K1000 AdminGuide

K1000 Management Appliance
Administrator Guide
Release 5.2
© 2004-2011 Dell, Inc. All rights reserved.
Information concerning third-party copyrights and agreements, hardware and software warranty,
hardware replacement, product returns, technical support terms and product licensing is in the
KACE End User License agreement accessible at:
http://www.kace.com/license/standard_eula
Revision Date: January 28, 2011

Contents
1: Getting Started 1
About this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
About this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Understanding the KACE K1000 Appliance components . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Hardware specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Software deployment components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
To set up your K1000 Management Appliance server . . . . . . . . . . . . . . . . . . . . . . . . . . 3
DNS Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Configuring network settings from the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Logging in to the Administrative Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Using the KACE K1000 Appliance components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Using Home. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Guided Tours . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Node Check-In Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Software Threat Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
License Compliance Gauge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Clients Connected Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Managed Operating Systems Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Tasks in Progress Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
To view the Summary Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
To Find Your Software Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Updating Your Appliance Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
To upgrade software without using Organizational Management . . . . . . . . . . . . . 17
To upgrade software for Organizational Management users . . . . . . . . . . . . . . . . 17
Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2: Configuring your Appliance 19

Key configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
To configure general settings for the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
List of open ports required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Configuring Network Settings for the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
To configure the Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Configuring Security Settings for the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
To configure Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
To generate an SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Configuring Agent Messaging Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
To configure Agent Messaging Protocol Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Configuring date and time Settings of the appliance server . . . . . . . . . . . . . . . . . . . . . . . . 31
To configure Date & Time settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Configuring Single Sign-on for multiple appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
To enable linking of appliances for single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . 32
To link appliances for single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Administrator Guide, Version 5.2 i

Contents
To disable appliance links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
To access the K1000 Troubleshooting Tools page . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
To use Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3: Labels and Smart Labels 35

About Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Managing Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Viewing Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Viewing Computer Details by Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
To view label details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
To add or edit a new label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
To delete a label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
About Label Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
To view Label Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
To create a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
To apply a label to a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
To delete a Label Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
About Smart Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
To create a Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
To edit a Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
To change the Smart Label Run Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4: Agent Provisioning 45
Overview of first time agent provisioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
System requirements for agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Preparing to provision the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Enabling file sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Preparing for Windows Platform provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Single Machine Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
To deploy the agent on a single machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Advanced Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
To add a new item using Auto Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
To add a new item using Manual Provisioning by IP . . . . . . . . . . . . . . . . . . . . . . . . . . 52
To add a new item using Manual Provisioning by Hostname . . . . . . . . . . . . . . . . . . . 55
To run provisioned configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
To duplicate a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
To delete a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Deploying Agents from a Network Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Provisioned Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
To create a new configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
To delete a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
To enable a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
To disable a configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
ii Administrator Guide, Version 5.2

Contents
Using the Provisioning Results Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

To view Provisioning Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Managing K1000 Agent Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
To view agent tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
K1000 Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
To configure an agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
To troubleshoot nodes that fail to appear in Inventory . . . . . . . . . . . . . . . . . . . . . . . . . 66
K1000 Agent Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
To update the agent automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
To upload platform-specific agent patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Updating with a client bundle. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
To update agents using a client bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
To troubleshoot the SMMP Management Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
AMP Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
To view AMP Message Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
To view alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
To delete a message queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
5: Managing Software and Hardware Inventories 75

Inventory Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Managing Your Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Searching for Computers in Your Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Using Advanced Search for Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . 77
To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Creating Smart Labels for Computer Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Searching for Computers by Creating Computer Notifications . . . . . . . . . . . . . . . 78
Filtering Computers by Organizational Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Using the Computer Inventory Detail Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Appliance Agent Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Adding Computers to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Adding Computers Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Adding Computers Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Managing Your Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Using Advanced Search for Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Adding Software to Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Adding software automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
To add software to Inventory manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
To create software assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Custom Data Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Attaching a Digital Asset to a Software Item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
To attach a digital asset to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
To delete a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
To apply a label to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
To remove a label from a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
To categorize a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Administrator Guide, Version 5.2 iii

Contents
To set threat level to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Managing Your Processes Inventory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
To view process details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
To delete a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
To disallow processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
To apply a label to a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
To remove a label from a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
To categorize a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
To set threat level to a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
To meter a process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Managing Your Startup Program Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
To view Startup detail information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
To delete a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
To apply a label to a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
To remove a label from a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
To categorize a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
To set threat level to a startup program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Managing Your Service Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
To view service detail information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
To delete a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
To apply a label to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
To remove a label from a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
To categorize a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
To set a threat level to a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Managing Your MIA (Out-Of-Reach Computer) Inventory . . . . . . . . . . . . . . . . . . . . . . . . . 93
Configuring the MIA Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
To configure the MIA settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
To delete an MIA computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
To apply a label to an MIA computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
To create a new label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Using the AppDeploy Live Application Information Clearinghouse . . . . . . . . . . . . . . . . . . . 95
Enabling AppDeploy Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Viewing AppDeploy Live content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
To view AppDeploy Live information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
6: Importing and Exporting Appliance Resources 97

About importing and exporting resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Transferring resources using a SAMBA share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Export resources from one appliance to another using SAMBA shares . . . . . . . . . . . 98
Transferring resources between Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Exporting resources to Other Organizations on an appliance . . . . . . . . . . . . . . . . . . 102
Importing resources from another organization on your appliance . . . . . . . . . . . . . . 103
Import software components from another organization . . . . . . . . . . . . . . . . . . . 103
iv Administrator Guide, Version 5.2

Contents
7: Scanning for IP Addresses 105

IP Scan Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Viewing Scheduled Scans list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
About scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
To view scan results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Creating an IP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
To create an IP scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
To search network scan results on the basis of status fields . . . . . . . . . . . . . . . . . . . 108
IP Scan Smart Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
To dynamically identify the network scan results . . . . . . . . . . . . . . . . . . . . . . . . 108
To edit the order value of IP Scan Smart Labels . . . . . . . . . . . . . . . . . . . . . . . . . 109
8: Distributing Software from Your K1000 Management Appliance 111

Distribution Feature Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Types of Distribution Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
To create a distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Distributing Packages from the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Ensuring that Inventory item package names match . . . . . . . . . . . . . . . . . . . . . . 113
Distributing Packages from an Alternate Location . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
When to use a replication share or an alternate download location. . . . . . . . . . . . . . 114
Managed Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Installation parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
To determine supported parameters for the .msi file . . . . . . . . . . . . . . . . . . . . . . 115
Creating a managed installation for the Windows platform . . . . . . . . . . . . . . . . . . . . 116
To create a managed installation for Windows platforms . . . . . . . . . . . . . . . . . . 116
Examples of common deployments on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Standard MSI example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
To create a managed installation for an .msi file . . . . . . . . . . . . . . . . . . . . . . . . . 120
Standard EXE Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Standard ZIP Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
To create a managed installation for a .zip file . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Examples of Common Deployments on Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
To create a managed installation for an .rpm file . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Standard TAR.GZ Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
To create a managed installation for a tar.gz file: . . . . . . . . . . . . . . . . . . . . . . . . 128
Examples of Common Deployments on Mac OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
File Synchronizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Creating a file synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
To create a file synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Wake-on-LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Wake-on-LAN feature overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Issuing a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
To issue a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
To schedule a Wake-on-LAN request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Troubleshooting Wake-on-LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Administrator Guide, Version 5.2 v

Contents
Preparing to create a replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

To create a replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Working with your replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
To view replication share details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Managing Dell Systems with Dell Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Understanding the Differences between Patching and Dell Updates . . . . . . . . . . . . 139
Dell Client and Server Upgrade workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Configuring Dell OpenManage Catalog Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
9: Using the Scripting Features 143

Scripting Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Order of downloading script dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Using the Appliance Default Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Creating and Editing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Token Replacement Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Adding Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
To add an Offline KScript or Online KScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
To add an Online Shell Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Editing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
To edit a script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
To delete a script from the Scripts page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
To delete a script from the Scripts Edit page . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Importing Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
To import an existing script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
To Duplicate an existing Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Using the Run Now function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
To run scripts using the Run Now tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Run Now from the Script Detail page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
To use the Run Now function from the Scripts Lists Page . . . . . . . . . . . . . . . . . 157
Monitoring Run Now Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Run Now Detail Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Searching the Scripting Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
To search scripting logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
About the Configuration Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Using the Windows-based Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Enforce Registry Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Remote Desktop Control Troubleshooter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
To troubleshoot remote behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Enforce Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
To create a policy to enforce Desktop Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Desktop Shortcuts Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
To create scripts to add shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Event Log Reporter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
To create an Event Log query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
MSI Installer Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
To create the MSI Installer policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
vi Administrator Guide, Version 5.2

Contents
UltraVNC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Un-Installer Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
To create an uninstaller script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Windows Automatic Update Settings policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
To modify Windows Automatic Update settings . . . . . . . . . . . . . . . . . . . . . . . . . 167
To start the Automatic Windows Update on a node . . . . . . . . . . . . . . . . . . . . . . 167
Power Management Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
About monitoring power use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
To configure Power Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Using the Mac OS Configuration-based Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Enforce Power Management Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Enforce VNC Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Enforce Active Directory Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
10: Maintaining Your K1000 Management Appliance 173

K1000 Management Appliance maintenance overview. . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Upgrading your appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
To upgrade your K1000 Management Appliance . . . . . . . . . . . . . . . . . . . . . . . . 174
Backing up K1000 Management Appliance data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
To run the appliance backup manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Downloading backup files to another location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
To change backup file location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
To access the backup files through ftp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Restoring K1000 Management Appliance settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Restoring from most recent backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
To restore from the most recent backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Uploading files to restore settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
To upload backup files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Restoring to factory settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
To restore to factory settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Updating K1000 Management Appliance software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
To verify the minimum server version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Updating the license key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Updating your Dell KACE K1000 Management Appliance license key . . . . . . . . 178
Applying the server update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
To apply the server update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
To verify the upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Updating patch definitions from KACE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
To update the patch definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
To delete patch files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
To Reboot and shut down KACE K1000 Appliances . . . . . . . . . . . . . . . . . . . . . . 180
Updating OVAL definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
To update the OVAL and patch definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Troubleshooting K1000 Management Appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Accessing K1000 Management Appliance logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Downloading log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Administrator Guide, Version 5.2 vii

Contents
To download Dell KACE K1000 Management Appliance logs . . . . . . . . . . . . . . 181

Windows debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
To log on to the AMP service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Understanding Disk Status log data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
11: LDAP 187

About LDAP Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Creating an LDAP Label Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Creating an LDAP Label with the Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Using LDAP Easy Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Using the LDAP Browser Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
To use the LDAP Browser Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Automatically Authenticating LDAP Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
To configure the appliance for user authentication . . . . . . . . . . . . . . . . . . . . . . . . . . 193
To schedule a User Import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
12: Running the K1000 Appliance Reports 199

Reporting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Running Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Creating and Editing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
To create a new report using the table presentation type . . . . . . . . . . . . . . . . . . . . . 200
To create a new report using the chart presentation type . . . . . . . . . . . . . . . . . . 202
To duplicate an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
To create a new report from scratch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
To edit a report using SQL Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Scheduling Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
To create a report schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
To run a schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
To delete a schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Using Alert Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
To Create a Broadcast Alert Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
E-mail Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
To create an e-mail Alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
13: Using Organizational Management 209

Overview of Organizational Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Default Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Creating and editing Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
To create an organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
To troubleshoot nodes that fail to show up in Inventory . . . . . . . . . . . . . . . . . . . 211
To edit an organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
To delete an organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Managing System Admin Console users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
To add a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
viii Administrator Guide, Version 5.2

Contents
To delete a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

To change the password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Organizational Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Default role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Creating and editing Organizational Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
To create a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
To edit a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
To delete a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
To duplicate a role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Organizational Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Creating and Editing Organizational Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
To add a data filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
To add a LDAP filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
To edit a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
To delete a filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Advanced Search. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
To specify advanced search criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Test and Organization Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
To test an organization filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Refiltering Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
To refilter computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Redirecting Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
To redirect computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Understanding Computer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
A: Administering Mac OS Nodes 229

Mac OS Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Distributing Software to Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Examples of Common Deployments on Mac OS® . . . . . . . . . . . . . . . . . . . . . . . . . . 230
To create a managed installation for Mac OS nodes . . . . . . . . . . . . . . . . . . . . . 230
Patching Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
B: Adding Steps to a Script 235

Adding Steps to Task Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
C: Writing Custom Inventory Rules 241

Understanding Custom Inventory Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Creating a Custom Inventory rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
How Custom Inventory Rules are implemented. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Understanding rule syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Function syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Argument syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Checking for conditions (Conditional rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Administrator Guide, Version 5.2 ix

Contents
Conditional rule reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Verifying if a Condition exists (Exists rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Evaluating node settings (Equals rules) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Comparing node values (Greater and Less Than rules) . . . . . . . . . . . . . . . . . . . 249
Testing for multiple conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Checking for multiple true conditions (AND) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Checking for one true condition (OR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Getting values from a node (Custom Inventory Field) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Value Return rule reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Getting File Information values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Getting Registry key values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Getting command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Getting PLIST values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Getting multiple values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Matching file names with Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Understanding Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Regular Expression Rule Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Defining rule arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Finding a path or file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Finding a registry key and entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Specifying a version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Specifying environment or user variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Specifying a file attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Using Windows file attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Testing for Linux and Mac file attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Specifying the datatype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Specifying values to test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Specifying the name of a registry entry (Windows only) . . . . . . . . . . . . . . . . . . . 261
Specifying a PLIST key (Mac only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Using a regular expression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Defining commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
D: Database Tables 263

K1000 Management Appliance Database Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
E: Manually Deploying Agents 269

Overview of manual deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Manually installing the 5.1 Agent on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Manually install the 5.1 Agent on Windows using the Install wizard . . . . . . . . . . . . . 269
Installing the 5.1 Agent on Windows using command lines . . . . . . . . . . . . . . . . . . . . 270
Manually installing the 5. 2 Agent on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Manually install the 5.2 Agent on Windows using the Install wizard . . . . . . . . . . . . . 270
Manually install the 5.2 Agent on Windows using command lines. . . . . . . . . . . . . . . 271
Installing and Configuring the 5.1 Agent on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
x Administrator Guide, Version 5.2

Contents
To upgrade the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

To remove the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Additional options for the 5.2 Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Verifying Deployment of the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
To start and stop the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
To check whether the agent is running . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
To check the version of the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
To perform an Inventory check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Linux Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
To log on to the AMP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Edit the SMMP configuration file: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
To Install and Configure the 5.1 Agent on Mac OS Nodes . . . . . . . . . . . . . . . . . . . . . . . . 275
To upgrade the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
To remove the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Verifying deployment of the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
To start or stop the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
To check if the agent is running . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
To check the version of the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
To perform an Inventory check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Macintosh Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Edit the SMMP configuration file: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Using shell scripts to install the 5.2 Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
F: Understanding the Daily Run 

Output 279
G: Warranty, Licensing, and Support 285

Warranty And Support Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Third Party Software Notice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
EZ GPO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
FreeBSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Preamble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Knoppix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
NO WARRANTY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Microsoft Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
OpenSSL License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Original SSLeay License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Preamble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Administrator Guide, Version 5.2 xi

Contents
Index 309
xii Administrator Guide, Version 5.2

1
Getting Started
This chapter starts with an overview of this guide and the Dell KACE K1000 Management
Appliance interface components. The chapter then explains how to install and set up your
K1000, and finally it provides an overview of the K1000 Management Appliance
Administrator Console Home page features.
• About this guide, on page 1.

• About this chapter, on page 1.
• Understanding the KACE K1000 Appliance components, on page 1.
• Using the KACE K1000 Appliance components, on page 6.
• Using Home, on page 8.
• What’s Next, on page 18.
About this guide

This guide explains how to install, set up, configure, and use the Dell KACE K1000
Management Appliance.
About this chapter

This chapter explains how to install and set up your K1000 Management Appliance from
unpacking through Initial Konfiguration. When finished, you will see the appliance
Administrator Portal, the web page from which you configure and use your appliance. At that
point, this chapter provides an overview of the Administrator Portal. Before you can use your
appliance, you need to configure it.
This section provides an introduction to your appliance and an overview of the total system
management workflow.
This section also lists the basic administrative procedures and the best practices for system
management.
Understanding the KACE K1000 Appliance

components
Your appliance includes of the following components:
Administrator Guide, Version 5.2 1

1 Getting Started
1. Administrator Console—It is used by administrators to control the K1000

Management Appliance. It is accessible by browsing to http://k1000_hostname/
admin. This portal is a web-based interface to access and direct the functionality and
capabilities within your company. The administrator console provides access to the
following components:
• Inventory Management
• Software Distribution
• Reporting
• K1000 Settings
• Asset Management
• Scripting
• Security
• Service Desk
2. System Console—An interface designed primarily to enforce the policies across
organizations.
3. Agent—The K1000 Management Appliance technology that sits on each desktop that
the appliance manages. It includes an application component that manages downloads,
installations, and desktop inventory. The agent also includes the appliance Agent
Management Service that initiates scheduled tasks such as inventory or software
updates.
4. Service Desk—It makes software titles available to users on a self-service basis. The
Service Desk doesn’t replace traditional push software distribution (as is handled by the
Administrator Console and the agent). You can change or customize the Service Desk
name.
The Service Desk provides:
• A repository for software titles that are not required for all users.
• A way for users to submit and track Service Desk (or Service Desk tickets).
• Assistance for users in routine tasks like software installation and getting help from
the Knowledge Base.
Service Desk is accessible by browsing to http://k1000_hostname.
Hardware specifications
The K1000 Management Appliance include a high-performance server with the following
hardware configuration:
Hardware K1100 K1200
Form Factor 19 in 1U Rack mount chassis 19 in 1U Rack mount chassis

Dimensions (inches) 1.7 X 17.2 X 19.8 1.7 X 17.2 X 25.6
CPU in Gigahertz (K1000 2 Xeon Quad Core (2 GHz) 2 Xeon Quad Core (2 GHz)
Management Appliance)
2 Administrator Guide, Version 5.2

Getting Started
1
Hardware K1100 K1200
Memory in Gigabyte (GB) 4 GB 8 GB

Ethernet Ports Dual Gigabit Ethernet Ports Dual Gigabit Ethernet Ports
Redundant Disk Array RAID 5 configuration RAID 5 configuration
Hot-swappable Hard Drives 3 X 250 GB ATA (SATA) 7.2K RPM 5 X 300 GB Serial Attached SCSI
(SAS) 10K RPM
Power Supply 520 Watts, 100 - 240 VAC Dual Redundant
650 Watts, 100 - 240 VAC
Software deployment components

This section describes the packages that can be deployed by the server on the agents. The
K1000 Management Appliance supports several types of distribution packages, and this
section lists the components used for deployment of packages:
• Managed Installations can be configured by the administrator to run silently or with

user interaction. Within a “Managed Installation Definition” the administrator can
define install, uninstall, or command-line parameters. See Managed Installations, on
page 115 for more information.
• File Synchronization is another way to distribute content to computers with the
agent software. Unlike Managed Installations, File Synchronization is used to distribute
files that need to be copied to a user’s machine without running an installer. See File
Synchronizations, on page 129 for more information.
• Service Desk Packages are earmarked by administrators for user self-service. Many
Dell customers use the portal for handling occasional user applications, print drivers,
and so on. You also can use the Service Desk to resolve installation issues by allowing
users to download and install fixes. See the Service Desk Administrator Guide for
detailed information.
• Agent is a special tab to manage the appliance agent. See Chapter 4: Agent
Provisioning, starting on page 45, for details on how to configure and perform these
tasks.
• MSI Installer Wizard creates a policy and helps you set the basic command line
arguments for running MSI based installers. The wizard generates a script used for
installing or removing the software. See MSI Installer Wizard, on page 163, for more
details.
The package types are mostly setup.msi or setup.exe files.
The sections that follow describe how to configure the K1000 Management Appliance to
meet the needs of your company.
To set up your K1000 Management Appliance server

This section describes how to set up the K1000 Management Appliance after the appliance
has been properly installed in its rack.

1 Getting Started
DNS Considerations
The K1000 Management Appliance requires its own unique static IP address. By default its
hostname is kbox. Whatever name used should be specified in the appropriate “A” record
created in your internal Domain Name System (DNS) server. An “MX” record containing the
hostname defined by the “A” record is required so that the users can e-mail tickets to the
Service Desk. A Split DNS is required if the appliance is connected to the Internet using a
reverse proxy or by being placed in the DMZ (demilitarized zone or Screened Subnet). A
DMZ adds an additional layer of security to a LAN (Local Area Network).
Configuring network settings from the console

1. To access the console, connect a monitor and keyboard directly to the appliance, but do
not connect a network cable at this time.
2. Power on the appliance.
The appliance requires 5 to 10 minutes to start up for the first time.
3. At the login prompt, enter:

Login ID: konfig
Password: konfig
Modify the following settings using the Up and Down arrow keys to move between
fields.
Field Description
K1000 Server Enter the host name of the appliance.

(DNS) The default setting is kbox.
Hostname
K1000 Web (Recommended) Enter the fully-qualified domain name
Server Name (FQDN) of the appliance on your network. This is the value of
Hostname concatenated with Domain (for example,
appliance.kace.com).
Clients connect to the K1000 using the Web Server Name. We
recommend adding a DNS host record matching the K1000
Web Server Name chosen during this setup.
Static IP (Required) Enter the IP address of the appliance server.
Address
Domain Enter the domain that the appliance is on.
Subnet mask Enter your subnet mask.
Default gateway Enter the network gateway for the appliance server.
Primary DNS Enter the IP address of the primary DNS server the appliance
uses to resolve hostnames.
Secondary DNS Enter the IP address of the secondary DNS server if needed.

Getting Started
1
Field Description
Network Speed User the Right arrow key to select from the available speeds if
you need to change the default.
SMTP Server To enable email notifications, specify an SMTP server,
enclosing the IP address with square brackets [].
SSH Enabled Permits console access to the K1000. Use the Right arrow key
to enable.
Proxy Enter any necessary proxy information.
4. Press the Down arrow to move the cursor to Save, and then press Enter or Return.
The appliance restarts.
5. While your appliance reboots, connect an Ethernet cable into the port labeled “Gb 1”
and to a switch on your network.
Logging in to the Administrative Console

After the basic network configuration is complete, you can log in to the Administrative
Console from any computer on the Local Area Network (LAN) using a web browser.
1. Open a web browser.
2. Enter the appliance Administrative Console URL:
http://k1000_hostname/admin
The Initial Konfiguration page appears.
3. Enter the license key (including dashes) that you in received in the welcome email from
Dell KACE.

1 Getting Started
If you cannot find your license key, contact Dell KACE Customer support at
www.kace.com/support.
4. Enter a secure and unique password for the admin account.
5. Enter the name of your company or organization.
6. Select the timezone for your K1000 location.
7. Click Apply Settings and Reboot.
The appliance restarts.
8. When the appliance has restarted, refresh the browser page.
9. After accepting the EULA, log in using the username “admin” and the password you
chose.
You are now ready to start using the Administrator Interface. The following sections explain
the various K1000 Management Appliance feature components.
You can restore the factory settings of the appliance. For more information, refer to
Restoring to factory settings, on page 176.
Using the KACE K1000 Appliance components

Depending upon your options, these components are available on your appliance:

Getting Started
1
The components are illustrated above, and the tabs are as follows:
Component Sub-tabs Used to...
Home Guided Tour Manage labels, which are a method for grouping
Summary machines, software, people, and so on. You can also
Labels have labels dynamically assigned by using “Smart
Search Labels.”
Provide overview statistics of your running
processes.
Also includes guided tours for learning more about
your K1000 Management Appliance.
Inventory Computers Administer the hardware and software managed by
Software your appliance.
Processes
Startup
Service
IP Scan
MIA
Asset Assets Track computers and other physical assets, such as
(Asset Management) Asset Types software, printers, and so on. Also used to:
Asset Import
• Determine software compliance.
Metering
• Establish relationships between assets (using
logical assets).
• Meter actual software usage.
For more information, see Asset Management
Guide.
Distribution Managed Installation Remote software distribution and administration,
File Synchronization including iPhones and Dell OpenManage updates.
Wake-on-LAN
Replication
iPhone (optional iPhone
Management)
Dell Updates
Scripting Scripts Automate system administration tasks.
Run Now
Run Now Status
Search Logs
Configuration Policy
Security Policy
Security Patching Reduce the risks from malware, spyware, and
OVAL viruses.
Secure Browsers. For more information about patching and security,
see Patching and Security Guide.

1 Getting Started
Component Sub-tabs Used to...
Service Desk  Tickets Provide a repository for software resources and

(Can be renamed) Software Library documentation for your users to access and
Knowledge Base download. Provides a full-featured service desk
Users system for creating and tracking Service Desk
Roles tickets.
Configuration
Reporting Reports Run pre-packaged reports and report-creating tools
Schedule Reports to monitor your appliance implementation.
Alerts
Email Alerts
Settings Control Panel Administer your appliance implementation.
K1000 Agent
Resources
Support
Organization N/A Divide your appliance implementation into
(Organizational different logical organizations that you administer
Management) separately.
Global Search N/A Search your appliance for terms you enter.
Using Home
The Home component includes tabs for:
• Guided Tours, on page 8

• Summary, on page 8
• Label, on page 17
• Search, on page 18
Guided Tours
Tutorials that help you learn the appliance by walking you through some of basic tasks. The
Guided Tours supplement, but don’t replace, Boot Kamp and documentation.
Summary
The K1000 Summary page provides information about the configuration and operation of
your appliance. When you log on to the Administrator Console, the Home component
displaying the Summary tab appears by default.

Getting Started
1
The top of the K1000 Summary page provides updated news and popular FAQ information
about your Dell KACE K1000 Management Appliance:
Below the Summary are dashboard meters and graphs to give you a quick view of your
appliance status:.
The scales on the Summary page gauges adjust automatically.

1 Getting Started
Node Check-In Rate

Displays the total number of nodes that have checked into the server in the past 60 minutes.
Distributions
Displays the number of managed installations, scripts, and file synchronizations that are
enabled. This also displays the number of alerts that you have configured.

Getting Started
1
Software Threat Level

Displays the various threat levels for software installed on various machines.
License Compliance Gauge

Displays the number of machines that use a particular licensed software. For example, the
following figure displays a licensed software Adobe flash player 9, which can be installed on
1000 machines. In this example, this software is used by 12 machines.
This display can use different colors for license types that are ignored (for example, freeware)
and licenses that are approaching or at 100% usage. For general information about assets
and license compliance, see Asset Management Guide. To change this configuration, see To
configure general settings for the server, on page 19.

1 Getting Started
Clients Connected Meter

Displays the percentage of nodes connected to the server.
Managed Operating Systems Chart

Displays various operating systems present in the inventory in percentage as a pie chart.

Getting Started
1
Tasks in Progress Chart

Displays the total number of tasks in progress on server.
To view the Summary Details

1. Click Home > Summary.
The Summary page appears.
2. Scroll down, and then select the View Details button at the bottom of the page:

1 Getting Started
The K1000 Summary Details page appears:
The following sections describe summary details sections. Each organization has its own
summary details.
Summary Section Description
Computer Statistics The computers on your network, including a breakdown of the operating
systems in use. In addition, if the number of computers on your network
exceeds the number allowed by your Dell KACE K1000 Management
Appliance license key, you are notified of it here.
Software Statistics The software in Inventory. The summary the number of software titles that
have been uploaded to the appliance.
Software Distribution The packages that have been distributed to the computers on your network,
Summary separated out by distribution method. The summary also indicates the
number of packages that are enabled and disabled.

Getting Started
1
Summary Section Description
Alert Summary The alerts that have been distributed to the computers on your network,
separated by message type. This also indicates the number of alerts that are
active and expired.
The IT Advisory refers to the number of Knowledge Base articles in Service
Desk.
Patch Bulletin The patches received from Microsoft, Apple, and so on. The summary
Information includes the date and time of the last patch (successful and attempted), total
patches, and total packages downloaded.
OVAL Information The OVAL definitions received and the number of vulnerabilities detected on
nodes in your network. The summary includes the date and time of the last
OVAL download (successful and attempted) and the number of OVAL tests
in the appliance, in addition to the numbers of computers scanned.
Network Scan Summary The results of Network Scans run on the network, including the number of IP
addresses scanned, the number of services discovered, the number of devices
discovered, and the number of detected devices that are SNMP-enabled.
As this page is refreshed, the record count information is refreshed. New

K1000 Management Appliance installations mostly contain zero or no record
counts.
To Find Your Software Version

The About K1000 link in the lower-left side of the K1000 Management Appliance window
brings up KACE software information including:
• The software revision level.

1 Getting Started
• A list of all of the appliance components that are running:
Updating Your Appliance Software

Your K1000 Management Appliance checks in with the servers at Dell KACE daily to find out
if more recent appliance software is available. If a software update is available, an alert like
this one is displayed on the Home page the next time you log in as Administrator:
This section explains how to accept the latest appliance server upgrade.
For details on how to find your current appliance version, see To Find Your Software
Version, on page 15.

Getting Started
1
To upgrade software without using Organizational

Management
1. In the Organization menu, click System.
2. Click K1000 Settings > Server Maintenance.
The K1000 Server Maintenance page appears.
3. Click Edit Mode at the top left of the page.
4. Click the Check for upgrade button.
The Logs tab displays the latest updated files from Dell.
To upgrade software for Organizational Management users

2. Click K1000 Settings > Server Maintenance.
The K1000 Server Maintenance page appears.
3. Click Edit Mode at the top left of the page.
4. Click the Check for upgrade button.
The Logs sub-tab shows the latest updated files from Dell.
Label
You can find the Label tab by going to Home > Label. However, you can also create labels
and smart labels within the other components of the Dell KACE K1000 Management
Appliance that use labels.
• Labels—Provide ad-hoc organization of users, computers, software, managed

installations, and more according to your needs. For information on labels see, About
Labels, on page 35.
• Smart Labels—Enable you to dynamically group users, computers, software, and
more by organization based on saved criteria. Smart Labels work much like Search
Folders in Outlook or Smart Folders in Mac OS X. For information, see About Smart
Labels, on page 42.
• LDAP Labels—Automatic labeling based on LDAP or Active Directory lookup. See
About LDAP Labels on page 187.
• LDAP Browser—Automatically discover information via the agent or to interface with
Active Directory or LDAP organizational units. See Creating an LDAP Label with the
Browser, on page 189.

1 Getting Started
Search
You can perform a global search for terms through out the appliance on this tab.
What’s Next
Now that your appliance is installed and running, you need to configure it to fit your
company’s needs.
For the rest of the setup instructions, see Chapter 2: Configuring your Appliance, starting on
page 19.

2
Configuring your Appliance
This chapter explains the configuration settings necessary to set up and use your Dell KACE
K1000 Management Appliance.
• To configure general settings for the server, on page 19.

• Configuring Network Settings for the Server, on page 23.
• Configuring Security Settings for the Server, on page 25.
• Configuring Agent Messaging Protocol Settings, on page 29.
• Configuring date and time Settings of the appliance server, on page 31.
• Configuring Single Sign-on for multiple appliances, on page 31.
• Troubleshooting Tools, on page 33.
Key configuration settings

It is important to properly configure the server settings on the agent before you begin
inventorying and actively managing the software on your network. For details on agent
connection settings, refer to Chapter 4: Agent Provisioning, starting on page 45.
To configure general settings for the server

To access some General Settings, you need to select System on the Organization drop-
down list.
1. Click Settings > Control Panel.

2. Click General Settings.
The General Settings page appears.
3. Click Edit Mode to edit the field values.
4. Enter the following settings:
Company- Enter the name of your company. This name appears in every pop-up window or
Institution alerts displayed to your users. For example, Dell.
Name

2 Configuring your Appliance
User Email Enter the domain to which your users send email. For example, dell.com.
Suffix
System Enter the email address of the appliance administrator.
Administrator This address receives system-related alerts, including any critical messages.
Email
Login Click the check box to enable the Login Organization drop-down.
Organization By enabling the Login Organization drop-down, the empty Organization: field on
Drop-down the Welcome login page will be replaced by a drop-down of the configured
organizations. For information about Organizational Management, see Chapter
13: Using Organizational Management, starting on page 209.
Note: The organization field or drop-down only appears if more than one
organization is configured.
Organization Click the check box to enable Organization Fast Switching.
Fast Switching By enabling Organization Fast Switching, the static Organization: field at the top
right corner of every page is replaced with a drop-down of organizations to which
the user has access.
Only those organizations that have the same user name and password appear in the
drop-down. For information about Organizational Management, see Chapter
13: Using Organizational Management, starting on page 209.
Send to Kace Crash reports Click the check box to send a report in the event of a
appliance crash.
This option is recommended because it provides additional
information to the Dell KACE Technical Support team in
case you need assistance.
Enable AppDeploy Click the check box to enable your appliance to share data
Live! with the AppDeploy Live! web site.
Session Set the number of inactive hours to allow all users before closing their session and
Timeout: requiring another login. The default is 1. Service Desk windows have Timeout
Session counters to alert users of this time limit. This time limit only counts periods
of inactivity. Users restart this timer with any action that causes the appliance
interface to interact with the appliance server (refresh a window, save changes,
change windows, etc.). If the session times out, any unsaved changes are lost, and
the users is presented with the login screen again.
5. Specify the following Agent-Server Task settings:

To access these settings, select System on the Organization drop-down list.
Current K1000 The value in the field depicts the load on an appliance server at any
Load Average given point of time. For the server to run normally, the value in this
field must be between 0.0 and 10.0.
Last Task This value indicates the date and time when the appliance Task
Throughput Throughput was last updated.
Update

2
K1000 Task At any given point, the appliance has multiple tasks scheduled like
Throughput Inventory Updates, Scripting Updates, patching updated and
execution of scripts. The value in this field decides how the
scheduled multiple tasks are balanced by the appliance.
Note: The value of the task throughput can be increased only if the
value in the field Current K1000 Appliance load Average is
not more than 10.0 and the Last throughput update time is more
than 15 minutes.
Agent "Download This value determines the maximum number of agents that can
Throttle" download packages simultaneously. If that number of agents is
reached, an agent must finish communicating with the server
before an additional agent can start.
6. Specify the following User Portal settings if required to customize the User Portal
page:
Portal Title Enter a title for the User Portal page.

Portal Text Enter a description of the User Portal page.
iPhone Portal Enter a title for the user portal page when accessed through an
Title iPhone.
iPhone Portal Enter a description of the User Portal page when accessed through
Text an iPhone.
7. Click Set Options, to save your changes.

8. Specify the following Logo Override settings to use your custom logo:
a. Click Edit Mode to edit the field values:
User Portal (.jpg) Displayed at the top of the User Portal page.
• 224x50 pixels is the normal size.
• 104x50 pixels is shorter and doesn't clip the blue highlight around
the Log Out link.
• 300x75 pixels is maximum size that does not impact the layout.
Report (.jpg) Displayed at the top of reports generated by the appliance.
The report image dimensions are 120x32 pixels, which are specified in
the auto-generated XML layout. You can adjust the xml report if you
need a different layout size.
K1000Client Displayed in the agent.
(.bmp) The client bmp image is scaled to 20x20 pixels only and cannot be
customized to any other size. It is displayed on snooze pop-ups, install
progress pop-ups, alerts, and message windows created by scripts.
Login User Portal Displays on the User Portal login page.
(.jpg)

Custom Report Displayed at the top of reports generated by the appliance.

Logo (.jpg) The report image dimensions are 120x32 pixels, which is specified in
the auto-generated XML layout. You can adjust the xml report to
change the layout size.
b. Click Upload Logo.

9. Machine Actions allow setting up of a scripted action that you can perform against
individual machines in your environment. They are used to connect to machines
remotely, so you can access or execute a specified task on the target machine directly
from the user interface. You can configure two actions by selecting them from the
Action Item menu. The actions can execute two different tasks.
The default Machine Action is mstsc.exe (Remote Desktop Connection).
Under the Machine Actions section, associate the appropriate actions and then click Set
Actions.
For example:
• Select ping.exe -t KACE_HOST_IP from the Action #1 drop-down.
• Specify http://KACE_HOST_IP in command line field for Action #2 .

• Click Set Actions.
• Click Inventory > Computers.
Click besides target machine IP to ping the machine and click besides target
machine IP to launch a web browser. The appliance substitutes the KACE_HOST_IP
variable with the target machine IP address and open a new browser window with that
URL.
There are 16 pre-programmed actions available. The Machine Actions can also be
programmed for other tasks. If the machine action does not include the string .exe,
then your appliance assumes it as a URL, and opens a new browser window for it.
Some of the actions listed in the Machine Actions drop-down list require
Internet Explorer, because ActiveX is required to launch these programs on
the local machine. Firefox does not support this feature.
Most actions in the Action Icon drop-down list require you to install
additional software for them to function. For example, using DameWare
requires you to install TightVNC on your machine as well as on the machine
you want to access.
Click Action #1 or Action #2 next to the target machine on the Inventory >
Computers tab to execute the Machine Action.
10. In the Optional Ignore Client IP Settings section, enter IP addresses you would like
ignored as the node IP and then click Save List.

2
This might be appropriate in cases where multiple machines could report themselves
with the same IP address, like a proxy address.
11. In the License Usage Warning Configurations section, enter the new values.
12. Click Override Configuration to save.
This changes when the alert colors are used in the License Compliance Gauge, on
page 11. For information about setting up license assets, see K1000 Asset Management
Guide.
13. In the Data Retention section, click Edit Mode, and select the amount of time you
want to save machine uptime data.
Machine uptime data refers to information about the number of hours each day your
nodes are running. You can retain this data forever, never save it (None), or select 1
month, 3 month, 6 month (default), 9 month, or 12 month settings.
For more information about power management, see About monitoring power use, on
page 168.
14. Click Save Settings to save.
List of open ports required

Ensure that following ports are not blocked by your firewall. These ports are required to
access the server.
Port Number Use
21 To access backup files through FTP

25 If the KACE K1100 Appliance SMTP Server is to be used
80 HTTP
443 SSL
3306 To access an appliance database
8080 Connects directly to Tomcat
8443 Connects directly to Tomcat
52230 For agents to connect to the server through AMP
Configuring Network Settings for the Server

The key KACE K1100 Appliance network settings are mostly configured when you log in for
the first time, using the konfig/konfig credentials. An administrator can verify or change
these settings at any time.
Saving any changes to the Network settings on this page forces the
Appliance to reboot. Total reboot downtime is 1 to 2 minutes—provided that
the changes result in a valid configuration.

To configure the Network Settings

1. From the Organization drop-down list, select System.
2. Click K1000 Settings > Control Panel.
3. Click Network Settings.
The K1000 Network Settings page appears.
4. If fields are grayed out, click Edit Mode to edit the field values.
5. Specify the following settings:
K1000 Server We recommend adding a static IP entry for “K1000” to your DNS, and using the
(DNS) Hostname default Hostname and Web Server Name. The fully-qualified domain name of the
appliance on your network is the value of Hostname concatenated with Domain.
K1000 Web
Server Name For example, K1000.kace.com.
Nodes connect to the appliance using the Web Server Name, which can be the
hostname, fully-qualified domain name, or IP address.
For example, K1100.
Static IP Address The IP address of the appliance server.
Caution: Be careful when changing this setting. If the IP address is entered
incorrectly, refer to the appliance Administrative Console, and use the konfig
login to correct it.
Domain The domain that the appliance is on. The default value is corp.kace.com
Subnet mask The domain that the appliance is on. The default value is 255.255.255.0
Default gateway The default gateway.
Primary DNS The primary DNS server the appliance uses to resolve hostnames.
Secondary DNS (Optional) The secondary DNS server the appliance uses to resolve hostnames.
Network Speed The network speed. The network speed setting should match the setting of your
local LAN switch. When set to auto negotiate the system automatically determines
the best value.
This requires the switch to support auto-negotiate. Otherwise contact your
network administrator for the exact setting to be used.
6. To set Network Server Options, perform the following steps:

a. Set the external SMTP Server, to enable email notifications through this SMTP
server. To set SMTP Server, click the Use SMTP Server check box, and then enter
the SMTP Server name in the SMTP Server box.
The server named here must allow anonymous (non-authenticated) outbound mail
transport.
Ensure that your company’s network policies allow the appliance to contact the
SMTP server directly. The mail server must be configured to allow relaying of email
from the appliance without authentication.
You can test the email service by using Network utilities. For more information on
how to use Network Utilities, refer to Troubleshooting Tools, on page 33.

2
b. To set the proxy server, click the Use Proxy Server check box, and then specify the
following proxy settings, if necessary:
Proxy Type Enter the proxy type, either HTTP or SOCKS5.

Proxy Server Enter the name of the proxy server.
Proxy Port Enter the port for the proxy server. The default port is 8080.
Proxy (Basic) Auth Click the check box to use the local credentials for accessing the
proxy server.
Proxy Username Enter the user name for accessing the proxy server.
Proxy Password Enter the password for accessing the proxy server.
The appliance includes support for a proxy server, which uses basic, realm-based
authentication, which prompts for a user name and password:
If your proxy server uses some other kind of authentication, you must add the IP
address of the appliance on the exception list of the proxy server.
For information about the Enable Service Desk POP3 Server setting, see the
Service Desk Administrator Guide.
7. Click Set Options to set the Network Server options.
Configuring Security Settings for the Server

Security Settings are not mandatory but are required to enable certain functionalities like
Samba Share, SSL, SNMP, SSH, Offbox DB Access, and FTP access on the appliance server.
To use any of the Security Settings features, you must enable them.
If you change any security settings, you must reboot the appliance to make
the changes take effect.

To configure Security Settings

To enable SSL, you need the correct SSL Private Key file and a signed SSL Certificate. If
your private key has a password, it will prevent the appliance from restarting
automatically. Contact KACE support if you have this issue.
The K1000 Settings: Control Panel page appears.
3. Click Security Settings.
The K1000 Security Settings page appears.
4. Click Edit Mode to edit the security settings fields.
5. In the General Security Settings area, specify the following security settings:
a. Click the SSH Enabled check box.
Click the check box to permit someone to login to the appliance using SSH.
b. Clear the Enable backup via ftp check box.

Nightly the appliance creates a backup of the database and the files stored on it. You
access these files using a read-only FTP server, which allows you to create a process
on another server that pulls this information off the appliance. If you do not need
this feature, you can turn off this option, and disable the FTP server.
c. Clear the Enable SNMP monitoring check box.

SNMP is a network/appliance monitoring protocol that is supported by many third-
party products. If you do not want to expose the appliance SNMP data, turn off this
option.
d. Clear the Enable database access check box.

The appliance database is accessible via port 3306 to allow you to run reports using
an off board tool, like Access or Excel. If you do not want to expose the database in
this way, turn off this option.
e. Clear the Make FTP Writable check box.

Enable this feature to upload backup files using FTP. This feature is useful if your
backup files are too large for the default HTTP mechanism (browsers timing out).
6. In the Samba Share Settings area, select the Enable Organization File Shares check
box to allow each organization to leverage the appliance's client share as an install
location for the node.
The appliance has a built-in windows file server that can be used by the provisioning
service to assist in distributing the samba client on your network. Dell recommends that
this file server only be enabled when performing node software installs.
7. In the Optional SSL Settings area, specify the following SSL settings, if required:
a. Clear the Enable port 80 access check box.

2
When you activate SSL, port 80 continues to be active, unless Enable port 80
access check box is cleared. By default, the standard Agent installers attempt to
contact the appliance via port 80, and then switch to SSL over port 443, after getting
the server configuration. If you disable port 80, contact KACE Support to adjust the
agent deployment scripts to handle SSL. For ease of agent deployment, leave port 80
active.
b. Select the SSL Enabled on port 443 check box to have nodes check in to the
appliance server using https.
A properly signed SSL Certificate is required to enable SSL. Certificates should be
supported by a valid Certificate Authority. SSL settings should only be adjusted after
you have properly deployed the appliance on your LAN in non-SSL mode. If you are
enabling SSL, you will need to identify the correct SSL Private Key File and SSL
Certificate File.
The files must be in Privacy Enhance Mail (PEM) format, similar to those used by
Apache-based Web servers and not in the PCKS-12 format used by some Web
servers. It is possible to convert a PCKS-12 certificate into a PEM format using
software like the OpenSSL toolkit. Contact Dell KACE Technical Support if you want
to enable SSL on your appliance.
You can load SSL certificates into the appliance by any of these two methods:
• You can click SSL Certificate Wizard and follow the step by step procedure to
load the SSL certificates. Refer To generate an SSL Certificate, on page 28.
• If you have your own SSL certificate and SSL private key, click Edit Mode to edit
the field values.
In the Set SSL Private Key File field, browse to the SSL Private Key file and
browse to the signed SSL Certificate, in the Set SSL Certificate File field
8. Click Set Security Options, to save the changes and reboot the appliance.
Once you switch over to SSL, this is a one-way automatic shift for the nodes. They must
be reconfigured manually if you later decide not to use SSL.
9. In the Download New Patch Definitions area, click Edit Mode to edit the fields
and specify as follows:
Disable download of new Select to disable download of new patches.

patches
Download Every day/specific Select to download the patches on specified
day at HH:MM AM/PM day of the week or daily at the specified
time.
Download on the nth of every Select to download the patches on the

month/specific month at specified date or monthly at the specified
HH:MM AM/PM time.

10. In the Stop Download Of Patch Definitions area, click Edit Mode to edit the field
values and specify the following:
Allow download of patch definitions Select to allow download of the patch

to complete definitions to complete.
Stop patch download process by at Select to stop the download the patches at
HH:MM AM/PM the specified time.
11. Click Set Patching Options to save the changes and reboot the appliance.
To generate an SSL Certificate

Generate an SSL certificate using the wizard as follows:
3. Click Security Settings.
The K1000 Security Settings page appears.
4. Click Open SSL Certificate Wizard.
The K1000 Advanced SSL Settings page appears.
5. Click Edit Mode to edit the fields and specify the following:
Country Name Enter the name of your country.

State or Province Name Enter the name of your State or Province.
Locality Name Enter your locality name.
Organization Name Enter the name of your organization.
Organization Unit Name Enter the name of unit your organization belongs to.
Common Name Enter a common name of the appliance you are creating
the SSL certificate for.
e-mail Enter your email address.
6. Click Set CSR Options. Your Certificate Signing Request is displayed in the field
below the Set CSR Options button. You need to copy the text between the lines “-----
BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----”
along with these lines, and then send it to the person who provides your company with
web server certificates.

2
Your Private Key is displayed under Private Key field. It will be deployed to the
appliance when you upload a valid certificate and subsequently click Deploy.
Do not send the private key to anyone. It is displayed here in case you want
to deploy this certificate to another web server.
The certificate and private key for SSL are not included in the appliance’s
nightly backups for security reasons. Retain these two files for your own
records.
Click Create Self Signed Certificate and for Deploy to be displayed.
7. Click Create Self Signed Certificate.

The SSL certificate is generated. This certificate will not be accepted by any nodes until
it is added into the trusted certificate database on every machine running the client.
8. Click Deploy to deploy the certificates and turn on SSL on the appliance. Click OK to
reboot the appliance.
Configuring Agent Messaging Protocol Settings

Agent Messaging Protocol (AMP) is the appliance Communications Protocol used by the
server with its respective agents.
AMP includes server, client, and communications components to perform optimized real-
time communications for control of systems management operations.
AMP provides:
• Persistent connection between the appliance Server

• Server driven inventory updates
• Higher scalability in terms of number of nodes supported on one K1000 Server
• Better scheduling control and reliability
These settings are specific to the AMP infrastructure and do not affect other appliance
configuration settings or runtime operations. These settings control both the runtime state of
the AMP server and also the operational state of the agent.
Changing these settings will temporarily interrupt communications between

the appliance and the agents. Exercise caution when changing these settings
and contact Dell KACE Technical Support for any questions regarding these
parameters.
To configure Agent Messaging Protocol Settings


3. Click Agent Messaging Protocol Settings.

The K1000 Agent Messing Protocol Settings page appears.
4. Specify the General Settings:
Server Port Specify the Server Port.

The AMP Server on the appliance SERVER will listen on port 52230 (default).
For the Agents to connect to the appliance SERVER using AMP, you must have the
AMP Protocol Port 52230 open and available OUTBOUND.
(That is, the agent must be able to connect through this port number OUTBOUND
without restriction from any OUTBOUND filter/firewall.)
Example of an OUTBOUND restriction:
“Windows XP Firewall blocking outbound port 52230”.
Allow outbound Protocol Port 52230.
This can be configured in your Filter/Firewall Software or Hardware as an allowed
OUTBOUND Exception.
For the SERVER to accept connections via AMP, it must have the AMP Protocol Port
52230 open and available INBOUND to the appliance IP ADDRESS. (That is, the
appliance SERVER must be able to accept connections through this port number
INBOUND without restriction from an INBOUND filter/firewall.)
Example of an INBOUND restriction:
“A NAT Firewall such as Cisco or SonicWall blocking INBOUND port 52230 to the
K1000 IP ADDRESS.”
Allow inbound Protocol Port 52230 to the appliance server.
This can be allowed through a One-to-One Inbound NAT Policy.
Note: If you change the default AMP Port of 52230, you must update the ALLOWED
OUTBOUND/INBOUND port on your filter/firewall.
Enable Click the check box to enable different levels of “server” debug/logging to the server's
Server Debug log file.
Enable SSL Click the check box to enable SSL for AMP. The activation of SSL is for AMP Only. The
for AMP check box must be selected to activate SSL over AMP even though the general
appliance settings may have SSL enabled already. This allows the separate
configuration of AMP traffic to be un-encrypted even though all other appliance
communication is SSL encrypted.
Note: Before you can choose this setting, you must enable SSL as described in step b
on page 27.
5. Click Save and Restart AMP Server to the save the settings and restart the AMP
server.
6. You can click Restart AMP Server to restart the AMP server without saving the
settings.
Restarting the AMP Server will not restart the appliance.

2
Configuring date and time Settings of the appliance

server
Keep the time of the appliance accurate as most time calculations are made on the server.
When updating the time zone, the appliance web server will be restarted in
order for it to reflect the new zone information. Active connections may be
dropped during the restart of the web server. After saving changes, this page
will automatically refresh after 15 seconds.
To configure Date & Time settings

3. Click Date & Time Settings.
The K1000 Date & Time Settings page appears.
4. Click Edit Mode to edit the field values.
5. Specify the following information:
Time Zone Select the appropriate time zone from the drop-down list.
Automatically Click the check box to automatically synchronize the appliance time
synchronize with with an internet time server. Enter the time server in the text box.
an Internet time For example: time.kace.com
server
Set the clock on Click the check box to manually set the appliance clock. Select the
the K1000 appropriate time and date from the drop-down lists.
manually
6. Click Set Options to set the date and time settings.
Configuring Single Sign-on for multiple appliances

The Single Sign-On feature (appliance linking) enables users to authenticate once and gain
access to and run multiple appliances. Once appliances are linked, you can sign on to one of
them and gain access to the others without having to re-login into each appliance
individually. You can link all Dell KACE K1000 Management Appliances.
You can run multiple appliances from the same appliance console, but you
cannot transfer resources or information between them using this feature.
To link appliance so you can run them from the same console.

