Professional Documents
Culture Documents
Welcome to version 4.3 of the KBOXTM 1000 Series appliance. This Administrator Guide is designed to
help you install, configure, use, and maintain your KBOX 1000 Series appliance. KACETM is dedicated to
customer success with our primary goal being your ability to quickly utilize your KBOX 1000 Series appli-
ance to save time and eliminate the tedious task of manual inventory, software, and desktop management.
If at any time you experience a problem, or have a question regarding your KBOX 1000 Series appliance,
please contact our support representatives for assistance.
Support Contact:
Company Contact:
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
KBOX Appliance Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Hardware Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
User Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Organizational Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Software Deployment Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Ch. 3 Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Computers Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Inventory Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Asset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Using Advanced Search for Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Creating Search Filters for Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
AppDeploySM Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Enabling AppDeploy Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Viewing AppDeploy Live content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Monitoring Out-Of-Reach Computers (MIA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Configuring the MIA Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Creating Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Viewing Computer Details by Label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Deleting labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Managing Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Monitoring licenses of a Software family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Generating Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Importing Asset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Ch. 5 IP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
IP Scan Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Viewing Scheduled Scans list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Creating an IP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Scan Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 iii
Creating a Managed Installation for Windows Platform . . . . . . . . . . . . . . . . . . . . . . . 107
Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Creating a Replication Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Viewing Replication Share Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Replication enhancements in the KBOX version 4.3 . . . . . . . . . . . . . . . . . . . . . . . . . . 130
iPhone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Setting up Administrative Access to iPhone Profile Management . . . . . . . . . . . . . . . . 131
Creating Configuration Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Adding an iPhone Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
To view or edit profile details: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Configuring Collection Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
iPhone Asset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Configuring iPhone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Creating and Editing Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Exporting Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 vii
Creating and Editing Organizational Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 viii
Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Examples of Common Deployments on Macintosh® . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Patching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
User Portal and Help Desk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Asset Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
AppDeploy Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
xi
How this Guide is Organized
This Administrator Guide contains detailed information about the KBOX 1000 Series Systems Management
appliance, and is intended for system administrators. This guide provides detailed step-by-step instructions
on deployment, configuration, and upgrades on the KBOX 1000 Series Systems Management Appliance.
This guide is organized into the following sections:
Orientation and Setup
Chapter 1,“Getting Started,” starting on page 1
Chapter 2,“Agent Provisioning,” starting on page 28
Chapter 3,“Inventory,” starting on page 54
Chapter 4,“Asset Management,” starting on page 86
Chapter 5,“IP Scan,” starting on page 96
Chapter 6,“Distribution,” starting on page 102
Configuration
Chapter 7,“Wake-on-LAN,” starting on page 139
Chapter 8,“Scripting,” starting on page 142
Chapter 9,“Patching,” starting on page 166
Chapter 10,“Security,” starting on page 178
Maintenance and Support
Chapter 11,“User Portal and Help Desk,” starting on page 193
Chapter 12,“Reporting,” starting on page 225
Chapter 13,“LDAP,” starting on page 242
Chapter 14,“KBOX Settings - System Admin,” starting on page 255
Chapter 15,“Organizations - System Admin,” starting on page 277
Chapter 16,“Server Maintenance - System Admin,” starting on page 293
Chapter 17,“Reporting - System Admin,” starting on page 307
Reference
Appendix A,“Macintosh® Users,” starting on page 322
Appendix B,“Adding Steps to a Task,” starting on page 330
Appendix C,“Database Tables,” starting on page 336
Appendix D,“Manual Deployment of the KBOX Agent,” starting on page 342
Appendix E,“Agent Customization,” starting on page 350
Appendix F,“Understanding the Daily Run Output,” starting on page 354
Appendix G,“Warranty, Licensing, and Support,” starting on page 360
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 xii
Conventions
The KBOX 1000 application and guide uses the following formatting conventions:
Format Description
Text in a blue box represents a note. A note can include configuration questions, specific
KBOX behavior, or instructions of additional importance.
Modules:
Click the module
names to view tabs
under it.
Tabs:
Displays the tabs
within the selected
module. Click the
tab to view its
contents.
Sub tabs:
Displays the sub
tabs within the
selected module.
Click to perform
tasks like Creating a
Filter, Creating a
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 xiii
Additional Resources
You can refer to the following resources to install, configure, and maintain the KBOX:
Silent Mode Installation Tips and Tricks - http://www.kace.com/support/customer/doc/
SilentInstallationWhitepaper.pdf
Installation and Scripting resources - http://www.kace.com/support/customer/
additional_resources.php
Tutorial Videos - http://www.kace.com/support/customer/training.php
Contact Kace Support if you do not have a user name and password to access these
resources.
Support
The KBOX 1000 Series pack includes software updates, telephone support, and access to an on-line
support portal, which includes:
Software and documentation - Software updates for all purchased KBOX components (Operating
System, Middleware and applications) and their upgrade information on www.kace.com/support
portal
Knowledge base of frequently asked questions
Details on the most common software package installation switches
Other IT management information - Information like white papers, video tutorials for configuring the
KBOX Server as per customer requirements, and others
1. Select KBOX Settings| Support or click on the modules toolbar. The KBOX Settings: KACE
Support page appears.
2. The Support page displays the following links:
KBOX Administrator Guide - Link to the KBOX 1000 Series Administrator Guide that includes
steps to install and operate KBOX 1000.
KACE Customer Support - Link to the KACE Support page on the KACE website. It displays
Updates, Video Tutorials, FAQs, Current News, and Customer Forums.
AppDeploy.com - Link to open the AppDeploySM website. AppDeploy is an Online community of IT
professionals sharing information about the deployment of thousands of applications.
New KACE Ticket - Link to the New KACE Support Ticket page. This page helps you to raise a
ticket, send a bug report, or submit a feature request.
View KACE Tickets - Link to the Tickets page on support.kace.com, where you can track your
ticket status.
Contact KACE - Link to the your default e-mail client to send an e-mail to support@kace.com.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 xiv
Troubleshooting Tools - Link opens the KBOX Support: Troubleshooting Tools page. This page
contains tools to help the KBOX administrators and KACE Technical Support to troubleshoot problems
with this KBOX. You can use Network Utilities to test various aspects of this KBOX's network
connectivity, see page xvi.
1. Select Settings | Support or click on the modules toolbar. The KBOX Settings: KACE
Support page appears.
2. Click New KACE Ticket. The New KACE Support Ticket page appears.
3. Enter the following details:
From Enter a valid e-mail address for creating the ticket. This is a mandatory field.
Name Enter name of the person who is creating the ticket. For example, Jim.
To A read-only field that displays the KACE support e-mail address.
CC Enter the e-mail address of a recipient, to send them a copy of the message.
Subject Enter the subject of the ticket to identify the problem addressed in the ticket.
Ticket Type Select the Ticket Type from the drop-down list. The Ticket Type list includes:
Help Request - Is selected for any issues regarding the KBOX Server
Feature Request - Is selected for additional features to enhance the
KBOX Server functionality
Bug Report - Is selected for bugs found in the KBOX Server and further
sending report to KACE Support
Impact Select the impact of the problem from this list:
Many people can't work
Many people inconvenienced
1 person can't work
1 person inconvenienced
Priority Select the priority from the drop-down list, which can be:
High - A ticket with this priority is responded on the same day
Medium - A ticket with this priority is responded within 24 hours
Low - A ticket with this priority is responded within 24 hours
Category Select the category of the ticket from the drop-down list. This selection helps
you to segregate the tickets based on the issue. For example, “Windows KBOX
Agent not functioning properly.”
Phone Number Enter the phone number on which the KACE support team can contact you.
Please Respond by Enter the method by which KACE should respond to this request. You can select
either e-mail or phone.
Steps to Reproduce Enter the steps you performed to discover this issue. This is a mandatory field.
Additional Details This is a read-only field that displays the KBOX 1000 Series Server Version,
Server Serial Number and the KBOX Model name.
You can use Network Utilities to test various aspects of the KBOX's network connectivity.
1. Select KBOX Settings | Support or click on the modules toolbar. The KBOX Settings:
KACE Support page appears.
2. Click Troubleshooting Tools. The Troubleshooting Tools page appears.
3. Click the [Edit Mode] link.
a Enter the IP Address in the text box, on which you want to execute a network command.
b Select the appropriate network command from the drop-down list. The commands are as follows:
Command Description
ping This command helps in determining IP addresses and issues with the network, and
assists in resolving them.
arp This command displays the arp information from network devices. (IP Address-MAC
Address)
dig This command performs DNS lookups and displays the answers that are returned from
queried name server(s).
ifconfig This command allows you to view information about the configured network interfaces
on the KBOX Server.
iostat This command monitors the KBOX Server's system input/output (I/O) device loading,
by observing the time the physical disks are active in relation to their average transfer
rates.
netstat This command displays the TCP/IP network protocol statistics and information for the
KBOX Server.
smbstatus This command lists the current Samba connections to the KBOX Server.
top This command displays system summary information and a list of tasks currently
managed on the KBOX Server.
email sending This command tests if the KBOX server can send e-mail to the specified recipient(s).
services This command lists the various services running on KBOX Server and their status.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 xvi
To view details on KBOX Agent Messaging, click the “tasks” link in “See status of KBOX Agent
tasks” under KBOX Agent Messaging. For more details, see section “KBOX Agent Tasks,” on
page 43.
Click the “message queue” link in “See list of pending communications in the KBOX Agent message
queue”. For more details, see section “AMP Message Queue,” on page 51.
Select the Enable Tether check box under KACE Support Tether to allow KACE Technical Support
access to your KBOX.
KACE Support sends a tether key to the user when they observe issues such as, Admin cannot login,
Database getting corrupted, and others in the KBOX Server. This tether key, when uploaded, creates
a secure connection with the user’s KBOX and enables KACE Support to access the affected KBOX
Server at the user interface and SSH level.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 xvii
KACE Professional Services
KACE professional services are delivered by KACE partners or KACE engineers, tailored to match your
specific needs, and improve your organization's IT efficiency, compliance, and security. Some common
KBOX 1000 Series services include the following:
1. Leverage more functionality of your KACE appliances - KACE has created a collection of the
most requested services offerings using the knowledge gained from hundreds of the KBOX
deployments. This service is designed to help you leverage all the sophisticated functionality of your
KBOX.
2. Optimize your interactions with KACE experts - This service compliments your JumpStart
training, and provides more in depth instructions related to specific capabilities of your KBOX and
associated modules.
3. Obtain quick and economical practical functionalities - This service helps you in implementing
the KBOX features quickly and economically.
4. Help Desk Configuration Offering - This service is designed to offer detailed guidance in
implementing the following:
a Ticket Assignment Workflow
b Ticket Escalation Workflow
c Ticket Notification Workflow
d Custom Field Creation
e Custom Ticket Reporting
5. Scripting for Advanced Deployment Offering - This service provides expert assistance in creating
managed deployments using:
a Custom Script Creation
b Advanced Managed Installs
c Advanced Inventory Tracking
6. Customer Report Offering - This service provides customized KBOX reports created as per your
requirements:
a Custom Inventory Reporting
b Custom Asset Reporting
c Custom Deployment Reporting
d Any Custom Reporting
7. JumpStart Refresher - This service is designed for a new administrator taking over an existing KBOX
configuration. It is a condensed version of our standard Jump Start and includes:
a Review Existing KBOX Configuration Settings
b Review Agent Deployment
c Review Software Packaging and Deployment
d Review Script Creation
e Reviewing Patching
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 xviii
To learn more about professional services, refer Professional Services and contact your Kace account
manager.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 xix
C H A P T E R 1
Getting Started
“Introduction,” on page 2
“Setting Up the KBOX Server,” on page 4
“Setting Up KBOX Agent,” on page 14
“Alternative Options to Deploy KBOX Agents,” on page 15
“Key Configuration Settings,” on page 16
“Configuring General Settings for the Server,” on page 16
“Configuring Network Settings for the Server,” on page 19
“Configuring Security Settings for the Server,” on page 21
“Configuring AMP Settings for the Server,” on page 24
“Configuring Date & Time Settings of the KBOX Server,” on page 26
1
Introduction
This section provides an introduction to your KBOX 1000 Series Systems Management Appliance and an
overview of the total system management workflow.
This section also lists the basic administrative procedures and the best practices for system management.
Hardware Specifications
The KBOX 1000 Series Systems Management Appliance includes high-performance server with the
following hardware configuration:
CPU in Gigahertz (GHz) 2 Xeon Quad Core (2 GHz) 2 Xeon Quad Core (2 GHz)
Memory in Gigabyte (GB) 2 GB 4 GB
Ethernet Ports Dual Gigabit Ethernet Ports Dual Gigabit Ethernet Ports
Redundant Disk Array RAID 1 configuration RAID 5 configuration
Hard Drives 3 X 250 GB SATA 3 X 147 GB SAS
7.2K RPM hot-swappable 15K RPM & 500 GB SATA
7.2K RPM hot-swappable
User Interfaces
The KBOX 1000 Series solution is comprised of the following primary user interfaces accessed by the
system administrators:
System Console—It is designed primarily to enforce the policies across the organizations. It is
accessible by browsing to http://kbox/system.
Administrator Console—It is a web-based interface to access and direct the functionality and
capabilities within your organizations. It is accessible by browsing to http://kbox/admin. The
administrator console supports five primary modules:
Organizational Components
The KBOX 1000 Series supports a flexible data model for managing computers, software, users, and
license keys:
LDAP Support—The KBOX 1000 Series enables you to automatically discover information via the KBOX
Agent or to interface with Active Directory or LDAP organizational units.
Filters—The KBOX 1000 Series provides filters that enable you to apply labels to users and computers
by saving searches on inventory data or LDAP servers. They work much like Search Folders in Outlook,
or Smart Folders in Mac OS X.
Labels—The KBOX 1000 Series offer advanced labeling capabilities that put ad-hoc organizational
capabilities in the hands of the software administrator. You can apply labels either dynamically or
manually. For more information on how to manually apply labels, Refer to Chapter 3,“Adding Computers
to Inventory,” starting on page 65.
Dynamic labelling is also referred as "Filters" on either LDAP data sources or computer inventory. For
more information on how to dynamically apply labels, Refer to Chapter 3,“Creating Search Filters for
Computer Inventory,” starting on page 56.
KBOX Server It is recommended that you add a static IP entry for “kbox” to kbox
(DNS) Hostname your DNS, and use the default Hostname and Web Server
Name. The fully-qualified domain name of the KBOX on your
Web Server kbox
network is the value of Hostname concatenated with Domain
Name
(for example, kbox.kace.com). Clients will connect to KBOX
using the Web Server Name, which can be the hostname, fully-
qualified domain name, or IP address (for example, kbox).
Static IP Address Enter the IP address of the KBOX Server. 192.168.2.100
Domain Enter the domain that the KBOX is situated on. corp.kace.com
Subnet mask Enter your subnet mask. 255.255.255.0
Default gateway Enter the network gateway for the KBOX Server. 192.168.2.1
Primary DNS Enter the IP address of the primary DNS server the KBOX 192.168.2.209
should use to resolve hostnames.
It is recommended that you change the password after your first login. For more
information on how to change the password, Refer to Chapter 11,“Managing
Users,” starting on page 199.
The modules are illustrated above and the tabs are as follows:
Admin Console:
1. Home
Summary
Search
2. Inventory
Computers
Software
Processes
Startup
Service
IP Scan
MIA
Label
3. Virtual Kontainers (KBOX Virtual Kontainers module license)
Management
Deployment
Creation
4. Asset (KBOX Asset Management module license)
Assets
Asset Types
Asset Import
Metering
5. Distribution
Managed Installations
File Synchronization
System Console:
1. Home
Summary
2. KBOX Settings
Control Panel
Logs
Server Maintenance
Support
3. Reports
Reports
Schedule Reports
4. Organizations
Organizations
Roles
Filters
Computers
The number of machines displayed on the Y axis automatically adjust if the number of
machines found on a particular threat level increase beyond 12.
Clients Connected
Displays the percentage of clients connected to the server.
Tasks in Progress
Displays the total number of tasks in progress on server.
As this page is refreshed, the record count information is refreshed. The new KBOX
installations contain mostly zero or no record counts.
Computer Statistics
Provides a summary of the computers on your network, including a breakdown of the operating systems in
use. In addition, if the number of computers on your network exceeds the number allowed by your KBOX
license key, you are notified of it here.
Software Statistics
Provides a summary of the software in KBOX Inventory. The summary the number of software titles that
have been uploaded to the KBOX.
Alert Summary
Provides a summary of the alerts that have been distributed to the computers on your network, separated
by message type. This also indicates the number of alerts that are active and expired.
The IT Advisory refers to the number of Knowledge Base Articles in Help Desk.
OVAL Information
Provides a summary of the OVAL definitions received and the number of vulnerabilities detected on your
network. The summary includes the date and time of the last OVAL download (successful and attempted)
and the number of OVAL tests in the KBOX, in addition to the numbers of computers that have been
scanned.
Global Search
The Search tab in Home module displays the search results of the text typed in Global Search. You can
refine the results by entering a keyword and selecting an criteria from All Items drop-down list to search
in. Click the links displayed to go to the appropriate topic.
1. Go to http://kbox/admin in your web browser to open the KBOX Management Center webpage.
2. Click Settings | Control Panel.
3. Click General Settings. The KBOX Settings: General page appears.
4. Modify the Samba Share Settings. For more information on how to modify samba share settings, Refer
to “Configuring General Settings for the Server,” on page 16.
1. Go to http://kbox/admin in your web browser to open the KBOX Management Center webpage.
2. Click Settings | KBOX Agent.
3. Click Provisioned Configurations. The Provisioned Configurations page appears.
4. Select Create New Configuration from the Choose action drop-down list. The Provisioning Setup
page appears. For detailed information on all of the available options and instructions, Refer to Chapter
2,“Agent Provisioning,” starting on page 28.
5. Under Windows Platform Provisioning Settings, select the Provision this platform check box.
6. Enter appropriate values in the relevant fields.
7. Click Save to save the new configuration.
1. Go to http://kbox/admin in your web browser to open the KBOX Management Center webpage.
2. Click Settings | KBOX Agent.
3. Click Provisioned Configurations. The Provisioned Configurations page appears.
4. Select Create New Configuration from the Choose action drop-down list. The Provisioning Setup
page appears. Refer to Chapter 2,“Agent Provisioning,” starting on page 28 for details on all the
available options and instructions.
1. Select the check box next to your Provisioning Configuration, and then select Run Select
Configuration(s) Now in the Choose action drop-down list.
2. The machine that you have selected to receive agent is displayed. Click the Refresh button at the
bottom of the page, the status in DNS Lookup column is updated from (unknown) to In
progress… After the installation is completed the status displays the IP address or hostname of the
machine that you selected.
1. After the installation is completed, the new KBOX Agent instantly checks into KBOX Server and
provides the inventory information about the machine and its software to the KBOX Server.
2. Click Inventory at the top of KBOX Management Center webpage to view the list of machines checked
into the KBOX Server. The hostname of machines are listed in the order of the checking in time.
Ensure that you have enabled the file share to access this folder.
You can use the following methods to install the KBOX Agent:
E-mail:
An e-mail notification can be sent to your users either containing either:
Install file
Link to the KBOX 1000 Series
Other Web location to retrieve the required installation file
Users can click on the link and install the appropriate file.
Organization Name Enter the name of your organization. For example, KACE Headquarters.
Company-Institution Enter the name of your company. This name appears in every pop-up
Name window or alerts displayed to your users. For example, KACE.
User Email Suffix Enter the domain to which your users send e-mail. For example, kace.com.
User Portal (.jpg) Displayed at the top of the User Portal page.
224x50 pixels is the normal size.
104x50 pixels is shorter and doesn't clip the blue highlight around the
'Log Out' link
300x75 pixels is maximum size that does not impact the layout
Report (.jpg) Displayed at the top of reports generated by the KBOX 1000 Series for this
organization. Upload any .jpg file to display the customized logo for the
reports of this Organization. If .jpg file is not uploaded, then the reports of
this organization display the logo uploaded in System UI, under Custom
Report Logo field in General Settings.
The report image dimensions are 120x32 pixels, this is specified in the auto-
generated XML layout. You can adjust the xml report if you need a different
layout size.
KBOXClient (.bmp) Displayed in the KBOX Agent.
The client bmp image is scaled to 20x20 pixels only and cannot be customized
to any other size. It is displayed on snooze pop-ups, install progress pop-ups,
alerts, and message windows created by scripts
The splash screen logo displayed at boot and login is currently not customizable.
Most actions in the Action Icon drop-down list require you to install additional
software for them to function. For example, using TightVNC requires you to install
TightVNC on your machine as well as on the machine you want to access.
Click Action #1 or Action #2 next to the target machine on the Inventory | Computers tab to
execute the Machine Action.
8. In the Optional Ignore Client IP Settings section, enter IP addresses you would like ignored as the
client IP and then click Save List. This might be appropriate in cases where multiple machines could
report themselves with the same IP address, like a proxy address.
Any changes made to the Network settings on this page forces the KBOX to reboot after
saving. Total reboot downtime should be 1 to 2 minutes provided that the changes
result in a valid configuration.
KBOX Server (DNS) We recommend adding a static IP entry for “kbox” to your DNS, and using the
Hostname default Hostname and Web Server Name. The fully-qualified domain name of
the KBOX on your network is the value of Hostname concatenated with
KBOX Web Server
Domain.
Name
For example, kbox.kace.com.
The clients will connect to KBOX using the Web Server Name, which can be
the hostname, fully-qualified domain name, or IP address.
