance, there might be problems with the default kbox hostname in DNS.
1.
Install the Agent with hostname or IP address correctly specified:
Windows
msiexec /qn /i ampagent-6.x.xxxxx-x86.msi HOST=my_kace_sma
Mac OS X
hdiutil attach ampagent-6.x.xxxxx-all.dmg
sudo sh -c 'KACE_SERVER=my_kace_sma installer -pkg /Volumes/Quest_KACE/AMPAgent.pkg
-target /'
hdiutil detach /Volumes/Quest_KACE
Linux (RHEL and SLES)
2.
export KACE_SERVER=my_kace_sma
export KACE_SERVER=my_kace_smasudo rpm -ivh ampagent-6.x.xxxxx.xxxx.xx.rpm
To correct the server name for a device that is already installed, use the AMPTools utility:
Windows
32-bit systems: "C:\Program Files\Quest\KACE\AMPTools" host=my_kace_sma
64-bit systems: "C:\Program Files (x86)\Quest\KACE\AMPTools" host=my_kace_sma
KACE Systems Management Appliance 8.0 Administrator Guide
Troubleshoot devices that fail to appear in inventory
377
Mac OS X
/Library/Application\ Support/Quest/KACE/bin/AMPTools host=my_kace_sma
Linux
/opt/quest/kace/bin/AMPTools host=my_kace_sma
3.
4.
5.
Verify that you are able to ping the appliance, and reach it through a web browser at
http://KACE_SMA_hostname.
Verify that Internet Options are not set to use proxy. Verify that proxy is excluded for the local network or
KACE_SMA_hostname.
Verify that no firewall or anti-spyware applications are blocking communication between the appliance and
any of the Agent components, including:
Table 22. KACE SMA Agent components for each operating system
Operating system
Agent components
Windows
ACUConfig.exe
AMPAgent.exe
AMPKickstart.exe
AMPTools.exe
AMPWatchDog.exe
Inventory.exe
KCopy.exe
KDeploy.exe
KInventory.exe
konea.exe
kpatch.exe
KSWMeterSvc.exe
KUserAlert.exe
runkbot.exe
Mac OS X and Linux
AMPAgent
AMPAgentBootup
AMPctl
AMPTools
AMPWatchDog
Inventory
KBoxClient
KCopy
KDeploy
KInventory
konea
kpatch
KSWMeterSvc
KUpdater
KUserAlert
KACE Systems Management Appliance 8.0 Administrator Guide
Troubleshoot devices that fail to appear in inventory
378
Operating system
Agent components
runkbot
6.
Verify that the following processes are running:
•
Windows: AMPAgent.exe, AMPWatchDog.exe, konea.exe.
•
Mac and Linux: AMPAgent, konea.
If, after verifying these items, the Agent still fails to connect to the appliance, contact Quest Support at https://
support.quest.com/contact-support.
Obtaining Dell warranty information
The KACE SMA periodically runs a background service that gathers and updates Dell warranty information on the
Dell devices that are in your KACE SMA inventory.
This service runs every four hours. If you have multiple organizations, the service selects a different organization
in a round-robin fashion and collects warranty information on approximately 100 devices per organization. Over
time, warranty information is gathered and updated for all Dell devices.
You can update Dell warranty information any time, and you can run reports to track warranty information.
NOTE: The Dell warranty information is available only for Dell computers that are in inventory. In addition,
the appliance must be able to reach the following domain to gather warranty information: api.dell.com.
See Make necessary websites accessible to the KACE SMA.
Obtain Dell warranty information on a single Dell device
instantly
You can obtain warranty information for any managed Dell device in your KACE SMA inventory from the
Administrator Console.
If you have many Dell devices, it might take a while to update the warranty information through the appliance’s
background service.
1.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
2.
In the list of devices, click the name of a Dell device to display the Device Detail page.
3.
In the Inventory Information section, expand Hardware.
4.
Click Refresh.
Dell warranty information appears under the Dell Service Information section.
The warranty information is updated immediately.
Renew a Dell warranty
You can access the Dell Support website to renew warranties on Dell devices in inventory.
1.