• Start by enabling linking on each appliance with the instructions in To enable linking of
appliances for single sign-on, on page 32. Enabling linking creates appliance names and
linking keys.
• Copy the appliance names and linking keys between the appliances to link using the
instructions in To enable linking of appliances for single sign-on.
To enable linking of appliances for single sign-on

3. Click Linking Dell KACE Appliances Settings.
The K1000 Linking Dell KACE Appliances Settings page appears.
4. Click Edit Mode.
5. Click the Enable Dell KACE Appliance Linking check box to enable the linking.
Friendly Name Enter a unique, logical name for this appliance. Other appliances
(this server) use this name to select this appliance.
Remote Login Enter the number of minutes to keep the link open. When this
Expiration time period expires, you need to provide login credentials when
switching to a linked appliance. The default is 120 minutes.
Request Timeout Enter the number of minutes this server waits for a remote
appliance to respond to a linking request. The default is 10
seconds.
6. Click Set Options to save link settings.

Once linking is enabled, return to the Control Panel page and select Manage Linked
K1000 Appliances to configure remote appliances.
To link appliances for single sign-on

This procedure involves copying the K1000 Friendly Names and linking keys from one
appliance to another. To save time, copy these to a central location. Optionally, you can make
the link an SSL connection for added security. An SSL connection is only available if you
have enabled SSL on all K1000 Management Appliance you are linking.
The Manage Linked Appliances page appears after you enable linking.
If appliance linking is not enabled, you are redirected to the Linking K1000
Appliances Settings page when you click the Manage Linked K1000
Appliances link.
1. Follow the instructions in To enable linking of appliances for single sign-on, on page 32,
on each appliance that you want to link with.

2
2. Click K1000 Settings > Control Panel > Manage Linked Dell KACE
Appliances.
The Linking K1000 Appliances page appears.
3. In the Choose Action menu, click Add New Item.
The K1000 Settings: Add Linked Appliance page appears.
4. Enter the K1000 Friendly Name and the Linking Key of the appliance that you are
establishing the link to.
5. Click Set Options.
If the settings are configured correctly, the Connection Successful message is displayed.
6. Log on to the other appliance you are creating the link for, and repeat these steps to add
the Host Name and Linking Key to it.
After you click Save, the Test Connection option appears.
7. Click Test Connection to verify the connection between the two linked appliances.
When you re-login into the first appliance, the newly updated linked appliances appear on
the Organization drop-down list of the Home tab.
You can now switch among the linked appliance consoles using the Org: drop-down menu
on the upper right side of the appliance user interface.
To disable appliance links

The K1000 Settings : Control Panel page appears.
3. Click Linking Dell KACE Appliance Settings.
The K1000 Linking Dell KACE Appliances Settings page appears.
4. Click Edit Mode to make this page editable.
5. Clear the Enable Dell LACE Appliance Linking check box.
6. Click Set Options.
After a appliance link is deleted, you can still switch to and control that appliance until you
log off and log in again from the appliance Server.
Troubleshooting Tools
The Troubleshooting Tools page contains tools to help administrators and Dell KACE
Technical Support to troubleshoot problems with this appliance.
To access the K1000 Troubleshooting Tools page

Click Settings > Support > Troubleshooting Tools.

The Troubleshooting Tools page appears.
To use Network Utilities

You can use Network Utilities to test various aspects of this appliances network
connectivity.
2. Click K1000 Settings > Support.
The K1000 Settings: KACE Support page appears.
3. Click Troubleshooting Tools.
The Troubleshooting Tools page appears.
4. Click Edit Mode.
5. Enter the IP Address in the text box.
6. Select the appropriate network utility from the drop-down list.
7. Click Test.
• You can download K1000 Troubleshooting Logs. Dell KACE Technical Support
may request the troubleshooting logs to help in troubleshooting some issues. Click
the click here link to download troubleshooting logs.
• Click the Enable Tether check box under the KACE Support Tether to allow Dell
KACE Technical Support to access your appliance.
Enter the key supplied by Dell KACE in the text box. Dell KACE Technical Support
will provide you a key when this type of support is required.

3
Labels and Smart Labels
This chapter gives an overview of labels and Smart Labels, and how your Dell KACE K1000
Management Appliance uses them. For information on LDAP Labels and the LDAP Browser,
see Chapter 11: LDAP, starting on page 187.
• About Labels, on page 35.

• About Smart Labels, on page 42.
• What’s Next, on page 44.
About Labels
Labels can be used to organize and categorize computers, software, people, and locations.
Labels are intended to be used in a flexible manner, and how you use labels is completely
customizable. The label types are:
• Computer inventory
• IP Scan inventory
• Processes /Startup Items / Services
• Software
• Patches
• Dell Update packages
• Users
Once included in a label, items can be managed on a per label basis. All items that support
labeling can have none, one, or multiple labels. You can use labels, for example, with
patching, distribution packages, categorizing computers, setting up the geographic
relationships, and setting permission levels of users. Labels can be manually or automatically
applied, through LDAP or Smart Labels.
You can organize labels in Label Groups. Label Groups pass on their usage restrictions to the
labels they contain.
You can find the Label tab by going to Home > Label. You can also create labels and Smart
Labels in the other components of the appliance that use labels. In many areas of the
appliance user interface, you can see a labels select list, which you use to constrain an action
to a one or more labels. For example, you can restrict the deployment of a script to nodes that
belong to particular labels.

3 Labels and Smart Labels
Managing Labels
In Label Management, you can:
• Create labels (which is also done in other parts of the interface)

• Create Label Groups (or nested labels)
• Edit Label Groups
• Delete or Hide Label Groups
Viewing Labels
Select Label Management to view labels created. You can click on the numbers under the
categories to see what the members are. For example, in the following screenshot:
• The FrameMaker 7.2 label belongs to the Licenses Label Group. FrameMaker 7.2 is a
software label, and there are two items in the label. The icon means that the label is
associated with a Smart Label.

3
• The laptop label is a machine label that contains only one item. The label is associated
with a Smart Label that adds any computer with the chassis type laptop to the Smart
Label. If any more laptops are purchased, they will be added to the label.
• Licenses contains one label so it is a Label Group.
• MemberOfBuildingA and MemberOfFinancesGroup have the icon for an

LDAP Label. For information about LDAP labels, see About LDAP Labels, on page 187.
• Microsoft Office Proof is also associated with a Smart Label. It is also in the Label
Group, Licenses. Microsoft Office Proof has four members—until more copies of
Office Proof are purchased.
Viewing Computer Details by Label

After you’ve created a label a computer, for example, you can view details about the
computers on your network that belong to that label. From the Label Detail view you can see:
• The IP addresses and machine names of the computers in the label

• The number of Managed Installations and File Synchronizations deployed to the label
• The number of network scans and scripts run on the machines in the label
• The number of alerts, portal packages, and users associated with the label
• The number of filters and replication shares associated with the label.

To view label details
1. Click Home > Label, and click Label Management.

2. Click the linked name of the label you want to view.
The Labels: Edit Detail page appears.
3. In the Labeled Items section, click the + sign beside the section headers to expand or
collapse the view.
To add or edit a new label

You can add or edit labels from most places in the user interface. You can also add or edit
them under Label Management.

3
2. In the Choose Action menu, click Add New Label.

3. On the Label : Edit Detail page, enter a descriptive title.
If you have large numbers of labels, you can use Label Groups for organization. See To
create a Label Group, on page 41
4. (Optional and for Computer labels) Enter a value for KACE_ALT_LOCATION.
Typically, this value is not used. If KACE_ALT_LOCATION is used, scripts check here
for dependencies.
5. If you defined KACE_ALT_LOCATION, specify the Username and Password for it.
6. (Optional) Under Restrict Label Usage To, select an appropriate category. For
example, if the label is for software, restrict it to that.
7. (Optional) Select a Label Group.
If you have large numbers of labels, consider putting them in a Label Group. For
example, include the labels of your licensed software in a software Label Group named
Licenses. See To create a Label Group, on page 41.
8. Click OK.
9. Click Save.
For an another example on how to manually apply labels, refer to Adding Computers to
Inventory, on page 81.
To delete a label
You can delete a label in its edit page, you can also:
1. Click Home > Label and select Label Management.
2. Click the check box for the label.
3. From the Choose Action menu, click Delete Selected Item(s).
4. Click OK in the confirmation window.
About Label Groups

You can organize long lists of labels by putting them in Label Groups. As well as organizing
labels, Label Groups share their types with the labels they contain. Not only can a Label
Group include multiple labels, a label can be associated more than one Label Group.

The following illustration shows the Label Group type inherited by the label from the Label
Group.
To view Label Groups

If you see Label Name [groups hidden], do the following:
2. In the Choose Action menu, click Show Label Groups.
You can hide Label Groups by clicking Hide Label Groups.

3
To create a Label Group

You organize labels by putting them in Label Groups:
2. In the Choose Action menu, click Add Label Group.
To include existing the labels in the group, click their check boxes before
selecting Add Label Group. The labels are included as part of creating the
Label Group.
3. In the Add Label Group pop-up window, enter the name of the new group, and click
Save.
4. In the Label Management page, select the name of the new Label Group.
5. On the Label : Edit Detail page, enter a descriptive title.
6. Ignore KACE_ALT_LOCATION.
7. (Optional) Under Restrict Label Usage To, select an appropriate category. For
example, if the label is for software, restrict it to that.
8. (Optional) Select a Label Group.
You can put Label Groups within other Label Groups.
9. Click Save.
To apply a label to a Label Group

2. Click the check box for the label you want to work with.
In this example, the Smart Label MS Office Home is selected.
3. In the Choose Action menu, click Apply Label Group.
In this example, the MS Office Home Smart Label is associated with the Licenses Label
Group.

To delete a Label Group

Before you delete a Label Group, delete its member labels.
2. Click the name of the Label Group.
The Label Group : Edit Detail page appears.
3. Expand the Labels under Label Items.
4. Click the name of the label to open its edit detail page.
5. In the Assign to Label Group section, click Edit.
6. In the Label Selection window, select the name of the Label Group from step 2.
7. Click the recycle bin and OK
8. Click Save.
9. When you have removed all labels from Label Items of the Label Group, click Delete.
About Smart Labels

Smart Labels enable you to dynamically apply a label based on a search criteria. Your
appliance allows you to create specific types of Smart Labels.
You can view the list of available Smart Labels from the Home > Label > Smart Labels
tab. The types of Smart Labels are:
• Dell Package Smart Label

• IP Scan Smart Label
• Machine Smart Label
• Patch Smart Label
• Software Smart Label
You can also change the order of your smart labels or delete them from the Smart Labels
page.
To create a Smart Label

You can also create a Smart Label in every component where you use them.
1. Go to Home > Label, and click Smart Labels.
2. From the Choose Action menu, click the type of Smart Label you want to create.
The Create Smart Label sub-tab appears for the type of label that you selected. For
example, if you selected Software Smart Label, the criteria just apply to software.
The tab location is Software under Inventory.
3. Specify the search criteria.
4. Click Test Smart Label, to view the results.

3
5. Choose or enter the label to associate with the Smart Label.

6. Click Create Smart Label.
Now, whenever machines with software that meets the specified criteria check into your
appliance, the software automatically assigned to the associated Smart Label.
You can also add a new software smart label or change the order of Smart Labels from
Home > Label > Smart Labels.
Deleting a Smart Label does not delete the label associated with it.
Software Smart Labels are applied in the following ways:
• If a specific software Smart Label is edited using Home > Label > Smart Labels, it is
reapplied to all software.
• All Smart Labels are reapplied to a software item when it is updated on Inventory >
Software.
For more examples of using Smart Labels, see, Creating Smart Labels for Computer
Inventory, on page 78, and To dynamically identify the network scan results, on page 108.
To edit a Smart Label

You can find all Smart Labels in the Home component. You can also edit Smart Labels
within the components that they belong to.
The Smart Labels page appears.
2. Select a Smart Label Name.
The Smart Label : Edit Detail page shows the following information, depending on the
type of Smart Label,
Item Specifies the type of Smart Label, for example, software.

Type
Assigned From the drop-down list, choose the label you want to assign. Click Details
Label to edit label details. For more information on editing labels, refer to
Managing Labels, on page 36.
Label Displays notes relevant to the label, if entered in the Notes field.
Notes
SQL This field displays the query in SQL (Structured Query Language). Click on
Duplicate to create a new Smart Label with same SQL code.
This field does not show when the Details link is clicked.

3. Click Save.
When you click on Duplicate to create a new Smart Label with the SQL code,
you can only reassign it to a new label.
To change the Smart Label Run Order

To change the order in which Smart Labels:
The Smart Labels page appears.
2. Select one of these options from the Choose Action menu:
• Order Machine Smart Labels
• Order Software Smart Labels
• Order Patch Smart Labels
• Order Dell Package Smart Labels
The order Smart Labels page appears for the type of Smart Label, listing all of that type.
3. To change a Smart Label’s order value, click the icon beside it.
Smart Labels with smaller values execute before those with larger values. Smart Labels
have a default order value of 100.
4. Click Save.
What’s Next
Many organizations use labeling with their software and hardware inventories. For more
examples of using labeling, see Chapter 5: Managing Software and Hardware Inventories,
starting on page 75.

4
Agent Provisioning
The Agent Provisioning feature enables you to directly install the Dell KACE K1000
Management Appliance agent onto machines in your environment.
• Overview of first time agent provisioning, on page 45.

• System requirements for agents, on page 46.
• Preparing to provision the agent, on page 47.
• Single Machine Provisioning, on page 48.
• Advanced Provisioning, on page 48.
• Deploying Agents from a Network Share, on page 59.
• Provisioned Configurations, on page 60.
• Using the Provisioning Results Page, on page 62.
• Managing K1000 Agent Tasks, on page 63.
• K1000 Agent Settings, on page 64.
• K1000 Agent Update, on page 68.
• Updating with a client bundle, on page 69.
• AMP Message Queue, on page 71.
Overview of first time agent provisioning

Agent Provisioning helps you to easily deploy the K1000 Management Appliance agent
software on your network. You can deploy the agent on multiple machines simultaneously by
creating a configuration that identifies a range of IPs to target. The procedure for agent
provisioning varies for Windows and other operating systems.
1. File share must be enabled. See Enabling file sharing on page 47.
2. A provisioning configuration identifies one or more IP addresses for the first time
deployment or removal of the agent.
3. The target IP address is tested for the existence of an agent.
4. If the agent is not detected, then it will remotely install the agent directly from the
appliance.
The provisioning installers are located on the appliance in the following network share:

4 Agent Provisioning
\\appliance\client\agent_provisioning
where appliance represents the hostname of your appliance.

The provisioning files are located in the subdirectories for their operating system. (For
example, Windows files are located in the windows_platform directory.)
For information on manually deploying the agent on Windows, Linux, and

Macintosh platforms, refer to Appendix E: Manually Deploying Agents,
System requirements for agents

System requirements to install the agent are:
• Windows:
• Windows 7 (32-bit and 64-bit)
• Windows Vista (32-bit and 64-bit)
• Windows XP (32-bit and 64-bit)
• Windows Server 2008 (32-bit and 64-bit)
• Windows Server 2008 R2 (64-bit)
• Windows Server 2003 (32-bit and 64-bit)
• Windows 2000 Server (32-bit)
All Windows platforms require:
• Microsoft Internet Explorer 5.01 or greater

• Microsoft .NET Framework 1.1/2.0, 90 MHz or faster processor
• 28 MB RAM and 10MB free disk space (minimum)
• Linux:
Red Hat Enterprise Linux (RHEL) 3, 4, and 5 (32-bit and 64-bit)
• Macintosh®:
• Mac OS X v10.6 Intel
• Mac OS X 10.5 Intel and PowerPC
• Mac OS X 10.4 Intel and PowerPC
• Upgrades supported:
Supports upgrading from agent version 4.3.20024 or later to 5.1.

Agent Provisioning
4
Preparing to provision the agent

You must perform the steps in this section before provisioning the agent.
Enabling file sharing

To activate the provisioning functionality you must enable K1000 Management Appliance
file share.
1. Go to Settings > Control Panel.
2. Click General Settings.
The K1000 Settings: General page appears.
3. In the Samba Share Settings section, click Edit Mode.
4. Select the File Share Enabled checkbox.
5. Click Save Samba Settings.
Preparing for Windows Platform provisioning

For Windows platform installations, the following configuration settings are required:
• K1000 Agent 5.1: For Windows Platforms (32-bit and 64-bit), you must use Microsoft
.NET version 1.1 SP1. (K1000 Agent 5.2 does not require Microsoft .NET.)
• Windows XP: Turn off Simple File Sharing. Appliance Provisioning requires
standard file sharing with its associated security model. Having Simple File Sharing
enabled can cause a “LOGON FAILURE” because simple file sharing does not support
administrative file shares and associated access security.
• Windows Firewall: If turned ON, enable File and Print Sharing in the Exceptions
list of the Firewall Configuration.
By default, the appliance verifies the availability of ports 139 and 445 on each target machine
before attempting to execute any remote installation procedures.
For Vista and Windows 7:
• Provide Administrative credentials for each machine.

• Configure User Account Control (UAC) in one of two ways:
• Turn UAC off.

• Set User Account Control : Run all administrators in Admin Approval

Mode to Disabled.
• From the Advanced sharing settings page, turn on network discovery and turn on file
and printer sharing.
Single Machine Provisioning

Single Machine Provisioning option provides an easy way to deploy the agent technologies
for the first time. Single Machine Provisioning assumes some default values for settings such
as TCP ports, time outs, appliance server name, and so on.
To deploy the agent on a single machine

1. Go to Settings > K1000 Agent.
The Agent Provisioning page appears.
2. Click Single Machine Provisioning.
The Single Machine Provisioning page appears, including the agent version.
3. Enter the Target IP.
4. Click Install Agent.
5. Click the operating system of the agent.
6. (Windows Only) Enter the domain or workgroup for the user name you enter below.
7. Enter a user name that has the privileges to install the agent.
8. Enter the password for the account.
9. Click Run Now.
The system saves the configuration with a default name as Simple configuration - IP
Address and then runs the configuration against the targeted IP.
You are redirected to the Provisioned Configurations page where the newly created
configuration is displayed.
Advanced Provisioning
Advanced Provisioning has three primary options:
• Auto Provisioning, which allows you to provide target IP Range for Provisioning. See
To add a new item using Auto Provisioning, on page 49.
• Manual Provisioning by IP, which allows you to specify IP addresses manually and
also pick up machines from IP Scan and Inventory. See To add a new item using Manual
Provisioning by IP, on page 52.
• Manual Provisioning by Hostnames, which allows you to enter hostnames
manually. See To add a new item using Manual Provisioning by Hostname, on page 55.

Agent Provisioning
4
To add a new item using Auto Provisioning

1. Click Settings > K1000 Agent.
2. Click Advanced Provisioning.
The Advanced Provisioning page appears.
3. Select the Auto Provisioning option under the General Settings section.
4. Enter the following general settings details:
Config Friendly Enter a name for your agent provisioning configuration that is
Name specific enough to differentiate between other configuration
names.
Provisioning IP Enter an IP or IP range. Use hyphens to specify individual IP class
Range ranges.
For example: 192 168 2-5 1-200.
Configuration Click to enable the configuration and run scheduled
Enabled configurations.
K1000 Server Enter the name of the server where you want to install the agent
Name from.
This field displays the default name of the appliance server.
Update this field if you have multiple servers.
K1000 Client The share folder name in the appliance, where the agents are
Share Name located.
DNS Lookup Click to enable DNS lookup.
Enabled
Name Server for By default, the field displays the primary DNS Server mentioned
Lookup under Network Settings. You can change the default DNS
Server to the required one and also specify the hostname or IP
address.
Lookup Time Out Enter the time period in seconds, after which a DNS lookup will
time out.
5. Enter the following details under the Windows Platform Provisioning Settings
section if the target machines operate on the Windows platform:
Provision this Click to enable provisioning .

platform
K1000 Agent Version (Read-only) This field displays the Agent Version number.
Agent Identification The agent identification port is the default port currently in use
Port by the agents and indicates that you should not install the agent
again. By default that port number is 52230. If you are using a
different port number for this, you can change the port number
listed here.

Required open TCP Enter the list of required open TCP ports separated by commas.
Ports These are the ports appliance uses to access the target machine
for installation of the agent.
Port Scan Time Out Enter time period in seconds, during which the appliance scans
the port for response.
Bypass Port checks Click to avoid port checks while the appliance installs the agent.
Enable Debug Info Click to view debug information in the machine’s provisioning
results.
Remove K1000 Agent Click to reverse the logic of the provisioning configuration, that
is to remove the agent from machines. This overrides any
current provisioning activity.
6. Enter the following details under Windows Network Administrative Credentials

Domain (or Enter the domain or workgroup name associated with the login
Workgroup) credentials you enter below.
User Name (admin Enter a user name that has the necessary privileges to install the
level) agent on the targeted machines.
Password Enter the password for the account listed above.
7. If the target machines operate on the Linux or Macintosh platform, enter the following
details under Unix (Linux or Mac OS X) Platform Provisioning Settings
section:
Provision this Click to enable provisioning on Linux or Macintosh platform.

platform
Ports These are the ports the appliance uses to access the target
machine for installation of the Agent.
Port Scan Time Out Enter a time period in seconds. Port scan time out indicates the
time for which the appliance will scan the port for response.
Bypass Port Checks Click to avoid port checks. This indicates that the appliance
tries the installation, without checking ports.
Remove K1000 Agent Select to reverse the logic of the provisioning configuration.
Hence, you are using provisioning configuration, to remove the
agent from machines rather than installing it. This overrides
any current provisioning activity.

Agent Provisioning
4
Remove /var/kace/ The kace folder has two sub folders, SMMP and kagentd.
files
• The SMMP folder contains: SMMP.conf, agent.log, pid, and
pluginRunProcess.log.
• The kagentd folder contains: K1000_LOG.txt,
kbot_config.yaml, and kuid.txt.
Click to remove the complete kace folder. If the check box is
not selected, the /var/kace/kagentd/kuid.txt file is not
deleted.
8. Enter the following details under Network Root Credentials section if the target
machines operate on the Linux or Macintosh platform:
User Name  Under Network Root Credentials for the appropriate

Linux or Mac OS platform, enter a user name that has the necessary privileges to
install the agent on the targeted machines.
K1000 Agent Version (Read-only) This field displays the agent version number.
9. Select the appropriate check box under the Scheduling area, and schedule to run the
configuration:
Don’t Run on a Schedule Default. Select when you do not want to run the
provisioning configuration on a schedule.
Run Every n minutes/ Select to run the provisioning configuration at the
hours specified interval.
Run Every day/specific Select to run the provisioning configuration daily or
day at HH:MM AM/PM specified day of the week at the specified time.
Run on the nth of every Select to run the provisioning configuration monthly or on
month/specific month at the specified day of the month at the specified time.
HH:MM AM/PM
By choosing a regular schedule, the appliance periodically checks machines in the

specified IP range to make sure that they have the Agent, and install/reinstall/uninstall
as required.
10. Click Save to save the provisioned configuration.
The Provisioned Configurations page appears. The provisioned configuration you
created appears in the list of configurations.
11. Click the saved provisioned configuration.
12. You can edit this provisioned configuration. Click Run Now to save the changes and
instantly run the current configuration against the defined IP range. To cancel the
configuration, click Cancel.

You can also deploy the agent manually. For more information on the manual deployment of
the agent on Linux and Macintosh, see Appendix E: Manually Deploying Agents, starting on
page 269.
To add a new item using Manual Provisioning by IP

3. Select the Manual Provisioning by IP option under the General Settings section.
4. Enter the General Settings details as shown in the following table:
Config Friendly Enter a name for your agent provisioning configuration. Use a
Name specific configuration name to differentiate between two
configurations.
Target IPs Enter the IP address of the target machine or click Help me pick
machines.
Note: Multiple IP addresses should be comma-separated.
Provisioning Enter IP or IP range. Use hyphens to specify
IP Range individual IP class ranges.
(Help me For example:
pick 192 168 2-5 1-200.
machines) Click Add All to add all the IP addresses displayed in
the list.
IP Scan Select a machine from the IP Scan Computers
Computer drop-down list, to add to the Target IPs list. This list is
(Help me populated from the Network Scan Results. You can
pick filter the list by entering any filter options.
machines) Click Add All to add all machines displayed in the list.
Inventory Select a machine from Inventory Computers drop-
Computers down list, to add to the Target IPs list. This list
(Help me contains all the computers in the inventory. You can
pick filter the list by entering any filter options.
machines) Click Add All to add all machines displayed in the list.
Configuration Select to enable the configuration.
Enabled Note: Scheduled configurations will run only if this check box is
selected.
K1000 Server This field, by default, displays the name of the appliance server.
Name Update this field if you have multiple appliance servers. Enter the
name of the server that you want to install the agent from.
K1000 Client The share folder name on the appliance, where the agents are located.
Share Name

Agent Provisioning
4
DNS Lookup Select to enable DNS lookup.

Enabled
Name Server By default, the field displays primary DNS Server mentioned under
for Lookup Network Settings. You can change the default DNS Server to the
required one and also specify the hostname or IP address.
Lookup Time Enter the time period in seconds. After this period has lapsed, the
Out DNS lookup will automatically time out.
5. Enter the following details under Windows Platform Provisioning Settings

Provision this Select to enable provisioning on Windows platform.

platform
K1000 Agent This field displays the Agent version number.
Version
Agent The agent identification port is a port that installed agents would
Identification Port already have open and in use, indicating that you should not
install the agent again. By default that port number is 52230. If
you are using a different port number for this, you can change the
port number listed here.
Required open Enter the list of required open TCP ports separated by commas.
TCP Ports These are the ports that your appliance uses to access the target
machine for installation of the Agent.
Port Scan Time Enter a time period in seconds. Port scan time out indicates the
Out time for which the appliance will scan the port for response.
Bypass Port Select to avoid port checks. This indicates that the appliance tries
checks the installation, without checking ports.
Enable Debug Info Select to display more debug information in the machine’s
provisioning results.
Remove K1000 Select to reverse the logic of the provisioning configuration.
Agent Hence, you are using provisioning configuration, to remove the
agent from machines rather than installing it. This overrides any
6. Enter the following details under Windows Network Administrative Credentials

User Name (admin Enter a user name with the necessary privileges to install the

7. If the target machines operate on the Linux or Macintosh platform, enter the following
details under Unix (Linux or Mac OS X) Platform Provisioning Settings
section:
Provision this Select to enable provisioning on Linux or Macintosh platform.

platform
Required open Enter the list of required open TCP ports separated by commas.
TCP Ports These are the ports the appliance uses to access the target machine
for installation of the agent.
Out time for which the appliance scans the port for response.
Bypass Port checks Select to avoid port checks. This indicates that the appliance tries
the installation, without checking ports.
Remove K1000 Select to reverse the logic of the provisioning configuration. Thus,
Agent you are using provisioning configuration, to remove the agent
from machines rather than installing it. This overrides any current
provisioning activity.
Remove /var/ The kace folder has two sub folders, SMMP and kagentd.
kace/ files
Select to remove the complete kace folder. If the check box is not
selected, the /var/kace/kagentd/kuid.txt file is not deleted.
8. Enter the following details under Network Root Credentials section if the target
User Name Under Network Root Credentials for the appropriate

(Linux/Mac OS) platform, enter a user name that has the necessary privileges to
K1000 Agent (Read-only) This field displays the agent version number.
Version
configuration:
Run Every day/specific Select to run the provisioning configuration on specified
day at HH:MM AM/PM day at the specified time.

Agent Provisioning
4
Run on the nth of every Select to run the provisioning configuration on the
month/specific month at specified time on every month or only the selected month.
HH:MM AM/PM

specified IP range to make sure that they have the Agent, and install/reinstall/uninstall
as required.
10. Click Save to save the provisioned configuration. The Provisioned Configurations page
appears.
The provisioned configuration you just created, appears in the list of configurations.
11. Click the saved provisioned configuration. The Advanced Provisioning page appears.
To add a new item using Manual Provisioning by

Hostname
3. Select the Manual Provisioning by Hostname option under the General Settings
section.
4. Enter the General Settings details as shown in the following table:
Config Friendly Enter a name for your agent provisioning configuration. Use a
Name specific configuration name, to differentiate between two
configurations.
Target Hostnames Enter the hostnames of the target machine.
Note: Multiple host names should be comma-separated.
Configuration Select to enable the configuration.
Enabled Note: Scheduled configurations will run only if this check box
is selected.
K1000 Server Name This field, by default, displays the name of the appliance server.
Update this field if you have multiple appliance servers. Enter
the name of the server from where you want to install the agent.
K1000 Client Share The share folder name on the appliance, where the agents are
Name located.
DNS Lookup Select to enable DNS lookup.
Enabled

Name Server for By default, the field displays primary DNS Server mentioned
Lookup under Network Settings. You can change the default DNS
Server to the required one and also specify the hostname or IP
address.
Lookup Time Out Enter the time period in seconds, after this period has lapsed
the DNS lookup will automatically time out.
5. Enter the following details under Windows Platform Provisioning Settings

Provision this Select to enable provisioning on Windows platform.

platform
K1000 Agent This field displays the agent version number.
Version
Agent Identification The agent identification port is a port that installed agents
Port would already have open and in use, indicating that you should
not install the agent again. By default that port number is
52230.
If you are using a different port number for this, you can change
the port number listed here.
Ports These are the ports the appliance uses to access the target
machine for installation of the agent.
Port Scan Time Out Enter a time period in seconds. Port scan time out indicates the
time for which the appliance will scan the port for response.
Bypass Port checks Select to avoid port checks so that the appliance attempts to
install the agent, without checking the ports.
Enable Debug Info Select to display more debug information in the machine’s
provisioning results.
Agent Thus, you are using provisioning configuration, to remove the
agent from machines rather than installing it. This overrides
any current provisioning activity.
6. Enter the following details in the Windows Network Administrative Credentials

User Name (admin Enter a user name with the necessary privileges to install the

Agent Provisioning
4
7. Enter the following details under Unix (Linux, Mac OS X) Platform Provisioning
Settings section, if the target machines operate on the Linux or Macintosh platform:
Provision this Select to enable provisioning on Linux or Macintosh platform.

platform
Required open Enter the list of required open TCP ports. These are the ports the
TCP Ports appliance will use to access the target machine for installation of
the Agent.
Out time for which the appliance will scan the port for response.
Bypass Port Select to avoid port checks. This indicates that the appliance tries
checks the installation, without checking ports.
Agent Hence, you are using provisioning configuration, to remove the
agent from machines rather than installing it. This overrides any
Remove /var/ The kace folder has two sub folders, SMMP and kagentd.
kace/ files
Select to remove the complete kace folder. If the check box is not
selected, the /var/kace/kagentd/kuid.txt file is not
removed.
8. Enter the following details under Network Root Credentials section, if the target
User Name (Linux/ Under Network Root Credentials for the appropriate
Mac OS) platform, enter a user name that has the necessary privileges to
K1000 Agent (Read-only) This field displays the agent version number.
Version
configuration:
Run Every day/specific Select to run the provisioning configuration on daily or
day at HH:MM AM/PM specific day of the week at the specified time.

Run on the nth of every Select to run the provisioning configuration monthly or
month/specific month at the specified day of the month at the specified time.
HH:MM AM/PM

specified IP range to make sure that they have the agent, and install/reinstall/uninstall
as required.
10. Click Save to save the provisioned configuration.
The Provisioned Configurations page appears. The provisioned configuration you just
created appears in the list of configurations.
11. Click the saved provisioned configuration.
To run provisioned configurations

2. Click Provisioned Configurations.
The Provisioned Configurations page appears.
3. Click the check box beside the configurations you want to run.
4. In the Choose Action menu, click Run Selected Configuration(s) Now.
To duplicate a configuration
3. Click the configuration you want to duplicate.
4. Scroll down and click Duplicate.
To delete a configuration

Agent Provisioning
4

3. Click the configuration you want to delete.
4. Scroll down and click Delete.
Deleting a configuration will delete all associated target machines in the

provisioning inventory list. Altering or updating a configuration will reset the
data in the associated target machines list to the default settings until the
subsequent provisioning run.
Deploying Agents from a Network Share

You can install agents using the installer files for all supported platforms on the K1000
Management Appliance at:
\\k1000_name\client\agent_provisioning\
Ensure that you have enabled the file share to access this folder.
You can deploy agents through email or with scripts:
• E-mail:
An e-mail notification can be sent to your users containing either:
• Install file
• Link to the appliance
• Other Web location to retrieve the required installation file
Users can click on the link and install the appropriate file.
• Log-in Script:
Some companies use login scripts that provide a great mechanism to deploy the Agent
while you log onto a machine. If you use login scripts, simply post the appropriate file in
an accessible directory and create a login script for the Agents to retrieve it.
The following sample Windows login script:
• Checks for the presence of the Microsoft .NET framework on the node.
• Installs the appropriate components to deploy the Agent:
@echo off
if not exist "%windir%\microsoft.net" goto neednet
echo .NET already installed.

goto end
:neednet
start /wait \\location\ dotnetfx.exe /q:a /c:"install /l /q"
:end
if not exist "C:\Program Files\KACE\K1000" goto needk1000
echo K1000 Agent already installed.
goto end
:needk1000
MsiExec.exe /qn /l* kbmsi.log /I
\\location\KInstallerSetupSilent.msi
ALLUSERS=2
:end
Provisioned Configurations
The Provisioned Configurations page displays:
• A list of computers that match Agent Provisioning configurations established in

Advanced Provisioning.
• All the provisioning configurations created and their statuses.
The Provisioned Configurations page contains the following fields:
Field Description
Config Name Displays the configuration name. Click the config name displays the Advanced
Provisioning page.
Total Target Indicates the total number of target machines. Click the total number of target machines
to display the Provisioning Results page.
Running Indicates the total number of target machines on which provisioning is currently
running. Click the total number of target machines to display the Provisioning Results
page.
Not Started Indicates the total number of target machines on which provisioning has not yet started.
Click the total number of target machines to display the Provisioning Results page.
Succeeded Indicates the total number of target machines on which provisioning has succeeded.
Click the total number of target machines to display the Provisioning Results page.
Failed Indicates the total number of target machines on which provisioning has failed. Click the
total number of target machines to display the Provisioning Results page.
% Succeeded Indicates in percentage the total number of target machines on which provisioning has
succeeded.
IP Range Indicates the IP range of the target machine.
Schedule Indicates the provisioning schedule run as specified. For example: Every n minutes,
Every n hours, or Never.
Enabled Indicates a blank or a green check in the check box for the configuration name
depending on the provisioning success.

Agent Provisioning
4
To create a new configuration

3. In the Choose Action menu, click Create New Configuration.
The Single Machine Provisioning page appears.
For more information, see section Appendix 4: To deploy the agent on a single machine,
To delete a configuration
3. Select the check box beside the configurations you want to delete.
4. In the Choose Action menu, select Delete Selected Item(s).
5. Click OK.
To enable a configuration
3. Click the check box beside the configurations you want to enable.
4. In the Choose Action menu, click Enable Selected Item(s).
To disable a configuration
3. Click the check box beside the configurations you want to enable.

4. In the Choose Action menu, select Disable Selected Item(s).
Using the Provisioning Results Page

Provisioning Results page displays a list of computers that match the current Agent
Provisioning Configurations. This list includes all the machines discovered by the
configurations created in Advanced Provisioning and Single Machine Provisioning. You can
view target provisioning and configuration information.
The target’s information results from the most recent provisioning run or execution on that
target. Execution of a Provisioning Configuration targets the IP addresses and for each target
(node) the execution evaluates the availability of IP addresses, agent status, port
configuration, and so on. The results and logs of each provisioning step are displayed.
To view Provisioning Results

3. Click Total Target/Running/Not Started/ Succeeded/ Failed/IP Range in the
Provisioned Configurations list.
The Provisioning Results page appears.
4. Click the IP Address of the required machine to view the provisioning target
information and provisioning configuration information.
The K1000 Agent Provisioning page appears.
5. Click Printer Friendly Version to see a print view of the page. You can print this
page.
You can also view computer inventory by clicking computer inventory under
Provisioning Target Info section. The provisioning process collects the
MAC address of the target machine and compares to the data associated
with the current “K1000 Computer Inventory”. If a match is found, a link to
“Computer Inventory” for that association is displayed next to the MAC
Address. For more information on computer inventory, see Adding
Computers to Inventory, on page 81.
6. Click the required DNS Lookup Enabled on the Provisioning Results page to view the
DNS lookup details.
When selected, live addresses are checked against the DNS Server to see if they have
Agent Provisioning configured.
The Provisioning Results page contains the following fields about the node:
• IP Address (of the target machine)

Agent Provisioning
4
• MAC Address
• Host Name (from DNS)
• Suspected OS (from Scan)
• Action (for example, Agent Install)
• Provisioning Status
• K1000 Agent Installed (for example, yes)
• Error Category (if applicable)
• Record Last Modified
• Record Created
Managing K1000 Agent Tasks

The K1000 Agent Tasks option displays a list of all the tasks that are currently running or are
scheduled for a machine connected to the appliance. Each machine displays the computer
inventory information. Nodes with an active AMP (port: 52230) connection to the server are
indicated with the icon on the Inventory list page.
You can view the K1000 Agent Tasks and Task Types from the View By: drop-down list,
which are described in the table below:
Tasks In Progress Agent tasks that are in progress.

All Tasks Agent tasks.
Ready to Run Agent tasks that are about to run.
(connected)
Ready to Run Tasks that will run once an AMP connection exists.
Longer than 10 Agent tasks that have been waiting longer than 10 minutest for a
minutes connection.
Task inventory The server requests the node to update the computer inventory.
Type
krash upload The server requests the node to upload the dump file to the server
(Windows only).
patch- Shows any of the node’s patching tasks, if running (Windows and Mac
patchname only).
scripting Updates the current status of the scripting tasks.
update
Organiz organization_n Lists the organizations that your company uses.
ation ame

To view agent tasks

1. Click Settings > Support.
The K1000 Troubleshooting Tools page appears.
3. Click the tasks link in See status of K1000 Agent tasks, under the K1000 Agent
Messaging area.
The K1000 Agent Tasks page appears.
4. Click the Machine Name from the K1000 Agent Tasks list to view the computer
inventory information.
The Computers: Detail Item page appears.
5. Click Printer Friendly Version to see a print view of the page and print it.
The K1000 Agent Tasks page contains the fields described in the table below:
Field Description
Machine The machine name on which some tasks are scheduled/running/in progress.
Name
Task Type The type of agent task.
Started The start time of the task type.
Completed The time when the task type is completed.
Next Run The next schedule or run time of the agent task type.
Timeout When the task type has to be timed out.
Priority The importance or the priority value of the task type.
K1000 Agent Settings

The agent settings options configure the appliance to operate in your computing
environment. These options specify:
• How often the node runs on the user desktop.

• How often a full desktop computer inventory is performed.
The K1000 Agent options specify how often an agent checks into the appliance and how
often the agent performs a full computer inventory. For example, a default Run Interval of
30 minutes means that computers with agents installed check into the appliance every 30
minutes.
To configure an agent
1. Click Settings > K1000 Agent Settings.

Agent Provisioning
4
The K1000 Agent Settings page appears.

2. To edit agent settings, click Edit Mode.
The K1000 Organization: Edit Detail page appears in edit mode with the current agent
setting details. These are the settings that control the schedule and frequency of your
checked-in agents.
3. Specify the following agent options under the K1000 Agent Settings For This
Organization area:
Field Suggested Setting Notes
Communications 12:00 am to 12:00 am The time interval when the agent can
Window communicate with the appliance. For example, to
allow the agent to connect between 1 am and 6
am only, select 1:00 am from the first drop-down
list, and 6:00 am from the second.
Agent “Run interval” 1 hours The interval that the agent checks into the
appliance. Each time an agent connects, it resets
its connect interval based on this setting. The
default setting is once per hour.
Agent “Inventory 0 The interval (in hours) that the appliance will
Interval” perform an inventory the nodes on your network.
If set to zero, the appliance will inventory nodes
at every Run Interval.
Agent “Download 100 The Download Throttle decides the maximum
Throttle” number of desktop agents that can download
packages at one point in time. Packages will not
be deployed on machines after the Download
Throttle has been reached. For example, if the
throttle is set to 100 and 100 agents are
connected and receiving a deployment, the 101st
agent will be deferred until any of the 100 agents
has finished communicating with the appliance.
Agent “Splash Page The appliance is The message that appears to users when
Text” verifying your PC communicating with the appliance.
Configuration and
managing software
updates. Please Wait...
Scripting Update 15 minutes The agent downloads new script definitions after
Interval scripting update interval is over. The default
interval is 15 minutes.
Scripting Ping Interval 600 seconds The agent tests the connection to the appliance
after scripting ping interval is over. The default
interval is 600 seconds.

Agent Log Retention The Agent Log Retention disallows the server to
store the scripting result information that arises
from the agents. By default, this stores all the
results generated and can affect the performance
of K1000 Management Appliance. Turn off the
Agent Log Retention to allow the agent
checkins to process faster.
4. Click Save to save the agent settings configuration.

The K1000 Agent Settings page appears in read-only mode. These changes are
reflected the next time agent checks into the appliance.
The agent normally checks in using the “Run Interval” schedule specified in
K1000 Agent Settings page. For debugging and testing purposes, KACE
provides ways that can be used to force a check-in outside this normal
schedule.
You can run the file KBScriptRunner located in C:\Program
Files\KACE\KBOX to force the agent to check in with the appliance.
The KBScriptRunner.exe only forces a check-in (bypassing the “Run
Interval”) but does not force an inventory if you have set a non-zero Inventory
Interval. You must change the inventory interval to zero while debugging/
testing package deployments.
To troubleshoot nodes that fail to appear in Inventory

By default, the agent communicates with the appliance using http: over port 80. Assuming
network connectivity is in place, the most common reason newly-installed agents fail to
connect to the appliance during first-time setup is a problem with the default “K1000” host
name in DNS.
If your machine does not show up in Inventory after installing the Agent, try the following.
1. If you set up the appliance in your DNS using a host name other than the default,
“k1000”, or you need agents to reach the appliance by IP address instead of the DNS
name, you must install the agent specifying the SERVER property. For example:
Windows:
c:\>KInstallerSetup.exe -server=myk1000 -display_mode=silent
or
c:\>KInstallerSetup.exe -server=192.168.2.100 -display_mode=silent
Macintosh:

Agent Provisioning
4
/Library/K1000Agent/Home/bin/setk1000 myk1000
or
/Library/k1000Agent/Home/bin/setk1000 192.168.2.100
Linux:
/K1000/bin/setk1000 myk1000
or
/KACE/bin/setk1000 192.168.2.100
2. To correct the server name for an already-installed node:

Windows:
a. Verify host=myk1000 in smmp.conf.

The path varies for 64-bit Windows:
c:\Program Files\kace\k1000\smmp.conf
c:\Program Files(x86)\kace\k1000\smmp.conf
b. For further debugging and troubleshooting, add the following line to smmp.conf:
debug = true
c. Verify that the connection text in smmp.log indicates a connection established

between the agent and server.
After a successful connection, the smmp_connected file is generated.
Macintosh:
/var/kace/kagentd/kbot_config.yaml
Linux:
3. Verify that you are able to ping the appliance and reach it through a web browser at
http://k1000.
4. Verify that Internet Options are not set to use proxy, or proxy is excluded for the local
network or the K1000 Management Appliance.

5. Verify that firewall or anti-spyware software is not blocking communication between

the appliance and any of agent components, including:
• K1000Client.exe
• KUpdater.exe
• kagentd (OS X / UNIX)
6. Verify that the following processes are running:
• Windows: K1000SMMPManagementService
• OS X / Unix: kagentd processes. The agent will show up as perl in the OS X Activity
Monitor.
7. If after verifying these items, you are unable to get the agent to connect to the appliance,
contact KACE Support at support@kace.com.
K1000 Agent Update

The K1000 Agent Update feature allows you to automatically update the agent software for
some or all machines that are checking in your appliance. Agent deployments are
automatically updated as new agent updates are posted to this area. The Agent package that
you post to the server from this page should be an official agent release received from KACE
directly.
Before updating the agent, ensure that you have downloaded and locally saved the following
files. (XXXX refers to build number.)
• Windows: update_4.3.XXXX.bin
• Mac OS: update_mac_4.3.XXXX.bin
• Linux: update_linux_4.3.XXXX.bin
To update the agent automatically

2. Click Agent Updates from KACE.
The Agent Updates from KACE page appears.
3. Click Edit Mode under the section that you want to edit.
4. Specify the agent updates as shown in the following table:
Enabled Select to upgrade the Agent the next time machines check into the
appliance.

Agent Provisioning
4
Update Broken Select to update those machines that are running checking in with
Agents the appliance for new agent versions, but are unable to
successfully report inventory information to the appliance. This
setting overrides the Limit Update to settings.
For such a broken agent check for a new version of the Agent
software by running kupdater.exe manually.
Limit Updates to Enter a label for automatic upgrades. The upgrades will only be
distributed to machines assigned to those labels, except if they are
identified as a “broken client” above.
Limit Update To Click Remove to limit the listed machines. To add more
Listed Machines machines, select the machines from the Select machine to add
drop-down list.
Filter Enter the value to verify machine by filter.
Notes Enter release notes about the agent.
5. To save the new agent updates, click Save.

You can see the version numbers of agent patches currently uploaded to the appliance under
the Loaded K1000 Agent Updates area. Click Delete All Updates to delete all patches
that are uploaded to the appliance.
To upload platform-specific agent patches

3. Click Edit Mode under the Upload K1000 Agent Update Files area.
4. Scroll down and select the Load specific OS.bin file(s) check box.
5. Click the button beside the platform name to upload the patch file for that platform.
6. Click Browse and locate the patch file (.bin).
The Update Version ID text box displays the version number of the patch file you are
uploading.
7. Click Save Windows Patch File to upload the patch file.
You can update agents on all platforms using a client bundle. The client bundle is designed to
update the Agent deployment files that are stored on the appliance server via a single file.
Updating with a client bundle

Updating with a client bundle affects two areas of the K1000 Management Appliance:

• K1000 Agent Update

• Advanced Provisioning
When you apply this bin file to your server, older versions of the agents are removed and
replaced with the files contained in this bin file.
The K1000 Agent Update settings will be disabled after applying the file. View
the settings and confirm the label and settings and enable it again if you want
the agents to deploy to your network.
All the provisioning setups will also be disabled and will need to be re-
enabled to deploy the new version of the agent to your network.
To update agents using a client bundle

1. Download the k1000_patch_agents_xxx.bin file, and save it locally.
After you register on the KACE web site, you can download the latest client bundle using
the login credentials from the following link:
http://www.kace.com/support/customer/downloads.php
4. Click Edit Mode under the Upload K1000 Agent Update Files area.
5. Click Browse beside Bundled Agents File, and locate the update file you have
downloaded.
6. Click Load Bundle File.
Once the file is uploaded and applied:
• Go to the Agent Updates from KACE page, and verify if the correct labels have been
selected. Select the Enabled check box to enable this upgrade.
• Go to the Advanced Provisioning page, and verify if the correct setups have been
selected. Select the Configuration Enabled check box to enable this upgrade.
To troubleshoot the SMMP Management Service

1. Go to the following folder:
C:\Program Files\kace\k1000
2. Delete the *.InstallState files.
3. Verify that the K1000 SMMP Management Service is listed in the services control
panel.

Agent Provisioning
4
4. If K1000 SMMP Management Service is not listed, run the following command to
reconfigure it:
sc create K1000ManagementService binPath= "c:\program

files\KACE\K1000\K1000SMMPManagementService.exe" type= interact type= own
start= auto DisplayName= "K1000 SMMP Management Service"
5. You can now uninstall the agent from the Add or Remove Programs again.
If you continue to receive error messages, contact Dell KACE Support at support@kace.com
for assistance.
AMP Message Queue

The AMP (Agent Messaging Protocol) Message Queue page displays the list of pending
communications with the agents, such as pending alerts, patches, scripts, or deleting crash
dumps.
To view AMP Message Queue

1. Click K1000 Settings > Support or click .

3. Under the K1000 Agent Messaging area, click the message queue link.
The AMP Message Queue page appears.
The pending communications are displayed in this queue only if there is a constant
connection between the Agent and the appliance.
For Alerts, the pending communications are displayed in the AMP Message
Queue even if there is no continuous connection between the Agent and the
appliance. These messages are displayed till the Keep Alive time interval
has elapsed. These messages are then deleted from the queue and the
alerts expire.

The Agent Message Queue page contains the following fields:
Field Description
Machine Name Indicates the machine name that contains the computer inventory
information. Click the machine name to view the Computers Inventory
page.
• icon indicates a successful AMP connection.
• icon indicates a failed AMP connection.

Message Type Indicates the message type. For example, Run Process or Builtin.
[ID, Src ID]
Message Payload Indicates the message payload.
Expires Indicates the date and time when the alert expired.
Status Indicates the status of the AMP message. For example, Completed or
Received.
To view alerts

3. In the K1000 Agent Messaging, click the message queue.
4. In the Choose Action menu, click View Alerts.
A list of Alerts is displayed under the Message field.
The View Alerts option is available in the Choose Action menu only if AMP
Message Queue has pending or displays alerts.
For creating alerts, see To Create a Broadcast Alert Message, on page 207.
To delete a message queue



Agent Provisioning
4
3. Click the message queue link in See list of pending communications in the
K1000 Agent message queue, under the K1000 Agent Messaging area.
4. Click the check box for the message you want to delete.
5. In the Choose Action menu, click Delete Selected Item(s).
6. Click OK to confirm deleting the message.
This removes the message queue from the Agent.


5
Managing Software and Hardware
Inventories
The Dell KACE K1000 Management Appliance Inventory tab enables you to identify and
manage the hardware and software on your network and organize these assets using labels
and filters.
• Inventory Feature Overview, on page 75.

• Managing Your Computer Inventory, on page 76.
• Managing Your Software Inventory, on page 83.
• Managing Your Processes Inventory, on page 88.
• Managing Your Startup Program Inventory, on page 90.
• Managing Your Service Inventory, on page 92.
• Managing Your MIA (Out-Of-Reach Computer) Inventory, on page 93.
• Using the AppDeploy Live Application Information Clearinghouse, on page 95.
Inventory Feature Overview

The agent collects Inventory information from each node. The information is uploaded and
displayed on your K1000 Management Appliance after the nodes check in. The data is then
listed on one of the Inventory tabs:
• Computers
• Software
• Processes
• Startup
• Services
• IP Scan
• MIA
• Label
The inventory data is collected automatically according to the Agent Inventory Interval
schedule specified in the Settings > K1000 Agent Settings. If the Agent inventory
Interval is set to zero, the inventory is performed as per the Agent Run Interval on the
same page.

