Documente Academic
Documente Profesional
Documente Cultură
Version 3.3
© 2004-2007 Kace Networks, Inc. All rights reserved.
Welcome to version 3.3 of the KBOX 1000 Series appliance. This Administrator Guide is designed to help
you install, configure, use, and maintain your KBOX 1000 Series appliance. KACE is dedicated to cus-
tomer success with our primary goal being your ability to quickly utilize your KBOX 1000 Series appli-
ance to save time and eliminate the tedious task of manual inventory, software, and desktop management.
If at any time you experience a problem, or have a question regarding your KBOX 1000 Series appliance,
please contact one of our support representatives for assistance.
Support Contact:
Company Contact:
Ch. 3 Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Adding Software to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Adding Software Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Adding Software Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Creating Software Asset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Custom Data Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Attaching a Digital Asset to a Software Title . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Software Metering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Adding a Software Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Editing Software Meter Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Deleting a Software Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Configuring the Software Metering Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Software Lookup Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Enabling Software Lookup Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Viewing Software Lookup Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Managing Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Generating Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Importing Asset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Ch. 5 IP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
IP Scan Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Viewing List of Scheduled Scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Creating an IP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Ch. 6 Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Managed Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Creating a Managed Installation for Windows Platform . . . . . . . . . . . . . . . . . . . . . . . . . 75
Sharing Managed Software Installation Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Creating a Replication Share. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Viewing Replication Share Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Ch. 7 Wake-on-LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
In addition, the symbol to the left denotes an item of interest. These include common
configuration questions, specific KBOX behavior, or items that deserve particular
attention.
Format Description
Additional resources
In addition to this Administrator Guide, KACE also provides the following resources to assist you in
installing, configuring, and maintaining the KBOX 1000 Series.
Contacting Support
At KACE, customers are our highest priority, and we structure our support policies and procedures
accordingly. Your purchase of the KBOX 1000 Series includes software updates, telephone support, and
access to an on-line support portal, which includes:
The most up-to-date software and documentation
Knowledge base of frequently asked questions
Details on the most common software package installation switches
Other IT management information.
The KACE support team is dedicated to helping you make the most efficient use of your KBOX 1000 Series
appliance for your organization. KACE and KACE Certified Partners can help you get the most out of your
KBOX 1000 Series appliance with the KBOX™ JumpStart Program and KACE Professional Services.
Solution Components
The KBOX 1000 Series solution is comprised of four primary points of human interface:
The Box - The KBOX 1000 Series Systems Management Appliance itself is a high-performance server
including (depending on configuration) dual on-board Xeon processors, dual NIC controllers, 1 GB of
memory (or more), 3 X 150 GB hard drives (or more) with on-board RAID I support and on-board
nightly back up.
Administrator Console - The administrator console is a web-based interface that systems
administrators use to access and direct the functionality and capabilities within the KBOX 1000 Series.
The administrator console supports five primary tasks: Inventory Management, Software Distribution,
User Portal, Reporting and, KBOX Settings. Depending on your KBOX 1000 Series configuration you may
also have Asset, Scripting, Security, and Help Desk tabs. These are add-on modules. For more
information contact the KACE sales team at sales@kace.com or via phone at 1-888-522-3638.
User Portal - The User Portal provides an innovative method for administrators to make software titles
available to users on a self-service basis. The end-user portal is not intended to replace traditional push
software distribution (as is handled by the Administrator Console and the KBOX Agent). However, the
User Portal provides an elegant repository for software titles that are not required by all users. If you
have installed the optional Help Desk module, the User Portal also provides a way for users to submit
and track help desk tickets.
KBOX Agent - The KBOX Agent is the KBOX 1000 Series technology that sits on each desktop that the
KBOX 1000 Series manages. The KBOX Agent includes an application component that manages
downloads, installations, and desktop inventory. The KBOX Agent also includes the KBOX Agent
Management Service that initiates scheduled tasks such as inventory or software update tasks.
Organizational Components
KACE Networks recognizes that a large part of IT management is tied into data management. As such,
KBOX 1000 Series supports a flexible data model for managing computers, software, users and license
keys:
LDAP Support - The KBOX 1000 Series includes the ability to auto-discover information via the KBOX
Agent or to interface with Active Directory or LDAP organizational units.
Filters - Filters enable administrators to manage computers and users based on specified filter criteria.
Labels - The KBOX 1000 Series offers advanced labeling capability that puts ad-hoc organizational
capabilities in the hands of the software administrator.
Managed Installations can be configured by the administrator to run silently or in the forefront of
the user’s desktop view. Within a “Managed Installation Definition” the administrator can define install,
uninstall, or command-line parameters. See “Managed Installations,” on page 74 for detailed
information on Managed Installations.
File Synchronization is a different way to distribute content to computers with the KBOX agent
software. Unlike Managed Installations, File Synchronization is used to distribute files that needs to be
placed on a users’ machine without running an installer.
See “File Synchronizations,” on page 89 for detailed information on File Synchronization.
User Portal Packages are earmarked by administrators for user self-service. Many KACE customers
use the portal for handling occasional use applications, print drivers and so on. You also can use the
User Portal to resolve Help Desk issues by allowing users to download and install fixes. See “Overview
of the User Portal,” on page 147 for detailed information on User Portal Packages.
KBOX Agent is a special tab in the interface for managing the KBOX Agent. See the Chapter 2,“Agent
Provisioning,” starting on page 14 for details on how to configure and carry out these tasks.
The sections that follow describe how to configure the KBOX 1000 Series to meet the needs of your
organization.
KBOX Server (DNS) Defaults to kbox It is recommended that you add a static IP entry for
Hostname “kbox” to your DNS, and use the default Hostname and
Web Server Name. The fully-qualified domain name of
Web Server Name the KBOX on your network is the value of Hostname
Defaults to kbox
concatenated with Domain (for example,
kbox.kace.com). Clients will connect to KBOX using the
Web Server Name, which can be the hostname, fully-
qualified domain name, or IP address (for example,
kbox).
Static IP Address The IP address of
the KBOX server
lDomain The domain that the Defaults to corp.kace.com
KBOX is on
Subnet mask Your subnet mask Defaults to 255.255.255.0
Default gateway The network gate-
way for the KBOX
server
5. After entering all values, click Apply. Then reboot the KBOX.
Log in to confirm web access to the KBOX
While the KBOX reboots, plug the Ethernet cable into the port closest to the KBOX power supply, and
connect it to a router or hub on your network. Verify the KBOX is now online by browsing to http://
kbox/admin on another computer. If this URL doesn’t open KBOX, try http://defaultip/admin, where
default ip is the static IP address that you have assigned to the KBOX.
After accepting the EULA (End User License Agreement), log in using the credentials admin/admin. If you
can access the KBOX Management Center successfully, it indicates that the KBOX network settings are
entered correctly.
Suggested
Field Notes
Value
Config Friendly My First KBOX agent This is the identifying name that you will see in lists of
Name installation available configurations.
Provision IP Range Enter the IP of a Your own PC would be a great example, but you can
Windows PC that choose any machine that is accessible on the network
you have access to and for which you have administrative credentials.
Under “Windows Network Administrative Credentials”
Domain (or work- The domain or work-
group) group associated
with the credentials
you are using
User name An administrative The installation requires an account with administrative
account with access privileges to work. Generally, this will be a domain
to the target administrator but it could also be a local administrator
machine account.
Suggested
Field Notes
Value
Config Friendly My First KBOX agent This is the identifying name that you will see in lists of
Name installation available configurations.
Provision IP Range Enter the IP of a Your own PC would be a great example, but you can
Linux, Macintosh, or choose any machine that is accessible on the network
Solaris PC that you and for which you have administrative credentials.
have access to
Under “Network Root Credentials”
User name An administrative The installation requires an account with administrative
account with access privileges to work. Generally, this will be a domain
to the target administrator but it could also be a local administrator
machine account.
Password The password for
the account entered
above
Log-in Script:
Some companies use log-in scripts that provide a great mechanism for deploying the KBOX Agent at
login time. If you use log-in scripts, simply post the appropriate file in an accessible directory and create
the appropriate script for KBOX Agents to retrieve the file at log-in time.
Below is a sample Windows login script which checks for the presence of Microsoft’s .NET framework on
the client machine, and installs the appropriate components in order to deploy the KBOX Agent:
----------------------------------------------------------------------------------------------------
@echo off
if not exist "%windir%\microsoft.net" goto neednet
echo .NET already installed.
goto end
:neednet
start /wait \\location\ dotnetfx.exe /q:a /c:"install /l /q"
:end
if not exist "C:\Program Files\KACE\KBOX" goto needkbox
echo KBOX Agent already installed.
goto end
:needkbox
MsiExec.exe /qn /l* kbmsi.log /I \\location\KInstallerSetupSilent.msi
ALLUSERS=2
:end
-----------------------------------------------------------------------------------------------
Company-Institution Enter the name of your com- This name appears in any pop-up windows
Name pany. or alerts displayed to your users.
Organization Name Enter the name of your divi-
sion or organization.
User Email Suffix Enter the domain to which For example, kace.com.
your users send email.
Administrator Email Enter the email address of the This address will receive system-related
KBOX 1000 Series administra- alerts, including any critical messages.
tor.
Send crash report to Select this check box to send a This option is recommended, since it pro-
KACE report to KACE in the event of vides additional information to the Kace
a KBOX 1000 Series crash. technical support team in case you need
assistance.
Enable KACE Soft- Select this check box to be
ware Lookup Service able to access online data
(SLS) about common software appli-
cations and how to deploy/
remove them and share anon-
ymous information about the
software on machines in your
environment.
When updating the time zone, the KBOX 1000 Series Web Server will be restarted in
order for it to reflect the new zone information. Active connections may be dropped
during the restart of the Web server. You may need to manually refresh this page in the
browser in order to display the new zone settings.
6. In the Logo Overrides area, specify the images to display in the following areas, then click Upload
Logos:
7. Machine Actions allow you to define one-click actions to carry out against KBOX Agent machines. To
customize which action will be carried out, choose an action next to either Action #1 or Action #2, then
click Set Actions to save the changes.
You can run these Machine Actions by clicking either (Machine Action 1) or (Machine Action 2)
next to the computer record on the Inventory | Computers tab. For more information, see
“Overview of the Inventory Feature,” on page 27.
8. In the Network Scan Options, select the Show unreachable devices in scan inventory check
box if desired, then click Set Scan Options.
9. In the Optional Ignore Client IP Setting, enter any IP addresses you would like ignored as the client IP
and then click Save List. This might be appropriate in cases where multiple machines could report
themselves with the same IP address, like a proxy address.
Any changes made to the Network settings on this page will force the KBOX to reboot
after saving. Total reboot downtime should be 1 to 2 minutes provided that the changes
result in a valid configuration.
2. Under the Optional Network Time settings, indicate whether the KBOX should consult a Network Time
Server and what the server’s hostname is.
3. In the Optional Proxy Settings area, specify the following proxy settings, if necessary:
Specify the proxy type, either HTTP or SOCKS5 in the Proxy Type list.
Specify the name of the proxy server in the Proxy Server field.
Specify the port for the proxy server, the default port is 8080 in the Proxy Port field.
Select the Proxy (Basic) Auth check box to use the local credentials for accessing the proxy server.
Agent Provisioning
The Agent Provisioning feature enables you to install the
KBOX agent on machines in your environment directly
from the KBOX. You could deploy multiple machines si-
multaneously by creating a configuration that identifies an
IP range rather than a single IP. The procedure for Agent
Provisioning varies for Windows and non-Windows oper-
ating systems.
1. Select Distribution | KBOX Agent. The KBOX Agent Distribution & Management page appears.
2. Click Single Machine Provisioning. The Single Machine Provisioning page appears.
3. Enter the details as shown in the following table.
4. Click Run Now to first save the current configuration with a default name as Simple configuration -
IP Address and immediately run the configuration against the targeted IP.
1. Select Distribution | KBOX Agent. The KBOX Agent Distribution & Management page appears.
2. Click Provisioning Setup. The Provisioning Setup page appears.
3. In the Choose action box, select Add New Item. The Provisioning Configuration page appears.
4. Under the General Settings area, select the Auto Provisioning option.
5. Enter the general settings details as shown in the following table.
Config Friendly Name Enter a name for your agent provisioning configuration. Make
sure that your configuration names are very specific so that you
can differentiate between different configurations.
Provisioning IP Range Enter IP or IP range. Use hyphens to specify individual IP class
ranges, for example, 192 168 2-5 1-200.
Configuration Enabled Select this check box to enable the configuration.
KBOX Server Name By default, this is the name of the KBOX you are provisioning
agents from. Under normal circumstances, there would be no
reason to change this value. If you have multiple KBOX servers,
then you could enter another KBOX server name here.
DNS Lookup Enabled Select this check box to enable DNS lookup.
6. If the targeted machine(s) are operating on the Windows platform, then enter details as shown in the
following table.
If the targeted machines are operating on the Linux, Macintosh, or Solaris platform, then enter details
as shown in the following table.
Provision this platform Select this check box.
Required open TCP Ports Enter the list of required open TCP ports. These are the ports
the KBOX will use to access the target machine for installation
of the KBOX Agent.
Port Scan Time Out Enter a time period in seconds.
7. Under Scheduling, select the appropriate check box and schedule to run the configuration. By
choosing a regular schedule, the KBOX will periodically check machines in this IP range to make sure
that they have the KBOX agent and install/reinstall as appropriate.
8. To save the Provisioning Configuration, click Save. On clicking Save, the Provisioning Results page
appears. You can also click Run Now to save the current configuration and immediately run the
configuration against the defined IP range. To cancel the configuration, click Cancel.