For example, kbox.
Static IP Address The IP address of the KBOX server.
Note: Be extremely careful when changing this setting. If the IP address is
entered incorrectly, Refer to the KBOX console and use the konfig login to
correct it.
Domain The domain that the KBOX is on. The default value is corp.kace.com
Subnet mask The domain that the KBOX is on. The default value is 255.255.255.0
Default gateway Your default gateway.
Primary DNS The primary DNS server the KBOX should use to resolve hostnames.
Secondary DNS The secondary DNS server the KBOX should use to resolve hostnames. This is
an optional setting.
Network Speed Your network speed. The network speed setting should match the setting of
your local LAN switch. When set to auto negotiate the system automatically
determines the best value. This requires the switch to support auto-negotiate.
Otherwise contact your network administrator for the exact setting to be
used.
The KBOX supports a proxy server that requires realm-based authentication. The proxy server prompts
you to enter the user name and password to authenticate the proxy settings as shown in the following
figure.
If your proxy server uses any other kind of authentication you must add the IP address
of the KBOX on the exception list of the proxy server.
443 SSL
3306 To access KBOX database
8080 Connects directly to Tomcat
8443 Connects directly to Tomcat
52230 For KBOX Agent(s) to connect to the KBOX SERVER via AMP
If you make any changes to the Security Settings, restart the KBOX for them to take
effect.
1. Select KBOX Settings | Control Panel. The KBOX Settings: Control Panel page appears..
2. Click Security Settings. The KBOX Security Settings page appears.
3. Click [Edit Mode] to edit the security settings fields.
4. In the General Security Settings area, specify the following security settings:
SSH Enabled Select this check box if you want to permit someone to login to the
KBOX via SSH.
Enable backup via ftp Select this check box if you want to enable backup via ftp. The KBOX
creates a backup of the database and the files stored on it, daily. By
default, these files can be accessed by you via a read-only ftp server. If
you do not need this feature and want to disable the FTP server, clear
this check box.Refer to Chapter 16,“To access the backup files through
ftp:,” starting on page 295.
Secure backup files Select this check box if you want to prevent users from accessing the
KBOX backup files without logging on to the KBOX.
Note: Even if the Secure backup files check box is not selected, you
can still access the KBOX backup files. You can do this by entering the
full URL in the browser without logging on to KBOX.
Enable Organization File Select this check box if you want to allow each organization to leverage
Shares the KBOX's client share as an install location for the client.
The KBOX has a built-in windows file server that can be used by the
provisioning service to assist in distributing the KBOX Client on your
network. KACE recommends that this file server only be enabled when
performing client software installs.
Require NTLMv2 on KBOX Select this check box if you want to allow NTLMv2 authentication for the
File Shares KBOX files shares. When you enable this option, the clients connecting
to the KBOX File Shares require support for NTLMv2 and have to
authenticate to the KBOX using NTLMv2. Enabling this option disables
"lanman auth" and "ntlm auth" on the samba server.
Note: NTLMv2 is more secure than NTLM and LANMAN, but non-
NTLMv2 configurations are more common, and this option is usually
turned off.
Require NTLMv2 on KBOX Certain functions on the KBOX are supported via samba client functions
Samba Client Usage (e.g. Agent Provisioning). Select this check box if you want to force
these functions to authenticate to off-board network file shares using
NTLMv2. Enabling this option enables the "client ntlmv2 auth" option on
samba client functions.
Note: NTLMv2 is more secure than NTLM and LANMAN, but non-
NTLMv2 configurations are more common, and this option is usually
turned off.
6. In the Optional SSL Settings area, specify the following settings, if required:
Enable port 80 access When you activate SSL, port 80 continues to be active, unless Enable
port 80 access check box is unchecked. By default, the standard
KBOX Agent installers attempt to contact the KBOX via port 80, and
then switch to SSL over port 443, after getting the server configuration.
If you disable port 80, you need to contact KACE Support to adjust the
agent deployment scripts to handle SSL. For ease of agent deployment,
leave port 80 active.
If you have your own SSL certificate and SSL private key, click [Edit
Mode] to edit the field values. In the Set SSL Private Key File field,
browse to the SSL Private Key file and browse to the signed SSL Certifi-
cate, in the Set SSL Certificate File field.
Note: Once you switch over to SSL, this is a one-way automatic shift
for the clients. The clients need to be reconfigured manually, if you later
decide not to use SSL.
7. Click Set Security Options, to save the changes and reboot the KBOX.
8. In the Download New Patch Definitions area, click [Edit Mode] to edit the fields and specify as
follows:
Download on the nth of every Select to download the patches on the specified time on the 1st,
month/specific month at HH:MM 2nd or any other date of every month or only the selected
AM/PM month.
9. In the Stop Download Of Patch Definitions area, click [Edit Mode] to edit the field values and
specify the following:
Allow download of patch defini- Select to allow download of the patch definitions to complete.
tions to complete
Stop patch download process by Select to stop the download the patches at the specified time.
at HH:MM AM/PM
10. Click Set Patching Options, to save the changes and reboot the KBOX.
To enable SSL, you need the correct SSL Private Key file and a signed SSL Certificate. If
your private key has a password it will prevent the KBOX from restarting automatically.
Contact KACE support if you have this issue.
1. Select KBOX Settings | Control Panel. The KBOX Settings: Control Panel page appears.
2. Click Security Settings. The KBOX Security Settings page appears.
3. Click SSL Certificate Wizard. The KBOX Advanced SSL Settings page appears.
4. Click [Edit Mode] to edit the fields and specify the following:
5. Click Set CSR Options. Your Certificate Signing Request is displayed in the field below the Set CSR
Options button. You need to copy the text between the lines “-----BEGIN CERTIFICATE REQUEST-----
and -----END CERTIFICATE REQUEST-----” along with these lines, and then send it to the person who
provides your company with web server certificates.
6. Your Private Key is displayed under Private Key field. It will be deployed to the KBOX when you
upload a valid certificate and subsequently click Deploy.
Do not send the private key to anyone. It is displayed here in case you want to deploy
this certificate to another web server.
Click Create Self Signed Certificate and for Deploy to be displayed.
7. Click Create Self Signed Certificate. The SSL certificate is generated. This certificate will not be
accepted by any of the KBOX clients until it is added into the trusted certificate database on every
machine running the KBOX client.
8. Click Deploy to deploy the certificates and turn on SSL on the KBOX. Click OK to reboot the KBOX.
In order for the KBOX SERVER to accept connections via AMP it must have the AMP
Protocol Port 52230 open and available INBOUND to the KBOX IP ADDRESS. (i.e.
the KBOX SERVER must be able to accept connections through this port number
INBOUND without restriction from an INBOUND filter/firewall.)
Example of an INBOUND restriction:
“A NAT Firewall such as Cisco or SonicWall blocking INBOUND port 52230 to the
KBOX IP ADDRESS.”
Allow inbound Protocol Port 52230 to the KBOX SERVER.
This can be allowed through a One-to-One Inbound NAT Policy.
Note: If you change the default AMP Port of 52230 you must update the
ALLOWED OUTBOUND/INBOUND port on your filter/firewall.
Enable Server Select this check box to enable different levels of "server" debug/logging to the
Debug server's log file.
4. Click Save and Restart to the save the settings and restart the AMP Server.
5. You can click Restart to restart the AMP server without saving the settings.
When you update the time zone, the KBOX Server restarts and reflects the date and
time settings. Active connections may be dropped during the restart of the KBOX
Server. After saving the changes, the KBOX Date & Time Settings page will
automatically refresh after 15 seconds.
Last Updated The date and time when the settings were last updated. It is a read-only field.
Current Time The current date and time. It is a read-only field.
Time Zone Select the appropriate time zone from the drop-down list.
Automatically syn- Select this check box to automatically synchronize the KBOX time with an
chronize with an Internet Time Server.
Internet time Enter the time server in the text box. For example, time.kace.com
server
Set the clock on Select this check box to manually set the KBOX clock.
the KBOX manually Select the appropriate time and date from the drop-down lists.
Agent Provisioning
28
Overview of Agent Provisioning
KBOX Agent Provisioning helps you to easily deploy the KBOX Agent software on your network. You can
deploy the agent on multiple machines simultaneously by creating a configuration that identifies a range of
IPs to target. The procedure for Agent Provisioning varies for Windows and non-Windows operating
systems. A provisioning configuration identifies one or more IP addresses for the first time deployment or
removal of the KBOX Agent. The target IP address is tested for the existence of an agent and if the agent
is not detected, then it will remotely install the agent directly from the KBOX.
The provisioning installers are located on the KBOX in the following network share:
\\KBOX\client\agent_provisioning
Here "KBOX" represents the hostname of your KBOX.
The provisioning files are located in their respective "platform" subdirectories (for example, Windows files
located in the "windows_platform" directory).
IMPORTANT: To activate the provisioning functionality you must enable KBOX's file share via the
Network Settings Page. For Windows platform installations, the following configuration settings are
required:
Turn off 'Simple File Sharing'. KBOX Provisioning requires standard file sharing with its associated
security model. Having "Simple File Sharing" enabled could cause a "LOGON FAILURE" as simple file
sharing does not support administrative file shares and associated access security.
If Windows Firewall is turned ON, "File and Print Sharing" must be enabled in the Exceptions list of the
Firewall Configuration.
Microsoft Windows KBOX agents of version 3.0 or later will work with .NET Framework 2.0.
By default the KBOX will verify the availability of ports 139 and 445 on each target machine before
attempting to execute any remote installation procedures.
All Windows platforms require Microsoft Internet Explorer 5.01 or greater and Microsoft .NET Framework
1.1/2.0, 90 MHz or faster processor, and 128 MB RAM & 10MB free disk space (minimum).
Macintosh®:
Mac OS X 10.3 PowerPC
Mac OS X 10.4 Intel and PowerPC
Mac OS X 10.5 Intel and PowerPC
Solaris:
The KBOX Agent 4.3 does not support Solaris. The last client build supported is 4.1.15780.
Upgrades supported:
Supports upgrading from KBOX Client 3.3, 4.0, 4.1, 4.2 GA builds to 4.3
Advanced Provisioning
You can choose between Auto Provisioning, Manual Provisioning by IP, or Manual Provisioning by
Hostnames for provisioning.
Auto Provisioning allows you to provide target IP Range for Provisioning.
Manual Provisioning by IP allows you to specify IP addresses manually and also pick up machines from
IP Scan and Inventory.
Manual Provisioning by Hostnames allows you to enter hostnames manually.
Config Friendly Name Enter a name for your agent provisioning configuration. Use a specific
configuration name, to differentiate between two configurations.
Provisioning IP Range Enter IP or IP range. Use hyphens to specify individual IP class ranges.
For example:
192 168 2-5 1-200.
Configuration Enabled Select the check box to enable the configuration and run scheduled
configurations.
KBOX Server Name This field, by default, displays the name of the KBOX Server. Update this field
if you have multiple KBOX servers. Enter the name of the server where you
wish to install the agent from.
KBOX Client Share The share folder name in KBOX, where the KBOX Agents are located.
Name
DNS Lookup Enabled Select the check box to enable DNS lookup.
Name Server for By default, the field displays KBOX’s primary DNS Server mentioned under
Lookup Network Settings. You can change the default DNS Server to the required
one and also specify the hostname or IP address.
Lookup Time Out Enter the time period in seconds, after which a DNS lookup will time out.
Provision this platform Select the check box to enable provisioning on Windows platform.
KBOX Agent Version This field displays the KBOX Agent Version number. This is a read-only
field.
Agent Identification Port The agent identification port is the default port currently in use by the
agents and indicates that you should not install the agent again. By
default that port number is 52230. If you are using a different port
number for this, you can change the port number listed here.
Required open TCP Ports Enter the list of required open TCP ports separated by commas. These are
the ports KBOX uses to access the target machine for installation of the
KBOX Agent.
Port Scan Time Out Enter time period in seconds, during which KBOX scans the port for
response.
Bypass Port checks Select the check box to avoid port checks while KBOX installs the agent.
Enable Debug Info Select the check box to view debug information in the machine’s provi-
sioning results.
Install .NET 1.1 on x64 Select the check box to install .NET 1.1 on a 64-bit system prior to KBOX
Systems agent installation. The KBOX Agent setup fails, if .NET 1.1 is not available
on the 64-bit system.
Remove KBOX Agent Select the check box to reverse the logic of the provisioning configuration.
Hence, you are using provisioning configuration, to remove the KBOX
agent from machines rather than installing it. This overrides any current
provisioning activity.
Remove Config.xml file Select the check box to remove the Config.xml file while removing the
Agent.
The Config.xml file contains the KBOX name and other server configura-
tions that the target machine checks into.
For example:
If you are using multiple KBOX servers and you remove a KBOX Agent ‘A1’
that was checking into the KBOX server ‘A1’, you do not remove the Con-
fig.xml file.
You then reinstall the KBOX Agent ‘B1’, which was checking into the KBOX
server ‘B1’. This new agent continues to check into the KBOX server ‘A1’ as
you have not removed the Config.xml file. Thus it is advisable to remove
the Config.xml file.
Note: If you want to save your configurations for future use do not
remove the Config.xml file.
6. Enter the following details under Windows Network Administrative Credentials section, if the
target machine(s) operate on the Windows platform:
Domain (or Workgroup) Enter the domain or workgroup name associated with the login credentials
you enter below.
User Name (admin level) Enter a user name with the necessary privileges to install the agent on the
targeted machines.
7. Enter the following details under Unix (Linux, MacOSX, Solaris) Platform Provisioning Settings
section, if the target machine(s) operate on the Linux, Macintosh®, or Solaris platform:
Provision this platform Select the check box to enable provisioning on Linux, Macintosh®, or
Solaris platform.
Required open TCP Ports Enter the list of required open TCP ports separated by commas. These are
the ports KBOX uses to access the target machine for installation of the
KBOX Agent.
Port Scan Time Out Enter a time period in seconds. Port scan time out indicates the time for
which the KBOX will scan the port for response.
Bypass Port Checks Select the check box to avoid port checks. This indicates that the KBOX
tries the installation, without checking ports.
Remove KBOX Agent Select the check box to reverse the logic of the provisioning configuration.
Hence, you are using provisioning configuration, to remove the KBOX
agent from machines rather than installing it. This overrides any current
provisioning activity.
Remove /var/kace/ files The kace folder has two sub folders, SMMP and kagentd.
The SMMP folder has 4 files; SMMP.conf, agent.log, pid, and pluginRun-
Process.log.
The kagentd folder has 3 files; KBOX_LOG.txt, kbot_config.yaml, and
kuid.txt.
Select the check box to remove the complete ‘kace’ folder. If the check box
is not selected /var/kace/kagentd/kuid.txt file is left behind.
8. Enter the following details under Network Root Credentials section, if the target machine(s) operate
on the Linux or Macintosh® platform:
User Name Under Network Root Credentials for the appropriate platform, enter a
user name that has the necessary privileges to install the agent on the
targeted machines.
Password Enter the password for the account listed above.
KBOX Agent Version This is a read-only field that displays the KBOX Agent version number.
9. Select the appropriate check box under the Scheduling area, and schedule to run the configuration:
Don’t Run on a Schedule Select when you do not want to run the provisioning
configuration on a schedule.
Run Every n minutes/hours Select to run the provisioning configuration at the specified time.
Run Every day/specific day at Select to run the provisioning configuration on specified day at
HH:MM AM/PM the specified time.
Run on the nth of every month/ Select to run the provisioning configuration on the specified time
specific month at HH:MM AM/PM on the 1st, 2nd, or any other date of every month or only the
selected month.
By choosing a regular schedule, the KBOX periodically checks machines in the specified IP range to
make sure that they have the KBOX Agent, and install/reinstall/uninstall as required.
Config Friendly Enter a name for your agent provisioning configuration. Use a specific
Name configuration name, to differentiate between two configurations.
Target IPs Enter the IP address of the target machine or click Help me pick
machines.
Note: Multiple IP addresses should be comma-separated.
Click Help me pick machines to enable following:
Provisioning IP Enter IP or IP range. Use hyphens to specify individual IP
Range class ranges.
For example:
192 168 2-5 1-200.
Click Add All to add all the IP addresses displayed in the
list.
IP Scan Select a machine from the IP Scan Computers drop-down
Computer list, to add to the Target IPs list. This list is populated from
the Network Scan Results. You can filter the list by entering
any filter options.
Click Add All to add all machines displayed in the list.
Inventory Select a machine from Inventory Computers drop-down
Computers list, to add to the Target IPs list. This list contains all the
computers in the inventory. You can filter the list by
entering any filter options.
Click Add All to add all machines displayed in the list.
Configuration Select the check box to enable the configuration.
Enabled Note: Scheduled configurations will run only if this check box is selected.
KBOX Server This field, by default, displays the name of the KBOX Server. Update this field
Name if you have multiple KBOX servers. Enter the name of the server where you
wish to install the agent from.
KBOX Client Share The share folder name on the KBOX, where the KBOX Agents are located.
Name
5. Enter the following details under Windows Platform Provisioning Settings section, if the target
machine(s) operate on the Windows platform:
Provision this platform Select the check box to enable provisioning on Windows platform.
KBOX Agent Version This field displays the KBOX Agent version number.
Agent Identification Port The agent identification port is a port that installed agents would already
have open and in use, indicating that you should not install the agent
again. By default that port number is 52230. If you are using a different
port number for this, you can change the port number listed here.
Required open TCP Ports Enter the list of required open TCP ports separated by commas. These are
the ports KBOX uses to access the target machine for installation of the
KBOX Agent.
Port Scan Time Out Enter a time period in seconds. Port scan time out indicates the time for
which the KBOX will scan the port for response.
Bypass Port checks Select the check box to avoid port checks. This indicates that the KBOX
tries the installation, without checking ports.
Enable Debug Info Select the check box to enable debug info. By enabling this check box
more debug info will be displayed in the machine’s provisioning results.
Install .NET 1.1 on x64 Select the check box to install .NET 1.1 on a 64-bit system prior to KBOX
Systems agent installation. The KBOX Agent setup fails, if .NET 1.1 is not available
on the 64-bit system.
Remove KBOX Agent Select the check box to reverse the logic of the provisioning configuration.
Hence, you are using provisioning configuration, to remove the KBOX
agent from machines rather than installing it. This overrides any current
provisioning activity.
Remove Config.xml file Select the check box to remove the Config.xml file while removing the
Agent.
The Config.xml file contains the KBOX name and other server
configurations that the target machine checks into.
For example:
If you are using multiple KBOX servers and you remove a KBOX Agent ‘A1’
that was checking into the KBOX server ‘A1, you do not remove the
Config.xml file.
You then reinstall the KBOX Agent ‘B1’, which was checking into the KBOX
server ‘B1’. This new agent continues to check into the KBOX server ‘A1’ as
you have not removed the Config.xml file. Thus it is advisable to remove
the Config.xml file.
Note: If you want to save your configurations for future use do not
remove the Config.xml file.
Domain (or Workgroup) Enter the domain or workgroup name associated with the login credentials
you enter below.
User Name (admin level) Enter a user name with the necessary privileges to install the agent on the
targeted machines.
Password Enter the password for the account listed above.
7. Enter the following details under Unix (Linux, MacOSX, Solaris) Platform Provisioning Settings
section, if the target machine(s) operate on the Linux, Macintosh®, or Solaris platform:
Provision this platform Select the check box to enable provisioning on Linux, Macintosh®, or
Solaris platform.
Required open TCP Ports Enter the list of required open TCP ports separated by commas. These are
the ports KBOX uses to access the target machine for installation of the
KBOX Agent.
Port Scan Time Out Enter a time period in seconds. Port scan time out indicates the time for
which the KBOX will scan the port for response.
Bypass Port checks Select the check box to avoid port checks. This indicates that the KBOX
tries the installation, without checking ports.
Remove KBOX Agent Select the check box to reverse the logic of the provisioning configuration.
Thus, you are using provisioning configuration, to remove the KBOX agent
from machines rather than installing it. This overrides any current
provisioning activity.
Remove /var/kace/ files The kace folder has two sub folders, SMMP and kagentd.
The SMMP folder has 4 files; SMMP.conf, agent.log, pid, and pluginRun-
Process.log.
The kagentd folder has 3 files; KBOX_LOG.txt, kbot_config.yaml, and
kuid.txt.
Select the check box to remove the complete ‘kace’ folder. If the check
box is not selected /var/kace/kagentd/kuid.txt file is left behind.
8. Enter the following details under Network Root Credentials section, if the target machine(s) operate
on the Linux or Macintosh® platform:
User Name Under Network Root Credentials for the appropriate platform, enter a
user name that has the necessary privileges to install the agent on the
targeted machines.
Password Enter the password for the account listed above.
KBOX Agent Version This is a read-only field that displays the KBOX Agent version number.
Don’t Run on a Schedule Select when you do not want to run the provisioning
configuration on a schedule.
Run Every n minutes/hours Select to run the provisioning configuration at the specified time.
Run Every day/specific day at Select to run the provisioning configuration on specified day at
HH:MM AM/PM the specified time.
Run on the nth of every month/ Select to run the provisioning configuration on the specified time
specific month at HH:MM AM/PM on the 1st, 2nd, or any other date of every month or only the
selected month.
By choosing a regular schedule, the KBOX periodically checks machines in the specified IP range to
make sure that they have the KBOX Agent, and install/reinstall/uninstall as required.
10. Click Save to save the provisioned configuration. The Provisioned Configurations page appears.
The provisioned configuration you just created, appears in the list of configurations.
