KBOX Administrator Guide 3.3

A D M I N G U I D E
Administrator Guide for KBOX 1000 Series
Version 3.3
© 2004-2007 Kace Networks, Inc. All rights reserved.
Welcome to KBOX 1000 ownership!
Welcome to version 3.3 of the KBOX 1000 Series appliance. This Administrator Guide is designed to help
you install, configure, use, and maintain your KBOX 1000 Series appliance. KACE is dedicated to cus-
tomer success with our primary goal being your ability to quickly utilize your KBOX 1000 Series appli-
ance to save time and eliminate the tedious task of manual inventory, software, and desktop management.
If at any time you experience a problem, or have a question regarding your KBOX 1000 Series appliance,
please contact one of our support representatives for assistance.
Support Contact:
KACE Technical Support

(888) 522-3638 for support select option 2
http://www.kace.com/support
Company Contact:
Kace Networks, Inc.

1616 North Shoreline Blvd.
Mountain View, California 94043
(888) 522-3638 office for all inquiries
(650) 649-1806 fax
Contents
About this guide viii
How this guide is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Additional resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Contacting Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
The KBOX 1000 Series JumpStart Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
KACE Professional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Ch. 1 Getting Started with KBOX 1000 Series ........1
Introduction to KBOX 1000 Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Solution Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Organizational Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Software Deployment Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Setting Up Your New KBOX server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Setting up your first KBOX Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Alternative Deployment Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Key Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Configuring General settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Configuring KBOX Network settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Ch. 2 Agent Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Single Machine Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Provisioning Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Provisioning Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
KBOX Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
KBOX Agent Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Ch. 3 Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Overview of the Inventory Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Using Advanced Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Creating Search Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Creating Computer Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Filtering Computers by Organizational Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Understanding Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Computer Identity Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Help Tickets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Operating System Info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
User Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Manufacturer and BIOS Info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Administrator Guide for KBOX 1000 Series, version 3.3 i

Processor and Computer Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Drive Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Motherboard and related Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Process List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Installed Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Installed Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Startup Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Harmful Items (Threat Level 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Printer List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Uploaded Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Custom Inventory Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Customer Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Asset Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Asset History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
KBOX Agent Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Portal Install Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Scripting Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
OVAL Vulnerability Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Failed Managed Installs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Failed Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
To Install List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Adding computers to inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Adding computers automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Adding computers manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Adding Software to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Adding Software Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Adding Software Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Creating Software Asset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Custom Data Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Attaching a Digital Asset to a Software Title . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Monitoring out-of-reach Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Creating Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Viewing Computer Details by Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Deleting labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Software Metering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Adding a Software Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Editing Software Meter Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Deleting a Software Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Configuring the Software Metering Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Software Lookup Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Enabling Software Lookup Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Viewing Software Lookup Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Administrator Guide for KBOX 1000 Series, version 3.3 ii

Ch. 4 Asset Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Overview of Asset Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Managing Asset Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Asset Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Managing Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Generating Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Importing Asset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Ch. 5 IP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
IP Scan Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Viewing List of Scheduled Scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Creating an IP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Ch. 6 Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Distribution Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Types of Distribution Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Distributing Packages through KBOX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Distributing Packages through an Alternate Location . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Managed Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Creating a Managed Installation for Windows Platform . . . . . . . . . . . . . . . . . . . . . . . . . 75
Sharing Managed Software Installation Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Examples of Common Deployments on Windows . . . . . . . . . . . . . . . . . . . . . . . . 79

Standard MSI Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Standard EXE Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Standard ZIP Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Examples of Common Deployments on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Standard RPM Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Standard TAR.GZ Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Examples of Common Deployments on Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Standard TAR.GZ Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Examples of Common Deployments on Macintosh(r) . . . . . . . . . . . . . . . . . . . . 91

File Synchronizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Creating a file synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Creating a Replication Share. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Viewing Replication Share Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Ch. 7 Wake-on-LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Wake-on-LAN Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Issuing a Wake-on-LAN Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Troubleshooting Wake-on-LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Administrator Guide for KBOX 1000 Series, version 3.3 iii

Ch. 8 Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Scripting Module Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Using Scripts that are Installed with KBOX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Creating and Editing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Adding Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Editing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Importing scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Duplicating scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Using the Run Now Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Run Scripts using the Run Now tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Run Now from the Script Detail page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Monitoring Run Now status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Run Now Detail Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Searching Scripting Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Configuration Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Enforce Registry Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Remote Desktop Control Troubleshooter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Enforce Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Desktop Shortcuts Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Event Log Reporter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
MSI Installer Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
UltraVNC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Un-Installer Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Windows Automatic Update Settings policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Ch. 9 Patching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Overview of Patching feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Bulletin Management workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Downloading patch bulletins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Reviewing & approving bulletins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Deploying bulletins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Reporting patching results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Creating a Replication Share for patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Create new Windows Update Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Updating Patch definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Ch. 10 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Security Module Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

About OVAL and CVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
OVAL Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Running OVAL Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
OVAL Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
OVAL Settings and Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

OVAL Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Creating Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Enforce Internet Explorer Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Enforce XP SP2 Firewall Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Administrator Guide for KBOX 1000 Series, version 3.3 iv

Enforce Disallowed Programs Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Enforce McAfee AntiVirus Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
McAfee SuperDAT Updater . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Enforce Symantec AntiVirus Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Quarantine Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Lift Quarantine Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Ch. 11 User Portal and Help Desk . . . . . . . . . . . . . . . . . . . . . . . . . 146
Overview of the User Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

End user view of the User Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Administrator view of the User Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Understanding the Software Library feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Creating a software library to deploy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Using the Knowledge Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Adding Knowledge Base articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Editing and deleting Knowledge Base articles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Managing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Adding users manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Adding users automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
LDAP Browser Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Importing users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Overview of the Help Desk Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Configuring basic Help Desk settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Customizing Help Desk fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Creating and editing Help Desk Tickets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Submitting Help Desk tickets through email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Editing Help Desk tickets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Searching Help Desk tickets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Managing Help Desk tickets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Understanding the escalation process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
About the satisfaction survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Running Help Desk Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Ch. 12 Server Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
KBOX 1000 Series maintenance overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Backing up KBOX 1000 Series data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Backing up KBOX 1000 Series manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Downloading backup files to another location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Restoring KBOX 1000 Series Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Restoring from most recent backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Uploading files to restore settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Updating KBOX 1000 Series software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Verifying minimum server version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Updating the license key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Applying the server update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Verifying the update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Rebooting and shutting down KBOX 1000 Series appliance . . . . . . . . . . . . . . . . . . . . . 178
Administrator Guide for KBOX 1000 Series, version 3.3 v

Updating OVAL definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Troubleshooting the KBOX 1000 Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Accessing KBOX 1000 Series logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Downloading log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Understanding disk log status data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Ch. 13 Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
KBOX 1000 Series Reports overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Types of Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Running Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Creating and editing reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Alert Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Creating alert messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Email Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Creating Email Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
KBOX 1000 Series Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Client Check-In Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Software Threat Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
License Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
KBOX Network Load . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Managed Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Computer statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Software statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Software Distribution Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Alert Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Patch Bulletin Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
OVAL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Network Scan Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
LDAP Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Appendix A Adding steps to a Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Steps for Task sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Appendix B Database tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
KBOX 1000 Series database tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Appendix C Manual Deployment of KBOX Agent . . . . . . . . . . . . . . . . . . . 216
Manual Deployment of KBOX Agent on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Installing and Configuring the KBOX Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Upgrading the KBOX Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Removing the KBOX Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Verifying Deployment of the KBOX Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Manual Deployment of KBOX Agent on Solaris . . . . . . . . . . . . . . . . . . . . . . . . . 219

Administrator Guide for KBOX 1000 Series, version 3.3 vi

Manual Deployment of KBOX Agent on Macintosh . . . . . . . . . . . . . . . . . . . . . . 221

Appendix D Agent Customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Agent Customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Appendix E Warranty, Licensing, and Support . . . . . . . . . . . . . . . . . . . . . . 227
Warranty and Support Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Administrator Guide for KBOX 1000 Series, version 3.3 vii

P R E F A C E
About this guide

This chapter provides an overview of this Administrator
Guide and provides links to other resources you might
find helpful in administering your KBOX 1000 Series
appliance.
“How this guide is organized,” on page ix

“Additional resources,” on page x
“Contacting Support,” on page x
How this guide is organized
This Administrator Guide is designed to provide all of the information that you’ll need to install configure
and deploy the KBOX 1000 Series appliance. This guide is organized into the following top-level section:
Orientation and Setup
Chapter 1,“Getting Started with KBOX 1000 Series,” starting on page 1
Chapter 2,“Agent Provisioning,” starting on page 14
Chapter 3,“Inventory,” starting on page 26
Chapter 4,“Asset Management,” starting on page 56
Chapter 5,“IP Scan,” starting on page 66
Chapter 6,“Distribution,” starting on page 71
Configuration
Chapter 7,“Wake-on-LAN,” starting on page 98
Chapter 9,“Patching,” starting on page 123
Chapter 8,“Scripting,” starting on page 102
Chapter 10,“Security,” starting on page 132
Maintenance and Support
Chapter 11,“User Portal and Help Desk,” starting on page 146
Chapter 12,“Server Maintenance,” starting on page 173
Reference
Chapter 13,“Reporting,” starting on page 183
Appendix A,“Adding steps to a Task,” starting on page 203
Appendix B,“Database tables,” starting on page 209
Appendix C,“Manual Deployment of KBOX Agent,” starting on page 216
Appendix D,“Agent Customization,” starting on page 224
Appendix E,“Warranty, Licensing, and Support,” starting on page 227
In addition, the symbol to the left denotes an item of interest. These include common
configuration questions, specific KBOX behavior, or items that deserve particular
attention.
Administrator Guide for KBOX 1000 Series, version 3.3 ix

Conventions
This guide uses the following formatting conventions.
Format Description
Bold Represents buttons, tab labels, and menu selec-

tions.
| (pipe) Separates multiple selections. For example,
Inventory | Software.
Table 1-1: Formatting Conventions
Additional resources
In addition to this Administrator Guide, KACE also provides the following resources to assist you in
installing, configuring, and maintaining the KBOX 1000 Series.
A user name and password may be required to access these resources.
Silent Mode Installation Tips and Tricks - http://www.kace.com/support/customer/doc/

SilentInstallationWhitepaper.pdf
Installation and Scripting resources - http://www.kace.com/support/customer/
additional_resources.php
Tutorial Videos - http://www.kace.com/support/customer/training.php
Contacting Support
At KACE, customers are our highest priority, and we structure our support policies and procedures
accordingly. Your purchase of the KBOX 1000 Series includes software updates, telephone support, and
access to an on-line support portal, which includes:
The most up-to-date software and documentation
Knowledge base of frequently asked questions
Details on the most common software package installation switches
Other IT management information.
The KACE support team is dedicated to helping you make the most efficient use of your KBOX 1000 Series
appliance for your organization. KACE and KACE Certified Partners can help you get the most out of your
KBOX 1000 Series appliance with the KBOX™ JumpStart Program and KACE Professional Services.
Administrator Guide for KBOX 1000 Series, version 3.3 x

The KBOX 1000 Series JumpStart Program
The KBOX 1000 Series JumpStart Program guarantees that your KBOX 1000 Series appliance will be
properly installed and configured for your environment. With the JumpStart Program, you and your team
will get custom-tailored, hands-on training to immediately get the maximum value from your investment,
with the least amount of time committed from your team.
The KBOX 1000 Series JumpStart Program includes:
Installation Assistance - Install and configure your KBOX™ 1000 Series appliance; Network scan; learn
best practices for use of the KBOX 1000 Series appliance in your environment.
Deployment Assistance - Your custom rollout plan includes deployment up to 150 KBOX Agent agents
on your network.
SW Distribution & Patch Management Assistance - Customized training and one managed installation
created.
Advanced topics - LDAP or Active Directory integration; ODBC integration with your standard reporting
tools.
Additional Module training - additional set-up and training is provided for each KBOX 1000 Series
module you purchase.
To learn more about support services, contact KACE customer support.
KACE Professional Services

Delivered by a KACE Partner or KACE engineers, professional services can help you improve your
organization's IT efficiency, compliance and security. Professional services are custom tailored to meet
your needs. Some common KBOX 1000 Series services include but are not limited to:
Custom script development
Custom software packaging
Application integration
Advanced training
Security audit analysis
Advanced installation and KBOX Agent deployment
Managed services.
To learn more about professional services, contact your Kace account manager.
Administrator Guide for KBOX 1000 Series, version 3.3 xi

C H A P T E R 1
Getting Started with KBOX 1000 Series

The KBOX 1000 Series appliances are easy-to-deploy
Systems Management Appliances that deliver all of the
powerful features you would expect from a distribution
management system and more. This chapter provides
guidance on installing and setting up the
KBOX 1000 Series appliance to work in your environment.
“Introduction to KBOX 1000 Series,” on page 2

“Setting Up Your New KBOX server,” on page 4
“Setting up your first KBOX Agent,” on page 6
“Alternative Deployment Options,” on page 9
“Key Configuration Settings,” on page 10
Introduction to KBOX 1000 Series
In general, the administrative operation of the KBOX 1000 Series system management appliance is
intuitive and user friendly; however, a review of the basic procedures will likely help new users avoid
common pitfalls and internalize KBOX 1000 Series best practices for software management. This section
provides an introduction to the components and concepts of your KBOX 1000 Series appliance, and
provides an overview of the KBOX 1000 Series workflow for total software management.
Solution Components
The KBOX 1000 Series solution is comprised of four primary points of human interface:
The Box - The KBOX 1000 Series Systems Management Appliance itself is a high-performance server
including (depending on configuration) dual on-board Xeon processors, dual NIC controllers, 1 GB of
memory (or more), 3 X 150 GB hard drives (or more) with on-board RAID I support and on-board
nightly back up.
Administrator Console - The administrator console is a web-based interface that systems
administrators use to access and direct the functionality and capabilities within the KBOX 1000 Series.
The administrator console supports five primary tasks: Inventory Management, Software Distribution,
User Portal, Reporting and, KBOX Settings. Depending on your KBOX 1000 Series configuration you may
also have Asset, Scripting, Security, and Help Desk tabs. These are add-on modules. For more
information contact the KACE sales team at sales@kace.com or via phone at 1-888-522-3638.
User Portal - The User Portal provides an innovative method for administrators to make software titles
available to users on a self-service basis. The end-user portal is not intended to replace traditional push
software distribution (as is handled by the Administrator Console and the KBOX Agent). However, the
User Portal provides an elegant repository for software titles that are not required by all users. If you
have installed the optional Help Desk module, the User Portal also provides a way for users to submit
and track help desk tickets.
KBOX Agent - The KBOX Agent is the KBOX 1000 Series technology that sits on each desktop that the
KBOX 1000 Series manages. The KBOX Agent includes an application component that manages
downloads, installations, and desktop inventory. The KBOX Agent also includes the KBOX Agent
Management Service that initiates scheduled tasks such as inventory or software update tasks.
Organizational Components
KACE Networks recognizes that a large part of IT management is tied into data management. As such,
KBOX 1000 Series supports a flexible data model for managing computers, software, users and license
keys:
LDAP Support - The KBOX 1000 Series includes the ability to auto-discover information via the KBOX
Agent or to interface with Active Directory or LDAP organizational units.
Filters - Filters enable administrators to manage computers and users based on specified filter criteria.
Labels - The KBOX 1000 Series offers advanced labeling capability that puts ad-hoc organizational
capabilities in the hands of the software administrator.
Administrator Guide for KBOX 1000 Series, version 3.3 2

Software Deployment Components
The KBOX 1000 Series supports several types of distribution packages including:
Managed Installations can be configured by the administrator to run silently or in the forefront of
the user’s desktop view. Within a “Managed Installation Definition” the administrator can define install,
uninstall, or command-line parameters. See “Managed Installations,” on page 74 for detailed
information on Managed Installations.
File Synchronization is a different way to distribute content to computers with the KBOX agent
software. Unlike Managed Installations, File Synchronization is used to distribute files that needs to be
placed on a users’ machine without running an installer.
See “File Synchronizations,” on page 89 for detailed information on File Synchronization.
User Portal Packages are earmarked by administrators for user self-service. Many KACE customers
use the portal for handling occasional use applications, print drivers and so on. You also can use the
User Portal to resolve Help Desk issues by allowing users to download and install fixes. See “Overview
of the User Portal,” on page 147 for detailed information on User Portal Packages.
KBOX Agent is a special tab in the interface for managing the KBOX Agent. See the Chapter 2,“Agent
Provisioning,” starting on page 14 for details on how to configure and carry out these tasks.
The sections that follow describe how to configure the KBOX 1000 Series to meet the needs of your
organization.

Setting Up Your New KBOX server
While setting up your new KBOX server, perform the following steps.
1. Unpacking the Appliance
Make sure that the box in which the appliance was shipped is unpacked and is undamaged in any way.
The box should include one set of inner and outer rail assemblies and the mounting screws that you
need to install the system into the rack.
2. Updating DNS
The KBOX requires its own static IP address. By default, the KBOX will have a hostname of “kbox.” It is
highly recommended that you create a record for kbox in your domain corresponding to its static IP
before starting the server and client configuration.
3. Setup Location
Determine the placement of the appliance in the rack before you install the rails. The appliance should
be situated in a clean, dust-free, and well ventilated area. Avoid areas where heat, electrical noise, and
electromagnetic fields are generated. Place the appliance near a grounded power outlet. Use a
regulating uninterruptible power supply (UPS) to protect the server from power surges, voltage spikes
and to keep your system operational in power failures. Leave approximately 30 inches of clearance in
the back of the rack for sufficient airflow and ease in servicing.
4. Server Network Configuration
Attach a power cord, keyboard, and monitor, but do not connect a network cable at this time. Turn on
the KBOX. The first time boot may require 5 to 10 minutes. At the login prompt enter:
Login: konfig
Password: konfig
Using UP and DOWN arrows, modify the static IP address, subnet mask, default gateway, and DNS
settings to match your network.
Suggested
Field Notes
Value
KBOX Server (DNS) Defaults to kbox It is recommended that you add a static IP entry for
Hostname “kbox” to your DNS, and use the default Hostname and
Web Server Name. The fully-qualified domain name of
Web Server Name the KBOX on your network is the value of Hostname
Defaults to kbox
concatenated with Domain (for example,
kbox.kace.com). Clients will connect to KBOX using the
Web Server Name, which can be the hostname, fully-
qualified domain name, or IP address (for example,
kbox).
Static IP Address The IP address of
the KBOX server
lDomain The domain that the Defaults to corp.kace.com
KBOX is on
Subnet mask Your subnet mask Defaults to 255.255.255.0
Default gateway The network gate-
way for the KBOX
server

Primary DNS The primary DNS
server the KBOX
should use to resolve
hostnames
5. After entering all values, click Apply. Then reboot the KBOX.
Log in to confirm web access to the KBOX
While the KBOX reboots, plug the Ethernet cable into the port closest to the KBOX power supply, and
connect it to a router or hub on your network. Verify the KBOX is now online by browsing to http://
kbox/admin on another computer. If this URL doesn’t open KBOX, try http://defaultip/admin, where
default ip is the static IP address that you have assigned to the KBOX.
After accepting the EULA (End User License Agreement), log in using the credentials admin/admin. If you
can access the KBOX Management Center successfully, it indicates that the KBOX network settings are
entered correctly.

Setting up your first KBOX Agent
In order for workstations of servers in your environment to connect to the KBOX, they must have the KBOX
agent software installed. In this section, you’ll learn how to use the KBOX to install the agent software on
a machine in your environment through the KBOX interface.
1. To enable Agent Provisioning functionality:

a To go to the KBOX Management Center Web page, go to http://kbox/admin in your web browser.
On the KBOX Management Center Web page, click Settings | Network.
b The KBOX Settings: Network page appears. Fields are grayed out. Click Edit Mode to edit the field
values.
c Under Optional File Share Settings at the bottom of the Web page, select the File Share Enabled
check box for Agent Provisioning to work from the KBOX.
d Click Apply. On clicking Apply, the KBOX will be restarted and you will lose connection to the KBOX.
2. To set up a Provisioning Configuration for a Windows PC:
a To go to the KBOX Management Center Web page, go to http://kbox/admin in your web browser. On
the KBOX Management Center Web page, click Distribution | KBOX Agent.
b Click Provisioning Setup. The Provisioning Setup page appears.
c In the Choose action box, select Add New Item.
d Under Windows Platform Provisioning Settings, select the Provision this platform check
box.
e Enter the suggested values in the corresponding fields, as shown in the following table. For more
detailed information on all of the options available and detailed instructions, refer to the chapter
Agent Provisioning.
Suggested
Field Notes
Value
Config Friendly My First KBOX agent This is the identifying name that you will see in lists of
Name installation available configurations.
Provision IP Range Enter the IP of a Your own PC would be a great example, but you can
Windows PC that choose any machine that is accessible on the network
you have access to and for which you have administrative credentials.
Under “Windows Network Administrative Credentials”
Domain (or work- The domain or work-
group) group associated
with the credentials
you are using
User name An administrative The installation requires an account with administrative
account with access privileges to work. Generally, this will be a domain
to the target administrator but it could also be a local administrator
machine account.

Password The password for
the account entered
above
f Click Save to save the new configuration.

3. To set up a Provisioning Configuration for a Linux, Macintosh, or Solaris PC:
a To go to the KBOX Management Center Web page, go to http://kbox/admin in your web browser. On
the KBOX Management Center Web page, click Distribution | KBOX Agent.
b Click Provisioning Setup. The Provisioning Setup page appears.
c In the Choose action box, select Add New Item.
d Under Unix (Linux, MacOSX, Solaris) Platform Provisioning Settings, select the Provision
this platform check box.
e Enter the suggested values in the corresponding fields, as shown in the following table. For more
detailed information on all of the options available and detailed instructions, refer to the chapter
Agent Provisioning.
Suggested
Field Notes
Value
Config Friendly My First KBOX agent This is the identifying name that you will see in lists of
Name installation available configurations.
Provision IP Range Enter the IP of a Your own PC would be a great example, but you can
Linux, Macintosh, or choose any machine that is accessible on the network
Solaris PC that you and for which you have administrative credentials.
have access to
Under “Network Root Credentials”
User name An administrative The installation requires an account with administrative
account with access privileges to work. Generally, this will be a domain
to the target administrator but it could also be a local administrator
machine account.
Password The password for
the account entered
above
f Click Save to save the new configuration.

4. To Provision your machine:
a On the resulting page, you can see the name of the Provisioning Configuration you just created and
saved. Select the check box next to your Provisioning Configuration, and then select Run Select
Configurations Now in the Choose action box.
b The resulting page displays the machine that you have selected to receive the agent. On clicking the
Refresh button at the bottom of the page, you can see the column under DNS Lookup update from
(unknown) to In progress… to the IP or hostname when it has completed installing.
5. To verify your agent has checked in to the KBOX:
a After the installation is completed, the new KBOX agent checks into the KBOX within two minutes, at
which time it will provide inventory information about the machine and its software to the KBOX.

b Click Inventory at the top of KBOX Management Center Web page to see a list of machines that
have checked in to the KBOX. The most recent machine that has checked in will be at the top of the
list, so you should see the hostname of your installed agent.
6. After following the steps above, you should now have one KBOX agent installed and checking in to the
KBOX successfully. You could deploy multiple machines simultaneously by creating a configuration that
identifies an IP range rather than a single IP.
For more detailed information on different options and other platforms, refer to the Chapter 2,“Agent
Provisioning,” starting on page 14.

Alternative Deployment Options
KBOX 1000 Series customers have successfully deployed the KBOX Agent using many different
approaches. In addition to installing clients through KBOX Agent Provisioning as outlined above, other
approaches are outlined below. For these options or to install manually on the local machine, you can find
the installer files for all supported platforms on the KBOX (if you have enabled the file share) at
\\kbox\client\agent_provisioning\.
Email:
An email notification may be sent to your users either containing the install file itself or pointing to the
KBOX 1000 Series or other Web location to retrieve the required installation file. Users can click on the
link and install the appropriate file.
Log-in Script:
Some companies use log-in scripts that provide a great mechanism for deploying the KBOX Agent at
login time. If you use log-in scripts, simply post the appropriate file in an accessible directory and create
the appropriate script for KBOX Agents to retrieve the file at log-in time.
Below is a sample Windows login script which checks for the presence of Microsoft’s .NET framework on
the client machine, and installs the appropriate components in order to deploy the KBOX Agent:
----------------------------------------------------------------------------------------------------
@echo off
if not exist "%windir%\microsoft.net" goto neednet
echo .NET already installed.
goto end
:neednet
start /wait \\location\ dotnetfx.exe /q:a /c:"install /l /q"
:end
if not exist "C:\Program Files\KACE\KBOX" goto needkbox
echo KBOX Agent already installed.
goto end
:needkbox
MsiExec.exe /qn /l* kbmsi.log /I \\location\KInstallerSetupSilent.msi
ALLUSERS=2
:end
-----------------------------------------------------------------------------------------------

Key Configuration Settings
Before you begin inventorying and actively managing the software on your network, it is important to
properly configure the server. You may also want to look at the Agent Provisioning chapter for details on
agent connection settings.
Configuring General settings

This section covers the general server configuration settings you should modify before you begin using
your KBOX 1000 Series appliance on your network.
To configure General Server settings:
1. Select Settings | General.

The KBOX Settings: General page appears. If fields are grayed out, you may need to click [Edit Mode]
before you can edit the field values.
2. In the General Options area, specify the following settings:
Company-Institution Enter the name of your com- This name appears in any pop-up windows
Name pany. or alerts displayed to your users.
Organization Name Enter the name of your divi-
sion or organization.
User Email Suffix Enter the domain to which For example, kace.com.
your users send email.
Administrator Email Enter the email address of the This address will receive system-related
KBOX 1000 Series administra- alerts, including any critical messages.
tor.
Send crash report to Select this check box to send a This option is recommended, since it pro-
KACE report to KACE in the event of vides additional information to the Kace
a KBOX 1000 Series crash. technical support team in case you need
assistance.
Enable KACE Soft- Select this check box to be
ware Lookup Service able to access online data
(SLS) about common software appli-
cations and how to deploy/
remove them and share anon-
ymous information about the
software on machines in your
environment.
3. Click Set Options, to save your changes.

4. In the Clock Settings area, verify that the clock is set to the correct time, then click Set Date and
Time.
It is very important to keep the time of the KBOX 1000 Series accurate, as most time calculations are
made on the server and is used in the Inventory tab to reflect when computers have checked into the
KBOX 1000 Series. For more information, see Chapter 3,“Inventory,” starting on page 26. Note that
changing the server time will require the Web server to re-initialize. This may disrupt KBOX 1000 Series
operation for 10 to 15 seconds.

5. Select the appropriate time zone from the drop-down list, then click Adjust Time Zone.
When updating the time zone, the KBOX 1000 Series Web Server will be restarted in
order for it to reflect the new zone information. Active connections may be dropped
during the restart of the Web server. You may need to manually refresh this page in the
browser in order to display the new zone settings.
6. In the Logo Overrides area, specify the images to display in the following areas, then click Upload
Logos:
User Portal Appears at the top of the User Portal page.

Report Appears at the top of reports generated by the KBOX 1000 Series.
KBOXClient Appears in the KBOX Agent.
7. Machine Actions allow you to define one-click actions to carry out against KBOX Agent machines. To
customize which action will be carried out, choose an action next to either Action #1 or Action #2, then
click Set Actions to save the changes.
You can run these Machine Actions by clicking either (Machine Action 1) or (Machine Action 2)
next to the computer record on the Inventory | Computers tab. For more information, see
“Overview of the Inventory Feature,” on page 27.
8. In the Network Scan Options, select the Show unreachable devices in scan inventory check
box if desired, then click Set Scan Options.
9. In the Optional Ignore Client IP Setting, enter any IP addresses you would like ignored as the client IP
and then click Save List. This might be appropriate in cases where multiple machines could report
themselves with the same IP address, like a proxy address.
Configuring KBOX Network settings

The key KBOX network settings were mostly configured when you first logged into the KBOX using the
konfig/konfig credentials, but an administrator can verify or change the settings at any time on the KBOX
1000 Series.
Any changes made to the Network settings on this page will force the KBOX to reboot
after saving. Total reboot downtime should be 1 to 2 minutes provided that the changes
result in a valid configuration.

To configure KBOX network settings:
1. Select Settings | Network.

The KBOX Settings: Network page appears. Fields are grayed out. Click [Edit Mode] to edit the field
values.
Field Suggested Value Notes
KBOX Server (DNS) kbox As noted above, we recommend adding a static
Hostname IP entry for “kbox” to your DNS, and using the
default Hostname and Web Server Name. The
KBOX Web Server
fully-qualified domain name of the KBOX on
Name
your network is the value of Hostname concat-
enated with Domain (for example,
kbox.kace.com). Clients will connect to KBOX
using the Web Server Name, which can be the
hostname, fully-qualified domain name, or IP
address (for example, kbox).
Static IP Address The IP address of the Be extremely careful when changing this set-
KBOX server ting. If the IP is entered wrongly, the KBOX
could become difficult to locate on the net-
work.
Domain The domain that the KBOX Defaults to corp.kace.com
is on
Subnet mask Your subnet mask Defaults to 255.255.255.0
Default gateway Your default gateway
Primary DNS The primary DNS server
the KBOX should use to
resolve hostnames
Secondary DNS The secondary DNS server The secondary DNS server is optional.
the KBOX should use to
resolve hostnames
Network Speed Your network speed
SMTP Server To enable email notifica- The server named here must allow anonymous
tions through an external (non-authenticated) outbound mail transport.
SMTP server, set the
server name here.
SSH enabled Unchecked It is more secure to leave this option turned off
unless Kace technical support needs remote
access to the KBOX.
2. Under the Optional Network Time settings, indicate whether the KBOX should consult a Network Time
Server and what the server’s hostname is.
3. In the Optional Proxy Settings area, specify the following proxy settings, if necessary:
Specify the proxy type, either HTTP or SOCKS5 in the Proxy Type list.
Specify the name of the proxy server in the Proxy Server field.
Specify the port for the proxy server, the default port is 8080 in the Proxy Port field.
Select the Proxy (Basic) Auth check box to use the local credentials for accessing the proxy server.

Specify the user name for accessing the proxy server in the Proxy Username field.
Specify the password for accessing the proxy server in the Proxy Password field.
4. In the Optional SSL Settings area, specify the following SSL settings, if desired:
a Select the SSL Enabled on port 443 check box to have clients check in to the KBOX server using
https.
A properly signed SSL Certificate is required to enable SSL. Certificates should be supported by a
valid Certificate Authority. SSL settings should only be adjusted after you have properly deployed the
KBOX 1000 Series on your LAN in non-SSL mode.
If you are enabling SSL, you will need to identify the correct SSL Private Key File and SSL Certificate
File.
The files must be in Privacy Enhance Mail (PEM) format, similar to those used by Apache-based Web
servers and not in the PCKS-12 format used by some Web servers. It is possible to convert a PCKS-
12 certificate into a PEM format using software like the OpenSSL toolkit. Please contact KACE
Technical Support if you wish to enable SSL on you KBOX.
b Clear the Enable port 80 access check box.
When you activate SSL, port 80 will continue to be active, unless you uncheck this option. By default,
the standard KBOX Agent installers will attempt to contact the KBOX via port 80, then switch to SSL
over port 443, after getting the server configuration. If you disable port 80, you will need to contact
KACE support to adjust the agent deployment scripts to handle SSL. For ease of agent deployment,
leaving port 80 active is suggested.
c In the Set SSL Private Key File field, browse for the SSL Private Key file. To enable SSL, you need
to identify the correct SSL Private Key file.
d In the Set SSL Certificate File field, browse for the signed SSL Certificate. To enable SSL, a signed
SSL Certificate is required.
5. In the Optional File Sharing Settings area, turn on the server’s File Share by selecting the File Share
Enabled check-box. The default password for this share is admin. Files in this share are available at
\\kbox\client\. Typically, this is used to access agent provisioning files. If you are not provisioning
clients, it is recommended that you leave this option disabled.
6. In the Optional Security Settings area, specify the following security settings:
a Clear the Enable backup via ftp check box.
Nightly the KBOX creates a backup of the database and the files stored on it. By default, the KBOX
allows you to access these files via a read-only ftp server. This would allow you to create a process
on another server that pulls this information off the physical KBOX. If you do not need this feature
and would prefer to disable the FTP server, you can turn off this option.
b Clear the Enable SNMP monitoring check box.
SNMP is a network / appliance monitoring protocol that supported by many third party products. If
you do not want to expose the KBOX SNMP data, turn off this option.
c Clear the Enable database access check box.
The KBOX database is accessible via port 3306, to allow you to run reports via an off board tool like
Access or Excel. If you do not need to expose the database in this way, you can uncheck this option.
7. In the Network Utilities area, select the desired network utility option from the drop-down list, and then
click Test.
8. Click Apply to save any settings on this page, at which time the KBOX will reboot.

C H A P T E R 2
Agent Provisioning
The Agent Provisioning feature enables you to install the
KBOX agent on machines in your environment directly
from the KBOX. You could deploy multiple machines si-
multaneously by creating a configuration that identifies an
IP range rather than a single IP. The procedure for Agent
Provisioning varies for Windows and non-Windows oper-
ating systems.
This chapter contains the following sections:
“Single Machine Provisioning,” on page 15

“Provisioning Setup,” on page 16
“Provisioning Results,” on page 21
“KBOX Agent Settings,” on page 22
“KBOX Agent Update,” on page 24
Single Machine Provisioning
Single Machine Provisioning provides an easy way for first time deployment of KBOX Agent Technologies to
target managed computers.
It assumes some default values for settings such as TCP ports, Time outs, KBOX sever name, etc.
To quickly deploy KBOX Agent Technologies on a single machine:
1. Select Distribution | KBOX Agent. The KBOX Agent Distribution & Management page appears.
2. Click Single Machine Provisioning. The Single Machine Provisioning page appears.
3. Enter the details as shown in the following table.
Target IP Enter the IP address of the target machine.

Action Click Install Agent to install the Agent or click Remove
Agent to remove the Agent.
Platform Click the appropriate platform.
KBOX Agent Version This field displays the KBOX Agent version number.
Domain (or Workgroup) Enter the domain or workgroup name associated with the cre-
dentials you enter below.
Note: This field is available only if the platform selected is Win-
dows.
User Name (admin level) Enter a username that will have the necessary privileges to
install on the targeted machines.
Password Enter the password for the account listed above.
4. Click Run Now to first save the current configuration with a default name as Simple configuration -
IP Address and immediately run the configuration against the targeted IP.

Provisioning Setup
KBOX Agent Provisioning provides a method for the first time deployment of KBOX Agent software to
targeted computers. A provisioning configuration identifies one or more IP addresses for the first time
deployment or removal of the KBOX Agent. The target IP address is tested for the existence of an agent
and if none, will execute a remote install of the agent directly from the KBOX.
The provisioning installers are located on the KBOX in the following network share:
\\KBOX\client\agent_provisioning
where "KBOX" is defined as the hostname of your KBOX (e.g. "kbox" by default);
The provisioning files are located in their respective "platform" subdirectories (e.g. Windows files located
in the "windows_platform" directory).
IMPORTANT: To activate provisioning functionality you must enable the KBOX's file share via the
Network Settings Page. Additionally, for the Windows target platform the following must be configured:
On Windows XP, "Simple File Sharing" must be turned off. KBOX Provisioning requires standard file
sharing with its associated security model. Having "Simple File Sharing" enabled could cause a "LOGON
FAILURE" as simple file sharing does not support administrative file shares and associated access
security.
If Windows Firewall is turned ON, "File and Print Sharing" must be enabled in the Exceptions list of the
Firewall Configuration.
By default the KBOX will verify the availability of ports 139 and 445 on each target machine before
attempting to execute any remote installation procedures.
You can choose either Auto Provisioning or Manual Provisioning. Auto Provisioning allows you to provide
target IP Range for Provisioning. Manual Provisioning allows you to enter IPs manually and also pick up
machines from IP Scan and Inventory.
To Add a New Item to Provisioning Setup using Auto Provisioning:
2. Click Provisioning Setup. The Provisioning Setup page appears.
3. In the Choose action box, select Add New Item. The Provisioning Configuration page appears.
4. Under the General Settings area, select the Auto Provisioning option.
5. Enter the general settings details as shown in the following table.
Config Friendly Name Enter a name for your agent provisioning configuration. Make
sure that your configuration names are very specific so that you
can differentiate between different configurations.
Provisioning IP Range Enter IP or IP range. Use hyphens to specify individual IP class
ranges, for example, 192 168 2-5 1-200.
Configuration Enabled Select this check box to enable the configuration.
KBOX Server Name By default, this is the name of the KBOX you are provisioning
agents from. Under normal circumstances, there would be no
reason to change this value. If you have multiple KBOX servers,
then you could enter another KBOX server name here.
DNS Lookup Enabled Select this check box to enable DNS lookup.