Deleting a configuration will delete all associated target machines in the provisioning
inventory list. Altering or updating a configuration will reset the data in the associated
target machine list to the default settings until the subsequent provisioning run.
You can also deploy the KBOX agent manually. For more information on the manual deployment of the
KBOX agent on Linux, Solaris, and Macintosh, see Appendix C,“Manual Deployment of KBOX
Agent,” starting on page 216.
1. Select Distribution | KBOX Agent. The KBOX Agent Distribution & Management page appears.
2. Click Provisioning Setup. The Provisioning Setup page appears.
3. In the Choose action box, select Add New Item. The Provisioning Configuration page appears.
4. Under the General Settings area, select the Manual Provisioning option.
5. Enter the general settings details as shown in the following table.
Config Friendly Name Enter a name for your agent provisioning configuration. Make sure that
your configuration names are very specific so that you can differentiate
between different configurations.
Target IPs Enter the IP address of the target machine or click Help me pick
machines.
Provisioning IP Range Enter IP or IP range. Use hyphens to specify individual IP class ranges,
for example, 192 168 2-5 1-200.Click Add All to add all machines in the
specified range.
IP Scan Computers From the IP Scan Computers drop-down list, select a machine to add
to the Target IPs list. This drop-down list is populated from the Network
Scan Results. You can filter the list by entering any filter options. Click
Add All to add all machines displayed in the list.
6. If the targeted machine(s) are operating on the Windows platform, then enter details as shown in the
following table.
8. Under Scheduling, select the appropriate check box and schedule to run the configuration. By
choosing a regular schedule, the KBOX will periodically check machines in this IP range to make sure
that they have the KBOX agent and install/reinstall as appropriate.
9. To save the provisioning configuration, click Save. On clicking Save, the Provisioning Results page
appears. You can also click Run Now to save the current configuration and immediately run the
configuration against the defined IP range. To cancel the configuration, click Cancel.
Deleting a configuration will delete all associated target machines in the provisioning
inventory list. Altering or updating a configuration will reset the data in the associated
target machine list to the default settings until the subsequent provisioning run.
1. Select Distribution | KBOX Agent. The KBOX Agent Distribution & Management page appears.
2. Click Provisioning Results. The Provisioning Results page appears.
3. To view provisioning target information and provisioning configuration information, click the IP Address
of the required machine. The KBOX Agent Provisioning page appears.
You can take print outs of this page. Click Printer Friendly Version to see a print
view of the page.
4. You can view computer inventory by clicking computer inventory under Provisioning Target Info.
For more information on computer inventory, see “Adding computers to inventory,” on page 37.
5. To view the DNS lookup details, click the required DNS Lookup on the List Page. If selected, live
addresses will be checked against the DNS server to see if they have agent provisioning configured.
1. Select Distribution | KBOX Agent. The KBOX Agent Distribution & Management page appears.
2. Click KBOX Agent Settings. The KBOX Agent Settings page appears showing your current agent
setting details. These settings are what control the schedule and frequency of your KBOX agents
checking in.
3. To edit agent settings, click [Edit Mode]. The KBOX Agent Settings page appears in edit mode.
4. Specify the following agent options
Suggested
Field Notes
Setting
Communications 12:00 am to The interval during which the KBOX Agent is allowed to
Window 12:00 am communicate with the KBOX 1000 Series appliance. For
example, to allow the KBOX Agent to connect between 1
AM and 6 AM only, select 1:00am from the first drop-down
list, and 6:00am from the second.
Agent “Run interval” 1 hours The interval that the KBOX Agent will check in to the KBOX
1000 Series. Each time a KBOX Agent connects, it will
reset its connect interval based on this setting. The default
setting is once per hour.
Agent “Inventory 0 The interval (in hours) that the client KBOX 1000 Series
Interval” appliance will inventory the computers on your network. If
set to zero, the KBOX 1000 Series will inventory clients at
every Run Interval.
Agent “Download 100 The maximum number of desktop clients that can be
Throttle” downloading packages at one point in time. Packages will
not be deployed on machines after the Package Download
Throttle has been reached. For example, if the throttle is
set to 100 and 100 clients are connected and receiving a
deployment, the 101st client will be deferred until another
connection point.
Agent “Splash Page KBOX is verifying The message that appears to users when communicating
Text” your PC Configu- with the KBOX 1000 Series.
ration and man-
aging software
updates.
Please Wait...
5. Click Save to save the KBOX agent settings configuration. On clicking Save, the KBOX Agent Settings
page appears in read only mode. These changes will be reflected by agents as of the next time they
check into the KBOX.
1. Select Distribution | KBOX Agent. The KBOX Agent Distribution & Management page appears.
2. Click KBOX Agent Update. The KBOX Agent Automatic Update page appears.
3. Specify the agent updates as shown in the following table.
Notes & Version Info Enter any release notices or version information about the agent.
Enabled Select this check box to upgrade the Agent the next time the machines
check in to KBOX.
Update broken clients Select this check box to update those machines that are running checking
in with the KBOX for new agent versions, but are unable to successfully
report inventory information to KBOX. This setting overrides the Limit
Update to: settings. From a broken client like this, you could force it to
check for a new version of the Agent software by running kupdater.exe
manually.
Limit Updates to Specify a label for automatic upgrades. The upgrades will only be distrib-
uted to machines assigned to those labels, except if they are identified as a
“broken client” above.
Microsoft Windows/ Click Browse to upload the KBOX Client Patch. This file name should be
Apple Mac/Linux/ something like update_3.3.8872.bin, although the exact name will depend
Solaris on which operating system you are updating. Anything other than an offi-
cial update bin file will fail to properly deploy. The Update Version ID
appears on uploading the file.
Inventory
The KBOX 1000 Series Inventory feature lets you identify
machines and software on your network and organize
computers by using labels and filters.
The computer’s machine name The last time the Use drop-down to filter
and labels to which the computer machine checked in view by label
The Computer Search & Filter page displays the computer’s IP address and the user connected to it.
Clicking the blue icon beside the IP address invokes a remote desktop connection if the computer is online
and if remote desktop is configured.
From the Computers tab you can:
Search by keyword or invoke an Advanced Search
Create a Filter to apply labels to computers automatically
Create Notifications based on computer attributes
Add/delete new computers manually
Filter the Computer Listing by label
This feature assumes that you have already created labels to associate with a filter. For
information about creating labels, see “Labels,” on page 43.
The table below lists some examples of useful filters that could be applied to a machine based on its
inventory attributes:
Filter Examples
To create a notification:
1. Select Inventory | Computers, and then click the Create Notification tab.
2. Specify the search criteria.
3. Specify a title for the search.
4. Enter the mail address of the recipient of the notification.
5. To see whether the filter produces the desired results, click Test Notification.
6. Click Create Notification to create the notification.
Now, whenever machines that meet the specified notification criteria check into the KBOX 1000 Series, an
mail will automatically be sent to the specified recipient. You can modify or delete a notification after it has
been created on the Reporting | Email Alerts tab.
If the external server requires credentials for administrative login (aka non-anonymous
login), supply those credentials. If no LDAP user name is given, then an anonymous
bind will be attempted. Each LDAP filter may connect to a different LDAP/AD server.
You may bind to an LDAP query based on the following KBOX 1000 Series variables:
Computer Name
Computer Description
Computer MAC
IP Address
User Name
User Domain
Domain User.
If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP
Browser Wizard. For more information on how to use the LDAP Browser Wizard, refer to “LDAP Browser
Wizard,” on page 155.
4. Click Save.
Each time a machine checks into the KBOX 1000 Series, this query will run against the LDAP server.
The admin value in the 'Search Filter' will be replaced with the name of the user that is logged onto this
machine. If a result is returned, then the machine gets the label specified in the Associated Label field.
NOTE: To test your Filter, click the Test button and review the results.
4. Click Next to configure the LDAP settings. The LDAP Browser Wizard is displayed. For more
information on how to use the LDAP Browser Wizard, refer to “LDAP Browser Wizard,” on page 155.
Help Tickets
This section provides a list of the Help Desk Tickets associated with this machine. These can either be
Tickets assigned to the machine owner or Tickets submitted by the machine owner. To view a Help Desk
Ticket’s details, click the Ticket ID (for example, TICK:0032).
User Information
Because many computers can be used by more than one individual, the User Information section provides
details about the most recent user of this computer, including his or her user name and domain.
Network Interfaces
This section displays the type and version of NIC card installed in the computer, as well as the computer’s
MAC and IP addresses, and indicates whether or not DHCP is enabled.
Process List
This section lists all of the processes that are currently running on this computer. This list is the same as
would be displayed on the computer’s Task Manager | Processes tab.
Installed Programs
This section displays the titles and versions of software programs installed on this computer. The programs
listed here are the same as would be listed on the computer’s Add/Remove Programs List.
Installed Patches
This section lists all of the Microsoft patches that have been installed on this computer.
Startup Programs
This section displays all of the programs that are configured to launch when this computer starts up. These
are the same programs listed in the computer’s Start | All Programs | Startup menu.
Services
This section displays all of the services that are running on this machine. On clicking any of the services
the service: edit service detail page is displayed. The fields on this page represent the service detail
information that is automatically discovered and communicated from the KBOX Agent.
Printer List
This section displays all of the printers that this computer is configured to use. This is the same
information that is located in the computer’s Start | Printers and Faxes window.
Uploaded Files
This section displays a list of the files that have been uploaded to the KBOX 1000 Series from this machine
using the “upload a file” script action.
Asset Information
This section displays the details of the Asset that is associated with that machine. Details such as the date
and time when the Asset record was created, the date and time when it was last modified, type of the
asset and name of the asset are displayed.
Asset History
This section displays the changes done to the Asset of that machine. It lists all the changes along with the
date and time when each change was done.
Scripting Logs
This section lists the Configuration Policy scripts that have been run on this computer, along with the
status, if available, of any scripts in progress.
Labels
This section displays the label assigned to that machine. Labels are used to organize and categorize
machines
Failed Patches
This section displays a list of any patch bulletins that failed to install on this machine. To access more
details about the patches click the link to view the bulletin detail page.
To Install List
This section lists the Managed Installations that will be sent to the machine the next time it connects.
Before sending any software to a remote client, KBOX verifies whether or not that file is present on the
target machine. If it is detected, then it is not sent to the machine a second time. In some instances,
installed programs do not register in add/remove programs or in standard areas of the registry. In such
cases, KBOX may not be able to detect the presence of the application without additional information
from the administrator and, therefore, KBOX may repeat the install each time the client connects.
The Custom Inventory ID rule must have three values separated by commas, not
include neither single nor double quotes, contain a key that exists under LocalMachine.
Failure to follow these specifications will result in a FALSE test result, and the install
would proceed. For more information, see “Custom Data Fields,” on page 38.
The software detail page displays license information for the software. You can also
view the license asset detail by clicking on the license link.
Comments Language
CompanyName LegalCopyright
FileBuildPart LegalTrademarks
FileDescription OriginalFilename
FileMajorPart PrivateBuild
FileMinorPart ProductBuildPart
FileName ProductMajorPart
FilePrivatePart ProductMinorPart
FileVersion ProductName
InternalName ProductPrivatePart
IsDebug ProductVersion
IsPatclhed SpecialBuild
IsPreRelease CreatedDate
IsPrivateBuild ModifiedDate
IsSpecialBuild AccessedDate.
5. Click Save.
Creating Labels
Labels can be used to organize and categorize software, people, and machines. Labels are intended to be
used in a flexible manner and how you use labels is completely customizable. For example, Labels can
reflect corporate structures, organizations, processes, or geographical locations like "Engineering",
"Staging", "Building A", etc. Labels can be used to identify deployment groups and target machines for
distribution packages. All items that support "labeling" can have none, one, or multiple labels.
Deleting labels will remove any existing association of that label with any machine,
login, or software.
To create a label:
Deleting labels
Deleting labels will remove any existing association of that label with any machine, login, or software. You
can delete labels two ways: from the Label List view, or from the Label: Edit Detail page.
To delete a label:
Enabled Select this check box to enable software metering for this software.
Process Name The specified process name will be monitored on the KBOX Agent machine.
Associated Software To track usage only on machines with a specific software version deployed,
choose the related software inventory item.
Notes Enter any notes that further describe or explain this software meter.
Licenses Displays license information for the software. To view the license asset
details, click on the license link.
4. Click Save to save your changes or click Cancel to return to the Software Metering Listing page. Your
Software Meter now appears in the Software Metering Listing page.
Enabled Select this check box to enable software metering for a software process.
Process Name The specified process name will be monitored on the KBOX Agent machine.
Associated Software To track usage only on machines with a specific software version deployed,
choose the related software inventory item.
Notes Enter any notes that further describe or explain this software meter.
4. Click Save to save your changes or click Cancel to return to the Software Metering page.
Enabled Select this check box for metering to run on the target machines.
Allow Run While Dis- Select this check box for metering to run even if the machine cannot con-
connected tact the KBOX to report results. The results will be stored on the machine
and will be uploaded once contact with the KBOX is established.
Allow Run While Select this check box for metering to run even if a user is not logged in. If
Logged Off you clear this check box, the script will run only when a user is logged into
the machine.
Deploy to All Select this check box if you want to deploy to all the Machines. Click OK in the
Machines confirmation dialog box.
Limit Deploy You can limit deployment to one or more labels. Press CTRL and click
To to select more than one label.
Supported Select the operating system to which you want to limit deployment. Press CTRL
Operating and click to select more than one operating system.