11. Click the saved provisioned configuration. The Advanced Provisioning page appears.
12. You can edit this provisioned configuration. Click Run Now to save the changes and instantly run the
current configuration against the defined IP range. To cancel the configuration, click Cancel.
Config Friendly Name Enter a name for your agent provisioning configuration. Use a specific
configuration name, to differentiate between two configurations.
Target Hostnames Enter the hostname(s) of the target machine.
Note: Multiple host names should be comma-separated.
Configuration Enabled Select the check box to enable the configuration.
Note: Scheduled configurations will run only if this check box is selected.
KBOX Server Name This field, by default, displays the name of the KBOX Server. Update this
field if you have multiple KBOX servers. Enter the name of the server from
where you wish to install the agent.
KBOX Client Share Name The share folder name on the KBOX, where the KBOX Agents are located.
DNS Lookup Enabled Select the check box to enable DNS lookup.
Name Server for Lookup By default, the field displays KBOX’s primary DNS Server mentioned under
Network Settings. You can change the default DNS Server to the
required one and also specify the hostname or IP address.
Lookup Time Out Enter the time period in seconds, after this period has lapsed the DNS
lookup will automatically time out.
Provision this platform Select the check box to enable provisioning on Windows platform.
KBOX Agent Version This field displays the KBOX Agent version number.
Agent Identification Port The agent identification port is a port that installed agents would already
have open and in use, indicating that you should not install the agent
again. By default that port number is 52230. If you are using a different
port number for this, you can change the port number listed here.
Required open TCP Ports Enter the list of required open TCP ports separated by commas. These are
the ports KBOX uses to access the target machine for installation of the
KBOX Agent.
Port Scan Time Out Enter a time period in seconds. Port scan time out indicates the time for
which the KBOX will scan the port for response.
Bypass Port checks Select the check box to avoid port checks. Selecting this indicates that the
KBOX should simply try to install the agent, without checking the ports.
Enable Debug Info Select the check box to enable debug info. By enabling this check box
more debug info will be displayed in the machine’s provisioning results.
Remove KBOX Agent Select the check box to reverse the logic of the provisioning configuration.
Thus, you are using provisioning configuration, to remove the KBOX agent
from machines rather than installing it. This overrides any current
provisioning activity.
Install .NET 1.1 on x64 Select the check box to install .NET 1.1 on a 64-bit system prior to KBOX
Systems agent installation. The KBOX Agent setup fails, if .NET 1.1 is not available
on the 64-bit system.
Remove Config.xml file Select the check box to remove the Config.xml file while removing the
Agent.
The Config.xml file contains the KBOX name and other server configura-
tions that the target machine checks into.
For example:
If you are using multiple KBOX servers and you remove a KBOX Agent ‘A1’
that was checking into the KBOX server ‘A1, you do not remove the
Config.xml file.
You then reinstall the KBOX Agent ‘B1’, which was checking into the KBOX
server ‘B1’. This new agent continues to check into the KBOX server ‘A1’ as
you have not removed the Config.xml file. Thus it is advisable to remove
the Config.xml file.
Note: If you want to save your configurations for future use do not
remove the Config.xml file.
6. Enter the following details under Windows Network Administrative Credentials section, if the
target machine(s) operate on the Windows platform:
Domain (or Workgroup) Enter the domain or workgroup name associated with the login credentials
you enter below.
User Name (admin level) Enter a user name with the necessary privileges to install the agent on the
targeted machines.
7. Enter the following details under Unix (Linux, MacOSX, Solaris) Platform Provisioning Settings
section, if the target machine(s) operate on the Linux, Macintosh®, or Solaris platform:
Provision this platform Select the check box to enable provisioning on Linux, Macintosh®, or
Solaris platform.
Required open TCP Ports Enter the list of required open TCP ports. These are the ports KBOX will
use to access the target machine for installation of the KBOX Agent.
Port Scan Time Out Enter a time period in seconds. Port scan time out indicates the time for
which the KBOX will scan the port for response.
Bypass Port checks Select the check box to avoid port checks. This indicates that the KBOX
tries the installation, without checking ports.
Remove KBOX Agent Select the check box to reverse the logic of the provisioning configuration.
Hence, you are using provisioning configuration, to remove the KBOX
agent from machines rather than installing it. This overrides any current
provisioning activity.
Remove /var/kace/ files The kace folder has two sub folders, SMMP and kagentd.
The SMMP folder has 4 files; SMMP.conf, agent.log, pid, and pluginRun-
Process.log.
The kagentd folder has 3 files; KBOX_LOG.txt, kbot_config.yaml, and
kuid.txt.
Select the check box to remove the complete ‘kace’ folder. If the check
box is not selected /var/kace/kagentd/kuid.txt file is left behind.
8. Enter the following details under Network Root Credentials section, if the target machine(s) operate
on the Linux or Macintosh® platform:
User Name Under Network Root Credentials for the appropriate platform, enter a
user name that has the necessary privileges to install the agent on the
targeted machines.
Password Enter the password for the account listed above.
KBOX Agent Version This is a read-only field that displays the KBOX Agent version number.
9. Select the appropriate check box under the Scheduling area, and schedule to run the configuration:
Don’t Run on a Schedule Select when you do not want to run the provisioning
configuration on a schedule.
Run Every n minutes/hours Select to run the provisioning configuration at the specified time.
Run Every day/specific day at Select to run the provisioning configuration on specified day at
HH:MM AM/PM the specified time.
Run on the nth of every month/ Select to run the provisioning configuration on the specified time
specific month at HH:MM AM/PM on the 1st, 2nd, or any other date of every month or only the
selected month.
By choosing a regular schedule, the KBOX periodically checks machines in the specified IP range to
make sure that they have the KBOX Agent, and install/reinstall/uninstall as required.
To duplicate a configuration:
To delete a configuration:
Deleting a configuration will delete all associated target machines in the provisioning
inventory list. Altering or updating a configuration will reset the data in the associated
target machines list to the default settings until the subsequent provisioning run.
Provisioned Configurations
The Provisioned Configurations page displays:
A list of computers which match Agent Provisioning configurations established in Advanced
Provisioning.
All the provisioning configurations created and their statuses.
Field Description
Config Name Displays the configuration name. Click the config name displays the Advanced
Provisioning page.
Total Target Indicates the total number of target machines. Click the total number of target machines
to display the Provisioning Results page.
Running Indicates the total number of target machines on which provisioning is currently run-
ning. Click the total number of target machines to display the Provisioning Results page.
Not Started Indicates the total number of target machines on which provisioning has not yet started.
Click the total number of target machines to display the Provisioning Results page.
Succeeded Indicates the total number of target machines on which provisioning has succeeded.
Click the total number of target machines to display the Provisioning Results page.
Failed Indicates the total number of target machines on which provisioning has failed. Click the
total number of target machines to display the Provisioning Results page.
% Succeeded Indicates in percentage the total number of target machines on which provisioning has
succeeded.
IP Range Indicates the IP range of the target machine.
Schedule Indicates the provisioning schedule run as specified. For example: Every ‘n’ minutes,
Every ‘n’ hours or Never.
Enabled Indicates a blank or a green check in the check box for the configuration name
depending on the provisioning success.
To delete a configuration:
To enable a configuration:
To disable a configuration:
Provisioning Results
Provisioning Results page displays a list of computers which match the current Agent Provisioning
Configurations. This list includes all the machines discovered by the configurations created in Advanced
Provisioning and Single Machine Provisioning. You can view target provisioning and configuration
information.
The target’s information results from the most recent provisioning run or execution on that target.
Execution of a Provisioning Configuration targets the IP addresses and for each target (node) the
execution evaluates the availability of IP addresses, agent status, port configuration, and so on. The
results and logs of each provisioning step are displayed.
You can also view computer inventory by clicking computer inventory under
Provisioning Target Info section. The provisioning process collects the MAC address
of the target machine and compares to the data associated with the current "KBOX
Computer Inventory". If a match is found, a link to "Computer Inventory" for that
association is displayed next to the MAC Address. For more information on computer
inventory, see “Adding Computers to Inventory,” on page 65.
Field Description
information. Client machines connected to the server over AMP (port: 52230), are indicated by a icon
on the Inventory list page.
You can view the KBOX Agent Tasks and Task Types from the Tasks drop-down list, which are described in
the table below:
Tasks All Tasks This selection lists all the agent tasks.
In Progress This selection lists all the agent tasks that are in progress.
Overdue Tasks This selection lists all the agent tasks that are overdue.
Task Type bootstrap The server requests the client to sync up.
inventory The server requests the client to update the computer inventory.
krash upload The server requests the client to upload the dump file to the server
(Windows only)
patching Shows any of the client’s patching tasks, if running (Windows and Mac
only).
scripting update Updates the current status of the scripting tasks.
1. Select KBOX Settings | Support or click on the modules tool bar. The KBOX Settings:
KACE Support page appears.
2. Click Troubleshooting Tools. The KBOX Troubleshooting Tools page appears.
3. Click the tasks link in “See status of KBOX Agent tasks”, under the KBOX Agent Messaging area. The
KBOX Agent Tasks page appears.
4. Click the Machine Name from the KBOX Agent Tasks list to view the computer inventory information.
The Computers: Detail Item page appears.
5. Click Printer Friendly Version to see a print view of the page and print it.
The KBOX Agent Tasks page contains the fields described in the table below:
Field Description
Machine Name Indicates the machine name on which some tasks are scheduled/running/in progress.
Task Type Indicates the type of agent task.
Started Indicates the start time of the task type.
Completed Indicates the time when the task type is completed.
Next Run Indicates the next schedule or run time of the agent task type.
Timeout Indicates when the task type has to be timed out.
Priority Indicates the importance or the priority value of the task type.
Communications Window The time interval when the KBOX Agent can communicate with the KBOX
1000 Series appliance. For example, to allow the KBOX Agent to connect
between 1:00 AM and 6:00 AM only, select 1:00 AM from the first drop-
down list, and 6:00 AM from the second. The default setting is 12:00 AM
to 12:00 AM.
Agent “Run interval” The interval that the KBOX Agent checks into the KBOX 1000 Series. Each
time a KBOX Agent connects, it resets its connect interval based on this
setting. The default setting is once per hour.
Agent “Inventory Inter- The interval that the KBOX Agent checks into the KBOX 1000 Series. Each
val” time a KBOX Agent connects, it resets its connect interval based on this
setting. The default setting is once per hour.
Agent “Splash Page Text” The message that appears to users when communicating with the KBOX
1000 Series. The default message is KBOX is verifying your PC Configura-
tion and managing software updates. Please Wait.
Scripting Update Interval The KBOX Agent downloads new script definitions after scripting update
interval is over. The default interval is 15 minutes.
Scripting Ping Interval The KBOX Agent tests the connection to the KBOX 1000 Series appliance
after scripting ping interval is over. The default interval is 600 seconds.
Agent Log Retention The Agent Log Retention disallows the server to store the scripting result
information that arises from the agents. By default, this stores all the
results generated and can affect the performance of KBOX. Turn off the
Agent Log Retention to allow the agent checkins to process faster.
5. Click Save to save the KBOX agent settings configuration. The KBOX Agent Settings page appears in
read-only mode. These changes are reflected the next time agent checks into KBOX.
The KBOX Agent normally checks in using the "Run Interval" schedule specified in
KBOX Agent Settings page. For debugging and testing purposes, KACE provides ways
that can be used to force a check-in outside this normal schedule.
You can run the file KBScriptRunner located in C:\program files\kace\kbox to
force the KBOX Agent to check in with the KBOX 1000 appliance.
The KBScriptRunner.exe only forces a check-in (bypassing the "Run Interval") but does
not force an inventory if you have set a non-zero Inventory Interval. You must change
the inventory interval to zero while debugging/testing package deployments.
Also refer Chapter 14,“Configuring General Settings for the Server,” starting on page 256 for Agent-Server
Task settings.
Sometimes it may happen that your machine does not show up in KBOX Inventory after installing the
KBOX Agent. By default the KBOX Agent communicates with KBOX using http: over port 80. Assuming
network connectivity is in place, the most common reason newly-installed KBOX Agents fail to connect to
the KBOX during first-time setup is a problem with the default "KBOX" host name in DNS.
1. If you set up the KBOX in your DNS using a host name other than the default "kbox", or need agents to
reach KBOX by IP address instead of the DNS name, you must install the KBOX Agent specifying the
SERVER property. For example,
Windows:
c:\>KInstallerSetup.exe -server=mykbox -display_mode=silent
or
c:\>KInstallerSetup.exe -server=192.168.2.100 -display_mode=silent
Macintosh®:
/Library/KBOXAgent/Home/bin/setkbox mykbox
or
/Library/KBOXAgent/Home/bin/setkbox 192.168.2.100
Linux:
/KACE/bin/setkbox mykbox
or
/KACE/bin/setkbox 192.168.2.100
Solaris:
/KACE/bin/setkbox mykbox
or
/KACE/bin/setkbox 192.168.2.100
2. To correct the server name for an already-installed client:
Windows:
Verify the "ServerHost", "ServerURLPrefix", and "ServerPort" entry values in:
c:\program files\kace\kbox\config.xml
Verify the "ServerHost", and "ServerPort" entry values in:
c:\program files\kace\kbox\smmp.conf
For further debug and troubleshooting, add the following line in smmp.conf:
debug = true
Verify that the connection text in smmp.log indicates a successful connection between the agent and
server is established.
After the successful connection between the agent and server is established, smmp_connected file is
generated.
Macintosh®:
/var/kace/kagentd/kbot_config.yaml
Enabled Select the check box to upgrade the KBOX Agent when machines check
into KBOX the next time around.
5. Click the button beside the platform name to upload the patch file for that specific platform.
6. Click Browse and locate the patch file (.bin).
7. The Update Version ID text box displays the version number of the patch file you are uploading.
8. Click Save Windows Patch File to upload the patch file.
You can update agents on all platforms using a client bundle. The client bundle is designed to update the
KBOX Agent deployment files that are stored on the KBOX server via a single file.
This bundle must only be applied to KBOX servers at version 3.2 or greater. This affects two areas of the
KBOX:
1) KBOX Agent Update
2) Advanced Provisioning
When you apply this bin file to your server, the older versions of the clients will be removed and replaced
with the files contained in this bin file.
The KBOX Agent Update settings will be DISABLED after applying the file. You need to
view the settings and confirm the label and settings and ENABLE it again if you want
the agents to deploy to your network.
All the provisioning setups will also be DISABLED and will need to be re-enabled to
deploy the new version of the agent to your network.
If you are attempting to manually uninstall an older 1.5/2.0 KBOX client after a failed install or upgrade of
the client, you may receive one or more of the following error messages:
An exception occurred while uninstalling. This exception is ignored and the uninstallation process will
continue. However, the application may not be fully uninstalled after the uninstallation is complete.
The savedState dictionary contains inconsistent data and might be corrupted.
Fatal error during installation.
1. Select KBOX Settings | Support or click on the modules tool bar. The KBOX Settings:
KACE Support page appears.
2. Click Troubleshooting Tools. The KBOX Troubleshooting Tools page appears.
3. Click the message queue link in “See list of pending communications in the KBOX Agent message
queue”, under the KBOX Agent Messaging area. The AMP Message Queue page appears.
The pending communications are displayed in this queue only if there is a constant connection between
the KBOX Agent and the KBOX.
For Alerts, the pending communications are displayed in the AMP Message Queue even
if there is no continuous connection between the KBOX Agent and the KBOX. These
messages are displayed till the Keep Alive time interval has elapsed. These messages
are then deleted from the queue and the alerts expire.
Field Description
Machine Name Indicates the machine name that contains the computer inventory information. Click
the machine name to view the Computers Inventory page. A icon indicates a
successful AMP connection and icon indicates a failed AMP connection.
Message Type Indicates the message type. For example, Run Process or Built-in.
[ID, Src ID]
Message Payload Indicates the message payload.
Expires Indicates the date and time when the alert expired.
Status Indicates the status of the AMP message. For example, Completed or Received.
AMP is Agent Messaging Protocol.
To view alerts:
1. Select KBOX Settings | Support or click on the modules tool bar The KBOX Settings: KACE
Support page appears.
2. Click Troubleshooting Tools. The KBOX Troubleshooting Tools page appears.
3. Click the message queue link in “See list of pending communications in the KBOX Agent message
queue”, under the KBOX Agent Messaging area. The AMP Message Queue page appears.
The View Alerts option is available in the Choose action drop-down list only if AMP
Message Queue has pending or displays alerts.
For creating alerts, see section “Creating Alert Messages,” on page 238.
1. Select KBOX Settings | Support or click on the modules tool bar. The KBOX Settings:
KACE Support page appears.
2. Click Troubleshooting Tools. The KBOX Troubleshooting Tools page appears.
3. Click the message queue link in “See list of pending communications in the KBOX Agent message
queue”, under the KBOX Agent Messaging area. The AMP Message Queue page appears.
4. Select the check box beside the message you want to delete.
5. Select Delete Selected Item(s) from the Choose action drop-down list.
6. Click OK to confirm deleting the message. This removes the message queue from the KBOX Agent.
Inventory
54
Overview of the Inventory feature
Inventory is collected by the KBOX Agent and reported when computers check in with the KBOX. The data
is then listed on one of the Inventory tabs: Computers, Software, or MIA. The inventory data is collected
automatically according to the Agent Inventory Interval schedule specified in the system console,
under Organizations | Organizations for a specific organization. If this Agent Inventory Interval is
set to zero, the client inventory is performed as per the Agent Run Interval specified in the system
console, under Organizations | Organizations for the specific organization..
Although it is presented under the Inventory tab, the IP Scan feature is discussed in Chapter 5,“IP
Scan,” starting on page 96.
Module Toolbar
Click to create
search filter
Click to run
The computer’s name and labels to which the computer belongs
Machine Action
The Computer Search & Filter page displays the computer’s IP address and the user connected to it.
Clicking Action #1 or Action #2 beside the IP address, invokes an Machine Action if specified.
For more details on Machine Actions, Refer to the Chapter 1,“Configuring General Settings for the
Server,” starting on page 16.
Filter Examples
To create a filter:
1. Select Inventory | Computers, then click the Create Filter tab. The Filter criteria fields appear.
2. Specify the search criteria.
3. Choose the label to associate with the filter.
4. To see whether the filter produces the desired results, click Test Filter.
5. Click Create Filter to create the filter.
Now, whenever machines that meet the specified filter criteria check into the KBOX, they will automatically
be assigned to the associated label. You can also add a new machine filter or change the order of machine
filters from the Reporting | Filters tab. Refer to Chapter 12,“Filters,” starting on page 239for more
details.
This feature assumes that you have already created labels to associate with a filter. For
information about creating labels, see “Labels,” on page 84.
Deleting a filter does not delete the label.
To create a notification:
1. Select Inventory | Computers, and then click the Create Notification tab.
2. Specify the search criteria.
3. Specify a title for the search.
4. Enter the mail address of the recipient of the notification.
5. To see whether the filter produces the desired results, click Test Notification.
6. Click Create Notification to create the notification.
Now, whenever machines that meet the specified notification criteria check into the KBOX, an mail will
automatically be sent to the specified recipient. You can modify or delete a notification after it has been
created on the Reporting | Email Alerts tab.
Computers Inventory
From the Computers tab, you can select a computer in the inventory and view its details. The Computer
Detail page provides details about a computer’s hardware, software, install, patch, Help Desk, and Oval
vulnerability history, among other attributes.
Each section on this page is described below. To expand the sections, click Expand All. Click a heading to
expand or collapse it.
Summary
This section provides a brief description of the computer. It displays the following details:
The Alerts, Patching, and Run Now features work only if there is a constant connection
between the KBOX Agent and the KBOX. For information on how to set up a persistent
connection, Refer to Chapter 1,“Configuring AMP Settings for the Server,” starting on
page 24.
Inventory Information
The inventory information section covers following areas:
Hardware
Printers
Network Interfaces
KBOX Agent
User
Operating System
Notes
Hardware
The hardware section displays following details. These details vary according to the make of the computer:
Printers
This section displays the list of configured printers for the computer.
Network Interfaces
This section displays the following details of the machine:
1. Type and version of NIC card installed
2. MAC address
3. IP address
4. DHCP status (Enable or Disabled)
KBOX Agent
This section displays the following details:
Agent Version Displays the version of the KBOX Agent installed on the machine.
AMP Disconnected Displays the date and time when the AMP connection got disconnected. This
field is only displayed if the AMP connection is disconnected.
KACE ID Displays the ID of the machine on which the KBOX Agent is installed. You
can view the machine ID in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\KACE
Database ID Displays the id of the machine as reflected in the machine table.
Last Inventory Displays the time when the inventory for the machine last got uploaded to
the KBOX.
Last Sync Displays the time when the machine last got synched to the KBOX.
Operating System
This section displays the following details:
Name Displays the name of the operating system installed on the machine.
Service Pack Displays the service pack of the machine.
Version Displays the version number of the operating system installed on the
machine.
Build Displays the build number of the operating system installed on the machine.
Number Displays the version number of operating system installed.
Architecture Displays the architecture of the machine as 32-bit or 64-bit.
Installed Date Displays the date and time when this operating system was installed on the
machine.
Last System Reboot Displays the date and time when the machine was last rebooted.
Current Uptime Displays the elapsed time since the last machine shutdown.
System Directory Displays the operating system installation path on the machine.
Registry Size Displays the current registry file size of the machine.
Registry Max Size Displays the maximum registry file size of the machine.