Name Server for Lookup This field will default to the DNS server that the KBOX has
entered as its primary DNS server under Network settings. Enter
the name of another DNS server here, if needed.
Lookup Time Out Enter the time period after which a DNS lookup will time out
6. If the targeted machine(s) are operating on the Windows platform, then enter details as shown in the
following table.
Provision this platform Select this check box.

Agent Identification Port The agent identification port is a port that installed agents
would already have open and in use, indicating that we should
not try to install the agent again. By default that port number is
52230. If you are using a different port number for this, you can
change the port number listed here.
Required open TCP Ports Enter the list of required open TCP ports. These are the ports
the KBOX will use to access the target machine for installation
of the KBOX Agent.
Port Scan Time Out Enter a time period in seconds.
Bypass Port checks Select this check box to avoid port checks. Selecting this indi-
cates that the KBOX should simply try to install, without check-
ing ports listed above.
Enable Debug Info Select this check box to enable debug info. By enabling this
check box more debug info will be displayed in the machine’s
provisioning results.
Remove KBOX Agent Selecting this check box reverses the logic of this provisioning
config, indicating you will use it to remove the KBOX agent from
machines rather than installing those agents.
Remove Config.xml file Select this check box to remove the Config.xml file while remov-
ing the Agent.
Domain (or Workgroup) Enter the domain or workgroup name associated with the
credentials you enter below.
User Name (Admin level) Enter a username that will have the necessary privileges to
If the targeted machines are operating on the Linux, Macintosh, or Solaris platform, then enter details
as shown in the following table.
of the KBOX Agent.

Bypass Port Checks Select this check box to avoid port checks. Selecting this indi-
User Name (admin level) Enter a user name that will have the necessary privileges to
7. Under Scheduling, select the appropriate check box and schedule to run the configuration. By
choosing a regular schedule, the KBOX will periodically check machines in this IP range to make sure
that they have the KBOX agent and install/reinstall as appropriate.
8. To save the Provisioning Configuration, click Save. On clicking Save, the Provisioning Results page
appears. You can also click Run Now to save the current configuration and immediately run the
configuration against the defined IP range. To cancel the configuration, click Cancel.
Deleting a configuration will delete all associated target machines in the provisioning
inventory list. Altering or updating a configuration will reset the data in the associated
target machine list to the default settings until the subsequent provisioning run.
You can also deploy the KBOX agent manually. For more information on the manual deployment of the
KBOX agent on Linux, Solaris, and Macintosh, see Appendix C,“Manual Deployment of KBOX
Agent,” starting on page 216.
To Add a New Item to Provisioning Setup using Manual Provisioning:
2. Click Provisioning Setup. The Provisioning Setup page appears.
3. In the Choose action box, select Add New Item. The Provisioning Configuration page appears.
4. Under the General Settings area, select the Manual Provisioning option.
5. Enter the general settings details as shown in the following table.
Config Friendly Name Enter a name for your agent provisioning configuration. Make sure that
your configuration names are very specific so that you can differentiate
between different configurations.
Target IPs Enter the IP address of the target machine or click Help me pick
machines.
Provisioning IP Range Enter IP or IP range. Use hyphens to specify individual IP class ranges,
for example, 192 168 2-5 1-200.Click Add All to add all machines in the
specified range.
IP Scan Computers From the IP Scan Computers drop-down list, select a machine to add
to the Target IPs list. This drop-down list is populated from the Network
Scan Results. You can filter the list by entering any filter options. Click
Add All to add all machines displayed in the list.

Inventory Computers From the Inventory Computers drop-down list, select a machine to
add to the Target IPs list. This drop-down list contains all the computers
in the inventory. You can filter the list by entering any filter options.
Click Add All to add all machines displayed in the list.
Configuration Enabled Select this check box to enable the configuration.
KBOX Server Name By default, this is the name of the KBOX you are provisioning agents
from. Under normal circumstances, there would be no reason to change
this value. If you have multiple KBOX servers, then you could enter
another KBOX server name here.
DNS Lookup Enabled Select this check box to enable DNS lookup.
Name Server for Lookup This field will default to the DNS server that the KBOX has entered as its
primary DNS server under Network settings. Enter the name of another
DNS server here, if needed.
Lookup Time Out Enter the time period after which a DNS lookup will time out.
6. If the targeted machine(s) are operating on the Windows platform, then enter details as shown in the
following table.

Agent Identification Port The agent identification port is a port that installed agents
would already have open and in use, indicating that we should
not try to install the agent again. By default that port number is
52230. If you are using a different port number for this, you can
change the port number listed here.
of the KBOX Agent.
Enable Debug Info Select this check box to enable debug info. By enabling this
check box more debug info will be displayed in the machine’s
provisioning results.
Remove Config.xml file Select this check box to remove the Config.xml file while
removing the Agent.
Domain (or Workgroup) Enter the domain or workgroup name associated with the
credentials you enter below.
User Name (admin level) Enter a username that will have the necessary privileges to

7. If the targeted machines are operating on the Linux, Macintosh, or Solaris platform, then enter details
as shown in the following table.

of the KBOX Agent.
User Name (admin level) Enter a user name that will have the necessary privileges to
8. Under Scheduling, select the appropriate check box and schedule to run the configuration. By
choosing a regular schedule, the KBOX will periodically check machines in this IP range to make sure
that they have the KBOX agent and install/reinstall as appropriate.
9. To save the provisioning configuration, click Save. On clicking Save, the Provisioning Results page
appears. You can also click Run Now to save the current configuration and immediately run the
configuration against the defined IP range. To cancel the configuration, click Cancel.
Deleting a configuration will delete all associated target machines in the provisioning
inventory list. Altering or updating a configuration will reset the data in the associated
target machine list to the default settings until the subsequent provisioning run.

Provisioning Results
Provisioning Results shows you a list of computers which match Agent Provisioning Configurations that you
currently have. This list could include machines that have had the Agent installed or which have been
discovered by the Configuration. You can view target provisioning and configuration information.
Target info results from the most recent provisioning configuration run or execution. Provisioning execution
targets the various IP addresses and for each target (node) the execution evaluates the IP addresses
availability, agent status, port configuration, etc. The results and logs of each provisioning step are
displayed.
To View Provisioning Results:
2. Click Provisioning Results. The Provisioning Results page appears.
3. To view provisioning target information and provisioning configuration information, click the IP Address
of the required machine. The KBOX Agent Provisioning page appears.
You can take print outs of this page. Click Printer Friendly Version to see a print
view of the page.
4. You can view computer inventory by clicking computer inventory under Provisioning Target Info.
For more information on computer inventory, see “Adding computers to inventory,” on page 37.
5. To view the DNS lookup details, click the required DNS Lookup on the List Page. If selected, live
addresses will be checked against the DNS server to see if they have agent provisioning configured.

KBOX Agent Settings
The KBOX Agent Settings options configure the KBOX to properly operate in your computing environment.
These options specify how often the client runs on the user desktop and within that run how often a full
desktop computer inventory is performed.
The "KBOX Agent" options specify how often a KBOX Agent will check in to the KBOX and how often that
agent will perform a full computer inventory. For example, a default Run Interval of 30 minutes means that
those computers with KBOX Agents installed will check in to the KBOX 1000 Series appliance every 30
minutes.
To Configure KBOX Agent:
2. Click KBOX Agent Settings. The KBOX Agent Settings page appears showing your current agent
setting details. These settings are what control the schedule and frequency of your KBOX agents
checking in.
3. To edit agent settings, click [Edit Mode]. The KBOX Agent Settings page appears in edit mode.
4. Specify the following agent options
Suggested
Field Notes
Setting
Communications 12:00 am to The interval during which the KBOX Agent is allowed to
Window 12:00 am communicate with the KBOX 1000 Series appliance. For
example, to allow the KBOX Agent to connect between 1
AM and 6 AM only, select 1:00am from the first drop-down
list, and 6:00am from the second.
Agent “Run interval” 1 hours The interval that the KBOX Agent will check in to the KBOX
1000 Series. Each time a KBOX Agent connects, it will
reset its connect interval based on this setting. The default
setting is once per hour.
Agent “Inventory 0 The interval (in hours) that the client KBOX 1000 Series
Interval” appliance will inventory the computers on your network. If
set to zero, the KBOX 1000 Series will inventory clients at
every Run Interval.
Agent “Download 100 The maximum number of desktop clients that can be
Throttle” downloading packages at one point in time. Packages will
not be deployed on machines after the Package Download
Throttle has been reached. For example, if the throttle is
set to 100 and 100 clients are connected and receiving a
deployment, the 101st client will be deferred until another
connection point.
Agent “Splash Page KBOX is verifying The message that appears to users when communicating
Text” your PC Configu- with the KBOX 1000 Series.
ration and man-
aging software
updates.
Please Wait...

Scripting Update 15 minutes How often the KBOX Agent should download new script
Interval definitions. The default interval is 15 minutes.
Scripting Ping Inter- 600 seconds How often the KBOX Agent should test the connection to
val the KBOX 1000 Series appliance. The default interval is
600 seconds.
Agent Log Retention Agent Log Retention disallows the server to store the
scripting result information that comes up from the agents.
The default is to store all the results. This can have a
performance impact on the KBOX. Turning this off, gives
you less information about what each client is doing, but
will allow the agent checkins to process faster.
5. Click Save to save the KBOX agent settings configuration. On clicking Save, the KBOX Agent Settings
page appears in read only mode. These changes will be reflected by agents as of the next time they
check into the KBOX.

KBOX Agent Update
The KBOX Agent Update feature allows you to automatically update the KBOX Agent software for some or
all machines that are checking in your KBOX. KBOX Agent deployments are automatically updated as new
agent updates are posted to this area. The KBOX Agent package that you post to the server from this page
should be an official KBOX Agent Release received from KACE directly.
Before updating KBOX Agent, make sure that you have downloaded and saved locally the following files:
update_3.1.XXXX.bin for WINDOWS, where XXXX is the build number.
update_mac_3.1.XXXX.bin for Macintosh, where XXXX is the build number.
update_linux_3.1.XXXX.bin for Linux, where XXXX is the build number.
update_solaris_3.1.XXXX.bin for Solaris, where XXXX is the build number.
To Update KBOX Agent Automatically:
2. Click KBOX Agent Update. The KBOX Agent Automatic Update page appears.
3. Specify the agent updates as shown in the following table.
Notes & Version Info Enter any release notices or version information about the agent.
Enabled Select this check box to upgrade the Agent the next time the machines
check in to KBOX.
Update broken clients Select this check box to update those machines that are running checking
in with the KBOX for new agent versions, but are unable to successfully
report inventory information to KBOX. This setting overrides the Limit
Update to: settings. From a broken client like this, you could force it to
check for a new version of the Agent software by running kupdater.exe
manually.
Limit Updates to Specify a label for automatic upgrades. The upgrades will only be distrib-
uted to machines assigned to those labels, except if they are identified as a
“broken client” above.
Microsoft Windows/ Click Browse to upload the KBOX Client Patch. This file name should be
Apple Mac/Linux/ something like update_3.3.8872.bin, although the exact name will depend
Solaris on which operating system you are updating. Anything other than an offi-
cial update bin file will fail to properly deploy. The Update Version ID
appears on uploading the file.
4. To save the new agent updates, click Save.

You can update agents on all platforms at once using a client bundle.
To update agents using a client bundle:
1. Download the kbox_patch_agents_xxx.bin file and save it locally.

2. Select Settings | Server Maintenance.
3. Scroll down and click the [Edit Mode] link.
4. Under Update KBOX, click Browse, and locate the update file you just downloaded.
5. Click Update KBOX.

Do not install the client bundle in the KBOX Agent Update link of the KBOX Agent
tab. The client bundle must be installed in the Settings | Server Maintenance |
Update KBOX section of the Administrator console.

C H A P T E R 3
Inventory
The KBOX 1000 Series Inventory feature lets you identify
machines and software on your network and organize
computers by using labels and filters.
“Overview of the Inventory Feature,” on page 27

“Using Advanced Search,” on page 29
“Understanding Computer Details,” on page 34
“Adding computers to inventory,” on page 37
“Software Inventory,” on page 38
“Monitoring out-of-reach Computers,” on page 42
“Labels,” on page 43
“Software Metering,” on page 45
“Processes,” on page 48,”
“Startup,” on page 50,”
“Service,” on page 51”
“Software Lookup Services,” on page 52
Overview of the Inventory Feature
Inventory is collected by the KBOX Agent and reported when computers check in with the KBOX 1000
Series. The data is then listed on one of the Inventory tabs: Computers, Software, or MIA. The inventory
data is collected automatically according to the schedule specified under the
Distribution |KBOX Agent | Provisioning Results.
Although it is presented under the Inventory tab, the IP Scan feature is discussed in its own chapter. For
information about this feature, see Chapter 5,“IP Scan,” starting on page 66.
Click to run Machine Action Click to create notification

filter
Click to create search

filter
The computer’s machine name The last time the Use drop-down to filter
and labels to which the computer machine checked in view by label
Figure 3-1: Inventory - Computers tab
The Computer Search & Filter page displays the computer’s IP address and the user connected to it.
Clicking the blue icon beside the IP address invokes a remote desktop connection if the computer is online
and if remote desktop is configured.
From the Computers tab you can:
Search by keyword or invoke an Advanced Search
Create a Filter to apply labels to computers automatically
Create Notifications based on computer attributes
Add/delete new computers manually
Filter the Computer Listing by label

Apply or remove labels
Show or hide labels
To view details about a computer click the machine name.

Using Advanced Search
Although you can search computer inventory using keywords like Windows XP, or Acrobat, those types of
searches might not give you the level of specificity you need. Advanced search, on the other hand, allows
you to specify values for each field present in the inventory record and search the entire inventory listing
for that value. This is useful, for example, if you needed to know which computers had a particular version
of BIOS installed in order to upgrade only those affected machines.
To specify advanced search criteria:
1. Click the Advanced Search tab.

2. Select a field from the drop-down list.
3. Specify the search parameters, then enter the value to search for.
4. Click Search.
Creating Search Filters

Filtering provides a way to dynamically apply a label based on search criteria. It is often helpful to define
filters by inventory attribute. For example, you could create a label called “San Francisco Office” and create
a filter based on the IP range or subnet for machines in San Francisco. Whenever machines check in that
meet that attribute, they would receive the San Francisco label. This is particularly useful if your network
includes laptops that often travel to remote locations.
This feature assumes that you have already created labels to associate with a filter. For
information about creating labels, see “Labels,” on page 43.
The table below lists some examples of useful filters that could be applied to a machine based on its
inventory attributes:
Filter Examples
Sample Label Name Sample Condition

XP_Low_Disk Windows XP Machine with less than 1 GB of
free hard disk at last connection
XP_No_HF182374 Windows XP Machine without Hotfix 18237
installed at last connection
Building 3 Machine connecting to the KBOX 1000
Series is detected in a specified IP range
known to originate in building 3.
CN_sales Computers connecting where computer
name contains the letters “sales”.
Table 3-2: Filter Examples

To create a filter:
1. Select Inventory | Computers, then click the Create Filter tab.

The Filter criteria fields appear.
2. Specify the search criteria.
3. Choose the label to associate with the filter.
4. To see whether the filter produces the desired results, click Test Filter.
5. Click Create Filter to create the filter.
Now, whenever machines that meet the specified filter criteria check into the KBOX 1000 Series, they
will automatically be assigned to the associated label. You can modify or delete a filter after it has been
created on the Reporting | Filters tab.

Creating Computer Notifications
You can also use the Notification feature to search the inventory for computers that meet certain criteria,
such as disk capacity or OS version, and then send an E-mail automatically to an administrator. For
example, if you wanted to know when computers had a critically low amount of disk space left, you could
specify the search criteria to look for a value of 5MB or smaller in the Disk Free field, and then notify an
administrator who can take appropriate action.
To create a notification:
1. Select Inventory | Computers, and then click the Create Notification tab.
2. Specify the search criteria.
3. Specify a title for the search.
4. Enter the mail address of the recipient of the notification.
5. To see whether the filter produces the desired results, click Test Notification.
6. Click Create Notification to create the notification.
Now, whenever machines that meet the specified notification criteria check into the KBOX 1000 Series, an
mail will automatically be sent to the specified recipient. You can modify or delete a notification after it has
been created on the Reporting | Email Alerts tab.
Filtering Computers by Organizational Unit

If you want to filter computers based on an Organizational Unit found in LDAP or AD, you can create LDAP
Filters to do this from the Reporting | LDAP Filters tab.
LDAP Filters allow the automatic labeling of machine records based on LDAP or Active Directory
interaction. The search filter will be applied to the external server and should any entries be returned then
automatic labeling results.
If the external server requires credentials for administrative login (aka non-anonymous
login), supply those credentials. If no LDAP user name is given, then an anonymous
bind will be attempted. Each LDAP filter may connect to a different LDAP/AD server.
Figure 3-3: LDAP Filters tab
You may bind to an LDAP query based on the following KBOX 1000 Series variables:
Computer Name
Computer Description
Computer MAC
IP Address
User Name
User Domain
Domain User.

To create an LDAP Filter:
1. Select Reporting |LDAP Filters.

2. Select Add New Item from the Choose action drop-down list.
The LDAP Filter: Edit Detail page appears.
3. Enter the following information:
Enabled Select this check box to enable.

Filter Type Select the filter type.
Associated Label Name Select the label to associate with this filter.
Associated Label Notes If any notes were entered in the label definition, those would
appear here under Associated Label Notes.
Server Host Name Specify the IP or the Host Name of the LDAP Server.
Note: For LDAPS, use the IP or the Host Name, as ldaps://
HOSTNAME
LDAP Port Number Specify the LDAP Port number which could be either 389 / 636
(LDAPS).
Search Base DN Specify the Search Base DN.

For example:
CN=Users,DC=kace,DC=com
Search Filter Specify the Search Filter.
For example:
(&(sAMAccountName=admin)(memberOf=CN=financial,DC=ka
ce,DC=com))
LDAP Login Specify the LDAP login.
For example:
LDAP Login: CN=Administrator, CN=Users,DC=kace=com
LDAP Password Specify the password for the LDAP login.
If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP
Browser Wizard. For more information on how to use the LDAP Browser Wizard, refer to “LDAP Browser
Wizard,” on page 155.
4. Click Save.
Each time a machine checks into the KBOX 1000 Series, this query will run against the LDAP server.
The admin value in the 'Search Filter' will be replaced with the name of the user that is logged onto this
machine. If a result is returned, then the machine gets the label specified in the Associated Label field.
NOTE: To test your Filter, click the Test button and review the results.

You can also create an LDAP Filter using the LDAP Browser.
To create an LDAP Filter using the LDAP Browser:
1. Select Reporting |LDAP Filters.

2. Select Add New Item Using LDAP Browser from the Choose action drop-down list. The LDAP
Filter: Edit Detail page appears.
Enabled Select this check box to enable.

Filter Type Select the filter type.
Associated Label Name Select the label to associate with this filter. This field is manda-
tory.
4. Click Next to configure the LDAP settings. The LDAP Browser Wizard is displayed. For more
information on how to use the LDAP Browser Wizard, refer to “LDAP Browser Wizard,” on page 155.

Understanding Computer Details
From the Computers tab, you can select a computer in inventory and view its details. The Computer Detail
page provides details about a computer’s hardware, software, install, patch, help desk, and OVAL
vulnerability history, among other attributes.
The following sections describe each of the detail areas on this page. To expand or collapse the sections,
click the + sign next to the section headers.
Computer Identity Information

This section provides information to help identify the computer on your network, including its name,
description, IP address and KACE ID, among other attributes. You also can see the last time this computer
checked in to the KBOX 1000 Series, and the last time the computer record was changed.
Help Tickets
This section provides a list of the Help Desk Tickets associated with this machine. These can either be
Tickets assigned to the machine owner or Tickets submitted by the machine owner. To view a Help Desk
Ticket’s details, click the Ticket ID (for example, TICK:0032).
Operating System Info

This section provides details about the computer’s operating system including installed OS and service
packs, OS version number and build, and the date and time of OS installation. The Current Uptime and
Last System Reboot fields tell you at a glance, whether the machine has been rebooted recently, which
could indicate whether or not OS updates have been applied.
User Information
Because many computers can be used by more than one individual, the User Information section provides
details about the most recent user of this computer, including his or her user name and domain.
Manufacturer and BIOS Info

This section displays the computer’s make and model, as well as its BIOS details, such as name, version,
and serial number. If the computer is manufactured by Dell, there also is a hot button link directly to the
Dell Web site where you can view the support record for this computer, including the days left on the
support agreement, and also compare the original and current system configurations.
Processor and Computer Memory

This section displays the processor type and speed, total and used RAM, and current and maximum
registry size.
Network Interfaces
This section displays the type and version of NIC card installed in the computer, as well as the computer’s
MAC and IP addresses, and indicates whether or not DHCP is enabled.

Drive Information
This section specifies the configuration of drives installed on the computer (e.g., CD/DVD-ROM drive), and
displays the total and used disk space amounts for each hard disk installed.
Motherboard and related Hardware

This section displays information about the computer’s motherboard, as well as other hardware details like
sound card and video controller(s).
Process List
This section lists all of the processes that are currently running on this computer. This list is the same as
would be displayed on the computer’s Task Manager | Processes tab.
Installed Programs
This section displays the titles and versions of software programs installed on this computer. The programs
listed here are the same as would be listed on the computer’s Add/Remove Programs List.
Installed Patches
This section lists all of the Microsoft patches that have been installed on this computer.
Startup Programs
This section displays all of the programs that are configured to launch when this computer starts up. These
are the same programs listed in the computer’s Start | All Programs | Startup menu.
Services
This section displays all of the services that are running on this machine. On clicking any of the services
the service: edit service detail page is displayed. The fields on this page represent the service detail
information that is automatically discovered and communicated from the KBOX Agent.
Harmful Items (Threat Level 5)

This section displays the items that have threat level 5. Whenever you set threat level 5 – harmful to any
software, process, startup item and service associated with this machine, it is displayed in this list.
Printer List
This section displays all of the printers that this computer is configured to use. This is the same
information that is located in the computer’s Start | Printers and Faxes window.
Uploaded Files
This section displays a list of the files that have been uploaded to the KBOX 1000 Series from this machine
using the “upload a file” script action.
Custom Inventory Fields

This section lists any Custom Inventory fields that were created for this machine, along with the field name
and value.

Customer Information
This section contains notes entered during the creation of the computer’s inventory record, and is the only
editable section on this page. You can append or delete any notes in this field. Click Save after editing this
field.
Asset Information
This section displays the details of the Asset that is associated with that machine. Details such as the date
and time when the Asset record was created, the date and time when it was last modified, type of the
asset and name of the asset are displayed.
Asset History
This section displays the changes done to the Asset of that machine. It lists all the changes along with the
date and time when each change was done.
KBOX Agent Logs

This section displays the logs for the KBOX Agent application, updates to scripts run on this machine, and
the current status, if available, of any activity currently in progress. A question mark (?) in the status
column indicates that the KBOX Agent hasn’t checked in yet, therefore its status is unknown.
Portal Install Logs

This section provides details about User Portal packages installed on this machine.
Scripting Logs
This section lists the Configuration Policy scripts that have been run on this computer, along with the
status, if available, of any scripts in progress.
OVAL Vulnerability Results

This section displays the results of OVAL Vulnerability tests run on this machine. Only tests which failed on
this computer are listed by the OVAL ID and marked as Vulnerable. Tests which passed are grouped
together and marked as Safe.
Failed Managed Installs

This section displays a list of Managed Installations that failed to install on this machine. To access details
about the Managed Installation, click the link to view the Managed Software Installation detail page.
Labels
This section displays the label assigned to that machine. Labels are used to organize and categorize
machines
Failed Patches
This section displays a list of any patch bulletins that failed to install on this machine. To access more
details about the patches click the link to view the bulletin detail page.
To Install List
This section lists the Managed Installations that will be sent to the machine the next time it connects.

Adding computers to inventory
The KBOX 1000 Series provides the convenience of adding computers to inventory automatically, which is
especially useful when you maintain a large number of computers on your network. However, the KBOX
1000 Series also provides the flexibility to add computers to inventory manually should you need to. For
example, you can track computers that do not currently have KBOX Agent support or computers that are
not available on your LAN.
Adding computers automatically

To add computers automatically, you can perform a IP scan, which will gather data about all of the
computers on your network, including software installed on them, and create inventory records for them.
In addition, installing the KBOX Agent on the computers on your network will cause them to check in to
the KBOX 1000 Series and upload all of the available inventory data. For more information about IP Scans,
see Chapter 5,“IP Scan,” starting on page 66.
Adding computers manually

If you have machines on your network that are not connected to your LAN, but you still want to be able to
maintain inventory data in one central place, you can add those computers to the KBOX 1000 Series
manually from the Inventory | Computer tab.
To add a computer to inventory manually:
1. Select Inventory | Computers tab.

The Computer: Edit Computer Detail page appears.
3. Specify the requested computer details.
For an example of the requested information, view the computer record of a machine that is already
listed in inventory.
4. If you prefer, you can import the machine.xml file for this computer.
The KBOXClient.exe can take an optional command line parameter -inventory. To configure this,
type:
KBOX Agent/exe-inventory
The KBOX Agent collects the inventory data and generates a file called machine.xml, which you can
upload here. If you choose this option, the KBOX 1000 Series ignores all other field values on this
screen.

Software Inventory
In addition to the computers on your network, the KBOX 1000 Series Inventory feature also keeps an
inventory of the software titles installed on each of the computers in inventory. From the
Inventory | Software tab you can see at a glance all of the software installed across your network.
By default, the Software List shows only the first 100 (in alphabetical order) software titles detected. To
view all software installed, click the Show All link.
From the Software List page you can:
Add or delete software
Add or remove labels
Sort the view by label.
To view the details of a software title, click the linked name.

Adding Software to Inventory
As with computers, you can add software to inventory either automatically or manually. The KBOX 1000
Series provides the convenience of adding software titles to inventory automatically, which is especially
useful when you maintain determine all of the titles installed on all of the machines in your network.
However, the KBOX 1000 Series also provides the flexibility to add software titles to inventory manually
should you need to. For example, you can add a title that is not yet installed on your network so that you
can create a managed installation from it and deploy it to the computers on your network at one time.
Adding Software Automatically

To add software automatically, you can perform a IP scan that gathers data about all of the software titles
on your network and creates inventory records for them. In addition, installing the KBOX Agent on the
computers on your network will cause them to check in to the KBOX 1000 Series appliance and upload all
of the available software inventory data. For more information about IP Scans, see Chapter 5,“IP
Scan,” starting on page 66.
Adding Software Manually

Although the KBOX creates inventory records for the software titles found on your network, there might be
applications you want to add to inventory manually.
To add software to inventory manually:
1. Select Inventory | Software.

2. Select Add New Item in the Choose Action drop-down list. The Software : Edit Software Details
page appears.
3. Enter the general software details.
Be sure to create the Display Version, Vendor, and Software Title information consistently across
software inventory in order to assure proper downstream reporting.
4. Upload or specify links to available information files associated with the software.
5. In the Assign To Label field, select the labels to assign.
6. Enter any other details in the Notes field.
Specify the Custom Inventory ID (rule), for example,
C:\RegistryValueGreaterThan(SOFTWARE\Network Associates\TVD\Shared Components\VirusScan
Engine\4.0.xx,szDatVersion,4.0.44).
Before sending any software to a remote client, KBOX verifies whether or not that file is present on the
target machine. If it is detected, then it is not sent to the machine a second time. In some instances,
installed programs do not register in add/remove programs or in standard areas of the registry. In such
cases, KBOX may not be able to detect the presence of the application without additional information
from the administrator and, therefore, KBOX may repeat the install each time the client connects.
The Custom Inventory ID rule must have three values separated by commas, not
include neither single nor double quotes, contain a key that exists under LocalMachine.
Failure to follow these specifications will result in a FALSE test result, and the install
would proceed. For more information, see “Custom Data Fields,” on page 38.

7. Select the supported operating systems in the Supported Operating Systems field.
8. In the Custom Inventory ID (rule) field, enter the Custom Inventory ID.
9. Beside the Upload & Associate File, click Browse, and then click Open.
10. Under Metadata, specify the following information:
Category Select the desired category.

Threat Level Select the threat level.
Hide from Software Lookup Select this check box if you want to hide this infor-
Service mation from the Software Lookup Services.
11. Click Save
The software detail page displays license information for the software. You can also
view the license asset detail by clicking on the license link.
Creating Software Asset

You can create a software asset using the Inventory | Software tab.
To create a software asset:

2. Select the appropriate software and then select Create Asset from the Choose Action drop-down
list. The Assets page appears.
Custom Data Fields

You can create custom data fields in order to read information from a target machine and report it in the
Computer Inventory manifest. This is useful for reading and reporting on information in the registry and
elsewhere on the target machine. For example, DAT file version number from the registry, file created
date, file publisher, or other data.
To create a custom data field:

3. Specify a Display Name for the field.
4. In the Custom Inventory (ID) rule area, enter the appropriate syntax according to the information you
want to return:
To return a Registry Value, enter RegistryValueReturn(string absPathToKey, string valueName, string
valueType), replacing valueType with either “TEXT”, “NUMBER”, or “DATE”. Note that NUMBER is
specifically an integer value.
Example: RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Virusscan
Online,SourceDisk, TEXT)
To return File Information, enter FileInfoReturn(string fullPath, string attributeToRetrieve, string
valueType)
Example: FileInfoReturn(C:\Program Files\Internet Explorer\iexplore.exe, Comments,TEXT)

You can retrieve the following attributes from the FileInfoReport() function:
Comments Language
CompanyName LegalCopyright
FileBuildPart LegalTrademarks
FileDescription OriginalFilename
FileMajorPart PrivateBuild
FileMinorPart ProductBuildPart
FileName ProductMajorPart
FilePrivatePart ProductMinorPart
FileVersion ProductName
InternalName ProductPrivatePart
IsDebug ProductVersion
IsPatclhed SpecialBuild
IsPreRelease CreatedDate
IsPrivateBuild ModifiedDate
IsSpecialBuild AccessedDate.
5. Click Save.
Attaching a Digital Asset to a Software Title

Whether you add the software to inventory automatically or manually, after a particular software title is in
inventory, you will need to associate the files required to install the software before distributing a package
to users for installation. To associate multiple files, create a .zip file and associate the resulting archive file.
To attach digital asset to a software title:

2. Click the linked name of the software title.
The Software: Edit Software Detail page appears.
3. Beside Upload & Associate File, click Browse.
4. Locate the file to upload, then click Open.
5. Modify other details as necessary, then click Save.
The Software-To-Computer Deployment Detail table at the bottom of the

Software | Edit Software Detail page shows which computers have the software title
installed.

Monitoring out-of-reach Computers
The KBOX 1000 Series MIA tab, gives you a way to view the machines that haven’t checked in to KBOX
1000 Series in some time. You can filter the MIA view by machines that have missed the last 1, 5, or 10
syncs, or which have not communicated with KBOX 1000 Series in the last 1-90 days. The MIA tab also
displays the IP and MAC Addresses of the computers.
From the MIA tab you can remove the computers from the KBOX 1000 Series inventory, as well as assign
them to labels to group them for management action.

Labels
In many areas of the KBOX 1000 Series you will see a labels select list, which allows you to constrain the
action to a specific label or group of labels. There are several ways to group machines with the KBOX 1000
Series. Once grouped by a label, software, scripts, reports, or software deployments can all be managed
on a per label basis.
The label functionality can be manually applied from the Inventory | Labels tab, or automatically, via
LDAP or Active Directory, (Reporting | LDAP Filters tab), or even applied by machine attribute, as we
saw earlier from the Computers | Create Filter functionality.
On the Label Management page you can add or delete labels, search labels, as well as see how many
computers belong to a particular label.
Creating Labels
Labels can be used to organize and categorize software, people, and machines. Labels are intended to be
used in a flexible manner and how you use labels is completely customizable. For example, Labels can
reflect corporate structures, organizations, processes, or geographical locations like "Engineering",
"Staging", "Building A", etc. Labels can be used to identify deployment groups and target machines for
distribution packages. All items that support "labeling" can have none, one, or multiple labels.
Deleting labels will remove any existing association of that label with any machine,
login, or software.
To create a label:
1. Select Inventory | Labels.

The Labels : Edit Detail page appears.
3. Enter a name for the label in the Label Name field.
4. Enter any relevant notes about the label in the Notes field.
5. If necessary, enter a value for KACE_ALT_LOCATION.
This allows you to define what should replace the string in the KACE_ALT_LOCATION in the Alternate
Download Location value in Managed Installs and File Synchronizations. You should not have a machine
in two labels that both specify an alternate location value.
6. Specify the Username and Password for the KACE_ALT_LOCATION.
7. Click Save.
Viewing Computer Details by Label

After you’ve created a label, you can view details about the computers on your network that belong to that
label. From the Label Detail view you can see:
The IP addresses and machine names of the computers in the label
The number of Managed Installations and File Synchronizations deployed to the label
The number of network scans and scripts run on the machines in the label
The number of alerts, portal packages, and users associated with the label.

To view label details:
1. Select Inventory | Labels.

2. Click the linked name of the label.
The Labels: Edit Detail page appears.
3. Click the + sign beside the section headers to expand or collapse the view.
Deleting labels
Deleting labels will remove any existing association of that label with any machine, login, or software. You
can delete labels two ways: from the Label List view, or from the Label: Edit Detail page.
To delete a label:
1. To delete labels, do one of the following:

From the Labels List view, select the check box beside the label, then select Delete Selected
Item(s) from the Choose action drop-down list.
From the Labels: Edit detail page, click Delete.
2. Click OK to confirm deleting the selected label.

Software Metering
The KBOX 1000 Series Metering feature allows you to keep track of software use across your enterprise.
The Metering feature records and reports the details on software use that can help you manage license
compliance and better negotiate license renewals and upgrades.You can record and view software usage
for the last 1, 2, 3, 6, or 12 months. Detail pages provide information on individual software processes,
including the name of the computer that is using the software, the number of times the software was
launched, the total minutes the software was used, and when the software was last used.
Adding a Software Meter

You can add a software meter to monitor the specified process name on the agent machine.
To add a Software Meter:
1. Select Inventory | Metering. The Software Metering page appears.

2. Select Add New Item in the Choose action drop-down list. The Software Metering: Edit Detail page
appears.
3. Enter Software Meter details as follows:
Enabled Select this check box to enable software metering for this software.
Process Name The specified process name will be monitored on the KBOX Agent machine.
Associated Software To track usage only on machines with a specific software version deployed,
choose the related software inventory item.
Notes Enter any notes that further describe or explain this software meter.
Licenses Displays license information for the software. To view the license asset
details, click on the license link.
4. Click Save to save your changes or click Cancel to return to the Software Metering Listing page. Your
Software Meter now appears in the Software Metering Listing page.
The results of the software metering can be seen at two places:

On the Software Metering page
On the Software Metering: Edit Detail page
To view Software Metering results:

The software metering page displays useful information such as the Process Name, Enabled, Installed,
Licensed, In Use, etc.
2. Click the process name. The Software Metering: Edit Detail page appears.
The Month-to-date usage Detail table displays information such as Computer Name, Times
Launched, Minutes Used and Last Used.