Go to the Devices list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
KACE Systems Management Appliance 8.0 Administrator Guide
Renew a Dell warranty
379
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory.
2.
In the list of devices, click the name of a Dell device to display the Device Detail page.
3.
In the Inventory Information section, expand Hardware.
4.
Select the support.dell.com link in the Dell Service Information section.
You are directed to the Dell Support website where you can renew your warranty if it is out of date or view
additional information.
Run Dell warranty reports
You can run reports that show the warranty status of the Dell devices in the KACE SMA inventory. If the
Organization component is enabled on your appliance, you can run these reports at the organization level and at
the System level.
1.
Go to the Reports list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Reporting.
2.
In the View By drop-down list, which appears above the table on the right, select Dell Warranty to display
the Dell Warranty reports.
3.
In the Generate Report column, click a report type to run the report.
See About reports.
Managing applications on the Software
page
Applications that are found on managed devices are listed on the Software page.
About the Software page
The Software page shows all the applications installed on managed devices and any applications that have been
added to inventory manually or uploaded using the inventory API.
If the Organization component is enabled on your appliance, you manage applications for each organization
separately.
The information and features accessible from the Software page differ from information and features available
from the Software Catalog page. See Differences between the Software page and the Software Catalog page.
View items in Software page inventory
You can view items that have been added to inventory on the Software page. If the Organization component is
enabled on your appliance, you view Software page inventory for each organization separately.
1.
Go to the Software list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
KACE Systems Management Appliance 8.0 Administrator Guide
View items in Software page inventory
380
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Software.
Tracking changes to inventory settings
If History subscriptions are configured to retain information, you can view the details of the changes made to
settings, assets, and objects.
This information includes the date the change was made and the user who made the change, which can be useful
during troubleshooting. See About history settings.
Adding and deleting applications in Software page
inventory
Applications are added to KACE SMA Software page inventory automatically when managed devices upload
inventory information to the appliance. In addition, you can add applications to the Software page manually as
needed.
Add applications to Software page inventory manually
You can manually add applications to the Software page inventory list as needed.
Usually, it is best to have applications added to the KACE SMA inventory automatically, than to add applications
to the appliance manually. However, adding applications manually is useful if you want to add an application that
is not currently installed on managed devices. You can manually add the application, then create a Managed
Installation for it, and deploy it to managed devices.
If you add applications manually, you might want to include a Custom Inventory rule so that information about the
applications is current and packages are not reinstalled each time Agents check in. See Writing custom inventory
rules.
1.
2.
TIP: Applications that are added manually are displayed on the Software page, but they are not displayed
on the Software Catalog page. You cannot add applications manually to the Software Catalog page.
Go to the Software Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Software.
c.
Select Choose Action > New.
Provide general information: Name, Version, Publisher.
For proper downstream reporting, enter this information consistently across software inventory.
3.
Provide the following information:
Option
Description
Assign To Label
(Optional) The label associated with the item.
Notes
Any additional information you want to provide.
KACE Systems Management Appliance 8.0 Administrator Guide
Add applications to Software page inventory manually
381
Option
Description
Supported
Operating
Systems
The operating systems on which the application runs. Applications are deployed only
to devices with the selected operating systems.
a.
Click Manage Operating Systems.
b.
In the Operating Systems dialog box that appears, select the OS versions in
the navigation tree, as applicable.
You have an option to select OS versions by their family, product, architecture,
or build version. You can choose a specific build versions, or a parent node, as
needed. Selecting a parent node in the tree automatically selects the associated
child nodes. This behavior allows you to select any future OS versions, as
devices are added or upgraded in your managed environment. For example, to
select all build current and future versions associated with the Windows 10 x64
architecture, under All > Windows > Windows 10, select x64.
Custom Inventory
Rule
(Optional) The custom inventory rules to apply to the application. Custom inventory
rules enable you to detect applications and other items on a device and capture
details for reporting.
For example, the appliance first verifies whether an application is present on a device
before deploying that application. In some instances, however, installed programs
do not register in Add/Remove Programs or in standard areas of the registry. In such
cases, the appliance might not be able to detect the presence of the application
without additional information from the administrator. Therefore, the appliance might
repeat the installation each time the device connects. Custom Inventory rules can
prevent this.