Notes
This section displays notes related to the machine. You can enter description in the Notes field. Click
Save to save the description.
Software
The Software section has following areas:
Installed Programs
Custom Inventory Fields
Uploaded Files
Installed Patches via Inventory
Running Processes
Startup Programs
Services
Installed Programs
This section displays the titles and versions of software programs installed on the computer. The programs
listed here are the same as those listed on the computer’s Add/Remove Programs list.
Uploaded Files
This section displays a list of the files that have been uploaded to the KBOX from the machine using the
Upload a file Script Task. Refer to page 147 describing adding steps to task to a Offline KScript or Online
KScripts in Chapter 8,“To add an Offline KScript or Online KScript:,” starting on page 145. Also Refer to
Appendix B,“Adding Steps to Task Sections,” starting on page 331.
Running Processes
This section displays lists of all the processes currently running on the computer. This list is the same as
that displayed on the computer’s Task Manager | Processes tab.
Startup Programs
This section displays a list of programs that are launched automatically when the computer starts. These
programs are the same as those listed in the computer’s Start | All Programs | Startup menu.
Services
This section displays a list of services that are running on the machine. Click any of the services and the
Service : Edit Service Detail page appears. The fields on this page represent the service detail information,
which is automatically captured and communicated from the KBOX Agent.
Activities
The Activities section has the following areas:
Labels
Failed Managed Installs
To Install List
Help Tickets
Labels
This section displays the labels that are currently assigned to the computer. Labels are used to organize
and categorize machines.
To Install List
This section lists the Managed Installations that installed on the machine, the next time it connects.
Help Tickets
This section displays the list of the Help Desk Tickets associated with the machine. The Tickets can be
assigned to the machine owner or submitted by the machine owner. To view the details of Help Desk
Ticket, click Ticket ID (for example, TICK:0032). Click the [Create New Ticket] link to create a new
Security
The Security section has the following areas:
Patching Detect/Deploy Status
Threat Level 5 List
Oval Vulnerabilities
Oval Vulnerabilities
This section displays the results of OVAL Vulnerability tests run on the machine. Only tests that fail on the
machine are listed by the OVAL ID and marked as Vulnerable. Tests that pass are grouped together and
marked as Safe.
Logs
The Logs section has the following areas:
KBOX Agent Logs
Portal Install Logs
Scripting Logs
Scripting Logs
This section lists the Configuration Policy scripts that have run on this computer, along with the status of
any scripts in progress.
Asset
The Logs section has the following areas:
Asset Information
Related Assets
Asset History
Asset Information
This section displays the details of the Asset associated with the machine. Details such as the date and
time when the Asset record was created, the date and time when it was last modified, type of the asset,
name of the asset, and machine name are displayed. Click [Edit this asset] link to edit the asset
information. For more information on editing asset information, Refer to Chapter 4,“Managing
Assets,” starting on page 91.
Related Assets
This section displays the list of related assets that are not the parent of this asset.
Asset History
This section displays the changes done to the Asset of the machine. It lists details of the all the changes
along with the date and time when each change was done.
To delete a computer:
Software Inventory
In addition to the computers on your network, the KBOX Inventory feature also keeps an inventory of the
software titles installed on each of the computers listed in the inventory. From the Inventory | Software
tab you can see at a glance all the software installed across your network.
By default, the Software List alphabetically lists only the first 100 software titles detected. To view all
software installed, click the Show All link.
From the Software List page you can:
Add or delete software
Add or remove labels
Categorize the Software
Set Threat Level to Software
To view the details of a software title, click the software name link.
To create a filter:
This feature assumes that you have already created labels to associate with a filter. For
information about creating labels, see “Labels,” on page 84.
Deleting a filter does not delete the label.
7. Select the supported operating systems in the Supported Operating Systems field.
8. In the Custom Inventory ID (rule) field, enter the Custom Inventory ID.
The software detail page displays license information for the software. You can also
view the license asset detail by clicking on the license link.
Use of the term “string” in the function indicates that value to be specified for fullpath
or valueToTest arguments is of type string and not of type like boolean or integer.
Quotation marks need not be specified in the string value.
DirectoryExists(string dirName)
For example:
DirectoryExists(C:\WINDOWS\)
FileExists(string fullPath)
For example:
FileExists(C:\WINDOWS\notepad.exe)
FileVersionEquals(string fullPath, string valueToTest)
For example:
FileVersionEquals(C:\Program Files\Internet Explorer\iexplore.exe, 6.0.2900.2180)
FileVersionLessThan(string fullPath, string valueToTest)
FileVersionGreaterThan(string fullPath, string valueToTest)
ProductVersionEquals(string fullPath, string valueToTest)
ProductVersionLessThan(string fullPath, string valueToTest)
ProductVersionGreaterThan(string fullPath, string valueToTest)
For example:
RegistryValueEquals(SOFTWARE\Microsoft\Internet Explorer\Version Vector,IE,6.000)
The syntax must adhere to the following rules:
The syntax must have three values separated by commas.
Commas are not allowed anywhere else in the string.
Do not include single nor double quotes.
Contain a key that exists under LocalMachine.
Failure to follow these specifications will result in the test evaluating to FALSE, and the install would
proceed.
All comparisons happen as strings, testing other registry value types may not work.
White space will be trimmed from the front and back of each variable. Therefore all of the following
syntaxes are the same:
RegistryValueEquals(SOFTWARE\Microsoft\Internet Explorer\Version Vector,IE,6.000)
RegistryValueEquals(SOFTWARE\Microsoft\Internet Explorer\Version Vector ,IE,6.000)
RegistryValueEquals(SOFTWARE\Microsoft\Internet Explorer\Version Vector,IE ,6.000 )
RegistryValueEquals(SOFTWARE\Microsoft\Internet Explorer\Version Vector, IE,6.000 )
The following syntaxes are not the same and would be INVALID:
RegistryValueEquals(SOFTWARE\Mic rosoft\Internet Explorer\Vers ion Vector,IE,6.000)
RegistryValueEquals(SOFTWARE\Microsoft\Internet Explorer\Version Vector,IE,6.000)
These operators can be used in conjunction with "AND / OR".
If the results of functions in the form described above evaluate to be true, then it is assumed that the
software is installed on the target machine, and there is no reason to install this package again. And, a
corresponding copy of the software is counted in the KBOX database.
Functions of the form *VersionGreaterThan and *VersionLessThan will attempt to do valid comparisons of
version information. Only numeric versions can be compared. For example 1.2.3B would not compare
correctly. The following would all behave normally:
1.2.3 < 1.2.4
1.2.3 < 2.4
1.2.3 > .9.1.9
1 < 1.5
1.0.0.0.5 < 1.1
You can retrieve the following attributes from the FileInfoReport() function:
Comments Language
CompanyName LegalCopyright
FileBuildPart LegalTrademarks
FileDescription OriginalFilename
FileMajorPart PrivateBuild
FileMinorPart ProductBuildPart
FileName ProductMajorPart
FilePrivatePart ProductMinorPart
FileVersion ProductName
InternalName ProductPrivatePart
IsDebug ProductVersion
IsPatclhed SpecialBuild
IsPreRelease CreatedDate
IsPrivateBuild ModifiedDate
IsSpecialBuild AccessedDate
To delete a software:
To categorize a software:
Enabled Select this check box to enable software metering for this software.
Process Name The specified process name will be monitored on the KBOX Agent machine.
Associated Software To track usage only on machines with a specific software version deployed,
choose the related software inventory item. You can filter the list by enter-
ing filter options.
Notes Enter any notes that further describe or explain this software meter.
Licenses Displays license information for the software. To view the license asset
details, click on the license link.
4. Click Save to save your changes or click Cancel to return to the Software Metering Listing page. Your
Software Meter now appears in the Software Metering Listing page.
Enabled Select this check box to enable software metering for a software process.
Process Name The specified process name will be monitored on the KBOX Agent machine.
Associated Software Select the related software inventory item, to track the usage only on
machines with a specific software version deployed.
Notes Enter any notes that further describe or explain this software meter.
4. Click Save to save your changes or click Cancel to return to the Software Metering page.
Enabled Select the check box for metering to run on the target machines.
Allow Run While Select the check box for metering to run even if the machine cannot con-
Disconnected tact the KBOX to report results. The results will be stored on the machine
and will be uploaded once the contact with the KBOX is established.
Allow Run While Select the check box for metering to run even if a user is not logged in. If
Logged Off you clear this check box, the script will run only when a user is logged into
the machine.
Deploy to All Select the check box if you want to deploy to all the Machines. Click OK in the
Machines confirmation dialog box.
Limit Deploy You can limit deployment to one or more labels. Press CTRL and click
To to select more than one label.
Supported Select the operating system to which you want to limit deployment. Press CTRL
Operating and click to select more than one operating system.
Systems Note: Leave blank to deploy to all operating systems.
6. Click Save to save your changes or click Cancel to return to the Software Metering page.
AppDeploySM Live
AppDeploy.com contains information on installation, deployment, and systems management automation.
By putting all the relevant information in one place, it eliminates the need for searching answers through
vendor sites, discussion boards, and technical publications. It offers computer administrators an easy way
to search for answers and solutions.
1. Select Inventory | Software. The Software page appears, which lists the software installed on client
machines.
2. Select the software title in order to see the associated information from AppDeploy Live. The Software
: Edit Software Detail page appears.
3. Scroll Down to view AppDeploy Live information.
If you have not enabled AppDeploy Live, you cannot view AppDeploy Live
information. Refer to “AppDeploySM Live,” on page 76.
You can read comments on the process submitted by other users by clicking [Read
Comments] on the Process Details page. You can also ask for help from KACE about the
processes by clicking [Ask For Help.] You need KACE user name and password to log in
to the KACE database.
You can also see computers with running the selected process. You can view a printer friendly version of
this page and take print outs of the report.
To delete a process:
For more detailed information on scripting and Disallowed Programs Policy, Refer to
Chapter 8,“Scripting,” starting on page 142.
To categorize a process:
To meter a process:
You can read comments on the startup program submitted by other users by clicking
[Read Comments]. You can also ask for help from KACE about the startup programs by
clicking [Ask For Help.] You need KACE user name and password to log in to the KACE
database.
You can also see computers with running the selected startup program. You can view a printer friendly
version of this page and take print outs of the report.
The services are categorized in: Audio / Video, Business, Desktop, Development, Driver, Games, Internet,
Malware, Security, and System Tool.
You can read comments on the service submitted by other users by clicking [Read
Comments]. You can also ask for help from KACE about the service by clicking [Ask For
Help.] You need KACE username and password to log in to the KACE database.
You can also see computers with running the selected startup program. You can view a printer friendly
version of this page and take print outs of the report.
To delete a service:
To categorize a service:
Automatically delete MIA Select the check box to enable automatic deleting of MIA com-
computers puters.
Days Enter the period in number of days. Computers that do not com-
municate with the KBOX for the number of days specified here
will be automatically deleted.
4. Click Save.
To delete a computer:
Creating Labels
Labels can be used to organize and categorize software, people, and machines. Labels are intended to be
used in a flexible manner and how you use labels is completely customizable. For example, Labels can
reflect corporate structures, organizations, processes, or geographical locations like "Engineering",
"Staging", "Building A",and so on. Labels can be used to identify deployment groups and target machines
for distribution packages. All items that support "labeling" can have none, one, or multiple labels.
To create a label:
Deleting labels
You can delete labels using two ways: from the Label List view, or from the Label: Edit Detail page.
To delete a label:
You cannot delete a label if it is associated with an item. For Example, a label
associated with a Script or a Managed Installation.
Asset Management
86
Overview of Asset Management
The Asset Management feature enables you to identify asset types, objects, and relationships between
asset types and objects. You track existing assets, licensing and cost information and generate reports to
match your environments needs.
While looking at asset management it is important to understand that two types of assets are managed
under the KBOX:
Organizational assets (like Department, Location or Cost Center)
Physical assets (like Computers, Users, Phones or Projectors)
Organizational assets are used as a way to collect similar sets of physical assets. Before you begin to use
assets, you should establish the asset types that will make sense for you, both in terms of the organization
elements you want to use as well as the physical asset types you are hoping to track.
You can view the list of available assets from the Asset | Assets tab.
With the Assets tab you can:
Add or delete assets
Configure Asset types
Add or delete software licenses
Import data
If you delete a custom asset type, then all the assets using that asset type will be
deleted.
You can add an unlimited number of asset types. Asset types can have any number of attributes, for
example, ‘Name’. The ‘Name’ attribute has to be unique and cannot be the same as the built-in asset
name. Asset types can be organized into logical groups or hierarchies to allow for roll up reporting.
Asset Association
You can create an assets field and associate it to another asset using the field type. Associations are
defined in Asset Types, and are used in assets.
Assets associations are of following types:
User
Parent
Asset Computer
Asset Cost Center
Asset Department
Asset License
Asset Location
Asset Software
Asset Vendor
Computer Asset
When a machine checks into the KBOX, an Asset with the type as Computer is automatically created.
The Computer Asset is mapped to a machine automatically using the following two fields:
mapped inventory field
mapped asset field
The mapped inventory field enables you to select a field that is checked against the inventory to verify
if the machine that has just checked in is already an asset.
For example:
if the
machine inventory field = IP address
Matching asset field = Name
and a machine with an IP address shows up, the IP is checked against IP of existing assets (machines). If
the same IP is not assigned to any other asset, then a new asset with Name = IP address is created.
If the mapped inventory field is by IP and the matching asset field is different, perhaps an asset field called
IP, then an asset is created with the Name as system name, and the IP as IP.
The matching asset field has to be of type text.
You can not create a new asset type with the same name as a built-in asset type name.
4. You can add associations by adding an asset field. To add asset fields, click the button in the
Asset Fields table.
5. Enter following details depending on the selected Asset Type:
Field Value
Name Enter a relevant name for the custom asset field, such as Asset Code, Purchase
Date, or Building Address Line 1. This name appears on the data entry page
for the asset.
Select Values This field gets enabled when you Single Select or Multiple Select from the
Field Type list. Enter the values for this custom asset. You must type at least one
value in this field.
Note: These values should be entered as comma-separated strings.
Default Enter the default value for this field. If you choose Single Select or Multiple
Select from the Field Type list, you must enter one of the values given in the
Select Values field.
Required Select the check box to make the custom asset field a mandatory field. If you
select the check box, you need to enter a value for this custom asset field before
saving the Asset Type Detail page.
When you rename a custom asset field, the values for that field are retained. However,
when you remove the custom asset field, values for that custom field are removed from
all assets.
When you change the Field Type of a custom asset field, the system tries to retain the
previous values, but you may also lose some data.
If you click Delete for a Custom Asset Type, the Asset Type definition and the assets of
this type are removed from the system. For example, if an Asset Type1 is a custom field
for another Asset Type2, remove this association first before attempting to delete the
Asset Type1.
6. Click Save next to the Allow Multiple column to save the entries in the Asset Fields table.
7. Click Save located at the end of the screen to save the Asset Type you added.
To add an asset:
Date created, notes, and id are the asset fields created for asset of computer type.
4. If you want to add another asset, then click Save and New. Otherwise, click Save to save the asset.
To view assets:
3. Select the asset title to see detailed information of that asset. The Asset Detail page appears.
4. If you want to duplicate the details of this asset, click Duplicate, and then click Save.
5. After editing the asset information, click Save.
If the asset you are viewing is associated to a software or machine, then click on the
asset name to view the Inventory page.
7. In the History table, you can view changes done to the asset.
1. Select Inventory | Software, then click the Create Filter tab. The Filter criteria fields appear.
2. Specify the search criteria as ActivePerl.
3. Create a label named “ActivePerl”. For more details, Refer to Chapter 3,“Labels,” starting on page 84.
4. Choose the ActivePerl label you have created to associate with this filter.
5. To test the filter produces for obtaining the desired results, click Test Filter.
6. Click Create Filter to create the filter. All software meeting this filter criteria are now labeled
“ActivePerl”.
7. Create a software asset. For more details on creating a software asset, Refer to “Managing Assets,” on
page 91
8. Assign the software label “ActivePerl” to this newly created software asset.
Now for all new versions, enter a license record with appropriate details and relate it to above created
software asset.
Thus, you can monitor the number of licenses/software/installed counts for ActivePerl by selecting
Assets | Assets or Reporting | Summary.
Generating Reports
You can run various reports to display information about the licenses assigned to software and computers.
Description of these reports is provided below.
Compliance Software Compliance Simple Lists the licenses and counts like the License
list page with details such as vendor, PO#, and
Notes.
Compliance Software License Compliance Complete Lists software and computers that are
impacted by each license record.
Compliance Unapproved Software Installation Lists software found on computers that do not
have approved licenses.
1. Select Asset | Asset Import. The Kace Asset Import Wizard - Upload File page appears.
2. In the Select file box, specify the CSV file path or click Browse to select the CSV file.
3. Select Is header name in the file check box if the CSV file contains a header.
4. Click Next. The Kace Asset Import Wizard - Asset Type Selection page appears.
5. Select the asset type from the Asset Type drop-down list, to which data needs to be imported from
the CSV file.
6. Click Next. The Kace Asset Import Wizard - Mapping page appears. This page displays mapping of the
CSV fields against fields of selected Asset Type.
7. Under Standard Fields, perform the following steps:
a. Choose the required CSV field from the CSV Fields drop-down list to match the corresponding
standard field for the Asset Type.
b. Select the PK check box to choose this field as the primary key.
If none of the Asset Type records, match with the value of the CSV field chosen as
primary key, then record will be inserted.
If only one Asset Type record, match with value of the CSV field is chosen as primary
key then the record will be updated.
If more than one Asset Type record, match with value of the CSV field chosen as
primary key then the record will be flagged as duplicate.
9. Click Re-Upload File, if you want to upload the file again. Follow the procedure from step 2 above.
10. Click Preview. It will take you to the confirmation page.
11. Click Import Data. The Kace Asset Import Wizard - Result page appears.
12. To import more assets data, click More Import. Otherwise, click Done.
IP Scan
96
IP Scan Overview
The KBOX can scan a range of IP addresses for SNMP enabled machines, allowing you to retrieve
information about machines connected to your network. Although IP Scans have their own server-side
scheduling, you can invoke a scan on-demand, or schedule an IP scan to run at a specific time.
IP scan reports a variety of inventory data that lets you monitor the availability and service level of a target
machine. As IP scan, scans ports in addition to IP addresses, you can collect data even without knowing
the IP addresses of the target machines.
It can scan any type of device (as long as the device has an IP address on the network) including
computers, printers, network devices, servers, wireless access points, routers, and switches. You can
create and view IP scans from the Inventory | IP Scan tab.
From the Network Scan Settings page you can:
Add New Item
Delete Selected Item(s)
View Scan Inventory
Scan Selected Items Now
Select View Scan Inventory from the Choose action drop-down list. The Network Scan Results page
appears.
From the Network Scan Results page you can:
Exclude Unreachable Items or Include Unreachable Items
View scan schedules
Schedule new scan
Delete selected items
Apply label or delete label
Create a remote connection to the machine (This can be done only if configured under Machine Action.)
Select Inventory | IP Scan. The Network Scan Settings page opens, which displays the Network Scan
Schedules.
The KBOX Agent listens to port 52230. To determine which machines on your network
are running the KBOX Agent, define a network scan to report which machines are
listening on that port.
To create an IP scan:
DNS Lookup Enabled Select to check live addresses against the DNS server to see if they have a
name associated with them. This can help you identify known nodes on
your network.
Name Server for lookup Enter hostname or IP address.
Lookup time out Enter the time out interval (in seconds).
Connection Test Enabled Select the check box to perform connection testing during Network scan.
Connection Test Protocol Enter the protocol to use.
Connection Test Port Enter the port to use for testing the connection.
Connection Time Out Enter the time out interval (in seconds).
Device Port Scan Enabled Select the check box to enable port scanning of device ports.
TCP Port List Displays a comma-separated list of TCP ports to scan.
UDP Port List Displays a comma-separated list of UDP ports to scan.
Port Scan Time Out Enter the time out interval (in seconds).
Don’t Run on a Schedule Select to run the tests in combination with an event rather than
on a specific date or at a specific time.
Run Every n minutes/hours Select to run the tests at the specified time.
Run Every day/specific day at Select to run the tests on specified day at the specified time.
HH:MM AM/PM
Run on the nth of every month/ Select to run the tests on the specified time on the 1st, 2nd, or
specific month at HH:MM AM/PM any other date of every month or only the selected month.
Deleting a Scan Configuration will also delete all associated scan inventory items. So if
you wish to maintain the scan inventory but do not want to "rescan" then you can just
set the schedule of the scan configuration to not run.
Clicking the IP address of a network device display the values for Ping Status,
Connection Status, and SNMP Status as "Succeeded" or "Failed". However, the
underlying database fields actually contain a 0 for Failed and 1 for Succeeded.
Therefore when using these fields as criteria for advanced search, filters, or
notifications, you must use the numeric values.
This feature assumes that you have already created labels to associate with a filter.
Deleting a filter does not delete the label.
You can specify the order in which scan filters will run by editing the Order value for scan filters.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 100
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 101
C H A P T E R 6
Distribution
102
Distribution feature Overview
KACE recommends that customers follow a predefined set of procedures before deploying any software on
their network. The following illustration represents a high-level example of a generic distribution process.
This process can be modified to meet the needs of your organization. However, to avoid distribution
problems, it is important to test various deployment scenarios prior to deployment.