Editing Software Meter Details
You can edit a software meter to monitor the specified process name on the agent machine.
To edit Software Meter details:
2. Click the process name. The Software Metering: Edit Detail page appears.
3. Edit Software Meter details as shown in the following table:
Enabled Select this check box to enable software metering for a software process.
Process Name The specified process name will be monitored on the KBOX Agent machine.
Associated Software To track usage only on machines with a specific software version deployed,
choose the related software inventory item.
Notes Enter any notes that further describe or explain this software meter.
4. Click Save to save your changes or click Cancel to return to the Software Metering page.
Deleting a Software Meter

You can delete a software meter.
To delete a Software Meter:
1. Select Inventory | Metering. The Software Metering page is appears.
2. Select the processes of which software meter or meters you want to delete.
3. Select Delete Selected Item(s) from the Choose action drop-down list.
4. Click Yes to confirm deleting the software meter(s). Else, click Cancel to cancel deleting the software
meter(s).
Configuring the Software Metering Settings

You can configure the software metering settings.
To configure Software Metering settings:

2. Select the process name.
3. Select Configure Settings in the Choose action drop-down list. The Software Metering Settings
page appears.
4. Edit configuration settings as shown in the following table:
Enabled Select this check box for metering to run on the target machines.
Allow Run While Dis- Select this check box for metering to run even if the machine cannot con-
connected tact the KBOX to report results. The results will be stored on the machine
and will be uploaded once contact with the KBOX is established.
Allow Run While Select this check box for metering to run even if a user is not logged in. If
Logged Off you clear this check box, the script will run only when a user is logged into
the machine.

5. Edit deployment settings as shown in the following table:
Deploy to All Select this check box if you want to deploy to all the Machines. Click OK in the
Machines confirmation dialog box.
Limit Deploy You can limit deployment to one or more labels. Press CTRL and click
To to select more than one label.
Supported Select the operating system to which you want to limit deployment. Press CTRL
Operating and click to select more than one operating system.
Systems Note: Leave blank to deploy to all operating systems.
6. Click Save to save your changes or click Cancel to return to the Software Metering page.

Processes
The KBOX 1000 Series Processes feature allows you to keep track of processes that are running on all
agent machines across your enterprise.
The Processes feature records and reports the processes details information.You can record and view
software usage for the last 1, 2, 3, 6, or 12 months. Detail pages provide information on individual
processes, including the name of the computer running those processes, system description, and the last
user.
Using Processes feature, you can:
View Process details
Delete selected processes
Disallow selected processes
Meter selected processes
Apply labels
Remove labels
The processes are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games,
Internet, Malware, Security, and System Tool.
To View Process Details
1. Select Inventory | Processes. The Processes page appears.

2. Click on the process name to view details. The Process Details page appears.
3. Select labels to assign to process in the Assign To Label box.
4. Enter any notes that further describe this process in the Special Notes box.
5. Select the category of the process in the Category drop-down list.
6. Select the threat level of the process in the Threat Level drop-down list.
7. Click Save to save the processes details.
You can read comments on the process submitted by other users by clicking [Read
Comments] on the Process Details page. You can also ask for help from Kace about the
processes by clicking [Ask For Help.] You need kace username and password to log in
to the Kace database.
You can also see computers with running the selected process. You can view a printer friendly version of
this page and take print outs of the report.
To delete process:

2. Select the processes to delete.
3. Select Delete Selected Item(s) in the Choose Action drop-down list. A confirmation message
appears.
4. Click OK to confirm deleting the selected processes. Else, click Cancel to cancel the deletion
operation.

To disallow processes:

2. Select the processes to disallow.
3. Select Disallow Selected Item(s) in the Choose Action drop-down list. The Script : Edit Detail
page appears.
4. Enter the script configuration details, and then click Run Now to run Disallowed Programs Policy.
For more detailed information on scripting and Disallowed Programs Policy, refer to
Chapter 8,“Scripting,” starting on page 102

Startup
The KBOX 1000 Series Startup feature allows you to keep track of startup programs on all agent machines
across your enterprise.
The Startup feature records and reports the startup program detail information. Detail pages provide
information on startup programs, including the name of the computer running those startup programs,
system description, and the last user.
Using Startup feature, you can:
View startup program details
Delete selected startup programs
Apply or remove labels
The startup programs are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games,
Internet, Malware, Security, and System Tool.
To View Startup detail information:
1. Select Inventory | Startup. The Startup Programs page appears.

2. Click on the startup program name to view details. The Startup Programs : Edit Startup Programs
Detail page appears.
3. Select labels to assign to startup program in the Assign To Label box.
4. Enter any notes that further describe this startup program in the Notes box.
5. Select the category of the startup program in the Category drop-down list.
6. Select the threat level of the startup program in the Threat Level drop-down list.
7. Click Save to save the startup program details.
You can read comments on the startup program submitted by other users by clicking
[Read Comments]. You can also ask for help from Kace about the startup programs by
clicking [Ask For Help.] You need kace username and password to log in to the Kace
database.
You can also see computers with running the selected startup program. You can view a printer friendly
version of this page and take print outs of the report.
To delete startup program details:
1. Select Inventory | Startup. The Startup Programs page appears.

2. Select the startup program to delete.
appears.
4. Click OK to confirm deleting the selected startup programs. Else, click Cancel to cancel the deletion
operation.

Service
The KBOX 1000 Series Service feature allows you to keep track of services running on all agent machines
across your enterprise.
The Service feature records and reports the services detail information. Detail pages provide information
on services, including the name of the computer running those services, system description, and the last
user.
Using Services feature, you can:
View services details
Delete selected services
Apply or delete labels
The services are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet,
Malware, Security, and System Tool.
To view service detail information:
1. Select Inventory | Service. The Services page appears.

2. Click the service name to view details. The Service : Edit Service Detail page appears.
3. Select labels to assign to service in the Assign To Label box.
4. Enter any notes that further describe this service in the Notes box.
5. Select the category of the service in the Category drop-down list.
6. Select the threat level of the service in the Threat Level drop-down list.
7. Click Save to save the service details.
You can read comments on the service submitted by other users by clicking [Read
Comments]. You can also ask for help from Kace about the service by clicking [Ask For
Help.] You need kace username and password to log in to the Kace database.
You can also see computers with running the selected startup program. You can view a printer friendly
version of this page and take print outs of the report.
To delete services detail information:
1. Select Inventory | Service. The Services page appears.

2. Select the services to delete.
appears.
4. Click OK to confirm deleting the selected services. Else, click Cancel to cancel the deletion operation.

Software Lookup Services
The KBOX Software Lookup Services (SLS) automatically discovers and publishes information on software
programs and processes. KBOX SLS provides information on software and process as they appear on KBOX
management appliances systems across the globe. KBOX SLS is available for all major platforms including
Windows, Mac, Red Hat Linux, and Solaris. KBOX SLS also includes software command line arguments,
uninstall commands, and installation advice. To add/view any information on the SLS website, you need to
establish a unique account for the SLS site. You would need to use these credentials to add any new
comments.
Enabling Software Lookup Service

You need to select the 'Enable KACE Software Lookup Service' check box in the General Settings tab to be
able to access the data available with Kace about common software applications and how to deploy/
remove them and share anonymous information about the software on machines in your environment. You
can integrate KACE and user submitted information directly from the Software Lookup Service. If the
'Enable KACE Software Lookup Service' check box in the General Settings tab is selected, you can share
the information of the software in your KBOX with the SLS website.
For more information on how to enable Software Lookup Service in your KBOX appliance, see “Configuring
General settings,” on page 10.
To Enable Software Lookup Service:
1. Select Settings | General. The KBOX Settings: General page appears.

2. Under General Options, click the Edit Mode link next to Set Options tab.
3. Select the Enable KACE Software Lookup Service check box to enable the Software Lookup
Service. A confirmation message appears.
4. Click OK.
5. Click Set Options to set the options. The KBOX information will now be shared with the Kace SLS site.
Viewing Software Lookup Services

You can view Software Lookup Services contents of your KBOX. From the Inventory tab, you can view SLS
information on software, processes, startup programs, and services. Software Lookup Services can also be
viewed from the Distribution | Managed Installations and Distribution | File Synchronization.
To View Software Lookup Services information:
1. Select Inventory | Software. The Software page appears, which lists the software installed on client
machines.
2. Select the software title in order to see the associated information from the Software Lookup Service.
The Software:Edit Software Detail page appears.

You can see more information of the application on the Kace SLS site.
Click Read Comments to view the comments and to

add comments on the Kace SLS site.
Figure 3-4: Software: Edit Software Detail page
If you have not enabled Software Lookup Services at the Settings | General page,
you will not be able to view SLS information and a note will appear asking you to enable
the Software Lookup Services. Refer to “To Enable Software Lookup Service:,” on
page 52.
3. To Update the software information on Kace SLS site, perform the following steps:
a Under Metadata, select the software category in the Category list.
b In the Threat Level list, select the threat level.

c If you would prefer not to share information about this particular item, select the Hide from
Software Lookup Service check box.
In order to provide the best information to your fellow SLS users, we recommend not
hiding items from the Software Lookup Service.The information shared doesn't include
any personally identifiable information about your company or users.
d Click Save to save the edited information.

4. You can view following SLS information on the Software:Edit Software Detail page.
Field Description
Average Threat Level This value is an average of the threat levels assigned by SLS
users who have assigned a threat level. This is intended as a
guide for software you may not be familiar with. A threat level
of 1 would be interpreted as safest.
User Submitted Comments The information displayed on this page and the information
presented on the Kace website is related to the particular soft-
ware title you have selected from the KBOX. Click Read Com-
ments to view the comments on the SLS site. You need to
login on the Kace SLS site using login credentials to add com-
ments.
Categories Displays the software categories that have been assigned to
this software title by SLS users and the percentage of those
users who have assigned each.
Quiet Installation Switches Displays known Quiet Installation Switches for the item you
have selected.
Description It displays information on product description, product URL,
links to support and help, and lockdown information.
Install Command Line Help It displays information on Standard MSI Commands, Standard
Install Commands, and Uninstall Help.

C H A P T E R 4
Asset Management
The KBOX 1000 Series allows you to manage and track as-
sets in your environment in a flexible and customizable
way.
“Overview of Asset Management,” on page 57

“Managing Asset Types,” on page 58
“Managing Assets,” on page 61
“Licensing,” on page 63
“Importing Asset,” on page 65
Overview of Asset Management
The KBOX 1000 Series allows you to manage and track assets in your environment in a flexible and
customizable way. By establishing asset types and relationships to other asset types and other objects in
the KBOX, you will be able to report on existing assets as well as track licensing and cost information in a
way that works for you in your environment.
In looking at asset management in the KBOX, it is important to understand that there are two types of
assets, organizational assets (like Department, Location or Cost Center) and physical assets (like
Computers, Users, Phones or Projectors). Commonly, the organizational assets are used as a way to collect
similar sets of physical assets. Before you begin to use assets, you should establish the asset types that
will make sense for you, both in terms of the organization elements you want to use as well as what
physical asset types you are hoping to track.
You can view the list of available assets from the Asset | Assets tab.
With the Assets tab you can:
Add or delete assets
Configure Asset types
Add or delete software licenses
Import data

Managing Asset Types
There are two types of asset types:
Organizational information (Cost Center, Department, Location)
the organizational assets are used as a way to collect similar sets of physical assets.
Actual physical assets (computers, users, phones, projectors)
where the organizational ones are pointed to by the physical ones mainly
There are several built-in Asset Types — Computer, Cost Center, Department, Location, Owner, Vendor.
Built-in assets can not be deleted. If you delete an asset type, then all the assets using that asset type will
get deleted.
You can add an unlimited number of asset types and these types have a default attribute 'Name'. You can
not create an asset type with the same name as the built-in asset type name. Asset types can be organized
into logical groups or hierarchies to allow for roll up reporting. Asset types can have any number of
attributes.
Assets can point to other Assets and to Inventory records like Machine, User, and Software. Relationships
can be either one - to - one or one - to - many. Asset fields have a default value that should be used when
filling in a new asset. Changing the default value in the asset type does not change any existing records,
but only affects newly created records.
Asset Association
You can create an assets field and associate it to another asset using the field type. Associations are
defined in asset types and are used in assets.
Assets associations are of following types:
User
Parent
Asset Computer
Asset Cost Center
Asset Department
Asset License
Asset Location
Computer Asset
When a machine checks into the KBOX, an asset of type computer is automatically created.
The Computer Asset is mapped to a machine automatically using following two fields:
1. Mapped Inventory field
2. Mapped Asset field
The mapped inventory field enables you select a field that is checked against the inventory to verify if the
machine just checked in is already an asset. For example:
if the
machine inventory field = IP address

Matching asset field = Name
and a machine with an IP address shows up, the IP is checked against IP of machines that are already
assets. If no such asset, then a new asset with Name = IP address is created.
If the mapped inventory field is by IP and the matching asset field is different, perhaps an asset field called
IP, then an asset is created with the Name as system name, and the IP as IP.
The matching asset field has to be of type text.
To add new asset type:
1. Select Asset | Asset Types. The Asset Types page appears.

2. Select Add New Item from the Choose action drop-down list. The Asset Type Detail page
appears.
3. Enter a name for the asset type in the Name field.
You can not create a new asset type with the same name as a built-in asset type name.
4. You can add associations by adding an asset field. To add asset fields, click the button in the Asset
Fields table.
5. Enter following details depending on the asset type selected.
Field Value
Name Type a relevant name for the custom asset field, such as Asset Code, Pur-
chase Date, or Building Address Line 1. This name appears on the data entry
page for the asset.
Select Values This field is enabled when you select Single Select or Multiple Select from the
Field Type list. Type the values that should appear in the custom asset field.
You must type at least one value in this field. If you want to type multiple
values, you must separate each value with a comma.
Default Type the default value for this field. If you select Single Select or Multiple
Select from the Field Type list, you must type one of the values given in the
Select Values field.
Required Select this check box to make this custom asset field a mandatory field. If
you select this check box, you need to enter a value for this custom asset
field before saving the Asset detail page.

Field Type Select the appropriate field type.
Single select (single value length 255, list length 65k).
Multiple select (single value length 255, list length 65k)
Text field (length 255)
Attachment (This field allows you to attach a file to the asset.)
Note: You can create multiple fields of attachment type per asset type.
Notes (length 65K)
Date ('1000-01-01' to '9999-12-31')
Number (-9223372036854775808 to 9223372036854775807)
Parent. This field type allows this asset to point to the same type of asset
in a parent-child relationship. For example, you might allow Location
types to have a Parent connection, allowing 'New York' to point to a 'North
America' Location. This can then be used in the reporting system to show
all Assets in North America. This report will contain all the assets in New
York and in North America.
User. This field type allows you to associate an asset record with one of
the User records from the Inventory system.
Asset ASSET_TYPE. This field type is similar to the single select field type
and the multiple select field type. However, you cannot specify the values
for this custom field type. The values are retrieved from the current list of
Assets in the system.
Allow Multiple This check box is enabled when you select Asset ASSET_TYPE from the Field
Type list. Select this check box to allow this custom field to point to multiple
records. For example, the License Asset type can point to many computers
that are approved for a particular License. A single relationship might have a
printer pointing to a single Department record, indicating that this printer is
used by only one department.
When you rename a custom asset field, the values for that custom field are retained.
However, when you remove the custom asset field, values for that custom field are
removed from all assets. When you change the Field Type of a custom asset field, the
system tries to retain the previous values, but you may also lose some data. For
instance, if you had a custom asset field named Model Number that is of type Text.
Model Number has a value of 'A123'. If you were to change the Field Type from Text to
Number, the system might not be able to convert that 'A123' to a valid number. In this
case, the value for Model Number is set to zero.
If you click Delete, the Asset Type definition and the assets of this type are removed
from the system. If there are assets that point to the Asset Type definition that you
deleted, the asset association is removed.
6. Click Save to save the entries in the Asset Fields table.

7. Click Save to save the added asset type.

Managing Assets
You can add a new asset, delete an existing asset, or view assets by using the Asset | Assets tab.
You can not delete parent asset if that parent asset has child assets. Assets can be viewed by asset type or
by the associations. You can view the related assets that are not part of any particular asset and can clone
any existing asset.
Changes done to the asset are recorded as part History. Asset History is displayed on the Asset Detail
page.
To add an asset:
1. Select Asset | Assets. The Assets page appears.

2. Select the asset type you want to add from the Choose action drop-down list. The Asset Detail page
appears.
3. Enter the name of the selected asset type in the Name field, and then click Save. All the asset types
have a standard field as Name. If you are adding asset of computer type, then you need to enter
following information:
a Select the machine from the Machine list, and then enter the filter criteria in the Filter box.
Machine is a default field that comes with the asset type.
b Enter the date of asset creation in the Date Created box.
c Enter additional information on the asset in the notes box.
d Enter the asset id in the id box.
Date created, notes, and id are the asset fields created for asset of computer type.
4. If you want to add another asset, then click Save and New. Otherwise, click Save to save the asset.
To view assets:

2. To view assets by asset types or association, select the asset type or association from the View by
asset type drop-down list. A list of filtered assets appears.
The Assets page also shows the associated assets.
3. Select the asset title to see detailed information of that asset. The Asset Detail page appears.
4. If you want to clone the asset details, click Clone, and then click Save.
5. After editing the asset information, click Save.

6. In the Related Assets table, you can view the related assets that are not parent of this asset.
Click the asset name to view asset details of this related asset.
For example, if computer A's Location is associated to computer X, then computer A will be listed as a
related asset on computer X's page, but on computer A's page, you can not see computer X. Child
assets are shown on the related assets list.
If the asset you are viewing is associated to a software or machine, then on clicking
that asset name will take you to the Inventory page.
7. In the History table, you can view changes done to the asset.

Licensing
With KBOX, you can create, edit, and delete license assets. You can assign licenses to software and
computers, specify or view the number of licenses available, and keep track of the expiry date for each
license.
When you assign a license to a software, the license is linked with the software. You can view this license
information in the software detail page, the metering page, and the software library admin and user
pages. You can also navigate to the license asset detail page by clicking on the license link in the software
detail page, the metering page, and the software library admin and user pages.
To add new license:

2. Select License from the Choose action drop-down list. The Asset Detail page appears.
Name Enter the name for this license.

Seats Licensed Enter the number of licenses available.
Applies to Software Select the software to which you want to assign this license.
Approved for Computer Select the computer to which you want to assign this license.
License Mode Select the appropriate license mode.
Product Key Enter the license key for the product.
Unit Cost Enter the cost of each license.
Expiration Date Enter the expiration date for this license.
Vendor Select the vendor name for this license.
Filter Enter the filter criteria for the Vendor list.
Purchase Order # Enter the purchase order number for this license.
Purchase Date Enter the date when you purchased this license.
Notes Enter notes about this license.
License Text Enter license text, such as the end-user license agreement.
4. Click Save. To save and add another license asset, click Save and New.

Generating Reports
You can run various reports to display information about the licenses assigned to software and computers.
Description of these reports is provided below.
Category Report Description
Compliance Software Compliance Simple Lists the licenses and

counts like the License list
page with details such as
vendor, PO#, and Notes.
Compliance Software License Compliance Complete Lists software and comput-
ers that are impacted by
each license record.
Compliance Unapproved Software Installation Lists software found on
computers that do not
have approved licenses.
Table 4-1: License Reports

Importing Asset
The Asset Import feature allows you to import assets data from CSV file into the desired asset type.
To import assets data:
1. Select Asset | Asset Import. The Kace Asset Import Wizard - Uploadfile page appears.
2. In the Select File box, specify CSV file path or click Browse to select CSV file.
3. Select Is header name in the file check box if the CSV file contains header.
4. Click Next. It will take you to Asset Type Selection page.
5. Select the asset type from the Asset Type list, to which data need to be imported from CSV file.
6. Click Next. It will take you to mapping page, which displays mapping of CSV fields against fields of
selected Asset Type.
7. Under Standard Fields, perform the following steps:
a Select the CSV field from the drop-down list box to match the corresponding standard field.
b Select the PK check box to choose this field as the primary key.
Mapping of Standard fields is Mandatory.
8. Under Asset Fields, perform the following steps:

a Select the CSV field from the drop-down list box to match the corresponding Asset field.
b Select the PK check box to choose this field as the primary key.
You can select one or more fields as composite primary key.
If none of records for Asset Type match with value of CSV field chosen as
primary key then record will be inserted. If only one records for Asset Type
match with value of CSV field chosen as primary key then record will be
updated. If more than one records for Asset Type match with value of CSV field
chosen as primary key then record will be flagged as duplicate.
9. Click Preview. It will take you to the confirmation page.

10. Click Import Data. The Kace Asset Import Wizard - Result page appears.
11. To import more assets data, click More Import. Otherwise, click Done.

C H A P T E R 5
IP Scan
IP scan is an appliance-side KBOX 1000 Series
technology that allows you to scan a range of IP
addresses to detect the existence and attributes of
various devices on a network.
“IP Scan Overview,” on page 67

“Viewing List of Scheduled Scans,” on page 68
“Creating an IP Scan,” on page 69
IP Scan Overview
The KBOX 1000 Series can scan a range of IP addresses for SNMP enabled machines, allowing you to
retrieve information about machines connected to your network. Although IP Scans have their own server-
side scheduling, you can invoke a scan on-demand, or schedule a IP scan to run at a specific time.
IP scan reports a variety of inventory data that lets you monitor the availability and service level of a target
machine. And because IP scan scans ports in addition to IP addresses, you can collect data even without
knowing the IP addresses of the target machines.
IP scan will scan any type of device (as long as it has an IP address on the network) including computers,
printers, network devices, servers, wireless access points, routers and switches. You can create and view
IP scans from the Inventory | IP Scan tab.
From the Network Scan Results page you can:
View scan schedules
Schedule new scan
Delete selected items
Apply a label/delete a label
Create a remote connection to the machine, if configured under Machine Action.

Viewing List of Scheduled Scans
By default, the IP Scan tab displays the results of configured Network Scans that have been run. You can
modify this view to show the scans that are schedule to occur in the future.
To view scheduled scans:
1. Select Inventory | IP Scan.

2. Select View Scan Schedules in the Choose action drop-down list.

Creating an IP Scan
You can create a network scan that will look for DNS, Socket, and SNMP across a subnet or subnets. You
also define a network scan to look for devices listening on a particular port (for example, Port 80). This
allows you to see devices that are connected to your network even when the KBOX Agent isn’t installed on
those devices.
When defining a network scan, it’s important to balance scope of the scan (number of IP addresses you’re
scanning) with the depth of the probe (number of attributes you’re scanning for) so that you do not
overwhelm your network or KBOX 1000 Series appliance itself. For example, if you needed to scan a large
number of IP addresses frequently, you would want to keep the number of ports, TCPIP connections, etc.,
relatively small. As a general rule, KACE recommends scanning a particular subnet no more than once
every few hours.
The KBOX Agent listens to port 52230. To determine which machines on your network
are running KBOX Agent, you could define a network scan to report which machines
were listening on that port.
To create an IP scan:
1. Select Inventory | IP Scan. The Network Scan Result page appears.

2. Select Schedule New Scan in the Choose action drop-down list.
The Network Scan Setting page appears.
3. Enter a name for the scan in the Network Friendly Scan Name field.
4. Enter the IP range to scan in the Network Scan IP Range field.
5. Specify the DNS lookup test details:
DNS Lookup Enabled If selected, live addresses will be checked against the DNS server to
see if they have a name associated with them. This can help you iden-
tify known nodes on your network.
Name Server for lookup Specify hostname or IP address.
Lookup time out Specify the time out interval (in seconds).
6. Select the Ping Test Enabled check box.

The Ping test must be enabled in order to run other tests. The Ping or Socket tests determine if the
address is alive. If it is, then a SNMP or a Port Scan can be run against it. If the Ping and Socket tests
are disabled, then the other tests will not be run.
7. Specify the Connection test details:
Connection Test Enabled Select to allow Network scan do perform connection testing.
Connection Test Protocol Specify the protocol to use.
Connection Test Port Specify the port to use for testing the connection.
Connection Time Out Specify the time out interval (in seconds).

8. Specify SNMP test details:
SNMP Enabled Select to enable SNMP scanning.

SNMP Public String Enter Public string.
9. Specify Port scan test details:
Device Port Scan Enabled Select to enable port scanning of device ports.
TCP Port List A comma-separated list of TCP ports to scan.
UDP Port List A comma-separated list of UDP ports to scan.
Port Scan Time Out Specify the time out interval (in seconds).
10. Specify scan schedule:
Don’t Run on a Schedule Tests will run in combination with an event rather than on a spe-
cific date or at a specific time. Use this option in combination with
one or more of the “Also” choices below. For example, use this
option in conjunction with “Also Run at User Login” to run when-
ever the user logs in.
Run Every n minutes/hours Runs at the specified time.
Run Every day/specific day at Runs on specified day at the specified time.
HH:MM AM/PM
Run on the nst of every month/ Runs on the specified time on the 1st, or 2nd, etc. of every month
specific month at HH:MM AM/PM or only the selected month.
11. Click Save or Scan Now to run scan immediately.
Deleting a Scan Configuration will also delete all associated scan inventory items. If you
wish to maintain the scan inventory but not "rescan" just set the schedule of the scan
configuration to not run.

C H A P T E R 6
Distribution
The KBOX 1000 Series Distribution feature provides
various methods for deploying software, updates, and
files to computers on your network.
“Distribution Feature Overview,” on page 72

“Types of Distribution Packages,” on page 73
“Managed Installations,” on page 75
“Examples of Common Deployments on Windows,” on page 79
“Examples of Common Deployments on Linux,” on page 83
“Examples of Common Deployments on Solaris,” on page 87
“Examples of Common Deployments on Macintosh(r),” on page 91
“File Synchronizations,” on page 94
“Replication,” on page 96
Distribution Feature Overview
KACE recommends that customers follow a predefined set of procedures before deploying any software on
their network. The following flow diagram represents a high-level example of common distribution
procedures. You can modify this process to meet the needs of your organization. However, to avoid
distribution problems, it is important to test various deployment scenarios prior to deployment.
p y
Inventory &
Assess
Test
Target
Deploy
Report
Figure 6-1: Basic Deployment Procedure
Perhaps the most important concept in the deployment procedure is to test each deployment before rolling
it out to a large number of users. The KBOX 1000 Series verifies that a package is designated for a
particular system, machine, or operating system; however, it cannot assess the likelihood that a particular
package will behave well with existing applications on the target machine. Therefore, we strongly suggest
that you establish procedures for testing each piece of software before deploying it on your network.
One way to do this is to develop a test group of target machines. You can then deploy – via the KBOX 1000
Series – to the test group and verify compatibility with the operating system and other applications within
your test group. You can do this by creating a test label and perform a test distribution before you go live
in your environment. You can create a test label from the Inventory | Labels tab. For more information
about creating labels, see “Labels,” on page 43.
This chapter will focus primarily on the Test, Target, Deploy portions of this flow diagram. For more details
on creating an inventory of computers and software packages in use on your network, see Chapter
3,“Inventory,” starting on page 26.

Types of Distribution Packages
There are three primary types of distribution packages you can deploy to the computers on your network:
managed installations, file synchronizations, and KBOX Agent.
Distribution packages (whether for managed installation, file synchronization, or user portal packages)
CANNOT be created until a digital file is associated with an Inventory Item. This rule applies even if you
are:
Sending a command, rather than an installation or a digital file, to target machines.
Redirecting the KBOX Agent to retrieve the digital asset (for example,.exe,.msi) from an alternate
download location.
To create a distribution:
1. Install the package manually on a machine.

2. Take an inventory of that machine. For more information on how to take an inventory, see “Software
Inventory,” on page 38.
3. Use the item listed in the Software Inventory list for the Managed Installation.
If you need to create packages with different settings, such as parameters, labels, or deployment
definitions, you can create multiple distribution packages for a single Inventory item. However, the MI
cannot be verified against more than one inventory item because the MI checks for the existence of one
and only one inventory item.
Although the KBOX Agent tab is listed under the Distribution tab, “Deploying KBOX
Agent” is discussed as part of the installation and setup process in Chapter 1,“Getting
Started with KBOX 1000 Series,” starting on page 1. For information about updating an
existing version of KBOX Agent, please see Chapter 12,“Server Maintenance,” starting
on page 173.
Distributing Packages through KBOX

Packages distributed through KBOX are only deployed to target desktops if the Inventory Item is
designated to run on the target operating system. For example, if the Inventory Item is defined for
Windows XP Professional only, the Inventory Item will not deploy on Windows 2000. Similarly, the package
will not deploy if it is designated for a target label for which the target machine is not a member. For
example, if the Deployment Package is set to deploy to a Label called Office A, it will not deploy to
machines that are not in Office A. When KBOX creates a software inventory item, it will only record the
operating systems on which the item was installed, in the Inventory detail record.
Distributing Packages through an Alternate Location

KBOX supports software distribution from remote file stores. The KBOX Agent can retrieve digital
installation files from remote file stores, as opposed to KBOX, including a UNC address, a DFS source, or
an HTTP location. The CIFS and SMB protocols are supported. KBOX also supports SAMBA servers and
fileserver appliances.
In order to activate this capability, you must enter an Alternate Checksum (MD5) that matches the MD5
checksum on the remote file share (for security purposes). You may use any tool to establish your
checksum. For creating your MD5 hash, you can use the KBOX Admin Utilities tool, which is available on
the KBOX Agent CD. There are other utilities that will work equally well.

If no checksum is entered, then the digital asset on the file share must exactly match the digital asset
associated with the Deployment Package on the KBOX 1000 appliance. Also, the target path must include
the complete filename (for example, \\fileserver_one\software\adobe.exe).
When KBOX is fetching files, the priority for fetching files is as follows:
1. Alternate download location
2. Replication point
3. KBOX
If there is no replication point, the KBOX agent fails over to KBOX.

Managed Installations
Managed Installations enable you to deploy software to the computers on your network that require an
installation file to run. You can create a Managed Installation package from the Distribution | Managed
Installation page.
From the Managed Installations tab you can:
Create or delete Managed Installations
Execute or disable Managed Installations
Specify a Managed Action
Apply or remove a label
Search Managed Installations by keyword
Creating a Managed Installation for Windows Platform

When creating a Managed Installation, you can specify whether you want to interact with users by
showing a message before or after installation, indicate whether the package should be when the user is
logged in or not, and limit deployment to a specific label. The following section provides general steps for
creating a managed installation. For specific details on creating a managed installation for an .MSI, .EXE,
or .ZIP file, please refer to the subsequent sections.
To create a managed installation for Windows platform:
4. Click Distribution | Managed Installations.

5. Select Add New Item in the Choose action drop-down list.
The Managed Software Installation: Edit Detail Page appears.
6. Select the software from the drop-down list. You can filter the list by entering any filter options.
Run Parameters Specify the installation behavior.

The maximum field length is 256 characters. If your path
exceeds this limit, on the command line, point to a BAT file
that contains the path and the command.
If your Parameters file path includes spaces (for example,
\\kace_share\demo files\share these files\setup.bat), place
quotes around the path (for example, “\\kace_share\demo
files\share these files\setup.bat”.
Full Command Line If desired, specify full command-line parameters. Please refer to
the MSI Command Line documentation for available runtime
options.
Un-Install using Full Com- Select this check box to uninstall software.
mand Line
Run Command Only Select this check box to run the command line only.

Managed Actions Managed Action allows you to select the most appropriate time for
this package to be deployed.
Available options are:
Disabled
Execute anytime (next available)
Execute before logon (before machine boot)
Execute after logon (before desktop loads)
Execute while user logged on
Execute while user is logged off
8. Specify the deployment details:
Deploy to All Machines Select this check box if you want to deploy to all machines.
Limit Deployment To Select a label to limit deployment only to machines grouped by
Selected Labels that label. Press CTRL and click labels to select more than one
label.
Limit Deployment To You can limit deployment to one or more machines. From the
Listed Machines drop-down list, select a machine to add to the list. You can add
more than one machine. You can filter the list by entering filter
options.
Deploy Order The order in which software should be installed. Lower deploy
order will deploy first.
Max Attempts Specify the maximum number of attempts, between 0 and 99, to
indicate the number of times the KBOX 1000 Series appliance will
try to install the package. If you specify 0, KBOX will enforce the
installation forever.
Deployment Window(24H Specify the time (using a 24 hr. clock) to deploy the package.
clock) Deployment Window times will affect any of the Managed Action
options. Also, the run intervals defined under the Server Settings-
>Options page will override and/or interact with the deployment
window of a specific package.
9. Set user interaction details:
Allow Snooze Select this check box to allow snooze. When you select this check
box, the following additional fields appear:
Snooze Message: Enter a snooze message.
Snooze Timeout: Specify a timeout, in minutes, for which
the message will be displayed.
Snooze Timeout Action: Select a timeout action that will
take place at the end of the timeout period. For example,
you might select Install now because you are installing at
a time when you know that the users are away from their
desktops. You might select Install later because the
installer needs some user interaction and it would not work
if the users were not at their desktops.

Custom Pre-Install Mes- Select this check box to display a message to users prior to
sage installation. When you select this check box, additional fields
appear:
Pre-Install User Message: Enter a pre-install message.
Pre-Install Message Timeout: Specify a timeout, in
minutes, for which the message will be displayed.
Pre-Install Timeout Action: Select a timeout action that
will take place at the end of the timeout period from the
drop-down list. Options include Install later or Install now.
For example, you might select Install now because you may
be installing at a time when you know that the user is away
from his or her desktop, making it a good time to install. Or,
you might select Install later if the installer needs some
user interaction and it would not work if the user was not at
his or her desktop.
Custom Post-Install Mes- Select this check box to display a message to users after the
sage installation completes. When you select this check box, message
field and timeout options appear. Enter a message and a timeout
value in minutes.
Delete Downloaded Files Select this check box to delete the package files after installation.
Use Alternate Download Select this check box to specify details for alternate download.
When you select this check box, the following fields appear:
Alternate Download Location: Specify the location
where the KBOX Agent can retrieve digital installation files.
Alternate Checksum: Specify an Alternate Checksum
(MD5) that matches the MD5 checksum on the remote file
share (for security purposes).
Alternate Download User: Specify a user name that will
have the necessary privileges to access the alternate
download location.
Alternate Download Password: Specify the password
for the user name.
Note: If the target machine is part of a replication label, then the
KBOX will not fetch software from the alternate download loca-
tion.
10. Click Save.
Sharing Managed Software Installation Information

The Distribution | Managed Installation tab enables to share the managed software installation
information on the Kace SLS site.
To Share Managed Software Installation Information on Kace SLS:
1. Select Distribution | Managed Installation. The Managed Installations page appears.

2. Select the managed installation you want to share with Software Lookup Services. The Managed
Software Installation : Edit Detail page appears.

3. After editing managed installation information, click Share with Software Lookup Service to share
managed installation information with SLS.
4. Click Save.
You can view the SLS information on this page. For more information on Software Lookup Services, see
“Software Lookup Services,” on page 52.

Examples of Common Deployments on
Windows
Three of the most common package deployments contain .msi, .exe, and .zip files. This section provides
examples for each type of deployment. For each of these examples, you must have already uploaded the
file to KBOX prior to creating the Managed Installation package. We recommend installing the software on
a QA machine, waiting a sufficient amount of time for the KBOX Agent to connect to the KBOX 1000 series
appliance and create an inventory item for the software, and then creating the Managed Installation
package.
You also can run the file KBScriptRunner tool located in Program Files\KACE\KBOX to
force the KBOX Agent to check in with the KBOX 1000 appliance.
Standard MSI Example

Using .MSI files is an easy, self-contained way to deploy software on Windows-based machines. If you
have a .MSI that requires no special transformation or customization, the deployment is simple.
If you are not sure about the installation parameters for your MSI installation, you can
open the command prompt, and then type msiexec to view available options.
To create a managed installation for a .MSI file:
1. Select Distribution | Managed Installations. The Managed Installations page appears.