5 Managing Software and Hardware Inventories
Although it is listed under the Inventory tab, the IP Scan feature is discussed in Chapter
7: Scanning for IP Addresses, starting on page 105.
This figure illustrates some of the Inventory features using the Computers sub-tab.
Figure 5-1: Inventory - Computers Tab
Managing Your Computer Inventory

The Computer Search & Filter page displays the computer’s IP address and the user
connected to it. Clicking Action #1 or Action #2 beside the IP address, invokes an
Machine Action if specified.
For more details on Machine Actions, refer to Chapter 2: Configuring your Appliance,

Managing Software and Hardware Inventories
5
From the Computers tab you can:
• Search by keyword or invoke an Advanced Search

• Create a Filter to apply labels to computers automatically
• Create Notifications based on computer attributes
• Add/delete new computers manually
• Filter the Computer Listing by label
• Apply or remove labels
• Show or hide labels
To view details about a computer, click its name.
Searching for Computers in Your Inventory

This section explains the various options you have for searching for computers in your
inventory.
Using Advanced Search for Computer Inventory

Although you can search computer inventory using keywords like “Windows XP” or
“Acrobat,” those types of searches might not specific enough. Advanced search, on the other
hand, allows you to specify values for each field present in the inventory record and search
the entire inventory listing for that value. This is useful for example, if you needed to list
computers with a particular version of BIOS installed.
To specify advanced search criteria

1. Click the Advanced Search tab.
2. Select an attribute from the drop-down list.
For example: IP Address
3. Select a condition from the drop-down list.
For example: contains
4. Enter the attribute value.
For example, to search machines in an IP range: XXX.XX.*
Note: You can add more than one criteria.
5. To add more criteria, select a conjunction operator from the drop-down list.
The options are AND or OR.
6. Click Search.
The search results are displayed.

Creating Smart Labels for Computer Inventory

Smart Labels enable you to dynamically apply a label based on a criteria. Smart Labels work
well with Inventory attributes. For example, to track laptops that travel, create a label called
“San Francisco Office,” and create a Smart Label based on the IP range or subnet for
machines located at the San Francisco office. Whenever a machine that meets the IP range is
checked in, it is labeled as “San Francisco.”
The table below lists some examples of useful Smart Labels that can be applied to a machine
based on its inventory attributes:
Filter Examples
Sample Label Name Sample Condition

XP_Low_Disk Windows XP Machine with less than 1 GB of free hard disk at last connection.
XP_No_HF182374 Windows XP Machine without Hotfix 18237 installed at last connection.
Building 3 Machine connecting to the K1000 Management Appliance is detected in a
specified IP range known to originate in building 3.
CN_sales Computers connecting where computer name contains the letters “sales”.
For more information about Smart Labels, see About Smart Labels, on page 42.
Searching for Computers by Creating Computer Notifications

You can also use the Notification feature to search the inventory for computers that meet
certain criteria, such as disk capacity or OS version, and then send an e-mail automatically to
an administrator. For example, to know when computers have a critically low amount of disk
space left, you can:
1. Specify the search criteria to look for a value of 5 MB or smaller in the Disk Free field
2. Notify an administrator to take appropriate action.
To create a notification
1. Click Inventory > Computers, and then click the Create Notification tab.
2. Specify the search criteria and the constraints.
3. Specify a title for the search.
4. Enter the mail address of the recipient of the notification.
5. To see whether the filter produces the desired results, click Test Notification.
6. Click Create Notification to create the notification.
Now, whenever machines that meet the specified notification criteria check into the K1000
Management Appliance, an e-mail is automatically sent to the specified recipient. You can
modify or delete a notification after it has been created on the Reporting > Email Alerts
tab.

5
Filtering Computers by Organizational Unit

To filter computers based on an Organizational Unit found in LDAP or AD, you can create
LDAP Labels to do this from the Home > Label > LDAP Labels tab.
For more information on how to create LDAP Labels, refer to About LDAP Labels, on
page 187.
Using the Computer Inventory Detail Page

From the Computers tab, you can select a computer in inventory and view its details. The
Computer Detail page provides details about a computer’s hardware, software, install, patch,
Service Desk, and OVAL vulnerability history, among other attributes.
The following sections describe each of the detail areas on this page. To expand or collapse
the sections, click the + sign next to the section headers.

Inventory
Description
Heading
Summary Contains basic computer identification information. Most of this is self-explanatory.

The only appliance-specific information in this section is the AMP connection and the
agent software level. Some appliance features work only if there is a constant
connection between the agent and the appliance:
• A icon indicates a constant connection between the agent and the appliance.
• A icon indicates that the agent and the appliance are not connected.
For more details on the AMP connection, see AMP Message Queue, on page 71.
Use the Force Inventory Update button to immediately update all computer
inventory information. Click Force Inventory Update to synchronize the computer
with the server. It requests that the node send an inventory to the appliance.
Inventory This section provides more detail on some of the categories in the Summary section.
Information
Software This section provides details on the software programs the computer has installed,
including patching level information, running processes, and startup programs.
Activities • The Labels section displays the labels assigned to this computer. Labels are used to
organize and categorize machines.
• The Failed Managed Installs section displays a list of Managed Installations that
failed to install on this machine. To access details about the Managed Installations,
click the Managed Software Installation detail page link.
• The To Install List section lists the Managed Installations that are sent to the
machine the next time it connects.
• The Help Tickets section provides a list of the Service Desk Tickets (if any)
associated with this machine. These can either be Tickets assigned to the machine
owner or Tickets submitted by the machine owner. To view a Service Desk Ticket’s
details, click the Ticket ID (for example, TICK:0032).
Security The Patching Detect/Deploy Status section displays a list of patches detected and
deployed on the computer. Click the appropriate link, for example, Failed, Not
Patched, Patched, and All to sort the list of patches.You can review your patch
schedules by clicking the Patch Schedules link.
The Threat Level 5 list section displays the items that have been marked with the threat
level as 5. A threat that is harmful to any software, process, startup item, and services
associated with this machine is considered as threat level 5.
The OVAL Vulnerabilities section displays the results of OVAL Vulnerability tests run
on this machine. Only tests that failed on this computer are listed by the OVAL ID and
marked as Vulnerable. Tests which passed are grouped together and marked as Safe.
Logs The Portal Install Logs section provides details about the User Portal packages installed
on this machine.
See Appliance Agent Logs, on page 81, for details on this section.
The Scripting Logs section lists the Configuration Policy scripts that have been run on
this computer, along with the status of any scripts in progress.

5
Inventory
Description
Heading
Asset This section displays the details of the Asset associated with that machine. Details such
as the date and time when the Asset record was created, the date and time when it was
last modified, type of the asset and name of the asset are displayed.
Click the [Edit] link to edit the asset information. For more information about Assets,
see the Asset Management Guide.
Appliance Agent Logs

This section displays logs for K1000 Management Appliance Management Service, boot
strap, Client, and Scripting Updater.
• Management Service Logs:

The primary role of appliance Management Service is to execute the Offline KScripts.
The Management Service logs display the steps performed by Management Service to
execute the Offline KScripts. These steps include, dependencies downloads and
validating the KBOTS file. Any error in the execution of Offline KScript is logged in the
Management Service logs.
• Boot Strap Logs:

The appliance sends a boot strap request to get inventory information for a node that
has checked in for the first time. The logs related to this request are displayed in Boot
Strap logs.
• Client Logs:
The appliance sends a request to the agent to get inventory information periodically. A
script is executed on the node after which it sends the inventory information to the
appliance. On successful execution of K1000Client.exe, inventory is uploaded to the
appliance. The agent logs display these actions.
• Scripting Updater:
A request is initiated periodically from the node to get the latest information related to
the changes in Offline KScripts. Scripting Updater logs displays this information.
Adding Computers to Inventory

The appliance provides the convenience of automatically adding computers to inventory.
This is especially useful when you maintain a large number of computers on your network.
However, the appliance also provides the flexibility to manually add computers to inventory.
For example, you can track computers that currently do not have agent support or computers
that are not available on your LAN.
Adding Computers Automatically

Computers are automatically added to Inventory by provisioning the agent on the computers
on your network. The computers on which the agent is installed will check into the appliance

and upload all the available inventory data. For more information on agent provisioning,
refer to Chapter 4: Agent Provisioning, starting on page 45.
Adding Computers Manually

You can use the K1000 to maintain inventory data of all the machines on your network,
including those not connected to your LAN. This might be a good practise if you want to
maintain Inventory on computers in dark networks.
The number of computer or machine records in Inventory affects your license count even if
the computer is no longer in use.
To add a computer to inventory manually

1. Click Inventory > Computers .
The Computer: Edit Computer Detail page appears.
3. Complete the information required by:
• Entering by hand:
For example data, view the computer record of a machine that is already listed in the
inventory.
• Importing the machine.xml file for this computer.

The K1000Client.exe can take an optional command line parameter-inventory. To
configure this, type:
K1000 Agent/exe-inventory
The appliance agent collects the inventory data and generates a file called
machine.xml, which you can upload here. If you choose this option, the appliance
ignores all other field values on this screen.
To delete a computer
1. Click Inventory > Computers.
2. Click the check box beside the computers you want to delete.
4. Click Yes to confirm deleting the computer.
To apply a label to a computer

2. Select the computer you want to apply a label to.
3. In the Choose Action menu, you can:
• Select Apply Label and the appropriate label to apply
• Select Add Label, enter the New Label name, and click Save.

5
To remove a label from a computer

2. Click the check box beside the computers you want to remove the label from.
3. In the Choose Action menu, click the appropriate label under Remove Label .
Managing Your Software Inventory

The Inventory feature also collects and displays an inventory of the software items installed
on each of the computers listed in the inventory. From the Inventory > Software tab you
can see all the software installed across your network.
By default, the software list alphabetically lists only the first 100 software items detected. To
view all software installed, click the Show All link.
From the Software List page, you can:
• Add or delete software

• Add or remove labels
• Categorize the Software
• Set Threat Level to Software
To view the details of a software title, click the software name link.
Using Advanced Search for Software Inventory

You can search your software inventory using keywords like “Adobe Flash Player” or
“ActivePerl.” For more refined search results use the Advanced Search. This feature allows
you to specify values for each field present in the software inventory and search the entire
inventory for that particular value or combination of values. For example, if you need a list of
computers that have a specific application installed on a specific operating system.

2. Select an attribute and a condition from the drop-down lists
For example, Display Name (Title) and contains.
3. Enter the Attribute Value.
For example, ActivePerl causes all the machines having ActivePerl software to be
searched.
4. To add more than one criteria, select the Conjunction Operator from the drop-down
list.
For example: AND.
5. Select an attribute and a condition from the drop-down lists.
For example, Supported OS and contains.


For example, XP.
7. Click Search.
The combination of XP and ActivePerl returns all machines that have Windows XP OS
and ActivePerl software installed.
Adding Software to Inventory

You can add software inventory items automatically or manually. Automatically capturing
software inventory items is especially useful when it is difficult to determine and maintain
lists of all the software titles installed on your network nodes. Thus, the K1000 Management
Appliance also provides you with the flexibility to manually add software titles to the
inventory. For example, you can add a software item that is not yet been installed on your
network, create a managed installation from it, and then deploy it to your other nodes.
Adding software automatically

Software items are added to Inventory automatically when the agent checks in. The nodes on
which the appliance agent is installed check in to your appliance and upload all the available
software inventory data. For more information on agent provisioning, refer to Chapter
4: Agent Provisioning, starting on page 45.
To add software to Inventory manually

The appliance automatically creates inventory records for the software titles found on the
network. If you don’t see a software package in Inventory, the package probably isn’t
installed on a node in your K1000 Management Appliance. Usually, it’s better to install the
package on a node and run inventory, than to manually install.
You may want o include a custom rule so that information about the software is current and
the package is not reinstalled each time that the agent check in, for example. See Appendix
C: Writing Custom Inventory Rules, starting on page 241.
1. Click Inventory > Software.
The Software : Edit Software Details page appears.
3. Enter the general software details.
Enter the Display Version, Vendor, and Software Title information consistently across
software inventory to ensure proper downstream reporting.
4. Upload or specify links to available information files associated with the software.
5. In the Assign To Label field, select the labels to assign.
6. (Optional) Enter any other information in the Notes field.
7. Specify the Custom Inventory ID (rule), for example:

5
RegistryValueGreaterThan(HKEY_LOCAL_MACHINE\SOFTWARE\Network
Associates\TVD\Shared Components\VirusScan
Engine\4.0.xx,szDatVersion,4.0.44)
Before deploying a software item to a remote node, your appliance first verifies whether
that file is present on the that node. If it is detected, it is not sent to the machine a
second time. In some instances, installed programs do not register in Add/Remove
Programs or in standard areas of the registry. In such cases, the appliance may not be
able to detect the presence of the application without additional information from the
administrator. Therefore, the appliance may repeat the install each time the node
connects.
For more information on Custom Inventory ID (rule), refer to Appendix

C: Writing Custom Inventory Rules, starting on page 241.
8. Select the supported operating systems in the Supported Operating Systems field.
9. In the Custom Inventory ID (rule) field, enter the Custom Inventory ID.
10. Beside Upload & Associate File, click Browse, and then click Open.
11. Under Metadata, specify the following information:
Category Select the desired category.

Threat Level Select the threat level.
Hide from Software Lookup Click this check box to hide this information from the
Service Software Lookup Services. (Use for proprietary
information.)
12. Click Save.
The software detail page displays license information for the software. You
can also view the license asset detail by clicking on the license link.
To create software assets

2. Click the check box for the appropriate software.
3. In the Choose Action menu, click Create Asset.
The Assets page appears.
For more information about using Assets, see the Asset Management Guide.
Custom Data Fields

You can create custom data fields to read information from a target machine and report it in
the Computer Inventory certificate. This is useful for reading and reporting on information

in the registry and elsewhere on the target machine. For example, DAT file version number
from the registry, file created date, file publisher, or other data.
To create a custom data field

3. Enter a Display Name for the field.
4. In the Custom Inventory (ID) rule area, enter the appropriate syntax according to the
information you want returned:
• To return a Registry Value, enter the following, replacing valueType with either
“TEXT”, “NUMBER”, or “DATE”. NUMBER is an integer value:
RegistryValueReturn(string absPathToKey, string valueName, string valueType),
Example:
RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Viruss
can Online,SourceDisk, TEXT)
• To return File Information, enter:

FileInfoReturn(string fullPath, string attributeToRetrieve, string valueType)
Example:
FileInfoReturn(C:\Program Files\Internet Explorer\iexplore.exe, Comments,TEXT)
You can retrieve the following attributes from the FileInfoReport() function:
Comments Language
CompanyName LegalCopyright
FileBuildPart LegalTrademarks
FileDescription OriginalFilename
FileMajorPart PrivateBuild
FileMinorPart ProductBuildPart
FileName ProductMajorPart
FilePrivatePart ProductMinorPart
FileVersion ProductName
InternalName ProductPrivatePart
IsDebug ProductVersion
IsPatclhed SpecialBuild
IsPreRelease CreatedDate
IsPrivateBuild ModifiedDate
IsSpecialBuild AccessedDate

5
Attaching a Digital Asset to a Software Item

Whether you add the software to inventory automatically or manually, you need to associate
the files required to install the software before distributing a package to users for
installation. To associate multiple files, create a .zip file, and associate the resulting archive
file.
To attach a digital asset to a software item

2. Click the linked name of the software title.
The Software: Edit Software Detail page appears.
3. Beside Upload & Associate File, click Browse.
4. Locate the file to upload, and then click Open.
5. Modify other details as necessary, and then click Save.
The Software-To-Computer Deployment Detail table at the bottom of the

Software > Edit Software Detail page shows which computers have the
software title installed.
To delete a software item

2. Click the check box beside the software to delete.
4. Click Yes to confirm deleting the software.
To apply a label to a software item

If you want your label to include all copies of this software, the ones you have now and any
you might purchase in the future, use a Smart Label. See Creating Smart Labels for
Computer Inventory, on page 78.
2. Click the check box beside the software to apply a label to.
3. In the Choose Action menu, click Apply Label and then the appropriate label to
apply.
You can also click Add Label in the Choose Action menu to create and apply a new
label.
To remove a label from a software item

2. Click the check box beside the software to remove the label from.
3. In the Choose Action menu, click Remove Label and the appropriate label.

To categorize a software item

2. Click the check box beside the software you want to categorize.
3. In the Choose Action menu, click Set Category and the category.
To set threat level to a software item

2. Click the check box beside the software.
3. In the Choose Action menu, click the appropriate threat level.
Managing Your Processes Inventory

The K1000 Management Appliance Processes feature allows you to keep track of processes
that are running on all agent machines across your enterprise.
The Processes feature records and reports the processes details information. You can record
and view software usage for the last 1, 2, 3, 6, or 12 months. Detail pages provide information
on individual processes, including the name of the computer running those processes,
system description, and the last user.
Using Processes feature, you can:
• View Process details

• Delete selected processes
• Disallow selected processes
• Meter selected processes
• Apply labels
• Remove labels
The processes are categorized in: Audio / Video, Business, Desktop, Development, Driver,
Games, Internet, Malware, Security, and System Tool.
To view process details

1. Click Inventory > Processes.
The Processes page appears.
2. Select the process name to view details.
The Process Details page appears.
3. Select labels to assign to process in the Assign To Label box.
4. Enter any notes that further describe this process in the Special Notes box.
5. Select the category of the process in the Category drop-down list.
6. Select the threat level of the process in the Threat Level drop-down list.

5
7. Click Save.
You can read comments on the process submitted by other users by clicking
[Read Comments] on the Process Details page. You can also ask for help
from KACE about the processes by clicking [Ask For Help.] You need a KACE
user name and password to log in to the Dell KACE database.
You can also see computers with running the selected process. You can view and print a
printer friendly version of this page.
To delete a process
1. To delete processes, do one of the following:
• From the Processes List view, click the check box beside the process, and then in the
Choose Action menu, click Delete Selected Item(s).
• From the Process detail page, click Delete.
2. Click OK to confirm deleting the selected process.
To disallow processes
The Processes page appears.
2. Click the check box beside the processes to disallow.
3. In the Choose Action menu, click Disallow Selected Item(s).
The Script : Edit Detail page appears.
4. Enter the script configuration details, and then click Run Now to run Disallowed
Programs Policy.
For more detailed information on scripting and Disallowed Programs Policy,

refer to Chapter 9: Using the Scripting Features, starting on page 143.
To apply a label to a process

2. Click the check box beside the processes you want to apply a label to.
3. In the Choose Action menu, click the appropriate label to apply.
To remove a label from a process

2. Click the check box beside the processes you want to remove the label from.
3. In the Choose Action menu, click the appropriate label under Remove Label.

To categorize a process
2. Click the check box beside the processes you want to categorize.
3. In the Choose Action menu, click the appropriate category.
To set threat level to a process

2. Click the check box beside the processes.
To meter a process
2. Click the check box beside the processes.
3. In the Choose Action menu, click Meter Selected Items(s).
The process are added to the list of processes to be monitored in the Metering tab. For
more information on Software Metering, refer to Asset Management Guide.
Managing Your Startup Program Inventory

The K1000 Management Appliance Startup feature allows you to keep track of startup
programs on all agent machines across your enterprise.
The Startup feature records and reports the startup program detail information. Detail pages
provide information on startup programs, including the name of the computer running those
startup programs, system description, and the last user.
Using Startup feature, you can:
• View startup program details

• Delete selected startup programs
• Apply or remove labels
The startup programs are categorized in: Audio / Video, Business, Desktop, Development,
Driver, Games, Internet, Malware, Security, and System Tool.
To view Startup detail information

1. Click Inventory > Startup.
The Startup Programs page appears.
2. Click the startup program name to view details.
The Startup Programs : Edit Startup Programs Detail page appears.

5
3. Select labels to assign to startup program in the Assign To Label box.

4. (Optional) Enter notes that further describe this startup program in the Notes box.
5. Select the category of the startup program in the Category drop-down list.
6. Select the threat level of the startup program in the Threat Level drop-down list.
7. Click Save to save the startup program details.
You can read comments on the startup program submitted by other users by
clicking [Read Comments]. You can also ask for help from KACE about the
startup programs by clicking [Ask For Help.] You need a KACE user name
and password to log in to the Dell KACE database.
You can also see computers with running the selected startup program. You can view a
printer friendly version of this page and take print outs of the report.
To delete a startup program

1. To delete startup programs, do one of the following:
• From the Startup Programs List view, click the check box beside the startup
program, and then in the Choose Action menu, click Delete Selected Item(s).
• From the Startup Program : Edit Startup Program Detail page, click Delete.
2. Click OK to confirm deleting the selected startup program.
To apply a label to a startup program

2. Click the check box beside the startup programs you want to apply a label to.
3. Select the appropriate label to apply from the Choose Action menu.
To remove a label from a startup program

2. Click the check box beside the startup programs you want to remove from the label.
To categorize a startup program

2. Click the check box beside the startup programs you want to categorize.

To set threat level to a startup program

2. Click the check box beside the startup programs.
Managing Your Service Inventory

The K1000 Management Appliance Service feature allows you to keep track of services
running on all agent machines across your enterprise.
The Service feature records and reports the services information in detail. Detail pages
provide information on services, including the name of the computer running those services,
system description, and the last user.
Using Services feature, you can:
• View services details

• Delete selected services
• Apply or delete labels
The services are categorized in: Audio / Video, Business, Desktop, Development, Driver,
Games, Internet, Malware, Security, and System Tool.
To view service detail information

1. Click Inventory > Service.
The Services page appears.
2. Click the service name to view details.
The Service : Edit Service Detail page appears.
3. Select labels to assign to service in the Assign To Label box.
4. Enter any notes that further describe this service in the Notes box.
5. Select the category of the service in the Category drop-down list.
6. Select the threat level of the service in the Threat Level drop-down list.
7. Click Save to save the service details.
You can read comments on the service submitted by other users by clicking
[Read Comments]. You can also ask for help from Dell KACE about the
service by clicking [Ask For Help.] You need a KACE username and
password to log in to the Dell KACE database.
You can also see computers with running the selected startup program. You can view a
printer friendly version of this page and take print outs of the report.

5
To delete a service
1. To delete services, do one of the following:
• From the Services List view, click the check box beside the service, and then in the
Choose Action menu, click Delete Selected Item(s).
• From the Process detail page, click Delete.
2. Click OK to confirm deleting the selected service.
To apply a label to a service

2. Click the check box beside the services you want to apply a label to.
3. In the Choose Action menu, click the appropriate label to apply.
To remove a label from a service

2. Click the check box beside the services you want to remove the label from.
To categorize a service
2. Click the check box beside the services you want to categorize.
To set a threat level to a service

2. Click the check box beside the services.
Managing Your MIA (Out-Of-Reach Computer)

Inventory
The K1000 Management Appliance MIA tab offers a list of the nodes that have not checked
in to the appliance in some time. You can filter the MIA view by computers that have missed
the last first, fifth, or tenth syncs, or which have not communicated with appliance in the last
1-90 days. The MIA tab also displays the IP and MAC Addresses of these computers.

From the MIA tab, you can remove the computers from the appliance Inventory and assign
them to labels to group them for management action.
Configuring the MIA Settings

You can configure the MIA Settings to enable the appliance to automatically delete
computers from the inventory after they have not checked in for a specified number of days.
This eliminates the need to manually delete the computers from the Computers - MIA
page.
To configure the MIA settings

1. Click Inventory > MIA.
2. In the Choose Action menu, click Configure Settings.
The MIA Settings page appears.
3. Enter the following information:
Automatically delete MIA Click the check box to enable automatic deleting of
computers MIA computers.
Days Enter the period in number of days. Computers
that do not communicate with the appliance for
the number of days specified are automatically
deleted.
4. Click Save.
To delete an MIA computer

2. Click the check box beside the computers you want to delete.
4. Click Yes to confirm deleting the computer.
To apply a label to an MIA computer

2. Click the check box beside the computers you want to apply a label to.
3. In the Choose Action menu, select the appropriate label to apply .
To create a new label

For example, you can create a label on any tab in Inventory:
1. Click Inventory, and click the tab you want to work with, for example, Software.
2. In the Choose Action menu, click Add Label .
3. In the Add Label window, enter a name for the new label.

5
4. Click Save.
Using the AppDeploy Live Application Information

Clearinghouse
AppDeploySM (or AppDeploy.com) contains information on installation, deployment, and
systems management automation. (However, it does not tie directly into the appliance.) By
centralizing relevant information in one place, AppDeploy.com reduces the need for
searching answers through vendor sites, discussion boards, and technical publications. This
website provides computer administrators an easier way to search for answers and solutions.
Enabling AppDeploy Live

The AppDeploy Live! website is both a platform for product forums and a source of up-to-
date news and announcements. Enabling AppDeploy Live! integrates community submitted
information directly from this web site.
1. Click Settings > General.
2. Click Edit Mode.
3. Click the Enable AppDeploy Live! check box.
4. Click Set Options to save your changes.
For more information on how to change K1000 General Settings, refer to To configure
general settings for the server, on page 19.
Viewing AppDeploy Live content

You can view AppDeploy Live contents of your appliance. From Inventory, you can view
AppDeploy Live information on software, processes, startup programs, and services.
AppDeploy Live information can also be viewed from the Distribution > Managed
Installations and Distribution > File Synchronization.
You can visit www.AppDeploy.com for more information.
If you have not enabled AppDeploy Live, you cannot view AppDeploy Live
information. Refer to Using the AppDeploy Live Application Information
Clearinghouse, on page 95.
To view AppDeploy Live information

1. Go to Inventory > Software.
The Software page appears, which lists the software installed on nodes.
2. Select the software title to see the associated information from AppDeploy Live.
The Software : Edit Software Detail page appears.
3. Scroll Down to view AppDeploy Live information.


6
Importing and Exporting Appliance
Resources
This chapter explains how to transfer K1000 Management Appliance resources between
organizations within an appliance and between separate appliances.
• About importing and exporting resources, on page 97.

• Transferring resources using a SAMBA share, on page 97.
• Transferring resources between Organizations, on page 102.
About importing and exporting resources

The Administrator Portal offers you the ability to import and export these resources
components between separate K1000 Management Appliance or between different
organizations within an appliance:
• Email alerts
• Managed Installations
• Reports
• Scripts
• Smart labels
• Software components from Inventory
• Ticket rules
All K1000 Management Appliance have built-in SAMBA share directories, allowing you to
import and export appliance resources among them. For details, see the Transferring
resources using a SAMBA share section.
If you use the Organizational Management component of the K1000 Management
Appliance, you also can transfer resources between organizations within an appliance. For
details, see Transferring resources between Organizations, on page 102. If you don’t use
Organizational Management, its options are not displayed.
Transferring resources using a SAMBA share

Any appliance can export the resources listed in About importing and exporting resources to
another appliance using their SAMBA share directories as staging areas.

6 Importing and Exporting Appliance Resources
Export resources from one appliance to another

using SAMBA shares
1. Open the Administrator Portal of the appliance to export resources from.
2. Go to Settings > Resources.
The Resource Management Panel appears.
3. Click Export K1000 Resources.

The Export K1000 Resources page appears, listing all of the resources available to
export.
By default, all available resources on the appliance are listed. You can limit the
resources to view using the drop-down list and search field on the right side of the
screen. Select a resource from the list to display just that resource category. Enter a

Importing and Exporting Appliance Resources
6
term in the search field to limit the resources list even further. In this example, only
Reports with the term Closed in the description are listed:
4. Click the check boxes of the resources to export.

5. In the Choose Action menu, click Export to SAMBA Share.
The Annotate Exported Resource(s) splash screen appears.
6. Enter a description of the components to export, and click Save.
Your exported resources first appear on the Resource Manager Queue page with a
Status of New Request. Click the Refresh button to update this page. When
finished, the Status changes to Completed. Most import/export tasks only take a
moment, but very large resources take longer. This screen does not refresh by itself for
several minutes.
The resources you exported are now available on your SAMBA share for other K1000
Management Appliance to import.
7. Go to Settings > Control Panel, and note the location of the SAMBA share directory
in the SAMBA Share Settings section.
You need to copy the appliance resources from this directory to the SAMBA share of the
appliance importing the software.
8. On the importing appliance, go to the Administrator Portal > Settings > Control
Panel, and click General Settings.
The K1000 Settings: General page appears.
9. In the SAMBA Share Settings section, note the location of the SAMBA share
directory.
10. Using a third-party file copying utility, copy the resources from the exporting appliance
SAMBA share to the importing appliance the SAMBA share.
11. On the importing appliance, navigate to the K1000 Settings > Resources page.

The Resource Management Panel appears:
12. Click Import K1000 Resources.

The Import K1000 Resources page appears, listing all of the appliance resources
available to import.
13. From Choose Action menu, click Import Resource(s) from SAMBA Share.
The Import Resources from SAMBA Share Directory page appears.
14. Select the resources to import, and click Import Resources.

6
The Import Resources From SAMBA Directory page appears:
15. Select the resource files to import, and click Import Resources.
Your imported resources first appear on the Resource Manager Queue page with a
Status of New Request. Click Refresh to update this page. When finished, the
Status changes to Completed.
Most import/export tasks only take a moment, but very large resources take longer.
This screen does not refresh by itself for several minutes.
Once you see a Status of Completed, the resources you imported are available and listed
on their respective tabs (Reports, Inventory > Software, Scripting, Distribution >
Managed Installations) for your organization to use.

Transferring resources between Organizations

You transfer resources between KACE K1000 Appliance organizations by exporting them
from one organization and then importing them into another. The sections below explain
how.
To use the features provided for organizations, you must enable

Organizational Management. The options used for this feature are not
displayed on K1000 Management Appliance without it.
Exporting resources to Other Organizations on an

appliance
The first step in transferring any of the resources listed in About importing and exporting
resources is exporting them from one organization, which is explained in this section.
1. Go to Organizations: organization_name > K1000 Settings > Resources.
2. To export resources from one organization to the others, click Export K1000
Resources.
The Export K1000 Resources page appears, listing all of the resources on the appliance
available to export.
3. Click the check boxes for the resources to export.

6
4. In the Choose Action menu, click Export to Local K1000.

The Annotate Exported Resource(s) splash screen appears.
5. Enter a brief comment describing the exported resources, and then click Save.
Your exported resources first appear on the Resource Manager Queue page with a
Status of New Request. In a few minutes, the export will complete, and the Status
changes to Completed. Click the Refresh button to update this page.
The resources you exported are now available for other organizations on your appliance to
import. For details on importing these resources into another organization, see the
Importing resources from another organization on your appliance section.
Importing resources from another organization on

your appliance
Once resources are exported from an organization, they are available to the other
organizations on that appliance to import and use. If you have not yet exported the appliance
resources you need, follow the instructions in the Exporting resources to Other
Organizations on an appliance section.
To import appliance resources from another appliance, follow the instructions in the
Transferring resources using a SAMBA share section.
Import software components from another organization

1. Click Settings > K1000 Settings > Resources.
2. Click Import K1000 Resources.

The Import K1000 Resources page appears, listing all of the resources available to
import:
3. Click the check boxes for the resources to import.

4. In the Choose Action menu, click Import Selected Resource(s).
The Resource Manager Queue page appears.
Your imported resources first appear on the Resource Manager Queue page with a
Status of New Request. Click the Refresh button to update this page. When
finished, the Status changes to Completed. Most import/export tasks only take a
moment, but very large resources take longer. This screen does not refresh by itself for
several minutes.
Once you see a Status of Completed, the resources you imported are available on the
respective pages (Reports, Inventory > Software, Scripting, Distribution >
Managed Installations) for your organization.

7
Scanning for IP Addresses
IP scan allows you to scan a range of IP addresses to detect the existence and attributes of
various devices on a network.
• IP Scan Overview, on page 105.

• Viewing Scheduled Scans list, on page 105.
• Creating an IP Scan, on page 106.
IP Scan Overview
The K1000 Management Appliance can scan a range of IP addresses for SNMP enabled
machines, allowing you to retrieve information about machines connected to your network.
Although IP Scans have their own server-side scheduling, you can invoke a scan on-demand
or schedule an IP scan to run at a specific time.
IP scan reports a variety of inventory data that lets you monitor the availability and service
level of a target machine. IP scan scans ports in addition to IP addresses. You can collect data
even without knowing the IP addresses of the target machines.
It can scan any type of device (as long as the device has an IP address on the network)
including computers, including virtual machines, printers, network devices, servers, wireless
access points, routers, and switches.
Viewing Scheduled Scans list

By default, the IP Scan tab displays the available scans. From this page, you can also:
• Schedule a new scan.

• Delete scans.
About scan results

On the scan results page, you can:
• Schedule new scan.

• Apply a label or a Smart Label or delete a label.
• Create a remote connection to the machine. (This can be done only if configured under
Machine Action.)

7 Scanning for IP Addresses
To view scan results

There are other ways to get to scan results. The following is an example:
1. Go to Inventory > IP Scan.
2. In the Choose Action menu, click View Scan Inventory.
The Network Scan Results page opens.
Creating an IP Scan
You can create a network scan that will look for DNS, Socket, and SNMP across a subnet or
subnets. You also define a network scan to look for devices listening on a particular port (for
example, Port 80). This allows you to view devices that are connected to your network even
when the agent is not installed on those devices.
When defining a network scan, balance the scope of the scan (number of IP addresses you
are scanning) with the depth of the probe (number of attributes you are scanning for) so that
you do not overwhelm your network or the appliance. For example, if you need to scan a
large number of IP addresses frequently, keep the number of ports, TCP/IP connections, and
so on, relatively small. As a general rule, scan a particular subnet no more than once every
few hours.
The agent listens to port 52230. To determine which machines on your

network are running an agent, define a network scan to report which
machines are listening on that port.
To create an IP scan
1. Go to Inventory > IP Scan.
The Network Scan Settings page appears.
The Network Scan Setting page appears.
3. Enter a name for the scan in the Network Friendly Scan Name field.
4. Enter the IP range to scan in the Network Scan IP Range field.
5. Specify the DNS lookup test details:
DNS Lookup Enabled Check live addresses against the DNS server to see if they have
an associated name. This can help you identify known nodes on
your network.
Name Server for lookup Enter hostname or IP address.
Lookup time out Enter the time out interval (in seconds).
6. Click the Ping Test Enabled check box.

7
If the Ping and Socket tests are disabled, you cannot run the other tests. The Ping or
Socket tests determine if the address is alive. If it is, you can run an SNMP or a Port
Scan against it.
7. Specify the Connection test details:
Connection Test Click the check box to perform connection testing during
Enabled network scan.
Connection Test Enter the protocol to use.
Protocol
Connection Test Port Enter the port to use for testing the connection.
Connection Time Out Enter the time out interval (in seconds).
8. Specify SNMP test details:
SNMP Enabled Click the check box to enable SNMP scanning.

SNMP Public String Enter the community string to query. (Public is the default.)
The query only runs if authentication is not required. When
authentication is required, the scan returns SNMP enabled
with no system data.
9. Specify Port scan test details:
Device Port Scan Enabled Click the check box to enable port scanning of device ports.
TCP Port List Enter a comma-separated list of TCP ports to scan.
UDP Port List Enter a comma-separated list of UDP ports to scan.
Port Scan Time Out Enter the time out interval (in seconds).
10. Specify the scan schedule:
Don’t Run on a Schedule Select to run the tests in combination with an event
rather than on a specific date or at a specific time.
Run Every n minutes/hours Select to run the tests at a specified interval.
Run Every day/specific day at Select to run the tests daily or on a specified day of the
HH:MM AM/PM week at a specified time.
Run on the nth of every month/ Select to run the tests on the specified date or day of the
specific month at HH:MM month at a specified time.
AM/PM
11. Click Save or Scan Now to run scan immediately.
Deleting a Scan Configuration also deletes all associated scan inventory

items. If you want to maintain the scan inventory, but do not want to “rescan,”
set the schedule of the scan configuration to not run.

To search network scan results on the basis of

status fields
1. Click Inventory > IP Scan.
The Network Scan Settings page appears.
2. In the Choose Action menu, click View Scan Inventory.
The Network Scan Results page appears.
For example: Ping Status
5. Select a condition from the drop-down list.
For example: =
6. Enter the attribute value.
For example, to search machines that have a successful ping status, enter 1.
7. Click Search.
8. The search results are displayed below.
Clicking the IP address of a network device displays the values for Ping
Status, Connection Status, and SNMP Status as Succeeded or Failed.
However, the underlying database fields actually contain a 0 for Failed and 1
for Succeeded.
Therefore, when using these fields as criteria for advanced search, Smart
Labels, or notifications, you must enter the numeric values.
IP Scan Smart Label

The IP Scan Smart Label searches for all devices that are detected in the Network Scan,
including DNS, Socket, and SNMP across a subnet or subnets.
Smart Labels enable you to dynamically identify based on a search criteria.
To dynamically identify the network scan results

1. Click Home > Label.
The Labels page appears.
2. On the Labels page, click Smart Labels.
3. In the Choose Action menu, Click Add New IP Scan Smart Label.
The Network Scan Results page appears.
4. Specify the search criteria.
5. Choose or enter the label to associate with the Smart Label.
6. To see whether the Smart Label produces the desired results, click Test Smart Label.

7
7. Click Create Smart Label.

When devices that meet the specified criteria are detected in the network scan, they are
automatically assigned to the associated Smart Label. You can modify or delete a Smart
Label after it has been created from the Home > Label > Smart Labels page.
You can specify the order in which IP Scan Smart Labels are run by changing their Order
value.
To edit the order value of IP Scan Smart Labels

1. Click Home > Label.
2. On the Labels page, click Smart Labels.
3. In the Choose Action menu, click Order IP Scan Smart Labels.
The Order IP Scan Smart Labels page appears.
4. Click the icon beside an order value to modify it.

5. Enter the appropriate order value, and click Save.
IP Scan Smart Labels with lower order values are run before those with higher order
values. The default order value for a new IP Scan Smart Label is 100.


8
Distributing Software from Your
K1000 Management Appliance
The K1000 Management Appliances software distribution features offer various methods for
deploying software, updates, and files to the computers on your network.
• Distribution Feature Overview, on page 111.

• Types of Distribution Packages, on page 112.
• Managed Installations, on page 115.
• Examples of common deployments on Windows, on page 119.
• Examples of Common Deployments on Linux, on page 124.
• Examples of Common Deployments on Mac OS, on page 129.
• File Synchronizations, on page 129.
• Wake-on-LAN, on page 132.
• Replication, on page 134.
• Managing Dell Systems with Dell Updates, on page 138.
• Configuring Dell OpenManage Catalog Updates, on page 140.
Distribution Feature Overview

Dell recommends that customers follow a predefined set of procedures before deploying any
software on their network. The following illustration represents a high-level example of a
generic distribution process. This process can be modified to meet the needs of your
organization. However, to avoid distribution problems, it is important to test various
deployment scenarios prior to deployment.

8 Distributing Software from Your K1000 Management Appliance
Figure 8-1: Basic Deployment procedure
Inventory &
Assess
Test
Target
Deploy
Report
One of the most important concepts in the deployment procedure is to test each deployment
before rolling it out to a large number of users. The appliance verifies that a package is
designated for a particular system, machine, or operating system. However, the appliance
cannot access the compatibility with other software on the target machine. Therefore,
establish procedures for testing each piece of software before deploying it on your network.
For example, develop a test group of target machines, and deploy the required software using
your appliance. This practice helps you to verify the compatibility of the software with the
operating system and other applications within your test group. You can create a test label
and perform a test distribution before you go live in your environment. You can create a test
label from the Home > Labels tab.
This chapter focuses primarily on the test, target, and deploy portions of this flow diagram.
For more details on creating an inventory of computers and software packages in use on your
network, see Chapter 8: Distributing Software from Your K1000 Management Appliance,
Types of Distribution Packages

The primary types of distribution packages that can be deployed on the nodes in the network
are:
• Managed installations
• File synchronizations
• Appliance agents
Distribution packages (whether for managed installation, file synchronization, or user portal
packages) cannot be created until a digital file is associated with an Inventory item. This rule
applies even if you are:

Distributing Software from Your K1000 Management Appliance
8
• Sending a command, rather than an installation or a digital file, to target machines.

• Redirecting the appliance agents to retrieve the digital asset (for example, .exe, .msi)
from an alternate download location.
To create a distribution
1. Install the package manually on a machine.
2. Take an inventory of that machine. For more information on how to take an inventory,
see Managing Your Software Inventory, on page 83.
3. Use the item listed in the Software Inventory list for the Managed Installation.
To create packages with different settings, such as parameters, labels, or deployment
definitions, you can create multiple distribution packages for a single Inventory item.
However, the Managed Installation (MI) cannot be verified against more than one inventory
item because the MI checks for the existence of only one inventory item.
Although the K1000 Agent tab is listed under the Distribution tab,
“Deploying K1000 Agent” is discussed as part of the installation and setup
process in Chapter 1: Getting Started, starting on page 1. For information
about updating an existing version of the appliance agent, see K1000 Agent
Update, on page 68.
Distributing Packages from the appliance

Packages distributed through the appliance are only deployed to target nodes if the
Inventory item is designated to run on the target’s operating system. For example, if the
Inventory item is defined for Windows XP Professional only, the Inventory item does not
deploy to targets with Windows 2000.
Also the package does not deploy to nodes that are not included in the machine label. For
example, if the deployment package is set to deploy to a label called ‘Office A’, the package
does not deploy to machines that are not in ‘Office A’. When an appliance creates a software
inventory item, it only records the operating systems on which the item was installed in the
Inventory detail record.
A managed installation must be enabled by selecting a managed action and a deployment
window.
Ensuring that Inventory item package names match

If the display name of the Software Inventory item does not exactly match the name that the
software registers in Add/Remove programs, the appliance may attempt to deploy a package
repeatedly even though it is already there.
To ensure that the Inventory item display name exactly matches:
1. Install the package on a target machine.
2. Take an automatic inventory of that machine using the appliance.
The newly installed package appears in the Inventory list.

You can then associate a digital file and create one or more deployment packages.
Distributing Packages from an Alternate Location

The K1000 Management Appliance supports software distribution from alternate locations.
The agent can retrieve digital installation files from remote locations, including a UNC
address, DFS source, or an HTTP location. The CIFS and SMB protocols, SAMBA servers,
and file server appliances are supported by your K1000 Management Appliance.
The alternate download feature addresses administrative issues, such as:
• Supporting remote sites with restricted bandwidth, which might result in difficulties
accessing the appliance.
• Avoiding storing large packages on the appliance.
An alternate download location can be any path on the network. Ensure that the alternate
location has the required files for installing the application.
To activate this capability, you must enter an alternate checksum (MD5) that matches the
MD5 checksum on the remote file share (for security purposes). You may use any tool to
establish your checksum.
To create the MD5 checksum, enter:
K1000Client -hash=filename
This displays the MD5 hash for the file.

If no checksum is entered, the digital asset on the file share must exactly match the digital
asset associated with the Deployment Package on the K1000 Management Appliance. Also,
the target path must include the complete filename (for example,
\\fileserver_one\software\adobe.exe).
When the appliance fetches files, it uses these priorities:

1. Alternate download location
2. Replication share
3. Appliance
If a replication share is specified in the label, the replication share is always
used instead of an alternate download location.
If there is no replication share, the agent fails over to the appliance.
When to use a replication share or an alternate

download location
The difference between a replication share and an alternate download location is:
• Replication share is a full replication of all digital assets and is managed automatically
by the appliance.

8
• Alternate download location can be any path on the network. You make sure that the
alternate location has the files that might be needed for installs of a particular
application.
Whenever a replication share is specified for a label, nodes in that label go to that replication
share to get files until you remove them from the label or stop using the replication item. If a
replication share is specified, that is always be used instead of any other alternate location.
The agent always fails over to appliance in following scenarios:
• There is no replication share specified for any label it is a member of

• There are more than one possible replication shares identified
For more information on replication shares, refer to Replication, on page 134.
Managed Installations
Managed installations enable you to deploy software that requires an installation file to run
to the computers on your network. You can create a Managed Installation package from the
Distribution > Managed Installation page.
From the Managed Installations tab, you can:
• Create or delete Managed Installations

• Execute or disable Managed Installations
• Specify a Managed Action
• Apply or remove a label
• Search Managed Installations by keyword
Installation parameters
Your K1000 Management Appliance allows packaged definitions to contain .msi, .exe,
.zip, and other file types for software deployment. If an administrator installs the file on a
local machine, either by running a single file or BAT file or VBScript, the package can be
installed remotely by the appliance.
To simplify the distribution and installation process, the package definition can also contain
parameters that are passed to the installer at run time on the local machine.
You can use parameters as custom installation settings, for example, a standard install or to
bypass auto-restart.
To determine supported parameters for the .msi file

To identify which parameters are supported by your .msi or other any installer, follow these
steps:
1. Open an MS-DOS command prompt.
2. Go to the directory that contains the target installer. For example:

c:\...\adobe.exe
3. Enter: filename /?
For example: adobe.exe /?
If that package supports parameters, they are displayed. For example: /quiet, /
norestart.
4. Use the parameter definitions identified to update your package definition.
If these steps do not succeed, refer to the software vendor’s documentation.
Creating a managed installation for the Windows

platform
When creating a managed installation, you can specify whether you want to interact with the
users using a custom message before or after the installation. You can also indicate whether
to deploy the package when the user is logged in or not and limit deployment to a specific
label. The following section provides general steps for creating a managed installation. For
specific details on creating a managed installation for an .msi, .exe, or .zip file, refer to the
subsequent sections.
To create a managed installation for Windows platforms

1. Click Distribution > Managed Installations.
2. Select Add New Item in the Choose Action menu.
The Managed Software Installation: Edit Detail page appears.
3. Select the software from the Select software drop-down list. You can filter the list by
entering any filter options.
Also show software  Click the check box to display any software without an associated executable
without an Associated uploaded. You can upload a file to the software record directly from this
File Managed Installation page.
Upload & Associate New File:
Click Browse and navigate to the location that contains the new executable of
any software selected or to associate an executable to a software without an
associated file.

8
Installation Command Select Default option or Configure Manually option.

Default Run Parameters: Specify the installation behavior as follows:
• The maximum field length is 256 characters. If your path
exceeds this limit, on the command line, point to a BAT file
that contains the path and the command.
• If your Parameters file path includes spaces, enclose the
complete path in quotes. For example:
“\\kace_share\demo files\share these
files\setup.bat”.
Configure Full Command Line: If desired, specify full command-line
Manually parameters. Refer to the MSI Command Line documentation for
available runtime options.
Un-Install using Full Command Line: Click the check box to
uninstall software.
Run Command Only: Click the check box to run the command line
only.
Delete Downloaded Click the check box to delete the package files after installation.
Files
Use Alternate Click the check box to specify details for alternate download. When you click this
Download check box, the following fields appear:
• Alternate Download Location: Enter the location where the K1000
Agent can retrieve digital installation files.
• Alternate Checksum: Enter an Alternate Checksum (MD5) that matches
the MD5 checksum on the remote file share (for security purposes).
• Alternate Download User: Enter a user name that has the necessary
privileges to access the alternate download location.
• Alternate Download Password: Enter the password for the user name.
Note: If the target machine is part of a replication label, the appliance does not
fetch software from the alternate download location. For more information,
refer to Distributing Packages from an Alternate Location, on page 114.
Specify an alternate download location only for a specific managed installation.
You can also edit an existing label or create a new label that can be used for
specifying the alternate location globally. Because that label cannot be specific to
any managed installation, you cannot specify an alternate checksum for
matching the checksum on the remote file share. For more information, refer to
To add or edit a new label, on page 38.
Notes (Optional) Enter additional information in this field.

Managed Actions Managed Action allows you to select an appropriate time for this package to be
deployed. Available options are:
• Disabled
• Execute anytime (next available)
• Execute before logon (before machine boot)
• Execute after logon (before desktop loads)
• Execute while user logged on
• Execute while user is logged off
5. Specify the deployment details:
Deploy to All Machines Click the check box to deploy the software to all machines.
Limit Deployment To Select a label to limit deployment only to machines belonging to the selected
Selected Labels label. Press CTRL to select multiple labels.
If you have selected a label that has a replication share or an alternate download
location, the appliance copies digital assets from that replication share or
alternate download location instead of downloading them directly from the
appliance.
Note: The appliance always uses a replication share in preference over an
alternate location.
Limit Deployment To You can limit deployment to one or more machines. Select the machines from
Listed Machines the drop-down list to add to the list. You can filter the list by entering filter
options.
Deploy Order Select the order to install the software. The lower value deploys first.
Max Attempts Enter the maximum number of attempts, between 0 and 99, to indicate the
number of times the K1000 Management Appliance tries to install the package.
If you specify 0, the appliance enforces the installation forever.
Deployment Window  Specify the time (using a 24-hour clock) to deploy the package. The Deployment
(24H clock) Window times affects any of the Managed Action options. Also, the run intervals
defined in the System Console, under K1000 Settings for this specific
organization, overrides and/or interact with the deployment window of a
specific package.

8
6. Set user interaction details:
Allow Snooze Click the check box to allow snooze. When you click the check box, the following
additional fields appear:
• Snooze Message: Enter a snooze message.
• Snooze Timeout: Enter the timeout, in minutes, for which the message is
displayed.
• Snooze Timeout Action: Select a timeout action that take places at the
end of the timeout period. For example, if the installation is being carried
out when there currently no active users accessing their desktop. You can
select Install now to install the software without any hindrance to the
users or select Install later if the installer needs some user interaction.
Custom Pre-Install Click the check box to display a message to users prior to installation. When you
Message click the check box, the following additional fields appear:
• Pre-Install User Message: Enter a pre-install message.
• Pre-Install Message Timeout: Enter a timeout, in minutes, for which
the message is displayed.
• Pre-Install Timeout Action: Select a timeout action from the drop-
down list, this action takes place at the end of the timeout period. Options
include Install later or Install now. For example, if the installation is
being carried out when there currently no active users accessing their
desktop. You can select Install now to install the software without any
hindrance to the users or select Install later if the installer needs some
user interaction.
Custom Post-Install Click the check box to display a message to users after the installation is
Message complete. When you click the check box, the following additional fields appear:
• Post-Install User Message: Enter a post install message.
• Post-Install Message Timeout: Enter a timeout, in minutes, for which
7. Click Save.
Examples of common deployments on Windows

This section provides examples of the three most common package deployments, which
contain .msi, .exe, and .zip files.
This section provides examples for each type of deployment.
For each of these examples, you must upload the file to the appliance before creating the
Managed Installation package. We recommend that you install the software on a QA
machine, wait till the appliance agent connects to the appliance and creates an Inventory
item for the software, and then creates the Managed Installation package.

Standard MSI example

Using .msi files is an easy, self-contained way to deploy software on Windows-based
machines. If your .msi file requires no special transformation or customization, the
deployment is simple.
MSI files require a /i switch when using other switches with an install.
The appliance parameter line does not require the file name or msiexec syntax. The only the
/* input is required:
/qn /I (Correct)
msiexec /I /qn (Incorrect)
To use parameters with .msi files, all your target machines must have the
same version of Windows Installer (available from Microsoft). Some switches
may not be active on older versions. The most up-to-date version of Windows
Installer can be distributed to nodes with the appliance.
If you are using Windows Installer 3.0 or later, you can identify the supported
parameters by selecting the Run program available from the Start menu.
Enter msiexec in the popup window. A window displays, which includes the
supported parameters list.
To create a managed installation for an .msi file

The Managed Installations page appears.
The Managed Installation: Edit Detail page appears.
3. Select the software from the Select software drop-down list.
You can filter the list by entering any filter options.
4. Set the following installation details:
Also show software Click the check box to display any software without an associated
without an Associated executable uploaded. You can upload a file to the software record directly
File from this Managed Installation page.
Upload & Associate New File:
Click Browse and navigate to the location that contains the new
executable of any software selected or to associate an executable to a
software without an associated file.