Inventory &
Assess
Test
Target
Deploy
Report
One of the most important concepts in the deployment procedure is to test each deployment before rolling
it out to a large number of users. The KBOX verifies that a package is designated for a particular system,
machine, or operating system. However, it cannot assess the likelihood that a particular package behaves
well with existing applications on the target machine. Therefore, we strongly suggest that you establish
procedures for testing each piece of software before deploying it on your network.
One of the ways to do this is to develop a test group of target machines and deploy the required software
using the KBOX. This helps you to verify the compatibility of the software with the operating system and
other applications within your test group. You can create a test label and perform a test distribution before
you go live in your environment. You can create a test label from the Inventory | Labels tab. For more
information about creating labels, see “Labels,” on page 84.
This chapter focuses primarily on the Test, Target, Deploy portions of this flow diagram. For more details
on creating an inventory of computers and software packages in use on your network, see Chapter
3,“Inventory,” starting on page 54.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 103
Types of Distribution Packages
There are three primary types of distribution packages that can be deployed on the computers in your
network:
Managed installations
File synchronizations
KBOX Agent
Distribution packages (whether for managed installation, file synchronization or user portal packages)
CANNOT be created until a digital file is associated with an Inventory Item. This rule applies even if you
are:
Sending a command, rather than an installation or a digital file, to target machines.
Redirecting the KBOX Agent to retrieve the digital asset (for example, .exe, .msi) from an alternate
download location.
To create a distribution:
Although the KBOX Agent tab is listed under the Distribution tab, “Deploying the
KBOX Agent” is discussed as part of the installation and setup process in Chapter
1,“Getting Started,” starting on page 1. For information about updating an existing
version of KBOX Agent, please see Chapter 2,“KBOX Agent Update,” starting on
page 47.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 104
To ensure that the Inventory Item display name exactly matches, it is recommended to first install the
desired package on a target machine and then take an automatic inventory of that machine using the
KBOX. The newly installed package appears in the inventory list. You can then associate a digital file and
create one or more deployment packages.
When the KBOX is fetching files, the priority for fetching files is as follows:
1. Alternate download location
2. Replication point
3. KBOX
If a replication point is specified in the label, the replication share is always be used
instead of an alternate download location.
If there is no replication point, the KBOX Agent fails over to the KBOX.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 105
Whenever a replication share is specified for a label, machines in that label go to that replication share to
get files, as long as it is a member of only one label with a replication share. If a replication share is
specified, that is always be used instead of any other alternate location.
The agent always fails over to the KBOX in following scenarios:
There is no replication share specified for any label it is a member of
There are more than one possible replication shares identified
Managed Installations
Managed Installations enable you to deploy software to the computers on your network that require an
installation file to run. You can create a Managed Installation package from the Distribution | Managed
Installation page.
From the Managed Installations tab you can:
Create or delete Managed Installations
Execute or disable Managed Installations
Specify a Managed Action
Apply or remove a label
Search Managed Installations by keyword
Installation Parameters
The KBOX allows packaged definitions to contain .MSI, .EXE, .ZIP and other file types for software
deployment. A simple litmus test of the KBOX ability to install a package is "Can this file be installed by an
administrator on a local machine either by running a single file or BAT file or VBScript?" If so, the package
can be installed remotely by the KBOX. In order to simplify the distribution and installation process, the
package definition can also contain parameters that are passed to the installer at run time on the local
machine.
Parameters can be used to support custom installation settings. For example, the parameter may instruct
the KBOXClient to install a program with specific install options configured. For example, standard install,
bypass auto-restart, and so on. You can identify which parameters are supported by your .MSI or other
any installer by following the steps given below:
Note: If these steps do not work, you may need to research the parameter options - if any - with the
vendor of the software.
1. Open MS-DOS command prompt.
2. Locate the directory containing the target installer (e.g., c:\...\adobe.exe)
3. Type: filename /? (For example, adobe.exe /?)
4. If parameters are supported for the package, they often appear on-screen (For example, /quiet, /
norestart)
5. Use the parameter definitions identified to update your package definition.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 106
Creating a Managed Installation for Windows Platform
When creating a Managed Installation, you can specify whether you want to interact with the users using
a custom message before or after the installation. You can also indicate whether the package should be
deployed when the user is logged in or not, and limit deployment to a specific label. The following section
provides general steps for creating a managed installation. For specific details on creating a managed
installation for an .MSI, .EXE, or .ZIP file, please Refer to the subsequent sections.
Also show software Select the check box to display any software without an associated executable
without an Associated uploaded. You can upload a file to the software record directly from this
File Managed Installation page.
Upload & Associate New File:
Click Browse and navigate to the location that contains the new executable
of any software selected or to associate an executable to a software without
an associated file.
Installation Command Select Default option or Configure Manually option.
Default Run Parameters: Specify the installation behavior as follows:
The maximum field length is 256 characters. If your path
exceeds this limit, on the command line, point to a BAT file
that contains the path and the command.
If your Parameters file path includes spaces (for example,
\\kace_share\demo files\share these
files\setup.bat), enclose the complete path in quotes
(for example, “\\kace_share\demo files\share these
files\setup.bat”.
Configure Full Command Line: If desired, specify full command-line
Manually parameters. Please Refer to the MSI Command Line
documentation for available runtime options.
Un-Install using Full Command Line: Select the check box
to uninstall software.
Run Command Only: Select the check box to run the
command line only.
Delete Downloaded Select the check box to delete the package files after installation.
Files
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 107
Use Alternate Select the check box to specify details for alternate download. When you
Download select this check box, the following fields appear:
Alternate Download Location: Enter the location where the KBOX
Agent can retrieve digital installation files.
Alternate Checksum: Enter an Alternate Checksum (MD5) that
matches the MD5 checksum on the remote file share (for security
purposes).
Alternate Download User: Enter a user name that has the necessary
privileges to access the alternate download location.
Alternate Download Password: Enter the password for the user
name.
Note: If the target machine is part of a replication label, then the KBOX does
not fetch software from the alternate download location. For more informa-
tion on using an alternate location, Refer to “Distributing Packages through
an Alternate Location,” on page 105.
Here you specify an alternate download location only for a specific managed
installation. You can also edit an existing label or create a new label that can
be used for specifying the alternate location globally. But since that label can-
not be specific to any managed installation, you cannot specify an alternate
checksum for matching the checksum on the remote file share. For more
information on how to create or edit labels, Refer to Chapter
3,“Labels,” starting on page 84.
Notes Enter additional information in this field, if any.
Managed Actions Managed Action allows you to select the most appropriate time for this pack-
age to be deployed.
Available options are:
Disabled
Execute anytime (next available)
Execute before logon (before machine boot)
Execute after logon (before desktop loads)
Execute while user logged on
Execute while user is logged off
Deploy to All Machines Select the check box if you want to deploy the software to all machines.
Limit Deployment To Select a label to limit deployment only to machines belonging to the selected
Selected Labels label. Press CTRL to select multiple labels.
If you have selected a label that has a replication share or an alternate down-
load location, then the KBOX copies digital assets from that replication share
or alternate download location instead of downloading them directly from the
KBOX.
Note: The KBOX always uses a replication share in preference over an
alternate location.
Limit Deployment To You can limit deployment to one or more machines. Select the machines from
Listed Machines the drop-down list to add to the list. You can filter the list by entering filter
options.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 108
Deploy Order Select the order in which software should be installed. The lower deploy order
deploys first.
Max Attempts Enter the maximum number of attempts, between 0 and 99, to indicate the
number of times the KBOX 1000 Series appliance tries to install the package.
If you specify 0, the KBOX enforces the installation forever.
Deployment Window Specify the time (using a 24 hr. clock) to deploy the package. The Deployment
(24H clock) Window times affects any of the Managed Action options. Also, the run inter-
vals defined in the System Console, under Organizations | Organizations
for this specific organization, override and/or interact with the deployment
window of a specific package.
Allow Snooze Select the check box to allow snooze. When you select the check box, the
following additional fields appear:
Snooze Message: Enter a snooze message.
Snooze Timeout: Enter the timeout, in minutes, for which the
message is displayed.
Snooze Timeout Action: Select a timeout action that take places at
the end of the timeout period. For example, if the installation is being
carried out when there currently no active users accessing their
desktop. You can select Install now to install the software without any
hindrance to the users or select Install later if the installer needs
some user interaction.
Custom Pre-Install Select the check box to display a message to users prior to installation. When
Message you select the check box, the following additional fields appear:
Pre-Install User Message: Enter a pre-install message.
Pre-Install Message Timeout: Enter a timeout, in minutes, for which
the message is displayed.
Pre-Install Timeout Action: Select a timeout action from the drop-
down list, this action takes place at the end of the timeout period.
Options include Install later or Install now. For example, if the
installation is being carried out when there currently no active users
accessing their desktop. You can select Install now to install the
software without any hindrance to the users or select Install later if
the installer needs some user interaction.
Custom Post-Install Select the check box to display a message to users after the installation is
Message complete. When you select the check box, the following additional fields
appear:
Post-Install User Message: Enter a post install message.
Post-Install Message Timeout: Enter a timeout, in minutes, for
which the message is displayed.
7. Click Save.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 109
Examples of Common Deployments on
Windows
Three of the most common package deployments contain .msi, .exe, and .zip files. This section provides
examples for each type of deployment. For each of these examples, you must have already uploaded the
file to the KBOX prior to creating the Managed Installation package. We recommend that you install the
software on a QA machine, wait till the KBOX Agent connects to the KBOX 1000 series appliance and
creates an inventory item for the software, and then create the Managed Installation package.
If you are using parameters with .MSI files, it is important that all your target machines
have the same version of Windows Installer available from Microsoft, as some switches
may not be active on older versions. The most up to date version of Windows Installer
can be distributed to clients via the KBOX. If you are using Windows Installer 3.0 or
later, you can identify the supported parameters by going to start/run/ and then type
msiexec. You should see a pop up which includes the supported parameters list.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 110
4. Set the following installation details:
Also show software Select the check box to display any software without an associated exe-
without an Associated File cutable uploaded. You can upload a file to the software record directly
from this Managed Installation page.
Upload & Associate New File:
Click Browse and navigate to the location that contains the new exe-
cutable of any software selected or to associate an executable to a soft-
ware without an associated file.
Installation Command Select Default option or Configure Manually option.
Default Run Parameters: Specify the installation behavior as fol-
lows:
The maximum field length is 256 characters. If your
path exceeds this limit, on the command line, point
to a BAT file that contains the path and the
command.
If your Parameters file path includes spaces (for
example, \\kace_share\demo files\share these
files\setup.bat), enclose the complete path in
quotes (for example, “\\kace_share\demo
files\share these files\setup.bat”.
Configure Full Command Line: If desired, specify full command-
Manually line parameters. Please Refer to the MSI Command Line
documentation for available runtime options.
Un-Install using Full Command Line: Select the check
box to uninstall software.
Run Command Only: Select the check box to run the
command line only.
Delete Downloaded Files Select this check box to delete the package files after installation.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 111
User Alternate Download Select this check box to specify details for alternate download. When
you select this check box, the following fields appear:
Alternate Download Location - Enter the location from where
the KBOX Agent can retrieve digital installation files.
Alternate Checksum - Enter an Alternate Checksum (MD5) that
matches the MD5 checksum on the remote file share (for security
purposes).
Alternate Download User - Enter a user name that has
necessary privileges to access the Alternate Download Location.
Alternate Download Password - Enter the password for the
user name specified above.
Note: If the target machine is part of a replication label, then the KBOX
does not fetch software from the alternate download location. For more
information on using an alternate location, Refer to “Distributing Pack-
ages through an Alternate Location,” on page 105
Here you specify an alternate download location only for a specific man-
aged installation. You can also edit an existing label or create a new
label that can be used for specifying the alternate location globally. But
since that label cannot be specific to any managed installation, you can-
not specify an alternate checksum for matching the checksum on the
remote file share. For more information on how to create or edit labels,
Refer to Chapter 3,“Labels,” starting on page 84.
Notes Enter any additional information in this field, if any.
Managed Actions Managed Actions allows you to select the most appropriate time for this
package to be deployed.
Available options are:
Disabled
Execute anytime (next available)
Execute before logon (before machine boot)
Execute after logon (before desktop loads)
Execute while user logged on
Execute while user logged off
Deploy to All Machines Select the check box if you want to deploy the software to all the
Machines.
Limit Deployment To Select a label to limit deployment only to machines belonging to the
Selected Labels selected label. Press CTRL and click labels to select multiple labels.
If you have selected a label that has a replication share or an alternate
download location, then the KBOX copies digital assets from that repli-
cation share or alternate download location instead of downloading
them directly from the KBOX.
Note: The KBOX always uses a replication share in preference to an
alternate location.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 112
Limit Deployment To Listed You can limit deployment to one or more machines. Select the
Machines machines from the drop-down list to add to the list. You can filter the
list by entering filter options.
Deploy Order Select the order in which software should be installed. The lower deploy
order deploys first.
Max Attempts Enter the maximum number of attempts, between 0 and 99, to indicate
the number of times the KBOX 1000 Series appliance tries to install the
package. If you specify 0, the KBOX enforces the installation forever.
Deployment Window(24H Enter the time (using a 24 hr. clock) to deploy the package. Deployment
clock) Window times affect any of the Managed Action options. Also, the run
intervals defined in the System Console, under Organizations |
Organizations for this specific organization, override and/or interact
with the deployment window of a specific package.
Allow Snooze Select this check box to allow snooze. When you select this check box,
the following additional fields appear:
Snooze Message: Enter a snooze message.
Snooze Timeout: Specify a timeout, in minutes, for which the
message is displayed.
Snooze Timeout Action: Select a timeout action that takes
place at the end of the timeout period. For example, you might
select Install now because you are installing at a time when you
know that the users are away from their desktops. You might
select Install later because the installer needs some user
interaction and it would not work if the users were not at their
desktops.
Custom Pre-Install Message Select this check box to display a message to users prior to installation.
When you select this check box, additional fields appear:
Pre-Install User Message: Enter a pre-install message.
Pre-Install Message Timeout: Enter a timeout in minutes for
which the message is displayed.
Pre-Install Timeout Action: Select a timeout action that take
places at the end of the timeout period. For example, you might
select Install now because you are installing at a time when you
know that the users are away from their desktops. You might
select Install later because the installer needs some user
interaction and it would not work if the users were not at their
desktops.
Custom Post-Install Message Select the check box to display a message to users after the installation
is complete. When you select the check box, the following additional
fields appear:
Post-Install User Message: Enter a post install message.
Post-Install Message Timeout: Enter a timeout, in minutes, for
which the message is displayed.
7. Click Save.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 113
Standard EXE Example
The standard EXE example is identical to the MSI example above with one exception: /I is not required in
the “run parameters” line when using a .exe.
When using an EXE it is often helpful to identify switch parameters for a quiet or silent installation. To do
this, specify /? in the run parameters field.
The KBOX Agent automatically runs deployment packages with .MSI and .EXE
extensions. However, the KBOX also provides a capability for administrators to Zip many
files together and direct the KBOX to unpack the Zip and run a specific file within. If you
intend to deploy a .ZIP file, you must place the name of the file within the .zip that you
would like to run in the Command (Executable) field within the Deployment Package
(for example, runthis.exe).
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 114
This library supports Zip files using both stored and deflate compression methods and also supports old
(PKZIP 2.0) style encryption, tar with GNU long filename extensions, gzip, zlib and raw deflate, as well as
BZip2. However, Zip64 and deflate64 are not yet supported.
Compression mode 9 is deflate64, which in WinZip is called "maximum compression".
To resolve the issue, recreate the zip file using WinZip "Normal Compression".
On Red Hat Linux, you do not need to include any other files in your archive other than
your script if that is all you wish to execute.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 115
If the PATH environment variable of your root account does not include the current working directory
and you wish to execute a shell script or other executable that you have included inside an archive,
specify the relative path to the executable in the Full Command Line field. The command is executed
inside a directory alongside the files which have been extracted. For example, if you want to run a file
called "installThis.sh", you would package it up alongside a .rpm file and then put the command "./
installThis.sh" in the Full Command Line field. If you archived it inside another directory, like "foo", the
Full Command Line field should be "./foo/installThis.sh".
Both these examples, as well as some other KBOX functions, assume that "sh" is in root's PATH. If
you're using another scripting language, you may need to specify the full path to the command
processor you wish to run in the Full Command Line, like "/bin/sh ./installThis.sh". Include appropriate
arguments for an unattended, batch script.
If you select the uninstall check box in the MI detail, the KBOX Agent runs the command
//usr/sbin/rpm -e packagename.rpm on either your standalone rpm file or each rpm file it finds in the
archive, removing the package(s) automatically. The uninstallation in this way is performed only if the
archive or package is downloaded to the client. If you select the check box for "Run Command Only",
you should specify a Full Command Line to ensure the correct removal command is run on the correct
package. Since no package is downloaded in this case, you should specify the path in the installation
database where the package receipt is stored.
6. If your package requires additional options, you can enter the following installation details:
Run Parameters You do not need to specify any parameters if you have a .rpm file. If no
Run Parameters are filled in, -U is used by default. Setting a value here
overrides the default “-U” option. For instance, if you set Run Parame-
ters to: “–ivh --replacepkgs”, then the command that would run on the
computer would be:
rpm -ivh –replacepkgs package.rpm
Full Command Line You do not need to specify a full command line if you have a .rpm file.
The server executes the installation command by itself. The Linux
client tries to install this via:
rpm [-U | Run Parameters] "packagename.tgz”
If you do not want to use the default command at all, you can replace
it completely by specifying the complete command line here.
Remember that if you have specified an archive file, this command is
run against all of the .rpm files it can find.
Un-Install using Full Com- Select this check box to uninstall software. If the Full Command Line
mand Line above is filled in, it is run. Otherwise, by default the agent attempts the
command, which is generally expected to remove the package.
Run Command Only Select this check box to run the command line only. This does not
download the actual digital asset.
Notes Enter additional information in this field, if any.
Managed Action Managed Action allows you to select the most appropriate time for this
package to be deployed. Execute anytime (next available) and
Disabled are the only options available for Linux platform.
Deploy to All Machines Select the check box if you want to deploy to all the machines.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 116
Limit Deployment To Selected Select a label to limit deployment only to machines belonging to the
Labels selected label. Press CTRL to select multiple labels.
If you have selected a label that has a replication share or an alternate
download location, then the KBOX copies digital assets from that repli-
cation share or alternate download location instead of downloading
them directly from the KBOX.
Note: The KBOX always uses a replication share in preference over an
alternate location.
Limit Deployment To Listed You can limit deployment to one or more machines. Select the
Machines machines from the drop-down list to add to the list. You can filter the
list by entering filter options.
Deploy Order The order in which software should be installed. The lower deploy
order deploys first.
Max Attempts Enter the maximum number of attempts, between 0 and 99, to
indicate the number of times the KBOX 1000 Series appliance tries to
install the package. If you specify 0, the KBOX enforces the installation
forever.
Deployment Window(24H Enter the time (using a 24 hr. clock) to deploy the package. Deploy-
clock) ment Window times affect any of the Managed Action options. Also,
the run intervals defined in the System Console, under Organizations
| Organizations for this specific organization, override and/or inter-
act with the deployment window of a specific package.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 117
Use Alternate Download Select this check box to specify details for alternate download. When
you select this check box, the following fields appear:
Alternate Download Location: Enter the location from where
the KBOX Agent can retrieve digital installation files.
Alternate Checksum: Enter an Alternate Checksum (MD5) that
matches the MD5 checksum on the remote file share (for security
purposes).
Alternate Download User: Enter a user name that has the
necessary privileges to access the Alternate Download Location.
Alternate Download Password: Enter the password for the
user name specified above.
Note: If the target machine is part of a replication label, then the
KBOX does not fetch software from the alternate download location.
For more information on using an alternate location, Refer to “Distrib-
uting Packages through an Alternate Location,” on page 105.
Here you specify an alternate download location only for a specific
managed installation. You can also edit an existing label or create a
new label that can be used for specifying the alternate location glo-
bally. But since that label cannot be specific to any managed
installation, you cannot specify an alternate checksum for matching the
checksum on the remote file share. For more information on how to
create or edit labels, Refer to Chapter 3,“Labels,” starting on page 84.
9. Click Save.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 118
Standard TAR.GZ Example
Deploying software using a tar.gz file is a convenient way to package software when more than one file is
required to deploy a particular software title (for example, packagename.rpm plus required configuration
and data files). For example, if you have a CD-ROM containing a group of files required to install a
particular application, you can package them together in a tar.gz file, and upload them to the KBOX for
deployment.
The KBOX Agent automatically runs deployment packages with .rpm extensions. However, KBOX 1000
Series also provides a capability for administrators to Zip many files together and direct the KBOX 1000
Series to unpack the Zip and run a specific file within.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 119
Examples of Common Deployments on
Solaris™
The supported package deployments are .pkg, pkg.gz, .zip, .bin and tar.gz. This section provides examples
for each type of deployment. For each of these examples, you must have already uploaded the file to the
KBOX prior to creating the Managed Installation package. We recommend installing the software on a QA
machine, waiting a sufficient amount of time for the KBOX Agent to connect to the KBOX 1000 series
appliance and create an inventory item for the software, and then creating the Managed Installation
package.
You can put a zero-byte .pkg file in your archive if all you want to do is execute a shell
command or some other executable.
Ensure that you specify the relative path to the executable in the Full Command Line field, if you wish
to execute a shell script or other executable that you have included inside an archive. The command is
executed inside a directory alongside the files which have been extracted. For example, if you want to
run a file called "installThis.sh", you would package it up alongside a .pkg file and then put the
command "./installThis.sh" in the Full Command Line field. If you archived it inside another directory,
like "foo", the Full Command Line field should be "./foo/installThis.sh".