The Managed Installation: Edit Detail Page appears.
4. Set the following installation details:
Run Parameters Specify the installation behavior.

The maximum field length is 256 characters. If your path
exceeds this limit, please point to a BAT file on the command
line that contains the path and the command.
If your Parameters file path includes spaces (for example,
\\kace_share\demo files\share these files\setup.bat),
place quotes around the path. For example,
“\\kace_share\demo files\share these files\setup.bat”.
Full Command Line If desired, specify full command-line parameters. Please refer to the
MSI Command Line documentation for available runtime options.
Un-Install using Full Com- Select this check box to uninstall software.
mand Line
Run Command Only Select this check box to run the command line only.

Managed Actions Managed Actions allow you to select the most appropriate time for this
package to be deployed.
Available options are:
Disabled
Execute before logon (before machine boot)
Execute while user logged off
Deploy to All Machines Select this check box if you want to deploy to all the Machines.
Limit Deployment To Select a label to limit deployment only to machines grouped by that
Selected Labels label. Press CTRL and click labels to select more than one label.
Limit Deployment To Listed You can limit deployment to one or more machines. From the drop-
Machines down list, select a machine to add to the list. You can add more than
one machine. You can filter the list by entering filter options.
Deploy Order The order in which software should be installed. Lower deploy order
will deploy first.
Max Attempts Specify the maximum number of attempts, between 0 and 99, to indi-
cate the number of times the KBOX 1000 Series appliance will try to
install the package. If you specify 0, KBOX will enforce the installation
forever.
Deployment Window(24H Specify the time (using a 24 hr. clock) to deploy the package. Deploy-
clock) ment Window times will affect any of the Managed Action options.
Also, the run intervals defined under the Server Settings->Options
page will override and/or interact with the deployment window of a
specific package.
Allow Snooze Select this check box to allow snooze. When you select this check box,
the following additional fields appear:
Snooze Message: Enter a snooze message.
Snooze Timeout: Specify a timeout, in minutes, for which the
message will be displayed.
Snooze Timeout Action: Select a timeout action that will take
place at the end of the timeout period. For example, you might
select Install now because you are installing at a time when
you know that the users are away from their desktops. You
might select Install later because the installer needs some
user interaction and it would not work if the users were not at
their desktops.

Custom Pre-Install Message Select this check box to display a message to users prior to installa-
tion. When you select this check box, additional fields appear:
Pre-Install User Message - Enter a pre-install message.
Pre-Install Message Timeout - Specify a timeout in minutes
for which the message will be displayed.
Pre-Install Timeout Action - Select a timeout action that will
take place at the end of the timeout period from the drop-down
list. Options include Install later or Install now. For example, you
might select Install now because you may be installing at a time
when you know that the user is away from his or her desktop,
making it a good time to install. Or, you might select Install later
if the installer needs some user interaction and it would not
work if the user was not at his or her desktop.
Custom Post-Install Message Select this check box to display a message to users after the installa-
tion completes. When you select this check box, message field and
timeout options appear. Enter a message and a timeout value in min-
utes.
User Alternate Download Select this check box to specify details for alternate download. When
you select this check box, the following fields appear:
Alternate Download Location - Specify the location from
Alternate Checksum - Specify an Alternate Checksum (MD5)
that matches the MD5 checksum on the remote file share (for
security purposes).
Alternate Download User - Specify a username that will have
the necessary privileges to access the Alternate Download
Location.
Alternate Download Password - Specify the password for
the username specified above.
KBOX will not fetch software from the alternate download location.
7. Click Save.

Standard EXE Example
The standard EXE example is identical to the MSI example above with one exception: /I is not required in
the “run parameters” line when using a .exe.
When using an EXE it is often helpful to identify switch parameters for a quiet or silent installation. To do
this, specify /? in the run parameters field.
Standard ZIP Example

Deploying software using a .zip file, is a convenient way to package software when more than one file is
required to deploy a particular software title (for example, setup.exe plus required configuration and data
files). For example, if you have a CD-ROM containing a group of files required to install a particular
application, you can package them together in a .zip file, and upload them to KBOX for deployment.
The KBOX Agent will automatically run deployment packages with .MSI and .EXE
extensions. However, KBOX 1000 Series also provides a capability for administrators to
Zip many files together and direct the KBOX 1000 Series to unpack the Zip and run a
specific file within. If you intend to deploy a .ZIP file, you must place the name of the
file within the .zip that you would like to run in the Command (Executable) field within
the Deployment Package (for example, runthis.exe).
To create a managed installation for a .zip file:
1. Browse to the location that contains the necessary installation files.

2. Select all files, and create a .zip file using WinZip or other utility.
3. Create an inventory item for the target deployment.
You can do this manually from the Inventory | Software tab, or by installing the package on a KBOX
Agent machine that regularly connects to the KBOX 1000 Series appliance.
4. Associate the .zip file with the inventory item and upload it to the KBOX 1000 Series.
6. Select Add New Item in the Choose action drop-down list. The Managed Software Installation : Edit
7. Select the software title with which the .zip file is associated from the software drop-down list.
8. In the Full Command Line field, please specify the complete command with arguments.
Example: setup.exe /qn
9. Enter other package details as described in the Creating a Managed Installation procedures.
10. Click Save.

Linux
The supported package deployments are .rpm, .zip, .bin, .tgz and tar.gz files. This section provides
examples for each type of deployment. For each of these examples, you must have already uploaded the
file to KBOX prior to creating the Managed Installation package. We recommend installing the software on
a QA machine, waiting a sufficient amount of time for the KBOX Agent to connect to the KBOX 1000 series
package.
You can also run the file runallkbots located in \KACE\KBOX to force the KBOX Agent to
check in with the KBOX 1000 appliance.
Standard RPM Example

You can deploy software on Linux-based machines using .rpm files.
To create a managed installation for a .rpm file:

2. Select Add New Item in the Choose action drop-down list. The Managed Installation: Edit Detail
Page appears.
4. By default the kbox agent will attempt to install the .rpm file via the following command. In general,
this should be sufficient to install a new package or update an existing one to a new version:
rpm -U packagename.rpm
5. If you have selected a zip/tgz/tar.gz file, then the content will be unpacked and the root directory
searched for all .rpm files. The installation command will be run against each of them. KBOX will find all
rpm files at the top level of an archive automatically, so you can install more than one package at a
time. You can also create an archive containing a shell script and then specify that script name as the
full command. KBOX will run that command if it is found and log an error if is not.
If you want to change the default parameters, you have to specify the Full Command Line. You may
specify wildcards in the filenames you use. Enclose the filename in single or double quotation marks if
it contains spaces. The files will the unarchived into a directory in "/tmp" and that will become the
current working directory of the command.
On Red Hat Linux, you do not need to include any other files in your archive other than
your script if that's all you wish to execute.
If the PATH environment variable of your root account does not include the current working directory
and you wish to execute a shell script or other executable that you've included inside an archive,
specify the relative path to the executable in the Full Command Line field. The command will be
executed inside a directory alongside the files which have been unarchived. For example, if you want to
run a file called "installThis.sh", you would package it up alongside a .rpm file and then put the

command "./installThis.sh" in the Full Command Line field. If you archived it inside another directory,
like "foo", the Full Command Line field should be "./foo/installThis.sh".
Both these examples, as well as some other KBOX functions, assume that "sh" is in root's PATH. If
you're using another scripting language, you may need to specify the full path to the command
processor you wish to run in the Full Command Line, like "/bin/sh ./installThis.sh". Include appropriate
arguments for an unattended, batch script.
If you select the uninstall check box in the MI detail, the KBOX agent will run the command
//usr/sbin/rpm -e packagename.rpm on either your standalone rpm file or each rpm file it finds in the
archive, removing the package(s) automatically. Uninstallation in this way will be performed only if the
archive or package is downloaded to the client. If you select the check box for "Run Command Only",
you should specify a Full Command Line to ensure the correct removal command is run on the correct
package. Since no package is downloaded in this case, you should specify the path in the installation
database where the package receipt is stored.
6. If your package requires additional options, you can enter the following installation details:
Run Parameters You don’t need to specify any parameters if you have a .rpm file. If no
Run Parameters are filled in, -U will be used by default.Setting a value
here will override the default “-U” option. For instance, if you set Run
Parameters to: “–ivh --replacepkgs”, then the command that would run
on the computer would be:
rpm -ivh –replacepkgs package.rpm
Full Command Line You don’t need to specify a full command line if you have a .rpm file. The
server executes the installation command by itself. The Linux client will
try to install this via:
rpm [-U | Run Parameters] "packagename.tgz”
If you don’t want to use the default command at all, you can replace it
completely by specifying the complete command line here. Remember
that if you have specified an archive file, this command will run against all
of the .rpm files it can find.
Un-Install using Full Select this check box to uninstall software. If the Full Command Line
Command Line above is filled in, it will be run. Otherwise, by default the agent will
attempt the command, which is generally expected to remove the pack-
age.
Run Command Only Select this check box to run the command line only. This will not down-
load the actual digital asset.
Managed Action Managed Action allows you to select the most appropriate time for this
package to be deployed. Execute anytime (next available) and Dis-
abled are the only options available for Linux platform.
Deploy to All Machines Select this check box if you want to deploy to all the machines.
Limit Deployment To Select a label to limit deployment only to machines grouped by that label.
Selected Labels Press CTRL and click labels to select more than one label.
Limit Deployment To You can limit deployment to one or more machines. From the drop-down
Listed Machines list, select a machine to add to the list. You can add more than one
machine. You can filter the list by entering filter options.

Deploy Order The order in which software should be installed. Lower deploy order will
deploy first.
Max Attempts Specify the maximum number of attempts, between 0 and 99, to indicate
the number of times the KBOX 1000 Series appliance will try to install the
package. If you specify 0, KBOX will enforce the installation forever.
Deployment Win- Specify the time (using a 24 hr. clock) to deploy the package. Deployment
dow(24H clock) Window times will affect any of the Managed Action options. Also, the run
intervals defined under the Server Settings->Options page will override
and/or interact with the deployment window of a specific package.
Allow Snooze This option is not available for Linux platform.

Custom Pre-Install Message This option is not available for Linux platform.
Custom Post-Install Message This option is not available for Linux platform.
Use Alternate Download Select this check box to specify details for alternate download. When
security purposes).
Location.
9. Click Save.

Standard TAR.GZ Example
Deploying software using a tar.gz file is a convenient way to package software when more than one file is
required to deploy a particular software title (for example, packagename.rpm plus required configuration
and data files). For example, if you have a CD-ROM containing a group of files required to install a
particular application, you can package them together in a tar.gz file, and upload them to KBOX for
deployment.
To create a managed installation for a tar.gz file:
1. Use the following two commands to create tar.gz file:

tar –cvf filename.tar packagename.rpm
gzip filename.tar
This will create filename.tar.gz
3. Associate the tar.gz file with the inventory item and upload it to the KBOX 1000 Series.
5. Select Add New Item in the Choose action drop-down list. The Managed Software Installation: Edit
6. Select the software title with which the tar.gz file is associated from the software drop-down list.
7. This file will be uncompressed and searched for all .rpm files. The installation command will be run
against each of them.
8. If no Run Parameters are filled in, -U will be used by default.
9. You don’t need to specify a full command line. The server executes the installation command by itself.
The Linux client will try to install this via:
rpm [-U | Run Parameters] "packagename.tgz”
10. Enter other package details as described in the Creating a Managed Installation procedures for .rpm
file above.
11. Click Save.
The KBOX Agent will automatically run deployment packages with .rpm extensions. However, KBOX 1000
Series also provides a capability for administrators to Zip many files together and direct the KBOX 1000
Series to unpack the Zip and run a specific file within.

Solaris
The supported package deployments are .pkg, pkg.gz, .zip, .bin and tar.gz. This section provides examples
for each type of deployment. For each of these examples, you must have already uploaded the file to
KBOX prior to creating the Managed Installation package. We recommend installing the software on a QA
machine, waiting a sufficient amount of time for the KBOX Agent to connect to the KBOX 1000 series
package.
You can also run the file runallkbots located in \KACE\KBOX to force the KBOX Agent to
check in with the KBOX 1000 appliance.
To create a managed installation for a .pkg file:

Page appears.
4. By default the kbox agent will attempt to install the .pkg file via the following command. In general,
pkgadd -n -d "packagename.pkg" [Run Parameters]
5. If you have selected a zip/pkg.gz/tar.gz file, then the contents will be unpacked and the root directory
searched for all .pkg files. The installation command will be run against each of them. KBOX will find all
pkg files at the top level of an archive automatically, so you can install more than one package at a
time. You can also create an archive containing a shell script and then specify that script name as the
full command. KBOX will run that command if it is found and log an error if is not.
If you want to change the default parameters, you have to specify the Full Command Line. You may
specify wildcards in the filenames you use. Enclose the filename in single or double quotation marks if
it contains spaces. The files will the unarchived into a directory in "/tmp" and that will become the
current working directory of the command.
You can put a zero-byte .pkg file in your archive if all you want to do is execute a shell
command or some other executable.
and you wish to execute a shell script or other executable that you've included inside an archive,
specify the relative path to the executable in the Full Command Line field. The command will be
executed inside a directory alongside the files which have been unarchived. For example, if you want to
run a file called "installThis.sh", you would package it up alongside a .pkg file and then put the
command "./installThis.sh" in the Full Command Line field. If you archived it inside another directory,
like "foo", the Full Command Line field should be "./foo/installThis.sh".

processor you wish to run in the Full Command Line, like "/bin/sh ./installThis.sh". Include appropriate
arguments for an unattended, batch script.
If you select the uninstall check box in the MI detail, the KBOX agent will run the command:
/usr/sbin/pkgrm -n packagename.pkg on either your standalone rpm file or each rpm file it finds in the
archive, removing the package(s) automatically. Uninstallation in this way will be performed only if the
archive or package is downloaded to the Agent. If you select the check box for "Run Command Only",
you should specify a full command line to ensure the correct removal command is run on the correct
package. Since no package is downloaded in this case, you should specify the path in the installation
database where the package receipt is stored.
Run Parameters You don’t need to specify any parameters if you have a .pkg file. If no
Run Parameters are filled in, all will be used by default to install all pack-
ages in the .pkg file. Setting a value here will override the default option.
Full Command Line You don’t need to specify a full command line if you have a .pkg file. The
server executes the installation command by itself. The Solaris client will
try to install this via:
that if you have specified an archive file, this command will run against all
of the .pkg files it can find.
Un-Install using Full Select this check box to uninstall software. If the Full Command Line
Command Line above is filled in, it will be run. Otherwise, by default the agent will
attempt the command, which is generally expected to remove the pack-
age.
Run Command Only Select this check box to run the command line only. This will not down-
abled are the only options available for Solaris platform.
Limit Deployment To Select a label to limit deployment only to machines grouped by that label.
Selected Labels Press CTRL and click labels to select more than one label.
Limit Deployment To You can limit deployment to one or more machines. From the drop-down
Listed Machines list, select a machine to add to the list. You can add more than one
machine. You can filter the list by entering filter options.
Deploy Order The order in which software should be installed. Lower deploy order will
deploy first.
Max Attempts Specify the maximum number of attempts, between 0 and 99, to indicate
the number of times the KBOX 1000 Series appliance will try to install the
package. If you specify 0, KBOX will enforce the installation forever..

Deployment Win- Specify the time (using a 24 hr. clock) to deploy the package. Deployment
dow(24H clock) Window times will affect any of the Managed Action options. Also, the run
intervals defined under the Server Settings > Options page will override
and/or interact with the deployment window of a specific package.
Allow Snooze This option is not available for Solaris platform.

Custom Pre-Install Message This option is not available for Solaris platform.
Custom Post-Install Message This option is not available for Solaris platform.
security purposes).
Location.
9. Click Save.
Standard TAR.GZ Example

Deploying software using a tar.gz file is a convenient way to package software when more than one file is
required to deploy a particular software title (for example, packagename.pkg plus required configuration
and data files). For example, if you have a CD-ROM containing a group of files required to install a
particular application, you can package them together in a tar.gz file, and upload them to KBOX for
deployment.
To create a managed installation for a tar.gz file:
1. Use the following two commands to create tar.gz file:

tar –cvf filename.tar packagename.pkg
gzip filename.tar
This will create filename.tar.gz.
3. Associate the tar.gz file with the inventory item and upload it to the KBOX 1000 Series.

5. Select Add New Item in the Choose action drop-down list. The Managed Software Installation: Edit
6. Select the software title with which the tar.gz file is associated from the software drop-down list.
7. This file will be uncompressed and searched for .pkg files. The installation command will be run against
each of them.
8. If no Run Parameters are filled in, all will be used by default to install all packages in the .pkg file.
9. You don’t need to specify a full command line. The server executes the installation command by itself.
The Solaris client will try to install this via:
If extension is tar.gz:
tar xzpf “packagename”
If extension is .zip:
unzip “packagename.zip”
If extension is .gz:
gunzip “packagename.gz”
10. Enter other package details as described in the Creating a Managed Installation procedures for .pkg
file above.
11. Click Save.
The KBOX Agent will automatically run deployment packages with .pkg extensions. However, KBOX 1000
Series also provides a capability for administrators to Zip many files together and direct the KBOX 1000
Series to unpack the Zip and run a specific file within.

Macintosh(r)
On the Apple MacOS X platform, there is a universal installer with the usual file extension of .pkg. (This
format is different from the Solaris .pkg files.) You cannot upload a .pkg file directly, because .pkg files are
actually directories at a low level and web browsers can't handle uploading entire directories.
You do not need to use an installer for KBOX to install plain packages. These are the ".app" packages you
might normally drag to your Applications folder. These must be archived as well, since they are also
directories at a very low level, just like installer packages.
You can even archive installers alongside plain applications. KBOX will run the installers first and then copy
the applications into the Applications folder.
The supported package deployments are .pkg, .app, .dmg, .zip, .tgz and tar.gz. If you package the file as
a disk image, KBOX will mount and unmount it quietly. This section provides examples for each type of
deployment. For each of these examples, you must have already uploaded the file to KBOX prior to
creating the Managed Installation package. We recommend installing the software on a test machine,
waiting a sufficient amount of time for the KBOX Agent to connect to the KBOX 1000 series appliance and
create an inventory item for the software, and then creating the Managed Installation package.
You can also run the file runallkbots located in /Library/KBOXAgent/Home/bin to force
the KBOX Agent to check in with the KBOX 1000 appliance.
To create a managed installation:

Page appears.
4. By default the kbox agent will attempt to install the .pkg file via the following command. In general,
installer -pkg packagename.pkg -target / [Run Parameters]
5. If you have selected a zip/tgz/tar.gz file, then the contents will be unpacked and the root directory
searched for all .pkg files. The installation command will be run against each of them. KBOX will search
for all the .pkg files on the top level of an archive and execute that same installer command on all of
them in alphabetical order. After that, KBOX will search for all plain applications (.app) on the top level
of the archive and copy them to /Applications with this command:
ditto -rscs Application.app /Applications/Application.app
If you wish to execute a script or change any of these command lines more fully, you may specify the
appropriate script invocation as the Full Command Line. You may specify wildcard in the filenames you
use. Enclose the filename in single or double quotation marks if it contains spaces. The files will the

unarchived into a directory in "/tmp" and that will become the current working directory of the
command.
On MacOS, you do not need to include any other files in your archive other than your
script if that's all you wish to execute.
and you wish to execute a shell script or other executable that you've included inside an archive, be
sure to specify the relative path to the executable in the Full Command Line field. Remember, you'll be
executing your command inside a directory alongside the files which have been unarchived. For
example, if you want to run a file called "installThis.sh", you would package it up alongside a .pkg file
and then put the command "./installThis.sh" in the Full Command Line field. If you archived it inside
another directory, like "foo", the Full Command Line field should be "./foo/installThis.sh".
processor you wish to run in the Full Command Line, like "/bin/sh ./installThis.sh". Be sure to include
appropriate arguments for an unattended, batch script.
If you select the uninstall check box in the MI detail, KBOX will remove each .app it finds in the top
level of your archive from the Applications folder. Thus, if you include two files in your archive named
"MyApp.app" and "MyOtherApp.app", those two applications will disappear from your Applications
folder if they exist there.
Uninstallation in this way will be performed only if the archive or package is downloaded to the client. If
you select the check box for "Run Command Only", you should specify a full command line to ensure
the correct removal command is run on the correct package. Since no package is downloaded in this
case, you should specify the path in the installation database where the package receipt is stored or
run the correct file removal command to delete the files from the Applications folder. In that case, you
can download a script inside an archive and run the script on the Full Command Line.
Run Parameters You cannot apply "Run Parameters" to the above mentioned com-
mands.
Full Command Line You don’t need to specify a full command line. The server executes
the installation command by itself. The Macintosh(r) client will try to
install this via:
installer -pkg packagename.pkg -target / [Run Parameters]
or
ditto -rsrc packagename.app /Applications/theapp
that if you have specified an archive file, this command will run
against all of the .pkg files or .app files it can find.
Un-Install using Full Com- Select this check box to uninstall software. If the Full Command Line
mand Line above is filled in, it will be run. Otherwise, by default the agent will
attempt the command, which is generally expected to remove the
package.
Run Command Only Select this check box to run the command line only.This will not down-

abled are the only options available for Macintosh(r) platform.
Limit Deployment To Select a label to limit deployment only to machines grouped by that
Selected Labels label. Press CTRL and click labels to select more than one label.
Limit Deployment To Listed You can limit deployment to one or more machines. From the drop-
Machines down list, select a machine to add to the list. You can add more than
one machine. You can filter the list by entering filter options.
Deploy Order The order in which software should be installed.Lower deploy order
will deploy first.
Max Attempts Specify the maximum number of attempts, between 0 and 99, to indi-
cate the number of times the KBOX 1000 Series appliance will try to
install the package. If you specify 0, KBOX will enforce the installation
forever.
Deployment Window(24H Specify the time (using a 24 hr. clock) to deploy the package. Deploy-
clock) ment Window times will affect any of the Managed Action options.
Also, the run intervals defined under the Server Settings->Options
page will override and/or interact with the deployment window of a
specific package.
Allow Snooze This option is not available for Macintosh(r) platform.

Custom Pre-Install Message This option is not available for Macintosh(r) platform.
Custom Post-Install Message This option is not available for Macintosh(r) platform.
security purposes).
Location.
9. Click Save.

File Synchronizations
File synchronizations enable you to distribute software files to the computers on your network. These can
be any type of file, such as PDF, ZIP files, or EXE files, which are simply downloaded to the user’s machine,
but not installed.
Creating a file synchronization

Using file synchronizations, you can push out any type of file to the computers on your network. You can
choose to install the files from the KBOX 1000 Series, or you can specify an alternate location where users
will download the file. The string KACE_ALT_Download in the Alternate Download Location field will be
replaced with the value assigned by the corresponding LABEL. You should not have a machine in more
than one LABEL with an Alternate Download Location specified.
To create a file synchronization:
1. Select Distribution | File Synchronization. The File Synchronizations page appears.

The File Synchronization: Edit Detail page appears.
3. Select the software title to install in the Software Title to Install drop-down list.
4. Set or modify the following installation details:
Notes Enter any information related to the software title selected.

Location (full directory path) Specify the location on the users machine where you want to
upload this file.
Location User If the Location specified above is a shared location, specify the
User login name.
Location Password If the Location specified above is a shared location, specify the
login password.
Enabled Select this check box to download the file the next time the
KBOX Agent checks in to the KBOX 1000 Series appliance.
Create Location (if doesn’t Creates the installation location if not already there.
exists)
Replace existing files Select this check box to overwrite existing files of the same
name on the target machines.
Do Not Uncompress Distribu- Select this check box if you are distributing a compressed file
tion and do not want the file uncompressed.
Persistent Select this check box if you want the KBOX 1000 Series to con-
firm every time that this package does not already exist on the
target machine before attempting to deploy it.
Create shortcut (to location) Select this check box if you want to create a desktop shortcut to
the file location.
Shortcut name Type a display name for the shortcut.
Delete Temp Files Select this check box to delete temporary installation files.

Limit Deployment to Specify a label for the package. The file will be distributed to the users
assigned to the label, such as operating system affected by the syn-
chronization.
Pre-Install User Message Select this check box to display a message to users prior to installation.
When you select this check box, additional fields appear:
Pre-Install User Message - Enter a pre-install message.
Pre-Install Message Timeout - Specify a timeout in minutes
for which the message will be displayed.
Pre-Install Timeout Action - Select a timeout action that will
take place at the end of the timeout period from the drop-down
list. Options include Install later or Install now. For example, you
might select Install now because you may be installing at a time
when you know that the user is away from his or her desktop,
making it a good time to install. Or, you might select Install later if
the installer needs some user interaction and it would not work if
the user was not at his or her desktop.
Post-Install User Message Select this check box to display a message to users after the installation
completes. When you select this check box, message field and timeout
options appear. Enter a message and a timeout value in minutes.
Deployment Window Specify the time (using a 24 hr. clock) to deploy the package. Deploy-
ment Window times will affect any of the Managed Action options. Also,
the run intervals defined under the Server Settings | Options page
will override and/or interact with the deployment window of a specific
package.
security purposes).
Location.
Alternate Download Password - Specify the password for the
username specified above.
Note: If the target machine is part of a replication label, then the KBOX
will not fetch software from the alternate download location.
7. Click Save.
To distribute files previously deployed after the deployment window has closed, click
the Resend Files button.

Replication
A Replication Share allows a KBOX Agent to replicate software installers to a share for use by other KBOX
Agents. This allows users to download software from the share instead of directly from the KBOX 1000
Series. This is useful if you have machines in a remote office where downloading the software once for
each machine would impact the network.
From the Replication tab, users can:
Add or delete replication shares
Enable or disable replication shares
Creating a Replication Share

Replication shares can only be created on one of the machines listed in the KBOX Inventory |
Computers tab. If you want to create a share on a machine not listed there, you will need to create an
inventory record for the machine before continuing. For more information, see Chapter
3,“Inventory,” starting on page 26. The Replication Machine will need write permissions to the Destination
Path to write the software files.
To create a replication share:
1. Select Distribution | Replication. The Replication Shares page appears.

2. Select Add New Item in the Choose Action drop-down list.
The Replication Share: Edit Detail page appears.
3. Select the machine on which the share will reside in the Replication Machine drop-down list.
4. Specify the Replication Share destination details:
Destination Path Specify the destination path where the replication machine should
copy all the software from the KBOX 1000 Series. All software items
with digital assets are copied, including patches. The Replication
Machine will need write permissions to the Destination Path to write
the software files.
Destination Path User Specify the login name for the share.
Destination Path Password Specify the password for the share.
5. Select a label for the Replication Share.

Make sure that the label does not have ALT_KACE_LOCATION specified on it.
6. Specify the replication share download details:
Download Path Specify the download path from where machines in the replication
label will copy these assets instead of downloading them directly
from KBOX. The Clients will need read permission to this share.
Download Path User Specify the login name the users in the replication share label will
enter to access the assets on the replication share.
Download Path Password Specify the password for the share. The password the users in the
replication share label will enter to access the assets on the replica-
tion share.
7. Enter comments in the Notes field as necessary.

8. Click Save.
9. After creating a replication share, select the Enabled check box to allow users to begin using the share
to download digital assets.
Viewing Replication Share Details

After clicking Save, the Replication Shares list will be displayed showing the new replication share. You
can view the list of digital assets that will be copied to this share by clicking the linked name of the
Replication Share and scrolling down to the table at the bottom.
You can also click the Details link beside the Replication Machine field to view the computer inventory
record for the Replication Share. Click the Details link beside the Labels field to view the computers and
users assigned to that label.

C H A P T E R 7
Wake-on-LAN
The KBOX 1000 Series Wake-on-LAN feature provides the
ability to “wake up” computers equipped with network
cards that are Wake-on-LAN compliant.
“Wake-on-LAN Feature Overview,” on page 99

“Issuing a Wake-on-LAN Request,” on page 100
“Troubleshooting Wake-on-LAN,” on page 101
Wake-on-LAN Feature Overview
The KBOX 1000 Series Wake-on-LAN feature enables you to remotely power-on device on your network,
even if those machines don’t have the KBOX Agent installed. Wake-on-LAN can target a label, or specific
MAC-addressed machine.
Wake-on-LAN is often used to power on machines prior to some IT activity, such a distributing a package
from the KBOX 1000 Series to a subnet, to ensure that the distribution or update reaches as many of the
target machines as possible. Because many of the updates are performed during off-hours to minimize the
impact on your network, some of the machines targeted for updating might be turned off at the time you
are performing the updates. In such cases, you could issue a Wake-on-LAN call to turn computers on prior
to performing updates, running scripts, or distributing packages.
This feature only supports machines that are equipped with a Wake-On-LAN-enabled
network interface card (NIC) and BIOS.
Using the Wake-on-LAN feature on the KBOX 1000 Series will cause broadcast UDP traffic on your network
on port 7. This traffic should be ignored by most computers on the network. The KBOX 1000 Series sends
16 packets per Wake-on-LAN request because it must guess the broadcast address that is required to get
the "Magic Packet" to the target computer. This amount of traffic should not have a noticeable impact on
the network.

Issuing a Wake-on-LAN Request
You can wake multiple devices at once by specifying a label to which those devices belong, or you can
wake computers or network devices individually. If you need to wake devices on a regular basis, for
example to perform monthly maintenance, you could schedule a Wake-on-LAN to go out a specific time.
If the device you want to wake is not inventoried by the KBOX 1000 Series but you still know the MAC
(Hardware) address and its last-known IP address, you can manually enter the information to wake the
device.
To issue a Wake-on-LAN request:
1. Click Distribution | Wake-on-LAN. The Wake-on-LAN page appears.

2. To wake multiple devices, select a label from the Labels drop-down list.
3. To wake computers individually, select them from the Wake a Computer list.
Press CTRL, and then click to select multiple computers.
4. To wake a network device, specify the device’s IP address in the Devices field.
5. Enter the filter criteria in the Filter field.
6. Specify the MAC address of the device in the MAC Address field.
7. Specify the IP address of the device in the IP Address field.
8. Click Send Wake-on-LAN.
After sending the Wake-on-LAN request, you will see the results at the top of the page indicating the
number of machines that received the request and to which label, if any, those machines belong.
To schedule a Wake-On-LAN request:
1. Click Distribution | Wake-on-LAN.

2. Click the Schedule a routine Wake-on-LAN event link. The Wake-on-LAN page appears.
3. Select Add New Item in the Choose action drop-down list. The Wake-on-LAN Settings page
appears.
4. In the Labels to Wake-on-LAN box, select the labels to include in the request.
Press CTRL, then click to select multiple labels.
5. In the Limit by Operating Systems box, select the operating systems to include in the request.
6. Specify the Wake-on-LAN schedule in the Scheduling area:
Don’t Run on a Schedule Tests will run in combination with an event rather than on a specific
date or at a specific time.
Run Every day/specific day Runs every day or only the selected day at the specified time.
at HH:MM AM/PM
Run on the nst of every Runs on the 1st, or 2nd, etc. of every month or only the selected
month/specific month at month at the specified time.
HH:MM AM/PM
7. Click Save.
On clicking Save, you will see the Wake-on-LAN tab with the scheduled request listed. From this view
you can edit or delete any scheduled requests.

Troubleshooting Wake-on-LAN
If a Wake-on-LAN request fails to wake devices, your network devices could be configured in a way that is
causing Wake-on-LAN to fail:
The device does not have a WOL-capable network card or is not configured properly.
The KBOX 1000 Series has incorrect information about the subnet to which the device is attached.
UDP traffic is not routed between subnets or is being filtered by a network device.
Broadcast traffic is not routed between subnets or is being filtered by a network device.
Traffic on Port 7 is being filtered by a network device.
For more assistance with troubleshooting Wake-on-LAN, see http://support.intel.com/support/network/sb/

cs-008459.htm

C H A P T E R 8
Scripting
The optional Policy and Scripting Module provides a point-
and-click interface for performing many tasks that would
typically require a manual process or advanced
programming. This feature is available only for computers
that run on the Windows operating system.
“Scripting Module Overview,” on page 103

“Creating and Editing Scripts,” on page 105
“Using the Run Now Function,” on page 111
“Searching Scripting Log Files,” on page 114
“Configuration Policies,” on page 115
Scripting Module Overview
If you purchased the optional KBOX 1000 Series Policy and Scripting Module, you now have a way to easily
and automatically perform a variety of tasks across your network through customized scripts that run
when and where you want them to. You can automate tasks like installing software, checking antivirus
status, changing registry settings, or configuring browser settings by creating a custom script and then
scheduling deployment to the endpoints on your network. Each script consists of metadata, dependencies
(where necessary), rules, tasks, and deployment and schedule settings.
Dependencies are supporting files that are needed for the script to run, such as executable, .zip files, etc.
When creating your script, you will be prompted to upload any required dependencies.
Rules are tasks performed in a specified order on the target machine. Each task determines whether
processing should continue or end at the end of each task.
Tasks are the individual steps being carried out by the script. In each script, you can have any number of
tasks. Whether or not a task is executed is dependent upon the success or failure of the previous task and
any rules for performing subsequent tasks.
There are two types of scripts you can create: policies and jobs. Policies are generally used to perform
tasks that will be repeated, such as checking to see whether McAfee Antivirus is installed and working.
Jobs are used to perform one-time tasks, such as uninstalling software or moving files.

Using Scripts that are Installed with KBOX
KBOX installs the following scripts by default:
Script Name Description
Force Checkin Runs KBScriptRunner on client to force checkin.

WARNING: do not run this with more than 50 clients selected
as this can overload the server with requests.
Defragment the C: drive Example script to defragment the c:
DOS-DIR DOS-DIR
Inventory Startup Programs Fix On some machines, a missing registry entry causes all of the
contents of the system32 directory to be reported as the Star-
tup Programs. This script fixes the registry entry if it is missing.
KBOX Remote Control Disabler Disables KBOX Remote Control functionality on Windows XP
Professional by configuring Terminal Services properly.
KBOX Remote Control Enabler Enables KBOX Remote Control functionality on Windows XP
Professional by configuring Terminal Services properly.
KBOXClient debug logs Disable If the client is checking in and a problem occurs with the inven-
tory and deployment, this script will disable the debug switch.
KBOXClient debug logs Enable If the client is checking in and a problem occurs with the inven-
tory and deployment, this script will enable the client debug
and send the debug back to the server. This only turns on
debug for the inventory and deployment part of the client. It
does not enable debugging of the scheduling service.
Make Removable Drives Read-Only Removable drives may only be mounted read-only. This pre-
vents people from absconding with corporate data, though they
may transport data to their PC.
Make Removable Drives Read-Write Removable drives may be mounted read-write.
Message Window Script Example This is an example script to illustrate use of message window.
Your script must have properly paired create/destroy message
window commands in order to work properly. Message Win-
dows remain displayed until user dismisses, until the script fin-
ishes executing, or until the timeout is reached, whichever
comes first.
Reset KUID Deletes the registry keys that identify a machine. You should
also delete the specific machine record from the inventory tab.
Shutdown a Windows system It specifies timeout in seconds while the message in quotes will
be displayed to the user. Omit for silent immediate shutdown.
USB Drives Disable USB Drives may not be used at all.
USB Drives Enable USB Drives may be used.
Table 8-1: Default scripts in KBOX

Creating and Editing Scripts
There are three ways you can create scripts: by importing an existing script (in XML format), by making a
copy of an existing script, or by creating a new script from scratch. You can perform these actions from the
Scripting | Scripts tab.
The process of creating scripts is an iterative one. After creating a script, it’s a good idea to deploy the
script to a limited number of machines (you can create a test label to do this) so that you can verify it is
doing what you intend before deploying it to all of the machines on your network. It’s good practice to
leave a script disabled until after you have done all of your editing and testing and you are ready to run the
script.