8
Installation Command Select Default option or Configure Manually option.

Default Run Parameters: Specify the installation behavior as
follows:
• The maximum field length is 256 characters. If your
path exceeds this limit, on the command line, point to a
BAT file that contains the path and the command.
• If your Parameters file path includes spaces, enclose the
complete path in quotes. For example:
“\\kace_share\demo files\share these
files\setup.bat”.
Configure Full Command Line: If desired, specify full command-line
Manually parameters. Refer to the MSI Command Line 
documentation for available runtime options.
Uninstall using Full Command Line: Click the check box to
uninstall software.
Run Command Only: Click the check box to run the
command line only.
Delete Downloaded Files Click this check box to delete the package files after installation.
Use Alternate Download Click this check box to specify details for alternate download. When you
click this check box, the following fields appear:
• Alternate Download Location – Enter the location from where
the K1000 Agent can retrieve digital installation files.
• Alternate Checksum – Enter an Alternate Checksum (MD5) that
matches the MD5 checksum on the remote file share (for security
purposes).
• Alternate Download User – Enter a user name that has necessary
privileges to access the Alternate Download Location.
• Alternate Download Password - Enter the password for the user
name specified above.
Note: If the target machine is part of a replication label, the appliance
does not fetch software from the alternate download location. For more
information on using an alternate location, refer to Distributing Packages
from an Alternate Location, on page 114.
Here you specify an alternate download location only for a specific
managed installation. You can also edit an existing label or create a new
label that can be used for specifying the alternate location globally. But
since that label cannot be specific to any managed installation, you cannot
specify an alternate checksum for matching the checksum on the remote
file share. For more information on how to create or edit labels, refer to
To add or edit a new label, on page 38.
Notes (Optional) Enter any additional information in this field.

Managed Actions Select the most appropriate time for this package to be deployed. Options
are:
• Disabled
• Execute anytime (next available)
• Execute before logon (before machine boot)
• Execute after logon (before desktop loads)
• Execute while user logged on
• Execute while user logged off
Deploy to All Machines Click the check box to deploy the software to all the machines.
Limit Deployment To Select a label to limit deployment only to machines belonging to the label.
Selected Labels Press CTRL and click labels to select multiple labels.
If you have selected a label that has a replication share or an alternate
download location, the appliance copies digital assets from that
replication share or alternate download location instead of downloading
them directly from appliance.
Note: The appliance always uses a replication share in preference to an
alternate location.
Limit Deployment To You can limit deployment to one or more machines. Select the machines
Listed Machines from the drop-down list to add to the list. You can filter the list by
entering filter options.
Deploy Order Select the order to install the software. The lower value deploys first.
Max Attempts Enter the maximum number of attempts, between 0 and 99, to indicate
the number of times the K1000 Management Appliance tries to install the
package. If you specify 0, the appliance enforces the installation forever.
Deployment Specify the time (using a 24-hour clock) to deploy the package. The
Window(24H clock) Deployment Window times affects any of the Managed Action options.
Also, the run intervals defined in the System Console, under K1000
Settings for this specific organization, overrides and/or interact with the
deployment window of a specific package.
Allow Snooze When you click this check box, the following additional fields appear:
• Snooze Message: Enter a snooze message.
• Snooze Timeout: Specify a timeout, in minutes, for which the
message is displayed.
• Snooze Timeout Action: Select a timeout action that takes place at
the end of the timeout period. For example, select Install now
because you are installing at a time when you know that the users are
away from their desktops. Select Install later if the installer needs
some user interaction and the users are not at their desktops.

8
Custom Pre-Install Click this check box to display a message to users prior to installation.
Message When you click this check box, additional fields appear:
• Pre-Install Message Timeout: Enter a timeout in minutes for
which the message is displayed.
• Pre-Install Timeout Action: Select a timeout action that takes
place at the end of the timeout period. For example, select Install now
to install at a time when you know that the users are away from their
computers. Select Install later if the installer needs some user
interaction, and the users are not at their computers.
Custom Post-Install Click the check box to display a message to users after the installation is
Message complete. When you click the check box, the following additional fields
appear:
• Post-Install User Message: Enter a post install message.
• Post-Install Message Timeout: Enter a timeout, in minutes, for which
7. Click Save.
Standard EXE Example

The standard executable example is identical to the MSI example above with one exception: /
I is not required in the “run parameters” line when using an .exe file.
When using an executable file, it is often helpful to identify switch parameters for a quiet or
silent installation. To do this, specify /? in the run parameters field.
Standard ZIP Example

Deploying software using a .zip file is a convenient way to package software when multiple
files are required to deploy a particular software title (for example, setup.exe, plus required
configuration and data files). For example, if you have a CD-ROM containing a group of files
required to install a particular application, you can package them together in a .zip file and
upload them to the appliance for deployment.
The appliance agent automatically runs deployment packages with .msi and
.exe extensions. However, K1000 Management Appliance also provide a
capability for administrators to zip many files together and direct the
appliance to unpack the ZIP file and run a specific file within. If you intend to
deploy a .zip file, you must place the name of the file within the .zip that
you would like to run in the Command (Executable) field within the
Deployment Package (for example, runthis.exe).
To create a managed installation for a .zip file

1. Browse to the location that contains the necessary installation files.
2. Select all files, and create a .zip file using WinZip or another utility.

3. Create an inventory item for the target deployment.

You can do this manually from the Inventory > Software tab or by installing the
package on a node that regularly connects to the appliance.
4. Associate the .zip file with the inventory item and upload it to the appliance.
5. Click Distribution > Managed Installation.
The Managed Software Installation : Edit Detail page appears.
7. Select the software title that the .zip file is associated with from the Select software
drop-down list.
8. In the Full Command Line field, specify the complete command with arguments. For
example:
setup.exe /qn
9. Enter other package details as described in the Creating a Managed Installation
procedures.
10. Click Save.
When attempting to deploy a ZIP file created using WinZip maximum compression, the
package may fail to uncompress and you may see an error in the application event viewer or
kbxlog.txt with the message:
Unsupported compression mode 9
The appliance agent uses a library called SharpZipLib to uncompress zip files.
This library supports Zip files using both stored and deflate compression methods and also
supports old (PKZIP 2.0) style encryption, tar with GNU long filename extensions, gzip, zlib
and raw deflate, as well as BZip2. However, Zip64 and deflate64 are not supported.
Compression mode 9 is deflate64, which in WinZip is called “maximum compression.”
To resolve the issue, recreate the zip file using WinZip “normal compression.”
Examples of Common Deployments on Linux

This section provides examples of the supported package deployments: .rpm, .zip, .bin, .tgz,
and tar.gz files.
For each of these examples, you must have already uploaded the file to the appliance prior to
creating the Managed Installation package. We recommend installing the software on a QA
machine, waiting a sufficient amount of time for the appliance agent to connect to the K1000
Management Appliance and create an inventory item for the software, and then creating the
Managed Installation package.

8
To create a managed installation for an .rpm file


You can deploy software on Linux-based machines using .rpm files.
The Managed Installation: Edit Detail page appears.
4. By default, the appliance agent attempts to install the .rpm file using the following
command. In general, this is sufficient to install a new package or update an existing
one to a new version:
rpm -U packagename.rpm
If you have selected a zip/tgz/tar.gz file, the content is unpacked, and the root directory
searched for all .rpm files. The installation command is run against each of these files.
The appliance finds all rpm files at the top level of an archive automatically, so you can
install more than one package at a time. You can also create an archive containing a
shell script and then specify that script name as the full command. The appliance runs
that command if it is found, and logs an error if is not.
To change the default parameters, you have to specify the Full Command Line. You can
specify wildcards in the filenames you use. If the filename contains spaces, enclose it in
single or double quotation marks. The files are extracted into a directory in /tmp, and it
becomes the current working directory of the command.
On Red Hat Linux, you do not need to include any other files in your archive
other than your script if that is all you want to execute.
If the PATH environment variable of your root account does not include the current
working directory, and you want to execute a shell script or other executable that you
have included inside an archive, specify the relative path to the executable in the Full
Command Line field. The command is executed inside a directory alongside the files
that have been extracted.
For example, to run a shell script called installThis.sh, package it alongside an .rpm
file, and then enter the command: ./installThis.sh in the Full Command Line
field. If you archived it inside another directory, the Full Command Line field is:
./dir/filename.sh
Both these examples, as well as some other K1000 Management Appliance functions,
assume that “sh” is in the root's PATH. If you're using another scripting language, you
may need to specify the full path to the command processor you want to run in the Full
Command Line, like
/bin/sh ./filename.sh.

Include appropriate arguments for an unattended, batch script.

If you click the uninstall check box in the MI detail, the agent runs the following
command on either your standalone rpm file or each rpm file it finds in the archive,
removing the packages automatically:
//usr/sbin/rpm -e packagename.rpm
Removing software in this way is performed only if the archive or package is
downloaded to the node. If you click the check box for Run Command Only, specify a
full command line to ensure the correct removal command is run on the correct
package. Because no package is downloaded in this case, specify the path in the
installation database where the package receipt is stored.
5. If your package requires additional options, you can enter the following installation
details:
Run Parameters (Optional) You do not need to specify parameters if you have an .rpm
file.
Enter a value to override (Default -U default).
For example, if you set Run Parameters to: -ivh --replacepkgs, then the
command that runs on the computer is:
rpm -ivh –replacepkgs package.rpm
Full Command Line You do not need to specify a full command line if you have an .rpm file.
The appliance executes the installation command by itself. The Linux
node tries to install this via:
rpm [-U | Run Parameters] "packagename.tgz”
If you do not want to use the default command, you can replace it
completely by specifying the complete command line here. If you have
specified an archive file, this command is run against all of the .rpm files
it can find.
Un-Install using Full Click the check box to uninstall software.
Command Line If a Full Command Line above is entered, it is run. Otherwise, by default
the agent attempts the command, which is generally expected to remove
the package.
Run Command Only Click the check box to run the command line only. This does not
download the actual digital asset.
Notes (Optional) Enter additional information in this field.
Managed Action Managed Action allows you to select the most appropriate time for this
package to be deployed. Execute anytime (next available) and
Disabled are the only options available for Linux platform.
Deploy to All Machines Click the check box to deploy to all the machines.

8
Limit Deployment To Select a label to limit deployment only to machines belonging to the
Selected Labels selected label. Press CTRL to select multiple labels.
If you have selected a label that has a replication share or an alternate
download location, then the appliance copies digital assets from that
replication share or alternate download location instead of downloading
them directly from appliance.
Note: The appliance always uses a replication share in preference over
an alternate location.
Limit Deployment To You can limit deployment to one or more machines. Select the machines
Listed Machines from the drop-down list to add to the list. You can filter the list by
entering filter options.
Deploy Order The order in which software is installed. The lower value deploys first.
Max Attempts Enter the maximum number of attempts, between 0 and 99, to indicate
the number of times the K1000 Management Appliance tries to install
the package. If you specify 0, the appliance enforces the installation
forever.
Deployment Specify the time (using a 24-hour clock) to deploy the package. The
Window(24H clock) Deployment Window times affects any of the Managed Action options.
Settings for this specific organization, override and/or interact with the
deployment window of a specific package.
Allow Snooze This option is not available for Linux platform.

Custom Pre-Install This option is not available for Linux platform.
Message
Custom Post-Install This option is not available for Linux platform.
Message
Delete Downloaded Files Click the check box to delete the package files after installation.

Use Alternate Download Click the check box to specify details for alternate download. When you
click the check box, the following fields appear:
• Alternate Download Location: Enter the location from where the
K1000 Agent can retrieve digital installation files.
• Alternate Checksum: Enter an Alternate Checksum (MD5) that
purposes).
• Alternate Download User: Enter a user name that has the
necessary privileges to access the Alternate Download Location.
• Alternate Download Password: Enter the password for the user
Note: If the target machine is part of a replication label, then the
appliance does not fetch software from the alternate download location.
For more information on using an alternate location, refer to Distributing
Packages from an Alternate Location, on page 114.
since that label cannot be specific to any managed installation, you cannot
specify an alternate checksum for matching the checksum on the remote
file share. For more information on how to create or edit labels, refer to
About Labels, on page 35.
8. Click Save.
Standard TAR.GZ Example

Deploying software using a tar.gz file is a convenient way to package software when more
than one file is required to deploy a particular software title (for example,
packagename.rpm, configuration, and data files). If you have a CD-ROM containing a
group of files required to install a particular application, you can package them together in a
tar.gz file, and upload them to your appliance for deployment.
To create a managed installation for a tar.gz file:

1. Use the following two commands to create tar.gz file:
a. tar –cvf filename.tar packagename.rpm
b. gzip filename.tar
This creates filename.tar.gz
2. Create an inventory item for the target deployment.
You can do this manually from the Inventory > Software tab, or by installing the
package on a K1000 Agent machine that regularly connects to the K1000 Management
Appliance.
3. Associate the tar.gz file with the Inventory item, and upload it to the appliance.
4. Click Distribution > Managed Installation.

8

The Managed Software Installation: Edit Detail page appears.
6. Select the software title with which the tar.gz file is associated from the Select
software drop-down list.
This file is uncompressed and searched for all .rpm files. The installation command is
run against each of them.
If no Run Parameters are filled in, -U is used by default.
You do not need to specify a full command line. The server executes the installation
command by itself. The Linux node tries to install this using:
rpm [-U | Run Parameters] "packagename.tgz”
7. Enter other package details as described in the Managed Installations, on page 115
procedures for .rpm file above.
8. Click Save.
The agent automatically runs deployment packages with .rpm extensions. However, the
appliance also provides a capability for administrators to zip many files together and direct
the K1000 Management Appliance to unpack the zip and run a specific file within.
Examples of Common Deployments on Mac OS

For information on common deployments on Macintosh, refer to Appendix A: Administering
Mac OS Nodes, starting on page 229.
File Synchronizations
File synchronizations enable you to distribute software files to the computers on your
network. These can be any type of file, such as PDF, ZIP files, or EXE files, which are simply
downloaded to the user’s machine, but not installed.
Creating a file synchronization

Using file synchronizations, you can push out any type of file to the computers on your
network. You can choose to install the files from the appliance, or you can specify an
alternate location from where users download the file. The string KACE_ALT_Location in
the Alternate Download Location field is replaced with the value assigned by the
corresponding label. You should not have a machine in more than one label with an
Alternate Download Location specified.
To create a file synchronization

1. Click Distribution > File Synchronization.

The File Synchronizations page appears.

The File Synchronization: Edit Detail page appears.
3. Select the software title to install in the Software Title to Install drop-down list.
4. Set or modify the following installation details:
Notes Enter any information related to the software title selected.

Location (full directory Enter the location on the users machine where you want to upload this
path) file.
Location User If the Location specified above is a shared location, enter the User login
name.
Location Password If the Location specified above is a shared location, enter the login
password.
Enabled Click the check box to download the file the next time the K1000 Agent
checks into the appliance.
Create Location (if doesn’t Create the installation location if not has not already been created.
exists)
Replace existing files Click the check box to overwrite existing files of the same name on the
target machines.
Do Not Uncompress Click the check box if you are distributing a compressed file and do not
Distribution want the file uncompressed.
Persistent Click the check box if you want the appliance to confirm every time that
this package does not already exist on the target machine before
attempting to deploy it.
Create shortcut (to Click the check box to create a desktop shortcut to the file location.
location)
Shortcut name Enter a display name for the shortcut.
Delete Temp Files Click the check box to delete temporary installation files.
Limit Deployment to Enter a label for the package. The file is distributed to the users
assigned to the label, such as the operating system affected by the
synchronization.

8
Pre-Install User Message Click the check box to display a message to users prior to installation.
When you click this check box, additional fields appear:
• Pre-Install Message Timeout: Enter a timeout in minutes for
which the message is displayed.
• Pre-Install Timeout Action: Select the action to occur at the end
of the timeout period. For example, if the installation occurs when
users are active, you can select Install now to install the software
without any interaction to the users. Or, Install later if the
installer requires user interaction.
Post-Install User Message Click the check box to display a message to users after the installation
completes. When you click this check box, message field and timeout
options appear. Enter a message and a timeout value in minutes.
Deployment Window Enter the time (using a 24-hour clock) to deploy the package. The
Deployment Window times affects any of the Managed Action options.
Settings for this specific organization, overrides and/or interact with
the deployment window of a specific package.
Use Alternate Download Click this check box to specify details for alternate download. When you
click this check box, the following fields appear:
• Alternate Download Location: Enter the location from where
the K1000 Agent can retrieve digital installation files.
• Alternate Checksum: Enter an Alternate Checksum (MD5) that
purposes).
• Alternate Download User: Enter a user name that has necessary
privileges to access the Alternate Download Location.
• Alternate Download Password: Enter the password for the user
Note: If the target machine is part of a replication label, then the
appliance does not fetch software from the alternate download location.
For more information on using an alternate location, refer to
Distributing Packages from an Alternate Location, on page 114.
since that label cannot be specific to any managed installation, you
cannot specify an alternate checksum for matching the checksum on the
remote file share. For more information on how to create or edit labels,
refer to Managing Labels, on page 36.
7. Click Save.
To distribute files previously deployed after the deployment window has

closed, click the Resend Files button.

Wake-on-LAN
The K1000 Management Appliance Wake-on-LAN feature provides the ability to “wake up”
computers equipped with network cards that are Wake-on-LAN compliant.
Wake-on-LAN feature overview

The Wake-on-LAN feature enables you to remotely power-on device on your network, even if
those machines do not have the agent installed. Wake-on-LAN can target a label or a specific
MAC-addressed machine.
.
This feature only supports machines that are equipped with a Wake-On-LAN-
enabled network interface card (NIC) and BIOS.
Using the Wake-on-LAN feature on the K1000 Management Appliance will cause broadcast
UDP traffic on your network on port 7. This traffic should be ignored by most computers on
the network. The K1000 Management Appliance sends 16 packets per Wake-on-LAN request
because it must guess the broadcast address that is required to get the “Magic Packet” to the
target computer. This amount of traffic should not have a noticeable impact on the network.
Issuing a Wake-on-LAN request

You can wake multiple devices at once by specifying a label to which those devices belong, or
you can wake computers or network devices individually. To wake devices on a regular basis,
for example, to perform monthly maintenance, you can schedule a Wake-on-LAN to go out a
specific time.
If the device you want to wake is not inventoried by the K1000 Management Appliance but
you still know the MAC (Hardware) address and its last-known IP address, you can manually
enter the information to wake the device.
To issue a Wake-on-LAN request

1. Click Distribution > Wake-on-LAN.
The Wake-on-LAN page appears.
2. To wake multiple devices, select a label from the Labels drop-down list.
3. To wake computers individually:
a. Click them from the Wake a Computer list.
b. Press CTRL, and then select multiple computers.
4. To wake a network device, specify the device’s IP address in the Devices field.
5. Specify the MAC address of the device in the MAC Address field.
6. Specify the IP address of the device in the IP Address field.

8
7. Click Send Wake-on-LAN.

After you send the Wake-on-LAN request, the results at the top of the page indicate the
number of machines that received the request and to which label, if any, those machines
belong.
To schedule a Wake-on-LAN request

1. Click Distribution > Wake-on-LAN.
2. Click the Schedule a routine Wake-on-LAN event link.
The Wake-on-LAN page appears.
The Wake-on-LAN Settings page appears.
4. In the Labels to Wake-on-LAN box, select the labels to include in the request.
Press CTRL, then click to select multiple labels.
5. In the Limit by Operating Systems box, select the operating systems to include in
the request.
6. Select the appropriate radio button to schedule Wake-on-LAN scan, in the Scheduling
area:
Don’t Run on a (Default) Select to run the tests in combination with an event
Schedule rather than on a specific date or at a specific time.
Run Every day/specific Select to run the tests every day or only the selected day of the
day at HH:MM AM/PM week at the specified time.
Run on the nth of every Select to run the tests on a specific date or the same day every
month/specific month month at the specified time.
at HH:MM AM/PM
7. Click Save.
The Wake-on-LAN tab appears with the scheduled request listed. From this view you
can edit or delete any scheduled requests.
Troubleshooting Wake-on-LAN
When a Wake-on-LAN request fails to wake devices, it might be due inappropriate
configuration of network devices. For example:
• The device does not have a WOL-capable network card or is not configured properly.
• The K1000 Management Appliance has incorrect information about the subnet to which
the device is attached.
• UDP traffic is not routed between subnets or is being filtered by a network device.
• Broadcast traffic is not routed between subnets or is being filtered by a network device.
• Traffic on Port 7 is being filtered by a network device.

For more assistance with troubleshooting Wake-on-LAN, see:

http://support.intel.com/support/network/sb/cs-008459.htm.
Replication
Using a replication share is a method to handle managed installations, patching, or Dell
Updates where network bandwidth and speed are issues. In those situations, using a
replication share is a good alternative to downloading directly from an appliance.
A replication share allows an appliance to replicate software installers, patches, node
upgrades, and script dependencies to a shared folder on a node. If any replication item is
deleted from the appliance server, it is marked for deletion in the replication share and
deleted in the replication task cycle.

8
In creating a replication share, identify one node at each remote location to act as a
replication machine. The server copies all the replication items to the replication machine at
the specified destination path. The replication process automatically restarts if stopped due
to a network failure or replication schedule. If stopped, the replication process restarts at the
point it was stopped.
Sneaker net share – You can create a new folder and copy the contents of an existing
replication folder to it. You can then specify this folder as the new replication folder in the
appliance. The appliance checks if the new folder has all the replication items present and
replicates only the new ones. This results in conserving the bandwidth by not copying the
files twice. You can manually copy the contents of replication folder to a new folder. The
replication folder created in a machine follows following hierarchy:
\\machinename\foldername\repl2\replicationitems folder
The machine name and folder name is user defined while repl2 is automatically created by
appliance server. The replication items folder includes the folder for patches, kbots, upgrade
files, and software.
All the replication items are first listed in the replication queue and then copied one at a time
to the destination path. Any new replication item is first listed in the replication queue and
then copied after a default interval of 10 minutes.
Replication items are copied in this order:
1. Script dependencies
2. Software
3. Agent upgrades
4. Patches
Preparing to create a replication share

You can create replication shares only on the machines listed in the Inventory >
Computers tab. To create a share on a machine that is not listed in Inventory, you need to
first create an inventory record for the machine. For information, see Adding Computers to
Also, confirm or do the following:
• The replication share needs to have write permissions of the destination path to write
the software files.
• The K1000 agent needs to be installed on the replication share.
• Create a computer label for your target nodes before starting the process.
To create a replication share

1. Click Distribution > Replication.
The Replication Shares page appears.

The Replication Share: Edit Detail page appears.

3. Click the Replication Enabled check box.
4. Click Failover to K1000 (optional).
While you are testing the replication setup, don’t enable this setting so that you can
confirm that the replication is successful.
5. Select the node in the Replication Machine drop-down list.
The replication share is created on this node. The replication share can be created by
two methods:
• Locally
• Shared network drive
6. Specify the replication share destination details:
Writer’s comment -
7. Select the label for the nodes you want to get files from the replication share.
Verify that the selected computer label does not have KACE_ALT_LOCATION
specified. The replication share gets preference over the KACE_ALT_LOCATION while
downloading files to the node.
8. Specify the replication share download details:
Download Path Enter the path for nodes in the replication label to copy items from the
replication drive.
For example, a UNC path:
\\fileservername\directory\k1000\
Other nodes need read permission to copy replication items from this
shared folder.
Download Path User Enter the login name for accessing the download path. We recommend you
use only letters and numbers. Some other characters, for example, @, don’t
work.
Download Path Enter the password for accessing the download path. We recommend you
Password use only letters and numbers.
9. Specify the following:
Limit Patch O/S Files Click the OS patches to replicate from the patch subscription settings page.
Default: Replicate all displayed. (Only active patches are available.) For
information about patching, see Patching and Security Guide.
Limit Patch Language Click the language patches to replicate from the patch subscription settings
Files page. Default: Replicate all displayed. For information about patching, see
Patching and Security Guide.
Replicate App Patches Click to replicate the application patches to the replication share.

8
Replicate Dell Click to replicate Dell packages to the replication share.

Packages
Hi Bandwidth Enter the maximum bandwidth to use for replication. If this field is left
blank, the maximum bandwidth available for replication is used.
Lo Bandwidth Enter the restricted bandwidth to use for replication. If this field is left
blank, the maximum bandwidth available for replication is used.
Replication Schedule Select the bandwidth used for different time slots and/or days. The colors
represent:
• White – Replication Off
• Light Blue – Replication on with low bandwidth
• Blue – Replication on with high bandwidth
In the replication schedule, as well as clicking the individual cells, you can:
• Select hours (columns) by clicking the hour number.

• Select days (rows), by clicking the day of the week.
Copy Schedule From Select an existing replication schedule from the drop-down list to replicate
items according to that schedule.
Notes (Optional) Enter comments in the text box.
10. Click Save.
When you have completed testing, you might want to return to step 4 and check
Failover to K1000.
Working with your replication share

From the Replication tab, you can:
• Add or delete replication shares

• Enable or disable replication shares

• Start or restart a halted replication task

• Halt a running replication task
• Perform a share inventory for the replication share
To view replication share details

After creating a replication share and clicking Save, the Replication Shares page opens.
1. Click Distribution > Replication.
The Replication Shares page appears.
2. Click a replication share.
The Replication Share: Edit Detail page appears.
3. At the bottom of the Replication Share: Edit Detail page, you can also view the
following:
• Replication Queue: Click Replication Queue to see a list of replication files that
are going to be replicated with their status.
• Share Inventory: Click Show Share Inventory to see a list of replication items
that have been copied.
• Delete Queue: Click Show Delete Queue to see a list of replication items that are
marked for deletion.
Managing Dell Systems with Dell Updates

The Dell Updates tab offers Dell customers the Dell Client Updates and Dell Server
Updates features. You use these features to keep your Dell computers updated with the latest
software patches and upgrades.
Dell provides catalogs (lists) of software upgrades and patches, which you can choose to
install on the Dell computers in your appliance implementation. The catalogs provide
updates for:
• Software and firmware for servers and workstations.

• Some Dell-supplied applications.
The Dell Updates tab is similar features and workflow to the appliance patching features
on the Security tab. The two tabs are so similar that you can use the Patching and Security
Guide document for all the Dell Client Updates and Server updates except for the differences
listed in the next section. Patching and Security Guide is available from the www.kace.com
website, Support tab, under Documentation (your Support login is required).

8
Understanding the Differences between Patching

and Dell Updates
The K1000 Management Appliance patching and Dell Update features are nearly identical.
Read Patching and Security Guide for most patching/updating procedures. The exceptions are:
• The Dell Update subscription process is different from the K1000 Management
Appliance patch subscription process. For instructions on subscribing to Dell Updates,
see the Configuring Dell OpenManage Catalog Updates section below.
• The names used for these actions are different:
Dell Updates
Action Patching Term Term Used in:
Term
Probe your computers to Detection Inventory Patching and

determine whether they have or Security Guide
need a specific patch or update.
Install the patch or update on the Deployment Update This chapter and the
computers in your appliance Dell documentation.
implementation.
• You manage and execute Dell Updates and Patching from different appliance interface
pages:
Action K1000 Management Appliance Interface Page
Execute Dell Update Administrator Portal > Distribution > Dell Updates
schedules
Manage Dell Updates Administrator Portal > Organization: System > K1000 Settings >
Dell Client and Server Update Settings
Execute Patching Schedules Administrator Portal > Security > Detect and Deploy patches
Manage Patching Administrator Portal > Security > Patching > Subscription
Settings
Dell Client and Server Upgrade workflow

This section explains the general steps you use upgrade your Dell clients and servers. Unless
otherwise noted, see the Patching and Security Guide for details on these steps.
Follow these steps to use Dell client and server updates on an appliance:
1. (If needed) Upgrade your nodes and servers to the latest K1000 Management Appliance
release.
2. Configure the Dell Updates.
This includes deciding when to update your catalogs of Dell updates for Dell hardware
that you own. Once Dell OpenManage is set up on your appliance, it automatically
probes for and determines what updates your system requires. You do need to set up a
schedule for these updates and configure this process. This step is different than the
patching subscription. For details, see the Configuring Dell OpenManage Catalog

Updates section below. You configure Dell updates from the Administrator Portal >
Organization: System > K1000 Settings > Control Panel > Dell Client and
Server Update Settings page.
All other Dell Updates settings and feature are available on the Administrator Portal >
Organization: Default > Distribution > Dell Updates tab.
3. Filter out the updates that you do not want to apply to your servers and clients.
You may not want to install all of the patches from the catalog. Mark these patches as
inactive to prevent them from being automatically installed.
4. Group the updates by applications or software families in patch labels that your
schedules use to run the inventory and update actions.
For example, a label can specify patches for all Microsoft Windows systems.
5. Group your Dell systems together in machine labels that your schedules use to run the
inventory and update actions.
For example, you can collect all Dell servers running Microsoft XP into a single label
and then run a patch schedule to inventory and update them.
6. Perform an update inventory to discover which of your nodes have updates available.
You can perform this step independently, or as part of an inventory and update patch
schedule that also installs the updates. Normally, you perform the inventory
automatically as part of a patch schedule.
Patching and Security Guide uses the term detect or detection instead of inventory.
7. Install the updates on the nodes that need them.
This is known as patch update, and you can also perform it automatically part of an
update schedule.
Patching and Security Guide uses the term deploy or deployment instead of update.
8. Bring all these pieces together into patch schedules that automatically run inventory/
update actions for the updates in your update labels, on the corresponding computers in
your machine labels.
Patching and Security Guide walks you through the process of creating a schedule that
automatically inventories your hardware and updates it with the critical software
updates it needs. You can run schedules at any interval that you choose. Normally, you
create different schedules for the laptops, workstations, and servers in your appliance
implementation, because these three types of computers have very different usage
characteristics.
9. Test your schedules on a small subset of the computers you administer to make sure
everything is working the way you expect.
Configuring Dell OpenManage Catalog Updates

Follow these steps to configure the Dell update process for the operating systems and
applications that your appliance implementation uses. Dell updates its hardware patches in
Catalogs; one for serves and one for workstations.

8

1. Click K1000 Settings > Control Panel > Dell Client and Server Update
Settings page.
The Dell Client and Server Update Settings page appears:
2. Scroll to the bottom the page and click Edit Mode link.
The Dell Client and Server Update Settings page buttons and check boxes are enabled
for changes. The Download Status table shows you the current status of the Dell
catalogs that your appliance uses.
3. Click Disable import of Dell Client and Server Update Catalogs to stop the Dell
updates.
4. Click one of the Check for Changes options to set up a schedule for updating the Dell
catalogs.
The first option of these two is intended for weekly updates and the second for monthly.
5. Use the Stop Download section options to limit the amount of time you allow the Dell
updates to run.

You may want to enforce a hard stop at a specific time, for example, when your users
start working.
6. The Package Download Options buttons to specific whether to limit the Dell
updates to just the ones that apply to your appliance implementation now, or keep all of
the Dell updates available.
If you change operating systems or bring on new Dell equipment frequently, it’s
probably best to keep all Dell updates handy.
7. Click Refresh Catalog Now to update the catalogs immediately.

8. Click Delete All Files or Delete Unused Files to remove all or some of the Dell
catalog files.
These options can free disk space.
9. Click Save Dell Update Settings at the bottom of the page to make your changes take
effect.
This completes the process of configuring your Dell OpenManage catalog updates.

9
Using the Scripting Features
The Dell KACE K1000 Management Appliance Policy and Scripting component provides a
point-and-click interface to perform tasks that typically require you to use a manual process
or advanced programming.
• Scripting Overview, on page 143.

• Using the Appliance Default Scripts, on page 145.
• Creating and Editing Scripts, on page 146.
• Using the Run Now function, on page 156.
• Searching the Scripting Log Files, on page 158.
• About the Configuration Policies, on page 159.
• Using the Windows-based Policies, on page 160.
• Using the Mac OS Configuration-based Policies, on page 169.
Scripting Overview
With Policy and Scripting, you can more easily and automatically perform a variety of tasks.
You can perform these tasks across your network through customized scripts that run
according to your preferences.

9 Using the Scripting Features
Figure 9-1: The Scripting tabs
Scripts automate tasks like:
• Power management
• Installing software
• Checking antivirus status
• Changing registry settings
• Scheduling deployment to the endpoints on your network
Each script consists of:
• Metadata
• Dependencies (any supporting executable files that are necessary to run a script, for
example, .zip and .bat files)
• Rules to obey (Offline Kscripts and Online Kscripts)
• Tasks to complete (Offline Kscripts and Online Kscripts). Each script can have any
number of tasks, and you can configure whether each task must complete successfully
before the next is executed
• Deployment settings
• Schedule settings
You can create these types of scripts:

9
• Offline KScripts: These scripts can execute even when nodes are not connected to the
appliance server, such as at the time of Machine Boot Up and User Login. Or, they
execute at a scheduled time based on the node clock. You can create these scripts using
the K1000 Management Appliance scripting wizard.
• Online KScripts: These scripts can execute only when the node is able to ping the
appliance server. They execute at scheduled times based on the appliance clock. You can
create these scripts using the K1000 Management Appliance scripting wizard.
• Online Shell Scripts: These scripts can execute only when the node is connected to
the appliance server. They execute at scheduled time based on the server clock. The
online shell scripts are built using simple text-based scripts (bash, perl, batch, etc.)
supported by the target operating system. Batch files are supported on Windows, along
with the different shell script formats supported by the specific operating system of the
targeted machines.
Order of downloading script dependencies

The order of downloading script dependencies:
1. Local machine (checks if the dependency is present on the node).
2. KACE_ALT_LOCATION (Alternate Download Location if specified).
3. Replication server (if replication is enabled).
4. K1000 Server.
Using the Appliance Default Scripts

Your K1000 Management Appliance includes these ready-made scripts:
Script Name Description
Defragment the C: drive Defragments the c: drive on the computer.

Force Checkin Runs KBScriptRunner on a node to force a checkin.
WARNING: Do not run this with more than 50 nodes selected as it can
overload the server with requests.
Inventory Startup On some machines, a missing registry entry causes all the contents of the
Programs Fix system32 directory to be reported as the Startup Programs. This script fixes
the registry entry if it is missing.
Issue a DOS Command Issues the DOS-DIR command on a Windows system. Used as an example for
Example how to run a DOS command.
Issue a Mac Command Issues the AppDir.txt command to list the contents of the Mac OS
Example applications directory. Used as an example of how to run a command on a
Mac OS system.
K1000 Remote Control Disables the appliance Remote Control functionality on Windows XP
Disabler Professional by configuring Terminal Services properly.

Script Name Description
K1000 Remote Control Enables the appliance Remote Control functionality on Windows XP
Enabler Professional by configuring Terminal Services properly.
K1000Client debug logs Disables the debug switch used with the appliance Client debug logs Enable.
Disable
K1000Client debug logs Enables client debug and send the debug log back to the appliance. This
Enable script turns on debug only for the inventory and deployment part of the node.
It does not enable debugging of the scheduling service.
Make Removable Drives Allows removable drives to be mounted only as read-only (a method of
Read-Only controlling unauthorized access to data).
Make Removable Drives Removable drives can be mounted read-write.
Read-Write
Message Window Script Illustrates use of message window. Your script must have properly paired
Example create/destroy message window commands to work properly. Message
Windows remain displayed until one of the following occurs:
• User dismisses the message.
• Script finishes executing.
• Timeout is reached.
Put a Mac to sleep Puts a Mac OS system in sleep mode.
Reset KUID Deletes the registry keys that identify a node so that a new key can be
generated. Will only execute one time per node due to the
ResetKUIDRunOnce registry flag.
Shutdown a Mac Powers-off a Mac OS system.
Shutdown a Mac with An example Online KScript that uses the Alert User Before Run feature to
snooze allow the console user to snooze the shutdown.
Shutdown a Windows Specifies delay (in seconds) while the message in quotes is displayed to the
system user. Omit the -t parameter to silently and immediately shutdown nodes.
Shutdown a Windows An example Online KScript that uses the Alert User Before Run feature to
system with Snooze allow the console user to snooze the shutdown.
USB Drives Disable Disables usage of USB Drives.
USB Drives Enable Enables usage of USB Drives.
Creating and Editing Scripts

There are three ways to create scripts, which you can perform from the Scripting > Scripts
tab.
• By importing an existing script (in XML format).

• By copying and modifying an existing script.

9
• By creating a new script from scratch.
The process of creating scripts is an iterative one. After creating a script, deploy the script
to a limited number of machines to verify that the script runs correctly before deploying it
to all the machines on your network. (You can create a test label to do this.) Leave a script
disabled until you have tested and edited the script and are ready to run it.
Token Replacement Variables

You can use the following token replacement variables anywhere in the XML of a K1000
Management Appliance script. They are replaced at runtime on the node with appropriate
values:
• $(KACE_DEPENDENCY_DIR) expands to:

• Windows: $(KACE_INSTALL)\packages\kbots\xxx
• Mac OS and Linux: /var/kace/SMMP/kbots_cache/packages/kbots/xxx
Any script dependencies for this script are downloaded to the node in this folder.
• $(KBOX_INSTALL_DIR) – agent installation directory:

• Windows: C:\Program Files\KACE\KBOX
• Mac OS: /Library/KBOXAgent/Home/bin/
• Linux: /KACE/bin/
• $(KBOX_SYS_DIR) – agent machine's system directory:
• Windows: C:\Windows\System32
• Mac OS and Linux: /
• $(KACE_INSTALL) – same as KBOX_INSTALL_DIR.
• $(KBOX_EXECUTE_EVENT) – event causing KBOT to run,
[BOOTUP|LOGON|null].
• $(MAC_ADDRESS) – agent machine's primary MAC address.
• $(KACE_SERVER) – hostname of the appliance server.
• $(KACE_SERVER_PORT) – port to use when connecting to KACE_SERVER (80/
443).
• $(KACE_SERVER_URLPREFIX) – http/https.
• $(KACE_COMPANY_NAME) – agent's copy of the setting from server's
configuration page.
• $(KACE_SPLASH_TEXT) – agent's copy of the setting from server's configuration
page.
• $(KACE_LISTEN_PORT) – agent's port that server can use for Run Now.
• $(KACE_SERVER_URL) – combination of server, port, and URL prefix (http://
k1000_hostname:80).

• $(KBOX_IP_ADDRESS) – agent's local IP address (corresponds with network entry

of MAC_ADDRESS).
• $(KBOX_MAC_ADDRESS) – same as MAC_ADDRESS.
Adding Scripts
Offline and Online KScripts include one or more Tasks. Within each Task section, there are
Verify and Remediation sections where you can further define the script behavior. If a
section is left blank, it defaults to success.
For example, if you leave the Verify section blank, it ends in On Success.
To add an Offline KScript or Online KScript

1. Click Scripting > Scripts.
2. In the Choose Action menu, click Add New Item .
The Script: Edit Detail page appears.
3. In the Configuration area, enter the requested details:
Script Type Use this field to select the Offline Kscript or Online Kscript types.
Name (Optional) Enter a meaningful name for the script to make it easier to distinguish
from others listed on the Scripts tab.
Description (Optional) Enter a brief description of the actions the script performs. This
information helps you to distinguish one script from another on the Scripts tab.
Status Select a value to indicate whether the script is in development (Draft) or has
been rolled out to your network (Production). Use the Template status if you
are building a script that is used as the basis for future scripts.
Enabled Select to run the script on the target machines. Do not enable a script until you
are finished editing and testing it and are ready to run it. Enable the script on a
test label before you enable it on all machines.
Notes (Optional) Enter notes for yourself and other appliance administrators.
4. Specify the deployment options:
Deploy to All Select to deploy the script to all the machines.

Machines
Limit Select a label to limit deployment only to machines grouped by that label. Press
Deployment To CTRL and click labels to select more than one label.
Selected Labels
Limit Select to limit deployment to one or more machines. From the drop-down list,
Deployment To select the machines to add to the list. You can filter the list by entering filter
Listed Machines options.
Pick Specific OS Select to limit the script to specific operating system versions. (Otherwise, the
Versions: script runs on all versions of the operating systems you pick.)

9
Supported Select the operating systems to run the script on, or leave blank to run on all
Operating operating systems. The operating systems you select determine choices available
Systems to you in the Task options menus. The options are different for different
operating systems. If you pick more than one operating system, only the options
available for all of the operating systems are offered.
If you select a label as well, the script only runs on machines with that label if they
are also running the selected operating system.
Alerts: Alert User Before Run Provide the user the option of delaying or
Online KScripts canceling the script before it runs. (For example,
Only choose to enable this for scripts that reboot or
Agents 5.1 (and shut down computers.) If no user is logged in to
higher) Windows the console, the script runs immediately.
and Mac OS agents Dialog Options:
• OK - The script runs immediately.
• Cancel - The script is cancelled until its
next scheduled run.
• Snooze - The user is prompted again after
the Snooze Duration.
If the time specified by Dialog Timeout elapses
without the user pressing a button, the script
runs at that time.
When the user presses the snooze button, the
dialog reappears after the Snooze Duration.
Interaction With Run As:
• Only the console user can see the alert dialog
(and therefore choose to snooze or cancel)
regardless of the Run As setting.
• Enabling an alert prompts the console user
even if the script is set to run as all users or
another user.
Dialog Timeout (Minutes): Enter the number of minutes.
Snooze Duration Enter the number of minutes:
(Minutes):
Alert Message: Enter the message you want displayed to users.
Run As: Run As Local System Run with administrative privileges on local
Online KScripts machine.
Only Use this setting for all scripts created with a
wizard.
Run As User logged in to Affect that user’s profile.
console
Run As All Logged in Users Affect all users’ profiles.
Run As User: Handle network-wide tasks. Usually admin, but
you can run as any user.

Scheduling In the Scheduling area, specify when and how often the script is run.
Don’t Run on a Schedule Runs in combination with an event rather than
on a specific date or at a specific time. Use this
option in combination with one or more of the
“Also” choices below. For example, use this
option in conjunction with “Also Run at User
Login” to run whenever the user logs in.
Run Every nth minutes/hours Runs on every hour and minutes as specified.
Run Every day/specific day at Runs on the specified time on the specified day.
HH:MM AM/PM
Custom Schedule Allows you to set an arbitrary schedule using
standard cron format. For example, 1,2,3,5,20-
25,30-35,59 23 31 12 * * means:
On the last day of year, at 23:01, 23:02, 23:03,
23:05, 23:20, 23:21, 23:22, 23:23, 23:24, 23:25,
23:30, 23:31, 23:32, 23:33, 23:34, 23:35, 23:59.
The appliance doesn’t support the extended cron
format.
Also Run Once at next Client Runs the Offline KScript once when new scripts
Checkin (Only for Offline are downloaded from the appliance. To set the
KScript) time interval for downloading scripts, click
Scripting Update Interval in the help area on
this page.
Also Run at Machine Boot Up Runs the Offline KScript at machine boot time.
(Only for Offline KScript) Beware that this causes the machine to boot up
slower than it might normally.
Also Run at User Login (Only Runs the Offline KScript after the user has
for Offline KScript) entered their Windows login credentials.
Allow Run While Disconnected Allows the Offline KScript to run even if the
(Only for Offline KScript) target machine cannot contact the appliance to
report results. In such a case, results are stored
on the machine and uploaded to the appliance
until the next contact.
Allow Run While Logged Off Allows the Offline KScript to run even if a user is
(Only for Offline KScript) not logged in. To run the script only when the
user is logged into the machine, clear this
option.
5. Click Run Now to immediately push the script to all machines. Use this option with
caution. For more information about Run Now, refer to Using the Run Now function,
on page 156.
6. To browse for and upload files required by the script, click Add new dependency,
click Browse, and then click Open to add the new dependency file.
If a Replication Share is specified and enabled at Distribution > Replication, the
dependencies are downloaded from the specified replication share.

9
If the replication share is inaccessible, the dependencies are downloaded

from the appliance Server.
To enable this setting, click the Failover To K1000 check box on the
Replication Share : Edit Detail page.
Repeat this step to add additional new dependencies as necessary.

7. Click Add Task Section to add a new task.
The process flow of a task is a script similar to the following:
IF Verify THEN
Success
ELSE IF Remediation THEN
Remediation Success
ELSE
Remediation Failure
8. Under Policy or Job Rules, set the following options for Task 1:
Attempts Enter the number of times the script attempts to run.

If the script fails, but remediation is successful, you may want to run the task
again to confirm the remediation step. To do this, set the number of Attempts to 2
or more. If the Verify section fails, it is run the number of times mentioned in this
field.
On Failure • Select Break to stop running upon failure.
• Select Continue to perform remediation steps upon failure.
9. In the Verify section, click Add to add a step, and then select one or more steps to
perform.
Refer to Appendix B: Adding Steps to Task Sections, starting on page 235.
10. In the On Success and Remediation sections, select one or more steps to perform.
Refer to Appendix A: Administering Mac OS Nodes, starting on page 229.
11. In the On Remediation Success and On Remediation Failure sections, select one
or more steps to perform.
Refer to Appendix A: Administering Mac OS Nodes, starting on page 229.
To remove a dependency, task, or step, click the trash can icon beside the
item. This icon appears when your mouse hovers over an item.
Click beside Policy or Job Rules to view the token replacement variables
that can be used anywhere in the K1000 Management Appliance script. The
variables are replaced at runtime with appropriate values on the node. For
more information, refer to Token Replacement Variables, on page 147.

To add an Online Shell Script

2. In the Choose Action menu, click Add New Item .
3. In the Configuration area, enter the following information:
Script Type Select the Online Shell Script type.

Name Enter a meaningful name for the script to make it easier to distinguish
from others listed on the Scripts tab.
Description (Optional) Enter a brief description of the actions the script performs.
This field helps you to distinguish one script from another on the
Scripts tab.
Status Indicate whether the script is in development (Draft) or has been rolled
out to your network (Production). Use the Template status if you are
building a script to use as the basis for future scripts.
Enabled Click to run the script on the target machines. Do not enable a script
until you are finished editing and testing it and are ready to run it.
Enable the script on a test label before you enable it on all machines.
Notes (Optional) Enter any notes.
4. Specify the deployment options:
Deploy to All Click to deploy the script to all the machines.

Machines
Limit Select a label to limit deployment to machines in that label. Press CTRL
Deployment and click labels to select more than one label.
To Selected
Labels
Limit You can limit deployment to one or more machines. From the drop-
Deployment down list, select machines to add to the list. You can filter the list by
To Listed entering filter options.
Machines:
Pick Specific Select to limit the script to specific operating stem versions. Otherwise,
OS Versions: the script runs on all versions of the operating systems you pick.
Supported Select operating systems to run the script on, or leave blank to run it on
Operating all. The operating systems you select here determine choices available to
Systems you in the Task options menus. The options are different for different
operating systems. If you pick more than one operating system, only the
options available for all of the operating systems are offered.
If you selected a label as well, the script only runs on machines with that
label if they are also running the selected operating system.

9
Scheduling In the Scheduling area, specify when and how often the script runs.
Don’t Run on a Schedule The test runs in combination with an
event rather than on a specific date or at a
specific time. Use this option in
combination with one or more of the
“Also” choices below. For example, use
this option in conjunction with “Also Run
at User Login” to run whenever the user
logs in.
Run Every nth minutes/ The test runs on the interval of hour and
hours minutes specified.
Run Every day/specific The test runs on the specified time on the
day at HH:MM AM/PM specified day.
Custom Schedule This option allows you to set an arbitrary
schedule using standard cron format. For
example, 1,2,3,5,20-25,30-35,59 23 31 12
* * means:
On the last day of year, at 23:01, 23:02,
23:03, 23:05, 23:20, 23:21, 23:22, 23:23,
23:24, 23:25, 23:30, 23:31, 23:32, 23:33,
23:34, 23:35, 23:59. The appliance
doesn’t support the extended cron
format.
5. Click Run Now to immediately push the script to all machines. Use this option with
caution. For more information about the Run Now button, refer to Using the Run Now
function, on page 156.
6. To browse for and upload files required by the script, click Add new dependency,
click Browse, and then click Open to add the new dependency file.
If a Replication Share is specified and enabled at Distribution > Replication, the
dependencies are still downloaded from the appliance server, because Replication is not
supported by online shell scripts.
Repeat this step to add additional new dependencies as necessary.
7. Specify the following:
Script Text Enter the relevant script text.

Timeout (minutes) Enter the value in minutes, the maximum time, for which the server tries for
execution of the script.
Upload File Select to upload dependency file, if any, to the node. Specify the directory
path and file name.
Delete Downloaded Select to delete the downloaded files from the node.
Files
To remove a dependency, click the trash can icon beside the item. This
icon appears when your mouse hovers over an item.

Click beside Policy or Job Rules to view the token replacement variables
that can be used anywhere in the K1000 Management Appliance script, and
are replaced at runtime on the node with appropriate values. For more
information, refer to Token Replacement Variables, on page 147.
Editing Scripts
On the Script: Edit Detail page, you can edit the three types of scripts: Offline KScripts,
Online KScripts, and Online Shell Scripts. You can also edit Offline KScripts and Online
KScripts by using the wizard or with the XML editor. To use the XML editor, click the View
raw XML editor link below the Scheduling option.
To edit a script
2. Click the name of the script you want to edit.
3. Modify the script as desired.
4. Click Save.
To delete a script from the Scripts page

2. Click the check box beside the script you want to delete.
4. Click OK to confirm deletion.
To delete a script from the Scripts Edit page

2. Click the name of the script you want to delete.
3. Click Delete.
4. Click OK to confirm deletion.
Importing Scripts
If you prefer to create your script in an external XML editor, you can upload your finished
script to the K1000 Management Appliance. Be sure that the imported script conforms to the
following structure:
• The root element <kbots></kbots> includes the URL of the KACE DTD 
“kbots xmlns=”http://kace.com/Kbots.xsd”>...<kbots>
• One or more <kbot> elements.

9
• Exactly one <config> element within each <kbot> element.

• Exactly one <execute> element within each <config> element.
• One or more <compliance> elements within each <kbot> element.
The following is an example of XML structure for an appliance script:
<?xml version=”1.0” encoding=”utf-8” ?>

<kbots xmlns=”http://kace.com/Kbots.xsd”>
<kbot>
<config name=”name=”” type=”policy” id=”0” version=”version=””
description=”description=””>

<execute disconnected=”false” logged_off=”false”>
</execute>

</config>
<compliance>
</compliance>
</kbot>
</kbots>
In the above example of a simple XML script, the </config> element corresponds to the
Configuration section on the Script: Edit Detail page. This is where you specify the name of
the policy or job (optional), and the script type (policy or job). Within this element you can
also indicate whether the script can run when the target machine is disconnected or logged
off from the appliance.
You can specify whether the script is enabled and describe the specific tasks the script is to
perform within the <compliance> element.
If you are creating a script that will perform some of the same tasks as an
existing script, copy the existing script, and open it in an XML editor. The
script’s <compliance> element gives you an idea of how the script works,
and how you can change it.
For more information, refer to To Duplicate an existing Script, on page 155.
To import an existing script

2. In the Choose Action menu, click Import from XML.
3. Paste the existing script into the space provided, and click Save.
To Duplicate an existing Script

If you have already created a script that is similar to a proposed script, the duplicate feature
makes it easier to copy the script as a start for a new script.