Systems Note: Leave blank to deploy to all operating systems.
6. Click Save to save your changes or click Cancel to return to the Software Metering page.
You can read comments on the process submitted by other users by clicking [Read
Comments] on the Process Details page. You can also ask for help from Kace about the
processes by clicking [Ask For Help.] You need kace username and password to log in
to the Kace database.
You can also see computers with running the selected process. You can view a printer friendly version of
this page and take print outs of the report.
To delete process:
For more detailed information on scripting and Disallowed Programs Policy, refer to
Chapter 8,“Scripting,” starting on page 102
The startup programs are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games,
Internet, Malware, Security, and System Tool.
You can read comments on the startup program submitted by other users by clicking
[Read Comments]. You can also ask for help from Kace about the startup programs by
clicking [Ask For Help.] You need kace username and password to log in to the Kace
database.
You can also see computers with running the selected startup program. You can view a printer friendly
version of this page and take print outs of the report.
The services are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet,
Malware, Security, and System Tool.
You can read comments on the service submitted by other users by clicking [Read
Comments]. You can also ask for help from Kace about the service by clicking [Ask For
Help.] You need kace username and password to log in to the Kace database.
You can also see computers with running the selected startup program. You can view a printer friendly
version of this page and take print outs of the report.
1. Select Inventory | Software. The Software page appears, which lists the software installed on client
machines.
2. Select the software title in order to see the associated information from the Software Lookup Service.
The Software:Edit Software Detail page appears.
If you have not enabled Software Lookup Services at the Settings | General page,
you will not be able to view SLS information and a note will appear asking you to enable
the Software Lookup Services. Refer to “To Enable Software Lookup Service:,” on
page 52.
3. To Update the software information on Kace SLS site, perform the following steps:
a Under Metadata, select the software category in the Category list.
b In the Threat Level list, select the threat level.
In order to provide the best information to your fellow SLS users, we recommend not
hiding items from the Software Lookup Service.The information shared doesn't include
any personally identifiable information about your company or users.
Field Description
Average Threat Level This value is an average of the threat levels assigned by SLS
users who have assigned a threat level. This is intended as a
guide for software you may not be familiar with. A threat level
of 1 would be interpreted as safest.
User Submitted Comments The information displayed on this page and the information
presented on the Kace website is related to the particular soft-
ware title you have selected from the KBOX. Click Read Com-
ments to view the comments on the SLS site. You need to
login on the Kace SLS site using login credentials to add com-
ments.
Categories Displays the software categories that have been assigned to
this software title by SLS users and the percentage of those
users who have assigned each.
Quiet Installation Switches Displays known Quiet Installation Switches for the item you
have selected.
Description It displays information on product description, product URL,
links to support and help, and lockdown information.
Install Command Line Help It displays information on Standard MSI Commands, Standard
Install Commands, and Uninstall Help.
Asset Management
The KBOX 1000 Series allows you to manage and track as-
sets in your environment in a flexible and customizable
way.
There are several built-in Asset Types — Computer, Cost Center, Department, Location, Owner, Vendor.
Built-in assets can not be deleted. If you delete an asset type, then all the assets using that asset type will
get deleted.
You can add an unlimited number of asset types and these types have a default attribute 'Name'. You can
not create an asset type with the same name as the built-in asset type name. Asset types can be organized
into logical groups or hierarchies to allow for roll up reporting. Asset types can have any number of
attributes.
Assets can point to other Assets and to Inventory records like Machine, User, and Software. Relationships
can be either one - to - one or one - to - many. Asset fields have a default value that should be used when
filling in a new asset. Changing the default value in the asset type does not change any existing records,
but only affects newly created records.
Asset Association
You can create an assets field and associate it to another asset using the field type. Associations are
defined in asset types and are used in assets.
Assets associations are of following types:
User
Parent
Asset Computer
Asset Cost Center
Asset Department
Asset License
Asset Location
Computer Asset
When a machine checks into the KBOX, an asset of type computer is automatically created.
The Computer Asset is mapped to a machine automatically using following two fields:
1. Mapped Inventory field
2. Mapped Asset field
The mapped inventory field enables you select a field that is checked against the inventory to verify if the
machine just checked in is already an asset. For example:
if the
machine inventory field = IP address
You can not create a new asset type with the same name as a built-in asset type name.
4. You can add associations by adding an asset field. To add asset fields, click the button in the Asset
Fields table.
5. Enter following details depending on the asset type selected.
Field Value
Name Type a relevant name for the custom asset field, such as Asset Code, Pur-
chase Date, or Building Address Line 1. This name appears on the data entry
page for the asset.
Select Values This field is enabled when you select Single Select or Multiple Select from the
Field Type list. Type the values that should appear in the custom asset field.
You must type at least one value in this field. If you want to type multiple
values, you must separate each value with a comma.
Default Type the default value for this field. If you select Single Select or Multiple
Select from the Field Type list, you must type one of the values given in the
Select Values field.
Required Select this check box to make this custom asset field a mandatory field. If
you select this check box, you need to enter a value for this custom asset
field before saving the Asset detail page.
When you rename a custom asset field, the values for that custom field are retained.
However, when you remove the custom asset field, values for that custom field are
removed from all assets. When you change the Field Type of a custom asset field, the
system tries to retain the previous values, but you may also lose some data. For
instance, if you had a custom asset field named Model Number that is of type Text.
Model Number has a value of 'A123'. If you were to change the Field Type from Text to
Number, the system might not be able to convert that 'A123' to a valid number. In this
case, the value for Model Number is set to zero.
If you click Delete, the Asset Type definition and the assets of this type are removed
from the system. If there are assets that point to the Asset Type definition that you
deleted, the asset association is removed.
To add an asset:
Date created, notes, and id are the asset fields created for asset of computer type.
4. If you want to add another asset, then click Save and New. Otherwise, click Save to save the asset.
To view assets:
3. Select the asset title to see detailed information of that asset. The Asset Detail page appears.
4. If you want to clone the asset details, click Clone, and then click Save.
5. After editing the asset information, click Save.
If the asset you are viewing is associated to a software or machine, then on clicking
that asset name will take you to the Inventory page.
7. In the History table, you can view changes done to the asset.
4. Click Save. To save and add another license asset, click Save and New.
1. Select Asset | Asset Import. The Kace Asset Import Wizard - Uploadfile page appears.
2. In the Select File box, specify CSV file path or click Browse to select CSV file.
3. Select Is header name in the file check box if the CSV file contains header.
4. Click Next. It will take you to Asset Type Selection page.
5. Select the asset type from the Asset Type list, to which data need to be imported from CSV file.
6. Click Next. It will take you to mapping page, which displays mapping of CSV fields against fields of
selected Asset Type.
7. Under Standard Fields, perform the following steps:
a Select the CSV field from the drop-down list box to match the corresponding standard field.
b Select the PK check box to choose this field as the primary key.
If none of records for Asset Type match with value of CSV field chosen as
primary key then record will be inserted. If only one records for Asset Type
match with value of CSV field chosen as primary key then record will be
updated. If more than one records for Asset Type match with value of CSV field
chosen as primary key then record will be flagged as duplicate.
IP Scan
IP scan is an appliance-side KBOX 1000 Series
technology that allows you to scan a range of IP
addresses to detect the existence and attributes of
various devices on a network.
The KBOX Agent listens to port 52230. To determine which machines on your network
are running KBOX Agent, you could define a network scan to report which machines
were listening on that port.
To create an IP scan:
DNS Lookup Enabled If selected, live addresses will be checked against the DNS server to
see if they have a name associated with them. This can help you iden-
tify known nodes on your network.
Name Server for lookup Specify hostname or IP address.
Lookup time out Specify the time out interval (in seconds).
Connection Test Enabled Select to allow Network scan do perform connection testing.
Connection Test Protocol Specify the protocol to use.
Connection Test Port Specify the port to use for testing the connection.
Connection Time Out Specify the time out interval (in seconds).
Device Port Scan Enabled Select to enable port scanning of device ports.
TCP Port List A comma-separated list of TCP ports to scan.
UDP Port List A comma-separated list of UDP ports to scan.
Port Scan Time Out Specify the time out interval (in seconds).
Don’t Run on a Schedule Tests will run in combination with an event rather than on a spe-
cific date or at a specific time. Use this option in combination with
one or more of the “Also” choices below. For example, use this
option in conjunction with “Also Run at User Login” to run when-
ever the user logs in.
Run Every n minutes/hours Runs at the specified time.
Run Every day/specific day at Runs on specified day at the specified time.
HH:MM AM/PM
Run on the nst of every month/ Runs on the specified time on the 1st, or 2nd, etc. of every month
specific month at HH:MM AM/PM or only the selected month.
Deleting a Scan Configuration will also delete all associated scan inventory items. If you
wish to maintain the scan inventory but not "rescan" just set the schedule of the scan
configuration to not run.
Distribution
The KBOX 1000 Series Distribution feature provides
various methods for deploying software, updates, and
files to computers on your network.
Inventory &
Assess
Test
Target
Deploy
Report
Perhaps the most important concept in the deployment procedure is to test each deployment before rolling
it out to a large number of users. The KBOX 1000 Series verifies that a package is designated for a
particular system, machine, or operating system; however, it cannot assess the likelihood that a particular
package will behave well with existing applications on the target machine. Therefore, we strongly suggest
that you establish procedures for testing each piece of software before deploying it on your network.
One way to do this is to develop a test group of target machines. You can then deploy – via the KBOX 1000
Series – to the test group and verify compatibility with the operating system and other applications within
your test group. You can do this by creating a test label and perform a test distribution before you go live
in your environment. You can create a test label from the Inventory | Labels tab. For more information
about creating labels, see “Labels,” on page 43.
This chapter will focus primarily on the Test, Target, Deploy portions of this flow diagram. For more details
on creating an inventory of computers and software packages in use on your network, see Chapter
3,“Inventory,” starting on page 26.
To create a distribution:
Although the KBOX Agent tab is listed under the Distribution tab, “Deploying KBOX
Agent” is discussed as part of the installation and setup process in Chapter 1,“Getting
Started with KBOX 1000 Series,” starting on page 1. For information about updating an
existing version of KBOX Agent, please see Chapter 12,“Server Maintenance,” starting
on page 173.
When KBOX is fetching files, the priority for fetching files is as follows:
1. Alternate download location
2. Replication point
3. KBOX
If there is no replication point, the KBOX agent fails over to KBOX.
Deploy to All Machines Select this check box if you want to deploy to all machines.
Limit Deployment To Select a label to limit deployment only to machines grouped by
Selected Labels that label. Press CTRL and click labels to select more than one
label.
Limit Deployment To You can limit deployment to one or more machines. From the
Listed Machines drop-down list, select a machine to add to the list. You can add
more than one machine. You can filter the list by entering filter
options.
Deploy Order The order in which software should be installed. Lower deploy
order will deploy first.
Max Attempts Specify the maximum number of attempts, between 0 and 99, to
indicate the number of times the KBOX 1000 Series appliance will
try to install the package. If you specify 0, KBOX will enforce the
installation forever.
Deployment Window(24H Specify the time (using a 24 hr. clock) to deploy the package.
clock) Deployment Window times will affect any of the Managed Action
options. Also, the run intervals defined under the Server Settings-
>Options page will override and/or interact with the deployment
window of a specific package.
Allow Snooze Select this check box to allow snooze. When you select this check
box, the following additional fields appear:
Snooze Message: Enter a snooze message.
Snooze Timeout: Specify a timeout, in minutes, for which
the message will be displayed.
Snooze Timeout Action: Select a timeout action that will
take place at the end of the timeout period. For example,
you might select Install now because you are installing at
a time when you know that the users are away from their
desktops. You might select Install later because the
installer needs some user interaction and it would not work
if the users were not at their desktops.
You also can run the file KBScriptRunner tool located in Program Files\KACE\KBOX to
force the KBOX Agent to check in with the KBOX 1000 appliance.
If you are not sure about the installation parameters for your MSI installation, you can
open the command prompt, and then type msiexec to view available options.
Deploy to All Machines Select this check box if you want to deploy to all the Machines.
Limit Deployment To Select a label to limit deployment only to machines grouped by that
Selected Labels label. Press CTRL and click labels to select more than one label.
Limit Deployment To Listed You can limit deployment to one or more machines. From the drop-
Machines down list, select a machine to add to the list. You can add more than
one machine. You can filter the list by entering filter options.
Deploy Order The order in which software should be installed. Lower deploy order
will deploy first.
Max Attempts Specify the maximum number of attempts, between 0 and 99, to indi-
cate the number of times the KBOX 1000 Series appliance will try to
install the package. If you specify 0, KBOX will enforce the installation
forever.
Deployment Window(24H Specify the time (using a 24 hr. clock) to deploy the package. Deploy-
clock) ment Window times will affect any of the Managed Action options.
Also, the run intervals defined under the Server Settings->Options
page will override and/or interact with the deployment window of a
specific package.
Allow Snooze Select this check box to allow snooze. When you select this check box,
the following additional fields appear:
Snooze Message: Enter a snooze message.
Snooze Timeout: Specify a timeout, in minutes, for which the
message will be displayed.
Snooze Timeout Action: Select a timeout action that will take
place at the end of the timeout period. For example, you might
select Install now because you are installing at a time when
you know that the users are away from their desktops. You
might select Install later because the installer needs some
user interaction and it would not work if the users were not at
their desktops.