Adding Scripts
Scripts are made up of one or more Tasks. Within each Task there are Verify and Remediation sections
where you can further define the script behavior. If a section is left blank, it defaults to success. For
example, if you leave the Verify section blank, it will end in On Success.
To add a script:
1. Select Scripting | Scripts.

2. Select Add New Item from the Choose action drop-down list. The Script: Edit Detail page appears.
3. In the Configuration area, enter the requested details:
Name Provide a meaningful name for the script to make it easier to distinguish
from others listed on the Scripts tab.
Description Describe briefly the actions the script will perform. Although this field is
optional like the Name field, it will help you to distinguish one script from
another on the Scripts tab.
Type Classify the script as either a Job or a Policy. This distinction has no affect
on how the script will run, however, it can help to differentiate those scripts
that will run regularly (policies) from those that will run only once (jobs).
Status Use this field to indicate whether the script is in development (Draft) or has
been rolled out to your network (Production). Use Template if you are
building a script that will be used as the basis for future scripts.
Enabled Select this check box to run the script on the target machines. Do not
enable until you are finished and want to run it. Enable on a test label
before you enable on all machines.
Allow Run While Dis- Select this option if you want to allow the script to run even if the target
connected machine cannot contact the KBOX 1000 Series to report results. In such a
case, results will be stored on the machine and uploaded to the KBOX 1000
Series until the next contact.
Allow Run While Select this option if you want to allow the script to run even if a user is not
Logged Off logged in. To run the script only when the user is logged into the machine,
clear this option.
4. Specify the deployment options:
Deploy to All Select this check box if you want to deploy to all the Machines.
Machines
Limit Deploy- Select a label to limit deployment only to machines grouped by that label. Press
ment To Selected CTRL and click labels to select more than one label.
Labels
Limit Deploy- You can limit deployment to one or more machines. From the drop-down list,
ment To Listed select a machine to add to the list. You can add more than one machine. You can
Machines filter the list by entering filter options.
Supported Oper- Select an operating system on which the script will run.
ating Systems If you selected a label as well, the script will only run on machines with that label
if they are also running the selected operating system.

Scheduling In the Scheduling area, specify when and how often the script will run.
Don’t Run on a Schedule Tests will run in combination with an event rather
than on a specific date or at a specific time. Use this
option in combination with one or more of the “Also”
choices below. For example, use this option in con-
junction with “Also Run at User Login” to run when-
ever the user logs in.
Run Every n minutes/hours Test will run on every hour and minutes as specified.
Run Every day/specific day at Test will run on the specified time on the specified
HH:MM AM/PM day.
Run on the nst of every month/spe- Test will run on the specified time on the 1st, or 2nd,
cific month at HH:MM AM/PM etc. of every month or only the selected month.
Custom Schedule This option allows you to set an arbitrary schedule
using standard cron format. For example,
1,2,3,5,20-25,30-35,59 23 31 12 * * means:
On the last day of year, at 23:01, 23:02, 23:03,
23:05, 23:20, 23:21, 23:22, 23:23, 23:24, 23:25,
23:30, 23:31, 23:32, 23:33, 23:34, 23:35, 23:59.
The KBOX 1000 Series doesn’t support the extended
cron format.
Also Run Once at next Client This option runs the script once when new scripts
Checkin are downloaded from the KBOX 1000 Series. The
time interval for downloaded scripts is set in KBOX
Settings | Client Options | Scripting Update
Interval.
Also Run at Machine Boot Up This option runs the script at machine boot time. Be
aware that this will cause the machine to boot up
slower than it might normally.
Also Run at User Login This option runs the script after the user has entered
their Windows login credentials.
5. Click Run Now to immediately push the script to all machines. Use this option with caution. For more
information about the Run Now button, see “Using the Run Now Function,” on page 111.
6. To browse for and upload files required by the script, click Add new dependency, click Browse, and
then click Open to add the new dependency file.
Repeat this step to add additional new dependencies as necessary.
7. Click Add Task Section to add a new task. The process flow of a task in a script is shown below.
IF Verify THEN
Success
ELSE IF Remediation THEN
Remediation Success
ELSE
Remediation Failure
Figure 8-2: Example of Task process flow

8. Under Job or Policy Rules, set the following options for Task 1:
Attempts The number of times the script will attempt to run.

If the script fails but remediation is successful, you may want to run
the task again to confirm the remediation step. To do this, set the
number of Attempts to 2 or more. If the Verify section fails, it will be
run Attempts number of times.
On Failure Select Break if you want the script to stop running upon failure.
Select Continue if you want the script to perform remediation steps
upon failure.
9. In the Verify section, click Add to add a step, and then select one or more steps to perform. See
Appendix A,“Steps for Task sections,” starting on page 204.
10. In the On Success and Remediation sections, select one or more steps to perform.
See Appendix A,“Adding steps to a Task,” starting on page 203.
11. In the On Remediation Success and On Remediation Failure sections, select one or more steps to
perform.
See Appendix A,“Adding steps to a Task,” starting on page 203.
To remove a dependency, task, or step, click the trash can icon beside the item.
This icon appears when your mouse hovers over an item.
Editing Scripts
You can edit scripts on the Script: Edit Detail page, or in an XML editor. To use the XML editor, click the
View raw XML editor link at the top of the Script: Edit Detail page. Scripts created using one of the
wizards can be re-edited using the wizard in addition to these methods.
To edit a script:

2. Click the name of the script you want to edit.
The Script: Edit Detail page appears.
3. Modify the script as desired.
4. Click Save.
To delete a script:

2. Select the check box beside the script you want to delete.
3. Choose Delete Selected Item(s) from the Choose action drop-down list.
4. Click OK to confirm deletion.

Importing scripts
If you prefer to create your script in an external XML editor, you can upload your finished script to the
KBOX 1000 Series. Be sure that the imported script conforms to the following structure:
The root element <kbots></kbots> includes the URL of the KACE DTD
“kbots xmlns=”http://kace.com/Kbots.xsd”>...<kbots>
One or more <kbot> elements.
Exactly one <config> element within each <kbot> element.
Exactly one <execute> element within each <config> element.
One or more <compliance> elements within each <kbot> element.
<?xml version=”1.0” encoding=”utf-8” ?>

<kbots xmlns=”http://kace.com/Kbots.xsd”>
<kbot>
<config name=”name=”” type=”policy” id=”0” version=”version=””
description=”description=””>
<execute disconnected=”false” logged_off=”false”>
</execute>
</config>
<compliance>
</compliance>
</kbot>
</kbots>
Figure 8-3: Example of XML structure for KBOX 1000 Series script
In the above example, we see an example of a simple XML script. The <config> element corresponds to
the Configuration section on the Script: Edit Detail page and is where you will specify the name of the
policy or job (optional), and the script type (policy or job). Within this element you also will indicate
whether the script will run when the target machine is disconnected or logged off from the KBOX 1000
Series.
Within the <compliance> element you will specify whether the script is enabled and describe the specific
tasks the script is to perform.
Tip: If you are creating a script that will perform some of the same tasks as an existing
script, you may want to consider creating a copy of that existing script, then opening
the copied script in XML editor view to better understand what is possible in the
<compliance> element. For more information, see “Duplicating scripts,” on page 110.

To import an existing script:
1. Click the Scripting button, then choose the Scripts tab.

2. From the Choose action drop-down list, select Import from XML.
3. Paste the existing script into the space provided, then click Save.
Duplicating scripts
If you have already created a script that performs many of the tasks required of your new script, the
simplest way to begin is to make a copy of the current script, then modify the steps as required, and then
upload any new dependency files.
To duplicate an existing script:

2. Click the linked name of the script you want to copy to open it for editing.
3. Click the Duplicate button.
The Scripts list page appears, which includes a new script named “Copy of xxx”, where “xxx” is the
name of the copied script.
4. Click the linked name of the copied script to open it for editing.
Continue as you would in “Adding Scripts,” on page 106.

Using the Run Now Function
The Run Now function provides a way for you to run scripts on selected machines immediately without
setting a schedule. You may want to use this function if you have machines on your network that you
suspect are infected with a virus or other vulnerability which could compromise your entire network if not
resolved right away. Run Now is also useful for testing and debugging scripts on a specific machine or set
of machines during development.
The Run Now function is available in three places:
Run Now tab - Running Scripts from the Scripting | Run Now tab allows you to run one script at a
time on the target machines.
Script: Edit Detail Page - Running Scripts from the Script : Edit Detail page allows you to run one
script at a time on the target machines.
Scripts List Page - Running scripts from the Scripts List Page using the Run Now option from the
Choose action drop-down list allows you to run more than one script at the same time on the target
machines.
CAUTION: Because a script is deployed immediately when you click Run Now, use
this feature cautiously, and do not deploy unless you are certain that you want to run
the script on the target machines. Be sure to specify a label on which to run the script,
otherwise it will deploy to all machines by default.
See “Creating Labels,” on page 43 for more information.
Run Scripts using the Run Now tab

You can run scrips using the Scripting | Run Now tab.
To run Scripts using the Run Now tab:
1. Select Scripting | Run Now. The Run Now page appears.

2. Select the Script you want to run in the Scripts list. You can use the Filters to filter the Scripts list.
3. Select the machines on which Script needs to run from the Inventory Machines list. Selected
machine name appears in the Machine Names field. You can use the Filters to filter the machine
names list. You can add all the machines by clicking Add All.
Atleast one machine name should be present in the list to run the script.
4. Click Run Now to run the selected Script.
Run Now from the Script Detail page

To use the Run Now function from the Script Detail page:
1. To minimize the risk of deploying to unintended target machines, KACE recommends that you create a
label that represents the machine or machines on which you want to use the Run Now function. See
“Creating Labels,” on page 43 for more information.
2. Select the Scripting tab.

3. Select the script you want to run.
4. Select the label or labels that represent the machine(s) on which you want to run the script. Press
CTRL and click to select multiple labels.
5. Scroll to the bottom of the Scheduling section, then click Run Now.
To use the Run Now function from the Scripts Lists Page:
1. To minimize the risk of deploying to unintended target machines, KACE recommends that you create a
label that represents the machine or machines on which you want to use the Run Now function. See
“Creating Labels,” on page 43 for more information.
2. Select the Scripting tab.
3. Select the script or scripts you want to run.
4. Select Run Now from the Choose action drop-down list.
Monitoring Run Now status

When you click Run Now or select Run Now from the Choose action drop-down list, the Run Now
Status tab appears where you will see a new line item for the script.
The Pushed column indicates the number of machines on which the script is attempting to run. The
Completed column indicates the number of machines that have finished running the script. The numbers
in these columns increment accordingly as the script runs on all of the selected machines. The icons above
the right-hand column provide further details of the script status.
Icon Description
The script completed successfully.
The script is still being run, therefore its success or

failure is unknown.
An error occurred while running the script.
Table 8-4: Run Now Status tab icons

If there were errors in pushing the scripts to the selected machines, you can search the scripting logs to
determine the cause of the error. For more information about searching logs, see “Searching Scripting Log
Files,” on page 114.
The Run Now function communicates over port 52230. One reason a script might fail to
deploy is if firewall settings are blocking the KBOX Agent from listening on that port.

Run Now Detail Page
For more information on a Run Now item, click the linked start time on the Run Now Status page to display
the item’s Run Now Detail page.
The Run Now Detail page displays the results of a script that was run manually using the Run Now
Function, instead of running it on a schedule.
The Push Failures section lists those machines that the server could not contact, and therefore did not
receive the policy. Once pushed, it may take some time for the machine to complete a policy. Machines
that have received the policy, but have not reported their results yet are listed in the Scripts Running
section. After the policy is run, it will report either success or failure. The results will be sorted under the
appropriate section. Each individual computer page also has the results of the Run Now events run on that
machine.

Searching Scripting Log Files
The Search Logs page allows you to search the logs uploaded to the KBOX 1000 Series appliance by the
machines on your network.
To search scripting logs:
1. Select Scripting |Search Logs.

2. Enter the keywords to search for in the Search for field. You can use the following operators to change
how the logs are searched:
Operator Function
+ A leading plus sign indicates the word must be present in the log.
- A leading minus sign indicates the word must not be present in the log.
* A trailing asterisk can be used to find logs that contain words that begin
with the supplied characters.
“ A phrase enclosed in double quotes matches only if the log contains the
phrase exactly as typed.
Table 8-5: Available search operators

3. To search only in logs uploaded by a particular script, choose the script name.
4. Select the log type to search in from the drop-down list. Options include: Output, Activity, Status, and
Debug.
5. In the Historical field, select whether to search in only the most recent logs or in all logs from the
drop-down list.
6. To search only in logs uploaded by KBOX Agents in a particular label group, select the label from the
drop-down list.
7. Click Search.

Configuration Policies
The Configuration Policy page displays a list of wizards you can use to create policies that manage various
aspects of the computers on your network.
To access the list of available Configuration Policy wizards, click the Scripting button, then select the
Configuration Policy tab. This section includes descriptions of the settings for each of the policies you
can create.
Available wizards include:
Enforce Registry Settings
Remote Desktop Control Troubleshooter
Enforce Desktop Settings
Desktop Shortcuts Wizard
Event Log Reporter
MSI Installer Wizard
UltraVNC Wizard
Un-Installer Wizard
Windows Automatic Updates Settings.

Enforce Registry Settings
This wizard allows you to quickly create scripts that enforce particular registry settings.
To enforce registry settings:
1. Use regedit.exe to locate and export the values from the registry that you are interested in.
2. Open the .reg file that contains the registry values you want with notepad.exe and copy the text.
3. Select Scripting |Configuration Policy.
4. Click Enforce Registry Settings. The Configuration Policy : Enforce Registry Settings page appears.
5. Enter a policy name in the Policy Name field.
6. Paste the copied registry values into the Registry File field.
7. Click Save.
After clicking Save you will be taken to the Script: Edit Detail page, where you will need to enable and
set a schedule for this policy to take effect.
A new script will be created that will check that the values in registry file match the values found on the
target machines. Any values that are missing or incorrect will be replaced.
See “Adding Scripts,” on page 106 for more information.
Remote Desktop Control Troubleshooter

This editor creates a troubleshooting script for the KBOX 1000 Series Remote Control functionality. The
script that this page generates will test the following things:
Terminal Services: To access a Windows XP Professional machine using Remote Desktop, Terminal
Services must be running. This script will verify that this is the case;
Firewall Configuration: If the Windows XP SP2 Firewall is running on the machine, several different
configurations may be affecting whether the Remote Desktop requests are being blocked by the
firewall.
To troubleshoot remote behavior:

2. Click Remote Desktop Control Troubleshooter. The Configuration Policy : Remote Control
Troubleshooter page appears.
Under Firewall Configuration, specify the desired settings.
3. Click Save.
set a schedule for this policy to take effect. See “Adding Scripts,” on page 106 for more information.

Enforce Desktop Settings
This wizard allows you to build policies that affect the user's desktop wallpaper. The Wallpaper bitmap file
is distributed to each machine affected by the policy. This file must be in the Bitmap (.bmp) format.
To create a policy to enforce Desktop Settings:

2. Click Enforce Desktop Settings.
3. Select the Use wallpaper check box to enforce this setting.
4. Click Browse to select and upload the .bmp file to use for the wallpaper.
5. Select a position for the wallpaper image from the Position drop-down list. Select Stretch to stretch
the image so that it covers the entire screen. Select Center to display the image in the center of the
screen. Select Tile to repeat the image over the entire screen.
6. Click Save.
Desktop Shortcuts Wizard

This wizard allows you to quickly create scripts that add shortcuts to users' Desktop, Start Menu, or Quick
Launch bar. You can create an Internet shortcut and can put a URL to the target with no parameters and
working shortcut.
To create scripts to add shortcuts:

2. Click Desktop Shortcuts Wizard. The Configuration Policy : Enforce Shortcuts page appears.
3. Enter a name for the desktop shortcut policy in the Policy Name field.
4. Click Add Shortcut.
5. Specify the shortcut details.
Name The text label that will appear below or beside the shortcut.
Target The application or file that is launched when the shortcut is clicked, e.g., Program.exe.
Parameters Any command line parameters. For example:
/S /IP=123.4
WorkingDir Changes current working directory. For example:
C:\Windows\Temp
Location Select the location where the shortcut will appear from the drop-down list. Options
include Desktop, Quick Launch, and Start Menu.
6. Click Save Changes to save the new shortcut.

7. Click Add Shortcut to add more shortcuts. To edit or delete a shortcut, hover over a shortcut and click
the Trash can icon that appears.
8. Click Save.

Event Log Reporter
This wizard creates a script that queries the Windows Event Log and uploads the results to the KBOX 1000
Series.
To create an Event Log query:

2. Click Event Log Reporter. The Configuration Policy : Event Log Reporter page appears.
3. Specify query details:
Output filename The name of the log file created by the script.
Log file The type of log you want to query. Options include Application, System,
and Security.
Event Type The type of event you want to query. Options include Information, Warn-
ing, and Error.
Source Name Use this optional field to restrict the query to events from a specific source.
4. Click Save.
MSI Installer Wizard

This wizard helps you set the basic command line arguments for running MSI based installers. See the MSI
Command Line documentation for full details.
To create the MSI Installer policy:

2. Click MSI Installer Wizard. The Configuration Policy : MSI Wizard page appears.
Action Select a task. Options include Install, Uninstall, Repair missing

files, and Reinstall all files.
Software Select the application you want to install, uninstall, or modify.
MSI filename Enter a MSI filename.
User Interaction Select an option to specify how the installation should appear to end
users. Options include: Default, Silent, Basic UI, Reduced UI, and
Full UI. See MSI documentation for a complete description of the
available options.
Installation Directory Specify the installation directory.
Additional Switches Include any additional installer switches. Additional Switches will be
inserted between the msiexe.exe and the /i foo.msi arguments.

Additional Properties Include any additional properties. Additional Properties will be
inserted at the end of the command line.
For example:
msiexec.exe /s1 /switch2 /i patch123.msi TARGETDIR=C:\patcher
PROP=A PROP2=B
Feature List Enter the features to install. Separate features with commas.
Store Config per Select this box to do per-machine installations only.
machine
After install Select the behavior after installation. Options include:
Delete installer file and unzipped files
Delete installer file, leave unzipped files
Leave installer file, delete unzipped files
Leave installer file and unzipped files.
Restart Options Select the restart behavior. Options include:
No restart after installation
Prompts user for restart
Always restart after installation
Default
Logging Select the type(s) of installer messages to log. Press CTRL and click
to select multiple message types. Options include:
None
All Messages
Status Messages
Non-fatal warnings
All error messages
Start up actions
Action-specific records
User requests
Initial UI parameters
Out-of-memory or fatal exit information
Out-of-disk-space messages
Terminal properties
Append to existing file
Flush each line to the log
See MSI documentation for a complete description of the available

logging options.
Log File Name Specify the name of the log file.
4. Click Save.

UltraVNC Wizard
The UltraVNC Wizard creates a script to distribute UltraVNC to Windows computers on your network.
UltraVNC is a free software solution that allows you to display the screen of a computer (via Internet or
network) on another computer. You can use your mouse and keyboard to control the other computer
remotely. It means that you can work on a remote computer, as if you were sitting in front of it, right from
your current location.This wizard creates a script to deploy UltraVNC to your computers. See UltraVNC
documentation for complete details.
Go to http://www.uvnc.com/ for UltraVNC downloads and documentation.
To distribute UltraVNC to the computers on your network:
1. Select Scripting | Configuration Policy.

2. Click UltraVNC Wizard. The Configuration Policy : Ultra VNC Wizard page appears.
3. Specify UltraVNC installation and authentication options:
Install Options Install Mirror Driver Check the Mirror Driver box to if you want to install
the optional UltraVNC Mirror Video Driver.
The Mirror Video Driver is a driver that UltraVNC
can use to be quickly and efficiently notified with
screen changes. Using it on an UltraVNC server
results in an excellent accuracy. The video driver
also makes a direct link between the video driver
framebuffer memory and UltraWinVNC server.
Using the framebuffer directly
eliminates the use of the CPU for intensive screen
blitting, resulting in a big speed boost and very low
CPU load.
See UltraVNC documentation for complete details.
Install Viewer Check the Mirror Driver box to if you want to install
the optional UltraVNC Mirror Video Driver.
Authentication VNC Password Provide a VNC password for authentication.
Require MS Logon If you want to use MS Logon authentication, use
MSLogonACL.exe /e acl.txt
to export the ACL from your VNC installation. Copy
and paste the contents of the text file into the ACL
field.
It is advisable to look at the script that is generated
by this wizard to make sure it is doing something
you expect. You can view the raw script by clicking
View raw XML Editor on the Script Detail page.

4. Specify UltraVNC miscellaneous options:
Disable Tray Icon Check this box if you do not want to display the UltraVNC tray icon
on the target computers.
Disable client options in tray If you did not check Disable Tray Icon, check this box if you do not
icon menu want to display client options in the tray icon menu on the target
computers.
Disable properties panel Check this box to disable the UltraVNC properties panel on the tar-
get computers.
Forbid the user to close down Check this box if you do not want to allow computer users to shut
WinVNC down WinVNC.
5. Click Save.
Un-Installer Wizard
This wizard allows you to quickly build a script to uninstall a software package. The resulting script can
perform three actions: Execute an uninstall command;Kill a process; and Delete a directory.
To create an uninstaller script:

2. Click Un-Installer Wizard. The Configuration Policy : Uninstaller page appears.
Job Name Enter a name for the uninstaller script.

Software Item Select the software item to uninstall.
The wizard will attempt to fill in the correct uninstall command.
Verify that the values are correct.
Uninstall Command Directory When you select the software item, the wizard will attempt to
fill in the uninstall command directory, file, and parameters.
Uninstall Command File
Uninstall Command Review the entries to make sure the values are correct.
Parameters
Kill Process To have a process killed before executing the uninstall com-
mand, enter the full name of the process in the Kill Process
field. (For example: notepad.exe)
Delete Directory. To have a directory deleted after executing the uninstall
command, enter the full name of the directory in the Delete
Directory field here. (For example: C:\Program Files\An
Example App\).
4. Click Save.

Windows Automatic Update Settings policy
This policy allows you to configure a script to control Windows Automatic Updating system. Detailed
information can be found at Microsoft's Knowledge Base Article 328010 (http://support.microsoft.com/kb/
328010).
To modify Windows Automatic Update settings:

2. Click Windows Automatic Update Settings. The Windows Automatic Update Policy page appears.
The Windows Automatic Update Policy page appears.
Automatic (recommended) Select this option to enable automatic downloading of Windows

Updates.
Download updates for me, but Select this option to ensure that you always receive the latest
let me choose when to install downloads, but retain the flexibility to decide when to install them.
them.
Notify me but don’t automati- Select this option provides for the most flexibility. Be aware, how-
cally download or install them. ever, that this may make your network more vulnerable to attack if
you neglect to retrieve and install the updates on a regular basis.
Turn off Automatic Updates Select this option if you are using the KBOX 1000 Series Patching
feature to manage Microsoft patch updates.
Remove Admin Policy. User Select this option to provide users with control over the update
allowed to configure. process. Be aware, however, that this may make end-users, and
therefore your network, more vulnerable to attack.
4. Select the interval (in minutes) to wait to reschedule an update if the update fails from the
Reschedule Wait Time drop-down list.
5. Specify whether or not to reboot while a user is logged in.
6. Enter the details for the SUS Server and SUS Server Statistics.
7. Click Save.

C H A P T E R 9
Patching
The KBOX 1000 Series Patching feature enables you to

quickly and easily deploy Microsoft patches to your
network. This feature is available only for computers that
run on the Windows operating system.
“Overview of Patching feature,” on page 124

“Bulletin Management workflow,” on page 126
“Updating Patch definitions,” on page 131
Overview of Patching feature
The KBOX 1000 Series patching feature provides access to the latest Microsoft Security bulletin updates for
Windows platforms including Microsoft Office programs. Microsoft updates its list of Security bulletins
nightly, and new patches are available for download from the KBOX 1000 Series daily beginning at 3 AM.
The KBOX 1000 Series automatically downloads patch software and creates managed installations based
on the configured patch settings.
You can view the list of available bulletins, see which bulletins require attention, and access other patching
functions from the Distribution | Patches tab.
The Bulletin Management view of the Patches tab provides a central interface where you can easily review,
approve, or decline patches, as well as access all other patch functions.
From the Distribution | Patches tab you can:
Filter and search patch bulletins
Approve or decline bulletins
Configure and troubleshoot patch deployment
Create a new Replication Share
Create a new Windows update policy
See a list of computers currently patching
Run patch reports
View patch status.
To sort the bulletin list view by status, importance, or bulletin year, click one of the links at the top of the
page under Bulletin Lists. The Patch Listing page appears.
The Patch Listing page provides a list of all available bulletins, which you can further sort based on status,
bulletin year, importance, bulletin year, or affected operating system. You can also view only those
bulletins that encountered errors during deployment.
To view details about a specific patch, click the linked name of the bulletin.
The Patch Listing page uses the following icons to convey the status of a bulletin:
Icon Description
No icon Bulletin needs review.

The bulletin is approved for distribution.
The bulletin is under review.
The bulletin is declined and will not be distributed.
Table 9-1: Patch List icons
The Patch Listing page also contains the following information:

Importance - The severity rating of the patch: Unrated, Low, Moderate, Important, or Critical
Expected - The number of computers to which the patch will be deployed

ToDo - The number of computers still to be patched
Error - The number of errors encountered during the patch process.
To return to the Bulletin Management page from the Patch Listing page, click the
Patches tab again.

Bulletin Management workflow
The process for deploying patches on your network follows these basic steps: Downloading, Reviewing/
Approving, Deploying, and Reporting. The sections that follow describe each of these steps in detail along
with associated tasks and settings.
The Bulletin Management page provides a dashboard from which you can access all the necessary patch
deployment tasks.
The Bulletin Lists offer a filtered view of the bulletins so you can scale the list to specific bulletins by year,
importance (critical), or status (approved or declined).
Downloading patch bulletins

As mentioned previously, the KBOX 1000 Series automatically downloads all new patches available from
Microsoft every day. However, you can modify the patch configuration settings to only download bulletins
from a certain year, invoke an immediate patch download, or delete all software associated with previously
downloaded patches.
To configure patch download settings:
1. Select Distribution |Patches.

2. Under Associated Activities, click the Change Patch Settings link.
The Patch Settings page appears.
4. Under Download Patches from, select the bulletin year.
5. To update patch definitions immediately, click Update Patches Now.
6. To delete all software associated with previously download patches, click Delete Patches ( ).
The number of Managed Installations that will be deleted is in parenthesis.
Reviewing & approving bulletins

When new bulletins appear in the KBOX 1000 Series, they appear under the Need Review Bulletins section
of the Bulletin Management page so that you can easily see which bulletins need your attention. You
should review items listed here and move them to the appropriate category (Approved, Reviewing, or
Declined) as soon as possible.
You can review and approve bulletins in several ways: from the Needs Review Bulletin list, from the Patch
List page, or from the individual bulletin detail page. Both the Needs Review Bulletin and Patch List offer
the option of modifying multiple bulletins at once.
Additionally, you can sort the bulletin view by the most Critical bulletins to ensure that you approve and
deploy the most sensitive bulletins as quickly as possible.
To review bulletins from the Needs Review Bulletin list:
1. Select Distribution | Patches.

2. Under the Needs Review Bulletins, select the check box beside the bulletin(s) you want to modify.
3. Select the check box beside the bulletin(s) you want to modify.
4. Select the check box next to the check mark in the header to select all bulletins.

5. Select one of the following options from the Choose action drop-down list:
Needs review The default option on this page. Bulletin will remain on the Needs Review
list. Bulletin will not be distributed.
Reviewing The bulletin is moved out of the Needs Review list, but still requires an
Approved status before it will be deployed.
Approved The bulletin will be deployed according to the patch settings you specify.
Declined The bulletin will be removed from the Needs Review list.
6. Click Save.
To review patches from the Patch listing:

2. Under To Do Lists, click the Need Review Bulletins link. The Patch Listing page appears.
3. Select the check box beside the bulletin(s) you want to modify.
4. From the Choose action drop-down list, select the desired status. You can change the status of
bulletins in batches or individually. There are several ways to change the status of a bulletin:
From the Bulletin Management page
From the Patch List page
From the Bulletin Detail page.
To change the status of all open bulletins at once:
1. From the Bulletin Management Page, under Need Review Bulletins, click the + Bulletins link to
expand the list.
2. Scroll down and select the Check All Bulletins check box.
3. Select the desired status:
Reviewing
Approved
Declined.
4. Click Save.
To change bulletin status individually:
1. From the Bulletin Management Page, under Need Review Bulletins, click the + Bulletins link to
expand the list.
2. Click the linked bulletin number. The Bulletin: Detail page appears in a new browser window.
3. Select the desired status:
Needs review
Reviewing
Approved
Declined.

4. Click Save.
If you see the word WARNING on this page, it means that the settings for the various
Managed Installations listed are different from each other. Clicking Save under these
circumstances will overwrite those different settings with the values you specify on this
page.
To see a list of software titles affected by this bulletin, scroll down to the bottom of the page.
Deploying bulletins
When you approve a bulletin, you will see the Bulletin: Detail page where you will see the bulletin details,
such as the computers to which you want to deploy bulletins be deployed to, operating systems affected,
and links to access the Managed Installation details for the bulletin.
By default, approved bulletins are set to execute the next time a machine checks in to the KBOX 1000
Series. You can configure this and other settings, such as installation behavior, user interaction, and
deployment window from the Patch Settings page.
To configure bulletin deployment settings:
1. Select Distribution |Patches.

2. Under Associated Activities, click the Change Patch Settings link.
The Patch Settings page appears.
3. Click the [Edit Mode] link to modify settings.
4. Enter Patch Download Maintenance information as follows:
Download Patches From Select a year from the drop-down list.

Update Patches Now Click Update Patches Now to update your list of patches.
Delete all Patch Software Click Delete Patches to delete all downloaded patches.
5. Specify the following Default Patch Settings:
Managed Action Select a Managed Action from the drop-down list. This dictates
deployment behavior. Options include:
Execute before logon (at machine bootup)
Execute while user logged off.
Quiet Install Select this check box to install the patch without notifying the user.
Suppress Reboot Select this check box to install the patch without requiring the users
machine to reboot.
Deployment Window By default, the KBOX 1000 Series will attempt to deploy this patch
for 24 hrs. Select a time on a 24-hour clock to open the deployment
window and a time to close the deployment window.

Limit Specify the label(s) to which you want to deploy the patch. KACE
Deployment To recommends deploying patches to a test label with a small number
of machines before deploying more widely on your network.
Press CTRL and click to select multiple labels.
Max Attempts Specify the maximum number of times (between 1 and 99) the
KBOX 1000 Series will attempt to install the patch before giving up.
Allow Snooze Select this check box to allow users to delay patch installation until a
later time.
Pre-Install Message Select this check box to display a message to users before installing
the patch. Additional Pre-Install Message fields appear.
Pre-Install User Message Enter the message text that will displayed to users before installing
the patch.
Pre-Install Message Timeout Enter a timeout duration for the message in minutes.
Pre-Install Message Select one of the following options from the drop-down list. This
Timeout Action action will be taken if the time duration is reached. Options include:
Install Now
Install Later
Post-Install Message Select this check box to display a message to users after installing
the patch. Type message in space provided.
Post-Install Enter the message text that will displayed to users after the patch is
User Message installed.
Post-Install Message Time- Enter a timeout duration for the message in minutes.
out
Delete Downloaded Files Select to download all the files after the patch is installed.
6. To apply these changes across all patches, select the Apply changes to existing patches check box.
7. Click Save.

Reporting patching results
There are several ways you can access patching results. To see which patches were unsuccessful, for
example, you could select Bulletins with deployment errors from the To Do Lists section of the Bulletin
Management page, or sort the Patch Listing page by Bulletins with Errors.
For more details about patching status and results, you can refer to the Computer Information, Patch
Reports, and Patch System Status sections of the Bulletin Management page.
Computer Information includes the Machine name, IP Address, Last Sync, Last User Logged In, and the
Number of Patches for each machine to which patches were deployed.
The Patch Reports section provides quick links for viewing reports on:
Critical Bulletin List
For each Machine, what patches are installed
For each Patch, what machines have it installed
How many computers have each Patch installed
Installation Status of each enabled Patch
Needs Review Bulletin List
Patches waiting to be deployed.
The Patch System Status gives an overview of the number of bulletins that have been downloaded from
Microsoft, the status of the last update, and the date and time of the last attempted and successful
downloads.
Creating a Replication Share for patches

A Replication Share allows a KBOX Agent to replicate software installers to a share for use by other KBOX
Agents. This allows KBOX Agent machines to download patch software from the share instead of directly
from the KBOX 1000 Series. This is useful if you have machines in a remote office where downloading the
software once for each machine would impact the network.
For more information about creating Replication Shares, see Chapter 6,“Replication,” starting on page 91.
Create new Windows Update Policy

The KBOX 1000 Series provides a way for you to control the behavior of the Windows Update feature. This
feature allows you to specify how and when Windows updates are downloaded so that you can control the
update process for the computers on your network. Although this functionality is accessible from the
Bulletin Management page, the configuration settings reside under the Scripting | Configuration Policy
tab. For more information about this policy, see “Windows Automatic Update Settings policy,” on page 111.

Updating Patch definitions
Although the definitions for Microsoft patches are updated automatically on a scheduled basis,
you can retrieve the latest files manually from the Server Maintenance page.
To update the Patch definitions:

2. To update Microsoft patches, click Change Patch Setting.

C H A P T E R 10
Security
The optional KBOX 1000 Series Security Enforcement and

Audit Module allows you to run vulnerability tests on your
network using Open Vulnerability and Assessment
Language (OVAL). This feature is available only for com-
puters that run on the Windows operating system.
“Security Module Overview,” on page 133

“OVAL Tests,” on page 134
“OVAL Reports,” on page 138
“Creating Security Policies,” on page 139
Security Module Overview
If you purchased the optional KBOX 1000 Series Security Enforcement and Audit Module, you can ensure
the health of your network by running vulnerability tests on the computers in your network, then, based
on testing results, you can determine how to bring the computers back into compliance. You can
customize security policies to enforce certain rules, schedule tests to run automatically, and run reports
based on testing results.
The KBOX 1000 Series Security Enforcement and Audit Module uses Open Vulnerability and Assessment
Language (OVAL), an internationally recognized standard for detecting security vulnerabilities and
configuration issues on computer systems. OVAL is compatible with the Common Vulnerabilities and
Exposures (CVE) list, which provides common names used to describe known vulnerabilities and
exposures.
The ability to describe vulnerabilities and exposures in a common language makes it easier to share
security data with other CVE-compatible databases and tools.
Note that the OVAL tests available with your KBOX 1000 Series when it is first installed
might be out of date. After installation, the KBOX 1000 Series will automatically check
for updates nightly. You can see the current OVAL version on the KBOX Summary Info
page (Reporting | Summary).
About OVAL and CVE

OVAL relies on definitions submitted by members of the security community on the Community Forum, by
MITRE Corporation, or by the OVAL Board, to detect vulnerabilities on your network. OVAL uses the
vulnerabilities on the CVE List as the basis for most of its definitions. CVE content is determined by the CVE
Editorial Board, which is composed of experts from the international information security community.
Any new information about a vulnerability that is uncovered as a result of discussions on the Community
Forum are sent to the CVE Initiative for possible addition to the list. For more information about CVE visit
http://cve.mitre.org.
OVAL definitions pass through a series of phases before being released. Depending on where a definition
is in this process, it will likely be assigned a status of DRAFT, INTERIM, or ACCEPTED. Other possible
values for status are Initial Submission and Deprecated. For more information about the stages of OVAL
definitions, visit http://oval.mitre.org/about/stages.html.
Status Description
Draft Definitions with this status have been assigned an OVAL ID number and are under discus-
sion on the Community Forum and by the OVAL Board.
Interim Definitions with this status are under review by the OVAL Board and available for discus-
sion on the Community Forum. Definitions are generally assigned this status for two
weeks, unless further changes or discussion are required.
Accepted Definitions with this status have passed the Interim stage and are posted on the OVAL
Definition pages. All history of discussions surrounding Accepted definitions are linked
from the OVAL definition.
Table 10-1: OVAL status definition descriptions

OVAL Tests
The KBOX 1000 Series checks nightly for updates to the list of available OVAL definitions. Definitions are
displayed on the OVAL Tests tab, along with their associated OVAL ID and CVE Number. Search for a
specific OVAL test by operating system, vulnerability, or by OVAL ID or CVE Number.
To view the list of OVAL definitions, click the Security button, then select the OVAL Tests tab.
To view the details of a test, click the linked definition to view the OVAL Test Detail page.
When OVAL tests are enabled, all of the available OVAL tests are run on the target machines.
Definition status
Click the OVAL-ID or
CVE-ID for more details
about a vulnerability
The steps used to test

for the vulnerability
The computers detected to have this vulnera-

bility along with the IP address and operating
systems of the affected computers
Figure 10-2: OVAL Test Definition page
OVAL Test details do not indicate the severity of the vulnerability. Use your own judgement when
determining whether to test your network for the presence of a particular vulnerability.