2. Click the linked name of the script you want to copy to open it for editing.
3. Click Duplicate.
The Scripts list page appears, which includes a new script named “Copy of xxx”, where
“xxx” is the name of the copied script.
4. Click the linked name of the copied script to open it for editing.
Continue by following the steps in Adding Scripts, on page 148.
Using the Run Now function

The Run Now function provides a way for you to run scripts on selected machines
immediately without setting a schedule. For example, you may want to use this function if
you:
• Suspect machines on your network are infected with a virus or other vulnerability, and
they can compromise the entire network if not resolved right away.
• Want to test and debug scripts on a specific machine or set of machines during
development.
The Run Now function is available in three locations:
• Run Now tab—Running Scripts from the Scripting > Run Now tab allows you to run
one script at a time on the target machines.
• Script: Edit Detail Page—Running Scripts from the Script : Edit Detail page allows
you to run one script at a time on the target machines.
• Scripts List Page—Running scripts from the Scripts List Page using the Run Now
option from the Choose Action menu allows you to run more than one script at the
same time on the target machines.
To run scripts using the Run Now tab
CAUTION: A script is deployed immediately when you click Run Now:

• Use this feature cautiously!
• Do not deploy unless you are certain that you want to run the script on
the target machines.
1. Click Scripting > Run Now.

The Run Now page appears.
2. Select the Script you want to run in the Scripts list.

9
You can use the Filters options to filter the Scripts list.
3. Select the machines on which Script needs to run from the Inventory Machines list.
Selected machine names appear in the Machine Names field.
• You can use the Filters to filter the machine names list.
• You can add all the machines by clicking Add All.
At least one machine name is required.
4. Click Run Now to run the selected script.
Run Now from the Script Detail page

To minimize the risk of deploying to unintended target machines, create a label that
represents the machines you want to run the Run Now function on. Refer to Using the Run
Now function, on page 156, for more information.
2. Select the script you want to run.
3. Select the labels that represent the machines on which you want to run the script.
Press CTRL to select multiple labels.
4. Scroll to the bottom of the Scheduling section, and then click Run Now.
A confirmation dialog box appears if you have made any changes.
5. Click OK in the confirmation dialog box to save any unsaved changes before running.
The Run Now Status page is displayed after the script is run.
To use the Run Now function from the Scripts Lists Page
To minimize the risk of deploying to unintended target machines, create a label that
represents the machines you want to run the Run Now function on. Refer to Using the Run
Now function, on page 156, for more information.
2. Select the scripts you want to run.
3. From the Choose Action menu, click Run Now.
Monitoring Run Now Status

When you click Run Now or select Run Now from the Choose Action menu, the Run
Now Status tab appears where you can see a new line item for the script.
• The Pushed column indicates the number of machines on which the script is attempting
to run.
• The Completed column indicates the number of machines that have finished running
the script.

The numbers in these columns increment accordingly as the script runs on all of the selected
machines. The icons above the right-hand column provide further details of the script status.
Icon Description
The script completed successfully.
The script is still being run, therefore its success or failure is unknown.
An error occurred while running the script.
If errors occurred in pushing the scripts to the selected machines, you can search the
scripting logs to determine the cause. For more information about searching logs, refer to
Searching the Scripting Log Files, on page 158.
The Run Now function communicates over port 52230. One reason a script
might fail to deploy is if firewall settings are blocking the appliance Agent from
listening on that port.
Run Now Detail Page

For more information on a Run Now item, click the linked start time on the Run Now
Status page to display the item’s Run Now Detail page.
The Run Now Detail page displays the results of a script that was run manually using the
Run Now function, instead of running it on a schedule.
The Run Now Statistics section displays the results of a script that was pushed, the push
failures, push successes, completed machines, running machines, successes and failures in
numbers and percentage. The Push Failures section lists those machines that the server
could not contact and therefore did not receive the policy. Once pushed, it may take some
time for the machine to complete a policy. Machines that have received the policy, but have
not reported their results, are listed in the Scripts Running section. After the policy is run,
it reports either success or failure. The results are sorted under the appropriate section. Each
individual computer page also has the results of the Run Now events run on that machine.
The Run Failures section lists those machines that failed to complete the script. The Run
Successes section lists those machines that completed the script successfully.
Searching the Scripting Log Files

The Search Logs page allows you to search the logs uploaded to the K1000 Management
Appliance by the machines on your network.
To search scripting logs

1. Click Scripting > Search Logs.
2. Enter keywords for the scripts in the Search for field.

9
You can use the following operators to change how the logs are searched:
Operator Function
+ A leading plus sign indicates the word must be present in the

log.
- A leading minus sign indicates the word must not be present in
the log.
* A trailing asterisk can be used to find logs that contain words
that begin with the supplied characters.
“ A phrase enclosed in double quotes matches only if the log
contains the phrase exactly as typed.
3. To search only in logs uploaded by a particular script, choose the script name.
4. Select the log type to search in from the drop-down list.
You can choose from the following options:
• Output
• Activity
• Status
• Debug
5. In the Historical field, select whether to search in only the most recent logs or in all
logs from the drop-down list.
6. In the Labels field, select a label from the drop-down list to search logs uploaded by
machines in a particular label group.
7. Click Search.
The search results display the logs and the machines that have uploaded the logs.
You can apply a label to the machines that are displayed by selecting a label from the drop-
down list, under search results.
About the Configuration Policies

The Configuration Policy page displays a list of wizards you can use to create policies that
manage various aspects of the computers on your network.
To access the list of available Configuration Policy wizards, click the Scripting button, then
select the Configuration Policy tab. This section includes descriptions of the settings for
each of the policies you can create.
The Windows-based wizards include:
• Enforce Registry Settings, on page 160.

• Remote Desktop Control Troubleshooter, on page 161.
• Enforce Desktop Settings, on page 161.

• Desktop Shortcuts Wizard, on page 162.

• Event Log Reporter, on page 162.
• MSI Installer Wizard, on page 163.
• UltraVNC Wizard, on page 165.
• Un-Installer Wizard, on page 166.
• Windows Automatic Update Settings policy, on page 167.
• Power Management Wizard, on page 168.
For details, see Using the Windows-based Policies, on page 160.
The Mac OS-based wizards include:
• Enforce Power Management Settings, on page 169.

• Enforce VNC Settings, on page 170.
• Enforce Active Directory Settings, on page 171.
For details, see Using the Mac OS Configuration-based Policies, on page 169.
Using the Windows-based Policies

The following sections explain how to use the default policies available to Windows systems.
If you edit a Wizard-based policy, keep the “Run As” setting as local system.
Enforce Registry Settings

This wizard allows you to create scripts that enforce registry settings:
1. Use regedit.exe to locate and export the values from the registry that you are interested
in.
2. Open the .reg file that contains the registry values you want with notepad.exe and copy
the text.
3. Click Scripting > Configuration Policy.
4. Click Enforce Registry Settings.
The Configuration Policy : Enforce Registry Settings page appears.
5. Enter a policy name in the Policy Name field.
6. Paste the copied registry values into the Registry File field.
7. Click Save. The Script: Edit Detail page appears.
8. Enable and set a schedule for this policy to take effect.
A new script is created, which checks that the values in registry file match the values found
on the target machines. Any missing or incorrect values are replaced. Refer to Adding
Scripts, on page 148, for more information.

9
Remote Desktop Control Troubleshooter

This editor creates a troubleshooting script for the K1000 Management Appliance Remote
Control functionality. The script that this page generates tests the following:
• Terminal Services: To access a Windows XP Professional machine using Remote

Desktop, Terminal Services must be running. This script verifies that this is the case.
• Firewall Configuration: If the Windows XP SP2 Firewall is running on the machine,
several different configurations can affect results in Remote Desktop requests being
blocked by the firewall.
To troubleshoot remote behavior

1. Click Remote Desktop Control Troubleshooter.
The Configuration Policy : Remote Control Troubleshooter page appears.
2. Under Firewall Configuration, specify the required settings.
4. Enable and set a schedule for this policy to take effect. Refer to Adding Scripts, on
page 148, for more information.
Enforce Desktop Settings

This wizard allows you to build policies that affect the user's desktop wallpaper. The
wallpaper bitmap file is distributed to each machine affected by the policy. This file must be
in bitmap (.bmp) format.
To create a policy to enforce Desktop Settings

1. Click Enforce Desktop Settings.
2. Click the Use wallpaper check box.
3. Click Browse to select and upload the .bmp file to use for the wallpaper.
4. Select a position for the wallpaper image from the Position drop-down list.
• Select Stretch to stretch the image so that it covers the entire screen.
• Select Center to display the image in the center of the screen.
• Select Tile to repeat the image over the entire screen.
5. Click Save.

Desktop Shortcuts Wizard

This wizard allows you to quickly create scripts that add shortcuts to users' Desktop, Start
Menu, or Quick Launch bar. You can create an Internet shortcut and put a URL to the target
with no parameters and working shortcut.
To create scripts to add shortcuts

2. Click Desktop Shortcuts Wizard.
The Configuration Policy : Enforce Shortcuts page appears.
3. Enter a name for the desktop shortcut policy in the Policy Name field.
4. Click Add Shortcut.
5. Specify the shortcut details.
Name Enter the text label that appears below or beside the shortcut.
Target Enter the application or file that is launched when the shortcut is clicked,
for example, Program.exe.
Parameters Enter the any command line parameters. For example:
/S /IP=123.4
WorkingDir Enter the changes to the current working directory. For example:
C:\Windows\Temp
Location Select the location where the shortcut appears from the drop-down list.
Options include: Desktop, Quick Launch, and Start Menu.
6. Click Save Changes to save the new shortcut.

7. Click Add Shortcut to add more shortcuts. To edit or delete a shortcut, hover over a
shortcut and click the Trash can icon that appears.
8. Click Save.
Refer to Adding Scripts, on page 148, for more information.
Event Log Reporter

This wizard creates a script that queries the Windows Event Log and uploads the results to
the K1000 Management Appliance.
To create an Event Log query

2. Click Event Log Reporter.
The Configuration Policy : Event Log Reporter page appears.

9
3. Specify query details:
Output filename Enter the name of the log file created by the script.
Log file Enter the type of log you want to query: Application, System,
and Security.
Event Type Enter the type of event you want to query: Information,
Warning, and Error.
Source Name (Optional) Use this field to restrict the query to events from a
specific source.
4. Click Save.
The Script : Edit Detail page appears.
Refer to Adding Scripts, on page 148 for more information.
6. You can view the Event log in the Computers : Detail page of the particular machine, by
selecting Inventory > Computers.
7. In Scripting Logs, under Currently Deployed Jobs & Policies, click the View
logs link beside Event Log.
MSI Installer Wizard

This wizard helps you set the basic command line arguments for running MSI-based
installers. Refer to the MSDN website (msdn.microsoft.com) for complete options
documentation.
To create the MSI Installer policy

1. Click MSI Installer Wizard.
The Configuration Policy : MSI Wizard page appears.
Action Select a task from the drop-down list. Options include Install, Uninstall,
Repair missing files, and Reinstall all files.
Software Select the application you want to install, uninstall, or modify from the
drop-down list. You can filter the list by entering any filter options.
MSI filename Specify the MSI filename if it is a zip.
User Interaction Select an option to specify how the installation should appear to end users.
Options include: Default, Silent, Basic UI, Reduced UI, and Full UI.
Installation Directory Enter the installation directory.
Additional Switches Enter details of any additional installer switches. Additional Switches are
inserted between the msiexe.exe and the /i foo.msi arguments.

Additional Properties Enter details of any additional properties. Additional Properties are inserted
at the end of the command line.
For example:
msiexec.exe /s1 /switch2 /i patch123.msi TARGETDIR=C:\patcher
PROP=A PROP2=B
Feature List Enter the features to install. Separate features with commas.
Store Config per Select this box to do per-machine installations only.
machine
After install Select the behavior after installation. Options include:
• Delete installer file and unzipped files
• Delete installer file, and leave unzipped files
• Leave installer file, and delete unzipped files
• Leave installer file and unzipped files
Restart Options Select the restart behavior. Options include:
• No restart after installation
• Prompts user for restart
• Always restart after installation
• Default
Logging Select the types of installer messages to log. Press CTRL and click to select
multiple message types. Options include:
• None
• All Messages
• Status Messages
• Non-fatal warnings
• All error messages
• Start up actions
• Action-specific records
• User requests
• Initial UI parameters
• Out-of-memory or fatal exit information
• Out-of-disk-space messages
• Terminal properties
• Append to existing file
• Flush each line to the log
Log File Name Enter the name of the log file.

9
UltraVNC Wizard
The UltraVNC Wizard creates a script to distribute UltraVNC to Windows computers on your
network. UltraVNC is a free software application that allows you to remotely log into another
computer (through the Internet or network). Refer to the UltraVNC website
(www.uvnc.com) for documentation and downloads.
To distribute UltraVNC to the computers on your network

2. Click UltraVNC Wizard.
The Configuration Policy : Ultra VNC Wizard page appears.
3. Specify UltraVNC installation and authentication options:
Install Options Install Mirror Driver Check the Mirror Driver box to install the optional
UltraVNC Mirror Video Driver.
The Mirror Video Driver is a driver that allows faster and
more accurate updates. The video driver also makes a
direct link between the video driver framebuffer memory
and UltraWinVNC server.
Using the framebuffer directly eliminates the use of the
CPU for intensive screen blitting, resulting in a big speed
boost and very low CPU load.
Install Viewer Check the Viewer box to install the optional UltraVNC
Mirror Video Driver.
Authentication VNC Password Provide a VNC password for authentication.
Require MS Logon To use MS Logon authentication, and to export the ACL
from your VNC installation, use:
MSLogonACL.exe /e acl.txt
Copy and paste the contents of the text file into the ACL
field.
Review the script that is generated by this wizard to make
sure its output is expected. You can view the raw script by
clicking View raw XML Editor on the Script Detail
page.
4. Specify UltraVNC miscellaneous options:
Disable Tray Icon Select this box if you do not want to display the UltraVNC tray icon on
the target computers.
Disable client options in Select if you do not want to display node options in the tray icon menu
tray icon menu on the target computers. Available if you did not select Disable Tray
Icon.

Disable properties panel Select to disable the UltraVNC properties panel on the target
computers.
Forbid the user to close Select if you do not want to allow computer users to shut down
down WinVNC WinVNC.
5. Click Save.
page 148, for more information.
Un-Installer Wizard
This wizard allows you to quickly build a script to uninstall a software package. The resulting
script can perform three actions: Execute an uninstall command, Kill a process, and Delete a
directory.
To create an uninstaller script

2. Click Un-Installer Wizard.
The Configuration Policy : Uninstaller page appears.
Job Name Enter a name for the uninstaller script.

Software Item Select the software item to uninstall from the drop-down list.
The wizard attempts to fill in the correct uninstall command. Verify
that the values are correct.
Uninstall Command When you select the software item, the wizard attempts to fill in the
Directory uninstall command directory, file, and parameters.
Uninstall Command File Review the entries to make sure the values are correct.
Uninstall Command
Parameters
Kill Process To have a process killed before executing the uninstall command,
enter the full name of the process in the Kill Process field.
For example: notepad.exe
Delete Directory. To have a directory deleted after executing the uninstall command,
enter the full name of the directory in the Delete Directory field
here. For example: C:\Program Files\Example_App\.
4. Click Save.

9
Windows Automatic Update Settings policy

The K1000 Management Appliance provides a way for you to control the behavior of the
Windows Update feature. This feature allows you to specify how and when Windows updates
are downloaded so that you can control the update process for the computers on your
network. The configuration settings reside under the Scripting > Configuration Policy
tab. More detailed information can be found at Microsoft's support site: KB Article
328010.
To modify Windows Automatic Update settings

2. Click Windows Automatic Update Settings.
The Windows Automatic Update Policy page appears.
Automatic (recommended) Select this option to enable automatic downloading of Windows

Updates.
Download updates for me, but Select to ensure that you receive the latest downloads, but control their
let me choose when to install installation.
them.
Notify me but don’t Select to provide the additional flexibility in installation of updates.
automatically download or Important: This may make your network more vulnerable to attack if
install them. you neglect to retrieve and install the updates on a regular basis.
Turn off Automatic Updates Select if you are using the appliance patching feature to manage
Microsoft patch updates.
Remove Admin Policy. User Select to provide users with the control over the updates downloaded.
allowed to configure. Important: This may make end-users, and as a result your network,
more vulnerable to attack.
Reschedule Wait Time Select the interval (in minutes) from the Reschedule Wait Time
drop-down list to wait before rescheduling an update if the update
fails.
Do not reboot machine while Select to specify no reboot while a user is logged in.
user logged in
4. Enter the details for the SUS Server and SUS Server Statistics.
5. Click Save.
Refer to Adding Scripts, on page 148, for more information.
To start the Automatic Windows Update on a node

You can start the Automatic Windows Update on the node using one of these methods:

• Enabling automatic windows updates settings policy of the appliance on the node.
• Enabling local policy for automatic deployment of windows update on the node.
• Modifying the registry key for automatic deployment of windows update on the node.
• Setting up the group policy on the domain for automatic deployment of windows update
on the node.
• Configuring the patching functionality for automatic deployment of windows update on
the node.
If you are using the patching functionality for automatic deployment of

Windows updates on the node, you must disable the automatic deployment
of Windows updates on the node by any other process to avoid the conflict
between the different deployment processes.
Power Management Wizard

The Power Management Wizard enables you to configure power management settings to
determine and/or decrease the amount of time your computers are drawing power.
• To enable power management on a Windows XP System, you need EZ GPO. The Power
Management Wizard automatically downloads EZ GPO when run on a Windows XP
system. EZ GPO is a free tool that works in conjunction with Group Policy Objects on
Windows XP. For more information on EZ GPO, see: http://www.energystar.gov
• On Windows 7 and Vista machines, power management is configured using the built-in
powercfg command. (EZ GPO does not work on these platforms.)
About monitoring power use

Most power companies are concerned with the consumption of desktop systems, but not
laptops. For example, to collect information of desktop systems:
• Create a Smart Label in Inventory for the chassis type.

• Create reports grouping machines by the chassis type.
• Make a Smart Label in Inventory for Uptime since last reboot that contains the
number of days that concern you.
To get an overview of your power consumption, run reports about power management for
about a month. Go to Reporting > Reports, to see the available reports in the Power
Management category.
You can also configure how long node uptime information is retained. See To configure
general settings for the server, on page 19. This is one of the last configuration options.
To configure Power Management

2. Select Power Management.
3. On the Windows Configuration Policy page, select your target operating system.

9
• If you manage Windows XP systems, refer to the side bar help.

• If you handle Windows Vista or Windows 7, you can select one of standard
configurations: Balanced, High Performance, Power Saver, or Custom.
4. Click Save.
The Script : Edit Detail page opens.
5. Select the value for Status.
6. (Optional) Enter any Notes.
7. Limit the script to the appropriate version of Windows by doing one or both of the
following:
• In the Deployment section, use labels to limit the deployment of the script to
computers that run the corresponding version of Windows.
• In the Supported Operating Systems section, click Pick Specific OS version and
select the supported version of Windows.
For example, if you select Deploy to All Machines, you can use click the check box for
Pick Specific OS Version to limit it to a specific version of Windows.
Windows XP: Keep the default Run as Local System with any script created in a
wizard.
“Run As” options are offered with Online KScripts like the Windows XP version of the
Power Management script.
8. (Optional) Alert users before run.
9. (Optional) Change Scheduling to your preferences.
10. Click Save.
Using the Mac OS Configuration-based Policies

The following sections explain how to use the default policies available to Mac OS systems:
• Enforce Power Management Settings, on page 169.

• Enforce VNC Settings, on page 170.
• Enforce Active Directory Settings, on page 171.
Enforce Power Management Settings

This policy offers you these different energy management profiles to configure and use on
your Mac OS-based systems:
• Better energy savings

• Normal
• Better Performance
• Custom

You can tailor each of the profiles to these power sources:
• All
• Battery
• Charger (Wall Power)
• UPS
Power usage settings are a trade-off between CPU usage and power usage. Most of the
settings are on/off check boxes to apply or remove options. You can add time periods, in
numbers, to the Sleep settings. The policy options are shown below:
Figure 9-2: The Mac Power Management page
Enforce VNC Settings

This configuration policy controls enables/disables the Mac OS built-in VNC server.

9
Figure 9-3: The Enforce VNC Settings page
Enforce Active Directory Settings

You use this policy to add or remove a computer from your domain by:
• Choosing to add or remove a system.

• Entering your administrator credentials.
The resulting script assumes that you have root access and shows your
password unencrypted (clear text), so make sure that anyone using this script
is trusted.
• Specifying the LDAP domain name and user authentication information.

• Deciding on the other options you have for this system as shown below.
You can also use this policy to ensure that your Mac OS nodes check into your Active
Directory database.

Figure 9-4: The Enforce Active Directory Settings page

10
Maintaining Your K1000
Management Appliance
This chapter describes the most commonly used features and functions for maintaining and
administering K1000 Management Appliance.
• K1000 Management Appliance maintenance overview, on page 173

• Backing up K1000 Management Appliance data, on page 174.
• Restoring K1000 Management Appliance settings, on page 176.
• Updating K1000 Management Appliance software, on page 177.
• Updating OVAL definitions, on page 180.
• Troubleshooting K1000 Management Appliance, on page 180.
• Windows debugging, on page 182.
K1000 Management Appliance maintenance

overview
The Server Maintenance page allows you to perform a variety of functions to maintain
and update your K1000 Management Appliance, for example:
• Access the most recent appliance server backups

• Upgrade your appliance server to a newer version
• Retrieve updated OVAL definitions
• Restore to backed-up versions and also create a new backup of the appliance at any time
The Server Maintenance tab also enables you to reboot and shut down the appliance, as
well as update appliance license key information.
From the Server Maintenance tab you can:
• Upgrade the appliance

• Update OVAL vulnerability definitions
• Create a backup appliance
• Enter or update the appliance License Key
• Restore to most recent backup
• Restore to factory default settings

10 Maintaining Your K1000 Management Appliance
• Restore from uploaded backup files

• Reboot your appliance
• Reboot with extended database check
• Shut down your appliance
Upgrading your appliance

KACE provides new server software patches on the corporate server. Your appliance checks
kace.com nightly for recommended upgrades, which you can apply from the server
maintenance page.
To upgrade your K1000 Management Appliance

2. Go to K1000 Settings > Server Maintenance.
3. Click Edit Mode.
4. Click Check for Upgrade.
If the upgrade is available, the label Available Upgrade along with the build number is
displayed. Click Release Notes to view the release notes of the available build.
If the upgrade is not available, the label Your K1000 is up to date, is displayed.
5. Click Upgrade Now to upgrade to the available build.
When the appliance has finished upgrading, reboot it to use the latest features.
Backing up K1000 Management Appliance data

By default, your K1000 Management Appliance automatically backs up at 3 A.M., creating
two files on the backup drive:
• k1000_dbdata.gz, containing the database backup

• k1000_file.tgz, containing any files and packages you have uploaded to the appliance.
To run the appliance backup manually

To run a K1000 Management Appliance backup before the nightly backup occurs, run the
backup manually:
3. Click Edit Mode.
4. In the K1000 Controls section, click Run Backup.
After creating the backup, the Settings > Logs tab appears.

Maintaining Your K1000 Management Appliance
10
Downloading backup files to another location

The backup files are used to restore your K1000 Management Appliance configuration in the
event of a data loss or during an upgrade or migration to new hardware. The K1000
Management Appliance contains only the most recent full backup of the files.
For a greater level of recoverability (for instance if you wanted to keep rolling backups), you
can offload the backup files to another location so that they can be restored later if necessary.
You can access the backup files for downloading from the Administrator UI as well as
through ftp.
To change backup file location

3. In the K1000 Controls section, click the backup links:
• k1000_dbdata.gz – contains the database backup
• k1000_file.tgz – contains the files and packages you uploaded to the K1000
Management Appliance
4. Click Save in the dialog box that appears.
• In Internet Explorer, use Browse to specify a location for the files and click Save.
• In Firefox, you must have previously set the download location.
To access the backup files through ftp

1. Open a command prompt.
2. At the C:\ prompt, enter:
ftp k1000
3. Enter the login credentials:

Username: kbftp, password: getbxf
4. Enter the following commands:
> type binary

> get k1000_dbdata.gz
> get k1000_file.tgz

>close
>quit
Restoring K1000 Management Appliance settings

You use backup files to restore your appliance configuration in the event of a data loss, or to
transfer the setting during an upgrade or migration to new hardware. Restoring any type of
backup file destroys the data currently configured in the appliance server. Dell recommends
off-loading any backup files or data that you want to keep before performing a restore.
If your backup files are too large to upload using the default HTTP mechanism
(the browser times out), you can upload them using FTP. To upload using FTP,
enable the Enable backup via FTP and Make FTP writable security settings.
For details see Configuring Security Settings for the Server, on page 25.
Restoring from most recent backup

The appliance has a built-in ability to restore files from the most recent backup directly from
the backup drive. You can access the backup files from the Administrator UI or through ftp.
To restore from the most recent backup

3. Click Edit Mode.
4. Click Restore from Backup.
Uploading files to restore settings

If you have off-loaded your backup files to another location, you can upload those files
manually, rather than restoring from the backup files stored on the K1000 Management
Appliance.
To upload backup files

1. Go to Settings > Server Maintenance.
2. Scroll down and click the Edit Mode.
3. In the K1000 Restore section, click Browse and locate the backup file.
4. Click Restore from Upload Files.
Restoring to factory settings

The appliance has a built-in ability to restore the itself back to its factory settings.
To view the factory settings refer to To set up your K1000 Management Appliance server, on
page 3.

10
To restore to factory settings

2. Scroll down and click Edit Mode.
3. Click Restore Factory Settings.
Updating K1000 Management Appliance software

Part of maintaining your Dell KACE K1000 Management Appliance appliance involves
updating the software that runs on the K1000 Management Appliance server. This process
also involves:
• Verifying that you are using the minimum required version of the K1000 Management
Appliance
• Updating the license key in the Dell KACE K1000 Management Appliance to obtain the
current product functionality.
To verify the minimum server version

Before applying this update, verify your K1000 Management Appliance server version meets
the minimum version requirement.
1. Open your browser, and go to the URL for the K1000 Management Appliance appliance
(http://k1000/admin).
2. Select the About K1000 link located at the lower left of the screen.
3. The System Management Appliance line (below license agreement) contains the release
number, as shown in Figure 10-1 on page 178.

Figure 10-1: About K1000
Updating the license key

After installing an upgrade to the Dell KACE K1000 Management Appliance server, you may
need to enter a new KACE license key to fully activate the K1000 Management Appliance.
You need the new license key to upgrade your appliance.
Updating your Dell KACE K1000 Management Appliance

license key
3. Under License Information, enter your new license key.
4. Click Save License.
Applying the server update

If you are using a previous version of the Dell KACE K1000 Management Appliance, you
must apply the earlier updates separately before continuing. Refer to the release notes for

10
your version of the Dell KACE K1000 Management Appliance to determine the minimum
updates.
To apply the server update

1. Download the k1000_upgrade_server_XXXX.bin file, and save it locally.
2. Open your browser to http://k1000/admin.
5. Under Update K1000, click Browse, and locate the update file you just downloaded.
6. Click Update K1000.
When the file has completed uploading, your K1000 Management Appliance will reboot
with the latest features.
To verify the upgrade

After applying the upgrade, verify successful completion by reviewing the update log.
1. Go to Settings > Logs.
2. Select Updates from the Current log drop-down list.
3. Review the Update log for any error messages or warnings.
4. Click About K1000 in the upper right corner to verify the current version.
Updating patch definitions from KACE

Although the definitions for Microsoft patches are updated automatically on a scheduled
basis, you can retrieve the latest files manually from the Server Maintenance page.
To update the patch definitions

3. Click Update Patching to update your patch definitions.
To delete patch files

You can delete all previously downloaded patches:
3. Click Delete Patch Files to delete the patch files.

To Reboot and shut down KACE K1000 Appliances

You may need to reboot the appliance from time to time when troubleshooting or possibly
upgrading its settings.
1. Click Settings > Server Maintenance.
2. Click Reboot K1000.
Before you can perform hardware maintenance, you need to shut down the appliance before
unplugging it. You can shut down the appliance either by:
• Pressing the power button once, quickly.

• Clicking the Shutdown K1000 button on the Settings > Server Maintenance tab.
You can use the Reboot and Shutdown buttons after you click the "Edit
Mode" link at the bottom of the page.
Updating OVAL definitions

Although the definitions for OVAL vulnerabilities are updated automatically on a scheduled
basis, you can retrieve the latest files manually from the Server Maintenance page. For more
information about OVAL definitions, see K1000 Security and Patching Guide.
To update the OVAL and patch definitions

3. Click Update OVAL.
Troubleshooting K1000 Management Appliance

Your appliance offers several log files that can help you detect and resolve errors. The log
files are rotated automatically as each grows in size so no additional administrative log
maintenance procedures are required. Log maintenance checks are performed daily.
The appliance maintains the last seven days of activity in the logs. KACE Technical Support
may request that you send the appliance Server logs if they need more information in
troubleshooting an issue. To download the logs, click the Download Logs link. For more
information, see Downloading log files, on page 181.

10
Accessing K1000 Management Appliance logs

You can access the appliance Server logs by going to the Settings > Logs tab. Select the
appropriate log to view from the Current log drop-down list. This area also provides a
reference for any K1000 Management Appliance informational or exception notices.
Log Type Log Name Description
Hardware Disk Status Displays the status of the appliance disk array.
Appliance K1000 Log Displays the errors generated on the server.
Access Displays the HTTP Server's access information.
Server Errors Displays errors or server warnings regarding any of the onboard server
processes.
Stats Displays the number of connections the appliance is processing over
time.
Updates Displays details of any appliance patches or upgrades applied using the
Update K1000 function.
Node Client Errors Displays Agent exception logs.
AMP Server Displays AMP server errors.
AMP Queue Displays AMP Queue errors.
Downloading log files

The Dell KACE K1000 Management Appliance provides the ability to directly download the
logs into one file from the Admin UI. To help diagnose a problem, Dell KACE Technical
support might ask you to submit log files.
To download Dell KACE K1000 Management Appliance logs

1. Go to Settings > Logs.
2. Click Download logs on the right of the Log page.
The logs are downloaded in the k1000_logs.tgz file.
3. Click Save.
In addition to the standard logging, you can enable other debug logs on a node:
• K1000 Agent – Enable debug logging on the node to troubleshoot machine inventory,
managed installs and file synchronizations.
• K1000 AMP Service – Enable debug logging on the Windows node to troubleshoot
the on-demand running of Desktop Alerts, Run-Now scripts, and Patching. You can
enable debug logging by configuring AMP Settings. For information on how to configure
the AMP Settings page, refer to Configuring Agent Messaging Protocol Settings, on
page 29.

Windows debugging
To log on to the AMP service

1. Open the SMMP configuration file:
%PROGRAMFILES%\KACE\K1000\SMMP.conf
2. Add the following line:
debug=true
For more information on debug logging on Linux and Mac OS platforms, refer
to Appendix E: Manually Deploying Agents, starting on page 269.
SMMP.conf Windows Mac OS X Linux
without debug=true debug.log with basic agent.log with basic agent.log with basic
logging logging logging
with debug=true debug.log with detailed agent.log with detailed agent.log with detailed
logging logging logging

10
Understanding Disk Status log data

When troubleshooting K1000 Management Appliance, you often work with the Disk Status
log. If there is a physical problem with the appliance, that issue is reflected here.
K1000 Management Appliance server and agent exceptions are reported nightly to kace.com
if you enabled crash reporting on the Settings > General tab.

Figure 10-2: Disk Status Log
In the cases where the logs display errors, this section will be helpful to solve any problems.
This section does not describe every possible error message, but other possible errors can be
resolved by following the same steps:
Step Description
Step 1: Rebuild The disk status log error “Degraded” indicates that you need to rebuild
the array. To do this:
• Click Rebuild Disk Array. Rebuilding can take up to 2 hours.
• If an error state still exists after this, proceed to step 2.
Step 2: Power Down and In some cases, the degraded array may be caused by a hard-drive that is
Reseat the Drives no longer seated firmly in the drive-bay. In these cases, the disk status
will usually show “disk missing” for that drive in the log.
• Power down the Dell KACE K1000 Management Appliance.
• Once the appliance is powered off, eject each of the hard-drives and
then re-insert them, making sure that the drive is firmly in the bay.
• Power the machine back on and then look again at the disk status log
to see if that has resolved the issue.
• If an error state still exists, try rebuilding again or proceed to Step 3.

10
Step Description
Step 3: Call Dell KACE If you have performed the previous steps and are still experiencing errors,
Technical Support contact Dell KACE Technical Support by e-mail (support@kace.com)
or phone (888) 522-3638 option 2.


11
LDAP
The Dell KACE K1000 Management Appliance LDAP feature lets you to browse and search
the data located on an LDAP Server.
• About LDAP Labels, on page 187.

• Creating an LDAP Label Manually, on page 188
• Creating an LDAP Label with the Browser, on page 189.
• Using LDAP Easy Search, on page 190.
• Using the LDAP Browser Wizard, on page 191.
• Automatically Authenticating LDAP Users, on page 193.
About LDAP Labels

LDAP Labels allow the automatic labeling of machine records based on LDAP or Active
Directory interaction. The search filter queries the LDAP server. If it finds any entries they
are automatically labelled.
If the LDAP server requires credentials for administrative login (aka non-
anonymous login), supply these credentials.
If no LDAP user name is given, an anonymous bind is attempted. Each LDAP
Label may connect to a different LDAP/AD server.
You may bind to an LDAP query based on the following Dell KACE K1000 Management
Appliance variables:
• Computer Name
• Computer Description
• Computer MAC
• IP Address
• User name
• User Domain
• Domain User

11 LDAP
Creating an LDAP Label Manually

1. Click Home > Label > LDAP Labels.
The LDAP Label : Edit Detail page appears.
Skip the Enabled check box until you have tested the LDAP Label.
Enabled Check this box to enable the appliance to run the label each time a system
checks in. Check this box after you have tested the label.
Filter Type Select the LDAP filter type, either Machine or User.
Associated Label Select an existing label to associate with this LDAP label.
Name
Associated Label Notes Any Notes from the label definition are automatically added to this field.
Server Hostname Specify the IP or the Host Name of the LDAP Server.
Note: For connecting through SSL, use the IP or the Host Name, as
ldaps://HOSTNAME
If you have a nonstandard SSL certificate installed on your LDAP server you
need to contact KACE Support for assistance before proceeding. A
nonstandard certificate can be an internally-signed or a chain certificate
that is not from a major certificate provider such as Verisign.
LDAP Port Number Enter the LDAP Port number, which is either 389 or 636 (LDAPS).
Search Base DN Enter the Search Base DN (Distinguished Names). For example:
CN=Users,DC=kace,DC=com
Search Filter Enter the Search Filter. For example:
(&(sAMAccountName=admin)(memberOf=CN=financial,DC=ka
ce,DC=com))
LDAP Login Enter the LDAP login. For example:
LDAP Login: CN=Administrator, CN=Users,DC=kace=com
LDAP Password Enter the password for the LDAP login.
If you are unable to fill in the information for Search Base DN and Search Filter, you can
use the LDAP Browser Wizard. For more information on the LDAP Browser Wizard,
refer to Service Desk Administrator Guide.
4. Click the Test LDAP Label button to test your new label. Change the label parameters
and test again as necessary.
5. If the LDAP Label is ready to use, click Enabled.
Otherwise, you can save without enabling.
6. Click Save.
Each time a machine checks into the K1000 Management Appliance, this query runs against
the LDAP server. The admin value in the Search Filter is replaced with the name of the user

LDAP
11
that is logged onto this machine. If a result is returned, the machine gets the label specified
in the Associated Label field.
To test your LDAP label, click the Test button and review the results.
You can also create an LDAP Label using the LDAP Browser.
Creating an LDAP Label with the Browser

The LDAP Browser allows you to browse and search the data located on the LDAP Server.
For example, Active Directory Server.
You must have the Bind DN and Password to log on to the LDAP Server.
1. Go to Home > Labels > LDAP Browser.
2. Specify the LDAP Server Details
LDAP Server Enter the IP or the Host Name of the LDAP Server.
ldaps://HOSTNAME
If you have a nonstandard SSL certificate installed on your LDAP server,
such as an internally-signed or a chain certificate not from a major
certificate provider such as Verisign, contact KACE Support for
assistance before proceeding.
LDAP Port Enter the LDAP Port number, either 389 or 636 (LDAPS).
LDAP Login Enter the Bind DN. For example:
CN=Administrator,CN=Users,DC=kace,DC=com
3. Click Test.
On a successful connection to the LDAP server, a list of possible base DNs
(Distinguished Names) available on that directory is displayed. You can use these base
DNs as a starting point to browse and search the directory.
If the connection was not established, the Operation Failed message appears, which
can be due to one of the following reasons:
• The IP or Host Name provided is incorrect.

• The LDAP server is not up.
• The login credentials provided are incorrect.
4. Click a Base DN, or click Next.
A new window displays the Search Base DN and the Search Filter. The Search Base DN
is populated on the basis of the Base DN that you selected in the previous screen. You
can modify the Search Base DN and the Search Filter.

11 LDAP
5. You can also use the Filter Builder to create complex filters. Click Filter Builder.
The Query Builder is displayed. Specify the following information.
Attribute Name Enter the Attribute Name. For example, samaccountname.

Relational Operator Select the relational operator from the drop-down list. For
example, =.
Attribute Value Enter the attribute value. For example, admin.
6. To add more than one attribute:
Conjunction Operator Select the conjunction operator from the drop-down list. For
example, AND.
Note: This field is available for the previous attribute only when
you add a new attribute.
Add Click Add. You can add multiple attributes.
Search Scope Click One level to search at the same level or click Sub-tree
level to search at the sub-tree level.
7. Click OK.
The query appears in the Search Filter text area. For example,
(samaccountname=admin).
8. Click Browse to display all the immediate child nodes for the given base DN and search
filter. Click Search to display all the direct and indirect child nodes for the given base
DN and search filter.
The search results are displayed in the left panel.
9. Click a child node to view its attributes.
The attributes are displayed in the right panel.
Using LDAP Easy Search

You can use LDAP Easy Search to quickly search the data located on the LDAP Server.
To use the LDAP Easy Search
1. Go to Home > Label >LDAP Browser.

LDAP Server Enter the IP or the Host Name of the LDAP Server.
ldaps://HOSTNAME
If you have a nonstandard SSL certificate installed on your LDAP server
you need to contact KACE Support for assistance before proceeding. A

LDAP
11
3. Click Test.
4. On a successful connection to the LDAP server, a list of possible base DNs available on
that directory is displayed. You can use these base DNs as a starting point to browse and
search the directory.
If the connection was not established, the Operation Failed message appears. Check
the following causes:

• The LDAP server is not up.
5. Click a Base DN, or click Next.
6. Click the Go to LDAP Easy Search link.
The LDAP EasySearch page appears.
7. Enter any key word for search, and click GO.
For more specific search you can click the Indexed field option or Non-Indexed
field option. You can also specify Other attributes, separated by comma.
Using the LDAP Browser Wizard

The LDAP Browser Wizard enables you to fill in the information for Search Base DN and
Search Filter. Using the LDAP Browser Wizard you can browse and search the data located
on the LDAP Server. For example, Active Directory Server.
You must have the Bind DN and the Password to log on to the LDAP Server.
To use the LDAP Browser Wizard

1. Go to Home > Label >LDAP Browser.

11 LDAP
LDAP Server Enter IP or Host Name of the LDAP Server.

ldaps://HOSTNAME
If you have a nonstandard SSL certificate installed on your LDAP server
you need to contact KACE Support for assistance before proceeding. A
3. Click Test.
4. On a successful connection to the LDAP server, a list of possible base DNs
(Distinguished Names) available on that directory is displayed. You can use these base
DNs as a starting point to browse and search the directory.
If the connection was not established, the Operation Failed message appears. Check
the following causes:

• The LDAP Server is not up.
5. Click Next or one of the base DNs to advance to the next step.
6. To create complex filters, click Filter Builder.
The Query Builder is displayed.
7. Specify the following information:
Attribute Name Enter the Attribute Name. For example, samaccountname.

Relational Operator Select the Relational Operator from the drop-down list. For
example, =.
Attribute Value Enter the Attribute Value. For example, admin.
8. To add more than one attribute:
Conjunction Operator Select the Conjunction Operator from the drop-down list. For
example, AND.
Note: This field is available for the previous attribute only when
you add a new attribute.

LDAP
11
Add Click to add multiple attributes.

Search Scope Click One level to search at the same level or click Sub-tree
level to search at the sub tree level.
9. Click OK. The query appears in the Search Filter text area. For example,
(samaccountname=admin).
10. Click Browse to display all the immediate child nodes for the given base DN and search
filter or click Search to display all the direct and indirect child nodes for the given base
DN and Search Filter.
The search results are displayed in the left panel.
11. Click a child node to view its attributes.
The attributes are displayed in the right panel.
12. Click Next to confirm the LDAP configuration.
13. Click Next to use the displayed settings.
Automatically Authenticating LDAP Users

Instead of setting up users individually on the Users tab, you can configure the K1000
Management Appliance for local authentication or External LDAP Server Authentication.
The appliance can then access a directory service (such as LDAP) for user authentication.
This allows users to log into the appliance Administrator portal using their domain user
name and password, without having to add users individually from the Users tab.
To configure the appliance for user authentication

1. Click Settings > Control Panel.
The Settings: Control Panel page appears.
2. Click User Authentication.
The K1000 Settings: Authentication page appears.
3. Click the Edit Mode link.
4. Specify the Authentication method you want to use:
K1000 (local Select this option to enable local authentication. (Default)

Authentication) If local authentication is enabled, the password is authenticated
against the existing entries in the local database at Service Desk >
Users.

11 LDAP
External LDAP Select this option to enable external user authentication.

Server You can use external authentication against an LDAP server or Active
Authentication Directory server.
If External LDAP Server Authentication is enabled, the password is
authenticated against the External LDAP Server.
Contact KACE customer support if you need assistance with this
process.
If the External LDAP Server Authentication is enabled, provide credentials for

administrative login.
The LDAP user configured should at least have READ access to the “search
base” area. If you do not specify an LDAP user name, an anonymous bind is
attempted.
5. Click Edit Mode to edit External LDAP Server Authentication fields.

6. Click the appropriate icons next to the server name to perform described actions:
Icon Description
Schedules a user import for this server
Modifies the server definition
Removes the server
Changes the order of the server in the list of servers
7. Click Add New Server to add a new LDAP Server.

You can have more than one LDAP Server/Directory configured.
All servers must have a valid IP address or Host Names entered in the Server
Host Name field. Otherwise, the appliance will wait to timeout on an invalid IP
address, resulting into login delays when using LDAP Authentication.
8. Complete the LDAP server definition by specifying the following information:
Server Friendly Name Enter a name for the server.

Server Host Name (or Enter IP or Host Name of the LDAP Server.
IP) Note: For connecting through SSL, use the IP or the Host
Name, as ldaps://HOSTNAME
If you have a nonstandard SSL certificate installed on your
LDAP server, contact KACE Support for assistance before
proceeding. A nonstandard certificate can be an internally-
signed or a chain certificate that is not from a major certificate
provider such as Verisign.
LDAP Port Number Enter the LDAP Port number, either 389 or 636 (LDAPS).

LDAP
11
Search Base DN Enter the Search Base DN. For example:

CN=Users,DC=hq,DC=corp,DC=kace,DC=com
Search Filter Enter the Search Filter. For example:
(samaccountname=admin)
LDAP Login Enter the LDAP login. For example:
CN=Administrator,CN=Users,DC=hq,DC=corp,DC=k
ace,DC=com
LDAP Password (if Enter the password for the LDAP login.
required)
Role Required. Enter the user’s role:
• Admin Role: This user can log on to and access all features
of the administrator UI and Service Desk. Admin role is
the default role.
• ReadOnly Admin Role: This user can log on, but cannot
modify any settings in the administrator UI or Service
Desk.
• User Role: This user can log on only to the Service Desk.
• Login Not Allowed—This user cannot log on to the Service
Desk.
Note: The roles listed above are system provided roles and are
not editable. To create a new role, refer to the Service Desk
Administrator Guide.
9. Click Apply to save your changes.

10. To test LDAP settings, enter a password in the Test User password, and then click
Test LDAP Settings.
If you are unable to fill in the information for Search Base DN and Search Filter, you can
use the LDAP Browser Wizard. For more information on how to use the LDAP Browser
Wizard, refer to Using the LDAP Browser Wizard, on page 191.
To schedule a User Import

1. Click Edit Mode to edit External LDAP Server Authentication fields.
2. Click the icon next to the server name in the list of servers to schedule a user import.
The User Import : Schedule – Choose attributes to import: Step 1 of 3 page appears.
The LDAP Server Details are displayed, which are read-only:
LDAP Server The IP or Host Name of the LDAP Server.

LDAP Port The LDAP Port number, which is either 389 (LDAP) or 636
(LDAPS).

11 LDAP
Search Base DN The Search Base DN. For example:

OU=users,DC=domain,DC=com
Search Filter The Search Filter.
LDAP Login The LDAP login.
LDAP Password The LDAP login password.
3. Specify the attributes to import.
Attributes to retrieve Specify the attributes to retrieve. For example:

samaccountname, objectguid, mail, memberof, displayname, sn,
cn, userPrincipalName, name, description
If you leave this field blank, it retrieves all attributes. This may make the
import process slow, and is not recommended.
Label Attribute Enter a label attribute. For example: memberof.
Label Attribute is the attribute on a customer item that returns a list of
groups this user is a member of. The union of all the label attributes will form
the list of labels you can import.
Label Prefix Enter the label prefix. For example: ldap_
The Label Prefix is a string that is added to the front of all the labels.
Binary Attributes Enter the Binary Attributes. For example: objectsid.
Binary Attributes indicates which attributes should be treated as binary for
purposes of storage.
Max # Rows Enter the maximum rows. This limits the result set that is returned in the
next step.
Debug Output Click the check box to view the debug output in the next step.
If you are unable to complete the information for Search Base DN and Search Filter, you
can use the LDAP Browser Wizard. For more information on how to use the LDAP
Browser Wizard, refer to Using the LDAP Browser Wizard, on page 191.
4. In Email Notification section, click to enter the recipient’s e-mail address, or choose
Select user to add from the drop-down list.
5. In Scheduling section, specify the scan schedule:
Don’t Run on a Select this to not have the user import run on a schedule. (Default)
Schedule
Run Every day/ Run daily or a specific day of the week at the specified time.
specific day at
HH:MM AM/PM
Run on the nth Run on a specific date or day of the month at the specified time.
of every month/
specific month
at HH:MM AM/
PM

LDAP
11
6. Click Next.
The User Import : Schedule - Define mapping between User attributes and LDAP
attributes: Step 2 of 3 page opens.
7. Select the value from the drop-down list next to each LDAP attribute to map the values
from your LDAP server into the User record on the appliance.
The fields in red are mandatory. The LDAP Uid must be a unique identifier for the user
record.
8. Select a label to add to the appliance.
Press CTRL and click to select more than one label. This list displays a list of all the
Label Attribute values that were discovered in the search results.
9. Click Next.
10. Review the information displayed in the tables below:
• The Users to be Imported table displays list of users reported.
• The Labels to be Imported table displays the list of labels reported.
• The Existing Users table and the Existing Labels table display the list of Users and
Labels that are currently on the appliance.
• Only users with a LDAP UID, User Name, and E-mail value will be imported. Any
records that do not have these values are listed in the Users with invalid data table.
11. Click Next to start the import.
The User Import : Schedule - Import data into the K1000: Step 3 of 3 page opens.
12. Click Import Now to save the schedule information and load the user information into
the appliance.
After importing, the User list page appears, where you can edit the imported user
records.
13. Click Save to save schedule information.
The Settings: Authentication page opens.
The imported user can log on to and access all features of the administrator
UI and Service Desk depending on the role assigned.

11 LDAP

12
Running the K1000
Appliance Reports
The Dell KACE K1000 Management Appliance provides a variety of alerts and reporting
features that enable you get a detailed view of the activity on your company’s
implementation.
• Reporting Overview, on page 199

• Running Reports, on page 200
• Creating and Editing Reports, on page 200
• Scheduling Reports, on page 206
• Using Alert Messages, on page 207
• E-mail Alerts, on page 208
Reporting Overview
The K1000 Management Appliance is shipped with many stock reports; select Reporting >
Reports to view the list. The reporting engine utilizes XML-based report layouts to generate
reports in HTML, PDF, CSV, TXT, and XSL formats. By default, the appliance provides
reports in the following general categories:
• Compliance
• Dell updates
• Hardware
• Service Desk
• iPhone
• K1000
• Network
• Patching
• Power Management
• Security
• Software
• Template

12 Running the K1000 Appliance Reports
You can duplicate and modify these reports as necessary. However, a strong knowledge of
SQL is required to successfully change a report.
Running Reports
To run any of the K1000 Management Appliance reports, click the desired format type
(HTML, PDF, CSV, XLS, or TXT). For the HTML format, the report is displayed in a new
window. If you select PDF, CSV, XLS, or TXT formats, you can open the file or save it to your
computer.
Creating and Editing Reports

If you have other reporting needs not covered by default reports, you can:
• Create a new report from scratch.

• Modify one of the templates provided in the K1000 Management Appliance Template
category.
• Duplicate an existing report—another way to create a report is to open an existing
report and create a copy of it. You can modify the copy to suit your needs.
• Create a new report using the Report Wizard.
You can create a report using the Table or Chart presentation type:
• The Table presentation type is a tabular report with optional row groupings and
summaries.
• The Chart presentation type is a bar, line, or pie chart.
To create a new report using the table presentation

type
1. Click Reporting > Reports.
The K1000 Reports page appears.
2. In the Choose Action menu, click Add New Report.
3. Enter the report details as shown:
Report Title Enter a display name for the report. Make this as descriptive as
possible, so you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already
exist, it will be added to the drop-down list on the Reports list page.
Description Describe the information that the report will provide.
4. Click the appropriate topic name from the Available Topics list. For example,
software.

Running the K1000 Appliance Reports
12
5. Click the Table presentation type icon.

6. Click Next.
7. Choose table columns:
a. Click the Appropriate column name from the Available columns list.
b. Click to add that column to the Display Columns list. You can change the column
order by clicking or .
c. To remove a column from the Display list, click the appropriate column and click .
8. Click Next.
9. To define the criteria for displaying records in the report:
a. Click the appropriate field name from the Available Fields list. Columns that you
chose in the previous step appear under display fields. You can also choose a field
from among all fields available for that topic. For example, Threat Level.
b. Click Add.
c. Select the appropriate operator from the comparison drop-down list. For example,
Greater Than.
d. Enter the appropriate value in the text field, for example, 3.
This rule will filter the data and display only software that has Threat Level greater
than 3.
e. Click OK. The rule is added in the list of Current Rules. You can add more than one
rule.
f. Click to remove a rule from the list of Current Rules.

g. Select the Use Expanded logic check box to use expanded logic. Expanded logic
enables you to define a syntactic structure for your rules to override operator
precedence.
h. Click Check Syntax to check whether the rule syntax is valid.
i. Once you add more than one rule, you can click Move Up or Move Down to
change the order of rules.
10. Click Next.
11. To choose columns to be displayed in the report:
12. Click Next.
13. (Optional) Customize the report layout. You can drag to set column order, width and
add spacers. You can drag and drop between columns as well as between columns and

spacer. Click on the column and report headings for further menu of labels, grouping,
summary, and other options.
The available options are:
Title Click the title displayed before spacer to display the field name of spacer, Add
as a group and Add as a column options.
Spacer Click spacer to display the field name of spacer and Add as a column options.
Column Click column to display the column name, change label, switch to group,
remove column, summaries and move to right or left depending upon the
column alignment options.
14. Click Save to save the report.