7. Click Save.
The KBOX Agent will automatically run deployment packages with .MSI and .EXE
extensions. However, KBOX 1000 Series also provides a capability for administrators to
Zip many files together and direct the KBOX 1000 Series to unpack the Zip and run a
specific file within. If you intend to deploy a .ZIP file, you must place the name of the
file within the .zip that you would like to run in the Command (Executable) field within
the Deployment Package (for example, runthis.exe).
You can also run the file runallkbots located in \KACE\KBOX to force the KBOX Agent to
check in with the KBOX 1000 appliance.
On Red Hat Linux, you do not need to include any other files in your archive other than
your script if that's all you wish to execute.
If the PATH environment variable of your root account does not include the current working directory
and you wish to execute a shell script or other executable that you've included inside an archive,
specify the relative path to the executable in the Full Command Line field. The command will be
executed inside a directory alongside the files which have been unarchived. For example, if you want to
run a file called "installThis.sh", you would package it up alongside a .rpm file and then put the
Run Parameters You don’t need to specify any parameters if you have a .rpm file. If no
Run Parameters are filled in, -U will be used by default.Setting a value
here will override the default “-U” option. For instance, if you set Run
Parameters to: “–ivh --replacepkgs”, then the command that would run
on the computer would be:
rpm -ivh –replacepkgs package.rpm
Full Command Line You don’t need to specify a full command line if you have a .rpm file. The
server executes the installation command by itself. The Linux client will
try to install this via:
rpm [-U | Run Parameters] "packagename.tgz”
If you don’t want to use the default command at all, you can replace it
completely by specifying the complete command line here. Remember
that if you have specified an archive file, this command will run against all
of the .rpm files it can find.
Un-Install using Full Select this check box to uninstall software. If the Full Command Line
Command Line above is filled in, it will be run. Otherwise, by default the agent will
attempt the command, which is generally expected to remove the pack-
age.
Run Command Only Select this check box to run the command line only. This will not down-
load the actual digital asset.
Managed Action Managed Action allows you to select the most appropriate time for this
package to be deployed. Execute anytime (next available) and Dis-
abled are the only options available for Linux platform.
Deploy to All Machines Select this check box if you want to deploy to all the machines.
Limit Deployment To Select a label to limit deployment only to machines grouped by that label.
Selected Labels Press CTRL and click labels to select more than one label.
Limit Deployment To You can limit deployment to one or more machines. From the drop-down
Listed Machines list, select a machine to add to the list. You can add more than one
machine. You can filter the list by entering filter options.
9. Click Save.
The KBOX Agent will automatically run deployment packages with .rpm extensions. However, KBOX 1000
Series also provides a capability for administrators to Zip many files together and direct the KBOX 1000
Series to unpack the Zip and run a specific file within.
You can also run the file runallkbots located in \KACE\KBOX to force the KBOX Agent to
check in with the KBOX 1000 appliance.
You can put a zero-byte .pkg file in your archive if all you want to do is execute a shell
command or some other executable.
If the PATH environment variable of your root account does not include the current working directory
and you wish to execute a shell script or other executable that you've included inside an archive,
specify the relative path to the executable in the Full Command Line field. The command will be
executed inside a directory alongside the files which have been unarchived. For example, if you want to
run a file called "installThis.sh", you would package it up alongside a .pkg file and then put the
command "./installThis.sh" in the Full Command Line field. If you archived it inside another directory,
like "foo", the Full Command Line field should be "./foo/installThis.sh".
Both these examples, as well as some other KBOX functions, assume that "sh" is in root's PATH. If
you're using another scripting language, you may need to specify the full path to the command
Run Parameters You don’t need to specify any parameters if you have a .pkg file. If no
Run Parameters are filled in, all will be used by default to install all pack-
ages in the .pkg file. Setting a value here will override the default option.
Full Command Line You don’t need to specify a full command line if you have a .pkg file. The
server executes the installation command by itself. The Solaris client will
try to install this via:
pkgadd -n -d "packagename.pkg" [Run Parameters]
If you don’t want to use the default command at all, you can replace it
completely by specifying the complete command line here. Remember
that if you have specified an archive file, this command will run against all
of the .pkg files it can find.
Un-Install using Full Select this check box to uninstall software. If the Full Command Line
Command Line above is filled in, it will be run. Otherwise, by default the agent will
attempt the command, which is generally expected to remove the pack-
age.
Run Command Only Select this check box to run the command line only. This will not down-
load the actual digital asset.
Managed Action Managed Action allows you to select the most appropriate time for this
package to be deployed. Execute anytime (next available) and Dis-
abled are the only options available for Solaris platform.
Deploy to All Machines Select this check box if you want to deploy to all the machines.
Limit Deployment To Select a label to limit deployment only to machines grouped by that label.
Selected Labels Press CTRL and click labels to select more than one label.
Limit Deployment To You can limit deployment to one or more machines. From the drop-down
Listed Machines list, select a machine to add to the list. You can add more than one
machine. You can filter the list by entering filter options.
Deploy Order The order in which software should be installed. Lower deploy order will
deploy first.
Max Attempts Specify the maximum number of attempts, between 0 and 99, to indicate
the number of times the KBOX 1000 Series appliance will try to install the
package. If you specify 0, KBOX will enforce the installation forever..
9. Click Save.
The KBOX Agent will automatically run deployment packages with .pkg extensions. However, KBOX 1000
Series also provides a capability for administrators to Zip many files together and direct the KBOX 1000
Series to unpack the Zip and run a specific file within.
You can also run the file runallkbots located in /Library/KBOXAgent/Home/bin to force
the KBOX Agent to check in with the KBOX 1000 appliance.
On MacOS, you do not need to include any other files in your archive other than your
script if that's all you wish to execute.
If the PATH environment variable of your root account does not include the current working directory
and you wish to execute a shell script or other executable that you've included inside an archive, be
sure to specify the relative path to the executable in the Full Command Line field. Remember, you'll be
executing your command inside a directory alongside the files which have been unarchived. For
example, if you want to run a file called "installThis.sh", you would package it up alongside a .pkg file
and then put the command "./installThis.sh" in the Full Command Line field. If you archived it inside
another directory, like "foo", the Full Command Line field should be "./foo/installThis.sh".
Both these examples, as well as some other KBOX functions, assume that "sh" is in root's PATH. If
you're using another scripting language, you may need to specify the full path to the command
processor you wish to run in the Full Command Line, like "/bin/sh ./installThis.sh". Be sure to include
appropriate arguments for an unattended, batch script.
If you select the uninstall check box in the MI detail, KBOX will remove each .app it finds in the top
level of your archive from the Applications folder. Thus, if you include two files in your archive named
"MyApp.app" and "MyOtherApp.app", those two applications will disappear from your Applications
folder if they exist there.
Uninstallation in this way will be performed only if the archive or package is downloaded to the client. If
you select the check box for "Run Command Only", you should specify a full command line to ensure
the correct removal command is run on the correct package. Since no package is downloaded in this
case, you should specify the path in the installation database where the package receipt is stored or
run the correct file removal command to delete the files from the Applications folder. In that case, you
can download a script inside an archive and run the script on the Full Command Line.
6. If your package requires additional options, you can enter the following installation details:
Run Parameters You cannot apply "Run Parameters" to the above mentioned com-
mands.
Full Command Line You don’t need to specify a full command line. The server executes
the installation command by itself. The Macintosh(r) client will try to
install this via:
installer -pkg packagename.pkg -target / [Run Parameters]
or
ditto -rsrc packagename.app /Applications/theapp
If you don’t want to use the default command at all, you can replace it
completely by specifying the complete command line here. Remember
that if you have specified an archive file, this command will run
against all of the .pkg files or .app files it can find.
Un-Install using Full Com- Select this check box to uninstall software. If the Full Command Line
mand Line above is filled in, it will be run. Otherwise, by default the agent will
attempt the command, which is generally expected to remove the
package.
Run Command Only Select this check box to run the command line only.This will not down-
load the actual digital asset.
Deploy to All Machines Select this check box if you want to deploy to all the machines.
Limit Deployment To Select a label to limit deployment only to machines grouped by that
Selected Labels label. Press CTRL and click labels to select more than one label.
Limit Deployment To Listed You can limit deployment to one or more machines. From the drop-
Machines down list, select a machine to add to the list. You can add more than
one machine. You can filter the list by entering filter options.
Deploy Order The order in which software should be installed.Lower deploy order
will deploy first.
Max Attempts Specify the maximum number of attempts, between 0 and 99, to indi-
cate the number of times the KBOX 1000 Series appliance will try to
install the package. If you specify 0, KBOX will enforce the installation
forever.
Deployment Window(24H Specify the time (using a 24 hr. clock) to deploy the package. Deploy-
clock) ment Window times will affect any of the Managed Action options.
Also, the run intervals defined under the Server Settings->Options
page will override and/or interact with the deployment window of a
specific package.
9. Click Save.
Limit Deployment to Specify a label for the package. The file will be distributed to the users
assigned to the label, such as operating system affected by the syn-
chronization.
Pre-Install User Message Select this check box to display a message to users prior to installation.
When you select this check box, additional fields appear:
Pre-Install User Message - Enter a pre-install message.
Pre-Install Message Timeout - Specify a timeout in minutes
for which the message will be displayed.
Pre-Install Timeout Action - Select a timeout action that will
take place at the end of the timeout period from the drop-down
list. Options include Install later or Install now. For example, you
might select Install now because you may be installing at a time
when you know that the user is away from his or her desktop,
making it a good time to install. Or, you might select Install later if
the installer needs some user interaction and it would not work if
the user was not at his or her desktop.
Post-Install User Message Select this check box to display a message to users after the installation
completes. When you select this check box, message field and timeout
options appear. Enter a message and a timeout value in minutes.
Deployment Window Specify the time (using a 24 hr. clock) to deploy the package. Deploy-
ment Window times will affect any of the Managed Action options. Also,
the run intervals defined under the Server Settings | Options page
will override and/or interact with the deployment window of a specific
package.
Use Alternate Download Select this check box to specify details for alternate download. When
you select this check box, the following fields appear:
Alternate Download Location - Specify the location from
where the KBOX Agent can retrieve digital installation files.
Alternate Checksum - Specify an Alternate Checksum (MD5)
that matches the MD5 checksum on the remote file share (for
security purposes).
Alternate Download User - Specify a username that will have
the necessary privileges to access the Alternate Download
Location.
Alternate Download Password - Specify the password for the
username specified above.
Note: If the target machine is part of a replication label, then the KBOX
will not fetch software from the alternate download location.
7. Click Save.
To distribute files previously deployed after the deployment window has closed, click
the Resend Files button.
Destination Path Specify the destination path where the replication machine should
copy all the software from the KBOX 1000 Series. All software items
with digital assets are copied, including patches. The Replication
Machine will need write permissions to the Destination Path to write
the software files.
Destination Path User Specify the login name for the share.
Destination Path Password Specify the password for the share.
Download Path Specify the download path from where machines in the replication
label will copy these assets instead of downloading them directly
from KBOX. The Clients will need read permission to this share.
Download Path User Specify the login name the users in the replication share label will
enter to access the assets on the replication share.
Download Path Password Specify the password for the share. The password the users in the
replication share label will enter to access the assets on the replica-
tion share.
Wake-on-LAN
The KBOX 1000 Series Wake-on-LAN feature provides the
ability to “wake up” computers equipped with network
cards that are Wake-on-LAN compliant.
This feature only supports machines that are equipped with a Wake-On-LAN-enabled
network interface card (NIC) and BIOS.
Using the Wake-on-LAN feature on the KBOX 1000 Series will cause broadcast UDP traffic on your network
on port 7. This traffic should be ignored by most computers on the network. The KBOX 1000 Series sends
16 packets per Wake-on-LAN request because it must guess the broadcast address that is required to get
the "Magic Packet" to the target computer. This amount of traffic should not have a noticeable impact on
the network.
Don’t Run on a Schedule Tests will run in combination with an event rather than on a specific
date or at a specific time.
Run Every day/specific day Runs every day or only the selected day at the specified time.
at HH:MM AM/PM
Run on the nst of every Runs on the 1st, or 2nd, etc. of every month or only the selected
month/specific month at month at the specified time.
HH:MM AM/PM
7. Click Save.
On clicking Save, you will see the Wake-on-LAN tab with the scheduled request listed. From this view
you can edit or delete any scheduled requests.
Scripting
The optional Policy and Scripting Module provides a point-
and-click interface for performing many tasks that would
typically require a manual process or advanced
programming. This feature is available only for computers
that run on the Windows operating system.
To add a script:
Name Provide a meaningful name for the script to make it easier to distinguish
from others listed on the Scripts tab.
Description Describe briefly the actions the script will perform. Although this field is
optional like the Name field, it will help you to distinguish one script from
another on the Scripts tab.
Type Classify the script as either a Job or a Policy. This distinction has no affect
on how the script will run, however, it can help to differentiate those scripts
that will run regularly (policies) from those that will run only once (jobs).
Status Use this field to indicate whether the script is in development (Draft) or has
been rolled out to your network (Production). Use Template if you are
building a script that will be used as the basis for future scripts.
Enabled Select this check box to run the script on the target machines. Do not
enable until you are finished and want to run it. Enable on a test label
before you enable on all machines.
Allow Run While Dis- Select this option if you want to allow the script to run even if the target
connected machine cannot contact the KBOX 1000 Series to report results. In such a
case, results will be stored on the machine and uploaded to the KBOX 1000
Series until the next contact.
Allow Run While Select this option if you want to allow the script to run even if a user is not
Logged Off logged in. To run the script only when the user is logged into the machine,
clear this option.
Deploy to All Select this check box if you want to deploy to all the Machines.