The following rule verifies that the version of the Network Associates VirusScan
installed on a device is newer than a given version before deploying it:
RegistryValueGreaterThan(HKEY_LOCAL_MACHINE\Software
\Network Associates\TVD\Shared Components\VirusScan Engine
\4.0.xx,szDatVersion,4.0.44)
See Getting values from a device (Custom Inventory Field).
4.
Next to Upload and Associate File, click Browse or Choose File to locate a file, then click Open or
Choose.
To distribute applications using Managed Installations or File Synchronizations, you need to associate the
actual application files with the application.
5.
To prevent the file from being copied to Replication Shares, select Don’t Replicate Associated File.
This is useful for large files that you do not want users to install from Replication Shares, such as software
suites.
6.
Optional: Select a Category and Threat Level for the software.
7.
Click Save.
Related topics
Using software threat levels and categories
Delete applications
Deleting applications from the Software page removes them from the Software page inventory, and also removes
Managed Installations or File Synchronizations that are associated with applications.
KACE Systems Management Appliance 8.0 Administrator Guide
Delete applications
382
However, if the deleted applications are installed on managed devices, the records for those applications
are recreated, with new IDs, when the devices update inventory information. Managed Installations and File
Synchronizations that were associated with the deleted applications, however, are not recreated.
1.
Go to the Software list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Software.
2.
Select the check box next to one or more applications.
3.
Select Choose Action > Delete, then click Yes to confirm.
Creating Software assets
To set up License Compliance for applications that appear on the Software page, you first need to add Software
assets for those applications. After you create Software assets, you can associate them with License assets.
You can create assets for applications that have been added to the appliance automatically or manually.
NOTE: Software assets are not required to set up License Compliance for applications on the Software
Catalog page.
If the Organization component is enabled on your appliance, you create Software assets for each organization
separately.
Add Software assets in the Inventory section
You can add Software assets for one or more applications by selecting the applications in the Inventory section on
the Software list.
Software assets can also be added from the Assets section. See Add Software assets in the Assets section.
1.
Go to the Software list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Software.
2.
Select the check box next to one or more applications.
3.
Select Choose Action > Create Asset.
The assets are created, and they appear on the Assets page.
Add Software assets in the Assets section
You can add Software assets one-at-a-time in the Assets section.
Software assets can also be added from the Inventory section. See Add Software assets in the Inventory section.
1.
Go to the Assets list:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
KACE Systems Management Appliance 8.0 Administrator Guide
Add Software assets in the Assets section
383
b.
On the left navigation bar, click Asset Management, then click Assets.
2.
Select Choose Action > New > Software to display the Software Asset Detail page.
3.
Complete the asset fields as follows:
a.
In the Name field, enter a name for the asset.
For example, Office Pro SW Asset.
4.
b.
Optional: In the Software field, select the name of the application to associate with the asset. To
search for items, begin typing in the field.
c.
Optional: In the Software Label field, select a label in the Select label drop-down list. The list is
empty unless you have created a Smart Label. To filter the labels list, enter a few characters of
the label name in the Filter field.
Click Save.
The new asset appears on the Assets page.
Attach digital assets to applications and select supported
operating systems
To distribute applications to managed devices using Managed Installations or User Console downloads, you need
to attach the appropriate digital assets to applications. Digital assets are the files required for deployment, such as
installers. In addition, you need to select the supported operating systems for the application. You perform these
tasks on the Software detail page.
To associate multiple files with an application, create a ZIP file that contains the files, then associate the resulting
archive file with the application.
1.
2.
TIP: Digital assets can be attached to applications displayed on the Software page, but they cannot be
attached to items in the Software Catalog page.
Go to the Software Detail page:
a.
Log in to the KACE SMA Administrator Console, http://KACE_SMA_hostname/admin.
Or, if the Show organization menu in admin header option is enabled in the appliance General
Settings, select an organization in the drop-down list in the top-right corner of the page next to the
login information.
b.
On the left navigation bar, click Inventory, then click Software.
c.
Click the name of a software application.