Both these examples, as well as some other KBOX functions, assume that "sh" is in root's PATH. If you
are using another scripting language, you may need to specify the full path to the command processor
you wish to run in the Full Command Line, like "/bin/sh ./installThis.sh". Include appropriate arguments
for an unattended, batch script.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 120
If you select the uninstall check box in the MI detail, the KBOX Agent runs the command:
/usr/sbin/pkgrm -n packagename.pkg on either your standalone rpm file or each rpm file it finds in the
archive, removing the package(s) automatically. An uninstallation in this way can be performed only if
the archive or package is downloaded to the Agent. If you select the check box for "Run Command
Only", you should specify a full command line to ensure the correct removal command is run on the
correct package. Since no package is downloaded in this case, you should specify the path in the
installation database where the package receipt is stored.
6. If your package requires additional options, you can enter the following installation details:
Run Parameters You do not need to specify any parameters if you have a .pkg file. If no Run
Parameters are filled in, all are used by default to install all packages in the
.pkg file. Setting a value here overrides the default option.
Full Command Line You do not need to specify a full command line if you have a .pkg file. The
server executes the installation command by itself. The Solaris client tries
to install this via:
pkgadd -n -d "packagename.pkg" [Run Parameters]
If you do not want to use the default command at all, you can replace it
completely by specifying the complete command line here. Remember that
if you have specified an archive file, this command runs against all the .pkg
files it can find.
Un-Install using Full Select the check box to uninstall software. If the Full Command Line above
Command Line is filled in, it is run. Or else by default the agent attempts the command,
which is generally expected to remove the package.
Run Command Only Select the check box to run the command line only. This does not download
the actual digital asset.
Notes Enter additional information in this field, if any.
Managed Action Managed Action allows you to select the most appropriate time for this
package to be deployed. Execute anytime (next available) and
Disabled are the only options available for Solaris platform.
Deploy to All Machines Select the check box if you want to deploy to all the machines.
Limit Deployment To Selected Select a label to limit deployment only to machines belonging to the
Labels selected label. Press CTRL to select multiple labels.
If you have selected a label that has a replication share or an alternate
download location, then the KBOX copies digital assets from that
replication share or alternate download location instead of download-
ing them directly from the KBOX.
Note: The KBOX always uses a replication share in preference over an
alternate location.
Limit Deployment To Listed You can limit deployment to one or more machines. Select the
Machines machines from the drop-down list to add to the list. You can filter the
list by entering filter options.
Deploy Order The order in which software should be installed. The lower deploy
order deploys first.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 121
Max Attempts Enter the maximum number of attempts, between 0 and 99, to
indicate the number of times the KBOX 1000 Series appliance tries to
install the
package. If you specify 0, the KBOX enforces the installation forever.
Deployment Window(24H Enter the time (using a 24 hr. clock) to deploy the package. Deploy-
clock) ment Window times affect any of the Managed Action options. Also,
the run intervals defined in the System Console, under Organizations
| Organizations for this specific organization, override and/or inter-
act with the deployment window of a specific package.
9. Click Save.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 122
Standard TAR.GZ Example
Deploying software using a tar.gz file is a convenient way to package software when more than one file is
required to deploy a particular software title (for example, packagename.pkg plus required configuration
and data files). For example, if you have a CD-ROM containing a group of files required to install a
particular application, you can package them together in a tar.gz file, and upload them to the KBOX for
deployment.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 123
Examples of Common Deployments on
Macintosh®
For information on common deployments on Macintosh®, Refer to Appendix A,“Macintosh®
Users,” starting on page 322.
File Synchronizations
File synchronizations enable you to distribute software files to the computers on your network. These can
be any type of file, such as PDF, ZIP files, or EXE files, which are simply downloaded to the user’s machine,
but not installed.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 124
Persistent Select the check box if you want the KBOX to confirm every time that
this package does not already exist on the target machine before
attempting to deploy it.
Create shortcut (to location) Select the check box if you want to create a desktop shortcut to the
file location.
Shortcut name Enter a display name for the shortcut.
Delete Temp Files Select the check box to delete temporary installation files.
Limit Deployment to Enter a label for the package. The file is distributed to the users
assigned to the label, such as operating system affected by the
synchronization.
Pre-Install User Message Select this check box to display a message to users prior to installa-
tion. When you select this check box, additional fields appear:
Pre-Install User Message: Enter a pre-install message.
Pre-Install Message Timeout: Enter a timeout in minutes for
which the message is displayed.
Pre-Install Timeout Action: Select a timeout action that
takes place at the end of the timeout period. For example, if the
installation is being carried out when there currently no active
users accessing their desktop. You can select Install now to
install the software without any hindrance to the users or select
Install later if the installer needs some user interaction.
Post-Install User Message Select the check box to display a message to users after the installa-
tion completes. When you select this check box, message field and
timeout options appear. Enter a message and a timeout value in min-
utes.
Deployment Window Enter the time (using a 24 hr. clock) to deploy the package. Deploy-
ment Window times affect any of the Managed Action options. Also,
the run intervals defined in the System Console, under Organiza-
tions | Organizations for this specific organization, override and/or
interact with the deployment window of a specific package.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 125
Use Alternate Download Select this check box to specify details for alternate download. When
you select this check box, the following fields appear:
Alternate Download Location: Enter the location from where
the KBOX Agent can retrieve digital installation files.
Alternate Checksum: Enter an Alternate Checksum (MD5)
that matches the MD5 checksum on the remote file share (for
security purposes).
Alternate Download User: Enter a user name that has
necessary privileges to access the Alternate Download Location.
Alternate Download Password: Enter the password for the
user name specified above.
Note: If the target machine is part of a replication label, then the
KBOX does not fetch software from the alternate download location.
For more information on using an alternate location, Refer to “Distrib-
uting Packages through an Alternate Location,” on page 105.
Here you specify an alternate download location only for a specific
managed installation. You can also edit an existing label or create a
new label that can be used for specifying the alternate location glo-
bally. But since that label cannot be specific to any
managed installation, you cannot specify an alternate checksum for
matching the checksum on the remote file share. For more informa-
tion on how to create or edit labels, Refer to “Labels,” on page 84.
7. Click Save.
To distribute files previously deployed after the deployment window has closed, click
the Resend Files button.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 126
Replication
Replication Share allows a KBOX Agent to replicate software installers, patches, client upgrades, and script
dependencies to a shared folder. This allows the KBOX Agent machines to download software installers,
patches, client upgrades, and script dependencies from the shared folder and not directly from the KBOX.
A replication share is used where it is undesirable to have the KBOX Agent machines downloading
installation files directly from the KBOX over WAN, due to bandwidth or other concerns. In creating a
replication share, you need to identify one machine at each remote location which acts as a "Replication
Machine". The server copies all the replication items such as software installers, patches, client upgrades,
script dependencies to the replication machine at the specified destination path.
From the Replication tab, users can:
Add or delete replication shares
Enable or disable replication shares
Start or restart a halted replication task
Halt a running replication task
Perform a share inventory for the replication share
The Replication Machine needs to have write permissions of the destination path to
write the software files.
A Replication Share can only be created on machines having the KBOX Agent
version 4.3 or higher.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 127
Shared network drive
5. Specify the replication share destination details:
Destination Path Enter the destination path to copy all the replication items from the
KBOX. All the replication items are first listed in the replication queue
and then copied one at a time to the destination path. Any new replica-
tion item is first listed in the replication queue and then copied after a
default interval of 10
minutes.
Destination Path User Enter the login name for the share. The login account should have
write access of the destination path.
Destination Path Password Enter the password for the share.
Download Path Enter the download path for machines in the replication label to copy
the replication items from this path instead of downloading them
directly from the KBOX.
For example, a UNC path,
\\fileservername\directory\kbox\
The client machine needs read permission to copy the replication items
from this shared folder.
Download Path User Enter the login name for accessing the download path.
Download Path Password Enter the password for accessing the download path.
Limit Patch O/S Files This field displays the patches for the platforms subscribed in patch
subscription settings page. Refer to Chapter 9,“Subscription
Settings,” starting on page 169 for more details.
Limit Patch Language Files This field displays the OS languages subscribed in patch subscription
settings page. Refer to Chapter 9,“Subscription Settings,” starting on
page 169 for more details.
Replicate App Patches Select this checkbox to replicate the App patches to the replication
share.
Maintain 4.2 Replication Select this checkbox to replicate softwares and patches to repl1 folder
Share path which is used by 4.2 clients.
For example,
\\machinename\foldername\repl1\replicationitems
folder
Hi Bandwidth Enter the value to specify the maximum bandwidth to be used for
replication. If this field is left blank, the bandwidth used is equal to the
maximum bandwidth available for replication.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 128
Lo Bandwidth Enter the value to specify the restricted bandwidth to be used for
replication. If this field is left blank, the bandwidth used is equal to the
maximum bandwidth available for replication.
Replication Schedule You can specify the Replication Schedule by specifying the colors
displayed in Replication Share page for different days and time slots.
The color scheme that you can specify are:
White - Replication Off
Light Blue - Replication ON with Low Bandwidth
Blue - Replication ON with High Bandwidth
Copy Schedule From Select any existing Replication Schedule from the drop-down list to
replicate the items as per the selected schedule.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 129
Replication Queue: Click Replication Queue to see a list of replication items that are going to be
copied.
Share Inventory: Click Show Share Inventory to see a list of replication items that have been
copied.
Delete Queue: Click Show Delete Queue to see a list of replication items that are marked for
deletion.
The replication functionality of the KBOX Server version 4.3 also supports the KBOX
Agent version 4.0 and higher.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 130
iPhone
The iPhone configuration profiles allow an Enterprise to set up e-mail and secure access with VPNs,
certificates and wireless settings for user’s iPhones. The iPhones are then used to access the KBOX user
portal to download their configuration profiles and for general KBOX user portal access. The self-service
user portal allows users to access a flexible knowledge base, see hardware and software inventory
information, install IT controlled software packages, and access support tickets.
This guide assumes familiarity with Apple iPhone products for the enterprise including:
iPhone and iPod Touch running iPhone software 2.0 or later
iPhone Configuration Utility 1.0 - the Apple provided tool for initial creation of the configuration
profiles to be provisioned on user’s iPhones
General Information on the KBOX Appliances features and requirements are available at:
http://www.kace.com/products/systems-management-appliance/computer-management-
software-alternative/index.php
For additional documentation, click Help | Administrator Guide on the KBOX web console.
From the iPhone tab, users can:
Add or delete iPhone profiles
Configure Collection Settings
Record Created The date and time when the Role was first created. This is a read-only field.
Record Last Modified The date and time when the Role was last modified. This is a read-only field.
Role Name Enter a name for the Role. This is a mandatory field.
Description Enter the Role description.
4. Click the Distribution tab link under the Permissions ADMIN Console area, to expand it. You can
also click the [Expand All] link to view the Distribution tab.
5. Select the Custom option, and choose the write permission for the iPhone tab from the drop-down
list.
6. Click Save.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 131
Creating Configuration Profiles
You can use the Apple provided iPhone Configuration Utility 1.0 tool for initial creation of the configuration
profiles to be provisioned to your users' iPhones.
For more information, Refer to http://www.apple.com/support/iphone/enterprise/
To create a profile:
To Enter the recipient’s email address, or choose select user to add from the drop-down
list. You can filter the list by entering any filter options.
Message Enter a description for this e-mail.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 132
Configuring Collection Settings
This page configures a script that collects iPhone information from desktop Macintosh® computers. It
records information stored there during the normal backup sync of iPhone devices. When it runs it creates
iPhone Asset records based on the information it finds. Multiple devices synced to a desktop show up as
separate devices.
Enabled Select this check box to run this script on the target machines. The
script will only run when a user is logged into the machine. You also
may wish to adjust the run interval to something appropriate to your
network.
Deploy to All Machines Select the check box if you want to deploy to all the Machines. Click
OK in the confirmation dialog box.
Limit Deployment To Select a label to limit deployment of this script only to machines
Selected Labels belonging to the selected label. Press COMMAND to select multiple
labels.
Limit Deployment To Listed You can limit deployment of this script to only one or more machines.
Machines Select the machines from the drop-down list to add to the list. You
can filter the list by entering filter options.
Supported Operating Sys- Select an operating system on which the script is to be run. If you
tems selected a label as well, the script only runs on machines with that
label if they are also running the selected operating system.
Note: This script only runs on Mac OS X 10.4 and Mac OS X 10.5. You
should adjust your Supported Operating Systems list to match
properly.
Don’t Run on a Schedule The script runs in combination with an event rather than on a specific
date or at a specific time.
Run Every nth minutes/hours The script runs on every hour or minutes as specified.
Run Every day/specific day The script runs on the specified time on the specified day.
at HH:MM AM/PM
Run on the nth of every Select to run the script on the specified time on the 1st, 2nd, or any
month/specific month at other date of every month or only the selected month.
HH:MM AM/PM
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 133
Custom Schedule This option allows you to set an arbitrary schedule using standard
cron format. For example, 1,2,3,5,20-25,30-35,59 23 31 12 * *
means:
On the last day of year, at 23:01, 23:02, 23:03, 23:05, 23:20, 23:21,
23:22, 23:23, 23:24, 23:25, 23:30, 23:31, 23:32, 23:33, 23:34,
23:35, 23:59. The KBOX doesn’t support the extended cron format.
iPhone Asset
The iPhone asset collection script runs on the Macintosh® machines and generates the iPhone asset.
Name This is a read-only field that displays the name of the asset.
Device name This is a read-only field that displays the device name as iPhone.
Phone number This is a read-only field that displays the iPhone phone number.
Product version This is a read-only field that displays the product version of the
iPhone.
Product type This is a read-only field that displays the product type as iPhone.
Serial number This is a read-only field that displays the serial number of the iPhone.
Build version This is a read-only field that displays the build version of the iPhone.
IMEI This is a read-only field that displays the International Mobile Equip-
ment Id (IMEI).
ICCID This is a read-only field that displays the Integrated Circuit Card ID
(ICCID).
iTunes Version This is a read-only field that displays the iTunes version.
Last Backup Date This is a read-only field that displays the date on which the last
backup was taken.
Unique Identifier This is a read-only field that displays the unique identifier for the
iPhone.
Computer This is a read-only field that displays the computer name on which
the iPhone is synced.
Application ids This is a read-only field that displays the applications running on the
iPhone.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 134
Configuring iPhone
You can set up initial iPhone configuration interacting with Exchange Active sync or via IMAP for e-mails.
The KBOX is positioned in the DMZ (demilitarized zone or Screened Subnet) in order to simplify the initial
iPhone configuration for accessing to the KBOX user portal.
The KBOX provides a Web (Safari) URL login page to download profiles as an alternative to e-mailing the
configuration profiles to users.
The page requires user authentication in order to present the appropriate list of profiles for download
based on the user access list defined in “Setting up Administrative Access to iPhone Profile Management,”
on page 131.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 135
Figure 6-4: iPhone accessing various profiles for download
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 136
A message indicates if the download failed or completed successfully.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 137
Refer to Chapter 11,“Overview of the User Portal,” starting on page 194 for information
on the User Portal.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 138
C H A P T E R 7
Wake-on-LAN
139
Wake-on-LAN feature Overview
The KBOX Wake-on-LAN feature enables you to remotely power-on device on your network, even if those
machines do not have the KBOX Agent installed. Wake-on-LAN can target a label, or specific MAC-
addressed machine.
Wake-on-LAN is often used to power on machines prior to some IT activity, such as distributing a package
from the KBOX to a subnet, to ensure that the distribution or update reaches as many target machines as
possible. Because many of the updates are performed during off-hours to minimize the impact on your
network, some of the machines targeted for updating might be turned off at the time you are performing
the updates. In such cases, you could issue a Wake-on-LAN call to turn computers on prior to performing
updates, running scripts, or distributing packages.
This feature only supports machines that are equipped with a Wake-On-LAN-enabled
network interface card (NIC) and BIOS.
Using the Wake-on-LAN feature on the KBOX will cause broadcast UDP traffic on your network on port 7.
This traffic should be ignored by most computers on the network. The KBOX sends 16 packets per Wake-
on-LAN request because it must guess the broadcast address that is required to get the "Magic Packet" to
the target computer. This amount of traffic should not have a noticeable impact on the network.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 140
To schedule a Wake-on-LAN request:
Don’t Run on a Schedule Select to run the tests in combination with an event rather than
on a specific date or at a specific time.
Run Every day/specific day at Select to run the tests every day or only the selected day at the
HH:MM AM/PM specified time.
Run on the nth of every month/spe- Select to run the tests on the 1st, 2nd, or any other date of
cific month at HH:MM AM/PM every month or only the selected month.
7. Click Save.
On clicking Save, you will see the Wake-on-LAN tab with the scheduled request listed. From this view
you can edit or delete any scheduled requests.
Troubleshooting Wake-on-LAN
There can be some cases when a Wake-on-LAN request fails to wake devices. This can be caused due to
the following inappropriate configuration of network devices that causes Wake-on-LAN to fail:
The device does not have a WOL-capable network card or is not configured properly.
The KBOX has incorrect information about the subnet to which the device is attached.
UDP traffic is not routed between subnets or is being filtered by a network device.
Broadcast traffic is not routed between subnets or is being filtered by a network device.
Traffic on Port 7 is being filtered by a network device.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 141
C H A P T E R 8
Scripting
142
Scripting Module Overview
If you have purchased the optional the KBOX Policy and Scripting Module, you now have a way to easily
and automatically perform a variety of tasks. These tasks can be performed across your network through
customized scripts that run as per your preferences.
You can automate tasks like:
Installing software
Checking antivirus status
Changing registry settings
Configuring browser settings by creating a custom script
Scheduling deployment to the endpoints on your network
Each script consists of metadata, dependencies (wherever necessary), rules (Offline Kscripts and Online
Kscripts), tasks (Offline Kscripts and Online Kscripts), deployment settings, and schedule settings.
Dependencies are the supporting executable files that are necessary for a script to run.
For example, .zip files.
Rules are tasks performed in a specified order on the target machine.
Tasks are the individual steps that are carried out by a script. In each script, you can have any number of
tasks. Whether or not a task is executed is dependent upon the success or failure of the previous task.
There are three types of scripts you can create:
Offline KScripts: These scripts can execute even when the client machine is not connected to the
KBOX server such as at the time of Machine Boot Up and User Login. They execute at scheduled time
based on the client clock. They are built using a wizard, but execute only on Windows platforms.
Online KScripts: These scripts can execute only when the client machine is connected to the KBOX
server. They execute at scheduled time based on the server clock. They are built using a wizard, but
execute only on Windows platforms.
Online Shell Scripts: These scripts can execute only when the client machine is connected to the
KBOX server. They execute at scheduled time based on the server clock. They are built using simple
text-based scripts (bash, perl, batch, etc.) supported by the target operating system. Batch files are
supported on Windows, along with all manner of shell script formats supported by the specific operating
system of the targeted machines.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 143
Using Scripts that are installed with the
KBOX
The KBOX installs the following scripts by default:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 144
Creating and Editing Scripts
There are three ways you can create scripts:
By importing an existing script (in XML format)
By making a copy of an existing script
By creating a new script from scratch
You can perform these actions from the Scripting | Scripts tab.
The process of creating scripts is an iterative one. After creating a script, it is a good idea to deploy the
script to a limited number of machines (you can create a test label to do this). This way you can verify
whether the script is running correctly, before deploying it to all the machines on your network. It is a
good practice to leave a script disabled until you have edited and tested the script and are ready to run the
script.
Adding Scripts
Offline KScripts and Online KScripts are made up of one or more Tasks. Within each Task there are Verify
and Remediation sections where you can further define the script behavior. If a section is left blank, it
defaults to success.
For example, if you leave the Verify section blank, it ends in On Success.
Script Type Use this field to select the Offline Kscript or Online Kscript types.
Name Enter a meaningful name for the script to make it easier to distinguish from
others listed on the Scripts tab.
Description Enter a brief description of the actions the script performs. Although this
field is optional like the Name field, it helps you to distinguish one script
from another on the Scripts tab.
Status Use this field to indicate whether the script is in development (Draft) or has
been rolled out to your network (Production). Use the Template status if
you are building a script that is used as the basis for future scripts.
Enabled Select this check box to run the script on the target machines. Do not
enable a script until you are finished editing and testing it and are ready to
run it. Enable the script on a test label before you enable it on all
machines.
Notes Enter notes, if any.
Deploy to All Select this check box if you want to deploy the script to all the machines.
Machines
Limit Deployment To Select a label to limit deployment only to machines grouped by that label.
Selected Labels Press CTRL and click labels to select more than one label.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 145
Limit Deployment To You can limit deployment to one or more machines. From the drop-down
Listed Machines list, select a machine to add to the list. You can add more than one
machine. You can filter the list by entering filter options.
Supported Select an operating system on which the script is to be run.
Operating Systems If you selected a label as well, the script only runs on machines with that
label if they are also running the selected operating system.
Scheduling In the Scheduling area, specify when and how often the script is run.
Don’t Run on a Schedule The test runs in combination with an event
rather than on a specific date or at a spe-
cific time. Use this option in combination
with one or more of the “Also” choices
below. For example, use this option in con-
junction with “Also Run at User Login” to
run whenever the user logs in.
Run Every nth minutes/hours The test runs on every hour or minutes as
specified.