Machines
Limit Deploy- Select a label to limit deployment only to machines grouped by that label. Press
ment To Selected CTRL and click labels to select more than one label.
Labels
Limit Deploy- You can limit deployment to one or more machines. From the drop-down list,
ment To Listed select a machine to add to the list. You can add more than one machine. You can
Machines filter the list by entering filter options.
Supported Oper- Select an operating system on which the script will run.
ating Systems If you selected a label as well, the script will only run on machines with that label
if they are also running the selected operating system.
5. Click Run Now to immediately push the script to all machines. Use this option with caution. For more
information about the Run Now button, see “Using the Run Now Function,” on page 111.
6. To browse for and upload files required by the script, click Add new dependency, click Browse, and
then click Open to add the new dependency file.
Repeat this step to add additional new dependencies as necessary.
7. Click Add Task Section to add a new task. The process flow of a task in a script is shown below.
IF Verify THEN
Success
ELSE IF Remediation THEN
Remediation Success
ELSE
Remediation Failure
9. In the Verify section, click Add to add a step, and then select one or more steps to perform. See
Appendix A,“Steps for Task sections,” starting on page 204.
10. In the On Success and Remediation sections, select one or more steps to perform.
See Appendix A,“Adding steps to a Task,” starting on page 203.
11. In the On Remediation Success and On Remediation Failure sections, select one or more steps to
perform.
See Appendix A,“Adding steps to a Task,” starting on page 203.
To remove a dependency, task, or step, click the trash can icon beside the item.
This icon appears when your mouse hovers over an item.
Editing Scripts
You can edit scripts on the Script: Edit Detail page, or in an XML editor. To use the XML editor, click the
View raw XML editor link at the top of the Script: Edit Detail page. Scripts created using one of the
wizards can be re-edited using the wizard in addition to these methods.
To edit a script:
To delete a script:
In the above example, we see an example of a simple XML script. The <config> element corresponds to
the Configuration section on the Script: Edit Detail page and is where you will specify the name of the
policy or job (optional), and the script type (policy or job). Within this element you also will indicate
whether the script will run when the target machine is disconnected or logged off from the KBOX 1000
Series.
Within the <compliance> element you will specify whether the script is enabled and describe the specific
tasks the script is to perform.
Tip: If you are creating a script that will perform some of the same tasks as an existing
script, you may want to consider creating a copy of that existing script, then opening
the copied script in XML editor view to better understand what is possible in the
<compliance> element. For more information, see “Duplicating scripts,” on page 110.
Duplicating scripts
If you have already created a script that performs many of the tasks required of your new script, the
simplest way to begin is to make a copy of the current script, then modify the steps as required, and then
upload any new dependency files.
CAUTION: Because a script is deployed immediately when you click Run Now, use
this feature cautiously, and do not deploy unless you are certain that you want to run
the script on the target machines. Be sure to specify a label on which to run the script,
otherwise it will deploy to all machines by default.
See “Creating Labels,” on page 43 for more information.
1. To minimize the risk of deploying to unintended target machines, KACE recommends that you create a
label that represents the machine or machines on which you want to use the Run Now function. See
“Creating Labels,” on page 43 for more information.
2. Select the Scripting tab.
To use the Run Now function from the Scripts Lists Page:
1. To minimize the risk of deploying to unintended target machines, KACE recommends that you create a
label that represents the machine or machines on which you want to use the Run Now function. See
“Creating Labels,” on page 43 for more information.
2. Select the Scripting tab.
3. Select the script or scripts you want to run.
4. Select Run Now from the Choose action drop-down list.
Icon Description
The Run Now function communicates over port 52230. One reason a script might fail to
deploy is if firewall settings are blocking the KBOX Agent from listening on that port.
Operator Function
+ A leading plus sign indicates the word must be present in the log.
- A leading minus sign indicates the word must not be present in the log.
* A trailing asterisk can be used to find logs that contain words that begin
with the supplied characters.
“ A phrase enclosed in double quotes matches only if the log contains the
phrase exactly as typed.
1. Use regedit.exe to locate and export the values from the registry that you are interested in.
2. Open the .reg file that contains the registry values you want with notepad.exe and copy the text.
3. Select Scripting |Configuration Policy.
4. Click Enforce Registry Settings. The Configuration Policy : Enforce Registry Settings page appears.
5. Enter a policy name in the Policy Name field.
6. Paste the copied registry values into the Registry File field.
7. Click Save.
After clicking Save you will be taken to the Script: Edit Detail page, where you will need to enable and
set a schedule for this policy to take effect.
A new script will be created that will check that the values in registry file match the values found on the
target machines. Any values that are missing or incorrect will be replaced.
See “Adding Scripts,” on page 106 for more information.
Name The text label that will appear below or beside the shortcut.
Target The application or file that is launched when the shortcut is clicked, e.g., Program.exe.
Parameters Any command line parameters. For example:
/S /IP=123.4
WorkingDir Changes current working directory. For example:
C:\Windows\Temp
Location Select the location where the shortcut will appear from the drop-down list. Options
include Desktop, Quick Launch, and Start Menu.
Output filename The name of the log file created by the script.
Log file The type of log you want to query. Options include Application, System,
and Security.
Event Type The type of event you want to query. Options include Information, Warn-
ing, and Error.
Source Name Use this optional field to restrict the query to events from a specific source.
4. Click Save.
After clicking Save you will be taken to the Script: Edit Detail page, where you will need to enable and
set a schedule for this policy to take effect. See “Adding Scripts,” on page 106 for more information.
4. Click Save.
After clicking Save you will be taken to the Script: Edit Detail page, where you will need to enable and
set a schedule for this policy to take effect. See “Adding Scripts,” on page 106 for more information.
Install Options Install Mirror Driver Check the Mirror Driver box to if you want to install
the optional UltraVNC Mirror Video Driver.
The Mirror Video Driver is a driver that UltraVNC
can use to be quickly and efficiently notified with
screen changes. Using it on an UltraVNC server
results in an excellent accuracy. The video driver
also makes a direct link between the video driver
framebuffer memory and UltraWinVNC server.
Using the framebuffer directly
eliminates the use of the CPU for intensive screen
blitting, resulting in a big speed boost and very low
CPU load.
See UltraVNC documentation for complete details.
Install Viewer Check the Mirror Driver box to if you want to install
the optional UltraVNC Mirror Video Driver.
Authentication VNC Password Provide a VNC password for authentication.
Require MS Logon If you want to use MS Logon authentication, use
MSLogonACL.exe /e acl.txt
to export the ACL from your VNC installation. Copy
and paste the contents of the text file into the ACL
field.
It is advisable to look at the script that is generated
by this wizard to make sure it is doing something
you expect. You can view the raw script by clicking
View raw XML Editor on the Script Detail page.
Disable Tray Icon Check this box if you do not want to display the UltraVNC tray icon
on the target computers.
Disable client options in tray If you did not check Disable Tray Icon, check this box if you do not
icon menu want to display client options in the tray icon menu on the target
computers.
Disable properties panel Check this box to disable the UltraVNC properties panel on the tar-
get computers.
Forbid the user to close down Check this box if you do not want to allow computer users to shut
WinVNC down WinVNC.
5. Click Save.
After clicking Save you will be taken to the Script: Edit Detail page, where you will need to enable and
set a schedule for this policy to take effect. See “Adding Scripts,” on page 106 for more information.
Un-Installer Wizard
This wizard allows you to quickly build a script to uninstall a software package. The resulting script can
perform three actions: Execute an uninstall command;Kill a process; and Delete a directory.
To create an uninstaller script:
4. Click Save.
After clicking Save you will be taken to the Script: Edit Detail page, where you will need to enable and
set a schedule for this policy to take effect. See “Adding Scripts,” on page 106 for more information.
4. Select the interval (in minutes) to wait to reschedule an update if the update fails from the
Reschedule Wait Time drop-down list.
5. Specify whether or not to reboot while a user is logged in.
6. Enter the details for the SUS Server and SUS Server Statistics.
7. Click Save.
After clicking Save you will be taken to the Script: Edit Detail page, where you will need to enable and
set a schedule for this policy to take effect. See “Adding Scripts,” on page 106 for more information.
Patching
To sort the bulletin list view by status, importance, or bulletin year, click one of the links at the top of the
page under Bulletin Lists. The Patch Listing page appears.
The Patch Listing page provides a list of all available bulletins, which you can further sort based on status,
bulletin year, importance, bulletin year, or affected operating system. You can also view only those
bulletins that encountered errors during deployment.
To view details about a specific patch, click the linked name of the bulletin.
The Patch Listing page uses the following icons to convey the status of a bulletin:
Icon Description
To return to the Bulletin Management page from the Patch Listing page, click the
Patches tab again.
Needs review The default option on this page. Bulletin will remain on the Needs Review
list. Bulletin will not be distributed.
Reviewing The bulletin is moved out of the Needs Review list, but still requires an
Approved status before it will be deployed.
Approved The bulletin will be deployed according to the patch settings you specify.
Declined The bulletin will be removed from the Needs Review list.
6. Click Save.
1. From the Bulletin Management Page, under Need Review Bulletins, click the + Bulletins link to
expand the list.
2. Scroll down and select the Check All Bulletins check box.
3. Select the desired status:
Reviewing
Approved
Declined.
4. Click Save.
1. From the Bulletin Management Page, under Need Review Bulletins, click the + Bulletins link to
expand the list.
2. Click the linked bulletin number. The Bulletin: Detail page appears in a new browser window.
3. Select the desired status:
Needs review
Reviewing
Approved
Declined.
If you see the word WARNING on this page, it means that the settings for the various
Managed Installations listed are different from each other. Clicking Save under these
circumstances will overwrite those different settings with the values you specify on this
page.
To see a list of software titles affected by this bulletin, scroll down to the bottom of the page.
Deploying bulletins
When you approve a bulletin, you will see the Bulletin: Detail page where you will see the bulletin details,
such as the computers to which you want to deploy bulletins be deployed to, operating systems affected,
and links to access the Managed Installation details for the bulletin.
By default, approved bulletins are set to execute the next time a machine checks in to the KBOX 1000
Series. You can configure this and other settings, such as installation behavior, user interaction, and
deployment window from the Patch Settings page.
Managed Action Select a Managed Action from the drop-down list. This dictates
deployment behavior. Options include:
Execute anytime (next available)
Execute before logon (at machine bootup)
Execute after logon (before desktop loads)
Execute while user logged on
Execute while user logged off.
Quiet Install Select this check box to install the patch without notifying the user.
Suppress Reboot Select this check box to install the patch without requiring the users
machine to reboot.
Deployment Window By default, the KBOX 1000 Series will attempt to deploy this patch
for 24 hrs. Select a time on a 24-hour clock to open the deployment
window and a time to close the deployment window.
Post-Install Message Time- Enter a timeout duration for the message in minutes.
out
Delete Downloaded Files Select to download all the files after the patch is installed.
6. To apply these changes across all patches, select the Apply changes to existing patches check box.
7. Click Save.
Security
Note that the OVAL tests available with your KBOX 1000 Series when it is first installed
might be out of date. After installation, the KBOX 1000 Series will automatically check
for updates nightly. You can see the current OVAL version on the KBOX Summary Info
page (Reporting | Summary).
Status Description
Draft Definitions with this status have been assigned an OVAL ID number and are under discus-
sion on the Community Forum and by the OVAL Board.
Interim Definitions with this status are under review by the OVAL Board and available for discus-
sion on the Community Forum. Definitions are generally assigned this status for two
weeks, unless further changes or discussion are required.
Accepted Definitions with this status have passed the Interim stage and are posted on the OVAL
Definition pages. All history of discussions surrounding Accepted definitions are linked
from the OVAL definition.
Definition status
Click the OVAL-ID or
CVE-ID for more details
about a vulnerability
OVAL Test details do not indicate the severity of the vulnerability. Use your own judgement when
determining whether to test your network for the presence of a particular vulnerability.
Field Description
OVAL-ID Click the OVAL-ID to visit an external Web site with more details about the vulnera-
bility. The status of the vulnerability follows the OVAL-ID. Possible values are DRAFT,
INTERIM, or ACCEPTED.
Class Indicates the nature of the vulnerability. Possible values are: compliance, depre-
cated, patch, and vulnerability.
Ref-ID Click the Ref-ID to visit an external Web site for more details about the vulnerability.
Description The common definition of the vulnerability as found on the CVE list.
Definition Specifies the testing steps used to determine whether or not the vulnerability exists.
The table at the bottom of the page displays the list of computers in your network that contain this
vulnerability. For convenience, a printer-friendly version of this data is available.
OVAL Updates
The KBOX 1000 Series checks www.kace.com for new OVAL definitions nightly, but you should expect new
definitions weekly. If you have OVAL tests enabled, the KBOX 1000 Series will download new OVAL
definitions to all client machines on the next scripting update interval whenever a new package becomes
available, regardless of the OVAL schedule settings. The .zip file that contains the updates could be up to
2MB, so use caution when enabling OVAL Tests for the computers on your network, as the size of the
package could impact the performance of users’ machines, particularly those on dialup connections.
For this reason, a good rule to follow is to only enable OVAL Tests when you want to run them. For
example, if you wanted to schedule OVAL Tests to run on January 1st, you could disable them on January
2nd, and not enable them again until close to the next time you want them to run. Any OVAL updates that
are pulled down while the OVAL Tests are disabled will be stored on the KBOX 1000 Series and only
pushed out to the target machines when enabled again.