Do one of the following:
•
Next to Upload and Associate File, click Browse or Choose File.
•
Next to Upload and Associate Client Drop File, click Browse or Choose File. This option is available
only if you have copied files to the appliance or organization Client Drop location, and those files are
larger than the size specified in the appliance's Client Drop File Size Filter or the organization's in the
Client Drop Size. If the Organization component is enabled on your appliance, files are available to
the selected organization only. To make files available to multiple organizations, copy the files to the
Client Drop location for each organization. Copy files to the KACE SMA Client Drop location.
3.
Locate the file to upload, then click Open or Choose.
4.
In the Supported Operating Systems section, select the operating systems on which the application can be
installed.
a.
Click Manage Operating Systems.
b.
In the Operating Systems dialog box that appears, select the OS versions in the navigation tree,
as applicable.
In the Operating Systems dialog box that appears, select the OS versions in the navigation tree, as
applicable.
KACE Systems Management Appliance 8.0 Administrator Guide
Attach digital assets to applications and select supported operating systems
384
You have an option to select OS versions by their family, product, architecture, or build version. You
can choose a specific build versions, or a parent node, as needed. Selecting a parent node in the tree
automatically selects the associated child nodes. This behavior allows you to select any future OS
versions, as devices are added or upgraded in your managed environment. For example, to select
all build current and future versions associated with the Windows 10 x64 architecture, under All >
Windows > Windows 10, select x64.
5.
NOTE: If no operating systems are selected, the application cannot be distributed to managed
devices. Deployments such as Managed Installations can be created, but they can be deployed only if
the correct supported operating system information is provided.
Modify other details as necessary, then click Save.
NOTE: The table at the bottom of the Software Detail page shows which devices have the software
installed.
Copy files to the KACE SMA Client Drop location
You can upload large files, such as application files and backup files, to the KACE SMA by copying them to the
Client Drop location on the appliance. Copying files to the Client Drop location is an alternative to uploading files
through the Administrator Console using the default HTTP mechanism, which can result in browser timeouts for
large files.
•
Enable file sharing (Samba). See Configure security settings for the appliance.
•
If the Organization component is enabled on your appliance, enable file sharing for each organization. See
Configure Admin-level or organization-specific General Settings.
•
If the Organization component is not enabled on your appliance, configure the Client Drop File Size Filter
setting for the appliance. See Configure appliance General Settings without the Organization component.
•
If the Organization component is enabled on your appliance, configure the Client Drop Size setting for each
organization. See Configure Admin-level or organization-specific General Settings.
1.
In a file system navigator, go to the Client Drop location on the KACE SMA:
•
In Windows Explorer, enter a UNC path with the KACE SMA host name or IP address. For example: \
\kbox\clientdrop. Use two backslashes to indicate that the location is a Samba path.
•
On Mac OS X, Go > Connect to Server, then enter the SMB address in the Server Address field.
•
On Linux, select Search, then enter the SMB address.
The client Share and clientdrop Share folders are displayed.
2.
•
ORG1: clientdrop
•
ORG2: clientdrop_2
•
ORG3: clientdrop_3
If prompted, provide your login credentials for the Client Drop location. These credentials are specified in
the appliance security settings. See Configure security settings for the appliance.
3.
NOTE: If the Organization component is enabled, each organization has a separate Client Drop
location. For example:
TIP: If you are connecting from a Windows device, type \admin in the Username field. This
prevents the system from using workgroup\admin or domain\admin during authentication.
Copy your files to the Client Drop location. If the Organization component is enabled on your appliance,
copy the files to the Client Drop location for the organization where you want to select the files.
The files are available as follows:
◦
Application files: Files are available for selection on the Software Detail page provided that they
are larger than the size configured for the appliance in the Client Drop File Size Filter or for the
KACE Systems Management Appliance 8.0 Administrator Guide
Copy files to the KACE SMA Client Drop location
385
organization in the Client Drop Size. If the Organization component is enabled on your appliance, files
are available to the selected organization only. To make files available to multiple organizations, copy
the files to the Client Drop location for each organization.
◦
Appliance backup files: Appliance backup files that are placed in any Client Drop location are
automatically