The K1000 Reports page is displayed with the new report in the list. To run the new
report, click the desired format (HTML, PDF, CSV, XLS, or TXT). For the HTML
format, the report is displayed in a new window. If you select PDF, CSV, XLS, or TXT
formats, you can open the file or save it to your computer.
You can jump to steps 1-5 of the Reporting Wizard. Step 1 and Step 2 are
mandatory and cannot be left blank.
To create a new report using the chart presentation type

2. In the Choose Action menu, click Add New Report.
3. Enter the report details as shown below:
Report Title Enter a display name for the report. Make this as descriptive as
possible, so you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already exist,
it will be added to the drop-down list on the Reports list page.
4. Click the appropriate topic name from the Available Topics list. For example,
software.
5. Click the Chart presentation type icon.
6. Click Next.
7. To choose table columns:

12
8. Click Next.
9. To define the criteria for displaying records in the report:
a. Click the Appropriate field name from the Available Fields list. Columns that you
chose in the previous step appear under display fields. You can also choose a field
from among all fields available for that topic. For example, Threat Level.
b. Click Add.
c. Select the appropriate operator from the comparison drop-down list. For example,
Greater Than.
d. Enter the appropriate value in the text field. For example, 3.
This rule will filter the data and display only software that has Threat Level greater
than 3.
e. Click OK. The rule is added in the list of Current Rules. You can add more than one
rule.
f. Click to remove a rule from the list of Current Rules.

g. Select the Use Expanded logic check box to use expanded logic. Expanded logic
enables you to define a syntactic structure for your rules to override operator
precedence.
h. Click Check Syntax to check whether the rule syntax is valid.
i. Once you add more than one rule, you can click Move Up or Move Down to
change the order of rules.
10. Click Next.
11. Select the appropriate chart type from the following:
• Simple 3-D Bar: Displays categories along the X-axis, values along the Y-axis.
• 3-D Pie: Displays a slice for each category. The corresponding value determines the
size of the slice.
• Line: Displays categories or dates along the X-axis, values along the Y-axis.
12. Select the appropriate category field from the Category Field drop-down list.
13. Select the summary from the Summary drop-down list, beside appropriate Value field
name. If you have more than one Value field, you can change the value field order by
clicking or .
14. Select the Show legend check box to display a legend in the chart.
15. Specify the Chart width and Chart height in pixels, in the text fields.
16. Click Save to save the report.
The K1000 Reports page is displayed with the new report in the list.
You can jump to steps 1-5 of the Reporting Wizard. Step 1 and Step 2 are
mandatory and cannot be left blank.

To duplicate an existing report

The steps for duplicating a regular report and a SQL report are similar. However, regular
reports have a report wizard.
2. Click the report title you want to duplicate.
Depending on the type of report, the K1000 Report: Edit Detail page or the Report
Wizard page appears.
3. Click Duplicate.
4. Modify the report details as necessary.
5. Click Save.
Refer to Appendix B: Adding Steps to a Script, starting on page 235.
To create a new report from scratch

2. In the Choose Action menu, click Add New SQL Report.
The K1000 Report: Edit Detail page appears.
3. Specify the following report details:
Title A display name for the report. Make this as descriptive as possible to
distinguish this report from others.
Report Category The category for the report. If the category does not already exist, it will be
added to the drop-down list on the Reports list page.
Output File Name The name for the file generate when this report is run.
Description Describe the information that the report provides.
Output Types Select the appropriate formats that should be available for this report.
SQL Select The query statement that will generate the report data. For reference, consult
Statement the MYSQL documentation.
Break on Columns A comma-separated list of SQL column names. The report will generate break
headers and sub totals for these columns. This setting refers to the auto-
generated layout.
XML Report Layout Click this check box to regenerate the XML Report Layout using new columns.
If you changed only a sort order or a where clause, you don't need to recreate
the layout.
If you changed the columns that the query returns, the XML Report Layout is
regenerated based on your SQL.

12
4. Click Save.
The K1000 Management Appliance reports use JasperReports’ open source

JRXML format. Use the JasperReports iReports tool to change the way your
reports are formatted. Information and documentation are available at:
http://jasperforge.org/.
Once you click Save, the report wizard is disabled for that report.
To edit a report using SQL Editor

1. Go to Reporting > Reports.
2. Click the report you want to edit.
The Report Wizard page appears.
3. Click Edit SQL.
4. Click OK to proceed.
The K1000 Report: Edit Detail page appears.
5. Edit the following report details:
Title Edit the display name for the report, if required. Make the title as descriptive as
possible to distinguish this report from others.
Report Category Edit or enter the category for the report. If the category does not already exist, it
will be added to the drop-down list on the Reports list page.
Output File Name Edit or enter the name for the file generate when this report is run.
Output Types Select the appropriate formats that should be available for this report.
SQL Select Edit or enter the query statement that will generate the report data. For
Statement reference, consult the MYSQL documentation.
Break on Columns A comma-separated list of SQL column names. The report will generate break
headers and sub totals for these columns. This setting refers to the auto-
generated layout.
XML Report Click this check box to regenerate the XML Report Layout using new columns.
Layout If you changed only a sort order or a where clause, you don't need to recreate the
layout.
If you changed the columns that the query returns, the XML Report Layout is
regenerated based on your SQL.
6. Click Save.
If you manually change a report’s SQL statement, you cannot use the Report
Wizard to change it later.

Scheduling Reports
Reports can be scheduled from the Schedule Reports tab. From the Report Schedules List
page you can open existing schedules, create new schedules, or delete them. You can also
search schedules using keywords.
To create a report schedule

1. Click Reporting > Schedule Reports.
The Report Schedules page appears.
2. In the Choose Action menu, click Create a New Schedule.
The Schedule Reports : Edit Detail page appears.
3. Specify the following schedule details:
Schedule Title Enter a display name for the schedule. Make this as descriptive as possible, so
you can distinguish this schedule from others.
Description Enter the information that the schedule would provide.
Report to Schedule Select the appropriate report you would like to schedule. You can filter the list
by entering any filter options.
Report Output Click the desired output report format (PDF, Excel, CSV, or TXT) that should be
Formats available for this scheduled report.
Email Notification Recipients Click the icon to enter the recipient’s e-mail address, or
choose Select user to add from the drop-down list. This is a
mandatory filed.
Subject Enter the subject of the schedule. The subject can help to
quickly identify what the schedule is about.
Message Text Enter the message text in the notification.
4. Specify scan schedule:
Don’t Run on a Schedule Select to run in combination with an event rather than on a specific
date or at a specific time.
Run Every n hours Select to run the scan at a specified interval.
Run Every day/specific day Select to run the schedules daily or on a specified day of the week at
at HH:MM AM/PM the specified time.
Run on the nth of every Select to run the tests on the specified date or day of the month at a
month/specific month at specified time.
HH:MM AM/PM
5. Click Save or Run Now to run the schedule reports immediately.

12
To run a schedule
2. Click the check boxes for the schedules you want to run.
3. In the Choose Action menu, click Run Selected Schedules Now.
To delete a schedule
2. Click the check box for the schedules you want to delete.
4. Click Yes to confirm deleting the schedules.
Using Alert Messages

Alert messages provide a way for you to interact with your users by displaying a message in a
pop-up window. The Alerts List page displays the messages you have distributed to users.
From the Alerts List page you can open existing alerts, create new alerts, or delete alerts.
You can also search messages using keywords.
To alert users before you run a script on their computer, you can add this to online KScripts.
See the information about alerts in To add an Offline KScript or Online KScript, on page 148.
The Alerts feature works only if there is a constant connection between the
appliance agent and the appliance. For information on how to set up the
constant connection, refer to Configuring Agent Messaging Protocol Settings,
on page 29.
To Create a Broadcast Alert Message

If you have information that you want to distribute to your network, you can review and
modify previous messages you have deployed, or you can create a new message.
1. Click Reporting > Alerts.
The Alerts: Edit Detail page appears.
3. In the Message Content field, type the text of your message.
4. In the Keep Alive field, specify the length of time the message will be valid.
Messages will be broadcast to users until either the user's desktop has received the
message or the specified time interval has elapsed. To set the time interval for
downloading scripts, go to: Settings >K1000 Agent >K1000 Agent Settings.

5. In the Limit Broadcast To area, select the recipient labels to send this message to.
Press CTRL and click to select multiple labels.
6. Select the Enable Scheduled Run check box to specify the alert schedule. Select the
appropriate day and time from the drop-down lists.
7. Click Save.
The pending alert messages are displayed in the AMP Message Queue until
they are pushed to the target machine. The alert messages remain in the
queue until the target machine checks in. This is true even if the Keep Alive
time interval elapses or if the connection between the appliance Agent and
the appliance has been lost or interrupted.
E-mail Alerts
E-mail Alerts differ from Alerts (broadcast messages) in an e-mail alert you can send out
messages to administrators based on more detailed criteria. The E-mail Alert feature relies
on the Inventory > Computers engine to create a notification that will be sent to
administrators when computers meet the criteria you specify.
The K1000 Management Appliance checks the computers listed in the inventory against the
criteria in the E-mail Alert once in every hour until one or more computers meet the criteria;
then a message is sent to the administrators specified in the alert details.
To create an e-mail Alert

Notifications are processed every 60 minutes. If a notification query results in one or more
machine records, a notification e-mail is automatically sent to the specified recipient.
1. Click Reporting > Email Alerts.
The Email Alerts page appears.
2. In the Choose Action menu, click Add New Computer Notification.
The Inventory > Computers tab appears with the Create Email Notification
fields exposed.
3. Enter the search criteria.
4. In the Title field, enter a title for the alert.
The Title will appear in the Subject field.
5. In the Recipient field, enter the e-mail address(es) of the message recipient.
The e-mail addresses must be fully qualified e-mail addresses. The recipient’s address
can be a single e-mail address or a list of addresses separated by commas.
6. Click the Create Notification tab.

13
Using Organizational Management
The Organizational Management component allows you to create different organizations

within your appliance that you administer separately. You can assign roles within each
organizations to limit user access to specific tabs.
• Overview of Organizational Management, on page 209

• Creating and editing Organizations, on page 209
• Organizational Roles, on page 217
• Creating and editing Organizational Roles, on page 217
• Organizational Filters, on page 220
• Creating and Editing Organizational Filters, on page 220
• Computers, on page 223
Overview of Organizational Management

The K1000 Management Appliance organization feature enables you to group machines to
allow for a high level of separation between logical areas of responsibility within a company.
These groups are referred to as Organizations. This feature is accessible to the system
administrator through the System Administrative Console. The system administrator creates
these organizations and assigns them roles to limit access to specific tabs. The
administrators of each organization cannot view or perform activities on machines that
belong to other organizations other than their own.
Default Organization
The default organization will have everything coming into the appliance. The default
organization will allow the administrator to view or perform activities on machines in all
organizations. If a machine is not set in a filter, then the machine will go to the default
organization.
Creating and editing Organizations

You can create new organizations or edit the existing organizations from the Organizations
page by going to the Organizations > Organizations tab. Create the roles, and then
create the organizations, because you must specify the role while creating an organization.

13 Using Organizational Management
To create an organization
The K1000 Organizations page appears.
The K1000 Organization: Edit Detail page appears.
3. Enter Organization information as follows:
Name Enter the name for the new organization. This field is mandatory.
Description Enter the description for the new organization.
Role Select the appropriate role from the drop-down list.
Note: First, create the role by going to Organizations > Roles tab, before
you can select that specific role from this list.
4. Click Save.
The K1000 Organization: Edit Detail page appears with more content.
5. Scroll down and click the Edit Mode link.
Name (Mandatory) Enter a name for the organization. This field retains the
information you specified in the previous page. You can modify the name if
required.
Description Enter the description for the organization. This field retains the
information you specified in the previous page. You can modify the
description if required.
Role Select the appropriate role from the drop-down list. This field retains the
role you selected in the previous page. You can modify this selection if
required.
Note: You must first create the role by going to Organizations > Roles
tab, before you can select that specific role from this list.
Organization Filters Select the filter that will be used to direct a new machine checking into the
appliance, to the this organization. Press CTRL and click to select more
than one filter.
Note: Create the filter by going to Organizations > Filters tab. Then,
you can select that specific filter from this list.
Computer Count (Read-only) Displays the number of computers checking in to the
organization.
Database Name (Read-only) Displays the name of the database the organization is using.
Report User Displays the report user name used to generate all reports in the specific
organization.
By having a report user name, you can provide access to the organizational
database (for additional reporting tools), but not give write access to
anyone.

13
Report User Password Enter the report user password.
7. Specify the agent settings for the organization:
Suggested
Field Notes
Setting
Communications 12:00 am to The interval during which the agent is allowed to

Window 12:00 am communicate with the appliance. For example, to allow the
Agent to connect between 1 AM and 6 AM only, select 1:00
am from the first dropdown list, and 6:00 am from the
second drop-down list.
Agent “Run 1 hours How frequently the agent checks into the appliance. Each
interval” time an agent connects, it resets its connect interval based on
this setting. The default setting is once every hour.
Agent “Inventory 0 The interval (in hours) that the appliance will inventory the
Interval” computers on your network. If set to zero, the appliance will
inventory nodes at every Run Interval.
Agent “Splash The appliance is The message that appears to users when communicating with
Page Text” verifying your PC the appliance.
Configuration
and managing
software updates.
Please Wait...
Scripting Update 15 minutes Set the frequency that the agent downloads new script
Interval definitions. The default interval is 15 minutes.
Scripting Ping  600 seconds How frequently the agent tests the connection to the
Interval appliance. The default interval is 600 seconds.
To view historical connection information, go to Settings >
Logs. Select Current log: Stats.
Agent Log Agent Log Retention disallows the server to store the
Retention scripting result information that comes up from the agents.
The default is to store all the results, which can impact
performance. Turning this off, provides less information
about each node, but enables faster agent check-ins.
8. Click Save.
To troubleshoot nodes that fail to show up in Inventory

If your machine does not show up in Inventory after installing the Agent. By default the
Agent communicates with the appliance using http: over port 80. Assuming network
connectivity is in place, newly-installed agents to fail to connect to the appliance during the
first-time setup due to the problems with the default “KBOX” host name in DNS.
1. If you set up the appliance in your DNS using a host name other than the default name
“kbox”, or need agents to reach the appliance by using the IP address instead of the DNS
name, you must install the agent specifying the SERVER property.

For example:
Windows:
c:\>KInstallerSetup.exe -server=myk1000 -display_mode=silent
or
c:\>KInstallerSetup.exe -server=192.168.2.100 -
display_mode=silent
Mac OS:
/Library/KBOXAgent/Home/bin/setkbox myk1000
or
/Library/KBOXAgent/Home/bin/setkbox 192.168.2.100
Linux:
/KACE/bin/setKBOX myk1000
or
/KACE/bin/setKBOX 192.168.2.100
2. To correct the server name for an already-installed node, edit the host= value in:
Windows:
c:\program files\KACE\KBOX\smmp.conf
Mac OS:
Linux:
/var/KACE/kagentd/kbot_config.yaml
3. Verify that you are able to ping the appliance, and reach it through a web browser at
http://k1000_hostname.
4. Verify that Internet Options are not set to use proxy, or proxy is excluded for the local
network or k1000_hostname.
5. Verify that no firewall or anti-spyware software is blocking communication between the
appliance and any of the agent components, including:
• KBOXManagementService.exe
• KBOXClient.exe
• KUpdater.exe
• kagentd (OS X/ Unix)
6. Verify that the KBOXManagementService.exe (Windows) or the kagentd (OS X/
Unix) processes are running. The agent shows as perl in the OS X Activity Monitor.
If after verifying these items, you are still unable to get the agent to connect to the appliance,
contact KACE Support.

13
To edit an organization
2. Click the linked name of the organization.
The K1000 Organization : Edit Detail page appears.
3. Scroll down and click the Edit Mode link.
4. Edit the organization details:
Name You can modify the name if required. This field is mandatory.
Description You can modify the description if required.
Role Select the appropriate role from the drop-down list. This field retains
the role you selected in the previous page. You can modify this
selection if required.
If the role doesn’t exist, see To create a role, on page 217.
Organization Select the filter that will be used to direct a new machine checking
Filters into the appliance, to this organization. Press CTRL and click to
select more than one filter.
If the filter doesn’t exist, see To add a data filter, on page 220, or To
add a LDAP filter, on page 221.
Computer Count (Read-only) Displays the number of computers checking in to the

organization.
Database Name (Read-only) Displays the name of the database the organization is
using.
Report User Displays the report user name used to generate all reports in the
specific organization.
By having a report user name, you can provide access to the
organizational database (for additional reporting tools), but not give
write access to anyone.
Report User Enter the report user password.
Password
5. Specify the agent settings for the organization:
Communicatio 12:00 am to 12:00 am The interval during which the agent is allowed to
ns Window communicate with the appliance.
For example, to allow the agent to connect between 1 AM
and 6 AM only, select 1:00 am from the first dropdown
list, and 6:00 am from the second drop-down list.

Agent “Run  1 hours The interval that the agent checks into the appliance. Each
Interval” time an agent connects, it resets its connect interval based
on this setting. The default setting is once every hour.
Agent 0 The interval (in hours) that the appliance performs an
“Inventory inventory on the nodes on your network. If set to zero, the
Interval” appliance performs the inventory at every Run Interval.
Agent “Splash The appliance is The message that appears to users when communicating
Page Text” verifying your PC with the appliance.
Configuration and
managing software
updates. Please
Wait...
Scripting 15 minutes Set the frequency with which the agent downloads new
Update script definitions. The default interval is 15 minutes.
Interval
Scripting Ping 600 seconds Set the frequency with which the agent tests the
Interval connection to the appliance. The default interval is 600
seconds.
To view historical connection information, go to Settings
> Logs. Select Current log: Stats.
Agent Log Agent Log Retention disallows the server to store the
Retention scripting result information that comes up from the
agents. The default is to store all the results. This can have
a performance impact on the appliance. Turning this off,
gives you less information about what each node is doing,
but will allow the agent check-ins to process faster.
6. Click Save.
The default credentials admin/admin are automatically created when you

create an organization.
To delete an organization
2. Click the linked name of the organization.
The K1000 Organization: Edit Detail page appears.
4. Click Delete to delete the organization.
A confirmation message appears.
5. Click OK to confirm deleting the organization.

13
Managing System Admin Console users

When logged in as a system administrator, you can add users to access the System
Administrator Console. When adding users, be sure to specify the correct user permission
level.
To set up users for a specific organization, log into that organization.
To add a user
2. Select K1000 Settings > Control Panel.
3. Click Users.
The K1000 System Admin Users page appears.
4. In the Choose Action menu, select Add New Item.
The K1000 System Admin: Edit Detail page appears.
5. Enter the necessary user details.
Do not specify legal characters in any field.
User Name Enter the name the user types to enter the system administrator
console.
Full Name Enter user’s full name.
Email Enter user’s email address.
Domain (Optional) Enter an active directory domain.
Budget Code (Optional) Enter the financial department code.
Location (Optional) Enter the name of a site or building.
Work Phone (Optional) Enter the user’s work phone number.
Home Phone (Optional) Enter the user’s home phone number.
Mobile Phone (Optional) Enter the user’s mobile phone number.
Pager Phone (Optional) Enter the user’s pager phone number.
Custom 1
Custom 2 (Optional) Enter information in the custom fields if necessary.
Custom 3
Custom 4
Password Enter the password for the new user. Blank or empty passwords are
not valid for new users. The user will be created, but cannot be
activated without a valid password.

Confirm Re-enter the user’s password.

Password
Permissions Specify the user’s logon permissions:
• Admin—This user can logon to and access all features of the
system administrator console.
• ReadOnly Admin—This user can log on, but cannot modify any
settings in the system administrator console.
6. Click Save.
To delete a user
The K1000 Settings : Control Panel page appears.
3. Click Users.
4. Click the check boxes for the users you want to delete.
6. Click OK to confirm deleting the selected user.
You can also delete users from the K1000 System Admin: Edit Detail page.
To change the password

3. Click Users.
4. Click the user name whose password you want to change.
The K1000 System Admin: Edit Detail page appears.
5. Modify the password as follows:
Password Enter the password for the user. Blank or empty passwords are not valid.
This field is mandatory.
Confirm Re-enter the user’s password. This field is mandatory.
Password

13
6. Click Save to save the changes.
Organizational Roles
Roles are assigned to each organization to limit access to different tabs in the Administrator
Console and the User Portal. You can restrict what tabs an organization is allowed to see
when the administrator logs in to the Administrator Console and the user logs in to the User
Portal.
Following are the permissions that can be applied for each tab.
• Write:
The organization will have write access for the tab. The administrator or user will be
able to edit the fields present on the screen.
• Read:
The organization will have only read access for the tab. The administrator or user will be
not be able to edit the fields present on the screen. He/she will be not be able to add /
edit / delete any item present in the list.
• Hide:
The tab will be hidden and the administrator or user will not be able to view that tab.
Default role
Default role has access to all tabs in the Administrator Console and the User Portal. The
default role will have write access for all tabs. The administrator or user will be able to edit
the fields present on the screen.
Creating and editing Organizational Roles

It is recommended that you first create the roles, and then create the organizations, since it is
mandatory to specify the role while creating an organization.
To create a role
2. Click Roles.
The Organizational Roles page appears.
The Organizational Role : Edit Detail page appears.
4. Enter the role information as follows:
Name Enter the name for the new role. This field is mandatory.
Description (Optional) Enter the description for the new role.

5. In the Permissions ADMIN Console, click an component link to expand it.

You can also click the Expand All link to expand all component sections.
6. To assign the same access level to all areas of a component, click one of the following:
• All Write
• All Read
• All Hide
7. To assign different permission levels to different areas of the component, click the
Custom option.
If you clicked the Custom option, select the appropriate permission from the drop-
down menu next to the names of each tab.
8. Under Permissions USER Console, click the UserUI link to expand it.
9. To assign the same access level to all areas of a the User Console, click one of the
following:
• All Write
• All Read
• All Hide
10. To assign different permission levels to different areas of the User Console, click the
Custom option.
11. Click Save.
If you assign HIDE permission to General Settings and User Authentication

under K1000 Settings, the Control Panel tab is hidden.
For users upgrading from 1100 to 1200: When using 1100, if you assign HIDE
permission to all tabs other than Logs and Server Maintenance under K1000
Settings. Then after upgrading to 1200, the K1000 Settings tab gets hidden
from the Administrator console.
To edit a role
2. Click Roles.
3. Click the linked name of the role.
The Organizational Role: Edit Detail page appears.
4. Edit the role details:
Name Enter the name for the new organization. This field is mandatory.
Description (Optional) Enter the description for the new organization.

13
5. Under Permissions ADMIN Console, click the individual tab link to expand it. Or, click
the Expand All link to expand all the tabs.
6. Under each tab, click the All Write option, All Read option, or the All Hide option to
assign the respective permission to all the sub tabs. Or, click the Custom option to
assigned appropriate permission to individual sub tabs.
7. If you click Custom option, select the appropriate permission from the drop-down list
next to each tab.
8. Under Permissions USER Console, click the UserUI link to expand it.
9. Under each tab, click the All Write option, All Read option or the All Hide option to
assign the respective permission to all the sub tabs. Or click the Custom option to
assigned appropriate permission to individual sub tabs.
10. If you click Custom option, select the appropriate permission from the drop-down list
next to each tab.
11. Click Save.
To delete a role
2. Click Roles.
3. To delete a role, do one of the following:
• Select the check box beside the role, and then select Delete Selected Item(s) from
the Choose Action menu.
• From the Organizational Role: Edit detail page, click Delete.
4. Click OK.
To duplicate a role
2. Click Roles.
3. Click the role you want to duplicate.
The Organizational Role : Edit Detail page appears.
4. Click Duplicate to duplicate the organization details.
The page refreshes.
5. Enter the Role information as follows:
Name Enter a name for the role. This is a mandatory field.

Description Enter the description for the role.

6. Click Save.
The Associated Organizations table displays the list of organizations associated with
this role.
Organizational Filters
Filters are used to direct a new machine checking into the appliance to the appropriate
organization. An organization can be assigned more than one filter. The filters are executed
according to the ordinal specified when the filters are created. If a machine is not set in a
filter, it will go to the default organization.
A machine can be directed to the appropriate organizations, in the following ways:
• One or more filters will be executed against the machine that is checking in. If one of the
filters is successful, the machine will be redirected to the correct organization.
• If no filter matches the machine, it will be put into the default organization. The system
administrator can then manually move that machine from the default organization to
the appropriate organization.
Filters are of two types:
• Data Filter:
Allows the automatic organization of machines based on a search criteria. Whenever
machines that check in meet the criteria, they will be directed to the specific
organization.
• LDAP Filter:
LDAP Label allows the automatic organization of machines based on LDAP or Active
Directory interaction. The filter will be applied to the LDAP server, and if any entries are
returned they are automatic organized.
If the LDAP server requires credentials for administrative login (that is, non-
anonymous login), supply those credentials. If no LDAP user name is given,
an anonymous bind is attempted. Each LDAP filter may connect to a different
LDAP/AD server
Creating and Editing Organizational Filters

You can create new filters or edit the existing filters from the Organizational Filters page by
going to Organizations > Filters tab.
To add a data filter

2. Click Filters.
The K1000 Organization Filters page appears.

13
3. In the Choose Action menu, click Add New Data Filter.

The K1000 Organization Filter : Edit Detail page appears.
4. Enter the Filter information as follows:
Enabled Select to enable this filter. (You have to enable the filter to use it.)
Name Enter a name for the filter.
Description Enter the description for the filter.
Evaluation Order Enter a number. The filter will be executed according to the
evaluation order specified.
5. Enter the Machine Filter Criteria.

6. Select an attribute from the drop-down list. For example, IP Address.
7. Select the condition from the drop-down list. For example, contains
For example, to filter machines from the specified IP range and direct them to the
organization, enter: XXX.XX.*
You can add multiple criteria.
9. Select the Conjunction Operator (AND or OR) from the drop-down list to add more
criteria.
10. Click the Add Criteria link to add more criteria.
11. Click Save.
To add a LDAP filter

2. Click Filters.
3. In the Choose Action menu, click Add New LDAP Filter.
K1000 Organization LDAP Filter : Edit Detail page appears.
4. Enter the Filter information as follows:
Evaluation Enter a number. The filter will be executed according to the evaluation
Order order specified.

5. Enter the LDAP Machine Filter Criteria.
Server Host Name Specify IP or Host Name of the LDAP Server.

( or IP ) Note: To connect through SSL, use the IP or the Host Name, as
ldaps://HOSTNAME
LDAP Port Specify the LDAP Port number. For example, either 389 / 636
Number (LDAPS).
Search Base DN Enter the Search Base DN. For example:
CN=Users,DC=hq,DC=corp,DC=kace,DC=com
Search Filter Specify the Search Filter, for example: (samaccountname=admin)
LDAP Login Specify the LDAP login. For example:
LDAP Login: CN=Administrator,CN=Users,DC=hq,DC=corp,
DC=kace,DC=com
LDAP Password  Enter the password for the LDAP login.
(if required)
6. To test your filter, click Test LDAP Filter.

7. Click Save.
To edit a filter
2. Click Filters.
3. Click the linked name of the filter.
The K1000 Organization Filter : Edit Detail page appears.
4. Edit the filter details:
Evaluation Order Enter a number. The filter will be executed according to the
evaluation order specified.
5. Edit the Machine Filter Criteria.

7. Select the condition from the drop-down list.

13
8. Specify the Attribute Value. For example, XXX.XX.*

In the above example, machines from the specified IP range are filtered and directed to
the organization to which this filter is applied.
Note: You can add multiple criteria.
9. Select a conjunction operator (AND or OR) from the drop-down list to add more
criteria.
10. Click the Add Criteria link to add more criteria.
11. To test your filter, click Test Filter.
12. Click Save.
To delete a filter
2. Click Filters.
3. To delete a filter, do one of the following:
• Select the check box beside the filter, and then select Delete Selected Item(s)
from the Choose Action menu.
• Click Delete.
4. Click OK.
Computers
The K1000 Computers page lists all the nodes that are checking into the appliance. It
displays details for each computer such as Name, Organization - the computer is currently
checking into, Last Sync - when the computer last checked in to the appliance, Description,
and the IP Address.
Advanced Search
If you need more granularity than searching on keywords provides, try using Advanced
Search. Advanced Search allows you to specify values for each field present in the inventory
record and search the entire inventory listing for that value. For example, if you needed to
know which computers had a particular version of BIOS installed to upgrade only those
affected machines.

2. Click Advanced Search.


4. Select the condition from the drop-down list.
5. Specify the Attribute Value.
For example: XXX.XX.*
In the above example, machines from the specified IP range are searched.
Note: You can add more than one criteria.
6. Select the Conjunction Operator from the drop-down list to add more criteria.
For example: AND
7. Click Search.
The search results are displayed below.
You can refilter the computers displayed in the list, for more information refer to
Refiltering Computers, on page 224.
You can redirect the computers displayed in the list, for more information refer to
Redirecting Computers, on page 225.
Test and Organization Filter

You can test an existing organization filter to check whether it is getting applied to the
computers.
To test an organization filter

1. Click the Test Organization Filter tab.
2. Select the appropriate filter from the drop-down list.
3. Click Test. The test results will be displayed below.
You can refilter the computers displayed in the list. For more information, refer to
Refiltering Computers, on page 224.
You can redirect the computers displayed in the list. For more information, refer to
Redirecting Computers, on page 225.
Note: If you do not see any computers listed in the test results, no existing computers match
the machine filter criteria you set up—or the machine filter criteria is invalid. You can edit
the machine filter criteria. For more information on how to edit a filter, refer to Creating and
Editing Organizational Filters, on page 220.
Refiltering Computers
You can refilter the computers, which will recheck the computers against all filters. For
example, you can check if the filter created by you is applied correctly to the intended

13
computers. You first create the new filter by going to the Organizations > Filters tab. Now
in the Computers page, you refilter the computers. The organizations column will display the
new organization name in red besides the old organization name, against those computers
on which the filter has got applied.
To refilter computers
2. Click Organizations > Computers.
The K1000 Computers page appears.
3. Click the check boxes for the computers that you want to refilter.
4. In the Choose Action menu, click Refilter Selected Computers to recheck the
computers against all filters.
Redirecting Computers
You can redirect a computer to a different organization. For example, a computer checks into
organization A. You can redirect that computer to organization B. The next time the
computer checks in, it will check into organization B.
To redirect computers
2. Click Organizations > Computers.
The K1000 Computers page appears.
3. Click the check boxes for the computers that you want to redirect.
4. Select the appropriate organization name under Change Sync to Organization, from the
Choose Action menu, to redirect the computers to the appropriate organization.
Understanding Computer Details

The Computer Detail page provides details about a computer’s hardware, software, install,
patch, Service Desk, and OVAL vulnerability history, among other attributes.

The following sections describe each of the detail areas on this page. To expand or collapse
the sections, click the + sign next to the section headers.
Computer Detail Field Description
Computer Identity This section provides information to help identify the computer on
Information your network, including its name description, IP address, KACE ID,
and other attributes. You also can see the last time the computer
checked into the appliance, and the last time the computer record was
changed.
Service Desk Service Desk Tickets associated with this machine, which can be:
• Tickets assigned to the machine owner.
• Tickets submitted by the machine owner.
To view a Service Desk Ticket’s details, click the Ticket ID (for
example, TICK:0032).
Operating System Details about the computer’s operating system, including installed OS
Information and service packs, OS version number and build, and the date and
time of OS installation.
The Current Uptime and Last System Reboot fields tell you whether
the machine has been rebooted recently, which could indicate
whether or not OS updates have been applied.
User Information Details about the most recent user of this computer, including his or
her user name and domain. (Some computers might have multiple
users).
Manufacturer and BIOS The computer’s make and model as well as its BIOS details, such as
Info name, version, and serial number.
• For a Dell computer, there is a link to the Dell website where you
can view the support record for the computer, including the days
left on the support agreement and compare the original with the
current system configurations.
• For an Apple computer, the link goes to the Apple Support
website where you can view technical specifications for iMac.
• For a Gateway computer, the link goes to the MPC Computers
Support Site.
You can locate your exact system model and original components, as
well as drivers, specifications, manuals and installation guides if
available. This information is displayed for your BIOS serial number.
Processor and Computer The processor type and speed, total and used RAM, and current and
Memory maximum registry size.
Network Interfaces The type and version of NIC card installed in the computer, as well as
the computer’s MAC and IP addresses, and indicates whether or not
DHCP is enabled.
Driver Information Configuration of drives installed on the computer (for example, CD/
DVD-ROM drive) and the total and used disk space amounts for each
hard disk installed.

13
Motherboard and Related Information about the computer’s motherboard as well as other
Hardware hardware details like sound card and video controllers.
Process List All the processes that are currently running on this computer. This
list is the same as would be displayed on the computer’s Task
Manager > Processes tab.
Installed Programs The titles and versions of software programs installed on this
computer. The programs listed here are the same as listed on the
computer’s Add/Remove Programs list.
Installed Patches The Microsoft patches that have been installed on this computer.
Startup Programs The programs that are configured to launch when this computer
starts up. These are the same programs listed in the computer’s Start
> All Programs > Startup menu.
Services The services that are running on this machine. Click a service to
display the Service : Edit Service Detail page. The fields on this page
represents the service detail information that is automatically
discovered and communicated from the agent.
Harmful Items (Threat The items marked with the threat level as 5. A threat that is harmful
Level 5) to any software, process, startup item, and services associated with
this machine is considered as threat level 5.
Printer List The printers that this computer is configured to use. This is the same
information that is located in the computer’s Start > Printers and
Faxes window.
Uploaded Files A list of the files that have been uploaded to the Dell KACE K1000
Management Appliance from this machine using the “upload a file”
script action.
Custom Inventory Fields Lists any Custom Inventory fields that were created for this machine,
along with the field name and value.
Asset Information The details of the Asset associated with that machine. Details such as
the date and time when the Asset record was created, the date and
time when it was last modified, type of the asset and name of the asset
are displayed.
Asset History The changes done to the Asset of that machine. It lists all the changes
along with the date and time when each change was done.
K1000 Client Logs The logs for the agent application, updates to scripts run on this
machine, and the current status, if available, of any activity currently
in progress on the machine. A question mark (?) in the status column
indicates that the agent has not checked in yet. Therefore, its status is
unknown.
Portal Install Logs Details about User Portal packages installed on this machine.
Scripting Logs Configuration Policy scripts that have been run on this computer,
along with the status, if available, of any scripts in progress.

OVAL Vulnerability Results Results of OVAL Vulnerability tests run on this machine.
• Only tests that failed on this computer are listed by the OVAL ID
and marked as Vulnerable.
• Tests that passed are grouped together and marked as Safe.
Failed Managed Installs Managed Installations that failed to install on this machine. To access
details about the Managed Installation, click the Managed Software
Installation detail page link.
Labels The labels assigned to this computer. Labels are used to organize and
categorize machines
To Install List Managed Installations that will be sent to the computer the next time
it connects with the appliance.

A
Administering Mac OS Nodes
This appendix lists Dell KACE K1000 Management Appliance information and behaviors that
are specific to Apple® Mac OS nodes.
For the supported versions of the Mac OS operating system, see Chapter 4: System
requirements for agents, starting on page 46.
• Mac OS Inventory, on page 229.

• Distributing Software to Mac OS Nodes, on page 230.
• Patching Mac OS Nodes, on page 234.
Mac OS Inventory
Your K1000 Management Appliance manages Mac OS X nodes the same manner it manages
Windows nodes. See the Chapter 5: Managing Software and Hardware Inventories, starting
on page 75, for details.
You search for Macintosh nodes using Inventory > Computer > Advanced search. In
the Advanced Search sub tab, identify the nodes using attributes like OS Name, and so
on. For more information on how to use Advanced Search, see Using Advanced Search for
Software Inventory, on page 83.
The Create Notification feature also searches for Mac OS nodes with specific criteria, and
sends the administrator email when it finds them. For example, if you wanted to know when
computers had a critically low amount of disk space left, you could specify the search criteria
to look for a value of 5 MB or smaller in the Disk Free field, and then notify an administrator
who can take appropriate action. For more information on how to create notifications, see
Searching for Computers by Creating Computer Notifications, on page 78.
Inventory Filtering provides a way to dynamically apply a label based on search criteria. It
is often helpful to define filters by inventory attribute. For example, you could create a label
called “San Francisco Office” and create a filter based on the IP range or subnet for machines
in San Francisco. Whenever machines check in that meet that attribute, they would receive
the San Francisco label. This is particularly useful if your network includes laptops that often
travel to remote locations.
You can also create a label to group all your Mac OS nodes. Once grouped by label, software,
reports, or software deployments on your Mac OS nodes can all be more easily managed. For
more information on labeling, refer to Managing Labels, on page 36.

A Administering Mac OS Nodes
Distributing Software to Mac OS Nodes

The K1000 Management Appliance Distribution component provides various
methods for deploying software, updates, and files to your nodes.
Managed Installations deploy software to the nodes on your network that require an
installation file to run. You can create a Managed Installation package from the
Distribution > Managed Installation page.
From the Managed Installations tab you can:
• Create or delete Managed Installations

• Execute or disable Managed Installations
• Specify a Managed Action
• Apply or remove a label
• Search Managed Installations by keyword
Examples of Common Deployments on Mac OS®

On the Apple Mac OS X platform, there is a universal installer with the usual .pkg file
extension. You cannot upload a .pkg file directly, as these files consist of low level directories
and web browsers can't handle uploading entire directories.
You do not require an installer to install plain packages from the K1000 Management
Appliance. These are the .app packages you might normally drag to your Applications
folder. These packages must be archived as well, since they consist of low level directories,
just like the installer packages.
You can even archive installers along with plain applications. The K1000 Management
Appliance runs installers first and then copies applications into the Applications folder.
The supported package deployments are .pkg, .app, .dmg, .zip, .tgz, and tar.gz. If
you package the file as a disk image, the appliance mounts and unmounts it quietly. This
section provides examples for each type of deployment. For each of these examples, you must
have already uploaded the file to the appliance prior to creating the Managed Installation
package. Dell recommends that you install the software on a test machine. Once the agent
connects to the appliance, the appliance creates an inventory item and a Managed
Installation package for the software.
To create a managed installation for Mac OS nodes

1. Go to Distribution > Managed Installations.
The Managed Installation: Edit Detail Page appears.

A
4. By default the agent attempts to install the .pkg file using the following command,
which is sufficient to install a new package or update an existing one to a new version:
installer -pkg packagename.pkg -target / [Run Parameters]
5. If you have selected a zip/tgz/tar.gz file, the contents are unpacked and the root
directory is searched for all .pkg files. The installation command runs against each of
these .pkg files. The K1000 Management Appliance searches for all .pkg files on the
top level of an archive and executes that same installer command on all the files in
alphabetical order. After that, the appliance searches for all plain applications (.app) on
the top level of the archive and copies them to /Applications with the following
command:
ditto -rscs Application.app /Applications/Application.app
To execute a script or change any of the these command lines, you can specify the
appropriate script invocation as the Full Command Line. You can specify wildcard in
the filenames you use. Enclose the filename in single or double quotation marks if it
contains spaces. The files are extracted into a directory in /tmp, and that becomes the
current working directory of the command.
On Mac OS, you do not need to include any other files in your archive other
than your script if that's all you want to execute.
Specify the relative path to the executable in the Full Command Line field, to execute a
shell script or other executable that you have included inside an archive. Remember,
you'll be executing your command inside a directory alongside the files that have been
extracted.
For example, to run a file called installThis.sh, package it up alongside a .pkg file,
and then put the command ./installThis.sh in the Full Command Line field. If
you archived it inside another directory, dir, the Full Command Line field is ./dir/
installThis.sh.
Both these examples, as well as some other K1000 Management Appliance functions,
assume that “sh” is in root's PATH. If you're using another scripting language, you may
need to specify the full path to the command processor you want to run in the Full
Command Line, like /bin/sh ./installThis.sh. Be sure to include appropriate
arguments for an unattended, batch script.
If you select the uninstall check box in the MI detail, the appliance removes each .app it
finds in the top level of your archive from the Applications folder. Thus, if you include
two files in your archive named MyApp.app and MyOtherApp.app, those two
applications will disappear from your Applications folder if they exist there.
Uninstallation in this way will be performed only if the archive or package is
downloaded to the node. If you select the check box for Run Command Only, specify
a full command line to ensure the correct removal command is run on the correct
package. Because no package is downloaded in this case, you should specify the path in
the installation database where the package receipt is stored or run the correct file

removal command to delete the files from the Applications folder. In that case, you can
download a script inside an archive and run the script on the Full Command Line.
6. If your package requires additional options, you can enter the following installation
details:
Run Parameters You cannot apply “Run Parameters” to the above mentioned
commands.
Full Command Line You do not need to specify a full command line. The server executes
the installation command by itself. The Mac OS node tries to install
this using:
installer -pkg packagename.pkg -target / [Run
Parameters]
or
ditto -rsrc packagename.app /Applications/theapp
If you do not want to use the default command at all, you can replace it
completely by specifying the complete command line here.
If you have specified an archive file, this command runs against all of
the .pkg files or .app files it can find.
Un-Install using Full Click this check box to uninstall software. If the Full Command Line
Command Line above is filled in, it is run. Otherwise, by default the agent attempts to
run the command, which is generally expected to remove the package.
Run Command Only Click this check box to run the command line only. This will not
download the actual digital asset.
Notes Enter additional information in this field, if any.
Managed Action Managed Action allows you to select the most appropriate time for this
package to be deployed. Execute anytime (next available) and
Disabled are the only options available for Macintosh platform.
Deploy to All Machines Click this check box to deploy to all the machines.
Limit Deployment To Select a label to limit deployment only to machines grouped by that
Selected Labels label. Click Command and click labels to select more than one label.
If you have selected a with a replication share or an alternate
download location, the K1000 Management Appliance copies digital
assets from that replication share or alternate download location
instead of downloading them directly from the K1000 Management
Appliance.
Note: The K1000 Management Appliance always uses a replication
share in preference to an alternate location.
Limit Deployment To Listed You can limit deployment to one or more machines. From the drop-
Machines down list, select a machine to add to the list. You can add more than
one machine, and filter the list by entering filter options.
Deploy Order The lowest deploy number is installed first.

A
Max Attempts Enter the maximum number of attempts, between 0 and 99, to
indicate the number of times the appliance tries to install the package.
If you specify 0, the appliance enforces the installation forever.
Deployment Window(24H Enter the time (using a 24-hour clock) to deploy the package.
clock) Deployment Window times affect the Managed Action options. Also,
the run intervals defined in the System Console, under
Organizations > Organizations for this specific organization,
override and/or interact with the deployment window of a specific
package.
Allow Snooze This option is not available for Mac OS nodes.

Custom Pre-Install Message This option is not available for Mac OS nodes.
Custom Post-Install Message This option is not available for Mac OS nodes.
Delete Downloaded Files Select the check box to delete the package files after installation.
Use Alternate Download Select the check box to specify details for alternate download. When
you click this check box, the following fields appear:
• Alternate Download Location—Enter the location from
where the Agent can retrieve digital installation files.
• Alternate Checksum—Enter an Alternate Checksum (MD5)
that matches the MD5 checksum on the remote file share (for
security purposes).
• Alternate Download User—Enter a user name with the
necessary privileges to access the Alternate Download Location.
• Alternate Download Password—Enter the password for the
user name specified above.
Note: If the target node is part of a replication label, the K1000
Management Appliance does not fetch software from the alternate
download location. For more information, refer to Distributing
Packages from an Alternate Location, on page 114.
Specify an alternate download location only for a specific managed
installation. You can also edit an existing label or create a new label
that can be used for specifying the alternate location globally. But
since that label will not be specific to any managed installation, you
cannot specify an alternate checksum for matching the checksum on
the remote file share. For more information on how to create or edit
labels, refer to To add or edit a new label, on page 38.
9. Click Save.
For more information about Distribution, refer to Chapter 8: Distributing Software from
Your K1000 Management Appliance, starting on page 111.
For more information about Managed installations, refer to Managed Installations, on
page 115.

Patching Mac OS Nodes

Patching enables you to quickly and easily deploy patches to your network. For details on all
patching features, see the Patching Strategies document.
Use the Patch Listing > View by Operating System listing or Advanced Search
feature to find Mac OS patches. Or use the Smart Label feature to automatically search the
patch list using predefined search criteria.
To allow the appliance to download Apple Security updates for Macintosh, you need to select
the appropriate operating system from the Macintosh Platform list in the Patch
Subscription Settings page. You can select more than one Macintosh operating system.

B
Adding Steps to a Script
The steps documented here are available on the Scripting component. For details on
scripting, see Chapter 9: Using the Scripting Features, starting on page 143.
• Adding Steps to Task Sections.
Adding Steps to Task Sections

Refer to the following table when adding steps to a Policy or Job task. These steps are
available from the Verify, On Success, Remediation, On Remediation Success, and
On Remediation drop-down lists.
The Column headings V, OS, R, ORS, and ORF indicate whether a particular step is available
in the corresponding Task sections.
Step Description V OS R ORS ORF
Always Fail X X
Call a Custom DLL Call function "%{procName}" from X X X
Function "%{path}\%{file}".
Create a Custom Create object "%{className}" from X X X
DLL Object "%{path}\%{file}".
Create a message Create a message window named X X X X X
window "%{name}" with title "%{title}", message
"%{message}" and timeout "%{timeout}"
seconds.
Delete a registry key Delete "%{key}" from the registry. X X
Delete a registry Delete "%{key}!%{name}" from the X X
value registry.
Destroy a message Destroy the message window named X X X X X
window "%{name}".

B Adding Steps to a Script
Install a software Install "%{name}" with arguments X X

package "%{install_cmd}".
Note: This step requires you to choose
from a list of software packages already
uploaded using the functionality in the
Inventory/Software tab. For more
information, see Adding Software to
Kill a process Kill the process "%{name}". X X X X X
Launch a program Launch "%{path}\%{program}" with X X X X X
params "%{parms}".
Log a registry value Log “%{key}!%{name}”. X
Log file information Log “%{attrib}”from “%{path}\%{file}”. X X X
Log message Log “%{message}”to “%{type}”. X
Restart a service Restart service “%{name}” X
Run a batch file Run the batch file "%{_fake_name}" with X X X
params "%{parms}".
Note: In this step, you do not need to

upload the batch file. You create the batch
file by pasting the script in the space
provided.
Search the file Search for "%{name}" in X
system "%{startingDirectory}" on "%{drives}" and
"%{action}".
Set a registry key Set "%{key}". X X
Set a registry value Set "%{key}!%{name}" to "%{newValue}". X X
Start a service Restart service “%{name}”. X
Stop a service Stop service “%{name}” X
Unzip a file Unzip "%{path}\%{file}" to "%{target}". X X X X
Update message Set the text in the message window named X X X X
window text "%{name}" to "%{text}".
Update Policy and Update policy and job schedule from the X
Job schedule appliance.
Upload a file Upload "%{path}\%{file}" to the server. X X
Upload \ logs Upload the agent logs to the appliance. X X X X
Verify a directory Verify that the directory "%{path}" exists. X
exists
Verify a file exists Verify that the file "%{path}\%{file}" X
exists.

B
Verify a file version Verify that the file "%{path}\%{file}" has X

is exactly version "%{expectedValue}".
is greater than version greater than "%{expectedValue}".
is greater than or version greater than or equal to
equal to... "%{expectedValue}”.
is less than version less than "%{expectedValue}".
is less than or equal version less than or equal to
to "%{expectedValue}.
Verify a file version Verify that the file "%{path}\%{file}" does X
is not not have version "%{expectedValue}".
Verify a file was Verify that the file "%{path}\%{file}" was X
modified since modified since "%{expectedValue}".
Verify a process is Verify the process "%{name}" is not X
not running running.
Verify a process is Verify the process "%{name}" is running. X
running
Verify a product Verify that the product "%{path}\%{file}" X
version is exactly. has version "%{expectedValue}".
version is greater has version greater than
than "%{expectedValue}".
version is greater has version greater than or equal to
than or equal to... "%{expected-Value}”.
version is less than has version less than "%{expectedValue}".
version is less than has version less than or equal to
or equal to "%{expectedValue}”.
version is not does not have version "%{expectedValue}".
Verify a registry key Verify that "%{key}" does not exist. X
does not exist
Verify a registry key Verify that "%{key}" exists. X
exists

Verify a registry Verify that "%{key}" has exactly X

key’s subkey count "%{expectedValue}" subkeys.
is exactly
Verify a registry Verify that "%{key}" has greater than X
is greater than
Verify a registry Verify that "%{key}" has greater than or X
key’s subkey count equal to "%{expectedValue}" subkeys.
is greater than or
equal to
Verify a registry Verify that "%{key}" has less than X
is less than
Verify a registry Verify that "%{key}" has less than or equal X
key’s subkey count to "%{expectedValue}" subkeys.
is less than or equal
to
Verify a registry Verify that "%{key}" does not have exactly X
is not
Verify a registry Verify that "%{key}" has exactly X
key’s value count is "%{expectedValue}" values.
exactly
Verify a registry Verify that "%{key}" has greater than X
greater than
Verify a registry Verify that "%{key}" has greater than or X
key’s value count is equal to "%{expectedValue}" values.
greater than or
equal to
Verify a registry Verify that "%{key}" has less than X
less than
Verify a registry Verify that "%{key}" has less than or equal X
key’s value count is to "%{expectedValue}" values.
less than or equal to
Verify a registry Verify that "%{key}" does not have exactly X
not
Verify a registry Verify that X
pattern doesn’t "%{key}!%{name}=%{expectedValue}"
match doesn't match.