1. Select Security | Oval Settings. The OVAL Settings & Schedule page is displayed.
2. Specify the Configuration settings:
Enabled Run OVAL on the target machines. Only enabled OVAL Tests will run
when you want to run them.
Allow Run While Disconnected Run OVAL on the target machines, but store test results on the
target machine until they can be uploaded to the KBOX 1000 Series.
Allow Run While Logged Off Run OVAL even if a user is not logged in. With this turned off, the
script will only run when a user is logged into the machine.
4. In the Scheduling area, specify the time and frequency for running OVAL:
Don’t Run on a schedule Tests will run in combination with an event rather than on a
specific date or at a specific time. Use this option in combina-
tion with one or more of the “Also” choices below. For example,
use this option in conjunction with “Also Run at User Login” to
run whenever the user logs in.
Run Every n minutes/hours Test will run on every hour and minutes as specified.
Run Every day/specific day at ... Test will run on the specified time on the specified day.
Run on the nst of every month/ Test will run on the specified time on the 1st, or 2nd, etc. of
specific month at... every month or only the selected month.
Custom Schedule This option allows you to set an arbitrary schedule using stan-
dard cron format. For example, 1,2,3,5,20-25,30-35,59 23 31
12 * * means:
On the last day of year, at 23:01, 23:02, 23:03, 23:05, 23:20,
23:21, 23:22, 23:23, 23:24, 23:25, 23:30, 23:31, 23:32, 23:33,
23:34, 23:35, 23:59. The KBOX 1000 Series doesn’t support the
extended cron format.
Also Run Once at next Client If this option is selected, test will run once at next client
Checkin checkin. It is recommended to avoid this option because this
option will run tests when the user’s machine is in use. Select-
ing this option could impact the machine’s performance.
Allow WMI traffic Enables inbound TCP traffic on ports 135 and 445 to traverse the
firewall. These ports are necessary for using remote administra-
tion tools such as the Microsoft Management Console (MMC) and
Windows Management Instrumentation (WMI).
Allow Remote Desktop Enables inbound TCP traffic on port 3389 to traverse the firewall.
This port is required for the computer to receive Remote Desktop
requests.
Allow file and printer sharing Enables inbound TCP traffic on ports 139 and 445, and inbound
UDP traffic on ports 137 and 138. These ports are required for
the machine to act as a file or printer sharing server.
Allow Universal Plug-and-Play Enables inbound TCP traffic on port 2869 and inbound UDP traffic
(UPnP) on port 1900. These ports are required for the computer to
receive messages from Plug-and-Play network devices, such as
routers with built-in firewalls.
The script created as a result of this wizard will overwrite any disallowed program
settings on the target machines.
Install Silently This option causes the update to be installed without showing a UI on the
target computers.
Prompt for Reboot Use this option to make the update prompt the user before rebooting.
Use this option with the "Install Silently" option.
Reboot if Needed This option causes the update to reboot the machine as needed. If this
options is not used, a silent installation will not reboot the machine.
Force Update Use this option to always update all file versions, even if the machine
already appears to have the latest versions.
5. Click Save.
After clicking Save you will be taken to the Script: Edit Detail page where you must enable and set a
schedule for this policy to take effect.
You will need to create a Software inventory item and upload the Symantec
AntiVirus.msi file to be distributed.
You must include the SAVMain feature for this script to work properly, although this
wizard does not enforce that.
You can/should look at the script that is generated by this wizard to make sure it is
doing what you expect. You can view the raw script by clicking To edit the policy
using this editor, click here on the Script detail page.
Quarantine Policy
Use this wizard to create a script that you can use to quarantine computers that have failed OVAL tests for
vulnerabilities. The script that is created as a result of this wizard is merely a template. Use the script
editor to modify the template script and add the appropriate verification steps to decide which computers
to quarantine.
When a computer is under quarantine, all communication from it is blocked except for communication to
the KBOX 1000 Series Server, therefore use care when performing this action. If you were to deploy this
accidentally to all machines on your network, you could take your network down very quickly.
To create a package:
Download Select this type to include documentation, files, or other software that does not
automatically install.
Install Select this type to select software that will install automatically on the user’s
machine. The user must have the KBOX Agent installed to run installations.
Script Select this type to select a script to include in the software library. The user
must have the KBOX Agent installed to run scripts.
5. From the Download drop-down list, choose the software to install. You can filter the list by entering
any filter options.
6. Specify the information to include with your package:
Installation Instructions Specify the installation instructions. Any defined instructions, legal
policy, cost information, etc will be posted along with the portal
package for user visibility.
Product Key Select this check box to require users to enter a product key upon
installation of the software library. The license key specified on the
software license entry on the Inventory | Licensing tab.
7. If you selected the Install software library type, specify the command line to run the installation,
including any necessary install switches or other parameters.
Note that users must have the KBOX Agent installed on their machines in order to run
the installations or scripts.
8. If you selected the Script software library type, choose the script from the Script drop-down list.
9. Type any notes in the Additional Notes field.
10. Specify the following informations, as necessary.
Corporate License Text Enter any text related to the Corporate License.
Vendor License Text Enter any text related to Vendor License.
Unit Cost Enter the cost per Unit.
Documentation File Browse the desired documentation file.
11. If desired, select a label to limit software library deployment to specific users.
12. Select the check box to restrict software library deployment by machine label.
13. Click Save.
A major benefit of the Help Desk is that it provides your users with the resources they
need to solve many of the most common support issues on their own, thus alleviating
some of the burden on your support staff. Be sure to provide adequate information to
your users so that you, and they, can experience the full benefit of this feature.
If you have the optional Help Desk Module installed, you can also create a new
Knowledge Base article from the comments in a Ticket by clicking the Create KB
article button on the Ticket Detail page. For more information, see “Creating and
editing Help Desk Tickets,” on page 166.
1. Select Help Desk | Knowledge Base tab, or select Help Desk | Knowledge Base if you have the
optional Help Desk Module installed.
2. Select Add New Item from the Choose action drop-down list.
The Knowledge Base: Edit Article page appears.
3. Enter the following article information:
Title A specific description of the issue covered in the article. Make the title as
descriptive as possible and use common terms so that it will be easy for an
end-user to locate information about a problem.
Category A general description of the type of issue. (For example, “printing” or “net-
work access”).
Platform The operating systems to which this article applies.
Importance The relative weight of the article’s contents. (For example, “reference” or
“low”; or “critical” or “high”.
Use Markdown Markdown is a plain text formatting syntax, and a software tool, written in
Perl, that converts the plain text formatting to HTML. See Figure 5-7 below,
for an example of markdown syntax and HTML display. For more informa-
tion about markdown, see http://daringfireball.net/projects/mark-
down/syntax.
Limit Access Select the labels you want to limit access to.
To User Labels
Article Text Enter any text about the article.
To see how the article appears to your users on the Help Desk, click on the article’s title,
and then click the User URL on the Edit Article page.
1. Select Help Desk | Knowledge Base tab, or select Help Desk | Knowledge Base if you have the
optional Help Desk Module installed.
2. Click the linked article title. The Knowledge Base: Edit Article page appears.
3. Click the [Edit] link to update the article details.
4. Modify article details, then click Save.
1. Select Help Desk | Knowledge Base tab, or select Help Desk | Knowledge Base if you have the
optional Help Desk Module installed.
2. To delete an article, select the check box beside the article and choose Delete Selected Item(s)
from the Choose action drop-down list.
3. Click OK to confirm deletion.
1. Select Help Desk | Knowledge Base tab, or select Help Desk | Knowledge Base if you have the
optional Help Desk Module installed.
2. Click the linked article title.
The Knowledge Base: Edit Article page appears.
3. Click the [Edit] link, then click Delete.
4. Click OK to confirm deletion.
1. Select Help Desk | Users, or select Help Desk | Users if you have the optional Help Desk Module
installed.
2. In the Choose action drop-down list, select Add New Item.
The User : Edit User Detail page appears.
3. Enter the necessary user details.
User Name Required. This is the name the user types to enter the Help Desk.
Full Name Required. The user’s full name.
Email Required for Help Desk installations. The user’s email address. This is the
address to which Help Desk messages, if enabled, will be sent.
Domain Optional. An active directory domain.
Budget Code Optional. The financial department code.
Location Optional. The name of a site or building.
Work Phone Optional. Enter the user’s work phone number.
Home Phone Optional. Enter the user’s home phone number.
Mobile Phone Optional. Enter the user’s mobile phone number.
Pager Phone Optional. Enter the user’s pager phone number.
Custom 1
Custom 2 Optional. Enter the custom related information.
Custom 3
Custom 4
Password Required. Blank or empty passwords are not valid for new users. The user will
be created but the user cannot be activated without a valid password.
Confirm Password Required. Retype the user’s password.
Assign To Label Select the labels to assign.
If the external server requires credentials for administrative login (aka non-anonymous
login), you will need to specify those credentials. If you do not specify an LDAP user
name, then an anonymous bind will be attempted. The LDAP user configured should
have at least READ access to the "search base" area.
KBOX (local Authentication) Select this option if you want to use local pass-
words for authentication.
External LDAP Server Authentication for Specify LDAP settings as necessary. Contact KACE
customer support if you need assistance with this
process.
4. Local authentication is the default setting for the KBOX. If you require external user authentication, for
example against an LDAP server or Active Directory server, complete the external server definition by
specifying the following information.
3. Click test.
4. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names)
available on that directory is displayed. These base DNs can be used as a start point to browse and
search the directory.
If the connection was not established, the Operation Failed message appears, which could be due to
one of the following reasons:
The IP or Host Name provided is incorrect.
Conjunction Operator Select the Conjunction Operator from the drop - down list. For
example, AND.
Note: This field is available for the previous attribute only when
you add a new attribute.
Add Click Add. You can add multiple attributes.
Search Scope Click One level to search at the same level or click Sub-tree
level to search at the sub tree level.
8. Click OK. The query appears in the Search Filter text area. For example,
(samaccountname=admin).
9. Click Browse to display all the immediate child nodes for the given base DN and search filter or click
Search to display all the direct and indirect child nodes for the given base DN and Search Filter.
The search results are displayed in the left panel.
10. Click a child node to view its attributes.
The attributes are displayed in the right panel.
11. Click Next to confirm the LDAP configuration.
12. Click Next to use the displayed settings.
Importing users
You can import Users and Labels directly from your LDAP or Active Directory system into the KBOX.
To import users:
3. If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP
Browser Wizard. For more information on how to use the LDAP Browser Wizard, refer to “LDAP Browser
Wizard,” on page 155.
4. Click Next.
5. Select the value from the drop-down list next to each LDAP attribute to map the values from your LDAP
server into the User record on the KBOX. The fields in Red are mandatory. The LDAP Uid must be a
unique identifier for the user record.
Administrators can create, modify, and manage Help Desk tickets from the Tickets tab in the Administrator
UI. Administrators also can use the security, scripting, and distribution features to resolve Help Desk
tickets, then use the Knowledge Base to create the documentation that references the resolution for users.
From the Tickets tab, administrators can:
Create or delete Help Desk tickets
Apply labels to tickets/Remove labels from tickets
Sort the Ticket view by owner or submitter, summary, priority, or status
Change a ticket’s status, priority, or owner.
Field(s) Description
Category Specify the default category for tickets. Options include Software,
Hardware, Network, and Other.
Status Specify the default status for tickets. Options include New, Opened,
Closed, and Need More Info.
Impact Specify the default impact for tickets. Options include Many people
can’t work, Many people inconvenienced, 1 person can’t work, and 1
person inconvenienced.
Priority Specify the default priority for tickets. Options include Low, Medium,
and High.
8. In the Email on Events area, specify to whom, and under what circumstances, emails should be sent:
Recipients:
Owner - The Help Desk user assigned to the ticket
Submitter - The user who submitted the ticket
Ticket CC - The email recipients listed in the CC area of the ticket
1. In the Category Values area, click the icon beside a category value to modify it.
Editable fields appear for that value.
2. Edit the Category Values fields:
3. Click the icon beside a Category value to change its order in the drop-down list.
1. In the Status Values area, click the icon beside a category value to modify it.
Editable fields appear for that value.
2. Edit the Status Values field:
3. Click the icon beside a Status value to change its order in the drop-down list.
You cannot remove Status values to which tickets are currently assigned.
1. In the Priority Values area, click the icon beside a category value to modify it.
Editable fields appear for that value. Edit the Priority Values fields:
Name Specify a name for the custom field.
Color The displayed color of this status on the ticket list pages.
Escalation Time The interval after which an open ticket of this priority is escalated. Specify a
time integer and a unit from the drop-down list.
2. Click the icon beside a Priority value to change its order in the drop-down list.
You cannot remove Priority values to Tickets which are currently assigned.
1. In the Impact Values area, click the icon beside an Impact value to modify it.
Editable fields appear for that value.
2. Modify the Name field as desired.
3. Click the icon beside an Impact value to change its order in the drop-down list.
You cannot remove Impact values to Tickets which are currently assigned.
1. In the Custom fields area, click the Edit item icon to modify the fields.
2. In the Name field, enter the names for the custom fields as you want them to be displayed on the
Ticket Details page.
The custom fields are added as text boxes that hold up to 255 characters. You can add up to six custom
fields.
3. Enter the select values in the Select Values field.
Select Values are used for custom fields with Field Type of Single Select or Multiple Select. These values
should be entered as comma-separated strings.
4. Select the field type in the Field Type list.
5. Select the Only Editable By Owners check box to make this field editable by owners.
6. To remove a custom field, clear the name from the field value.
When you remove the name of a field, values for that custom field will be removed from all tickets.
When you rename a field, values for that custom field will be retained.