The table below contains an explanation of the fields found on the OVAL Tests Definition page.
Field Description
OVAL-ID Click the OVAL-ID to visit an external Web site with more details about the vulnera-
bility. The status of the vulnerability follows the OVAL-ID. Possible values are DRAFT,
INTERIM, or ACCEPTED.
Class Indicates the nature of the vulnerability. Possible values are: compliance, depre-
cated, patch, and vulnerability.
Ref-ID Click the Ref-ID to visit an external Web site for more details about the vulnerability.
Description The common definition of the vulnerability as found on the CVE list.
Definition Specifies the testing steps used to determine whether or not the vulnerability exists.
Table 10-3: OVAL Test Definition page fields
The table at the bottom of the page displays the list of computers in your network that contain this
vulnerability. For convenience, a printer-friendly version of this data is available.
Running OVAL Tests

The KBOX 1000 Series runs OVAL tests automatically based on the schedule specified in OVAL Settings.
Because OVAL Tests take up a considerable amount of memory and CPU, they will impact the performance
of the target machines. OVAL Tests take between 5 and 20 minutes to run. Therefore, to minimize the
disruption to your users, it is best to run OVAL Tests once a week, or once a month during off hours when
your users are least likely to be inconvenienced. For example, you may want to schedule OVAL to run once
a week on a Saturday.
If you are only running OVAL Tests periodically, or if there are only select machines whose OVAL Test
results you are concerned about, you could assign a label to those machines and use the Run Now
Function to run OVAL Tests on those machines only. For more information about the Run Now Function,
see “Using the Run Now Function,” on page 101.
OVAL Updates
The KBOX 1000 Series checks www.kace.com for new OVAL definitions nightly, but you should expect new
definitions weekly. If you have OVAL tests enabled, the KBOX 1000 Series will download new OVAL
definitions to all client machines on the next scripting update interval whenever a new package becomes
available, regardless of the OVAL schedule settings. The .zip file that contains the updates could be up to
2MB, so use caution when enabling OVAL Tests for the computers on your network, as the size of the
package could impact the performance of users’ machines, particularly those on dialup connections.
For this reason, a good rule to follow is to only enable OVAL Tests when you want to run them. For
example, if you wanted to schedule OVAL Tests to run on January 1st, you could disable them on January
2nd, and not enable them again until close to the next time you want them to run. Any OVAL updates that
are pulled down while the OVAL Tests are disabled will be stored on the KBOX 1000 Series and only
pushed out to the target machines when enabled again.

OVAL Settings and Schedule
By default, OVAL is set to run on all machines, on all operating systems, and at 3AM.
To specify OVAL settings:
1. Select Security | Oval Settings. The OVAL Settings & Schedule page is displayed.
2. Specify the Configuration settings:
Enabled Run OVAL on the target machines. Only enabled OVAL Tests will run
when you want to run them.
Allow Run While Disconnected Run OVAL on the target machines, but store test results on the
target machine until they can be uploaded to the KBOX 1000 Series.
Allow Run While Logged Off Run OVAL even if a user is not logged in. With this turned off, the
script will only run when a user is logged into the machine.
3. Edit deployment settings as shown in the following table:

Deploy to All Machines Select this check box if you want to deploy to all the Machines. Click OK in
the confirmation dialog box.
Limit Deploy To You can limit deployment to one or more labels. Press CTRL and click
to select more than one label.
Supported Operating Select the operating system to which you want to limit deployment. Press
Systems CTRL and click to select more than one operating system.
Note: Leave blank to deploy to all operating systems.
4. In the Scheduling area, specify the time and frequency for running OVAL:
Don’t Run on a schedule Tests will run in combination with an event rather than on a
specific date or at a specific time. Use this option in combina-
tion with one or more of the “Also” choices below. For example,
use this option in conjunction with “Also Run at User Login” to
run whenever the user logs in.
Run Every n minutes/hours Test will run on every hour and minutes as specified.
Run Every day/specific day at ... Test will run on the specified time on the specified day.
Run on the nst of every month/ Test will run on the specified time on the 1st, or 2nd, etc. of
specific month at... every month or only the selected month.
Custom Schedule This option allows you to set an arbitrary schedule using stan-
dard cron format. For example, 1,2,3,5,20-25,30-35,59 23 31
12 * * means:
On the last day of year, at 23:01, 23:02, 23:03, 23:05, 23:20,
23:21, 23:22, 23:23, 23:24, 23:25, 23:30, 23:31, 23:32, 23:33,
23:34, 23:35, 23:59. The KBOX 1000 Series doesn’t support the
extended cron format.
Also Run Once at next Client If this option is selected, test will run once at next client
Checkin checkin. It is recommended to avoid this option because this
option will run tests when the user’s machine is in use. Select-
ing this option could impact the machine’s performance.

Also Run at Machine Boot Up If this option is selected, test will run at machine boot up. It is
recommended to avoid this option because this option will run
tests when the user’s machine is in use. Selecting this option
could impact the machine’s performance.
Also Run at User Login If this option is selected, test will run at user login. It is recom-
mended to avoid this option because this option will run tests
when the user’s machine is in use. Selecting this option could
impact the machine’s performance.
5. To run the script immediately, click Run Now.

The Run Now button only runs tests on the machines selected in the Deployment area, specified in
steps 3 and 4 above. For more information about Run Now, see “Using the Run Now Function,” on
page 101.

OVAL Reports
The OVAL Reports tab displays a list of all of the OVAL Tests that have been run. At a glance, you can see
which OVAL Tests failed and the number of computers that failed each OVAL test.
From the test detail view, you can see all of the computers that failed that OVAL Test and you can assign a
label to those machines so that you can patch them at a later time.
In addition, the Computer Reports tab offers a list of machines with OVAL results where you can see a
summary of tests run on specific computers. The label under the Machine column is the KBOX 1000 Series
inventory ID assigned by the Inventory module.
For more information about any of the computers on the report, click the linked machine name to go to the
computer’s Inventory Detail page.

Creating Security Policies
The KBOX 1000 Series Security Module includes several wizards that can help you create security policies
to manage the computers on your network. To view the list of available security policies you can create,
Select Security | Security Policy. This section includes descriptions of the settings for each of the
policies you can create.
After you click Save on one of the policy wizard screens, the Scripting tab will appear where you can
specify when to run the script and which machines will be targeted. If you want to modify a script that was
created using one of these wizards, you can either re-edit it using the wizard or you can edit the script in
the KBOX 1000 Series script editor. Opening the script in the regular KBOX 1000 Series script editor is also
a useful way to determine exactly what actions the script performs.
Available wizards include:
Enforce Internet Explorer Settings
Enforce XP SP2 Firewall Settings
Enforce Disallowed Programs Settings
Enforce McAfee AntiVirus Settings
McAfee SuperDAT Updater
Enforce Symantec AntiVirus Settings
Quarantine Policy
Lift Quarantine Action.
Enforce Internet Explorer Settings

This policy allows you to control user’s Internet Explorer preferences. You can choose to control some
preferences, while leaving others as user-defined. Policy settings enforced by you will overwrite the users’
corresponding Internet Explorer preferences. Because this script modifies user settings, you will need to
schedule it to run when the user is logged in.
To set the Internet Explorer settings policy:
1. Select Security | Security Policy.

2. Click Enforce Internet Explorer Settings.
3. In the User Home Page area, select Enforce User Home Page policy, then specify the URL to use as
the home page.
4. In the Security area, select the Enforce Internet Zone settings policy check box, then choose the
security level.
5. Select the Enforce Local Intranet Zone settings policy check box, then choose the security level.
6. Set the following options:
Include all local (intranet) sites not listed in other zones
Include all sites that bypass the proxy server
Include all network paths (UNCs)
7. Select the Enforce Trusted Zone settings policy check box, then choose the security level.
8. Select the Enforce Zone Map check box, then specify the IP addresses or ranges for the following
zones:

Restricted sites
Locale Intranet sites
Trusted sites
9. Select the Enforce Privacy settings policy check box, then set the Cookie policy.
10. Select the Enforce pop-up settings policy check box, then set the following options:
Pop-up filter level
Web sites to allow
11. Click Save.
After clicking Save you will be taken to the Script: Edit Detail page where you must enable and set a
schedule for this policy to take effect.
Enforce XP SP2 Firewall Settings

This policy enables you to enforce firewall settings on endpoint computers running Windows XP with
Service Pack 2. You can enforce different policies based on whether the endpoint computer has
authenticated with a domain controller, or is accessing the network remotely, from home or through a
wireless hotspot. If your endpoint computer has authenticated with a domain controller, it uses the
Domain Policy; otherwise, it uses the Standard Policy, so you might want to configure it to impose tighter
restrictions.
To set the XP SP2 Firewall settings policy:

2. Click Enforce XP SP2 Firewall settings.
3. In either the Domain Policy or Standard Policy areas, indicate whether Firewall is Enabled, Disabled,
or if No Policy is in effect.
4. Select or clear the Enable logging check box, then specify a location and name for the log file.
By default, the log is stored here: C:\Program Files\KACE\firewall.log.
5. Select or clear the check boxes for the following settings:
Allow WMI traffic Enables inbound TCP traffic on ports 135 and 445 to traverse the
firewall. These ports are necessary for using remote administra-
tion tools such as the Microsoft Management Console (MMC) and
Windows Management Instrumentation (WMI).
Allow Remote Desktop Enables inbound TCP traffic on port 3389 to traverse the firewall.
This port is required for the computer to receive Remote Desktop
requests.
Allow file and printer sharing Enables inbound TCP traffic on ports 139 and 445, and inbound
UDP traffic on ports 137 and 138. These ports are required for
the machine to act as a file or printer sharing server.
Allow Universal Plug-and-Play Enables inbound TCP traffic on port 2869 and inbound UDP traffic
(UPnP) on port 1900. These ports are required for the computer to
receive messages from Plug-and-Play network devices, such as
routers with built-in firewalls.

6. To specify Inbound Port Exceptions, click Add Port Exception.
Inbound Port Exceptions enables additional ports to be opened in the firewall. These may be required
for the computer to run other network services. An Inbound port exception is automatically added for
port 52230 for the KACE Client Listener, which is required to use the Run Now functionality.
7. Specify a Name, Port, Protocol, and source for the exception.
8. Click Save.
After clicking Save you will be taken to the Script: Edit Detail page, where you must enable and set a
Enforce Disallowed Programs Settings

This policy allows you to quickly create a script that prevents certain programs from running on the
endpoint machines. After the resulting script is executed on a target machine, these policies take effect
only after the next reboot of that machine. On Windows XP or 2000, you can add a shutdown command as
the last step of the script to force a reboot, which will enable the policy to take effect right away.
The script created as a result of this wizard will overwrite any disallowed program
settings on the target machines.
To set the Disallowed Programs settings policy:

2. Click Enforce Disallowed Programs Settings.
3. Specify a name for the policy.
4. Select or clear the Disallow programs check box.
When checked, all disallowed programs will be prevented from running. When unchecked, all programs
will be allowed to run.
5. Add disallowed programs.
To prevent Notepad from running, for example, enter notepad.exe.
6. Click Save.
After clicking Save you will be taken to the Script: Edit Detail page, where you must enable and set a

Enforce McAfee AntiVirus Settings
This policy allows you to configure which McAfee VirusScan features are installed. This policy works with
McAfee VirusScan version 8.0i and verifies that the software is installed with the configuration you specify
here. It also confirms that the OnAccessScan (McShield) is running.
You will need to zip the McAfee VirusScan installation directory and upload it here. A Software Inventory
item will be created automatically if it does not already exist.
To set the McAfee AntiVirus settings policy:
1. Zip the McAfee VirusScan installation directory.

3. Click Enforce McAfee AntiVirus Setting.
4. Click Browse to search for the McAfee zip file.
5. Use the User Interaction drop-down list to specify how the installation should appear to your users.
For a description of the available options, refer to the McAfee documentation.
6. Select the McAfee AntiVirus features to install.
Press CTRL and click to select multiple features. To install the Alert Manager, use the McAfee tools to
include the Alert Manager installation files in the deployment package. Please consult the McAfee
documentation for specific information about the features available here.
7. Select or clear the following check boxes:
Enable On Access Scanner
Lockdown VirusScan Shortcuts
Preserve earlier version settings
Remove other anti-virus software.
8. Specify the location on the target machine where the following files will be installed:
McAfee installation
Alert Manager
SITELIST.XML
Desktop Firewall
EXTRA.DAT.
9. Select the information you want to log. Press CTRL and click to select multiple log items.
10. Specify a filename for the log.
11. Enter any special arguments.
12. Specify the reboot behavior.
13. Specify the behavior following installation.
14. Click Save.

McAfee SuperDAT Updater
This policy allows you to build a script for applying McAfee SuperDAT or XDAT updates. There are several
steps involved in creating this script:
Specifying the update files and reboot behavior on the target machines
Selecting the software package(s) to push to target machines during update
Verifying network scan status.
To create the McAfee update script:

2. Click McAfee SuperDAT Updater.
3. Enter a file name and then click Browse to search for the SDAT or XDAT file.
4. Set update options:
Install Silently This option causes the update to be installed without showing a UI on the
target computers.
Prompt for Reboot Use this option to make the update prompt the user before rebooting.
Use this option with the "Install Silently" option.
Reboot if Needed This option causes the update to reboot the machine as needed. If this
options is not used, a silent installation will not reboot the machine.
Force Update Use this option to always update all file versions, even if the machine
already appears to have the latest versions.
5. Click Save.
Enforce Symantec AntiVirus Settings

This policy allows you to configure which Symantec AntiVirus features are installed. It verifies that the
software is installed with the configuration you specify here. This policy is intended to be run periodically
to ensure that Symantec AntiVirus is installed, configured, and running properly, not only upon initial
installation.
You will need to create a Software inventory item and upload the Symantec
AntiVirus.msi file to be distributed.
To set the Symantec AntiVirus settings policy:

2. Click Enforce Symantec AntiVirus Settings.
3. Specify the Action to perform.
Install
Uninstall
Repair missing files

Reinstall all files.
4. Select the software package to use for this script.
5. If the software package is zipped, specify the MSI file name.
6. Use the User Interaction drop-down list to specify how the installation should appear to your users.
7. Specify the install directory.
8. Specify any additional switches.
9. Specify any additional properties.
10. Specify behavior after installation.
11. Select the information you want to log.
Press CTRL and click to select multiple items.
12. Specify a filename for the log.
13. Select a NETWORKTYPE from the Network Management drop-down list.
14. Specify the server name, if required.
15. Set the AutoProtect option.
16. Set the Disable SymProtect option.
17. Set the Live Update behavior.
18. Select the features you want to install.
Press CTRL and click to select multiple items. Please consult the Symantec documentation for specific
information about the options available here.
You must include the SAVMain feature for this script to work properly, although this
wizard does not enforce that.
19. Click Save.

You can/should look at the script that is generated by this wizard to make sure it is
doing what you expect. You can view the raw script by clicking To edit the policy
using this editor, click here on the Script detail page.
Quarantine Policy
Use this wizard to create a script that you can use to quarantine computers that have failed OVAL tests for
vulnerabilities. The script that is created as a result of this wizard is merely a template. Use the script
editor to modify the template script and add the appropriate verification steps to decide which computers
to quarantine.
When a computer is under quarantine, all communication from it is blocked except for communication to
the KBOX 1000 Series Server, therefore use care when performing this action. If you were to deploy this
accidentally to all machines on your network, you could take your network down very quickly.

After a user’s machine is in quarantine, it cannot be unquarantined without intervention by the KBOX 1000
Series administrator. The user will not be able to recover from this without you taking some action.
Quarantined computers only have access to the KBOX 1000 Series Server in order to receive a Run Now
event to lift the quarantine.
To set the Quarantine policy:

2. Click Quarantine Policy.
3. Specify a Policy Name.
This field is optional. It could be helpful to assign a meaningful name that relates to the vulnerability so
that you can lift the quarantine later once that vulnerability is resolved.
4. Leave the KBOX SERVER IP unchanged.
5. Specify the DNS Server IP address.
6. Modify the Message dialog text as desired.
This message is displayed to users prior to placing their computer in quarantine.
7. Modify the description text as desired.
8. Click Save.
Modify the Verify steps to determine the conditions under which you want the quarantine to take effect.
Although it will not be enabled automatically, it will be configured to deploy to everyone. For more
information on scripting, see Chapter 7,“Scripting,” starting on page 91.
Lift Quarantine Action

Assuming you have a machine that has been quarantined from the network using the KBOX 1000 Series
Quarantine application, you can use this to turn off the quarantine.
To set the Lift Quarantine Action policy:

2. Click Lift Quarantine Action.
3. Select the label for the quarantined machines or select the specific machine to unquarantine.
4. Enter data in the Filter field to help narrow your search.
5. Click Send Lift Quarantine Now.
If there are a lot of computers in quarantine, it will take some time for all of them to receive and
process the request.

C H A P T E R 11
User Portal and Help Desk
The KBOX 1000 Series Help Desk provides an online area

for you to upload software library, support documents,
and other self-help tools. The optional KBOX 1000 Series
Help Desk Module adds the ability to create, track, and
manage Help Desk tickets.
“Overview of the User Portal,” on page 147

“Understanding the Software Library feature,” on page 149
“Using the Knowledge Base,” on page 151
“Managing Users,” on page 153
“Overview of the Help Desk Module,” on page 159
“Configuring basic Help Desk settings,” on page 160
“Customizing Help Desk fields,” on page 162
“Creating and editing Help Desk Tickets,” on page 166
“Managing Help Desk tickets,” on page 169
“Running Help Desk Reports,” on page 171
Overview of the User Portal
The User Portal provides the ability for users to download software, run scripts, have software installed for
them automatically, track computer info, and view a record of what they have downloaded. You can log
onto the User Portal by visiting the root URL of the KBOX 1000 Series machine name (for example,
http://kbox/). Although users can access the User Portal even if they do not have KBOX Agent installed on
their machine, they will not be able to run installations or scripts. The User Portal is administered from the
User Portal tab.
If you have purchased the optional KBOX 1000 Series Help Desk Module, additional tabs or options are
added to the ones described below. For more information about using the features added by the Help Desk
Module, see “Overview of the Help Desk Module,” on page 159.
End user view of the User Portal

The end-user view of the User Portal displays the following tabs:
Welcome - Users enter login credentials from this screen.
Software Library - Displays available software for download or automatic install.
My Computer - Displays status information about the user’s computer.
License Keys - Lists license information for installed software, as available.
Help Desk - Users create or edit a Help Desk ticket using this tab.
Knowledge Base - Provides access to Knowledge Base articles authored by the administrator.
Download Log - Displays a log of software downloaded and installed on the user’s computer.
Users also can filter the software or Knowledge Base views by category, or use keywords to narrow their
search.

Administrator view of the User Portal
As an administrator logged into the administrator UI, you can create and push packages, define
Knowledge Base articles, and specify which users can connect.
The User Portal tab displays the following tabs:
Packages - Packages can be scripts, software packages, documentation, or other media.
Knowledge Base - Knowledge Base articles include software notices, instructional content, IT
reference documentation, self-help information, and any other specific content intended for the end
users.
Users - This user information is used to authenticate users of the KBOX 1000 Series Help Desk. Users
can be "tagged" with labels in order to define which packages they can access through the portal.
The sections that follow will focus on the administrator view of the User Portal and describe the process for
creating packages and Knowledge Base articles, and describes managing user access to the User Portal.

Understanding the Software Library
feature
Software Libraries are deployed to end users via the KBOX 1000 Series User Portal. This "self service"
portal allows individuals to download and install software or documents on their own in a controlled
environment. The software library you create from the Software Library tab are available for download on
the Software Library tab of the User Portal.
From the Software Library tab you can create or delete software library, sort software library by label or
column header, and search for software library using keywords.
Creating a software library to deploy

The Software Library tab allows you to specify the components of the software library you want to make
available to your end users; it does not allow you to upload software or author scripts. Any software or
script that you want to include in a software library must already exist on the KBOX 1000 Series Software
Inventory or Scripting tabs.
Along with the software library, you can choose to post cost information, documentation, or other
instructions for your users. Any notifications that you have configured will be mailed at the time of user
download. You can also restrict access to a software library by specifying a label.
To create a package:
1. Select Help Desk | Software Library.

2. In the Choose action drop-down list, select Add New Item.
The Portal Package: Edit Detail screen appears.
3. Select or clear the Enabled check box.
Select this box to make the software library visible to users on the Help Desk. Clear this check box to
hide a software library from users.
4. Specify the software library type:
Download Select this type to include documentation, files, or other software that does not
automatically install.
Install Select this type to select software that will install automatically on the user’s
machine. The user must have the KBOX Agent installed to run installations.
Script Select this type to select a script to include in the software library. The user
must have the KBOX Agent installed to run scripts.
5. From the Download drop-down list, choose the software to install. You can filter the list by entering
any filter options.
6. Specify the information to include with your package:
Installation Instructions Specify the installation instructions. Any defined instructions, legal
policy, cost information, etc will be posted along with the portal
package for user visibility.
Product Key Select this check box to require users to enter a product key upon
installation of the software library. The license key specified on the
software license entry on the Inventory | Licensing tab.

E-mail Product Key to User Select this option if you want to send download instructions at the
time of user download.
Request Mgr Notification Select this option to require users to enter their manager’s mail
address for notification prior to downloading or installing the soft-
ware library.
7. If you selected the Install software library type, specify the command line to run the installation,
including any necessary install switches or other parameters.
Note that users must have the KBOX Agent installed on their machines in order to run
the installations or scripts.
8. If you selected the Script software library type, choose the script from the Script drop-down list.
9. Type any notes in the Additional Notes field.
10. Specify the following informations, as necessary.
Corporate License Text Enter any text related to the Corporate License.
Vendor License Text Enter any text related to Vendor License.
Unit Cost Enter the cost per Unit.
Documentation File Browse the desired documentation file.
11. If desired, select a label to limit software library deployment to specific users.
12. Select the check box to restrict software library deployment by machine label.
13. Click Save.
A major benefit of the Help Desk is that it provides your users with the resources they
need to solve many of the most common support issues on their own, thus alleviating
some of the burden on your support staff. Be sure to provide adequate information to
your users so that you, and they, can experience the full benefit of this feature.

Using the Knowledge Base
The Knowledge Base allows you to provide documentation, FAQs, or other self-help information for your
users. If you purchased the optional Help Desk Module, the Knowledge Base integrates with the Tickets
feature to enable users to resolve their own issues. For more information, see “Creating and editing Help
Desk Tickets,” on page 166.
Users can sort the articles by Article ID, Title, Category, Platform, or Importance, or search article contents
by using keywords.
Adding Knowledge Base articles

Knowledge base articles are published to the KBOX 1000 Series Help Desk where users can search and
sort articles to locate the information they require.
If you have the optional Help Desk Module installed, you can also create a new
Knowledge Base article from the comments in a Ticket by clicking the Create KB
article button on the Ticket Detail page. For more information, see “Creating and
editing Help Desk Tickets,” on page 166.
To add an article to the Knowledge Base:
1. Select Help Desk | Knowledge Base tab, or select Help Desk | Knowledge Base if you have the
optional Help Desk Module installed.
The Knowledge Base: Edit Article page appears.
3. Enter the following article information:
Title A specific description of the issue covered in the article. Make the title as
descriptive as possible and use common terms so that it will be easy for an
end-user to locate information about a problem.
Category A general description of the type of issue. (For example, “printing” or “net-
work access”).
Platform The operating systems to which this article applies.
Importance The relative weight of the article’s contents. (For example, “reference” or
“low”; or “critical” or “high”.
Use Markdown Markdown is a plain text formatting syntax, and a software tool, written in
Perl, that converts the plain text formatting to HTML. See Figure 5-7 below,
for an example of markdown syntax and HTML display. For more informa-
tion about markdown, see http://daringfireball.net/projects/mark-
down/syntax.
Limit Access Select the labels you want to limit access to.
To User Labels
Article Text Enter any text about the article.

4. Click Save.
The KBOX 1000 Series assigns the article an Article ID and displays it on the Knowledge Base Articles
List page.
To see how the article appears to your users on the Help Desk, click on the article’s title,
and then click the User URL on the Edit Article page.
Editing and deleting Knowledge Base articles

You can easily modify or remove existing Knowledge Base articles. There are two options for deleting
articles: from the Articles List page and from the Edit Article page.
To edit an existing Knowledge Base article:
2. Click the linked article title. The Knowledge Base: Edit Article page appears.
3. Click the [Edit] link to update the article details.
4. Modify article details, then click Save.
To delete an article from the Articles List page:
2. To delete an article, select the check box beside the article and choose Delete Selected Item(s)
from the Choose action drop-down list.
To delete an article from the Article Edit page:
2. Click the linked article title.
The Knowledge Base: Edit Article page appears.
3. Click the [Edit] link, then click Delete.

Managing Users
When logged in as an administrator, you can add users to the Help Desk either manually or automatically.
Depending upon the permissions assigned to the user logged into the Help Desk, all or only a subset of
Help Desk features may be available. When adding users to the Help Desk, be sure to specify the correct
user permission level.
Adding users manually

When adding users to the KBOX 1000 Series, you can tag them with a label, which determines which
packages they will have access to in the Help Desk. The details that you enter below are used to
authenticate users.
To add users manually:
1. Select Help Desk | Users, or select Help Desk | Users if you have the optional Help Desk Module
installed.
2. In the Choose action drop-down list, select Add New Item.
The User : Edit User Detail page appears.
3. Enter the necessary user details.
User Name Required. This is the name the user types to enter the Help Desk.
Full Name Required. The user’s full name.
Email Required for Help Desk installations. The user’s email address. This is the
address to which Help Desk messages, if enabled, will be sent.
Domain Optional. An active directory domain.
Budget Code Optional. The financial department code.
Location Optional. The name of a site or building.
Work Phone Optional. Enter the user’s work phone number.
Home Phone Optional. Enter the user’s home phone number.
Mobile Phone Optional. Enter the user’s mobile phone number.
Pager Phone Optional. Enter the user’s pager phone number.
Custom 1
Custom 2 Optional. Enter the custom related information.
Custom 3
Custom 4
Password Required. Blank or empty passwords are not valid for new users. The user will
be created but the user cannot be activated without a valid password.
Confirm Password Required. Retype the user’s password.
Assign To Label Select the labels to assign.

Permissions Required. Specify the user’s logon permissions:
Admin - This user can log on to and access all features of the
administrator UI and Help Desk.
ReadOnly Admin - This user can log on to the administrator UI, but cannot
modify any settings and Help Desk.
User - This user can log on to the Help Desk.
Lock user out of Select this check box to lock the user out of User Portal.
User Portal
Allowed to be Required for Help Desk installations. Select this check box to permit any user
assigned Help (Admin, ReadOnlyAdmin, or User) to be assigned as owner of Help Desk tickets.
Desk Tickets
4. Click Save. The Users page appears.
Adding users automatically

Rather than setting up users individually on the Users tab, you can configure the KBOX 1000 Series to
access a directory service (such as LDAP) for user authentication. This allows users to log into the KBOX
1000 Series Administrator portal using their domain username and password, without requiring to add
users individually from the Users tab.
If the external server requires credentials for administrative login (aka non-anonymous
login), you will need to specify those credentials. If you do not specify an LDAP user
name, then an anonymous bind will be attempted. The LDAP user configured should
have at least READ access to the "search base" area.
To configure access to a directory service:
1. Select Settings | Authentication.

The KBOX Settings: User Portal Authentication page appears.
2. Click the [Edit Mode] link.
3. Specify the Authentication method you want to use:
KBOX (local Authentication) Select this option if you want to use local pass-
words for authentication.
External LDAP Server Authentication for Specify LDAP settings as necessary. Contact KACE
customer support if you need assistance with this
process.
4. Local authentication is the default setting for the KBOX. If you require external user authentication, for
example against an LDAP server or Active Directory server, complete the external server definition by
specifying the following information.
Server Host Name ( or IP ) Specify IP or Host Name of the LDAP Server.

HOSTNAME
LDAP Port Number Specify the LDAP Port number which could be either 389 / 636
(LDAPS).

For example:
CN=Users,DC=hq,DC=corp,DC=kace,DC=com
For example: (samaccountname=admin)
For example:
LDAP Login:
CN=Administrator,CN=Users,DC=hq,DC=corp,DC=kace,DC=co
m
LDAP Password (if required) Specify the password for the LDAP login.
5. Click Apply to save your changes.

6. To test LDAP settings, enter a password in the Test User password, then click Test LDAP Settings.
LDAP Browser Wizard

If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP
Browser Wizard. The LDAP Browser Wizard allows you to browse and search the data located on the LDAP
Server. For example, Active Directory Server.
You must have the Bind DN and the Password to log on to the LDAP Server.
To use the LDAP Browser Wizard:
1. Click LDAP Browser.

2. Specify the LDAP Server Details
LDAP Server Specify IP or Host Name of the LDAP Server.

HOSTNAME
LDAP Port Specify the LDAP Port number which could be either 389 / 636
(LDAPS).
LDAP Login Specify the Bind DN
For example:
CN=Administrator,CN=Users,DC=kace,DC=com
3. Click test.
4. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names)
available on that directory is displayed. These base DNs can be used as a start point to browse and
search the directory.
If the connection was not established, the Operation Failed message appears, which could be due to
one of the following reasons:
The IP or Host Name provided is incorrect.

The LDAP Server is not up.
The login credentials provided are incorrect.
5. Click Next or one of the base DNs to advance to the next step.
A new window displays the Search Base DN and the Search Filter. The Search Base DN is populated on
the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN
and the Search Filter.
6. You can also use the Filter Builder to create complex filters. Click Filter Builder. The Query Builder is
displayed. Specify the following information.
Attribute Name Specify the Attribute Name. For example, samaccountname.

Relational Operator Select the Relational Operator from the drop - down list. For
example, =.
Attribute Value Specify the Attribute Value. For example, admin.
7. To add more than one attribute:
Conjunction Operator Select the Conjunction Operator from the drop - down list. For
example, AND.
Note: This field is available for the previous attribute only when
you add a new attribute.
Add Click Add. You can add multiple attributes.
Search Scope Click One level to search at the same level or click Sub-tree
level to search at the sub tree level.
8. Click OK. The query appears in the Search Filter text area. For example,
(samaccountname=admin).
9. Click Browse to display all the immediate child nodes for the given base DN and search filter or click
Search to display all the direct and indirect child nodes for the given base DN and Search Filter.
The search results are displayed in the left panel.
10. Click a child node to view its attributes.
The attributes are displayed in the right panel.
11. Click Next to confirm the LDAP configuration.
12. Click Next to use the displayed settings.
Importing users
You can import Users and Labels directly from your LDAP or Active Directory system into the KBOX.
To import users:
1. Specify the LDAP Server Details.
LDAP Server Specify IP or Host Name of the LDAP Server.

HOSTNAME

LDAP Port Specify the LDAP Port number which could be either 389 / 636
(LDAPS).
For example:
CN=Users,DC=hq,DC=corp,DC=kace,DC=com
For example: (samaccountname=admin)
For example:
LDAP Login:
CN=Administrator,CN=Users,DC=hq,DC=corp,DC=kace,DC=co
m
2. Specify the attributes to import.
Attributes to retrieve Specify the attributes to retrieve. For example,

samaccountname
Note: You can leave this field blank to retrieve all attributes, but
this may be slow and is not recommended.
Label Attribute Specify a label attribute. For example, memberof.
Label Attribute is the attribute on a customer item that returns a
list of groups this user is a member of. The union of all the label
attributes will form the list of Labels you can import.
Label Prefix Specify the label prefix. For example, ldap_
Label Prefix is a string that is appended to the front of all the
labels.
Binary Attributes Specify the Binary Attributes. For example, objectsid.
Binary Attributes indicates which attributes should be treated as
binary for purposes of storage.
Max # Rows Specify the maximum rows. This will limit the result set that is
returned in the next step
Debug Output Select this check box to view the debug output in the next step.
3. If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP
Browser Wizard. For more information on how to use the LDAP Browser Wizard, refer to “LDAP Browser
Wizard,” on page 155.
4. Click Next.
5. Select the value from the drop-down list next to each LDAP attribute to map the values from your LDAP
server into the User record on the KBOX. The fields in Red are mandatory. The LDAP Uid must be a
unique identifier for the user record.

6. Select a label to add to the KBOX. Press CTRL and click to select more than one label. This list displays
a list of all the Label Attribute values that were discovered in the search results.
7. Click Next.
8. Review the information displayed in the tables below. The Users to be Imported table displays list of
users reported and the Labels to be Imported table displays the list of labels reported. The Existing
Users table and the Existing Labels table display the list of Users and Lables that are currently on the
KBOX. Only users with a LDAP UID, User Name, and Email value will be imported. Any records that do
not have these values are listed in the Users with invalid data table.
9. Click Next to start the import.

Overview of the Help Desk Module
The optional KBOX 1000 Series Help Desk Module provides a ticket submission, tracking, and management
system that allows you to solve problems in real time. The KBOX 1000 Series Help Desk Module provides
integrated access with KBOX 1000 Series capabilities for hardware and software inventory, software
deployment, updates and patching, remote control, and alerting and reporting. After installation, you can
customize the Help Desk settings according to the needs of your organization.
The Help Desk Module adds the following tabs to the administrator view of the Help Desk:
Tickets - Provides a list view of tickets submitted for users, and allows Help Desk users to assign,
resolve, or escalate tickets based on user profile
Configuration - Allows administrators to customize the Help Desk displayed to users.
If you do not have the optional Help Desk module installed, you will not see these tabs.
The Help Desk Module provides permissions-based access to the features and functions needed by a
particular user.
The Tickets tab of the Help Desk provides a way for end-users to submit and track desk tickets. In addition
to creating new tickets, users can search for Knowledge Base articles that might help them to resolve
support issues on their own.
From the Tickets tab users can:
Create Help Desk tickets
View tickets that they have submitted
Search for tickets using keywords and advanced methods.
If the end-user also happens to be a support technician and you have given them permission to own Help
Desk tickets (see “Managing Users,” on page 153), this user is known as a Help Desk user.
Users who are also Help Desk users (i.e., they can be assigned Help Desk tickets), can perform these
additional functions:
Apply labels to tickets/remove labels from tickets
Delete Help Desk tickets
By default, view unassigned tickets and additions to tickets assigned to them, and view other tickets by
using the View by owner drop-down list
Change a ticket’s status, priority, or owner.
Administrators can create, modify, and manage Help Desk tickets from the Tickets tab in the Administrator
UI. Administrators also can use the security, scripting, and distribution features to resolve Help Desk
tickets, then use the Knowledge Base to create the documentation that references the resolution for users.
From the Tickets tab, administrators can:
Create or delete Help Desk tickets
Apply labels to tickets/Remove labels from tickets
Sort the Ticket view by owner or submitter, summary, priority, or status
Change a ticket’s status, priority, or owner.