B
Verify a registry Verify that X

pattern matches "%{key}!%{name}=%{expectedValue}"
matches.
Verify a registry Verify that "%{key}!%{name}" does not X
value does not exist exist.
Verify a registry Verify that "%{key}!%{name}" exists. X
value exists
Verify a registry Verify that "%{key}!%{name}" is equal to X
value is exactly "%{expectedValue}".
Verify a registry Verify that "%{key}!%{name}" is greater X
value is greater than than "%{expectedValue}".
Verify a registry Verify that "%{key}!%{name}" is greater X
value is greater than than or equal to "%{expectedValue}" .
or equal to
Verify a registry Verify that "%{key}!%{name}" is less than X
value is less than "%{expectedValue}".
Verify a registry Verify that "%{key}!%{name}" is less than X
value is less than or or equal to "%{expectedValue}".
equal to
Verify a registry Verify that "%{key}!%{name}" is not equal X
value is not to "%{expectedValue}".
Verify a service Verify the service "%{name}" exists. X
exists
Verify a service is Verify the service "%{name}" is running. X
running


C
Writing Custom Inventory Rules
This chapter describes how to inventory items that are not appearing in Software list by
default. Custom Inventory rules allow you to automatically detect software and other items on
a node. Capturing this information allows you to manage your custom Software items with
Smart Labels, Distribution and Managed Installations, Scripting, and include additional
details in Reports.
Use the Custom Inventory rules if:
• The software or item you want to inventory is not listed in Add/Remove Programs.
• Different versions of the same software have the same entry in Add/Remove Programs,
either with incorrect or incomplete “Display Version” information.
• To write deployment rules, scripts, reports based on the pressense of a Software Item or
value that is not reported by the agent.
Understanding Custom Inventory Rules

Custom Inventory rules test or get the value of registry keys and entries, program, files,
scripts, environment variables, system properties, and the output of commands.
There are two types of rules:
• Conditional rules that test whether or not a condition exists on the node. When a rule
returns true, the agent reports the item as an Installed Program; when the rule
returns false, the item does not appear as an Installed Program.
• Value Return rules that get data from the node and if the value exists the agent
reports the item as an Installed Program and sets a corresponding Custom
Inventory Field.
Creating a Custom Inventory rule

You add Custom Inventory rules to the Custom Inventory field of the Inventory >
Software > Custom_Item: Details page.

C Writing Custom Inventory Rules
See Chapter 5: To add software to Inventory manually, starting on page 84 for details.
How Custom Inventory Rules are implemented

You create a custom Software Item, add a Custom Inventory rule, and save the item. The
agent receives the new rule during the first checkin after you created it. In the session the
agent executes the rule and reports the finding back to the appliance.
Conditional rule Value Return rule

Appliance Agent
Appliance Agent
Update Check in
Update Check in
Inventory Upload data
Inventory Upload data
Download
Download Send Rules
Send Rules
Update Installed Report results Run rules

Update Report results
Run rules Program value
Installed Programs Results: True
Empty
False
Add Custom
Inventory Field
The agent runs all rules as well as any other processes scheduled for that session. Therefore,
once the agent checks in, it takes several minutes to run all the rules and other processes
before the agent reports the results.

C
After the agent reports the results, the node’s Inventory > Computer Details page shows
the results under Software in Installed Programs and/or Custom Inventory Fields.
The Installed Program and Custom Inventory Field name. For example BIOSDATE, is the
custom Software Item’s Display name (Title): BIOSDATE.
The Software Items with Value Return rules that set a Custom Inventory Field
also appear as Installed Programs.
If the results you expect don’t appear, verify that the node recently checked in. The check in
time is shown in the Last Inventory field of the Inventory > Computers Detail page.
Understanding rule syntax

Conditional and Value Return rules use the following syntax:
functionName(argument,argument,...)
For specific information on functions and their arguments see:
• Checking for conditions (Conditional rules), on page 244

• Getting values from a node (Custom Inventory Field), on page 251
• Matching file names with Regular Expressions, on page 255

Function syntax
Enter the functionName followed by an opening parentheses, enclose the arguments with a
closing parentheses. No spaces are allowed between the name of the function and the
opening parentheses.
Argument syntax
Enter argument syntax for all rules except command and regex (regular expression) as
follows:
• Separate arguments by commas.

• Commas are not allowed anywhere else in the string.
• Do not include single or double quotes.
• White space is trimmed from the front and back of each argument.
For example, the following syntaxes are the same:
RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Version Vector, IE, 6.000)
RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Version Vector,IE,6.000)
Checking for conditions (Conditional rules)

This section explains how to write Custom Inventory rules that identify whether or not (true/
false) a Software Item is installed.
When using a conditional rule, if the rule returns true the Display name (Title) of the custom
Software Item displays in the node’s inventory list under Installed Programs (Inventory >
Details > Software > Installed Programs).
The following screen shows a node with a custom Software Item, A1 IE custom inventory
7, installed.
The following sections describe the rules that test for conditions:
• Conditional rule reference

C
• Verifying if a Condition exists (Exists rules)

• Evaluating node settings (Equals rules)
• Comparing node values (Greater and Less Than rules)
• Testing for multiple conditions
When the rule returns false, the Software Item does not appear in Installed Programs in the
node’s inventory list.
You can also display a list of nodes that have the item installed from the
Inventory > Software > Custom_item: Details page.
Conditional rule reference

The following table provides a list of all available conditional rules with links to specific
details on how to specify the arguments:
Syntax OS Description
Mac OS X
Windows
Linux
DirectoryExists(path) X X X Checks for a directory at the specified path

on the node.
FileExists(path) X X X Checks for a file at the specified path on
the node. Include the name of the file and
extension in the path.
FileVersionEquals(path, version) X Verifies that the Version > File Version
property of the file specified in the path
matches the NUMBER value you entered.
FileVersionLessThan(path, version) Verifies that the Version > File Version
property of the file you specified as the
path is lower than the NUMBER value you
entered.
FileVersionGreaterThan(path, X Verifies that the Version > File Version
version) property of the file you specified is higher
than the NUMBER value you entered.
ProductVersionEquals(path, X Verifies that the Version > Product
version) Version property of the executable or
installation file you specified matches the
NUMBER value you entered.
ProductVersionLessThan(path, X Verifies that the Version > Product
installation file you specified is lower than
the NUMBER value you entered.

Mac OS X
Windows
Linux
ProductVersionGreaterThan(path, X Verifies that the Version > Product
installation file you specified is higher than
the NUMBER value you entered.
FileInfoGreaterThan(fullpath, X X X Verifies that the File Info property of the
attribute, type, value) executable or installation file you specified
is higher than the value you entered.
FileInfoLessThan(fullpath, X X X Verifies that the File Info property of the
attribute, type, value) executable or installation file you specified
is lower than the value you entered.
FileInfoEquals(fullpath, X X X Verifies that the attribute of the executable
attribute, type, value) or installation file you specified matches
the value you entered.
RegistryKeyExists(registryPath) X Verifies that a registry key exists.
RegistryValueEquals(registryPath, X Verifies that a registry entry exactly
valueName, value) matches the value you specify. Value is
compared as TEXT.
RegistryValueLessThan(registryPath X Verifies that the registry entry is lower
, valueName, value) than the value you specify. Value is a
NUMBER.
RegistryValueGreaterThan(registryP X Verifies that the registry entry is higher
ath, valueName, value) than the value you specify. Value is a
NUMBER.
EnvironmentVariableExists(var) X X X Verifies that an environment variable with
the name you specify exists.
EnvironmentVariableGreaterThan(var X Verifies that the environment variable
, type, value) definition is higher than the value you
specify.
Only DATE (in the full format mm/dd/
yyyy hh:mm:ss) and NUMBER are valid
types.
EnvironmentVariableLessThan(var, X X Verifies that the environment variable
type, value) definition is lower than the value you
specify.
Only DATE (in the full format mm/dd/
yyyy hh:mm:ss) and NUMBER are valid
types.

C
Mac OS X
Windows
Linux
EnvironmentVariableEquals(var, X X Verifies that the environment variable
type, value) definition exactly matches the value you
specify.
All three types are valid, TEXT, DATE (in
the full format mm/dd/yyyy hh:mm:ss),
and NUMBER.
PlistValueExists(fullpath, entry) X Verifies that a named value exists in a
PLIST file.
PlistValueGreaterThan(fullpath, X Verifies that the named value is a DATE
entry, type, value) (in the full format mm/dd/yyyy
hh:mm:ss) or NUMBER higher than the
value you specified.
PlistValueLessThan(fullpath, X Verifies that the named value is a DATE
entry, type, value) (in the full format mm/dd/yyyy
hh:mm:ss) or NUMBER lower than the
value you specified.
PlistValueEquals(fullpath, entry, X Verifies that the named value is a TEXT,
type, value) DATE (in the full format mm/dd/yyyy
hh:mm:ss), or NUMBER that exactly
matches the value you specified.
You can specify a colon separated list of
entries to match the value. Arrays and
other valid PLIST datatypes are not
supported.
Verifying if a Condition exists (Exists rules)

Rules whose name ends with Exists check for the presence of a file, directory, registry key, or
other item. If the agent locates the item on the node, the rule returns true, and the item
appears as an Installed Program.
Use any of the following Exists rules:
• DirectoryExists(path)
• FileExists(path)
• RegistryKeyExists(registryPath)
• EnvironmentVariableExists(var)
• PlistValueExists(fullpath, entry)
• FilenamesMatchingRegexExist(fullpath,regex)

Example—Check for a directory (folder)

The following example tests to see if the Windows directory exists on the node:
DirectoryExists(C:\WINDOWS\)
Example—Check for a file

The following example verifies that the Notepad executable file exists on the node:
FileExists(C:\WINDOWS\notepad.exe)
Evaluating node settings (Equals rules)

Rules whose name ends with Equals compare the value set on the node to the value you
specify in the rule. The rules return true if the values exactly match.
Rules that use arguments with set datatypes can only compare values of the same type. For
example version is a NUMBER and therefore cannot match a value that includes an alpha or
special character, even if you specify the character in the argument. Likewise, the value
argument for RegistryValueEquals compares the values as TEXT, so a whole number
such as 1 does not match a value of 1.0, 1.0.0, and so forth; it matches 1 only.
Use any of the following Equals rules:
• FileVersionEquals(path, version)
• ProductVersionEquals(path, version)
• FileInfoEquals(fullpath, attribute, type, value)
• RegistryValueEquals(registryPath, valueName, value)
• EnvironmentVariableEquals(var, type, value)
• PlistValueEquals(fullpath, entry, type, value)
• FilenamesMatchingRegexEqual(fullpath,regex,value)
Example—Testing JAVA_HOME setting

To verify that the JAVA_HOME setting is C:\Program Files\Java\jdk1.6.0_02:
EnvironmentVariableEquals(JAVA_HOME, TEXT, C:\Program

Files\Java\jdk1.6.0_02)
Example—Testing McAfee Registry Entry setting

To check the setting use the same format as the date in the entry:

C
RegistryValueEquals(HKEY_LOCAL_MACHINE\Software\McAfee\AVEngine,
AVDatDate, 2010/03/01)
Example—Testing Internet Explorer version

To verify that te Internet Explorer is version 6.0.2900.2180. Specifying the version as
6.0.2900.218 returns false.
FileVersionEquals(C:\Program Files\Internet Explorer\iexplore.exe,

6.0.2900.2180)
Example—Detecting Windows XP Service Pack 2

Windows XP Service Pack 2 appears in Add/Remove programs for machines that were
originally on SP1 then upgraded to SP2 only. The default Software inventory for this item
does not reflect machines that are already on SP2 because they were originally imaged at the
SP2 level.
When using the appliance to deploy Windows XP Service Pack 2 create the following Custom
Inventory rule for a custom Software Item:
RegistryValueEquals(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT
\CurrentVersion,CSDVersion,Service Pack 2)
You can then exclude nodes with this item installed to prevent the appliance from trying to
deploy the SP2 to nodes that are already at that level (that is, SP1 machines that have been
upgraded, as well as machines originally imaged with SP2).
Comparing node values (Greater and Less Than rules)

Functions whose names end with GreaterThan and LessThan compare NUMBER (integer)
values only. Therefore, a value that contains an alpha or special character, such as versions
that contain a letter (1.2.3B), do not compare correctly with this function.
Use any of the following Greater Than and Less Than rules:
• FileVersionGreaterThan(path, version) and

FileVersionLessThan(path, version)
• ProductVersionGreaterThan(path, version) and
ProductVersionLessThan(path, version)
• FileInfoGreaterThan(fullpath, attribute, type, value) and
FileInfoLessThan(fullpath, attribute, type, value)
• RegistryValueGreaterThan(registryPath, valueName, value) and
RegistryValueLessThan(registryPath, valueName, value)
• EnvironmentVariableGreaterThan(var, type, value) and
EnvironmentVariableLessThan(var, type, value)
• PlistValueGreaterThan(fullpath, entry, type, value) and
PlistValueLessThan(fullpath, entry, type, value)

• FilenamesMatchingRegexGreaterThan(fullpath,regex,value) and
FilenamesMatchingRegexLessThan(fullpath,regex,value)
Example—Testing if the Product Version is higher than 6.0
To verify that the product version is higher than 6.0:
ProductVersionGreaterThan(C:\Program Files\Internet
Explorer\iexplorer.exe, 6.0)
To verify that the production version is 6 (that is equal to 6.0) or higher, enter the following:
ProductVersionEquals(C:\Program Files\Internet
Explorer\iexplorer.exe, 6.0) OR ProductVersionGreaterThan(C:\Program
Files\Internet Explorer\iexplorer.exe, 6.0)
Example—Testing for a Product Version range

To test if the product version is within a range, combine less than and greater than rules:
ProductVersionGreaterThan(C:\Program Files\Internet
Explorer\iexplorer.exe, 6.0) AND ProductVersionLessThan(C:\Program
Files\Internet Explorer\iexplorer.exe, 8.0)
Testing for multiple conditions

You can join rules using AND and OR operators to test for multiple conditions.
Using both AND and OR operators in the same Custom Inventory rule is not
supported. Set up separate Software Items.
Joining conditional rules produces the following results:
• AND operator: All the rules must return true in order for the results to return true and
report the Software Item as an Installed Program.
• OR operator: Only one rule must return true for the Software Item to be reported as an
Installed Program.
Checking for multiple true conditions (AND)

Use the AND operator to join conditional rules in the Custom Inventory field when you want
the item to be reported as an Installed Program only if all the rules are true.
In the Custom Inventory field, join rules using the following syntax:
Function(arguments...) AND Function(arguments) AND ...
Separate the conditional statements from the operator with spaces.

C
Example—Checking for a Registry Key and comparing values

To check for a registry key and a registry entry value on a Windows system use AND to
combine the rules as shown below:
RegistryKeyExists(registryPath) AND
RegistryValueEquals(registryPath, valueName, value)
Checking for one true condition (OR)

When you join rules using the OR operator, if any of the rules in the Custom Inventory field
are true, the software appears in the Installed Program list of the node.
In the Custom Inventory field, join the rules using the following syntax:
Function(arguments) OR Function(arguments) OR ...
Separate the function statements and operator using a space.
Example—Checking for either Registry value

To check that a registry entry is one value or another:
RegistryValueEquals(registryPath, valueName, value) OR

RegistryValueEquals(registryPath, valueName, value)
To specify a range it use RegistryValueGreaterThan and

RegistryValueLessThan rules joined by the AND operator.
Getting values from a node (Custom Inventory Field)

The rules that end with ValueReturn allow you t gather information from the node. Use these
rules to get information that the agent normally does not.
The returned values are set with the custom Software Item Display name (Title) in the node’
inventory. To display the list, go to Inventory > Details > Software > Custom
Inventory Fields.

Use the Custom Inventory Field values to manage installs and distribute software as well as
in reports, View by filtering, and Smart Label search criteria, or any other process that can be
performed with a automatically detected setting.
This section covers the following topics:
• Value Return rule reference

• Getting Registry key values
• Getting command output
• Getting PLIST values
• Getting multiple values
Value Return rule reference

The following table shows all available value return rules that you can use to set a Custom
Inventory Field.
Mac OS X
Windows
Linux
RegistryValueReturn(registryPath, valueName, X Returns the value of a registry entry, and

type) sets the datatype to the one you specified.
EnvironmentVariableReturn(var, type) X X Returns the value of an environment
variable, and sets the datatype to the one
your specified.
FileInfoReturn(path, attribute, type) X X X Returns the value of a file attribute, see
valid types in Specifying a file attribute, on
page 258.
ShellCommandTextReturn(command) X X X Returns the output of the command, and
sets the datatype to TEXT.
ShellCommandDateReturn(command) X X X Returns the output of the command, and
sets the datatype to DATE.
ShellCommandNumberReturn(command) X X X Returns the output of the command, and
sets the datatype to NUMBER.
PlistValueReturn(fullpath, entry, type) X Returns the value of the PLIST key, and
sets the datatype to TEXT, NUMBER, or
DATE.
Getting File Information values

You can set the Custom Inventory Field to any of the Windows File Information attributes
using the FileInfoReturn rule.

C
Example—Getting Windows Internet Explorer Product Version

The following example sets the Custom Inventory Field for the Internet Explorer Product
Version as a NUMBER. In the Custom Inventory field, enter the following:
FileInfoReturn(C:\Program Files\Internet
Explorer\iexplore.exe,ProductVersion,NUMBER)
However, if the value contained a special or alpha character, specify the TEXT as the type.
TEXT limits the operators you can use in queries in other features, such as Smart Label
Search Criteria.
Getting Registry key values

Set the Custom Inventory Field to a registry key using the RegistryValueReturn rule. Where
the registryPath (on left) is the path to the entry, the valueName (on right) is the key you
want to return.
Example—Getting the Internet Explorer ProductID key

To set the ProductID registry key as a Custom Inventory Field.
RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Registration, ProductId, TEXT)
Getting command output

Command rules allow you to set the output of a command to a Custom Inventory Field. The
command depends on the command interpreter and executable path on the node. For
example, on Windows systems you can write MS-DOS commands, but not Cygwin-style
UNIX commands unless Cygwin is installed and available in the default path for all users.
Use any of the following rules to set the output of the command to a Custom Inventory Field:
• ShellCommandTextReturn(command)
• ShellCommandDateReturn(command)

• ShellCommandNumberReturn(command)
Example—Getting uptime on a Mac OS X

To set the uptime as a Custom Inventory Field:
ShellCommandTextReturn(/usr/bin/uptime | sed -e 's/.*load

averages://' | awk '{print $1}')
The Uptime Return custom Software Item displays in the Custom Inventory Field.
Getting PLIST values

PlistValueReturn rules allow you to set a Property List (PList) key as a Custom Inventory
Field.
Example—Getting the system locale

To distribute software using Managed Installations based on the native language, enter the
following rule to get computer locale and then create corresponding Smart Label that is
applied to the machine based on the language code reported by the agent in the Custom
Inventory Field:
PlistValueReturn(~/Library/Preferences/GlobalPreferences.plist,
AppleLocale, TEXT)
Getting multiple values

Join ValueReturn rules using either the AND or OR operator. The rule shows the software
item as an Installed Program, if any of the values are not empty.
The joined values are all set in the same Custom Inventory Field separated by the operator
and therefore are technically considered for the purposes of Search Criteria, filters, reports,
and other appliance processes as TEXT.
ValueReturn rules joined by the:
• AND operator: All the values are reported in the Custom Inventory Field.

C
• OR operator: All values are reported in the Custom Inventory Field.

In the Custom Inventory field, join rules using the following syntax:
Function(arguments...) AND Function(arguments) AND ...
Separate the conditional statements from the operator with spaces. Do not join AND and OR
operators in the same rule.
Matching file names with Regular Expressions

This section describes the Regular Expression rules that match file names in Conditional and
Value Return rules using a regular expression.
Regular expressions match a character or the specified string to the file names in the
directory you specified.
The K1000 agent only provides functions that compare file names using regular
expressions.
Understanding Regular Expressions

The purpose of this section is to provide a high-level introduction to regular expressions.
For more information on writing regular expressions go to:

http://msdn.microsoft.com/en-us/library/az24scfc.aspx.
The following table provides an overview of basic regular expression syntax you can use to
match file names:
Example
Character Description
Expression Matches From
(any string) Entering non-special abc Myabc.txt File.doc
characters only matches any abcFile.xls Myabc.txt
file name that contains the MyFile.abc abcFile.xls
string.
MyFile.abc
Example.jpg
. Dot matches any single . File.doc File.doc
character. When entered Myabc.txt Myabc.txt
alone it matches all files. abcFile.xls abcFile.xls
MyFile.abc MyFile.abc
Example.jpg Example.jpg

Example
\ Backslash escapes a special \. File.doc File.doc
character, suppressing the Myabc.txt Myabc.txt
special regular expression abcFile.xls abcFile.xls
quantifier meaning.
MyFile.abc MyFile.abc
For example, to match all text
Example.jpg Example.jpg
files, enter: .*\.txt$
^ Caret (and \A) matches the ^k kinstaller.exe install.exe
characters you specify to the runkbot.bat
start of the file name. kinstaller.exe
| Pipe separates a list of run|installer kinstaller.exe install.exe
options to match. runkbot.bat kinstaller.exe
runkbot.bat
$ Dollar (and \Z or \z) bat$ MyStartup.bat MyStartupBat.doc
matches the characters your MyStartup.bat
specify to the end of the file
name.
? Question mark makes the \.log10?$ a.log11 app.log
preceding character optional mylog.log10 appconf.log2
in matches. mylog.log10
a.log11
afile.txt
* Asterisk matches the \.log1*$ app.log app.log
preceding character zero or appconf.log12 appconf.log12
more times. a.log11 mylog.log10
a.log11
afile.txt
+ Plus matches the preceding ap+.*\.log app.log app.log
character one or more times. appconf.log12 appconf.log12
mylog.log10
a.log11
afile.txt3
[] Brackets enclose a character [123] appconf.log12 app.log
class and matches any mylog.log10 appconf.log12
character within the brackets. a.log11 mylog.log10
Note that character class afile.txt3 a.log11
special character rules differ
afile.txt3
from normal regular
expressions.

C
Example
() Parentheses enclosing ap?+\.(log) appconf.log12 app.log
characters creates a [123]$ a.log11 appconf.log12
backreference and matches afile.txt3 mylog.log10
the preceding characters and/
a.log11
or the enclosed characters.
afile.txt3
{n} Curly brackets repeats the a.{3}?+\. appconf.log12 app.log
preceding character the (log)[123]$ afile.txt3 appconf.log12
number of specified times, mylog.log10
where n is greater than or
a.log11
equal to 1.
afile.txt3
Regular Expression Rule Reference

The syntax of a regular expression rule varies slightly from the other File rules. Where the
fullpath argument is a string that matches the absolute path to the file location, but does
not include name of the file. And the file name is specified as a separate argument using a
regular expression.
The following table provides a list of rules that allow you to use regular expressions.
Mac OS X
Windows
Linux
FilenamesMatchingRegexExist(fullpath,regex) X X X Returns true if any files in the specified

directory match the file name you entered
using a regular expression.
FilenamesMatchingRegexGreaterThan(fullpat X X X True if the number of files that match is
h,regex,value) more than the value.
FilenamesMatchingRegexLessThan(fullpath,re X X X True if the number of files that match is
gex,value) less than the value.
FilenamesMatchingRegexEqual(fullpath,regex, X X X True if the number of files that match is
value) the same as the value.
FilenamesMatchingRegexReturn(fullpath,rege X X X Sets the Custom Inventory Field to the
x,type) matching file names (includes path).
Defining rule arguments

This section provides details on defining the arguments in a rule.

For rule syntax see the tables in Checking for conditions (Conditional rules), on page 244,
Getting values from a node (Custom Inventory Field), and Matching file names with Regular
Expressions for more details on the specific rules they can be used in.
Finding a path or file

path and fullpath are a string that specifies the absolute path to a directory or file on the
node, for example:
C:\Program Files\Mozilla Firefox\firefox.exe
The agent locates the directory or file and performs the specific test.
Finding a registry key and entry

registryPath is a string that specifies the absolute path in the registry to a registry key, for
example:
HKEY_LOCAL_MACHINE/software/kace
Specifying a version
version is an integer (datatype is NUMBER) that the agent compares to the version of the
item being tested on the node.
For example, the FileVersionGreaterThan test returns ‘true’ if the value you specify is
higher than the version number of the file or folder and otherwise returns ‘false’.
To test a range, join a Less Than and Greater Than rule as follows:
FileVersionGreaterThan(C:\Program
Files\Adobe\Acrobat\7.0\Acrobat\Acrobat.exe, 6.99) AND
FileVersionLessThan(C:\Program
Files\Adobe\Acrobat\7.0\Acrobat\Acrobat.exe, 8.00)
Specifying environment or user variables

var in is a string that matches the actual name of the environment variable on the system.
For example, to test that the Program Files directory variable is correctly set:
EnvironmentVariableEquals(ProgramFiles, TEXT, 
C:\Program Files)
Specifying a file attribute

attribute is a system property, a file or folder property, or an agent assigned property on
the node. The appliance provides operating system dependent argument types.

C
Using Windows file attributes

You can use the FileInfoGreaterThan, FileInfoLessThan, and FileInfoEquals functions to test
a file property on Windows in the following syntax:
FunctionName(fullpath, attribute, type, value)
You can specify any type but the datatype indicated in the table below shows the Windows
supported type:
AccessedDate DATE Last date and time the file was accessed.
Comments TEXT Additional information provided for diagnostic
purposes.
CompanyName TEXT Name of the company that produced the file.
CreatedDate DATE When the file was created.
FileBuildPart NUMBER/ Third position of the File Version, for example
TEXT in version 1.2.3, 3=Build.
FileDescription TEXT File Description of the Windows file properties
Details tab.
FileMajorPart NUMBER/ First position of the File Version, for example
TEXT in version 1.2.3, 1=Major.
FileMinorPart NUMBER/ Second position of the File Version, for
TEXT example in version 1.2.3, 2=Minor.
FileName TEXT Current name of the file. Also see FileExists.
FilePrivatePart TEXT Fourth position of the File Version, for example
in version 1.2.3.4, 4=Private.
FileVersion NUMBER/ Complete File Version shown on the file
TEXT properties Details tab.
Also see FileVersionEquals,
FileVersionGreatThan, and
FileVersionLessThan
InternalName TEXT Internal name of the file, if one exists, such as
the module name.
If the file has no internal name, it is equal to the
original filename, without an extension.
IsDebug TEXT/ Returns True (1) if the file contains debugging
NUMBER information or was compiled with debugging
enabled; otherwise returns False (0).
IsPatched TEXT/ Returns True (1) if the provider marked the file
NUMBER as modified and it is not identical to the
original shipped version; otherwise returns
False (0).

IsPreRelease TEXT/ Returns True (1) if the provider marked the file
NUMBER as a development version, not a commercially
released product; otherwise returns False (0).
IsPrivateBuild TEXT/ Returns True (1) if the provider marked the file
NUMBER as not built using standard release procedures;
otherwise returns False (0). When True, file
also has a PrivateBuild string.
IsSpecialBuild TEXT/ Returns True (1) if the provider marked the file
NUMBER as built by the original company using standard
release procedures but is a variation of the
standard file of the same version number;
otherwise returns False (0).
When True, file also has a SpecialBuild string.
Language TEXT Language code, displays corresponding name
on the File Properties Details tab.
LegalCopyright TEXT Copyright notices that apply to the file.
LegalTrademarks TEXT Trademarks and registered trademarks that
apply to the file.
ModifiedDate DATE Last day and time the file was modified.
OriginalFilename TEXT Provides the full name of the file when it was
put or installed on the node.
PrivateBuild TEXT Information about the version of the file.
ProductBuildPart NUMBER/ Third position of the Product Version, for
TEXT example in version 1.2.3, 3=Build.
ProductMajorPart NUMBER/ First position of the Product Version, for
TEXT example in version 1.2.3, 1=Major.
ProductMinorPart NUMBER/ Second position of the Product Version, for
TEXT example in version 1.2.3, 2=Minor.
ProductName TEXT String that matches the Product Name of the
Windows property.
ProductPrivatePart NUMBER Fourth position of the File Version, for example
in version 1.2.3.4, 4=Private.
ProductVersion NUMBER/ The full production version.
TEXT Also see ProductVersionEquals,
ProductVersionGreaterThan, and
ProductVersionLessThan.
SpecialBuild TEXT Additional information about the build.
Testing for Linux and Mac file attributes

On Linux and Mac nodes you can use the following arguments to test file attributes:
device_number ID of device (disk) containing the file.

C
inode inode number.

number_links Number of hard links to the file.
owner User name of the person who owns the file.
group Group name of the file owner.
size File size.
access_time Time stamp of the last time the user or system accessed
the file.
modification_time Last time a change that was mode to the file was saved.
creation_time When the file was created.
block_size The block size of the file.
blocks The number of blocks used by the file.
Specifying the datatype

type identifies the type of data you are testing or returning.
The agent supports the following types:
• TEXT a string. Only valid for exactly matching in conditional rules such as Equals. In
ValueReturn rules, sets the Custom Inventory Field type to string and therefore limits
search criteria and filtering to matching operators.
• NUMBER an integer. Valid in all conditional rules, allows you to specify a whole number
for comparison.
• DATE must be in the format of MM/dd/yyyy HH:mm:ss for example 09/28/2006
05:03:51. Time is required, for example in a comparison such as greater than you
must at least specify the time as 00:00:00.
Specifying values to test

value typically follows type except in a rule where the datatype is known, such as in a
version rule. The value you specify must match the type, for more information see Specifying
the datatype, on page 261.
Specifying the name of a registry entry (Windows only)

valueName is a string that matches the name of the registry entry you want to test. Used
only in registry tests for Windows systems.
Specifying a PLIST key (Mac only)

entry is either NUMBER, TEXT, or DATE and matches a key in a PLIST file on a Mac OS X
computer. In the entry argument, you can specify a colon separated list of keys to match.
For example to

Using a regular expression

regex is a regular expressions that matches a file name in a Conditional or Value Return
rule.
See Matching file names with Regular Expressions, on page 255 for more details.
Defining commands
The shell command functions allow you to specify the command you want to run on the
computer. The guidelines for writing rule arguments do not apply to command. However
white space after the opening parentheses and immediately before the closing one is stripped
from the command.

D
Database Tables
This appendix contains a list of the table names used in the Dell KACE K1000 Management
Appliance database.
• K1000 Management Appliance Database Tables, on page 263.
K1000 Management Appliance Database Tables

Refer to the following table when creating custom reports. For more information, see
Chapter 12: Running the K1000 Appliance Reports, starting on page 199.
Table Component
ADVISORY Service Desk

ADVISORY_LABEL_JT Service Desk
ASSET Assets
ASSET_ASSOCIATION Assets
ASSET_DATA_1 Assets
ASSET_DATA_2 Assets
ASSET_DATA_3 Assets
ASSET_DATA_4 Assets
ASSET_DATA_5 Assets
ASSET_DATA_6 Assets
ASSET_DATA_7 Assets
ASSET_FIELD_DEFINITION Assets
ASSET_FILTER Assets
ASSET_HIERARCHY Assets
ASSET_HISTORY Assets
ASSET_TYPE Assets
AUTHENTICATION Appliance Administration
CLIENTDIST_LABEL_JT Appliance Administration
CLIENT_DISTRIBUTION Appliance Administration

D Database Tables
Table Component
CUSTOM_FIELD_DEFINITION Custom Fields

CUSTOM_VIEW Custom Fields
DELL_INVENTORY Dell Updates
DELL_INVENTORY_APPLICATION Dell Updates
_DEVICE_JT
DELL_INVENTORY_DEVICE_JT Dell Updates
DELL_INVENTORY_LOG Dell Updates
DELL_MACHINE_PKG_UPDATE_S Dell Updates
TATUS
DELL_MACHINE_STATUS Dell Updates
DELL_PKG_LABEL_JT Dell Updates
DELL_PKG_STATUS Dell Updates
DELL_PKG_UPDATE_HISTORY Dell Updates
DELL_SCHEDULE Dell Updates
DELL_SCHEDULE_LABEL_JT Dell Updates
DELL_SCHEDULE_OS_JT Dell Updates
DELL_SCHEDULE_UPDATE_LABE Dell Updates
L_JT
FILTER Labeling
FS File Synchronization
FS_LABEL_JT File Synchronization
FS_MACHINE_JT File Synchronization
GLOBAL_OPTIONS Appliance Administration
HD_ATTACHMENT Service Desk
HD_CATEGORY Service Desk
HD_EMAIL_EVENT Service Desk
HD_FIELD Service Desk
HD_IMPACT Service Desk
HD_MAILTEMPLATE Service Desk
HD_PRIORITY Service Desk
HD_QUEUE Service Desk
Service Desk
HD_QUEUE_APPROVER_LABEL_J
T
HD_QUEUE_OWNER_LABEL_JT Service Desk

Database Tables
D
Table Component
HD_QUEUE_SUBMITTER_LABEL_ Service Desk

JT
HD_SERVICE Service Desk
HD_SERVICE_TICKET Service Desk
HD_SERVICE_USER_LABEL_JT Service Desk
HD_STATUS Service Desk
HD_TICKET Service Desk
HD_TICKET_CHANGE Service Desk
HD_TICKET_CHANGE_FIELD Service Desk
HD_TICKET_FILTER Service Desk
HD_TICKET_RELATED Service Desk
HD_TICKET_RULE Service Desk
HD_WORK Service Desk
IM_CRON Appliance Administration
IPHONE_PROFILE iPhone
IPHONE_PROFILE_LABEL_JT iPhone
KBOT Scripting
KBOT_CRON_SCHEDULE Scripting
KBOT_DEPENDENCY Scripting
KBOT_EVENT_SCHEDULE Scripting
KBOT_FORM Scripting
KBOT_FORM_DATA Scripting
KBOT_LABEL_JT Scripting
KBOT_LOG Scripting
KBOT_LOG_DETAIL Scripting
KBOT_LOG_LATEST Scripting
KBOT_OS_FAMILY_JT Scripting
KBOT_OS_JT Scripting
KBOT_RUN Scripting
KBOT_RUN_MACHINE Scripting
KBOT_RUN_TOKEN Scripting
KBOT_SHELL_SCRIPT Scripting
KBOT_UPLOAD Scripting
KBOT_VERIFY Scripting

D Database Tables
Table Component
KBOT_VERIFY_STEPS Scripting
LABEL Labeling
LABEL_LABEL_JT Labeling
LDAP_FILTER Labeling
LDAP_IMPORT_USER User
MACHINE Inventory
MACHINE_CUSTOM_INVENTORY Inventory
MACHINE_DAILY_UPTIME Inventory
MACHINE_DISKS Inventory
MACHINE_LABEL_JT Inventory
MACHINE_NICS Inventory
MACHINE_NTSERVICE_JT Inventory
MACHINE_PROCESS_JT Inventory
MACHINE_REPLITEM Inventory
MACHINE_SOFTWARE_JT Inventory
MACHINE_STARTUPPROGRAM_JT Inventory
MESSAGE Alerts
MESSAGE_LABEL_JT Alerts
METER Software Metering
METER_COUNTER Software Metering
MI Managed Installs
MI_ATTEMPT Managed Installs
MI_LABEL_JT Managed Installs
MSP_MI_TEMPLATE Patching
NODE Network Scan
NODE_LABEL_JT Network Scan
NODE_PORTS Network Scan
NODE_SNMP_IF Network Scan
NODE_SNMP_SYSTEM Network Scan
NOTIFICATION Alerts
NTSERVICE Inventory
NTSERVICE_LABEL_JT Inventory
OBJECT_HISTORY Appliance Administration

Database Tables
D
Table Component
OPERATING_SYSTEMS Inventory
OVAL_STATUS OVAL
PATCHLINK_MACHINE_STATUS Patching (Security)
PATCHLINK_PATCH_LABEL_JT Patching (Security)
PATCHLINK_PATCH_STATUS Patching (Security)
PATCHLINK_SCHEDULE Patching (Security)
PATCHLINK_SCHEDULE_DEPLOY Patching (Security)
_LABEL_JT
PATCHLINK_SCHEDULE_DETECT Patching (Security)
_LABEL_JT
PATCHLINK_SCHEDULE_LABEL_ Patching (Security)
JT
PATCHLINK_SCHEDULE_OS_JT Patching (Security)
PATCHLINK_SCHEDULE_ROLLBA Patching (Security)
CK_LABEL_JT
PATCH_FILTER Labeling
PORTAL Service Desk
PORTAL_LABEL_JT Service Desk
PROCESS Inventory
PROCESS_LABEL_JT Inventory
PROVISION_CONFIG Appliance Administration
PROVISION_NODE Appliance Administration
REPLICATION_LANGUAGE Replication
REPLICATION_PLATFORM Replication
REPLICATION_SCHEDULE Replication
REPLICATION_SHARE Replication
REPORT Reporting
REPORT_FIELD Reporting
REPORT_FIELD_GROUP Reporting
REPORT_JOIN Reporting
REPORT_OBJECT Reporting
REPORT_SCHEDULE Reporting
SAVED_SEARCH Appliance Administration
SCAN_FILTER Labeling
SCAN_SETTINGS Network Scan

D Database Tables
Table Component
SETTINGS Appliance Administration

SOFTWARE Inventory
SOFTWARE_LABEL_JT Inventory
SOFTWARE_OS_JT Inventory
STARTUPPROGRAM Inventory
STARTUPPROGRAM_LABEL_JT Inventory
THROTTLE Appliance Administration
USER Service Desk
USERIMPORT_SCHEDULE Service Desk
USER_HISTORY Service Desk
USER_KEYS Service Desk
USER_LABEL_JT Service Desk
USER_ROLE Appliance Administration
USER_ROLE_PERMISSION_VALU Appliance Administration
E

E
Manually Deploying Agents
This appendix explains how to manually deploy the Dell KACE K1000 Management
Appliance agent on nodes using a command-line.
Overview of manual deployment

Manually deploying or upgrading the agent is useful when you have problems with
provisioning or want to use other means to install the agent such as shell scripts, batch files,
and Group Policy/Active Directory.
You can find the installers for Windows, Macintosh, and Red Hat Linux in the following
directory:
\\k1000_hostname\client\agent_provisioning
File share must be enabled to access the installers. See Enabling file sharing
on page 47.
Manually installing the 5.1 Agent on Windows

This section describes two methods for installing the 5.1 K1000 Agent on a Windows
machine:
• Manually install using the Install wizard.

The K1000 Management Appliance provides the following Windows installation files for the
K1000 5.1 Agent:
• KInstallerSetup.exe: GUI installer without .NET 1.1. Requires user interaction.

• KInstallerSetupSilent.msi: Silent installer without .NET 1.1. Use for command
line installs.
• KNISetup_v11Silent.msi: Silent installer with .NET 1.1. Use for command line
installs.
Manually install the 5.1 Agent on Windows using the

Install wizard
Use the KInstallerSetup.exe file for this method.

E Manually Deploying Agents
1. Ensure that you have the .NET 1.1 Framework dotnetfx.exe installed on this
computer.
If this file is not installed, you can get a replacement from the shared directory of the
appliance server: \\k1000_name\client\agent_provisioning\windows_platform
2. Go to the shared directory of the appliance server:
\\k1000_hostname\client\agent_provisioning\windows_platform
3. Copy the KInstallerSetup.exe file to your local computer.

4. Double-click the file to start the installation and following the instructions in the install
wizard. Be sure to enter the name of your K1000 server.
The node information appears in the appliance Inventory within a few minutes.
Although the agent automatically checks in, you can force a check in using:
C:\Program Files\KACE\KBOX\KBOXClient.exe
Installing the 5.1 Agent on Windows using command

lines
You can use any of the installation files listed above. See Manually installing the 5.1 Agent on
Windows on page 269.
For example, use the following commands to install the 5.1 Agent on Windows Platforms:
• KInstallerSetup.exe -server=k1000_hostname -ssl_enabled=0 -

amp_ssl=0 -display_mode=silent
• msiexec.exe /qn /I KInstallerSetupSilent.msi KINSTALLER_ARGS="-
server=k1000_hostname -display_mode=silent -ssl_enabled=0 -
amp_ssl=0
You can also use the IP address instead of the server hostname.
Manually installing the 5. 2 Agent on Windows

You can install the K1000 5.2 Agent on Windows using the Install Wizard or command lines.
Manually install the 5.2 Agent on Windows using the

Install wizard
1. Go to the shared directory of the appliance server:
\\k1000_hostname\client\agent_provisioning\windows_platform
2. Copy the ampagent-5.2.buildnumber-x86.msi file to your local computer.

3. Double-click the file to start the installation and following the instructions in the install
wizard. Be sure to enter the name of your K1000 server.

E
The node information appears in the appliance Inventory within a few minutes.
Although the agent automatically checks in, you can force a check in using
the following command line:
runkbot 4 0
Manually install the 5.2 Agent on Windows using

command lines
The options listed in Table E-1 on page 271 in provide several different ways for installing the
5.2 Agents on Windows Platforms. For example:
• In a batch file as part of logon scripts, which would run the installer (msiexec) and set
various parameters, such as the value of the host.
• Set an environment variable for the server name and then run the installer.
• Rename the installer name which automatically sets the server name during the install.
This method provides the following parameters:
Table E-1: Command line parameters for the 5.2 Agent
Description Parameter
Windows msiexec or msiexec.exe

Installer Tool
Install flag /i
Example: msiexec /i ampagent-5.2.12345-x86
Uninstall flag /x
Example: msiexec /x ampagent-5.2.12345-x86
Silent install /qn
Example: msiexec /qn /i ampagent-5.2.12345-x86
Log verbose /L*v log.txt
output
Auto set host rename agent_installer.msi_hostname.msi
name (Renames the install file to the name of the server name, which automatically sets the
host name.)
Example: msiexec /qn /i ampagent-5.1.32941-x86_prime.kace.com.msi
Set properties PROPERTY=value (Must use ALL CAPS.)
Example: msiexec /qn /i ampagent-5.2.32941-x86.msi
HOST=prime.kace.com
Set server set KACE_SERVER=k1000name (Must be followed by an msiexec call to install.)
name Example: set KACE_SERVER=kbox msiexec /i ampagent-5.2.12345-x86
The ordering of setting the host is as follows

1. If HOST= passed to MSI, use that.

2. If installer contains name of host, use that.

3. If KACE_SERVER is set, use that.
4. Use current setting in amp.conf.
5. Use previous setting in smmp.conf.
6. Otherwise default to blank, NOT kbox (will show an error).
Installing and Configuring the 5.1 Agent on Linux

This section provides information for installing the 5.1 Agent on Linux. Additional options
are available for the 5.2 Agent. See Additional options for the 5.2 Agent on page 273.
1. Ensure that you have kboxagent-buildnumber.i386.rpm on your computer.
2. At the command line prompt, enter:
rpm -ivh k1000agent-buildnumber.i386.rpm
The installer creates the following directories on your computer:
• /kace – The base directory where the entire agent is installed on the node.
• /kace/bin – This directory contains all the executable files.
• /kace/lib – This directory contains data, such as version number, default
configuration files, and others for the agent.
• /kace/data – This directory contains the application code organized as libraries.
• /var/kace/kagentd – This directory contains the kbot_config.yaml file.
3. Enter:
cd KACE/bin
4. Set the name of the K1000 Management Appliance server, by entering:
./setkbox k1000server_hostname
5. Restart all K1000 Management Appliance agent services and connect to the appliance
server by entering:
./runkbot 1 0
To upgrade the agent

1. Ensure that you have k1000agent-buildnumber.i386.rpm on your computer.
rpm -uvh k1000agent-linux_buildnumber.rpm

E
To remove the agent

At the command line prompt, enter:
rpm -e k1000agent-buildnumber.i386
Additional options for the 5.2 Agent

You can install the 5.2 agent for any user starting or logging in to a Linux system. You can set
the name by adding the following command to the root.apospories:
export KACE_SERVER=k1000name
The export call must proceed the call to the installer. For example: export
KACE_SERVER=k1000name rpm -ivh k1000agent-12345.i386.rpm
Otherwise default to blank, NOT box (will show an error).
Verifying Deployment of the Agent

This section describes tasks to manage the agent using the command line interface.
To start and stop the agent

cd KACE/bin
2. To start the agent, enter:
./SMMPctl start
3. To stop the agent, enter:
./SMMPctl stop
To check whether the agent is running

1. Open the command line interface.
2. Enter the following command:
- ps aux | grep SMMPAgent
To check the version of the agent

At the command line prompt, enter:
cat /KACE/data/version

To perform an Inventory check

sudo /KACE/bin/inventory:
2. To save the inventory results to a file, enter:
sudo /KACE/bin/inventory > 'uname -n'.txt
This command saves the inventory results to a file named yourcomputer.txt, where
yourcomputer is the name of your computer.
Linux Debugging
To log on to the AMP Service

At a command line prompt, enter the following commands:
sudo touch /var/kace/kagentd/debug_agent.tag
sudo /etc/rc.d/init.d/SMMPctl stop
sudo /etc/rc.d/init.d/SMMPctl start
The output of this file is part of the KBOT_LOG.txt file.
1. Go to Inventory > Computer, and click on the machine you want to view.
2. On the detail page, go to the Logs section.
3. Click K1000 Agent Logs.
Edit the SMMP configuration file:

1. Add the following line to end of the /var/kace/SMMP/SMMP.conf file:
debug=true
2. Save and close the file.
3. Restart the AMP service by entering the following commands:

E
sudo /Library/K1000Agent/Home/bin/SMMPctl stop 

sudo /Library/K1000Agent/Home/bin/SMMPctl start
The agent normally checks in using the Run Interval schedule specified in
Agent Settings page. For debugging and testing purposes, you can run the
file runkbot located in /KACE/bin to force the agent to force a check in with
the appliance.
For bootstrap: to run the first time after agent installation:
/KACE/bin/runkbot 1 0
For Inventory: to run at any other time:
/KACE/bin/runkbot 2 0
To Install and Configure the 5.1 Agent on Mac OS

Nodes
This section provides information for installing the 5.1 Agent on Mac OS. Additional options
are available for the 5.2 Agent. See Using shell scripts to install the 5.2 Agent on page 278.
You must run these commands as root.

A “root” is a user with administrator privileges on the node.
1. Double-click K1000 Agent 3.1.buildnumber.dmg.

2. Double-click K1000 Agent.pkg.
3. The Introduction page is displayed. Click Continue.
4. The Read Me page is displayed. Click Continue.
5. The Select Destination page is displayed, select the destination volume where you
want to install the agent, and then click Continue.
6. The Installation Type page is displayed. Click Install.
7. The Finish Up page is displayed. Click Close.
The installer creates the following directories on your computer:
• /Library/K1000Agent/Home/bin
• /Library/K1000Agent/Home/data
• /Library/K1000Agent/Home/lib
• /var/kace/kagentd - This directory contains the kbot_config.yaml file.
8. Enter:
cd Library/K1000Agent/Home/bin
9. Set the name of the appliance server by entering:
./setk1000 k1000server_hostname

10. Restart all agent services and connect to the appliance server by entering:
./runkbot 2 0
To upgrade the agent

1. Double-click K1000 Agent 3.1.buildnumber.dmg.
2. Double-click K1000 Agent.pkg.
3. The Introduction page is displayed. Click Continue.
4. The Read Me page is displayed. Click Continue.
5. The Select Destination page is displayed, select the destination volume where you
want to install the agent, and then click Continue.
6. The Installation Type page is displayed. Click Upgrade.
7. The Finish Up page is displayed. Click Close.
To remove the agent

1. Browse to /Library/K1000Agent.
2. Drag the K1000Agent folder to the Trash
3. Kill the process ID.
Verifying deployment of the agent

This section describes the various tasks you can perform to manage the agent using the
command line interface.
To start or stop the agent

1. Open Terminal from Applications > Utilities.
cd Library/K1000Agent/Home/bin
./SMMPctl start
3. To stop the agent, enter:
./SMMPctl stop
To check if the agent is running

2. To check if the kagentd process is running, enter the following command:
ps aux | grep kagentd
This output indicates that the process is running:

E
root 2159 0.0 1.1 94408 12044 p2 S 3:26PM 0:10.94 /Library/

K1000Agent/Home/bin/kagentd
To check the version of the agent

2. Enter:
cat Library/K1000Agent/Home/data/version
To perform an Inventory check

2. Enter:
sudo Library/K1000Agent/Home/bin/inventory
3. To save the inventory results to a file, enter:
sudo Library/K1000Agent/Home/bin/inventory > computer_name.txt
This command saves the inventory results to a file named computer_name.txt,
where computer_name is the computer name that you specified.
Macintosh Debugging
To log on to the AMP Service
$ sudo touch /var/kace/kagentd/debug_agent.tag
$ sudo /Library/K1000Agent/Home/bin/SMMPctl stop
$ sudo /Library/K1000Agent/Home/bin/SMMPctl start
The output of this file is part of the KBOT_LOG.txt file.
1. Go to Inventory > Computer, and click the machine you want to view.
2. On the detail page, go to the Logs section.
3. Click K1000 Agent Logs.
Edit the SMMP configuration file:

1. Add the following line to end of the /var/kace/SMMP/SMMP.conf file:
debug=true
2. Save and close the file.
3. Restart the AMP service by entering the following commands:
sudo /Library/K1000Agent/Home/bin/AMPctl stop 
sudo /Library/K1000Agent/Home/bin/AMPctl start

The agent normally checks in using the Run Interval schedule specified in
Agent Settings page. For debugging and testing purposes, you can run the
file runkbot located in /KACE/bin to force the agent to force a check in with
the appliance.
For bootstrap: to run the first time after agent installation:
./runkbot 1 0
For Inventory: to run at any other time:
./runkbot 2 0
Using shell scripts to install the 5.2 Agent

The K1000 Management Appliance provides options that are useful when using shells scripts
to install the 5.2 Agent:
• hdiutil attach ./ampagent-5.2.buildnumber-all.dmg

• export KACE_SERVER=k1000name
• sudo installer -pkg '/Volumes/Dell KACE/AMPAgent.pkg' -target /
• hdiutil detach '/Volumes/Dell KACE'
The export call must proceed the install call (for example, sudo export
KACE_SERVER=k1000name installer -pkg '/Volumes/Dell KACE/
AMPAgent.pkg' -target /

Otherwise default to blank, NOT kbox (will show an error).
For information about using shell scripts and command lines, see http://
developer.apple.com.

F
Understanding the Daily Run
Output
The daily run output is automatically sent to the System Administrator by email every night
at 2:00 AM.
This appendix contains a sample of the daily run output. Your output may differ from the
sample shown.
The following syntaxes are the standard freebsd maintenance messages:
• Removing stale files from /var/preserve:

• Cleaning out old system announcements:
• Removing stale files from /var/rwho:
• Backup passwd and group files:
• Verifying group file syntax:
• Backing up mail aliases:
• Disk status:
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ 2026030 36780 1827168 2% /

twed0s1a
devfs 1 1 0 100% /dev
/dev/ 134105316 1003568 122373324 1% /kbox
twed0s1f
/dev/ 10154158 6365810 2976016 68% /usr
twed0s1e
/dev/ 2026030 3858 1860090 0% /var
twed0s1d
/dev/ 151368706 2722542 136536668 2% /kbackup
twed1s1d

F Understanding the Daily Run Output
The above table reports information about your disks.