7. Click Save to apply your changes.
8. In the Ticket List View area, click the Edit item icon to modify the desired Ticket List View fields.
9. Select the name in the Name list.
10. Specify the width in the Width field and then click Save.
11. Click Save.
1. In the Ticket List View area, click the icon beside an attribute to modify it.
Editable fields appear for that value. Edit the fields:
Name Select an attribute name from the drop-down list.
Width Specify the column width.
2. Click the icon beside an attribute to change its order in the drop-down list.
3. Click the icon to add an attribute to the Ticket List View drop-down list.
CC List A comma-separated list of additional email addresses for users who might be inter-
ested in changes to this ticket.
Submitter
Click the icon to select the submitter from the drop-down list.
See Also Link(s) to related tickets. When editing this list, enter the Ticket IDs as comma-sep-
arated integers.
Referrers If other tickets refer to this ticket in the see also field, those ticket IDs will appear
here after this ticket is saved.
Owners only Select this check box to have the comment you are entering visible only to users
who are authorized to own tickets.
Comment Provide comments about the support issue.
Attachment Browse the desired attachment file.
After you create the new ticket, you can open the ticket record and view a print-friendly
version of the ticket, email the ticket to someone, and click the Find Relevant Articles
link to locate Knowledge Base articles related to the ticket.
1. Select the check box beside the ticket(s) you want to edit.
2. From the Choose action drop-down list, select the desired option:
When reassigning a ticket to a new owner using the Choose action drop-down list,
the number in parentheses (), indicates the number of tickets currently assigned to that
Help Desk user.
Closed Satisfaction Survey last Lists by Owner all Closed Satisfaction Surveys in the last 31
31 days by Owner days.
Closed Ticket Resolutions last Lists by Owner all Closed Ticket Resolutions in the last 31
31 days by Owner days.
Closed Ticket Resolutions last 7 Lists by Owner all Closed Ticket Resolutions in the last 7 days.
days by Owner
Closed Tickets last 31 days by Lists by Category all Help Desk tickets that have been closed
Category in the last 31 days.
Closed Tickets last 31 days by Lists by Owner all Help Desk tickets that have been closed in
Owner the last 31 days.
Closed Tickets last 7 days by Lists by Owner all Help Desk tickets that have been closed in
Owner the last 7 days.
Escalated/Open Tickets by Lists by Owner all escalated and open Help Desk tickets.
Owner
Open Tickets by Category Lists by Category all open Help Desk tickets.
Open Tickets by Owner Lists by Owner all open Help Desk tickets.
Open Tickets last 7 days by Lists by Owner all open Help Desk tickets opened in the last 7
Owner days.
Stalled Tickets by Owner Lists by Owner all tickets that are past their due date but not
in escalation (stalled tickets).
Stalled/Open Tickets by Lists by Category all stalled and open Help Desk tickets.
Category
Stalled/Open Tickets by Impact Lists by Impact all stalled and open Help Desk tickets.
Stalled/Open Tickets by Owner Lists by Owner all stalled and open Help Desk tickets.
Stalled/Open Tickets by Priority Lists by Priority all stalled and open Help Desk tickets.
Stalled/Open Tickets by Status Lists by Status all stalled and open Help Desk tickets.
Stalled/Open Tickets with Due Lists by Owner and due date all stalled and open Help Desk
Date by Owner tickets.
Work Report Date Range - Long Displays date, ticket #, technician and hours worked as a
Notes Display header above the Notes for a Work entry for 2006-04-01
through 2006-07-01.
Work Report last 31 days Reports all tickets for which work has been logged for the last
31 days.
Work Report last 31 days - Use this report if you want to build a customized report show-
Customize ing only select fields for all tickets for which work has been
logged for the last 31 days.
Work Report last 31 days - Long Displays date, ticket #, technician, and hours worked as a
Notes Display header above the Notes for each Work entry.
Work Report last 31 days by Displays all people who logged work
Person during the last 31 days first by person, and then by ticket and
time.
1. Select Reporting.
The KBOX Reports page appears.
2. From the View by category drop-down list, select HelpDesk.
3. Click the format type for the report you want to view.
If you need to create custom reports, see “Creating and editing reports,” on page 190
for information on using the Report Wizard.
Server Maintenance
This chapter describes the most commonly used features
and functions that the Administrator will use in
administering and maintaining your KBOX 1000 Series
appliance.
3. Click Save in the alert that appears, then specify a location for the files.
4. Browse to the location where you want to store the files, then click Save.
1. Open your browser and go to the URL for the KBOX 1000 Series appliance (http://kbox/admin).
2. Click About KBOX in the upper right-hand corner of the screen.
The Reboot and Shutdown buttons will only be clickable if you have already click the
blue "Edit Mode" link at the bottom of the page.
Disk Status Displays the status of the KBOX 1000 Series disk array.
Application Displays miscellaneous information about the application's operation and execution.
Access Displays the HTTP Server's access information.
Server Displays errors or server warnings regarding any of the onboard server processes.
Update Displays details of any KBOX 1000 Series patches or upgrades applied using the
Update KBOX function.
Client Displays KBOX Agent exception logs.
The figures above display the difference in the Disk status log when no error is found and when an error
exists. Although this section does not describe every possible error message that could be displayed here,
many of the errors that occur can be resolved by following the same set of steps:
Reporting
Compliance Hotfix Compliance Shows which computers have the specified hot-
fix installed.
Compliance Software Compliance Simple Lists the licenses and counts like the License list
page with details such as vendor, PO#, and
Notes.
Compliance Software License Compliance Lists software and computers that are impacted
Complete by each license record.
Compliance Unapproved Software Lists software found on computers that do not
Installation have approved licenses.
Hardware C drives less than 2G free Shows which computers less than 2 gigabytes of
free space.
Hardware Computer - Video/Ram/Proc by Lists all computers and their video, ram and pro-
Label cessor information sorted by label and name.
Hardware Computer Export This report is intended to generate a CSV listing
for data export to other programs.
Hardware Computer Inventory Detail Detail listing of all computers on the KBOX 1000
Series network with full field detail.
Hardware Computer Listing by Free Disk Lists computer disk drives in order of total free
Space disk space.
Hardware Computer Listing by Label Lists all computers by all KBOX 1000 Series
labels.
Hardware Computer Listing by Memory Lists computer RAM in order of total memory
size.
Hardware Computer Listing by Operating Sorts all computers by Operating System type
System and sums OS Types.
Hardware Computer Uptime Report Reports the uptime of the computers.
Help Desk Closed Satisfaction Survey last Lists by Owner all Closed Satisfaction Surveys in
31 days by Owner the last 31 days.
Help Desk Closed Ticket Resolutions last Lists by Owner all Closed Ticket Resolutions in
31 days by Owner the last 31 days.
Help Desk Closed Ticket Resolutions last 7 Lists by Owner all Closed Ticket Resolutions in
days by Owner the last 7 days.
Help Desk Closed Tickets last 31 days by Lists by Category all Help Desk tickets that have
Category been closed in the last 31 days.
Help Desk Closed Tickets last 31 days by Lists by Owner all Help Desk tickets that have
Owner been closed in the last 31 days.
Help Desk Closed Tickets last 7 days by Lists by Owner all Help Desk tickets that have
Owner been closed in the last 7 days.
Help Desk Escalated/Open Tickets by Lists by Owner all escalated and open Help Desk
Owner tickets.
Help Desk Open Tickets by Category Lists by Category all open Help Desk tickets.
Help Desk Open Tickets by Owner Lists by Owner all open Help Desk tickets.
Help Desk Open Tickets last 7 days by Lists by Owner all open Help Desk tickets
Owner opened in the last 7 days.
Help Desk Stalled Tickets by Owner Lists by Owner all tickets that are past their due
date but not in escalation (stalled tickets).
Help Desk Stalled/Open Tickets by Lists by Category all stalled and open Help Desk
Category tickets.
Help Desk Stalled/Open Tickets by Impact Lists by Impact all stalled and open Help Desk
tickets.
Help Desk Stalled/Open Tickets by Owner Lists by Owner all stalled and open Help Desk
tickets.
Help Desk Stalled/Open Tickets by Priority Lists by Priority all stalled and open Help Desk
tickets.
Help Desk Stalled/Open Tickets by Status Lists by Status all stalled and open Help Desk
tickets.
Help Desk Stalled/Open Tickets with Due Lists by Owner and due date all stalled and open
Date by Owner Help Desk tickets.
Help Desk Work Report Date Range - Long Displays date, ticket #, technician and hours
Notes Display worked as a header above the Notes for a Work
entry for 2006-04-01 through 2006-07-01.
Help Desk Work Report last 31 days Reports all tickets for which work has been
logged for the last 31 days.
Help Desk Work Report last 31 days - Use this report if you want to build a customized
Customize report showing only select fields for all tickets
for which work has been logged for the last 31
days.
Help Desk Work Report last 31 days - Long Displays date, ticket #, technician, and hours
Notes Display worked as a header above the Notes for each
Work entry.
Help Desk Work Report last 31 days by Displays all people who logged work
Person during the last 31 days first by person, and then
by ticket and time.
KBOX Boot/Login Policies Lists all the activities that could happen at
machine boot time or after the user logs in.
KBOX KBOX Agent Roll Out Log Reports when a computer record was first cre-
ated.
KBOX KBOX Communication Lists by day the latest communication from com-
puters on the network.
KBOX MI's enabled on all machines Lists all the managed installations that are
enabled on all machines.
KBOX Scripts enabled on all machines This report lists the scripts that are enabled on
all machines.
Network Network Info - Domain Listing This report lists computers groups computers by
domain/workgroup.
Network Network Info - IP Address Lists computers in order of IP Address (ascend-
Listing ing).
Network Network Scan Report Displays the results of the nightly Network Scan.
Patching Critical Bulletin List Lists all critical bulletins.
Patching For each Machine, what Lists of all patches on each computer in the
patches are installed KBOX network.
Patching For each Patch, what machines Lists the computers having each software patch
have it installed in inventory.
Patching How many computers have Software Inventory listing sorted by software
each Patch installed title showing number of seats deployed.
Patching Installation Status of each Lists the installation status of each enabled
enabled Patch patch.
Patching Needs Review Bulletin List List of all the Bulletins that need review.
Patching Patches waiting to be deployed Lists all patches waiting to be deployed.
Security Number of machines with OVAL Lists, for each OVAL test, how many machines
vulnerabilities failed the test and are therefore vulnerable.
Security OVAL Machine Report Reports all the machines and how many OVAL
tests that each of them failed.
Security SANS Top 10 - Q2 2005 Reports all OVAL results from vulnerabilities
reported by SANS.
Security Threating Items Displays all items o threat level 4 or 5 and the
computers which have them.
Security Top 10 OVAL Vulnerabilities Displays a Pie graph of the top 10 OVAL vulnera-
bilities that have been reported by the OVAL
scan.
Software Software Export Generates a CSV listing for data export to other
programs.
Software Software Installed But Not Used Lists, by software item, where software has
Last 6 Months been installed but not used according to soft-
ware metering. This will only work when you
have attached the metering to a particular soft-
ware item which will limit you to a particular ver-
sion of software.
Software Software Inventory By Vendor Software Inventory listing grouped by vendor
showing number of seats deployed.
Software Software Listing By Label Lists all software titles organized by all KBOX
1000 Series labels.
Software Software not on any computer Listing of all software titles that are not currently
installed on any computers.
Software Software on Computer Listing of all software on each computer in the
KBOX 1000 Series network.
Software Software OS Report - Graph Pie graph showing the list and count of Operat-
ing Systems currently deployed on your net-
work.
Software Software Title & Version - Com- This report lists the computers having each soft-
puter List ware title in inventory.
Software Software Title - Computer List This report lists computers having each
(MS Only) Microsoft software title in inventory.
Software Software Title Deployed Count Software Inventory sorted by software title
showing number of seats deployed.
Template Computer Listing - XP SP2 Lists all computers, reporting if XP SP2 is
installed? installed or not. Change 'Windows XP Service
Pack 2' to any other Software title you are inter-
ested in. Sorted by installation status.
Template Computer Listing with Software Computer Listing sorted by LABEL with comput-
Template ers having software names like "Microsoft Office
Professional%".
Template Custom Inventory Template Reports the values returned by a custom inven-
tory rule that you can setup in the Software
Item page. Change 'McAfeeDATFile' to be the
name of the Software item with the Custom
Inventory Rule in it.
Template Log File Information Template This is a template that lists the values returned
from a 'Log File Information' action in a script.
Replace 'AccessedDate: ' with the actual
attribute that you returned.
Template Log Registry Value Template This template lists the values returned from a
script using the 'Log Registry Value' action.
Replace the value '!doc =' with the appropriate
value name that you entered in the script.
Template Machines By Label X with Soft- Reports all the machines in label(s) and indi-
ware Y Installed cates if they have a particular software product
installed. Replace KBOX with the name of the
software you are looking for and QA_LABEL and
KBOX_LABEL with the labels of the machines
you want included.
Report Title Enter a display name for the report. Make this as descriptive as pos-
sible, so you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already
exist, it will be added to the drop-down list on the Reports list page.
Description Describe the information that the report will provide.
Report Type Select a report type from the list. The fields that you will be able to
include on the report vary depending on the report type you choose.
4. Click Next.
5. The next step is to select fields you want to include on the report. Click Select All to select all fields or
Deselect All to deselect all fields.
6. Click Next.
7. The next step is to arrange the fields you selected in the order in which you want the columns to
appear on the report.