Run Every day/specific day at The test runs on the specified time on the
HH:MM AM/PM specified day.
Custom Schedule This option allows you to set an arbitrary
schedule using standard cron format. For
example, 1,2,3,5,20-25,30-35,59 23 31 12
* * means:
On the last day of year, at 23:01, 23:02,
23:03, 23:05, 23:20, 23:21, 23:22, 23:23,
23:24, 23:25, 23:30, 23:31, 23:32, 23:33,
23:34, 23:35, 23:59. The KBOX doesn’t
support the extended cron format.
Also Run Once at next Client This option runs the Offline KScript once
Checkin (Only for Offline when new scripts are downloaded from the
KScript) KBOX. To set the time interval for down-
loading scripts, go to Organizations |
Organizations.
Also Run at Machine Boot Up This option runs the Offline KScript at
(Only for Offline KScript) machine boot time. Beware that this causes
the machine to boot up slower than it
might normally.
Also Run at User Login (Only This option runs the Offline KScript after
for Offline KScript) the user has entered their Windows login
credentials.
Allow Run While Disconnected Select this option if you want to allow the
(Only for Offline KScript) Offline KScript to run even if the target
machine cannot contact the KBOX 1000
Series to report results. In such a case,
results are stored on the machine and
uploaded to the KBOX 1000 Series until the
next contact.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 146
Allow Run While Logged Off Select this option if you want to allow the
(Only for Offline KScript) Offline KScript to run even if a user is not
logged in. To run the script only when the
user is logged into the machine, clear this
option.
5. Click Run Now to immediately push the script to all machines. Use this option with caution. For more
information about the Run Now button, Refer to “Using the Run Now function,” on page 154.
6. To browse for and upload files required by the script, click Add new dependency, click Browse, and
then click Open to add the new dependency file.
If a Replication Share has being specified and enabled at Distribution | Replication,
Offline Kscripts: The dependencies are downloaded from the specified replication share.
Online Kscripts: They do not support replication. The dependencies are downloaded from the
KBOX Server.
If the replication share is inaccessible, the dependencies get downloaded from the
KBOX Server.
The dependency file if unavailable at replication share gets downloaded from the KBOX
server.
a. Click Add below Verify area and select Verify a registry key exists from Add a new step drop-
down list.
b. Enter the registry key in Key field in correct format as displayed below,
HKEY_CURRENT_USER\Software\Adobe
c. Click Save Changes to save the format.
d. Click Add below On Success area and select Log message from Add a new step drop-down list.
e. Enter a message in the Message field.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 147
f. Click Save.
The message is displayed in the Scripting logs on the successful execution of the script. To view the
scripting logs Refer to Chapter 3,“Scripting Logs,” starting on page 64.
8. Under Policy or Job Rules, set the following options for Task 1:
Attempts Enter the number of times the script should attempt to run.
If the script fails but remediation is successful, you may want to run the
task again to confirm the remediation step. To do this, set the number of
Attempts to 2 or more. If the Verify section fails, it is run the number of
times mentioned in this field.
On Failure Select Break if you want the script to stop running upon failure. Select Con-
tinue if you want the script to perform remediation steps upon failure.
9. In the Verify section, click Add to add a step, and then select one or more steps to perform. Refer to
Appendix B, “Adding Steps to a Task, ” starting on page 330.
10. In the On Success and Remediation sections, select one or more steps to perform. Refer to
Appendix B, “Adding Steps to a Task, ” starting on page 330.
11. In the On Remediation Success and On Remediation Failure sections, select one or more steps
to perform. Refer to Appendix B, “Adding Steps to a Task, ” starting on page 330.
To remove a dependency, task, or step, click the trash can icon beside the item.
This icon appears when your mouse hovers over an item.
Click beside Policy or Job Rules to view the token replacement variables that can be
used anywhere in the KBOX script, and are replaced at runtime on the client with
appropriate values. For more information, Refer to “Token Replacement Variables,” on
page 153.
Script Type Use this field to select the Online Shell Script type.
Name Enter a meaningful name for the script to make it easier to distinguish from
others listed on the Scripts tab.
Description Enter a brief description of the actions the script performs. Although this
field is optional like the Name field, it helps you to distinguish one script
from another on the Scripts tab.
Status Use this field to indicate whether the script is in development (Draft) or has
been rolled out to your network (Production). Use the Template status if
you are building a script that is to be used as the basis for future scripts.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 148
Enabled Select this check box to run the script on the target machines. Do not
enable a script until you are finished editing and testing it and are ready to
run it. Enable the script on a test label before you enable it on all
machines.
Notes Enter notes, if any.
Deploy to All Select this check box if you want to deploy the script to all the machines.
Machines
Limit Deployment To Select a label to limit deployment only to machines grouped by that label.
Selected Labels Press CTRL and click labels to select more than one label.
Limit Deployment To You can limit deployment to one or more machines. From the drop-down
Listed Machines list, select a machine to add to the list. You can add more than one
machine. You can filter the list by entering filter options.
Supported Operat- Select an operating system on which the script runs.
ing Systems If you selected a label as well, the script runs on only the machines with
that label if they are also running the selected operating system.
Scheduling In the Scheduling area, specify when and how often the script runs.
Don’t Run on a Schedule The test runs in combination with an event
rather than on a specific date or at a spe-
cific time. Use this option in combination
with one or more of the “Also” choices
below. For example, use this option in con-
junction with “Also Run at User Login” to
run whenever the user logs in.
Run Every nth minutes/hours The test runs on every hour or minutes as
specified.
Run Every day/specific day at The test runs on the specified time on the
HH:MM AM/PM specified day.
Custom Schedule This option allows you to set an arbitrary
schedule using standard cron format. For
example, 1,2,3,5,20-25,30-35,59 23 31 12
* * means:
On the last day of year, at 23:01, 23:02,
23:03, 23:05, 23:20, 23:21, 23:22, 23:23,
23:24, 23:25, 23:30, 23:31, 23:32, 23:33,
23:34, 23:35, 23:59. The KBOX doesn’t
support the extended cron format.
5. Click Run Now to immediately push the script to all machines. Use this option with caution. For more
information about the Run Now button, Refer to “Using the Run Now function,” on page 154.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 149
6. To browse for and upload files required by the script, click Add new dependency, click Browse, and
then click Open to add the new dependency file.
If a Replication Share has being specified and enabled at Distribution | Replication, the
dependencies are still downloaded from the KBOX server, since Replication is not supported by Online
Shell Scripts.
Repeat this step to add additional new dependencies as necessary.
7. Specify the following:
To remove a dependency, click the trash can icon beside the item. This icon
appears when your mouse hovers over an item.
Click beside Policy or Job Rules to view the token replacement variables that can be
used anywhere in the KBOX script, and are replaced at runtime on the client with
appropriate values. For more information, Refer to “Token Replacement Variables,” on
page 153.
Editing Scripts
You can edit scripts on the Script: Edit Detail page, or in an XML editor (only for Offline KScripts and Online
KScripts). To use the XML editor, click the View raw XML editor link below the Scheduling option. Offline
KScripts and Online KScripts can be edited using the wizard in addition to these methods.
To edit a script:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 150
4. Click OK to confirm deletion.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 151
Importing Scripts
If you prefer to create your script in an external XML editor, you can upload your finished script to the
KBOX. Be sure that the imported script conforms to the following structure:
The root element <kbots></kbots> includes the URL of the KACE DTD
“kbots xmlns=”http://kace.com/Kbots.xsd”>...<kbots>
One or more <kbot> elements.
Exactly one <config> element within each <kbot> element.
Exactly one <execute> element within each <config> element.
One or more <compliance> elements within each <kbot> element.
In the above example of a simple XML script, the <config> element corresponds to the Configuration
section on the Script: Edit Detail page. This is where you specify the name of the policy or job (optional),
and the script type (policy or job). Within this element you can also indicate whether the script can run
when the target machine is disconnected or logged off from the KBOX.
You can specify whether the script is enabled and describe the specific tasks the script is to perform within
the <compliance> element.
Tip: If you are creating a script that can perform some of the same tasks as an existing
script, you may want to consider following:
Creating a copy of that existing script,
Opening the copied script in XML editor view to better understand what is
possible in the <compliance> element.
For more information, Refer to “Duplicating Scripts,” on page 153.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 152
To import an existing script:
Duplicating Scripts
If you have already created a script that performs many of the tasks required of your new script, the
simplest way to begin is to make a copy of the current script, then modify the steps as required, and then
upload any new dependency files.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 153
Using the Run Now function
The Run Now function provides a way for you to run scripts on selected machines immediately without
setting a schedule. You may want to use this function if you have machines on your network that you
suspect are infected with a virus or other vulnerability, and can compromise your entire network, if not
resolved right away. Run Now is also useful for testing and debugging scripts on a specific machine or set
of machines during development.
The Run Now function is available in three places:
Run Now tab—Running Scripts from the Scripting | Run Now tab allows you to run one script at a
time on the target machines.
Script: Edit Detail Page—Running Scripts from the Script : Edit Detail page allows you to run one
script at a time on the target machines.
Scripts List Page—Running scripts from the Scripts List Page using the Run Now option from the
Choose action drop-down list allows you to run more than one script at the same time on the target
machines.
CAUTION: Because a script is deployed immediately when you click Run Now, use
this feature cautiously, and do not deploy unless you are certain that you want to run
the script on the target machines.
Refer to Chapter 3,“Labels,” starting on page 84 for more information.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 154
Run Now from the Script Detail page
To use the Run Now function from the Script Detail page:
1. To minimize the risk of deploying to unintended target machines, KACE recommends that you create a
label that represents the machine or machines on which you want to use the Run Now function. Refer
to Chapter 3,“Labels,” starting on page 84 for more information.
2. Select Scripting | Scripts.
3. Select the script you want to run. The Script: Edit Detail page appears.
4. Select the label or labels that represent the machine(s) on which you want to run the script. Press
CTRL and click to select multiple labels.
5. Scroll to the bottom of the Scheduling section, then click Run Now.
A confirmation dialog box appears, if you have made any changes.
Click OK in the confirmation dialog box to save any unsaved changes before running or click Cancel to
run without saving. The Run Now Status page is displayed after the script is run.
To use the Run Now function from the Scripts Lists Page:
1. To minimize the risk of deploying to unintended target machines, KACE recommends that you create a
label that represents the machine or machines on which you want to use the Run Now function. Refer
to Chapter 3,“Labels,” starting on page 84 for more information.
2. Select Scripting | Scripts.
3. Select the script or scripts you want to run.
4. Select Run Now from the Choose action drop-down list.
Icon Description
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 155
If there were errors in pushing the scripts to the selected machines, you can search the scripting logs to
determine the cause of the error. For more information about searching logs, Refer to “Searching Scripting
Log Files,” on page 156.
The Run Now function communicates over port 52230. One reason a script might fail to
deploy is if firewall settings are blocking the KBOX Agent from listening on that port.
Operator Function
+ A leading plus sign indicates the word must be present in the log.
- A leading minus sign indicates the word must not be present in the log.
* A trailing asterisk can be used to find logs that contain words that begin
with the supplied characters.
“ A phrase enclosed in double quotes matches only if the log contains the
phrase exactly as typed.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 156
4. Select the log type to search in from the drop-down list. You can choose from the following options:
Output
Activity
Status
Debug
5. In the Historical field, select whether to search in only the most recent logs or in all logs from the
drop-down list.
6. In the label field, select a label from the drop-down list to search logs uploaded by machines in a
particular label group.
7. Click Search. The search results display the logs and the machines that have uploaded the logs.
8. You can apply a label to the machines that are displayed by selecting a label from the drop-down list,
under search results.
Configuration Policies
The Configuration Policy page displays a list of wizards you can use to create policies that manage various
aspects of the computers on your network.
To access the list of available Configuration Policy wizards, click the Scripting button, then select the
Configuration Policy tab. This section includes descriptions of the settings for each of the policies you
can create.
Available wizards include:
Enforce Registry Settings
Remote Desktop Control Troubleshooter
Enforce Desktop Settings
Desktop Shortcuts Wizard
Event Log Reporter
MSI Installer Wizard
UltraVNC Wizard
Un-Installer Wizard
Windows Automatic Updates Settings
1. Use regedit.exe to locate and export the values from the registry that you are interested in.
2. Open the .reg file that contains the registry values you want with notepad.exe and copy the text.
3. Select Scripting |Configuration Policy.
4. Click Enforce Registry Settings. The Configuration Policy : Enforce Registry Settings page appears.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 157
5. Enter a policy name in the Policy Name field.
6. Paste the copied registry values into the Registry File field.
7. Click Save. The Script: Edit Detail page appears.
8. Enable and set a schedule for this policy to take effect.
A new script is created that checks that the values in registry file match the values found on the target
machines. Any values that are missing or incorrect are replaced. Refer to “Adding Scripts,” on page 145
for more information.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 158
Desktop Shortcuts Wizard
This wizard allows you to quickly create scripts that add shortcuts to users' Desktop, Start Menu, or Quick
Launch bar. You can create an Internet shortcut and can put a URL to the target with no parameters and
working shortcut.
Name Enter the text label that appears below or beside the shortcut.
Target Enter the application or file that is launched when the shortcut is clicked, say for exam-
ple, Program.exe.
Parameters Enter the any command line parameters. For example:
/S /IP=123.4
WorkingDir Enter the changes to the current working directory. For example:
C:\Windows\Temp
Location Select the location where the shortcut appears from the drop-down list. Options
include Desktop, Quick Launch, and Start Menu.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 159
Event Log Reporter
This wizard creates a script that queries the Windows Event Log and uploads the results to the KBOX.
Output filename Enter the name of the log file created by the script.
Log file Enter the type of log you want to query. Options include Application, Sys-
tem, and Security.
Event Type Enter the type of event you want to query. Options include Information,
Warning, and Error.
Source Name Use this optional field to restrict the query to events from a specific source.
Action Select a task from the drop-down list. Options include Install, Uninstall,
Repair missing files, and Reinstall all files.
Software Select the application you want to install, uninstall, or modify from the
drop-down list. You can filter the list by entering any filter options.
MSI filename Specify the MSI filename if it is a zip.
User Interaction Select an option to specify how the installation should appear to end users.
Options include: Default, Silent, Basic UI, Reduced UI, and Full UI. Refer to
MSI Command Line documentation for a complete description of the
available options.
Installation Directory Enter the installation directory.
Additional Switches Enter details of any additional installer switches. Additional Switches are
inserted between the msiexe.exe and the /i foo.msi arguments.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 160
Additional Properties Enter details of any additional properties. Additional Properties are inserted
at the end of the command line.
For example:
msiexec.exe /s1 /switch2 /i patch123.msi TARGET-
DIR=C:\patcher PROP=A PROP2=B
Feature List Enter the features to install. Separate features with commas.
Store Config per Select this box to do per-machine installations only.
machine
After install Select the behavior after installation. Options include:
Delete installer file and unzipped files
Delete installer file, leave unzipped files
Leave installer file, delete unzipped files
Leave installer file and unzipped files
Restart Options Select the restart behavior. Options include:
No restart after installation
Prompts user for restart
Always restart after installation
Default
Logging Select the type(s) of installer messages to log. Press CTRL and click to
select multiple message types. Options include:
None
All Messages
Status Messages
Non-fatal warnings
All error messages
Start up actions
Action-specific records
User requests
Initial UI parameters
Out-of-memory or fatal exit information
Out-of-disk-space messages
Terminal properties
Append to existing file
Flush each line to the log
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 161
UltraVNC Wizard
The UltraVNC Wizard creates a script to distribute UltraVNC to Windows computers on your network.
UltraVNC is a free software solution that allows you to display the screen of a computer (via Internet or
network) on another computer. You can use your mouse and keyboard to control the other computer
remotely. It means that you can work on a remote computer, as if you were sitting in front of it, right from
your current location. This wizard creates a script to deploy UltraVNC to your computers. Refer to Ultra
VNC website for documentation and downloads.
Install Options Install Mirror Driver Check the Mirror Driver box if you want to install the
optional UltraVNC Mirror Video Driver.
The Mirror Video Driver is a driver that UltraVNC can
receive immediate notifications if any screen changes
occur. Using it on an UltraVNC server results in an
excellent accuracy. The video driver also makes a direct
link between the video driver framebuffer memory and
UltraWinVNC server.
Using the framebuffer directly eliminates the use of the
CPU for intensive screen blitting, resulting in a big
speed boost and very low CPU load.
Refer to Ultra VNC documentation for complete
details.
Install Viewer Check the Mirror Driver box if you want to install the
optional UltraVNC Mirror Video Driver.
Authentication VNC Password Provide a VNC password for authentication.
Require MS Logon If you want to use MS Logon authentication, use
MSLogonACL.exe /e acl.txt
to export the ACL from your VNC installation. Copy and
paste the contents of the text file into the ACL field.
It is advisable to look at the script that is generated by
this wizard to make sure it is doing something you
expect. You can view the raw script by clicking View
raw XML Editor on the Script Detail page.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 162
4. Specify UltraVNC miscellaneous options:
Disable Tray Icon Select this box if you do not want to display the UltraVNC tray icon on
the target computers.
Disable client options in Select this check box if you do not want to display client options in the
tray icon menu tray icon menu on the target computers and have not you did not
check Disable Tray Icon, check this box if.
Disable properties panel Select this check box to disable the UltraVNC properties panel on the
target computers.
Forbid the user to close Select this check box if you do not want to allow computer users to
down WinVNC shut down WinVNC.
Un-Installer Wizard
This wizard allows you to quickly build a script to uninstall a software package. The resulting script can
perform three actions: Execute an uninstall command, Kill a process, and Delete a directory.
To create an uninstaller script:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 163
Windows Automatic Update Settings policy
The KBOX provides a way for you to control the behavior of the Windows Update feature. This feature
allows you to specify how and when Windows updates are downloaded so that you can control the update
process for the computers on your network. The configuration settings reside under the Scripting |
Configuration Policy tab. More detailed information can be found at Microsoft's site: KB Article
328010.
4. Enter the details for the SUS Server and SUS Server Statistics.
5. Click Save. The Script: Edit Detail page appears.
6. Enable and set a schedule for this policy to take effect. Refer to “Adding Scripts,” on page 145 for more
information.
You can start the Automatic Windows Update on the client machine using one of these methods:
1. Enabling automatic windows updates settings policy of the KBOX on the client machine.
2. Enabling local policy for automatic deployment of windows update on the client machine.
3. Modifying the registry key for automatic deployment of windows update on the client machine.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 164
4. Setting up the group policy on the domain for automatic deployment of windows update on the client
machine.
5. Configuring the patching functionality for automatic deployment of windows update on the client
machine.
If you are using the patching functionality for automatic deployment of Windows
updates on the client machine, you must disable the automatic deployment of
Windows updates on the client machine by any other process to avoid the conflict
between the different deployment processes.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 165
C H A P T E R 9
Patching
166
Overview of the Patch Management
feature
The KBOX Patch Management provides a quick, accurate and secure patch management. It allows you to
manage threats proactively by automating the collection, analysis and delivery of patches throughout your
network. The patch management feature provides access to the latest security bulletin updates for
Windows and Macintosh® platforms.
Microsoft updates its list of security bulletins on a periodic basis and new patches are made available for
download from the KBOX 1000 Series appliance. The KBOX 1000 Series automatically downloads patch
software based on the configured patch settings.
To view the patch management page, go to Security | Patching. The Patch Management page appears.
The Installation Progress indicator displays:
• Percentage of patches installed out of the total patches scheduled for deployment.
• Percentage of patching tasks completed for the current patch run.
The Critical Patch Compliance indicator displays the number of critical patches installed from all the
detected critical patches.
The patch management feature works only on KBOX Agent version 4.0 or higher.
For updating KBOX Agent version 3.3, Refer to section Chapter 2,“To update KBOX
Agent automatically:,” starting on page 47.
The patch management feature requires a constant connection between the KBOX and
the KBOX Agent. This is indicated by the icon on the Inventory list page. For
information on how to set up the constant connection, Refer to Chapter 1,“Configuring
AMP Settings for the Server,” starting on page 24.
Individual agents receive patches from the KBOX or their replication share point. A replication share allows
a KBOX Client to replicate software installers to a share for use by other KBOX Clients. This allows them to
download software from the share instead of downloading it directly from the KBOX.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 167
Verifying that the content supports the replication process. Each patch created by the content team
is validated with the GSS distribution and Update Server products.
Assessment Testing:
Verifying that an applicable non-patched system shows applicable and not patched
Verifying that a patched system shows installed and not applicable
Verifying false positives in the detection of digital fingerprint
Verifying that the content is compliant with mandatory baselines
Deployment Testing:
Verifying that the package is successfully deployable
Verifying that No Reboot functionality works correctly
Verifying that the uninstall functionality works correctly
Verifying the CRC checksum, and ensuring package integrity
Patching Workflow
The patching feature involves the following steps:
1. Enabling Enhanced Content Settings - Refer to Chapter 16,“To enable enhanced content:,” starting on
page 299.
2. Subscribing to the OS and OS languages - Refer to “To configure patch download settings:,” on
page 169.
3. Downloading patches for the subscribed OS and OS languages - Refer to Chapter 16,“To update the
patch definitions:,” starting on page 299.
4. Displaying the downloaded patches - Refer to “Patch Listing,” on page 169.
5. Detect and/or Deploy run on the machines - Refer to “Detect and Deploy Patches,” on page 172.
6. Viewing the results of Detect and/or Deploy run.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 168
Subscription Settings
The KBOX automatically downloads all new patches available from Microsoft and Apple every day.