Configuring basic Help Desk settings
From the Help Desk Configuration tab, you can configure a variety of settings including the support mail
address, defaults for ticket submission fields, and which events trigger mail alerts and to whom they are
sent. This section describes how to configure basic Help Desk Settings only. To customize the default
values for the options here, see “Customizing Help Desk fields,” on page 162.
Field(s) Description
Name Specify the name for the Help Desk.

Email Address Specify the email address used to send email to and from the Help Desk.
Ticket Defaults Determines the default ticket values for tickets. To customize these options, click Cus-
tomize These Values. For more information see “Customizing Help Desk fields,” on
page 162.
Email on These check boxes determine who gets email when tickets are changed or escalated.
Events Note that "Any Change" overlaps with the "Owner Change" and "Status Change"
events, but it does not include ticket escalations.
Table 11-1: Help Desk Configuration fields
To configure basic Help Desk settings:
1. Select Help Desk | Configuration.

2. Click the [Edit Mode] link.
3. In the Name field, specify the name that is displayed in the From field when users receive emails from
the Help Desk.
4. In the Email Address field, specify the email address to which users can submit Help Desk tickets.
5. In the Alt. Email Address field, specify the alternate email address to which users can submit Help
Desk tickets.
6. Select the Accept email from unknown users check box to accept emails from unknown users.
7. In the Ticket Defaults area, specify the following settings:
Category Specify the default category for tickets. Options include Software,
Hardware, Network, and Other.
Status Specify the default status for tickets. Options include New, Opened,
Closed, and Need More Info.
Impact Specify the default impact for tickets. Options include Many people
can’t work, Many people inconvenienced, 1 person can’t work, and 1
person inconvenienced.
Priority Specify the default priority for tickets. Options include Low, Medium,
and High.
8. In the Email on Events area, specify to whom, and under what circumstances, emails should be sent:
Recipients:
Owner - The Help Desk user assigned to the ticket
Submitter - The user who submitted the ticket
Ticket CC - The email recipients listed in the CC area of the ticket

Category CC - The email recipients listed in the CC List area for the Ticket Category.
Events:
Any Change - Any change to any field on the ticket.
Owner Change - A change to the owner field on the ticket. By default, emails are sent to the old
and new owners of the ticket.
Status Change - A change to the status field on the ticket.
Comment - A comment on the ticket.
Resolution Change - A change to the Resolution field on the ticket.
Escalation - The ticket enters escalation based on the configured settings. For more information,
see “Understanding the escalation process,” on page 169.
Satisfaction Survey - Indicate whether you want to send an mail requesting that the submitter
complete a satisfaction survey when the ticket is closed. For more information, see “About the
satisfaction survey,” on page 170.
New Ticket Via Email - Select this check box for an email notification on a new ticket.
9. Click Save.

Customizing Help Desk fields
Where the basic Help Desk configuration page allowed you to set default values for the various drop-down
lists in the Help Desk fields, the Customization page allows you to customize the values that appear in
those drop-down lists, as well as add up to six custom fields.
To access the Help Desk Customization page:
1. Select Help Desk | Configuration.

2. Click the Customize These Values link.
The Help Desk Customization page appears.
To customize default Category Values:
1. In the Category Values area, click the icon beside a category value to modify it.
Editable fields appear for that value.
2. Edit the Category Values fields:
Name Specify the name for the value.

Default Owner Assign a default owner for tickets of this category.
CC List Enter the email address(es) to be copied when tickets of this category are sub-
mitted to the Help Desk.
User Settable Indicates whether or not this category appears in the list of choices displayed to
the end user. This setting allows you to present a simplified list of values to the
user, and display more and create additional values that are only displayed to
the administrator or Help Desk users.
3. Click the icon beside a Category value to change its order in the drop-down list.
4. Click the icon to add an option to the Category drop-down list.
5. Click the icon to remove a Category value.
You cannot remove Category values that are in use.
6. Click Save to apply your changes.

To customize default Status Values:
1. In the Status Values area, click the icon beside a category value to modify it.
2. Edit the Status Values field:
Name Specify the name for the value.

State Indicates whether the ticket is open, closed, or stalled.
Open - The ticket is active
Closed - The ticket has been resolved
Stalled - The ticket is open past its due date, but is not in escalation.
3. Click the icon beside a Status value to change its order in the drop-down list.
4. Click the icon to add an option to the Status drop-down list.
5. Click the icon to remove a Status value.
You cannot remove Status values to which tickets are currently assigned.
To customize default Priority values:
1. In the Priority Values area, click the icon beside a category value to modify it.
Editable fields appear for that value. Edit the Priority Values fields:
Name Specify a name for the custom field.
Color The displayed color of this status on the ticket list pages.
Escalation Time The interval after which an open ticket of this priority is escalated. Specify a
time integer and a unit from the drop-down list.
2. Click the icon beside a Priority value to change its order in the drop-down list.
3. Click the icon to add an option to the Priority drop-down list.
4. Click the icon to remove a Priority value.
You cannot remove Priority values to Tickets which are currently assigned.

To customize default Impact values:
1. In the Impact Values area, click the icon beside an Impact value to modify it.
2. Modify the Name field as desired.
3. Click the icon beside an Impact value to change its order in the drop-down list.
4. Click the icon to add an option to the Impact drop-down list.
5. Click the icon to remove an Impact value.
You cannot remove Impact values to Tickets which are currently assigned.
To add custom value fields:
1. In the Custom fields area, click the Edit item icon to modify the fields.
2. In the Name field, enter the names for the custom fields as you want them to be displayed on the
Ticket Details page.
The custom fields are added as text boxes that hold up to 255 characters. You can add up to six custom
fields.
3. Enter the select values in the Select Values field.
Select Values are used for custom fields with Field Type of Single Select or Multiple Select. These values
should be entered as comma-separated strings.
4. Select the field type in the Field Type list.
5. Select the Only Editable By Owners check box to make this field editable by owners.
6. To remove a custom field, clear the name from the field value.
When you remove the name of a field, values for that custom field will be removed from all tickets.
When you rename a field, values for that custom field will be retained.
8. In the Ticket List View area, click the Edit item icon to modify the desired Ticket List View fields.
9. Select the name in the Name list.
10. Specify the width in the Width field and then click Save.
11. Click Save.

To customize Ticket List View:
1. In the Ticket List View area, click the icon beside an attribute to modify it.
Editable fields appear for that value. Edit the fields:
Name Select an attribute name from the drop-down list.
Width Specify the column width.
2. Click the icon beside an attribute to change its order in the drop-down list.
3. Click the icon to add an attribute to the Ticket List View drop-down list.
4. Click the icon to remove an attribute.


Creating and editing Help Desk Tickets
Depending on whether you are creating a ticket from mail, the Administrator UI, or from the Help Desk,
you will have different options available to you. This section describes each of these methods. Regardless
of the method used to submit a Help Desk ticket, all interested parties will receive a confirmation mail that
includes a link to the submitted ticket.
To create a new ticket from the Help Desk:
1. Log into the User Portal as user. Tickets page appears.

2. Select Add New Item in the Choose action drop-down list. The New Ticket page appears.
To create a new ticket from the Administrator UI:
1. Select Help Desk | Tickets.

2. Select Add New Item in the Choose action drop-down list. The New Ticket page appears.
3. Specify ticket details.
Title Enter a title for the ticket.

Impact Specify the severity of the issue.
Category Indicate the issue type.
Status Indicate the status of the issue.
Priority Indicate the importance of the issue.
Owner Select an owner from the drop-down list.
Machine The machine affected by the issue. Defaults to submitter’s computer after Ticket is
saved.
Note: You can see help ticket submissions from the Computer’s inventory record.
See “Help Tickets,” on page 34
Asset Select an asset from the drop-down list.
Filter Enter the filter criteria in the desired Filter field.
Due Date
Specify a due date if desired. Click the icon to select the Month, Day, and Year.
CC List A comma-separated list of additional email addresses for users who might be inter-
ested in changes to this ticket.
Submitter
Click the icon to select the submitter from the drop-down list.
See Also Link(s) to related tickets. When editing this list, enter the Ticket IDs as comma-sep-
arated integers.
Referrers If other tickets refer to this ticket in the see also field, those ticket IDs will appear
here after this ticket is saved.
Owners only Select this check box to have the comment you are entering visible only to users
who are authorized to own tickets.
Comment Provide comments about the support issue.
Attachment Browse the desired attachment file.

4. Click Save.
After you create the new ticket, you can open the ticket record and view a print-friendly
version of the ticket, email the ticket to someone, and click the Find Relevant Articles
link to locate Knowledge Base articles related to the ticket.
Submitting Help Desk tickets through email

In addition to submitting tickets via the Web-based User and Administrator interfaces, users also can
submit Help Desk tickets by sending mail to the Help Desk mail configured in the Help Desk settings.
Tickets created from mails will receive the default values for Impact, Category, and Priority, as set on the
Help Desk | Configuration tab. The body of the mail message will be added as a comment. The
submitter is determined by the sender’s mail address. For more information, see “Configuring basic Help
Desk settings,” on page 160.
Editing Help Desk tickets

After you create a Help Desk ticket, you can edit the tickets from the Tickets List page, or from the Ticket
Detail page. Regardless of where the change is made, any change made to a ticket is reflected in the
history log at the bottom of the Ticket Detail window.
To edit a ticket from the Tickets List page:
1. Select the check box beside the ticket(s) you want to edit.
2. From the Choose action drop-down list, select the desired option:
• Delete Selected Item(s)

• Set status to New, Opened, Closed, or Need More Info
• Set priority to High, Medium, or Low
• Reassign to another user.
To edit a ticket from the Ticket Detail page:
When reassigning a ticket to a new owner using the Choose action drop-down list,
the number in parentheses (), indicates the number of tickets currently assigned to that
Help Desk user.
1. Select Help Desk | Tickets.

2. Click the Ticket ID or linked Issue Summary.
The Ticket Detail page appears.
3. Edit Ticket details as desired. You can edit the Ticket details like Title, Impact, Category, Status,
Priority, Owner, Machine, Asset, Due Date, CC List, Submitter, See Also, Referrers, and Resolution.
4. To provide additional information about your change, click Add Comment, and then perform the
following steps:
a Select the Owners only check box to have the comment you are entering visible only to users who
are authorized to own tickets.
b Enter comment about the changes in the Comment field.

c Browse the desired attachment file.
5. To provide additional information about the work, click Add Work, and then perform the following
steps:
a Select the work date.
b Select the start date of the work.
c Select the end date of the work.
d Enter the adjustment hours in the Adjustment field.
e Enter work related details in the Work Note field.
6. To copy an existing ticket, click Clone.
7. To create a Knowledge Base article from the comments in the ticket, click the Create KB article
button.
Searching Help Desk tickets

From the Ticket List page, users can search tickets submitted by them, as well as view tickets by other
owners. You can use Advanced Search options to locate tickets. Advanced search allows you to use
operators such as contains, >, <, =, and Match RegEx.
Match RegEx allows for wildcard and other search expressions standard to PERL users. “%” functions as
the wildcard (similar to * in the DOS world). For additional information about RegEx searching, visit http:/
/www.regular-expressions.info/ and/or http://dev.mysql.com/doc/mysql/en/regexp.html.

Managing Help Desk tickets
After a ticket is submitted to the Help Desk, it is the responsibility of the ticket owner to resolve the ticket.
The owner reviews the ticket, adjusts the impact if necessary, and assigns a priority. If the ticket issue is
straightforward, the owner might resolve the issue quickly, enter a resolution in the ticket details, then
close the ticket. In more complicated situations, however, a ticket may take more time to close, and be
assigned to different owners over its lifetime.
In some cases, the owner is unable to resolve the ticket by the due date and the ticket is then escalated to
someone else to resolve. The process of escalation is determined by the settings configured in the Help
Desk | Configuration tab.
Depending on the Help Desk configuration, the submitter of a ticket might receive a satisfaction survey to
gather feedback about the way the ticket was handled, after the ticket is closed. For more information
about the satisfaction survey, see “About the satisfaction survey,” on page 170.
Understanding the escalation process

The escalation process allows you to send out automatic emails when a ticket remains in an Open state
longer than a specified time. This gives you a way to monitor service level agreements, and allows you to
notify a large group when a ticket hasn’t been handled properly.
There are three variables that control the escalation process:
Which tickets can/should be escalated
The length of time a ticket can be open before an escalation email is sent
The recipient(s) of the escalation emails.
Each ticket has a Priority, and each Priority has an Escalation Time associated with it. Tickets are
escalated if they have been open longer than the time specified by their priority setting. Tickets also have
a Status that can either be Open, Stalled, or Closed. Tickets with an Open status will trigger an escalation
mail every n minutes, where n is the time specified by the Escalation Time assigned to the priority. For
example, by default, the KBOX 1000 Series has a Priority value of High, with an Escalation Time of 30
minutes. This means that for each ticket that is marked as High Priority, an escalation mail will be sent
every 30 minutes to notify people that the ticket is still Open.
Tickets that are Stalled or Closed do not trigger escalation emails. Moving a ticket from Open to Stalled or
Closed, and then back to Open will not change the creation time, so the escalation mails will continue to
be processed based on the original time. For example, if you were to open a ticket, close it after 5 minutes,
then reopen it after 35 minutes, an escalation email would be sent saying that the ticket is older than 30
minutes. After that email is sent, the next email would go out after an additional 30 minutes had elapsed.
You determine who receives the escalation emails in the Email on Events area of the Help Desk
Configuration settings. You could choose to send the escalation email to any of the following:
The ticket owner
The submitter
The email address(es) listed in the Ticket CC area
The email address(es) listed in the Category CC area.
By specifying the recipient for escalation emails, you are routing open tickets to the right person or people
who can help to resolve the issue.

About the satisfaction survey
After a ticket is Closed, if a user views the detail page for that ticket, he or she will be presented with the
option to indicate their level of satisfaction with the way the ticket was handled. Users also can add
comments to the ticket to further explain their assessment.
In addition, you can configure the Help Desk to actively solicit feedback from users after a ticket is closed,
by automatically sending them an email with a link to the survey.
Select the Closed ticket in the Tickets list, click Email this Ticket, and enter an email address to which you
want to send the survey.
Score values assigned in the survey are stored in the ticket and are not editable by the Help Desk
administrator, although you can run a variety of reports to display survey data. For more information about
displaying survey data, please see, “Running Help Desk Reports,” on page 171.

Running Help Desk Reports
The KBOX 1000 Series provides several default reports you can run on the Help Desk.
You can view these reports by selecting the Reporting tab and then selecting HelpDesk from the View
by category drop-down list.
By default, the KBOX 1000 Series includes the Help Desk reports shown in the table below. For
convenience, each of these reports is available in a variety of formats: HTML, PDF, CSV, and TXT.
Help Desk Report Description
Closed Satisfaction Survey last Lists by Owner all Closed Satisfaction Surveys in the last 31
31 days by Owner days.
Closed Ticket Resolutions last Lists by Owner all Closed Ticket Resolutions in the last 31
31 days by Owner days.
Closed Ticket Resolutions last 7 Lists by Owner all Closed Ticket Resolutions in the last 7 days.
days by Owner
Closed Tickets last 31 days by Lists by Category all Help Desk tickets that have been closed
Category in the last 31 days.
Closed Tickets last 31 days by Lists by Owner all Help Desk tickets that have been closed in
Owner the last 31 days.
Closed Tickets last 7 days by Lists by Owner all Help Desk tickets that have been closed in
Owner the last 7 days.
Escalated/Open Tickets by Lists by Owner all escalated and open Help Desk tickets.
Owner
Open Tickets by Category Lists by Category all open Help Desk tickets.
Open Tickets by Owner Lists by Owner all open Help Desk tickets.
Open Tickets last 7 days by Lists by Owner all open Help Desk tickets opened in the last 7
Owner days.
Stalled Tickets by Owner Lists by Owner all tickets that are past their due date but not
in escalation (stalled tickets).
Stalled/Open Tickets by Lists by Category all stalled and open Help Desk tickets.
Category
Stalled/Open Tickets by Impact Lists by Impact all stalled and open Help Desk tickets.
Stalled/Open Tickets by Owner Lists by Owner all stalled and open Help Desk tickets.
Stalled/Open Tickets by Priority Lists by Priority all stalled and open Help Desk tickets.
Stalled/Open Tickets by Status Lists by Status all stalled and open Help Desk tickets.
Stalled/Open Tickets with Due Lists by Owner and due date all stalled and open Help Desk
Date by Owner tickets.
Work Report Date Range - Long Displays date, ticket #, technician and hours worked as a
Notes Display header above the Notes for a Work entry for 2006-04-01
through 2006-07-01.
Table 11-2: Default Help Desk reports

Help Desk Report Description
Work Report last 31 days Reports all tickets for which work has been logged for the last
31 days.
Work Report last 31 days - Use this report if you want to build a customized report show-
Customize ing only select fields for all tickets for which work has been
logged for the last 31 days.
Work Report last 31 days - Long Displays date, ticket #, technician, and hours worked as a
Notes Display header above the Notes for each Work entry.
Work Report last 31 days by Displays all people who logged work
Person during the last 31 days first by person, and then by ticket and
time.
Table 11-2: Default Help Desk reports
To run Help Desk reports:
1. Select Reporting.
The KBOX Reports page appears.
2. From the View by category drop-down list, select HelpDesk.
3. Click the format type for the report you want to view.
If you need to create custom reports, see “Creating and editing reports,” on page 190
for information on using the Report Wizard.

C H A P T E R 12
Server Maintenance
This chapter describes the most commonly used features
and functions that the Administrator will use in
administering and maintaining your KBOX 1000 Series
appliance.
“KBOX 1000 Series maintenance overview,” on page 174

“Backing up KBOX 1000 Series data,” on page 174
“Restoring KBOX 1000 Series Settings,” on page 176
“Updating KBOX 1000 Series software,” on page 177
“Updating OVAL definitions,” on page 179
“Troubleshooting the KBOX 1000 Series,” on page 180
KBOX 1000 Series maintenance overview
The Settings | Server Maintenance page allows you to perform a variety of functions to maintain and
update the KBOX 1000 Series appliance. You can access the most recent KBOX server backups, upgrade
your KBOX 1000 Series server to newer server versions, retrieve updated OVAL definitions, as well restore
to backed-up versions as creating a new backup of the KBOX 1000 Series at any time that you'd like.
The Settings | Server Maintenance tab also enables you to reboot and shutdown the KBOX 1000
Series, as well as update KBOX 1000 Series license key information.
From the Server Maintenance tab you can:
Upgrade KBOX 1000 Series appliance
Update OVAL vulnerability definitions
Create a backup KBOX 1000 Series appliance
Enter or update KBOX 1000 Series License Key
Restore to most recent backup
Restore to factory default settings
Restore from uploaded backup files
Reboot KBOX 1000 Series
Shutdown KBOX 1000 Series.
The following sections describe some of the most commonly used features of the Settings | Server
Maintenance tab.
Backing up KBOX 1000 Series data

By default, the KBOX 1000 Series automatically takes backup at 3 A.M. and creates two files on the backup
drive: kbox_dbdata.gz, containing the database backup, and kbox_file.tgz, containing any files and
packages you have uploaded to the KBOX 1000 Series alliance.
Backing up KBOX 1000 Series manually

In some cases, you might want to invoke a KBOX 1000 Series backup before the nightly backup occurs. In
such cases, you can create a KBOX 1000 Series backup manually.
To create a KBOX 1000 Series backup manually:

3. Beside Run KBOX Backup, click Run Backup Now.
After creating the backup, the Settings | Logs tab will appear.

Downloading backup files to another location
The backup files are used to restore your KBOX 1000 Series configuration in the event of a data loss or
during an upgrade or migration to new hardware. The KBOX 1000 Series contains only the most recent full
backup of the files.
For a greater level of recoverability (for instance if you wanted to keep rolling backups), you can offload
the backup files to another location so that they can be restored later if necessary. You can access the
backup files for downloading from the Administrator UI as well as through ftp.
To download backup files to another location:
1. Select Settings |Server Maintenance.

2. Click the backup links on the sidebar.
Contains the database

backup
Contains the files and pack-

ages you have uploaded to
the KBOX 1000 Series
Figure 12-1: Links to backup files
3. Click Save in the alert that appears, then specify a location for the files.
4. Browse to the location where you want to store the files, then click Save.
To access the backup files through ftp:
1. Open a command prompt.

2. At the C:\ prompt, type:
ftp kbox
3. Enter the login credentials:
user: kbftp, password: getbxf
4. Type the following ftp commands:
Figure 12-2: FTP command for accessing backup files

Restoring KBOX 1000 Series Settings
The backup files are used to restore your KBOX 1000 Series configuration in the event of a data loss or
during an upgrade or migration to new hardware. Restoring any type of backup file will destroy the data
currently configured in the KBOX 1000 Series Server. KACE recommends off loading any backup files or
data that you want to keep before performing a restore.
Restoring from most recent backup

The KBOX 1000 Series has a built-in ability to restore files from the most recent backup directly from the
backup drive. You can access the backup files from the KBOX 1000 Series Administrator UI or through ftp.
To restore from the most recent backup:
1. Click Settings | Server Maintenance.

3. Click the Restore from Backup button.
Uploading files to restore settings

If you have off-loaded your backup files to another location, you can upload those files manually, rather
than restoring from the backup files stored on the KBOX 1000 Series.
To upload backup files:
1. Click Settings | Server Maintenance.

2. In the Database Backup Files field, click Browse and locate the backup file.
3. In the KBOX Backup Files field, click Browse and locate the backup file.
4. Click Restore from Upload Files.

Updating KBOX 1000 Series software
Part of maintaining your KBOX 1000 Series appliance involves updating the software that runs on the
KBOX 1000 Series server. This process also involves verifying that you are using the minimum required
version of the KBOX 1000 Series, as well as updating the license key in the KBOX 1000 Series to reflect the
current product functionality.
Verifying minimum server version

Before applying this update, verify your KBOX 1000 Series server version meets the minimum version
requirement.
To verify minimum server version:
1. Open your browser and go to the URL for the KBOX 1000 Series appliance (http://kbox/admin).
2. Click About KBOX in the upper right-hand corner of the screen.
The version of the server
Figure 12-3: About KBOX
Updating the license key

After installing an upgrade to the KBOX 1000 Series server, you may need to enter a new KACE license key
to fully activate the KBOX 1000 Series. You should have the new license key to upgrade your KBOX 1000
Series appliance.
Updating your KBOX 1000 Series license key:

3. Enter your new license key, then click Save.

Applying the server update
If you are using a previous version of the KBOX 1000 Series, you must apply the earlier updates separately
before continuing. Refer to the release notes for your version of the KBOX 1000 Series to determine the
minimum updates.
To apply the server update:
1. Download the kbox_upgrade_server_XXXX.bin file and save it locally.

2. Open your browser to http://kbox/admin.
5. Under Update KBOX, click Browse, and locate the update file you just downloaded.
6. Click Update KBOX.
When the file has completed uploading, your KBOX 1000 Series will reboot with the latest features.
Verifying the update

After applying the upgrade, verify successful completion by reviewing the update log.
To verify the upgrade:
1. Select Settings | Logs.

2. Click the Update link.
3. Review the Update log for any error messages or warnings.
4. Click About KBOX in the upper right corner to verify the current version.
Rebooting and shutting down KBOX 1000 Series

appliance
You may need to reboot the KBOX 1000 Series appliance from time to time when troubleshooting or
possibly upgrading KBOX 1000 Series settings. When rebooting KBOX 1000 Series, you should always do
so by clicking the Reboot KBOX button located on the Settings | Server Maintenance tab.
Before performing hardware maintenance, you will need to shutdown the KBOX 1000 Series prior to
unplugging appliance. You can shutdown the KBOX 1000 Series appliance either by pressing the power
button ONCE, quickly, or by clicking the Shutdown KBOX button on the Settings | Server
Maintenance tab.
The Reboot and Shutdown buttons will only be clickable if you have already click the
blue "Edit Mode" link at the bottom of the page.

Updating OVAL definitions
Although the definitions for OVAL vulnerabilities are updated automatically on a scheduled basis, you can
retrieve the latest files manually from the Server Maintenance page. For more information about OVAL
definitions, see “About OVAL and CVE,” on page 133
To update the OVAL & Patch definitions:

2. To update OVAL definitions, click Update OVAL Now.

Troubleshooting the KBOX 1000 Series
The KBOX 1000 Series provides several log files that can help you detect and resolve errors. The log files
are rotated automatically as each grows in size so no additional administrative log maintenance
procedures are required. Log maintenance checks are performed daily.
The KBOX 1000 Series maintains the last seven days of activity in the logs. KACE Technical Support may
request that you send the KBOX 1000 Series Server logs if they need more information in troubleshooting
an issue. To download the logs, click the Download Logs link. For more information, see “Downloading
log files,” on page 180.
Accessing KBOX 1000 Series logs

You can access the KBOX 1000 Series Server logs by going to the Settings | Logs tab. This area also
provides a reference for any KBOX 1000 Series informational or exception notices.
Log Type Description
Disk Status Displays the status of the KBOX 1000 Series disk array.
Application Displays miscellaneous information about the application's operation and execution.
Access Displays the HTTP Server's access information.
Server Displays errors or server warnings regarding any of the onboard server processes.
Update Displays details of any KBOX 1000 Series patches or upgrades applied using the
Update KBOX function.
Client Displays KBOX Agent exception logs.
Table 12-4: Types of Server Logs
Downloading log files

The KBOX 1000 Series provides the ability to download the logs into one file directly from the Admin UI.
You may be asked by KACE Technical support to submit KBOX 1000 Series logs in order to help diagnose a
problem.
To download KBOX 1000 Series logs:
1. Select Settings | Logs.

2. Click the Download logs link on the right of the Log page.
The logs are downloaded in a file called kbox_logs.tgz.
3. Click Save.

Understanding disk log status data
The log you are likely to interact with most often when troubleshooting the KBOX 1000 Series is the Disk
Status log. If there is a physical problem with the KBOX 1000 Series, that issue would be reflected here.
KBOX 1000 Series Server and KBOX Agent exceptions are reported nightly to kace.com if you enabled
crash reporting on the Settings | General tab.
Figure 12-5: Disk status without error
Error status listed here
Figure 12-6: Disk status with error
The figures above display the difference in the Disk status log when no error is found and when an error
exists. Although this section does not describe every possible error message that could be displayed here,
many of the errors that occur can be resolved by following the same set of steps:

Step Description
Step 1: Rebuild If the disk status log error reads “Degraded” that is an indication that you
need to rebuild the array. To do this, click the Rebuild Disk Array but-
ton. Rebuilding can take up to 2 hours. If an error state still exists after
this, proceed to step 2.
Step 2: Power Down and In some cases, the degraded array may be caused by a hard-drive that is
Reseat the Drives no longer seated firmly in the drive-bay. In these cases, the disk status
will usually show "disk missing" for that drive in the log. Power down the
KBOX 1000 Series. Once the appliance is powered off, eject each of the
hard-drives and then re-insert them, making sure that the drive is firmly
in the bay. Power the machine back on and then look again at the disk
status log to see if that has resolved the issue. If an error state still exists,
try rebuilding again or proceed to Step 3.
Step: Call KACE Techni- If you have the previous steps and are still experiencing errors, please
cal Support contact KACE Technical Support by email (support@kace.com) or phone
(888) 522-3638 option 2.
Table 12-7: Troubleshooting your KBOX 1000 appliances

C H A P T E R 13
Reporting
The KBOX 1000 Series provides a variety of alert and

reporting features that enable you to communicate easily
with users and to get a detailed view of the activity on
your network.
“KBOX 1000 Series Reports overview,” on page 184

“Alert Messages,” on page 193
“Email Alerts,” on page 194
“KBOX 1000 Series Summary,” on page 195
“LDAP Browser,” on page 201
KBOX 1000 Series Reports overview
The KBOX 1000 Series ships with many included stock reports. The reporting engine utilizes XML-based
report layouts to output report types of HTML, PDF, CSV, and TXT.
By default, the KBOX 1000 Series provides reports in the following general categories:
Compliance
Hardware
Help Desk
KBOX
Network
Patching
Security
Software
Template

Types of Reports
Within each of the general categories mentioned above, there are various reports you can run to display
information about the computers on your network. Descriptions of each type of report you can run are
provided below. Help desk reports are discussed in Chapter 11,“User Portal and Help Desk,” starting on
page 146.
Compliance Hotfix Compliance Shows which computers have the specified hot-
fix installed.
Compliance Software Compliance Simple Lists the licenses and counts like the License list
page with details such as vendor, PO#, and
Notes.
Compliance Software License Compliance Lists software and computers that are impacted
Complete by each license record.
Compliance Unapproved Software Lists software found on computers that do not
Installation have approved licenses.
Hardware C drives less than 2G free Shows which computers less than 2 gigabytes of
free space.
Hardware Computer - Video/Ram/Proc by Lists all computers and their video, ram and pro-
Label cessor information sorted by label and name.
Hardware Computer Export This report is intended to generate a CSV listing
for data export to other programs.
Hardware Computer Inventory Detail Detail listing of all computers on the KBOX 1000
Series network with full field detail.
Hardware Computer Listing by Free Disk Lists computer disk drives in order of total free
Space disk space.
Hardware Computer Listing by Label Lists all computers by all KBOX 1000 Series
labels.
Hardware Computer Listing by Memory Lists computer RAM in order of total memory
size.
Hardware Computer Listing by Operating Sorts all computers by Operating System type
System and sums OS Types.
Hardware Computer Uptime Report Reports the uptime of the computers.
Help Desk Closed Satisfaction Survey last Lists by Owner all Closed Satisfaction Surveys in
31 days by Owner the last 31 days.
Help Desk Closed Ticket Resolutions last Lists by Owner all Closed Ticket Resolutions in
31 days by Owner the last 31 days.
Help Desk Closed Ticket Resolutions last 7 Lists by Owner all Closed Ticket Resolutions in
days by Owner the last 7 days.
Help Desk Closed Tickets last 31 days by Lists by Category all Help Desk tickets that have
Category been closed in the last 31 days.
Table 1: Default reports

Help Desk Closed Tickets last 31 days by Lists by Owner all Help Desk tickets that have
Owner been closed in the last 31 days.
Help Desk Closed Tickets last 7 days by Lists by Owner all Help Desk tickets that have
Owner been closed in the last 7 days.
Help Desk Escalated/Open Tickets by Lists by Owner all escalated and open Help Desk
Owner tickets.
Help Desk Open Tickets by Category Lists by Category all open Help Desk tickets.
Help Desk Open Tickets by Owner Lists by Owner all open Help Desk tickets.
Help Desk Open Tickets last 7 days by Lists by Owner all open Help Desk tickets
Owner opened in the last 7 days.
Help Desk Stalled Tickets by Owner Lists by Owner all tickets that are past their due
date but not in escalation (stalled tickets).
Help Desk Stalled/Open Tickets by Lists by Category all stalled and open Help Desk
Category tickets.
Help Desk Stalled/Open Tickets by Impact Lists by Impact all stalled and open Help Desk
tickets.
Help Desk Stalled/Open Tickets by Owner Lists by Owner all stalled and open Help Desk
tickets.
Help Desk Stalled/Open Tickets by Priority Lists by Priority all stalled and open Help Desk
tickets.
Help Desk Stalled/Open Tickets by Status Lists by Status all stalled and open Help Desk
tickets.
Help Desk Stalled/Open Tickets with Due Lists by Owner and due date all stalled and open
Date by Owner Help Desk tickets.
Help Desk Work Report Date Range - Long Displays date, ticket #, technician and hours
Notes Display worked as a header above the Notes for a Work
entry for 2006-04-01 through 2006-07-01.
Help Desk Work Report last 31 days Reports all tickets for which work has been
logged for the last 31 days.
Help Desk Work Report last 31 days - Use this report if you want to build a customized
Customize report showing only select fields for all tickets
for which work has been logged for the last 31
days.
Help Desk Work Report last 31 days - Long Displays date, ticket #, technician, and hours
Notes Display worked as a header above the Notes for each
Work entry.
Help Desk Work Report last 31 days by Displays all people who logged work
Person during the last 31 days first by person, and then
by ticket and time.

KBOX Boot/Login Policies Lists all the activities that could happen at
machine boot time or after the user logs in.
KBOX KBOX Agent Roll Out Log Reports when a computer record was first cre-
ated.
KBOX KBOX Communication Lists by day the latest communication from com-
puters on the network.
KBOX MI's enabled on all machines Lists all the managed installations that are
enabled on all machines.
KBOX Scripts enabled on all machines This report lists the scripts that are enabled on
all machines.
Network Network Info - Domain Listing This report lists computers groups computers by
domain/workgroup.
Network Network Info - IP Address Lists computers in order of IP Address (ascend-
Listing ing).
Network Network Scan Report Displays the results of the nightly Network Scan.
Patching Critical Bulletin List Lists all critical bulletins.
Patching For each Machine, what Lists of all patches on each computer in the
patches are installed KBOX network.
Patching For each Patch, what machines Lists the computers having each software patch
have it installed in inventory.
Patching How many computers have Software Inventory listing sorted by software
each Patch installed title showing number of seats deployed.
Patching Installation Status of each Lists the installation status of each enabled
enabled Patch patch.
Patching Needs Review Bulletin List List of all the Bulletins that need review.
Patching Patches waiting to be deployed Lists all patches waiting to be deployed.
Security Number of machines with OVAL Lists, for each OVAL test, how many machines
vulnerabilities failed the test and are therefore vulnerable.
Security OVAL Machine Report Reports all the machines and how many OVAL
tests that each of them failed.
Security SANS Top 10 - Q2 2005 Reports all OVAL results from vulnerabilities
reported by SANS.
Security Threating Items Displays all items o threat level 4 or 5 and the
computers which have them.
Security Top 10 OVAL Vulnerabilities Displays a Pie graph of the top 10 OVAL vulnera-
bilities that have been reported by the OVAL
scan.
Software Software Export Generates a CSV listing for data export to other
programs.

Software Software Installed But Not Used Lists, by software item, where software has
Last 6 Months been installed but not used according to soft-
ware metering. This will only work when you
have attached the metering to a particular soft-
ware item which will limit you to a particular ver-
sion of software.
Software Software Inventory By Vendor Software Inventory listing grouped by vendor
showing number of seats deployed.
Software Software Listing By Label Lists all software titles organized by all KBOX
1000 Series labels.
Software Software not on any computer Listing of all software titles that are not currently
installed on any computers.
Software Software on Computer Listing of all software on each computer in the
KBOX 1000 Series network.
Software Software OS Report - Graph Pie graph showing the list and count of Operat-
ing Systems currently deployed on your net-
work.
Software Software Title & Version - Com- This report lists the computers having each soft-
puter List ware title in inventory.
Software Software Title - Computer List This report lists computers having each
(MS Only) Microsoft software title in inventory.
Software Software Title Deployed Count Software Inventory sorted by software title
showing number of seats deployed.
Template Computer Listing - XP SP2 Lists all computers, reporting if XP SP2 is
installed? installed or not. Change 'Windows XP Service
Pack 2' to any other Software title you are inter-
ested in. Sorted by installation status.
Template Computer Listing with Software Computer Listing sorted by LABEL with comput-
Template ers having software names like "Microsoft Office
Professional%".
Template Custom Inventory Template Reports the values returned by a custom inven-
tory rule that you can setup in the Software
Item page. Change 'McAfeeDATFile' to be the
name of the Software item with the Custom
Inventory Rule in it.
Template Log File Information Template This is a template that lists the values returned
from a 'Log File Information' action in a script.
Replace 'AccessedDate: ' with the actual
attribute that you returned.
Template Log Registry Value Template This template lists the values returned from a
script using the 'Log Registry Value' action.
Replace the value '!doc =' with the appropriate
value name that you entered in the script.