Of interest are /kbox and /kbackup.
/kbox contains all the software for the appliance server. It is also contains the
software packages uploaded to the server. If this drive starts getting close to
full you must remove old unused packages or contact KACE for an upgrade.
/kbackup is the drive where /kbox is backed up. It is generally as full as the /
kbox. If it is close to full you must remove old unused packages or contact
KACE for an upgrade.
Network interface status:

Name Mtu Network Address Ipkts Ierrs Opkts
Oerrs
Coll
em0 1500 00:30:48:73:07:4c 332146 0 204673 0
0
em0 1500 192.168.2 kboxdev 308055 - 201832
-
-
em0 1500 fe80:1::230:4 fe80:1::230:48ff: 0 - 4
-
-
em1* 1500 00:30:48:73:07:4d 0 0 0 0
0
plip0 1500 0 0 0 0
0
lo0 16384 699 0 699 0
0
lo0 16384 your-net localhost 699 - 699
-
-
lo0 16384 localhost ::1 0 - 0
-
-
lo0 16384 fe80:4::1 fe80:4::1 0 - 0

Understanding the Daily Run Output
F
-
-
The above table reports information about the network status of the
appliance.
Make sure the Ierrs/Oerrs are zero. Other values indicate some sort of
network failure. If you notice consistent errors, contact KACE support for
assistance.
Local system status:

3:04PM up 3 days, 4:12, 0 users, load averages: 0.05, 0.20, 0.15
The above indicates the amount of time appliance has been up since the last
time it was powered off.
There will not be any users logged onto the machine.
The load averages vary depending on the load on appliance was when this
report was run.
Mail in local queue:

/var/spool/mqueue is empty
Total requests: 0
Mail in submit queue:
/var/spool/clientmqueue is empty
Total requests: 0
Security check:
(output mailed separately)
Checking for rejected mail hosts:

Checking for denied zone transfers (AXFR and IXFR):

tar: Removing leading /' from member names
The message above are the standard freebsd messages regarding the health
of the mail systems.
There should not be mail in the queues. However, if an item still exists, check
your SMTP settings from the Settings > Network Settings page.
[Thu Mar 17 15:05:31 PST 2005] K1000 Backup: Backup Complete.

Backup files available for off-box storage via ftp.
The above message indicates an appliance-specific message telling you that

the backups have been successfully completed and are on the /kbackup disk,
available through the ftp interface.
[Thu Mar 17 15:05:31 PST 2005] K1000 RAID Status

Disk Array Detail Info not available during a rebuild.
If Rebuild in progress, % completion listed below
Disk Array Detail Status:
Unit UnitType Status %Cmpl Port Stripe Size(GB)
Blocks
-------------------------------------------------------------------
----
u0 RAID-1 OK - - - 149.05
312579760
u0-0 DISK OK - p0 - 149.05
312579760
u0-1 DISK OK - p1 - 149.05
312579760
Disk Array REBUILD Status:
/c0/u0 is not rebuilding, its current state is OK
The above table indicates the status of your raid drives. If you ever see the
disks degraded or not rebuilding properly, contact KACE support to address
the problem.
[Thu Mar 17 15:05:31 PST 2005] K1000 Database Maintenance

Daily routines to maintain database performance.
DB Table Maintenance Log:
# Connecting to localhost...
# Disconnecting from localhost...
ORG.ADVISORY OK
ORG.AUTHENTICATION OK
ORG.CATEGORY OK
ORG.CLIENT_DISTRIBUTION OK
ORG.FILTER OK

Understanding the Daily Run Output
F
ORG.FS OK
ORG.FS_LABEL_JT OK
ORG.GLOBAL_OPTIONS OK
ORG.LABEL OK
ORG.LDAP_FILTER OK
ORG.LICENSE OK
ORG.LICENSE_MODE OK
ORG.MACHINE OK
ORG.MACHINE_CUSTOM_INVENTORY OK
ORG.MACHINE_DISKS OK
ORG.MACHINE_LABEL_JT OK
ORG.MACHINE_NICS OK
ORG.MACHINE_PROCESS OK
ORG.MACHINE_SOFTWARE_JT OK
ORG.MACHINE_STARTUP_PROGRAMS OK
ORG.MESSAGE OK
ORG.MESSAGE_LABEL_JT OK
ORG.MI OK
ORG.MI_LABEL_JT OK
ORG.NETWORK_SETTINGS OK
ORG.NOTIFICATION OK
ORG.OPERATING_SYSTEMS OK
ORG.PORTAL OK
ORG.PORTAL_LABEL_JT OK
ORG.PRODUCT_LICENSE OK
ORG.REPORT OK
ORG.SCHEDULE OK
ORG.SERVER_LOG OK
ORG.SOFTWARE OK
ORG.SOFTWARE_LABEL_JT OK
ORG.SOFTWARE_OS_JT OK
ORG.THROTTLE OK
ORG.TIME_SETTINGS OK
ORG.TIME_ZONE OK
ORG.USER OK
ORG.USER_HISTORY OK
ORG.USER_KEYS OK
ORG.USER_LABEL_JT OK
-- End of daily output --
The database is checked every night for any inconsistencies, and these are
automatically repaired.
If you see any failures from this output, contact Dell KACE Support for
assistance.


G
Warranty, Licensing, and Support
Warranty And Support Information

Information concerning hardware and software warranty, hardware replacement, product
returns, technical support terms and product licensing can be found in the KACE End User
License agreement accessible at:
HTTP://WWW.KACE.COM/LICENSE/STANDARD_EULA
Third Party Software Notice

Dell KACE K1000 Management Appliance TM is licensed per the accompanying Third Party
License Agreements in addition to the Dell KACE K1000 Management Appliance license
noted above. Dell KACE K1000 Management Appliance includes software redistributed
under license from the following vendors. In addition, Dell KACE K1000 Management
Appliance contains paid licences to MySQL and RLib that have been purchased and
embedded within Dell KACE K1000 Management Appliance by KACE. Copyright 2004,
KACE Networks, Inc. and other copyrights.
• Apache
• EZ GPO
• FreeBSD
• Knoppix
• Microsoft Windows
• OpenSSL
• PHP
• Samba
• Sendmail
Apache
This product (Dell KACE K1000 Management Appliance) includes software developed by
The Apache Software Foundation (http://www.apache.org/). Apache License Version 2.0,
January 2004 http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

G Warranty, Licensing, and Support
1. Definitions. “License” shall mean the terms and conditions for use, reproduction, and
distribution as defined by Sections 1 through 9 of this document. “Licensor” shall mean
the copyright owner or entity authorized by the copyright owner that is granting the
License. “Legal Entity” shall mean the union of the acting entity and all other entities
that control, are controlled by, or are under common control with that entity. For the
purposes of this definition, “control” means (i) the power, direct or indirect, to cause
the direction or management of such entity, whether by contract or otherwise, or (ii)
ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial
ownership of such entity. “You” (or “Your”) shall mean an individual or Legal Entity
exercising permissions granted by this License. “Source” form shall mean the preferred
form for making modifications, including but not limited to software source code,
documentation source, and configuration files. “Object” form shall mean any form
resulting from mechanical transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation, and conversions to other
media types.

“Work” shall mean the work of authorship, whether in Source or Object form, made
available under the License, as indicated by a copyright notice that is included in or
attached to the work (an example is provided in the Appendix below).

“Derivative Works” shall mean any work, whether in Source or Object form, that is
based on (or derived from) the Work and for which the editorial revisions, annotations,
elaborations, or other modifications represent, as a whole, an original work of
authorship. For the purposes of this License, Derivative Works shall not include works
that remain separable from, or merely link (or bind by name) to the interfaces of, the
Work and Derivative Works thereof. “Contribution” shall mean any work of authorship,
including the original version of the Work and any modifications or additions to that
Work or Derivative Works thereof, that is intentionally submitted to Licensor for
inclusion in the Work by the copyright owner or by an individual or Legal Entity
authorized to submit on behalf of the copyright owner. For the purposes of this
definition, “submitted” means any form of electronic, verbal, or written communication
sent to the Licensor or its representatives, including but not limited to communication
on electronic mailing lists, source code control systems, and issue tracking systems that
are managed by, or on behalf of, the Licensor for the purpose of discussing and
improving the Work, but excluding communication that is conspicuously marked or
otherwise designated in writing by the copyright owner as “Not a Contribution.” 
“Contributor” shall mean Licensor and any individual or Legal Entity on behalf of whom
a Contribution has been received by Licensor and subsequently incorporated within the
Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License,
each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-
charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative
Works of, publicly display, publicly perform, sublicense, and distribute the Work and
such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each
Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge,
royalty-free, irrevocable (except as stated in this section) patent license to make, have
made, use, offer to sell, sell, import, and otherwise transfer the Work, where such
license applies only to those patent claims licensable by such Contributor that are
necessarily infringed by their Contribution(s) alone or by combination of their
Contribution(s) with the Work to which such Contribution(s) was submitted. If You

G
institute patent litigation against any entity (including a cross-claim or counterclaim in

a lawsuit) alleging that the Work or a Contribution incorporated within the Work
constitutes direct or contributory patent infringement, then any patent licenses granted
to You under this License for that Work shall terminate as of the date such litigation is
filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative
Works thereof in any medium, with or without modifications, and in Source or Object
form, provided that You meet the following conditions:
a. You must give any other recipients of the Work or Derivative Works a copy of this
License; and
b. You must cause any modified files to carry prominent notices stating that You
changed the files; and
c. You must retain, in the Source form of any Derivative Works that You distribute, all
copyright, patent, trademark, and attribution notices from the Source form of the
Work, excluding those notices that do not pertain to any part of the Derivative
Works; and
d. If the Work includes a “NOTICE” text file as part of its distribution, then any
Derivative Works that You distribute must include a readable copy of the attribution
notices contained within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one of the following places:
within a NOTICE text file distributed as part of the Derivative Works; within the
Source form or documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and wherever such third-party
notices normally appear. The contents of the NOTICE file are for informational
purposes only and do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside or as an addendum to
the NOTICE text from the Work, provided that such additional attribution notices
cannot be construed as modifying the License.
e. You may add Your own copyright statement to Your modifications and may provide
additional or different license terms and conditions for use, reproduction, or
distribution of Your modifications, or for any such Derivative Works as a whole,
provided Your use, reproduction, and distribution of the Work otherwise complies
with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any
Contribution intentionally submitted for inclusion in the Work by You to the Licensor
shall be under the terms and conditions of this License, without any additional terms or
conditions. Notwithstanding the above, nothing herein shall supersede or modify the
terms of any separate license agreement you may have executed with Licensor
regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names,
trademarks, service marks, or product names of the Licensor, except as required for
reasonable and customary use in describing the origin of the Work and reproducing the
content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing,
Licensor provides the Work (and each Contributor provides its Contributions) on an
“AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied, including, without limitation, any warranties or conditions of

TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A

PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any risks associated
with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort
(including negligence), contract, or otherwise, unless required by applicable law (such
as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special, incidental, or
consequential damages of any character arising as a result of this License or out of the
use or inability to use the Work (including but not limited to damages for loss of
goodwill, work stoppage, computer failure or malfunction, or any and all other
commercial damages or losses), even if such Contributor has been advised of the
possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or
Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of
support, warranty, indemnity, or other liability obligations and/or rights consistent
with this License. However, in accepting such obligations, You may act only on Your
own behalf and on Your sole responsibility, not on behalf of any other Contributor, and
only if You agree to indemnify, defend, and hold each Contributor harmless for any
liability incurred by, or claims asserted against, such Contributor by reason of your
accepting any such warranty or additional liability.
EZ GPO
Copyright (c) 2003-2007, The Environmental Protection Agency.
All of the documentation and software included in the EZ GPO PC Monitor Power
Management Tool software is copyrighted by the Environmental Protection Agency.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
* Neither the name of the Environmental Protection Agency nor the names of its
contributors may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE ENVIRONMENTAL PROTECTION AGENCY
AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE FEDERAL GOVERMENT OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

G
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,

WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
FreeBSD
Free Software Foundation, Inc. GNU GENERAL PUBLIC LICENSE, Version 2, June 1991.
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,675 Mass Ave, Cambridge, MA
02139, USA.Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your freedom to share and change
it. By contrast, the GNU General Public License is intended to guarantee your freedom to
share and change free software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software Foundation's software and to
any other program whose authors commit to using it. (Some other Free Software Foundation
software is covered by the GNU Library General Public License instead.) You can apply it to
your programs, too.

When we speak of free software, we are referring to freedom, not price. Our General Public
Licenses are designed to make sure that you have the freedom to distribute copies of free
software (and charge for this service if you wish), that you receive source code or can get it if
you want it, that you can change the software or use pieces of it in new free programs; and
that you know you can do these things.

To protect your rights, we need to make restrictions that forbid anyone to deny you these
rights or to ask you to surrender the rights. These restrictions translate to certain
responsibilities for you if you distribute copies of the software, or if you modify it.

For example, if you distribute copies of such a program, whether gratis or for a fee, you must
give the recipients all the rights that you have. You must make sure that they, too, receive or
can get the source code. And you must show them these terms so they know their rights.

We protect your rights with two steps: (1) copyright the software, and (2) offer you this
license which gives you legal permission to copy, distribute and/or modify the software.

Also, for each author's protection and ours, we want to make certain that everyone
understands that there is no warranty for this free software. If the software is modified by
someone else and passed on, we want its recipients to know that what they have is not the
original, so that any problems introduced by others will not reflect on the original authors'
reputations.

Finally, any free program is threatened constantly by software patents. We wish to avoid the
danger that redistributors of a free program will individually obtain patent licenses, in effect
making the program proprietary. To prevent this, we have made it clear that any patent must

be licensed for everyone's free use or not licensed at all.


The precise terms and conditions for copying, distribution and modification follow.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING,
DISTRIBUTION AND MODIFICATION
1. This License applies to any program or other work which contains a notice placed by the
copyright holder saying it may be distributed under the terms of this General Public
License. The “Program”, below, refers to any such program or work, and a “work based
on the Program” means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it, either verbatim or with
modifications and/or translated into another language. (Hereinafter, translation is
included without limitation in the term “modification”.) Each licensee is addressed as
“you”.

Activities other than copying, distribution and modification are not covered by this
License; they are outside its scope. The act of running the Program is not restricted, and
the output from the Program is covered only if its contents constitute a work based on
the Program (independent of having been made by running the Program). Whether that
is true depends on what the Program does.
2. You may copy and distribute verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and appropriately publish
on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all
the notices that refer to this License and to the absence of any warranty; and give any
other recipients of the Program a copy of this License along with the Program.

You may charge a fee for the physical act of transferring a copy, and you may at your
option offer warranty protection in exchange for a fee.
3. You may modify your copy or copies of the Program or any portion of it, thus forming a
work based on the Program, and copy and distribute such modifications or work under
the terms of Section 1 above, provided that you also meet all of these conditions:
a. You must cause the modified files to carry prominent notices stating that you
changed the files and the date of any change.
b. You must cause any work that you distribute or publish, that in whole or in part
contains or is derived from the Program or any part thereof, to be licensed as a whole
at no charge to all third parties under the terms of this License.
c. If the modified program normally reads commands interactively when run, you must
cause it, when started running for such interactive use in the most ordinary way, to
print or display an announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide a warranty) and that
users may redistribute the program under these conditions, and telling the user how
to view a copy of this License. (Exception: if the Program itself is interactive but does
not normally print such an announcement, your work based on the Program is not
required to print an announcement.)
These requirements apply to the modified work as a whole. If identifiable sections of
that work are not derived from the Program, and can be reasonably considered
independent and separate works in themselves, then this License, and its terms, do

G
not apply to those sections when you distribute them as separate works. But when
you distribute the same sections as part of a whole which is a work based on the
Program, the distribution of the whole must be on the terms of this License, whose
permissions for other licensees extend to the entire whole, and thus to each and
every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your rights to work
written entirely by you; rather, the intent is to exercise the right to control the
distribution of derivative or collective works based on the Program.
In addition, mere aggregation of another work not based on the Program with the
Program (or with a work based on the Program) on a volume of a storage or
distribution medium does not bring the other work under the scope of this License.
4. You may copy and distribute the Program (or a work based on it, under Section 2) in
object code or executable form under the terms of Sections 1 and 2 above provided that
you also do one of the following:
a. Accompany it with the complete corresponding machine-readable source code,
which must be distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
b. Accompany it with a written offer, valid for at least three years, to give any third
party, for a charge no more than your cost of physically performing source
distribution, a complete machine-readable copy of the corresponding source code, to
be distributed under the terms of Sections 1 and 2 above on a medium customarily
used for software interchange; or,
c. Accompany it with the information you received as to the offer to distribute
corresponding source code. (This alternative is allowed only for noncommercial
distribution and only if you received the program in object code or executable form
with such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for making
modifications to it. For an executable work, complete source code means all the
source code for all modules it contains, plus any associated interface definition files,
plus the scripts used to control compilation and installation of the executable.
However, as a special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary form) with the
major components (compiler, kernel, and so on) of the operating system on which
the executable runs, unless that component itself accompanies the executable.

If distribution of executable or object code is made by offering access to copy from a
designated place, then offering equivalent access to copy the source code from the
same place counts as distribution of the source code, even though third parties are
not compelled to copy the source along with the object code.
5. You may not copy, modify, sublicense, or distribute the Program except as expressly
provided under this License. Any attempt otherwise to copy, modify, sublicense or
distribute the Program is void, and will automatically terminate your rights under this
License. However, parties who have received copies, or rights, from you under this
License will not have their licenses terminated so long as such parties remain in full
compliance.

6. You are not required to accept this License, since you have not signed it. However,
nothing else grants you permission to modify or distribute the Program or its derivative
works. These actions are prohibited by law if you do not accept this License. Therefore,
by modifying or distributing the Program (or any work based on the Program), you
indicate your acceptance of this License to do so, and all its terms and conditions for
copying, distributing or modifying the Program or works based on it.
7. Each time you redistribute the Program (or any work based on the Program), the
recipient automatically receives a license from the original licensor to copy, distribute
or modify the Program subject to these terms and conditions. You may not impose any
further restrictions on the recipients' exercise of the rights granted herein. You are not
responsible for enforcing compliance by third parties to this License.
8. If, as a consequence of a court judgment or allegation of patent infringement or for any
other reason (not limited to patent issues), conditions are imposed on you (whether by
court order, agreement or otherwise) that contradict the conditions of this License, they
do not excuse you from the conditions of this License. If you cannot distribute so as to
satisfy simultaneously your obligations under this License and any other pertinent
obligations, then as a consequence you may not distribute the Program at all. For
example, if a patent license would not permit royalty-free redistribution of the Program
by all those who receive copies directly or indirectly through you, then the only way you
could satisfy both it and this License would be to refrain entirely from distribution of
the Program.

If any portion of this section is held invalid or unenforceable under any particular
circumstance, the balance of the section is intended to apply and the section as a whole
is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any patents or other
property right claims or to contest validity of any such claims; this section has the sole
purpose of protecting the integrity of the free software distribution system, which is
implemented by public license practices. Many people have made generous
contributions to the wide range of software distributed through that system in reliance
on consistent application of that system; it is up to the author/donor to decide if he or
she is willing to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence
of the rest of this License.
9. If the distribution and/or use of the Program is restricted in certain countries either by
patents or by copyrighted interfaces, the original copyright holder who places the
Program under this License may add an explicit geographical distribution limitation
excluding those countries, so that distribution is permitted only in or among countries
not thus excluded. In such case, this License incorporates the limitation as if written in
the body of this License.
10. The Free Software Foundation may publish revised and/or new versions of the General
Public License from time to time. Such new versions will be similar in spirit to the
present version, but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies a
version number of this License which applies to it and “any later version”, you have the
option of following the terms and conditions either of that version or of any later version
published by the Free Software Foundation. If the Program does not specify a version

G
number of this License, you may choose any version ever published by the Free
Software Foundation.
11. If you wish to incorporate parts of the Program into other free programs whose
distribution conditions are different, write to the author to ask for permission. For
software which is copyrighted by the Free Software Foundation, write to the Free
Software Foundation; we sometimes make exceptions for this. Our decision will be
guided by the two goals of preserving the free status of all derivatives of our free
software and of promoting the sharing and reuse of software generally.
NO WARRANTY
12. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY
AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM
PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY
MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE
LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH
ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

END OF TERMS AND CONDITIONS
Knoppix
This product (Dell KACE K1000 Management Appliance) includes the Knoppix software
developed by Klaus Knopper. Knoppix is a registered trademark of Klaus Knopper. The
KNOPPIX software collection and all included programs that are authored by Klaus
Knopper, are subject to the terms and conditions of the GNU GENERAL PUBLIC LICENSE
Version 2, as quoted herein.
Please note that this license does NOT automatically apply to third-party programs included
on this CD. Check /usr/share/doc/*/copyright* and other supplied license files of each
software package carefully for more information.
GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free
Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies of this license document, but
changing it is not allowed. Preamble The licenses for most software are designed to take
away your freedom to share and change it. By contrast, the GNU General Public License is

intended to guarantee your freedom to share and change free software--to make sure the
software is free for all its users. This General Public License applies to most of the Free
Software Foundation's software and to any other program whose authors commit to using it.
(Some other Free Software Foundation software is covered by the GNU Library General
Public License instead.) You can apply it to your programs, too. When we speak of free
software, we are referring to freedom, not price. Our General Public Licenses are designed to
make sure that you have the freedom to distribute copies of free software (and charge for this
service if you wish), that you receive source code or can get it if you want it, that you can
change the software or use pieces of it in new free programs; and that you know you can do
these things. To protect your rights, we need to make restrictions that forbid anyone to deny
you these rights or to ask you to surrender the rights. These restrictions translate to certain
responsibilities for you if you distribute copies of the software, or if you modify it. For
example, if you distribute copies of such a program, whether gratis or for a fee, you must give
the recipients all the rights that you have. You must make sure that they, too, receive or can
get the source code. And you must show them these terms so they know their rights. We
protect your rights with two steps: (1) copyright the software, and (2) offer you this license
which gives you legal permission to copy, distribute and/or modify the software. Also, for
each author's protection and ours, we want to make certain that everyone understands that
there is no warranty for this free software. If the software is modified by someone else and
passed on, we want its recipients to know that what they have is not the original, so that any
problems introduced by others will not reflect on the original authors' reputations. Finally,
any free program is threatened constantly by software patents. We wish to avoid the danger
that redistributors of a free program will individually obtain patent licenses, in effect making
the program proprietary. To prevent this, we have made it clear that any patent must be
licensed for everyone's free use or not licensed at all. The precise terms and conditions for
copying, distribution and modification follow.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING,

DISTRIBUTION AND MODIFICATION.
copyright holder saying it may be distributed under the terms of this General Public License.
The "Program", below, refers to any such program or work, and a "work based on the
Program" means either the Program or any derivative work under copyright law: that is to
say, a work containing the Program or a portion of it, either verbatim or with modifications
and/or translated into another language. (Hereinafter, translation is included without
limitation in the term "modification".) Each licensee is addressed as "you". Activities other
than copying, distribution and modification are not covered by this License; they are outside
its scope. The act of running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the Program (independent of having
been made by running the Program). Whether that is true depends on what the Program
does.
other recipients of the Program a copy of this License along with the Program. You may

G
charge a fee for the physical act of transferring a copy, and you may at your option offer
warranty protection in exchange for a fee.
the terms of Section 1 above, provided that you also meet all of these conditions: a) You
must cause the modified files to carry prominent notices stating that you changed the
files and the date of any change. b) You must cause any work that you distribute or
publish, that in whole or in part contains or is derived from the Program or any part
thereof, to be licensed as a whole at no charge to all third parties under the terms of this
License. c) If the modified program normally reads commands interactively when run,
you must cause it, when started running for such interactive use in the most ordinary
way, to print or display an announcement including an appropriate copyright notice
and a notice that there is no warranty (or else, saying that you provide a warranty) and
that users may redistribute the program under these conditions, and telling the user
how to view a copy of this License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on the Program is not
required to print an announcement.) These requirements apply to the modified work as
a whole. If identifiable sections of that work are not derived from the Program, and can
be reasonably considered independent and separate works in themselves, then this
License, and its terms, do not apply to those sections when you distribute them as
separate works. But when you distribute the same sections as part of a whole which is a
work based on the Program, the distribution of the whole must be on the terms of this
License, whose permissions for other licensees extend to the entire whole, and thus to
each and every part regardless of who wrote it. Thus, it is not the intent of this section to
claim rights or contest your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or collective works based on
the Program. In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of a storage or
you also do one of the following: a) Accompany it with the complete corresponding
machine-readable source code, which must be distributed under the terms of Sections 1
and 2 above on a medium customarily used for software interchange; or, b) Accompany
it with a written offer, valid for at least three years, to give any third party, for a charge
no more than your cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be distributed under the
terms of Sections 1 and 2 above on a medium customarily used for software
interchange; or, 
c) Accompany it with the information you received as to the offer to distribute
distribution and only if you received the program in object code or executable form with
such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for making modifications
to it. For an executable work, complete source code means all the source code for all modules
it contains, plus any associated interface definition files, plus the scripts used to control
compilation and installation of the executable. However, as a special exception, the source
code distributed need not include anything that is normally distributed (in either source or
binary form) with the major components (compiler, kernel, and so on) of the operating
system on which the executable runs, unless that component itself accompanies the

executable. If distribution of executable or object code is made by offering access to copy

from a designated place, then offering equivalent access to copy the source code from the
same place counts as distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
compliance.
the Program. If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply and the section
as a whole is intended to apply in other circumstances. It is not the purpose of this
section to induce you to infringe any patents or other property right claims or to contest
validity of any such claims; this section has the sole purpose of protecting the integrity
of the free software distribution system, which is implemented by public license
practices. Many people have made generous contributions to the wide range of software
distributed through that system in reliance on consistent application of that system; it is
up to the author/donor to decide if he or she is willing to distribute software through
any other system and a licensee cannot impose that choice. This section is intended to
make thoroughly clear what is believed to be a consequence of the rest of this License.

G
present version, but may differ in detail to address new problems or concerns. Each
version is given a distinguishing version number.
If the Program specifies a version number of this License which applies to it and "any later
version", you have the option of following the terms and conditions either of that version or
of any later version published by the Free Software Foundation. If the Program does not
specify a version number of this License, you may choose any version ever published by the
Free Software Foundation.
NO WARRANTY
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT
REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE
LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY
OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS
PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT
OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT
LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE
PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH
HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your
New Programs If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it free software which
everyone can redistribute and change under these terms. To do so, attach the following
notices to the program. It is safest to attach them to the start of each source file to most
effectively convey the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found. <one line to give the
program's name and a brief idea of what it does.> Copyright (C) <year> <name of
author> This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later version. This
program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this
program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite

330, Boston, MA 02111-1307 USA Also add information on how to contact you by
electronic and paper mail. If the program is interactive, make it output a short notice
like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C)
year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for
details type `show w'. This is free software, and you are welcome to redistribute it under
certain conditions; type `show c' for details. The hypothetical commands `show w' and
`show c' should show the appropriate parts of the General Public License. Of course, the
commands you use may be called something other than `show w' and `show c'; they
could even be mouse-clicks or menu items--whatever suits your program. You should
also get your employer (if you work as a programmer) or your school, if any, to sign a
"copyright disclaimer" for the program, if necessary. 

Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright
interest in the program `Gnomovision' (which makes passes at compilers) written by
James Hacker. <signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice This
General Public License does not permit incorporating your program into proprietary
programs.
If your program is a subroutine library, you may consider it more useful to permit linking
proprietary applications with the library. If this is what you want to do, use the GNU Library
General Public License instead of this License.
Microsoft Windows
This Product is designed for use in supporting the deployment of the following operating
systems: Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows 98 Second
Edition, Microsoft Windows Millennium Edition, Microsoft Windows NT Workstation 4
Service Pack 5 or later, Microsoft Windows NT Server 4 Service Pack 5 or later, Microsoft
Windows 2000 Professional, Microsoft Windows 2000 Server (Standard, Advanced and
Datacenter Editions), Microsoft Windows XP Professional, Microsoft Windows XP Tablet PC
Edition, Microsoft Windows XP Media Center Edition, or Microsoft Windows Server 2003
(Web, Standard, Enterprise and Datacenter Editions). This Product is designed for use on
processor architectures supported by the operating system that the Product was built from:
e.g., the x86 32-bit version may only deploy X86 32-bit Microsoft operating systems, the
Intel Itanium version may only deploy versions of Microsoft Windows designed for this
architecture, and the 64-bit extended version may only deploy versions of Microsoft
Windows designed for this architecture. The Product may not function properly with other
operating system products or other processor architectures.
OpenSSL
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL
License and the original SSLeay license apply to the toolkit. See below for the actual license
texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues
related to OpenSSL please contact openssl-core@openssl.org.
OpenSSL License
Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.

G
1. Redistributions of source code must retain the above copyright notice, this list of
2. Redistributions in binary form must reproduce the above copyright notice, this list of
3. All advertising materials mentioning features or use of this software must display the
following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit. (http://www.openssl.org/)"
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or
promote products derived from this software without prior written permission. For
written permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL"
appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit (http://www.openssl.org/)".
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT `ÀS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License

Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The
implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following
conditions are aheared to. The following conditions apply to all code found in this
distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL

documentation included with this distribution is covered by the same copyright terms except
that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be
removed.
If this package is used in a product, Eric Young should be given attribution as the author of
the parts of the library used. This can be in the form of a textual message at program startup
or in documentation (online or textual) provided with the package.
1. Redistributions of source code must retain the copyright notice, this list of conditions
and the following disclaimer.
3. All advertising materials mentioning features or use of this software must display the
following acknowledgement:
"This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com)". The word 'cryptographic' can be left out if the rouines from the
library being used are not cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps
directory (application code) you must include an acknowledgement:
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)".
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG `ÀS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The licence and distribution terms for any publically available version or derivative of this
code cannot be changed, i.e. this code cannot simply be copied and put under another
distribution licence [including the GNU Public Licence.]
PHP
The PHP Group. The PHP License, version 3.0. Copyright (c) 1999 - 2004 The PHP Group.
All rights reserved.


G
Redistribution and use in source and binary forms, with or without modification, is
1. Redistributions of source code must retain the above copyright notice, this list of
3. The name “PHP” must not be used to endorse or promote products derived from this
software without prior written permission. For written permission, please contact
group@php.net.
4. Products derived from this software may not be called “PHP”, nor may “PHP” appear in
their name, without prior written permission from group@php.net. You may indicate
that your software works in conjunction with PHP by saying “Foo for PHP” instead of
calling it “PHP Foo” or “phpfoo”.
5. The PHP Group may publish revised and/or new versions of the license from time to
time. Each version will be given a distinguishing version number. Once covered code
has been published under a particular version of the license, you may always continue to
use it under the terms of that version. You may also choose to use such covered code
under the terms of any subsequent version of the license published by the PHP Group.
No one other than the PHP Group has the right to modify the terms applicable to
covered code created under this License.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
“This product includes PHP, freely available from <http://www.php.net/>”. 
THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM `ÀS IS'' AND
ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP
DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on behalf of the
PHP Group. The PHP Group can be contacted via Email at group@php.net. 
For more information on the PHP Group and the PHP project, please see <http://
www.php.net>. This product includes the Zend Engine, freely available at <http://
www.zend.com>.
Samba
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA
02139, USA

Everyone is permitted to copy and distribute verbatim copies of this license document, but
changing it is not allowed.
Preamble
The licenses for most software are designed to take away your freedom to share and change
it. By contrast, the GNU General Public License is intended to guarantee your freedom to
share and change free software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software Foundation's software and to
any other program whose authors commit to using it. (Some other Free Software Foundation
software is covered by the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General Public
Licenses are designed to make sure that you have the freedom to distribute copies of free
software (and charge for this service if you wish), that you receive source code or can get it if
you want it, that you can change the software or use pieces of it in new free programs; and
that you know you can do these things.
To protect your rights, we need to make restrictions that forbid anyone to deny you these
rights or to ask you to surrender the rights. These restrictions translate to certain
responsibilities for you if you distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or for a fee, you must
give the recipients all the rights that you have. You must make sure that they, too, receive or
can get the source code. And you must show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer you this
license which gives you legal permission to copy, distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain that everyone
understands that there is no warranty for this free software. If the software is modified by
someone else and passed on, we
want its recipients to know that what they have is not the original, so that any problems
introduced by others will not reflect on the original authors' reputations.
Finally, any free program is threatened constantly by software patents. We wish to avoid the
danger that redistributors of a free program will individually obtain patent licenses, in effect
making the program proprietary. To prevent this, we have made it clear that any patent must
be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

G
copyright holder saying it may be distributed under the terms of this General Public
License. The "Program", below, refers to any such program or work, and a "work based
on the Program" means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it, either verbatim or with
modifications and/or translated into another language. (Hereinafter, translation is
included without limitation in the term "modification".) Each licensee is addressed as
"you".
Activities other than copying, distribution and modification are not covered by this
License; they are outside its scope. The act of running the Program is not restricted, and
the output from the Program is covered only if its contents constitute a work based on
the Program (independent of having been made by running the Program). Whether that
is true depends on what the Program does.
other recipients of the Program a copy of this License along with the Program.
You may charge a fee for the physical act of transferring a copy, and you may at your
option offer warranty protection in exchange for a fee.
the terms of Section 1 above, provided that you also meet all of these conditions:
a. You must cause the modified files to carry prominent notices stating that you
changed the files and the date of any change.
b. You must cause any work that you distribute or publish, that in whole or in part
contains or is derived from the Program or any part thereof, to be licensed as a whole
at no charge to all third parties under the terms of this License.
c. If the modified program normally reads commands interactively when run, you
must cause it, when started running for such interactive use in the most ordinary
way, to print or display an announcement including an appropriate copyright notice
and a notice that there is no warranty (or else, saying that you provide a warranty)
and that users may redistribute the program under these conditions, and telling the
user how to view a copy of this License. (Exception: if the Program itself is
interactive but does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If identifiable sections of
that work are not derived from the Program, and can be reasonably considered
independent and separate works in
themselves, then this License, and its terms, do not apply to those sections when you
distribute them as separate works. But when you distribute the same sections as part
of a whole which is a work based on the Program, the distribution of the whole must
be on the terms of this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest your rights to work
written entirely by you; rather, the intent is to exercise the right to control the
distribution of derivative or collective works based on the Program.
In addition, mere aggregation of another work not based on the Program with the
Program (or with a work based on the Program) on a volume of a storage or
you also do one of the following:
a. Accompany it with the complete corresponding machine-readable source code,
which must be distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
b. Accompany it with a written offer, valid for at least three years, to give any third
party, for a charge no more than your cost of physically performing source
distribution, a complete machine-readable copy of the corresponding source code, to
be distributed under the terms of Sections 1 and 2 above on a medium customarily
used for software interchange; or,
c. Accompany it with the information you received as to the offer to distribute
distribution and only if you received the program in object code or executable form
with such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for making
modifications to it. For an executable work, complete source code means all the
source code for all modules it contains, plus any associated interface definition files,
plus the scripts used to control compilation and installation of the executable.
However, as a special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary form) with the
major components (compiler, kernel, and so on) of the operating system on which
the executable runs, unless that component itself accompanies the executable.
If distribution of executable or object code is made by offering access to copy from a
designated place, then offering equivalent access to copy the source code from the
same place counts as distribution of the source code, even though third parties are
not compelled to copy the source along with the object code.
compliance.

G
the Program.
If any portion of this section is held invalid or unenforceable under any particular
circumstance, the balance of the section is intended to apply and the section as a whole
is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any patents or other
property right claims or to contest validity of any such claims; this section has the sole
purpose of protecting the integrity of the free software distribution system, which is
implemented by public license practices. Many people have made generous
contributions to the wide range of software distributed through that system in reliance
on consistent application of that system; it is up to the author/donor to decide if he or
she is willing to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence
of the rest of this License.
present version, but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies a
version number of this License which applies to it and "any later version", you have the
option of following the terms and conditions either of that version or of any later version
published by the Free Software Foundation. If the Program does not specify a version
number of this License, you may choose any version ever published by the Free
Software Foundation.

NO WARRANTY
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY
MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE
LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH
ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
Sendmail
Sendmail, Inc.
SENDMAIL LICENSE
The following license terms and conditions apply, unless a different license is obtained from
Sendmail, Inc., 6425 Christie Ave, Fourth Floor, Emeryville, CA 94608, USA, or by electronic
mail at license@sendmail.com.

License Terms:
Use, Modification and Redistribution (including distribution of any modified or derived
work) in source and binary forms is permitted only if each of the following conditions is met:
1. Redistributions qualify as “freeware” or “Open Source Software” under one of the
following terms:
a. Redistributions are made at no charge beyond the reasonable cost of materials and
delivery.
b. Redistributions are accompanied by a copy of the Source Code or by an irrevocable
offer to provide a copy of the Source Code for up to three years at the cost of
materials and delivery. Such redistributions must allow further use, modification,
and redistribution of the Source Code under substantially the same terms as this

G
license. For the purposes of redistribution “Source Code” means the complete
compilable and linkable source code of sendmail including all modifications.
2. Redistributions of source code must retain the copyright notices as they appear in each
source code file, these license terms, and the disclaimer/limitation of liability set forth
as paragraph 6 below.
3. Redistributions in binary form must reproduce the Copyright Notice, these license
terms, and the disclaimer/limitation of liability set forth as paragraph 6 below, in the
documentation and/or other materials provided with the distribution. For the purposes
of binary distribution the “Copyright Notice” refers to the following language:
“Copyright (c) 1998-2003 Sendmail, Inc. All rights reserved.”
4. Neither the name of Sendmail, Inc. nor the University of California nor the names of
their contributors may be used to endorse or promote products derived from this
software without specific prior written permission. The name “sendmail” is a trademark
of Sendmail, Inc.
5. All redistributions must comply with the conditions imposed by the University of
California on certain embedded code, whose copyright notice and conditions for
redistribution are as follows:
a. Copyright (c) 1988, 1993 The Regents of the University of California. All rights
reserved.
b. Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met: (i)
Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer. (ii) Redistributions in binary form must
reproduce the above copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided with the
distribution. (iii) Neither the name of the University nor the names of its
contributors may be used to endorse or promote products derived from this software
without specific prior written permission.
6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY SENDMAIL,
INC. AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL SENDMAIL, INC., THE REGENTS OF THE
UNIVERSITY OF CALIFORNIA OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.


Index
A B
active directory settings 171 backing up appliance data 174
adding backup files
software to inventory 84 downloading 175
Administering 229 backups
administering Mac OS nodes 229 manual 174
administration bandwidth, replication
applying the server update 178 replication
backing up data 174 bandwidth 137
disk logs, understanding 183
k1000_dbdata.gz file 174 C
k1000_file.tgz file 174 Client bundle 70
logs, accessing 181 clients
restarting your appliance 180 check-in rate monitor 10
restoring appliance settings 176 connection meter 12
restoring factory settings 176 Clients Connected Meter 12
restoring most recent backup 176 command line deployment
troubleshooting 180 Linux agent 272
troubleshooting your appliance 180 Mac OS agent 275
updating appliance software 177 Windows agent 269, 270, 271
updating OVAL definitions 180 components
updating the license key 178 finding 15
upgrading server software 174 compression mode 9 124
verifying minimum server version 177 computer detail page 79
administrator portal computer details
introduction to 2 appliance agent logs 81
advanced search viewing by label 37
using for computer inventory 77 computer inventory detail page 79
advanced search for software 83 computer notifications 78
agent running confirmation 276 computers 78
agent update adding to inventory 81
agent patches 69 inventory 75
agents searching for in inventory 77
about 2 statistics 14
operating system requirements 46 configuration
Alert Messages 207 KACE K1200 19
alert messages to users policies 159
using 207 configuration polices
alert summary about 159
description 15 configuration settings 19
alerts configuring Dell OpenManage catalog updates 140
AMP connection required for 207 creating an LDAP label with the browser 189
broadcast 207 creating computer notifications 78
email 208 creating IP scans 106
email, creating 208 Custom Data Fields 85
license compliance 23 Custom Inventory ID (rule) 241
with scripts 149
alternate download location 114
AMP connection D
about 71 Daily Run Output 279
indicated by green chain icon 63 data retention 23
AMP Message Queue 71 database tables 263
AMP message queue 71 debugging logs
Apache software copyright 285 Mac OS 277
AppDeploy Default Role 217
viewing live content 95 Delete a configuration 58, 61
AppDeploy Live 95 Dell Open Manage, with Dell Updates tab 138
enabling for your appliance 95 Dell Updates
appliance administration configuring the OpenManage catalog 140
overview 173 patching, compared 139
appliance agent logs 81 replication 137
appliance revision level 15 using to maintain your Dell systems 138
applying the server update 178 workflow 139
Auto Provisioning 49 deployments

Index
compared with updates 139 I

desktop settings importing KACE K1000 resources 97
desktop shortcuts wizard 162 inventory
desktops advanced search 77
settings enforcement 161 agent logs 81
wallpaper 161 computer notifications 78
desktops, remote computers 76
troubleshooting 161 computers detail page 79
detection computers, adding 81
inventory term used instead 139 computers, searching for 77
Digital Asset 87 creating smart labels 78
Disable a configuration 61 detection term used instead 139
disabling KACE K1000 links 33 overview 75, 76
disk logs service 92
understanding 183 software, managing 83
Distribution startup programs 90
Distributing Packages from the appliance 113 inventory tab
Distributing Packages through an Alternate using 75
Location 114 IP addresses
Types of Distribution Packages 112 scanning for 105
distributions monitor 10 IP scan 105
download location, alternate 114 creating 106
downloading backup files 175 overview 105
Duplicate a configuration 58 scheduling 105
IP scan inventory
E in the IP Scan chapter 76
E-mail Alerts 208 IP Scan Smart Label 108
Enable a configuration 61
enabling KACE K1000 appliances for K
switching between KACE K1000 consoles 33 K1000
environmental policies software deployment components 3
Mac OS 169 K1000 Agent Update
Windows 168 Update K1000 Agent Automatically 68
Event Log Reporter 162 KACE K1000
exporting appliance resources 97 components 1
exporting resources to other organizations 102 configuration settings 19
EZ GPO copyright 288 hardware specifications 2
installing 1
F server, setting up 3
file synchronizations 129 setting up 1
creating 129 KACE K1000 appliance linking
filters about 31
computers by organizational unit 79 configuring 31
data filters 220 KACE K1000 appliances
organization filter 224 linking 32
testing 224 KACE K1000 Modules 6
for computer inventory 78 KACE K1200
FreeBSD copyright 289 configuration 19
FTP KBScriptRunner 66
making backups writable 26 KNOPPIX copyright 293
KScripts
G about 144
getting started 1
L
H Label Groups 41
hardware Labels 94
inventory, creating 75 Label Groups 41
hardware specifications for KACE K1000 2 labels 35
Home component 8 Labels tab
overview 17, 35
LDAP
labels 17, 35

Index
labels, creating with the browser 189 Windows platform 116

LDAP Browser Wizard 191 ZIP example 123
LDAP Easy Search 190 Managed Operating Systems 12
LDAP Filters 187 managing your MIA inventory 93
licence compliance managing your processes inventory 88
configuring alerts 23 managing your service inventory 92
License Compliance 11 managing your software inventory 83
License Compliance Gauge 23 managing your startup program inventory 90
license compliance graph 11 manual backups 174
linking KACE K1000 appliances 32 manual deployment
disabling links 33 Linux Agent 272
enabling 32, 33 Mac OS agent 275
Linux Windows agent 269, 270, 271
manual deployment of KACE K1000 appliance agent Manual Deployment of KACE K1000 appliance
on 272 agent 269
log files Manual Provisioning 52
script 158 MIA
Log-in Script 59 inventory 93
logs MIA Computers 93
agent logs 81 MIA Settings 94
Microsoft Windows copyright 298
M MSI Installer policy 163
Mac OS 229
administering 229 N
distribution tab differences 230 network scan summary
examples of common deployments on 230 description 15
inventory tab differences 229 Network Settings 23
managed installation for 230 Network Utilities 34
patching tab differences 234 nodes
policies 169 check-in rate 10
power management 169
supported OSs 229 O
supported releases 46 Offline KScripts 144
VNC Settings for 170 Online KScripts 144
Mac OS nodes 276 alerting users with 149
checking into active directory 172 online shell scripts
debugging logs 277 about 145
manual agent version check 277 Open Manager
manual inventory check 277 Dell maintenance 138
manually removing agent 276 OpenSSL copyright 298
verifying agent 276 operating system requirements 46
Mac OS policies operating systems
enforce active directory settings 171 charted 12
Mac OS Users Organization File Shares 26
Distribution 230 organization filter 224
Inventory 229 Organizational Components 3
Patching 234 Organizational Filters 220
Macintosh 229 LDAP Filter 220
manual deployment of KACE K1000 appliance agent organizational filters
on 275 data filters 220
make FTP writable 26 Organizational Management 209
managed installation 115 upgrading KACE K1000 software with 16
managed installations Organizational Roles 217
EXE example 123 Organizations 209
Linux examples 124 organizations
Mac OS nodes 230 transferring KACE K1000 resources between 102
Macintosh examples 129 OVAL
MSI Example 120 information (description of field) 15
parameters 115
standard RPM Example 125
P
standard TAR.GZ Example 128
Windows examples 119 packages
enabled and disabled 14

Index
patching Run Now tab

Dell Updates, compared 139 using to run scripts 156
replicating language patches 136 running reports 199
replicating OS patches 136
updating patch definitions from KACE 179 S
path bulletin information Samba copyright 301
description 15 SAMBA share
PHP copyright 300 using to transfer resources between KACE K1000
policies appliances 97
configuration 159 scanning networks for IP addresses 105
Mac OS-based 169 scheduling IP scans 105
Windows-based, using 160 scripting
Port 443 27 adding steps to 235
Port 80 26 tasks you can automate 144
Power Management scripting component
windows 168 Search Logs 158
Windows configuration 168 scripting module
power management overview 143
Mac OS 169 scripts
retaining information about 23 adding 148
processes adding steps to 235
inventory, about 88 alerts with 149
Provisioned Configurations 58 duplicating 155
Provisioning Results 62 editing 154
provisioning results page 62 importing 154
log files 158
R online shell scripts 145
Redirecting computer(s) 225 reusing 155
Refiltering computer(s) 224 Run Now function 156
registry settings running as local admin 149
Windows, for 160 running as user 149
remote desktops running immediately 156
behavior 161 token replacement variables 147
replication Windows registry settings 160
copying schedules Windows-based policy Wizards 160
replication schedules searching for computers in your inventory 77
importing 137 searching for using computer notifications 78
Security Settings 25
Dell Updates 137
Sendmail copyright 306
language patches 136
servers
OS patches 136
tasks in progress 13
scheduling 137
service
stopping 137
inventory, managing 92
replication schedule 137
Service Desk
replication share 134
overview 2
details 138
session timeout
procedure to create 135
about 20
replication shares
resetting 20
deleting 137
setting up your KACE K1000 series 1
Report Wizard
setting up your KACE K1000 server 3
limitations 205
shell scripts 145
reports 199
single sign-on 33
overview 199
configuring 31
running 199, 200
enabling 32, 33
SQL, editing 205
Smart Labels
resources
creating 42
exporting 102
editing 43
transferring 97
IP Scan 108
restoring appliance settings 176
ordering 44
revision of KACE K1000 software 15
smart labels 35, 78
Run As feature 149
software
run as Wizards 160
inventory, creating 75
Run Now function 156

Index
statistics 14 users
un-installer 166 time limit on sessions 20
Software Asset 85 utility rebates
Software Deployment Components 3 Mac OS 169
software deployment components 3 Windows 168
software distribution summary 14
software inventory 83 V
software revision level 15 verifying minimum server version 177
Software Threat Level 11 viewing computer details by label 37
software threat level graph 11 VNC
SQL controlling on Mac OS X 170
editing 205 VNC settings
SSL Certificate File 27 Mac OS policies 170
SSL Certificate Wizard 28
start and stop the agent 276
W
Startup 90
startup Wake-on-LAN
inventory, managing 90 overview 132
statistics, computer 14 request, issuing 132
statistics, software 14 scheduling requests 133
Steps for Task sections 235 troubleshooting 133
support information wallpaper
AppDeploy 95 controlling 161
synchronizations, file 129 warranty Information 285
System Admin Console Users 215 Windows
system console 2 Automatic Update Settings 167
System requirements 46 configuring Power Management 168
manual deployment of KACE K1000 appliance agent
on 269, 270, 271
T Power Management 168
Tasks In Progress 13 Windows Debugging 182
time limit on open inactive user sessions 20 Windows operating system requirements 46
token replacement Windows policies 160
variables 147 enforce registry settings 160
transferring appliance resources between WinZip
organizations 102 compression levels 124
transferring resources
about 97
transferring resources between KACE K1000
appliances 97
troubleshooting
remote desktops 161
Wake-on-LAN 133
Troubleshooting Tools 33
troubleshooting your appliance 180
types of reports 199
U
UltraVNC Wizard 165
Unpacking the Appliance 4
updates
compared with deployments 139
Dell Updates and patching 139
updating OVAL definitions 180
updating the license key 178
upgrades, KACE K1000 16
upgrading your appliance 174
uploading files to restore settings 176
uploading large FTP files
troubleshooting 26
user alert messages
about 207
User Authentication 193

Index

K1000 AdminGuide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

K1000 AdminGuide

Uploaded by

Copyright:

Available Formats

K1000 Management Appliance

Revision Date: January 28, 2011

2: Configuring your Appliance 19

Administrator Guide, Version 5.2 i

To disable appliance links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3: Labels and Smart Labels 35

ii Administrator Guide, Version 5.2

Using the Provisioning Results Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

5: Managing Software and Hardware Inventories 75

Administrator Guide, Version 5.2 iii

To set threat level to a software item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

6: Importing and Exporting Appliance Resources 97

iv Administrator Guide, Version 5.2

7: Scanning for IP Addresses 105

8: Distributing Software from Your K1000 Management Appliance 111

Administrator Guide, Version 5.2 v

Preparing to create a replication share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

9: Using the Scripting Features 143

vi Administrator Guide, Version 5.2

UltraVNC Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

10: Maintaining Your K1000 Management Appliance 173

Administrator Guide, Version 5.2 vii

To download Dell KACE K1000 Management Appliance logs . . . . . . . . . . . . . . 181

11: LDAP 187

12: Running the K1000 Appliance Reports 199

13: Using Organizational Management 209

viii Administrator Guide, Version 5.2

To delete a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

A: Administering Mac OS Nodes 229

B: Adding Steps to a Script 235

C: Writing Custom Inventory Rules 241

Administrator Guide, Version 5.2 ix

Conditional rule reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

D: Database Tables 263

E: Manually Deploying Agents 269

x Administrator Guide, Version 5.2

To upgrade the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

F: Understanding the Daily Run 

G: Warranty, Licensing, and Support 285

Administrator Guide, Version 5.2 xi

xii Administrator Guide, Version 5.2

• About this guide, on page 1.

About this guide

About this chapter

Understanding the KACE K1000 Appliance

Administrator Guide, Version 5.2 1

1. Administrator Console—It is used by administrators to control the K1000

Hardware K1100 K1200

Form Factor 19 in 1U Rack mount chassis 19 in 1U Rack mount chassis

2 Administrator Guide, Version 5.2

Hardware K1100 K1200

Memory in Gigabyte (GB) 4 GB 8 GB

Software deployment components

• Managed Installations can be configured by the administrator to run silently or with

To set up your K1000 Management Appliance server

Administrator Guide, Version 5.2 3

Configuring network settings from the console

The appliance requires 5 to 10 minutes to start up for the first time.

3. At the login prompt, enter:

K1000 Server Enter the host name of the appliance.

4 Administrator Guide, Version 5.2

Logging in to the Administrative Console

Administrator Guide, Version 5.2 5