Highlight and drag a column block to change the order. Rearrange the fields until the columns are in
the order you want to display them on the report.
8. Click Next.
9. The next step is to sort the fields you selected for the report and to decide where you want the report
to break. You can sort first by one field, then further sort by one or two more fields.
a. Select a field or fields by which you want to sort from the Order By drop-down list or lists.
b. Select either Ascending or Descending from the Sequence drop-down list or lists.
c. Check Break Header? if you want to break the report with a new header and do subtotals.
10. Click Next.
11. The next step is to specify filter criteria for the report:
a. Select a field or fields by which you want to filter from the field drop-down list or lists.
b. Select an operator or operators from the operator drop-down list or lists.
c. Enter a value by which you want to search and filter.
You can combine individual field filter searches (create a compound filter search) by selecting an AND
or an OR operator. The example above will search for and filter users who have “kace” or
“kacepartner” in their mail address.
12. Click Save to save your report. The KBOX Reports page is displayed with the new report in the list. To
run the new report, click the desired format type (HTML, PDF, CSV, or TXT). For HTML or PDF formats,
the report will be displayed in a new window. If you select CSV or TXT format, you will be prompted to
open the file or save it to your computer.
Title Enter a display name for the report. Make this as descriptive as possible, so
you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already exist, it
will be added to the drop-down list on the Reports list page.
Output File Name Specify the name for the file generate when this report is run.
Description Describe the information that the report will provide.
Output Types Specify the formats that should be available for this report.
SQL Select Statement Enter the query statement that will generate the report data. For reference,
consult the MYSQL documentation.
Break on Columns A comma-separated list of SQL column names. The report will generate
break headers and sub totals for these columns. This setting refers to the
auto-generated layout.
XML Report Layout When checked, this option will create the XML layout based on the SQL you
enter. Select this check box if you have changed the columns that are being
returned by the query so that the XML Report Layout is regenerated using
the new columns.
4. Click Save.
For assistance with formatting the report XML, refer to the rlib documentation found
here: http://rlib.sicompos.com/.
The counter automatically adjusts if the number increases beyond one hundred.
The number of machines displayed on the Y axis automatically adjusts if the number of
machines found on a particular threat level increases beyond twelve.
License Compliance
Displays the number of machines that use a particular licensed software. For example, the following figure
displays a licensed software named Adobe flash player 9, which can be used on one thousand
machines. In this example, this software is used by twelve machines.
The counter automatically adjusts if the number of sockets connected increases beyond
one hundred.
As this page is refreshed, the record count information is refreshed. New KBOX 1000
Series installations will mostly contain zero or no record counts.
Computer statistics
Provides a summary of the computers on your network, including a breakdown of the operating systems in
use. In addition, if the number of computers on your network exceeds the number allowed by your KBOX
1000 Series license key, a notification to that effect will be displayed here.
Software statistics
Provides a summary of the software in KBOX 1000 Series Inventory. Includes the number of software titles
that have been uploaded to the KBOX 1000 Series.
Alert Summary
Provides a summary of the alerts that have been distributed to the computers on your network, separated
by message type. This also indicates the number of alerts that are active vs. expired.
The IT Advisory refers to the number of Knowledge Base Articles in Help Desk.
OVAL Information
Provides a summary of the OVAL definitions received and the number of vulnerabilities detected on your
network. Includes the date and time of the last OVAL download (successful and attempted) and the
number of OVAL tests in the KBOX 1000 Series, in addition to the numbers of computers that have been
scanned.
LDAP Server Specify the IP or the Host Name of the LDAP Server.
Note: For LDAPS, use the IP or the Host Name, as ldaps://
HOSTNAME
LDAP Port Specify the LDAP Port number, which could be either 389/636 (LDAPS).
LDAP Login Specify the Bind DN
For example:
CN=Administrator,CN=Users,DC=kace,DC=com
LDAP Password Specify the password for the LDAP login.
3. Click test.
4. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names)
available on that directory is displayed. These base DNs can be used as a start point to browse and
search the directory.
If the connection was not established, the Operation Failed message appears, which could be due to
one of the following reasons:
The IP or Host Name provided is incorrect.
The LDAP server is not up.
The login credentials provided are incorrect.
5. Click a Base DN or click next.
A new window displays the Search Base DN and the Search Filter. The Search Base DN is populated on
the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN
and the Search Filter.
6. You can also use the Filter Builder to create complex filters. Click Filter Builder. The Query Builder
is displayed. Specify the following information.
Conjunction Operator Select the conjunction operator from the drop - down list. For
example, AND.
Note: This field is available for the previous attribute only when
you add a new attribute.
Add Click Add. You can add multiple attributes.
Search Scope Click One level to search at the same level or click Sub-tree
level to search at the sub-tree level.
8. Click OK. The query appears in the Search Filter text area. For example,
(samaccountname=admin).
9. Click Browse to display all the immediate child nodes for the given base DN and search filter. Click
Search to display all the direct and indirect child nodes for the given base DN and search filter.
Always Fail X X
Call a Custom DLL Call function "%{procName}" from X X X
Function "%{path}\%{file}"
Create a Custom Create object "%{className}" from X X X
DLL Object "%{path}\%{file}"
Create a message Create a message window named X X X X X
window "%{name}" with title "%{title}", message
"%{message}" and timeout "%{timeout}"
seconds.
Database tables
Table Used In
ADVISORY HelpDesk
ADVISORY_LABEL_JT HelpDesk
AUTHENTICATION KBOX
CLIENTDIST_LABEL_JT KBOX
CLIENT_DISTRIBUTION KBOX
CR_CLIENT_CRASH KBOX
CR_SERVER_CRASH KBOX
CUSTOM_FIELD_DEFINITION Custom Fields
FILTER Labeling
FS File Synchronization
FS_LABEL_JT File Synchronization
FS_MACHINE_JT File Synchronization
GLOBAL_OPTIONS KBOX
HD_ATTACHMENT Help Desk
HD_CATEGORY Help Desk
HD_EMAIL_EVENT Help Desk
HD_IMPACT Help Desk
HD_MAIL_TEMPLATE Help Desk
HD_PRIORITY Help Desk
HD_QUEUE Help Desk
HD_QUEUE_PRIORITY Help Desk
HD_QUEUE_STATUS Help Desk
HD_STATUS Help Desk
HD_TICKET Help Desk
HD_TICKET_CHANGE Help Desk
HD_TICKET_RELATED Help Desk
HD_WORK Help Desk
KBOT Scripting
KBOT_CRON_SCHEDULE Scripting
KBOT_DEPENDENCY Scripting
KBOT_EVENT_SCHEDULE Scripting
KBOT_FORM Scripting
KBOT_FORM_DATA Scripting
KBOT_GRAMMAR Scripting
KBOT_GRAMMAR_ATTRIBUTE Scripting
KBOT_LABEL_JT Scripting
KBOT_LOG Scripting
KBOT_LOG_DETAIL Scripting
KBOT_LOG_LATEST Scripting
KBOT_OS_JT Scripting
KBOT_RUN Scripting
KBOT_RUN_MACHINE Scripting
KBOT_RUN_TOKEN Scripting
KBOT_UPLOAD Scripting
KBOT_UPLOAD_TOKEN Scripting
KBOT_VERIFY Scripting
KBOT_VERIFY_STEPS Scripting
KBOX_VERSION KBOX
LABEL Labeling
LDAP_FILTER Labeling
LDAP_IMPORT_USER User
LICENSE Inventory
LICENSE_MODE Inventory
MACHINE Inventory
MACHINE_CUSTOM_INVENTORY Inventory
MACHINE_DISKS Inventory
MACHINE_KUID Inventory
MACHINE_LABEL_JT Inventory
MACHINE_NICS Inventory
MACHINE_NTSERVICE_JT Inventory
MACHINE_PROCESS Inventory
MACHINE_PROCESS_JT Inventory
MACHINE_SOFTWARE_JT Inventory
MACHINE_STARTUP_PROGRAMS Inventory
MACHINE_STARTUPPROGRAM_JT Inventory
MESSAGE Alerts
MESSAGE_LABEL_JT Alerts
MI Managed Installs
MI_ATTEMPT Managed Installs
MI_LABEL_JT Managed Installs
METER Software Metering
METER_COUNTER Software Metering
MSP_AFFECTEDPRODUCT Patching
MSP_AFFECTEDSERVICEPACK Patching
MSP_BULLETIN Patching
MSP_BULLETIN_STATUS Patching
MSP_LOCATION Patching
MSP_MI_TEMPLATE Patching
MSP_MI_TEMPLATE_LABEL_JT Patching
MSP_PATCH Patching
MSP_PATCH_OS_VERSION Patching
MSP_PRODUCT Patching
MSP_SERVICEPACK Patching
MSP_SERVICEPACK_MACHINE_JT Patching
MSP_SEVERITY Patching
MSP_UPDATE_STATUS Patching
NETWORK_SETTINGS KBOX
NODE Network Scan
NODE_LABEL_JT Network Scan
NODE_PORTS Network Scan
USER_LABEL_JT User
Performing an Inventory
1. Open the command line interface.
2. Type sudo /KACE/bin/inventory, and then press ENTER.
If you want to save the inventory results to a file, type sudo /KACE/bin/inventory > 'uname -
n'.txt, and then press ENTER. This command saves the inventory results to a file named
yourcomputer.txt, where yourcomputer is the name of your computer.
Enabling Debugging
1. Open the command line interface.
2. Type sudo touch /var/kace/kagentd/debug_agent.tag, and then press ENTER.
3. Type sudo /etc/rc.d/init.d/kagentctl stop, and then press ENTER.
4. Type sudo /etc/rc.d/init.d/kagentctl start, and then press ENTER.
The debug_agent.log file contains debug logs.
Performing an Inventory
1. Open the command line interface.
2. Type sudo /KACE/bin/inventory, and then press ENTER.
If you want to save the inventory results to a file, type sudo /KACE/bin/inventory > 'uname -
n'.txt, and then press ENTER. This command saves the inventory results to a file named
yourcomputer.txt, where yourcomputer is the name of your computer.
Enabling Debugging
1. Open the command line interface.
2. Type sudo touch /var/kace/kagentd/debug_agent.tag, and then press ENTER.
3. Type sudo /etc/init.d/kagentctl stop, and then press ENTER.
4. Type sudo /etc/init.d/kagentctl start, and then press ENTER.
The debug_agent.log file contains debug logs.
Performing an Inventory
1. Open Terminal from the Applications/Utilities folder.
2. Type sudo Library/KBOXAgent/Home/bin/inventory, and then press ENTER.
If you want to save the inventory results to a file, type sudo Library/KBOXAgent/Home/bin/
inventory > computer_name.txt. Replace computer_name with the name of your computer, and
then press ENTER. This command saves the inventory results to a file named computer_name.txt,
where computer_name is the computer name that you specified.
Enabling Debugging
1. Open Terminal from the Applications/Utilities folder.
2. Type sudo touch /var/kace/kagentd/debug_agent.tag, and then press ENTER.
3. Type sudo /Library/KBOXAgent/Home/bin/kagentctl stop, and then press ENTER.
4. Type sudo /Library/KBOXAgent/Home/bin/kagentctl start, and then press ENTER.
The debug_agent.log file contains debug logs.
Agent Customization
1. Copy the necessary files for your customization. You will need the following files:
7zip-v442.exe, available at \\kdisk\kace_corporate\software\7-Zip\7zip-v442.exe
7zip-v442_extra.zip, available at \\kdisk\kace_corporate\software\7-Zip\7zip-v442_extra.zip
The KInstallerSetup.exe, from the client version you want to customize. This file is available at the
KACE Support Website.
2. Install 7-zip.
3. Unzip the 7zip_v442_extra.zip file into the directory where the 7-zip is installed. (by default the
directory is C:\Program Files\7-Zip).
Ensure that the file 7zS.sfx is in the top-level directory. 7-Zip-install path is used for this location. This
file is important because it has the actual executable stub for a self-extracting installer executable.
4. Start the 7-Zip File Manager from the start menu.
5. Select the KInstallerSetup.exe executable for the client version to customize using the 7-Zip File
Manager.
6. Click the extract button to extract it into a directory of your choice. Keep the Current Pathnames
selected in the Path mode box. The Overwrite without prompt option can be selected for the Overwrite
Mode. Do not specify a password.
7. Navigate to that folder and edit the kinstaller.exe.config file with a text editor to change any settings for
customization. The display_mode can have the values interactive, quiet, and silent. server_name is the
hostname of the server.
8. Save your changes. Execution of the kinstaller.exe file in this directory installs with the settings as
specified in the .config file.
9. Open the 7-Zip File Manager and select kinstaller.exe, kinstaller.exe.config, es-ES and install_files.
10. Click the Add button. The archive format is 7z, Create SFX archive in the options box is cleared.
11. Save the .7z file and note down the path. I'll call my file "jkboxInstaller.7z" and the path to it will be
<<jkbox-installpath>>
12. Create a text file - config.txt - which includes the settings for the self-executing zip. Ensure that the
file is saved with UTF-8 encoding. The file should contain the following commands, which will indicate
to 7-zip that the kinstaller should run when the self-executing zip runs:
;!@Install@!UTF-8!
Progress="no"
RunProgram="kinstaller.exe"
Directory=""
;!@InstallEnd@!
13. Open a new command-line window.
14. Execute the following command to create a self-executing file from the .7z file.
Information concerning hardware and software warranty, hardware replacement, product returns,
technical support terms and product licensing can be found in the KACE End User License agreement
accessible at:
HTTP://WWW.KACE.COM/LICENSE/STANDARD_EULA