Template Machines By Label X with Soft- Reports all the machines in label(s) and indi-
ware Y Installed cates if they have a particular software product
installed. Replace KBOX with the name of the
software you are looking for and QA_LABEL and
KBOX_LABEL with the labels of the machines
you want included.

Running Reports
To run any of the KBOX 1000 Series reports, you simply need to click the desired format type (HTML, PDF,
CSV, or TXT). For HTML or PDF formats, the report will be displayed in a new window. If you select CSV or
TXT format, you will be prompted to open the file or save it to your computer.
For example, the KBOX server build at your end is 3.1.6474. On clicking the Reporting | Summary tab,
the KBOX Summary Information page appears, and on clicking the Settings | Server Maintenance tab,
the KBOX Settings : Server Maintenance page appears.
Let’s say KACE comes up with a new patch for the server build by the name 3.1.6748 and pushes it to the
corporate server. If you click on the Check for upgrade button in the Settings| Server Maintenance
page, the An upgrade is now available link appears on the KBOX Summary Information page and the
latest build is available in the Upgrade KBOX field on the KBOX Settings : Server Maintenance page.
The An upgrade to 3.1.6748 is now available link also appears in the Reporting | Summary page.
Clicking on this link will take you to the Settings | Server Maintenance page. Click Upgrade now to
upgrade your KBOX Server to the build 3.1.6748 build.
Creating and editing reports

If you have other reporting needs not covered by the reports previously mentioned, you can either create
a new report from scratch, or you can modify one of the templates provided in the KBOX 1000 Series
Template category.
You can create a report in the following ways:
Duplicate an existing report - Another way to create a report is to open an existing report and create a
copy of it, which you can then modify to suit your needs.
Create a new report using the Report Wizard.
Create a new report from scratch
To duplicate an existing report:
1. Select Reporting | Reports.

2. Click the linked Report Title.
The KBOX Report: Edit Detail page appears.
3. Click the Duplicate button.
4. Modify the report details as necessary, then click Save.
Consult the list of database table names in Appendix B,“Database tables,” starting on page 209.

To create a new report using the Report tab:
1. Select Reporting | Reports. The KBOX Report page appears.

2. Select Add New Report from the Choose action drop-down list.
3. Enter the report details as shown below:
Report Title Enter a display name for the report. Make this as descriptive as pos-
sible, so you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already
exist, it will be added to the drop-down list on the Reports list page.
Description Describe the information that the report will provide.
Report Type Select a report type from the list. The fields that you will be able to
include on the report vary depending on the report type you choose.
4. Click Next.
5. The next step is to select fields you want to include on the report. Click Select All to select all fields or
Deselect All to deselect all fields.
6. Click Next.
7. The next step is to arrange the fields you selected in the order in which you want the columns to
appear on the report.
Highlight and drag a column block to change the order. Rearrange the fields until the columns are in
the order you want to display them on the report.
8. Click Next.
9. The next step is to sort the fields you selected for the report and to decide where you want the report
to break. You can sort first by one field, then further sort by one or two more fields.
a. Select a field or fields by which you want to sort from the Order By drop-down list or lists.
b. Select either Ascending or Descending from the Sequence drop-down list or lists.
c. Check Break Header? if you want to break the report with a new header and do subtotals.
10. Click Next.
11. The next step is to specify filter criteria for the report:
a. Select a field or fields by which you want to filter from the field drop-down list or lists.
b. Select an operator or operators from the operator drop-down list or lists.
c. Enter a value by which you want to search and filter.
You can combine individual field filter searches (create a compound filter search) by selecting an AND
or an OR operator. The example above will search for and filter users who have “kace” or
“kacepartner” in their mail address.
12. Click Save to save your report. The KBOX Reports page is displayed with the new report in the list. To
run the new report, click the desired format type (HTML, PDF, CSV, or TXT). For HTML or PDF formats,
the report will be displayed in a new window. If you select CSV or TXT format, you will be prompted to
open the file or save it to your computer.

To create a new report from scratch:
1. Select Reporting | Reports.

2. Select Add New SQL Report from the Choose action drop-down list.
The KBOX Report: Edit Detail page appears.
3. Specify the following report details:
Title Enter a display name for the report. Make this as descriptive as possible, so
you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already exist, it
will be added to the drop-down list on the Reports list page.
Output File Name Specify the name for the file generate when this report is run.
Description Describe the information that the report will provide.
Output Types Specify the formats that should be available for this report.
SQL Select Statement Enter the query statement that will generate the report data. For reference,
consult the MYSQL documentation.
Break on Columns A comma-separated list of SQL column names. The report will generate
break headers and sub totals for these columns. This setting refers to the
auto-generated layout.
XML Report Layout When checked, this option will create the XML layout based on the SQL you
enter. Select this check box if you have changed the columns that are being
returned by the query so that the XML Report Layout is regenerated using
the new columns.
4. Click Save.
For assistance with formatting the report XML, refer to the rlib documentation found
here: http://rlib.sicompos.com/.

Alert Messages
Alert messages provide a way for you to interact with your users by displaying a message in a pop-up
window. The Alerts List page displays the messages you have distributed to users.
From the Alerts list page you can open existing alerts, create new alerts, or delete alerts. You can also
search messages using keywords.
Creating alert messages

If you have information you want to distribute to your network, you can review and modify previous
messages you have deployed, or you can create a new message.
To create an alert message:
1. Select Reporting | Alerts.

2. Select Add New Item from the Choose action drop-down list. The Alerts: Edit Detail page appears.
3. In the Message Content field, type the text of your message.
4. In the Keep Alive field, specify the length of time the message will be valid.
Messages will be broadcast to users until either the user's desktop has received the message or the
specified time interval has elapsed. This is based on the Run Interval set on the Distribution | KBOX
Agent | KBOX Agent Setting.
5. In the Limit Broadcast To area, select the recipient label(s) to which this message will be sent.
Press CTRL and click to select multiple labels.
6. Click Save.

Email Alerts
Mail alerts differ from Alerts (broadcast messages) in that they allow you to send messages out to
administrators based on more detailed criteria. The Mail Alert feature relies on the Inventory |
Computers engine to create a notification that will be sent to administrators when computers meet the
criteria you specify.
The KBOX 1000 Series checks the computers in inventory against the criteria in the Mail Alert once an hour
until one or more computers meet the criteria, then a message is sent to the administrator(s) specified in
the alert details.
Creating Email Alerts

Notifications are processed every 60 minutes. Should a notification query result in 1 or more machine
records, then a notification email is automatically sent to the specified recipient.
To create an Email Alert:
1. Select Reporting | Email Alerts. The Email Alerts page appears.

2. Select Add New Computer Notification in the Choose action drop-down list.
The Inventory | Computers tab appears with the Create Email Notification fields exposed.
3. Enter the search criteria.
4. In the Title field, enter a title for the alert.
The Title will appear in the Subject field.
5. In the Recipient field, enter the email address(es) of the message recipient.
Email addresses must be fully qualified email addresses. The recipient address may be a single email
address or a list of addresses separated by commas.

KBOX 1000 Series Summary
The KBOX 1000 Series Summary page provides information about the configuration and operation of your
KBOX 1000 Series appliance. When you log on to the KBOX Administrator Console, the Summary tab
appears by default.
To view KBOX Summary:
1. Select Reporting | Summary.

The KBOX Summary page appears.
2. The sections that follow provide a description of the summary information displayed.
3. Click Refresh to refresh the information displayed.
Client Check-In Rate

Displays the total number of clients that have checked in to the server in an hour.
The counter automatically adjusts if the number increases beyond one hundred.

Distributions
Displays the number of managed installations, scripts, and file synchronizations that are enabled. This also
displays the number of alerts that you have configured.
The counter automatically adjusts if the number increases beyond thirty.

Software Threat Level
Displays the number of machines on various software threat levels.
The number of machines displayed on the Y axis automatically adjusts if the number of
machines found on a particular threat level increases beyond twelve.
License Compliance
Displays the number of machines that use a particular licensed software. For example, the following figure
displays a licensed software named Adobe flash player 9, which can be used on one thousand
machines. In this example, this software is used by twelve machines.

KBOX Network Load
Displays the number of sockets connected to the server.
The counter automatically adjusts if the number of sockets connected increases beyond
one hundred.
Managed Operating Systems

Displays the number, in percentage, of various operating systems present in the inventory.

To view KBOX Summary Details:
1. Select Reporting | Summary.

The KBOX Summary page appears.
2. Scroll down, and then click View Details.
The KBOX Summary Details page appears.
3. The sections that follow provide a description of the summary details provided.
As this page is refreshed, the record count information is refreshed. New KBOX 1000
Series installations will mostly contain zero or no record counts.
Computer statistics
Provides a summary of the computers on your network, including a breakdown of the operating systems in
use. In addition, if the number of computers on your network exceeds the number allowed by your KBOX
1000 Series license key, a notification to that effect will be displayed here.
Software statistics
Provides a summary of the software in KBOX 1000 Series Inventory. Includes the number of software titles
that have been uploaded to the KBOX 1000 Series.
Software Distribution Summary

Provides a summary of the packages that have been distributed to the computers on your network,
separated out by distribution method. Also indicates the number of packages that are enabled vs.
disabled.
Alert Summary
Provides a summary of the alerts that have been distributed to the computers on your network, separated
by message type. This also indicates the number of alerts that are active vs. expired.
The IT Advisory refers to the number of Knowledge Base Articles in Help Desk.

Patch Bulletin Information
Provides a summary of the patches received from Microsoft. Includes the date and time of the last patch
download (successful and attempted) and the number of bulletins in the KBOX 1000 Series.
OVAL Information
Provides a summary of the OVAL definitions received and the number of vulnerabilities detected on your
network. Includes the date and time of the last OVAL download (successful and attempted) and the
number of OVAL tests in the KBOX 1000 Series, in addition to the numbers of computers that have been
scanned.
Network Scan Summary

Provides a summary of the results of Network Scans run on the network. Includes the number of IP
addresses scanned, the number of services discovered, the number of devices discovered, as well as the
number of detected devices that are SNMP-enabled.

LDAP Browser
The LDAP Browser allows you to browse and search the data located on the LDAP Server. For example,
Active Directory Server.
You must have the Bind DN and the Password to log on to the LDAP Server.
To use the LDAP Browser:
1. Select Reporting | LDAP Browser.

2. Specify the LDAP Server Details
LDAP Server Specify the IP or the Host Name of the LDAP Server.
HOSTNAME
LDAP Port Specify the LDAP Port number, which could be either 389/636 (LDAPS).
LDAP Login Specify the Bind DN
For example:
CN=Administrator,CN=Users,DC=kace,DC=com
3. Click test.
4. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names)
available on that directory is displayed. These base DNs can be used as a start point to browse and
search the directory.
If the connection was not established, the Operation Failed message appears, which could be due to
one of the following reasons:
The IP or Host Name provided is incorrect.
The LDAP server is not up.
The login credentials provided are incorrect.
5. Click a Base DN or click next.
A new window displays the Search Base DN and the Search Filter. The Search Base DN is populated on
the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN
and the Search Filter.
6. You can also use the Filter Builder to create complex filters. Click Filter Builder. The Query Builder
is displayed. Specify the following information.
Attribute Name Specify the Attribute Name. For example, samaccountname.

Relational Operator Select the relational operator from the drop-down list. For
example, =.
Attribute Value Specify the attribute value. For example, admin.

7. To add more than one attribute:
Conjunction Operator Select the conjunction operator from the drop - down list. For
example, AND.
Note: This field is available for the previous attribute only when
you add a new attribute.
Add Click Add. You can add multiple attributes.
Search Scope Click One level to search at the same level or click Sub-tree
level to search at the sub-tree level.
8. Click OK. The query appears in the Search Filter text area. For example,
(samaccountname=admin).
9. Click Browse to display all the immediate child nodes for the given base DN and search filter. Click
Search to display all the direct and indirect child nodes for the given base DN and search filter.
The search results are displayed in the left panel.

10. Click a child node to view its attributes.
The attributes are displayed in the right panel.

A P P E N D I X A
Adding steps to a Task
This appendix documents steps for tasks of a script. The

steps documented here are available on the Scripting tab.
For more information, see “Scripting,” on page 91.
“Steps for Task sections,” on page 204

Steps for Task sections
Refer to the following table when adding steps to a Policy or Job Task. These are the steps available in the
step drop-down lists in the Verify, On Success, Remediation, On Remediation Success, and On Remediation
Failure sections of a task. The Column headings V, OS, R, ORS, and ORF indicate whether a particular step
is available in the corresponding Task sections.
Step Explanation V OS R ORS ORF
Always Fail X X
Call a Custom DLL Call function "%{procName}" from X X X
Function "%{path}\%{file}"
Create a Custom Create object "%{className}" from X X X
DLL Object "%{path}\%{file}"
Create a message Create a message window named X X X X X
window "%{name}" with title "%{title}", message
"%{message}" and timeout "%{timeout}"
seconds.
Delete a registry Delete "%{key}" from the registry. X X

key
Delete a registry Delete "%{key}!%{name}" from the reg- X X
value istry.
Destroy a message Destroy the message window named X X X X X
window "%{name}".
Install a software Install "%{name}" with arguments X X
package "%{install_cmd}".
Note: This step requires you to choose
from a list of software packages already
uploaded using the functionality in the
Inventory/Software tab. For more infor-
mation, see “Adding Software to Inven-
tory,” on page 39.
Kill a process Kill the process "%{name}". X X X X X

Launch a program Launch "%{path}\%{program}" with X X X X X
params "%{parms}".
Log a registry value Log “%{key}!%{name}”. X
Log file information Log “%{attrib}”from “%{path}\%{file}” X X X
Log message Log “%{message}”to “%{type}” X
Restart a service Restart service “%{name}” X
Table A-1: Steps for Tasks in Policy & Job scripts

Run a batch file Run the batch file "%{_fake_name}" with X X X

params "%{parms}".
Note: In this step, you do not need to

upload the batch file. You create the batch
file by pasting the script in the space pro-
vided.
Search the file sys- Search for "%{name}" in "%{startingDi- X
tem rectory}" on "%{drives}" and "%{action}".
Set a registry key Set "%{key}". X X
Set a registry value Set "%{key}!%{name}" to
"%{newValue}". X X
Start a service Restart service “%{name}” X
Stop a service Stop service “%{name}” X
Unzip a file Unzip "%{path}\%{file}" to "%{target}". X X X X
Update message Set the text in the message window X X X X
window text named "%{name}" to "%{text}".
Update Policy and Update policy and job schedule from KBOX X
Job schedule 1000 Series
Upload a file Upload "%{path}\%{file}" to the server. X X
Upload \ logs Upload KBOX Agent logs to KBOX 1000 X X X X
Series
Verify a directory Verify that the directory "%{path}" exists. X
exists
Verify a file exists Verify that the file "%{path}\%{file}" X
exists.
Verify a file version Verify that the file "%{path}\%{file}" has X
is exactly version "%{expectedValue}".
is greater than version greater than "%{expectedValue}".
is greater than or version greater than or equal to
equal to... "%{expectedValue}”

is less than version less than "%{expectedValue}".
is less than or equal version less than or equal to "%{expected-
to Value}

Verify a file version Verify that the file "%{path}\%{file}" does X

is not not have version "%{expectedValue}".
Verify a file was Verify that the file "%{path}\%{file}" was X
modified since modified since "%{expectedValue}".
Verify a process is Verify the process "%{name}" is not run- X
not running ning.
Verify a process is Verify the process "%{name}" is running. X
running
Verify a product ver- Verify that the product "%{path}\%{file}" X
sion is exactly.. has version "%{expectedValue}"
sion is greater than has version greater than "%{expected-
Value}".
sion is greater than has version greater than or equal to
or equal to... "%{expected-Value}”

sion is less than has version less than "%{expectedValue}".
sion is less than or has version less than or equal to
equal to "%{expectedValue}”
sion is not does not hav version "%{expectedValue}"
Verify a registry key Verify that "%{key}" does not exist. X
does not exist
Verify a registry key Verify that "%{key}" exists. X
exists
Verify a registry Verify that "%{key}" has exactly X
key’s subkey count "%{expectedValue}" subkeys.
is exactly
Verify a registry Verify that "%{key}" has greater than X
is greater than
Verify a registry Verify that "%{key}" has greater than or X
key’s subkey count equal to "%{expectedValue}" subkeys.
is greater than or
equal to
Verify a registry Verify that "%{key}" has less than X
is less than

Verify a registry Verify that "%{key}" has less than or X

key’s subkey count equal to "%{expectedValue}" subkeys.
is less than or equal
to
Verify a registry Verify that "%{key}" does not have exactly X
is not
Verify a registry Verify that "%{key}" has exactly X
key’s value count is "%{expectedValue}" values.
exactly
Verify a registry Verify that "%{key}" has greater than X
greater than
Verify a registry Verify that "%{key}" has greater than or X
key’s value count is equal to "%{expectedValue}" values.
greater than or
equal to
Verify a registry Verify that "%{key}" has less than X
less than
Verify a registry Verify that "%{key}" has less than or X
key’s value count is equal to "%{expectedValue}" values.
less than or equal to
Verify a registry Verify that "%{key}" does not have exactly X
not
Verify a registry pat- Verify that "%{key}!%{name}=%{expect- X
tern doesn’t match edValue}" doesn't match.
Verify a registry pat- Verify that "%{key}!%{name}=%{expect- X
tern matches edValue}" matches.
Verify a registry Verify that "%{key}!%{name}" does not X
value does not exist exist
Verify a registry Verify that "%{key}!%{name}" exists X
value exists
Verify a registry Verify that "%{key}!%{name}" is equal to X
value is exactly "%{expectedValue}"
Verify a registry Verify that "%{key}!%{name}" is greater X
value is greater than "%{expectedValue}"
than
Verify a registry Verify that "%{key}!%{name}" is greater X
value is greater than or equal to "%{expectedValue}"
than or equal to

Verify a registry Verify that "%{key}!%{name}" is less X

value is less than than "%{expectedValue}"
Verify a registry Verify that "%{key}!%{name}" is less X
value is less than or than or equal to "%{expectedValue}"
equal to
Verify a registry Verify that "%{key}!%{name}" is not X
value is not equal to "%{expectedValue}"
Verify a service Verify the service "%{name}" exists X
exists
Verify a service is Verify the service "%{name}" is running X
running

A P P E N D I X B
Database tables
This appendix contains a list of the table names used in

the KBOX 1000 Series database. Use this as a reference
when creating custom reports.
“KBOX 1000 Series database tables,” on page 210

KBOX 1000 Series database tables
Refer to the following table when creating custom reports. For more information, see Chapter
13,“Reporting,” starting on page 183.
Table Used In
ADVISORY HelpDesk
ADVISORY_LABEL_JT HelpDesk
AUTHENTICATION KBOX
CLIENTDIST_LABEL_JT KBOX
CLIENT_DISTRIBUTION KBOX
CR_CLIENT_CRASH KBOX
CR_SERVER_CRASH KBOX
CUSTOM_FIELD_DEFINITION Custom Fields
FILTER Labeling
FS File Synchronization
FS_LABEL_JT File Synchronization
FS_MACHINE_JT File Synchronization
GLOBAL_OPTIONS KBOX
HD_ATTACHMENT Help Desk
HD_CATEGORY Help Desk
HD_EMAIL_EVENT Help Desk
HD_IMPACT Help Desk
HD_MAIL_TEMPLATE Help Desk
HD_PRIORITY Help Desk
HD_QUEUE Help Desk
HD_QUEUE_PRIORITY Help Desk
HD_QUEUE_STATUS Help Desk
HD_STATUS Help Desk
HD_TICKET Help Desk
HD_TICKET_CHANGE Help Desk
HD_TICKET_RELATED Help Desk
HD_WORK Help Desk
KBOT Scripting
Table B-1: KBOX 1000 Series database table names

Table Used In
KBOT_CRON_SCHEDULE Scripting
KBOT_DEPENDENCY Scripting
KBOT_EVENT_SCHEDULE Scripting
KBOT_FORM Scripting
KBOT_FORM_DATA Scripting
KBOT_GRAMMAR Scripting
KBOT_GRAMMAR_ATTRIBUTE Scripting
KBOT_LABEL_JT Scripting
KBOT_LOG Scripting
KBOT_LOG_DETAIL Scripting
KBOT_LOG_LATEST Scripting
KBOT_OS_JT Scripting
KBOT_RUN Scripting
KBOT_RUN_MACHINE Scripting
KBOT_RUN_TOKEN Scripting
KBOT_UPLOAD Scripting
KBOT_UPLOAD_TOKEN Scripting
KBOT_VERIFY Scripting
KBOT_VERIFY_STEPS Scripting
KBOX_VERSION KBOX
LABEL Labeling
LDAP_FILTER Labeling
LDAP_IMPORT_USER User
LICENSE Inventory
LICENSE_MODE Inventory
MACHINE Inventory
MACHINE_CUSTOM_INVENTORY Inventory
MACHINE_DISKS Inventory
MACHINE_KUID Inventory
MACHINE_LABEL_JT Inventory
MACHINE_NICS Inventory

Table Used In
MACHINE_NTSERVICE_JT Inventory
MACHINE_PROCESS Inventory
MACHINE_PROCESS_JT Inventory
MACHINE_SOFTWARE_JT Inventory
MACHINE_STARTUP_PROGRAMS Inventory
MACHINE_STARTUPPROGRAM_JT Inventory
MESSAGE Alerts
MESSAGE_LABEL_JT Alerts
MI Managed Installs
MI_ATTEMPT Managed Installs
MI_LABEL_JT Managed Installs
METER Software Metering
METER_COUNTER Software Metering
MSP_AFFECTEDPRODUCT Patching
MSP_AFFECTEDSERVICEPACK Patching
MSP_BULLETIN Patching
MSP_BULLETIN_STATUS Patching
MSP_LOCATION Patching
MSP_MI_TEMPLATE Patching
MSP_MI_TEMPLATE_LABEL_JT Patching
MSP_PATCH Patching
MSP_PATCH_OS_VERSION Patching
MSP_PRODUCT Patching
MSP_SERVICEPACK Patching
MSP_SERVICEPACK_MACHINE_JT Patching
MSP_SEVERITY Patching
MSP_UPDATE_STATUS Patching
NETWORK_SETTINGS KBOX
NODE Network Scan
NODE_LABEL_JT Network Scan
NODE_PORTS Network Scan

Table Used In
NODE_SNMP_IF Network Scan

NODE_SNMP_SYSTEM Network Scan
NOTIFICATION Alerts
NTSERVICE Inventory
OPERATING_SYSTEMS Inventory
OVAL_DEFINITION OVAL
OVAL_STATUS OVAL
OVAL_UPDATE_STATUS OVAL
PORTAL User Portal
PORTAL_LABEL_JT User Portal
PROCESS Inventory
PORT_SERVICES KBOX
REPLICATION_SHARE Replication
REPORT Reporting
REPORT_FIELD Reporting
REPORT_FIELD_GROUP Reporting
REPORT_JOIN Reporting
REPORT_OBJECT Reporting
SCAN_FILTER Labeling
SCAN_SETTINGS Network Scan
SERVER_LOG KBOX
SOFTWARE Inventory
SOFTWARE_LABEL_JT Inventory
SOFTWARE_OS_JT Inventory
STARTUPPROGRAM Inventory
THROTTLE KBOX
TIME_SETTINGS KBOX
TIME_ZONE KBOX
USER User
USER_HISTORY User Portal
USER_KEYS User Portal

Table Used In
USER_LABEL_JT User

A P P E N D I X C
Manual Deployment of KBOX

Agent
This appendix contains a list of tasks and commands that

you can carry out using the command line interface.
“Manual Deployment of KBOX Agent on Linux,” on page 217

“Manual Deployment of KBOX Agent on Solaris,” on page 219
“Manual Deployment of KBOX Agent on Macintosh,” on page 221
Manual Deployment of KBOX Agent on
Linux
Installing and Configuring the KBOX Agent
1. Ensure that you have kboxagent-buildnumber.i386.rpm on your computer.
2. Open the command line interface.
3. Type rpm -ivh kboxagent-buildnumber.i386.rpm, and then press ENTER.
The installer creates the following directories on your computer:
/KACE
/KACE/bin
/KACE/lib
/KACE/data
/var/KACE/kagentd. This directory contains the kbot_config.yaml file.
4. Type cd KACE/bin, and then press ENTER.
5. Set the name of the KBOX server by typing ./setkbox name_of_kbox_server.
6. Restart all KBOX Agent services and connect to the KBOX server by typing ./runallkbots.
Upgrading the KBOX Agent

1. Ensure that you have kboxagent-buildnumber.i386.rpm on your computer.
3. Type rpm -uvh kboxagent-linux_buildnumber.rpm, and then press ENTER.
Removing the KBOX Agent

2. Type rpm -e kboxagent-buildnumber.i386, and then press ENTER.
Verifying Deployment of the KBOX Agent

This section describes the various tasks you can perform to manage the KBOX agent using the command
line interface.
Starting and Stopping the KBOX Agent

3. To start the KBOX agent, type ./kagentctl start, and then press ENTER.
To stop the KBOX agent, type ./kagentctl stop, and then press ENTER.
Checking Whether the Agent is Running

2. Type ps aux | grep kagentd, and then press ENTER.

Checking the Version of the KBOX Agent
2. Type cat /KACE/data/version, and then press ENTER.
Performing an Inventory
2. Type sudo /KACE/bin/inventory, and then press ENTER.
If you want to save the inventory results to a file, type sudo /KACE/bin/inventory > 'uname -
n'.txt, and then press ENTER. This command saves the inventory results to a file named
yourcomputer.txt, where yourcomputer is the name of your computer.
Enabling Debugging
2. Type sudo touch /var/kace/kagentd/debug_agent.tag, and then press ENTER.
3. Type sudo /etc/rc.d/init.d/kagentctl stop, and then press ENTER.
4. Type sudo /etc/rc.d/init.d/kagentctl start, and then press ENTER.
The debug_agent.log file contains debug logs.

Solaris
1. Ensure that you have KBOX-agent-all-buildnumber.pkg.gz on your computer.
3. Type /usr/bin/gunzip KBOX-agent-all-buildnumber.pkg.gz, and then press ENTER.
4. Type /usr/sbin/pkgadd -n -d KBOX-agent-all-buildnumber.pkg all, and then press
ENTER.
/KACE
/KACE/bin
/KACE/lib
/KACE/data
/var/KACE/kagentd. This directory contains the kbot_config.yaml file.

1. Ensure that you have KBOX-agent-all-buildnumber.pkg.gz on your computer.
3. Type /etc/init.d/kagentctl stop, and press ENTER.
4. Type /usr/sbin/pkgrm -A -n KBOX-agent, and press ENTER.
5. Type /usr/bin/rm -rf /KACE/, and press ENTER.
6. Type /usr/bin/gunzip -v KBOX-agent-all*.pkg.gz, and press ENTER.
7. Type /usr/sbin/pkgadd -n -d KBOX-agent-all*.pkg all, and press ENTER.
8. Type /etc/init.d/kagentctl start, and press ENTER.

2. Type /etc/init.d/kagentctl stop, and press ENTER.
3. Type /usr/sbin/pkgrm -A -n KBOX-agent, and press ENTER.
4. Type /usr/bin/rm -rf /KACE/, and press ENTER.

line interface.


2. Type ps ef | grep kagentd, and then press ENTER.

2. Type cat /KACE/data/version, and then press ENTER.
2. Type sudo /KACE/bin/inventory, and then press ENTER.
If you want to save the inventory results to a file, type sudo /KACE/bin/inventory > 'uname -
n'.txt, and then press ENTER. This command saves the inventory results to a file named
yourcomputer.txt, where yourcomputer is the name of your computer.
Enabling Debugging
3. Type sudo /etc/init.d/kagentctl stop, and then press ENTER.
4. Type sudo /etc/init.d/kagentctl start, and then press ENTER.

Macintosh
To run the commands the user must be logged in as root.

1. Double-click KBOX Agent 3.1.buildnumber.dmg.
2. Double-click KBOX Agent.pkg.
3. In the Introduction page, and then click Continue.
4. In the Read Me page, click Continue.
5. In the Select Destination page, select the destination volume where you want to install the KBOX
agent, and then click Continue.
6. In the Installation Type page, click Install.
7. In the Finish Up page, click Close.
/Library/KBOXAgent/Home/bin
/Library/KBOXAgent/Home/data
/Library/KBOXAgent/Home/lib
/var/kace/kagentd. This directory contains the kbot_config.yaml file.
8. Type cd Library/KBOXAgent/Home/bin, and then press ENTER.

1. Double-click KBOX Agent 3.1.buildnumber.dmg.
2. Double-click KBOX Agent.pkg.
3. In the Introduction page, and then click Continue.
4. In the Read Me page, click Continue.
5. In the Select Destination page, select the destination volume where you want to install the KBOX
agent, and then click Continue.
6. In the Installation Type page, click Upgrade.
7. In the Finish Up page, click Close.

1. Browse to /Library/KBOXAgent.
2. Removing the KBOX Agent, you first need to Drag the KBOXAgent folder to the Trash and then kill
the process ID.

line interface.

1. Open Terminal from the Applications/Utilities folder.
2. Type cd Library/KBOXAgent/Home/bin, and then press ENTER.

2. To check if the kagentd process is running enter the command ps aux | grep kagentd, and then press
ENTER. The process is running if you see the following result:
root 2159 0.0 1.1 94408 12044 p2 S 3:26PM 0:10.94 /Library/KBOXAgent/Home/bin/kagentd

2. Type cat Library/KBOXAgent/Home/data/version, and then press ENTER.
2. Type sudo Library/KBOXAgent/Home/bin/inventory, and then press ENTER.
If you want to save the inventory results to a file, type sudo Library/KBOXAgent/Home/bin/
inventory > computer_name.txt. Replace computer_name with the name of your computer, and
then press ENTER. This command saves the inventory results to a file named computer_name.txt,
where computer_name is the computer name that you specified.
Enabling Debugging
3. Type sudo /Library/KBOXAgent/Home/bin/kagentctl stop, and then press ENTER.
4. Type sudo /Library/KBOXAgent/Home/bin/kagentctl start, and then press ENTER.

A P P E N D I X D
Agent Customization
This appendix explains the procedure to create a self-ex-

ecuting zip file that includes custom installation items like
non-standard path or custom server name.
“Agent Customization,” on page 225

Agent Customization
You can create a self-executing zip file that includes custom installation items like non-standard path or
custom server name.
To create a self-executing zip that includes custom installation:
1. Copy the necessary files for your customization. You will need the following files:
7zip-v442.exe, available at \\kdisk\kace_corporate\software\7-Zip\7zip-v442.exe
7zip-v442_extra.zip, available at \\kdisk\kace_corporate\software\7-Zip\7zip-v442_extra.zip
The KInstallerSetup.exe, from the client version you want to customize. This file is available at the
KACE Support Website.
2. Install 7-zip.
3. Unzip the 7zip_v442_extra.zip file into the directory where the 7-zip is installed. (by default the
directory is C:\Program Files\7-Zip).
Ensure that the file 7zS.sfx is in the top-level directory. 7-Zip-install path is used for this location. This
file is important because it has the actual executable stub for a self-extracting installer executable.
4. Start the 7-Zip File Manager from the start menu.
5. Select the KInstallerSetup.exe executable for the client version to customize using the 7-Zip File
Manager.
6. Click the extract button to extract it into a directory of your choice. Keep the Current Pathnames
selected in the Path mode box. The Overwrite without prompt option can be selected for the Overwrite
Mode. Do not specify a password.
7. Navigate to that folder and edit the kinstaller.exe.config file with a text editor to change any settings for
customization. The display_mode can have the values interactive, quiet, and silent. server_name is the
hostname of the server.
8. Save your changes. Execution of the kinstaller.exe file in this directory installs with the settings as
specified in the .config file.
9. Open the 7-Zip File Manager and select kinstaller.exe, kinstaller.exe.config, es-ES and install_files.
10. Click the Add button. The archive format is 7z, Create SFX archive in the options box is cleared.
11. Save the .7z file and note down the path. I'll call my file "jkboxInstaller.7z" and the path to it will be
<<jkbox-installpath>>
12. Create a text file - config.txt - which includes the settings for the self-executing zip. Ensure that the
file is saved with UTF-8 encoding. The file should contain the following commands, which will indicate
to 7-zip that the kinstaller should run when the self-executing zip runs:
;!@Install@!UTF-8!
Progress="no"
RunProgram="kinstaller.exe"
Directory=""
;!@InstallEnd@!
13. Open a new command-line window.
14. Execute the following command to create a self-executing file from the .7z file.

15. Copy /b "<<7-Zip-install>>\7zS.sfx" + "<<config-file-path>>\config.txt" + "<<jkbox-
installpath>>\jkboxInstaller.7z" "<<Installer_Name>>.exe"

A P P E N D I X E
Warranty, Licensing, and

Support
“Warranty and Support Information,” on page 228.

Warranty and Support Information
Information concerning hardware and software warranty, hardware replacement, product returns,
technical support terms and product licensing can be found in the KACE End User License agreement
accessible at:
HTTP://WWW.KACE.COM/LICENSE/STANDARD_EULA

KBOX Administrator Guide 3.3

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

KBOX Administrator Guide 3.3

Încărcat de

Drepturi de autor:

Formate disponibile

A D M I N G U I D E

Administrator Guide for KBOX 1000 Series

Welcome to KBOX 1000 ownership!

KACE Technical Support

Kace Networks, Inc.

Ch. 1 Getting Started with KBOX 1000 Series ........1

Introduction to KBOX 1000 Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Setting Up Your New KBOX server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Ch. 2 Agent Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Single Machine Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Overview of the Inventory Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Understanding Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Administrator Guide for KBOX 1000 Series, version 3.3 i

Adding computers to inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Monitoring out-of-reach Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Administrator Guide for KBOX 1000 Series, version 3.3 ii

Overview of Asset Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Distribution Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Examples of Common Deployments on Windows . . . . . . . . . . . . . . . . . . . . . . . . 79

Examples of Common Deployments on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Examples of Common Deployments on Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Examples of Common Deployments on Macintosh(r) . . . . . . . . . . . . . . . . . . . . 91

Wake-on-LAN Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Administrator Guide for KBOX 1000 Series, version 3.3 iii

Scripting Module Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Using the Run Now Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Searching Scripting Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Ch. 9 Patching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Overview of Patching feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Updating Patch definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Ch. 10 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Security Module Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

OVAL Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

OVAL Settings and Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Administrator Guide for KBOX 1000 Series, version 3.3 iv

Ch. 11 User Portal and Help Desk . . . . . . . . . . . . . . . . . . . . . . . . . 146

Overview of the User Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Understanding the Software Library feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Using the Knowledge Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Managing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Overview of the Help Desk Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Managing Help Desk tickets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Running Help Desk Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Ch. 12 Server Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

KBOX 1000 Series maintenance overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Restoring KBOX 1000 Series Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Updating KBOX 1000 Series software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Administrator Guide for KBOX 1000 Series, version 3.3 v

Ch. 13 Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

KBOX 1000 Series Reports overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Alert Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Email Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

KBOX 1000 Series Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

LDAP Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

Appendix A Adding steps to a Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Steps for Task sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Appendix B Database tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

KBOX 1000 Series database tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Appendix C Manual Deployment of KBOX Agent . . . . . . . . . . . . . . . . . . . 216

Manual Deployment of KBOX Agent on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Manual Deployment of KBOX Agent on Solaris . . . . . . . . . . . . . . . . . . . . . . . . . 219

Administrator Guide for KBOX 1000 Series, version 3.3 vi

Manual Deployment of KBOX Agent on Macintosh . . . . . . . . . . . . . . . . . . . . . . 221

Appendix D Agent Customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224