However, you can modify the patch configuration settings to download only bulletins according to the
operating system or operating system languages.
4. Under the Select Patches To Download area, select the appropriate Windows and Macintosh®
operating systems . Press CTRL to select multiple operating systems.
5. Under the Languages area, select the appropriate operating system languages from those available.
You can choose the operating system language only for Windows Platform.
The language support is displayed only when EC is enabled on the KBOX Settings |
Server Maintenance page.
6. Select the Include Application Patches check box to also include application patches.
7. Click Save to save the patch subscription changes.
Patch Listing
The Patch Listing feature enables you to review the list of available patches, and assign them to labels for
detection and deployment.
The Internet Explorer stops responding for few seconds, when the Patch Listing page is
opened, till the list of patches is updated.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 169
Using Advanced Search for Patching
Searching the patch listing using keywords such as Microsoft Excel or Acrobat does not always give you
the level of specificity you need. However, advanced search allows you to specify values for each field
present in the record and search the entire patch listing for that value.
5. Click Search. The patches are displayed as per the search criteria in the Patch Listing page.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 170
Patch Label Select the appropriate patch label from the drop-down list.
Note: If you select a patch label, only patches with the assigned patch label
are displayed.
Status Select the appropriate status from the drop-down list.
Path Type Select the patch type from the drop-down list.
Description Enter keywords in the text box, if any.
Deployment Errors Select the check box to search for patches that have deployment errors.
Detected Select the check box to search for patches that were detected.
Saved Search Name Specify the name of the search.
Title Enter the title of the patch. This title is displayed in patch listing page.
Description Enter the description of the patch. This description is displayed in the
summary section of the Patch : Detail page.
Identifier Enter the identifier of the patch. The Identifier is displayed under the ID
column in the Patch Listing page.
Vendor Enter the vendor of the patch. The vendor is displayed in the vendor field in
the Patch : Detail page.
Operating System Select the appropriate operating system from the drop-down list.
Importance Select the appropriate level of importance from the drop-down list
Release Date Enter the release date of patch. This date is displayed in the Patch Listing
page.
Patch Type Select the appropriate patch type from the drop-down list.
Architecture Select the appropriate architecture from the drop-down list.
Language Select the appropriate operating system language from the drop-down list.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 171
Associate to Label Select the label you wish to apply to the patches matching the filter criteria.
Refer to Chapter 3,“Labels,” starting on page 84 for more details.
5. Click Test Patch Filter to display the search result based on the entered criteria.
6. Click Create Patch Filter.
The patch label gets applied to the subsequent downloaded patches matching the patch filter criteria. You
can view the label applied to the patch in the patch detail page.
To create a schedule:
Run on All Machines Select the check box to run the schedule on all the machines. Click OK in
the confirmation dialog box.
Limit Run To Selected You can limit the schedule to run on one or more labels. Press CTRL to
Labels select more than one label.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 172
Limit Run To Machines You can limit the schedule to run on one or more machines. From the
drop-down list, select a machine to add to the list. You can add more
than one machine. You can filter the list by entering filter options.
Limit Run To Machines You can limit the schedule to run on machines with specific operating
With Selected systems. Press the CTRL key to select more than one label. Use this
Operating Systems option in conjunction with “Limit Run to Selected label” or “Limit Run to
Machines” to filter the machine list further, based on the selected operat-
ing system.
Detect All Patches Select the check box to detect all patches of the respective OS of the
selected machines.
Limit Detect To Selected This field is displayed only if the Detect All Patches check box is not
Patch Labels selected above. Press CTRL to select more than one label. You can use
this option to run the detect operation only for specific patches. Only
those patches that are applied with the selected label are considered for
detect operation. This helps to limit the number of patches for detect
operation.
Detect Patch Labels This field is displayed only if the Detect All Patches check box is not
selected above. The patch labels selected in Limit Detect to Selected
Patch Labels are displayed in this field.
Deploy All Patches Select the check box to deploy all patches. A pop-up window opens, click
OK to proceed.
Limit Deploy To Selected You can limit the patch deployment to run on one or more machines.
Patch Labels Press CTRL to select more than one machine. You can use this option to
run the deploy operation only for specific patches. Only those patches
that are applied with the selected label is applied are considered for
deploy operation. This helps you to limit the number of patches for
deploy operation.
Deploy Patch Labels The patch labels selected in Limit Deploy to Selected Patch Labels
are displayed in this field.
Limit Patches To Match- Select the check box to limit the deployment of patches on the machines
ing Machine Labels having labels (i.e. machine label) similar to the ones applied on the
patches (i.e. patch label). This way only those patches, with a patch label
similar to the machine label, get deployed on the machine.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 173
8. Specify the following under Deploy Reboot Options details:
Reboot Options Select the appropriate reboot option from the drop-down list.
Note: This option may not display patches in the Inventory list page and cause
certain machines to become unstable. Therefore, rebooting the machine is nec-
essary for patches that require a reboot.
No Reboot The machine does not reboot.
Prompt User The machine prompts the user to reboot. Specify the following
details:
Reboot Message: Enter a message prompting the user
to reboot.
Message Timeout: Enter the timeout, in minutes, for
which the message is displayed.
Timeout Action: Select an appropriate action from the
drop-down list to execute after message timeout. You can
either reboot the machine immediately by selecting the
Reboot Now option or can delay the machine reboot by
selecting the Reboot Later option.
Reprompt Interval: This action is executed if you have
select the Reboot Later option in Timeout Action.
Enter the interval, in minutes, after which you are again
prompted for reboot.
Force The machine reboots immediately after the patches are
Reboot deployed. Specify the following details:
Reboot Message: Enter a message that tells the user
the machine is going to reboot.
Message Timeout: Enter the timeout, in minutes, for
which the message is displayed.
Note: These options allow users to save their work before the
machine reboots.
Don’t Run on a Schedule Select this option to run the schedules with an event instead of a
specific date or at a specific time.
Run Every n hours Select this option to run the schedules at the specified time.
Run Every day/specific day at Select this option to run the schedules on specified day at the
HH:MM AM/PM specified time.
Run on the nth of every month/ Select this option to run the tests on the specified time on the 1st,
specific month at HH:MM AM/PM 2nd, or any other date of every month or only the selected month.
Run custom Refer to “To create a custom patch schedule:,” on page 175 for
more details.
Run on next connection if offline Select this option to run a Detect and/or Deploy operation on
those client machines that are offline. Detect and/or Deploy run
happens on those machines when they get connected to KBOX
Server.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 174
Suspend pending tasks after n You can suspend the pending tasks that are in queue for a time
minutes from scheduled start interval as specified in this field. For example, you schedule a
Detect and Deploy run and specify the time interval of 10 minutes
from the scheduled start. If Detect run gets completed after 12
minutes, the Deploy run does not happen, as the time specified
for deploy run to start has elapsed.
You can create a custom patch schedule by entering five values separated by space, while creating the
unix crontab entries:
Crontab has five field values.
Starting from left, the first denotes the minute value (that is 0-59).
Second denotes the hour value (that is 0-23).
Third denotes the value for the day of the month (that is 1-31).
Fourth denotes the value for the month (that is 1-12).
Fifth denotes the value for the day of the week (that is 0-6).
For example, 15 * * * * * refers to the patch schedule which runs at 15 minutes, every hour, every day, for
all the months.
To delete a schedule:
Patching for the Microsoft Windows Vista x 64 edition is supported only with KBOX
Agents 4.3 and higher.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 175
Patching Reports
There are several ways you can access patching results. To see which patches were unsuccessful, for
example, you could sort the Patch Listing page by Bulletins with Errors.
For more details about patching status you can Refer to the Computer Detail page in Inventory |
Computers. For more information on computer details, Refer to Chapter 3,“Computers
Inventory,” starting on page 58.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 176
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 177
C H A P T E R 10
Security
178
Security Module Overview
If you purchased the optional KBOX 1000 Series Security Enforcement and Audit Module, you can ensure
the health of your network. You can run vulnerability tests on the computers in your network, and using
the results of these tests you can determine how to bring the computers back into compliance. You can
customize security policies to enforce certain rules, schedule tests to run automatically, and run reports
based on testing results thus obtained.
The KBOX 1000 Series Security Enforcement and Audit Module uses Open Vulnerability and Assessment
Language (OVAL), an internationally recognized standard to detect security vulnerabilities and
configuration issues on computer systems. OVAL is compatible with the Common Vulnerabilities and
Exposures (CVE) list, which provides common names used to describe known vulnerabilities and
exposures.
The ability to describe vulnerabilities and exposures in a common language makes it easier to share
security data with other CVE-compatible databases and tools.
Note that the OVAL tests available with your KBOX when it is first installed might be out of
date. After installation, the KBOX will automatically check for nightly updates.
To view OVAL information, select Reporting | Summary. The KBOX Summary Page
appears. Click View Details. The details are displayed on the KBOX Summary Details page.
Status Description
DRAFT Definitions with this status have been assigned an OVAL ID number and are under discus-
sion on the Community Forum and by the OVAL Board.
INTERIM Definitions with this status are under review by the OVAL Board and available for discussion
on the Community Forum. Definitions are generally assigned this status for two weeks,
unless further changes or discussion are required.
ACCEPTED Definitions with this status have passed the Interim stage and are posted on the OVAL Def-
inition pages. All history of discussions surrounding Accepted definitions are linked from the
OVAL definition.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 179
OVAL Tests
The KBOX checks for nightly updates to the list of available OVAL definitions. Definitions are displayed on
the OVAL Tests tab, along with their associated OVAL ID and CVE Number. Search for a specific OVAL test
by operating system, vulnerability, or by OVAL ID or CVE Number.
To view the list of OVAL definitions, select Security | OVAL. The OVAL Scan page appears.
To view the details of a test, click the linked definition OVAL Tests on the OVAL Scan page to view the
OVAL Tests page.
Click on any Description link in the OVAL Tests list to view the OVAL details. The OVAL Tests : Definition
page appears.
When OVAL tests are enabled, all of the available OVAL tests are run on the target machines.
Definition Status
The computers detected to have this vulnerability along with the IP Address and
the operating system will be listed here
OVAL Test details do not indicate the severity of the vulnerability. Use your own judgment when
determining whether to test your network for the presence of a particular vulnerability.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 180
The table below contains an explanation of the fields found on the OVAL Tests Definition page:
Field Description
OVAL-ID Click the OVAL-ID to visit an external website with more details about the vulnerabil-
ity. The status of the vulnerability follows the OVAL-ID. Possible values are DRAFT,
INTERIM, or ACCEPTED.
Class Indicates the nature of the vulnerability. Possible values are: compliance, depre-
cated, patch, and vulnerability.
Ref-ID Click the Ref-ID to visit an external website for more details about the vulnerability.
Description The common definition of the vulnerability as found on the CVE list.
Definition Specifies the testing steps used to determine whether or not the vulnerability exists.
OVAL Updates
The KBOX checks www.kace.com for new OVAL definitions every night, but you should expect new
definitions every month. If you have OVAL tests enabled, the KBOX will download new OVAL definitions to
all client machines on the next scripting update interval whenever a new package becomes available,
regardless of the OVAL schedule settings. The .zip file that contains the updates could be up to 2MB, so
use caution when enabling OVAL Tests for the computers on your network, as the size of the package
could impact the performance of users’ machines, particularly those on dialup connections.
For this reason, a good rule to follow is to only enable OVAL Tests when you want to run them. For
example, if you wanted to schedule OVAL Tests to run on January 1st, you could disable them on January
2nd, and not enable them again until close to the next time you want them to run. Any OVAL updates that
are pulled down while the OVAL Tests are disabled will be stored on the KBOX and only pushed out to the
target machines when enabled again.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 181
OVAL Settings
You can configure OVAL scan settings using this link. You should exercise caution when applying OVAL
settings.
Enabled Run OVAL on the target machines. Only enabled OVAL Tests will run when you
want to run them.
Allow Run While Run OVAL on the target machines, but store test results on the target machine
Disconnected until they can be uploaded to the KBOX.
Allow Run While Run OVAL even if a user is not logged in. With this turned off, the script will
Logged Off only run when a user is logged into the machine.
5. In the Scheduling area, specify the time and frequency for running OVAL:
Don’t Run on a schedule Tests will run in combination with an event rather than on a spe-
cific date or at a specific time. Use this option in combination with
one or more of the “Also” choices below. For example, use this
option in conjunction with “Also Run at User Login” to run when-
ever the user logs in.
Run Every n minutes/hours Test will run on every hour and minutes as specified.
Run Every day/specific day at ... Test will run on the specified time on the specified day.
Run on the nth of every month/ Test will run on the specified time on the 1st, 2nd, or any other
specific month at... date of each month or the selected month.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 182
Custom Schedule This option allows you to set an arbitrary schedule using standard
cron format. For example, 1, 2, 3, 5, 20-25, 30-35, 59 23 31 12 *
* means:
On the last day of year, at 23:01, 23:02, 23:03, 23:05, 23:20,
23:21, 23:22, 23:23, 23:24, 23:25, 23:30, 23:31, 23:32, 23:33,
23:34, 23:35, 23:59. The KBOX doesn’t support the extended cron
format.
Also Run Once at next Client If this option is selected, the OVAL test will run once at next client
Checkin checkin.
It is recommended to avoid this option because this option will run
tests when the user’s machine is in use. Selecting this option
could impact the machine’s performance.
Also Run at Machine Boot Up If this option is selected, test will run at machine boot up. It is
recommended to avoid this option because it will run tests when
the user’s machine is in use. Selecting this option could impact the
machine’s performance.
Also Run at User Login If this option is selected, test will run when the user logs in. It is
recommended to avoid this option because this option will run
tests when the user’s machine is in use. Selecting this option
could impact the machine’s performance.
Vulnerability Report
The Vulnerability Report link displays a list of all of the OVAL Tests that have been run. At a glance, you
can see which OVAL Tests failed and the number of computers that failed each OVAL test.
From the test detail view, you can see all the computers that failed that OVAL Test and you can assign a
label to those machines so that you can patch them at a later time.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 183
Computer Report
The Computer Reports link offers a list of machines with OVAL results where you can see a summary of
tests run on specific computers. The label under the Machine column in the OVAL Computer Report page is
the KBOX inventory ID assigned by the Inventory module.
For more information about any of the computers on the report, click the linked machine name to go to the
computer’s Inventory Detail page.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 184
4. In the Security area, select the Enforce Internet Zone settings policy check box, then choose the
security level.
The Security zone policies allow you to specify the security level for each zone.
5. Select the Enforce Local Intranet Zone settings policy check box, then choose the security level.
6. Set the following options:
Include all local (intranet) sites not listed in other zones
Include all sites that bypass the proxy server
Include all network paths (UNCs)
7. Select the Enforce Trusted Zone settings policy check box, then choose the security level.
8. Select the Enforce Zone Map check box, then specify the IP addresses or ranges for the following
zones:
Restricted sites
Locale Intranet sites
Trusted sites
The Zone Map allows you to assign specific domains and IP ranges to zones.
Note: Domains not listed, default to the Internet Zone.
9. Select the Enforce Privacy settings policy check box, then set the Cookie policy.
Privacy policies allows you to control the cookies that are accepted by Internet Explorer from the
Internet Zone.
10. Select the Enforce pop-up settings policy check box, then set the following options:
Pop-up filter level
Websites to allow
11. Click Save.
The Script: Edit Detail page appears.
12. Enable and set a schedule for this policy to take effect.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 185
Enforce XP SP2 Firewall Settings
This policy enables you to enforce firewall settings on target computers running Windows XP with Service
Pack 2. You can enforce different policies based on whether the target computer is authenticated with a
domain controller, or is accessing the network remotely, from home or through a wireless hotspot. If your
target computer has authenticated with a domain controller, it uses the Domain Policy; otherwise, it uses
the Standard Policy, so you might want to configure it to impose tighter restrictions.
Allow WMI traffic Enables inbound TCP traffic on ports 135 and 445 to traverse the fire-
wall. These ports are necessary for using remote administration tools
such as the Microsoft Management Console (MMC) and Windows
Management Instrumentation (WMI).
Allow Remote Desktop Enables inbound TCP traffic on port 3389 to traverse the firewall. This
port is required for the computer to receive Remote Desktop
requests.
Allow file and printer sharing Enables inbound TCP traffic on ports 139 and 445, and inbound UDP
traffic on ports 137 and 138. These ports are required for the
machine to act as a file or printer sharing server.
Allow Universal Plug-and-Play Enables inbound TCP traffic on port 2869 and inbound UDP traffic on
(UPnP) port 1900. These ports are required for the computer to receive mes-
sages from Plug-and-Play network devices, such as routers with built-
in firewalls.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 186
6. To specify Inbound Port Exceptions, click Add Port Exception.
Inbound Port Exceptions enables additional ports to be opened in the firewall. These may be required
for the computer to run other network services. An Inbound port exception is automatically added for
port 52230 for the KACE Client Listener, which is required to use the Run Now functionality.
7. Specify a Name, Port, Protocol, and Source for the exception.
8. Click Save.
The Script: Edit Detail page appears.
9. Enable and set a schedule for this policy to take effect.
The script created as a result of this wizard will overwrite any disallowed program
settings on the target machines.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 187
Enforce McAfee AntiVirus Settings
This policy allows you to configure selective McAfee VirusScan features to be installed on all computers.
This policy works with McAfee VirusScan version 8.0i and verifies that the software is installed with the
configuration you specify here. It also confirms that the On Access Scanner (McShield) is running.
You will need to zip the McAfee VirusScan installation directory and upload it here. A Software Inventory
item will be created automatically if it does not already exist.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 188
McAfee SuperDAT Updater
This policy allows you to build a script for applying McAfee SuperDAT or XDAT updates. There are several
steps involved in creating this script:
Specifying the update files and reboot behavior on the target machines
Selecting the software package(s) to push to target machines during update
Verifying network scan status
Install Silently This option causes the update to be installed without showing a UI on the
target computers.
Prompt for Reboot Use this option to make the update prompt the user before rebooting.
Use this option with the "Install Silently" option.
Reboot if Needed This option causes the update to reboot the machine as needed. If this
options is not used, a silent installation will not reboot the machine.
Force Update Use this option to always update all file versions, even if the machine
already appears to have the latest versions.
5. Click Save.
The Script: Edit Detail page appears.
6. Enable and set a schedule for this policy to take effect.
You will need to create a Software inventory item and upload the Symantec
AntiVirus.msi file to be distributed.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 189
3. Specify the Action to perform.
Install
Uninstall
Repair missing files
Reinstall all files
4. Select the software package to use for this script.
5. If the software package is zipped, enter the MSI file name.
6. Use the User Interaction drop-down list to specify how the installation should appear to your users.
7. Specify the install directory.
8. Specify any additional switches.
9. Specify any additional properties.
10. Specify behavior after installation.
11. Select the information you want to log.
Press CTRL and click to select multiple items.
12. Enter a filename for the log.
13. Select a NETWORKTYPE from the Network Management drop-down list.
14. Specify the server name, if required. This field is mandatory if you select Managed from Network
Management drop-down list.
15. Set the AutoProtect option.
16. Set the Disable SymProtect option.
17. Set the Live Update behavior.
18. Select the features you want to install.
Press CTRL and click to select multiple items. Please consult the Symantec documentation for specific
information about the options available here.
You must include the SAVMain feature for this script to work properly, although this
wizard does not enforce that.
You can/should look at the script that is generated by this wizard to make sure it is
doing what you expect. You can view the raw script by clicking To edit the policy
using this editor, click here on the Script detail page.
Quarantine Policy
Use this wizard to create a script that you can use to quarantine computers. The script that is created as a
result of this wizard is merely a template. Use the script editor to modify the template script and add the
appropriate verification steps to decide which computers to quarantine.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 190
When a computer is under quarantine, all communication from it is blocked except for communication to
the KBOX Server, therefore use care when performing this action. If you were to deploy this accidentally to
all machines on your network, you could take your network down very quickly.
After a user’s machine is in quarantine, it cannot be reversed without intervention by the KBOX
administrator. The user will not be able to recover from this without you taking some action. Quarantined
computers only have access to the KBOX Server in order to receive a Run Now event to lift the quarantine.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 191
If there are a lot of computers in quarantine, it will take some time for all of them to receive and process
the request.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 192
C H A P T E R 11
The KBOX Help Desk provides an online area for you to upload
software library, support documents, and other self-help tools.
The optional KBOX Help Desk Module adds the ability to create,
track, and manage Help Desk tickets.
193
Overview of the User Portal
The User Portal enables the users to download software, run scripts, have software installed for them
automatically, track computer info, and view a record of what they have downloaded. You can log onto the
User Portal by visiting the root URL of the KBOX machine name (for example, http://kbox/). Although
users can access the User Portal even if they do not have KBOX Agent installed on their machine, they will
not be able to run installations or scripts. The User Portal is administered from the User Portal tab.
If you have purchased the optional KBOX Help Desk Module, additional tabs or options are added to the
ones described below. For more information about using the features added by the Help Desk Module, see
“Overview of the Help Desk Module,” on page 206.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 194
Understanding the Software Library
feature
Software Libraries are deployed to end users via the KBOX User Portal. This "self service" portal allows
individuals to download and install software or documents on their own in a controlled environment. The
software library you create from the Software Library tab are available for download on the Software
Library tab of the User Portal.
From the Software Library tab you can create or delete software library, sort software library by label or
column header, and search for software library using keywords.
To create a package:
1. Select User Portal | Software Library, or select Help Desk | Software Library if you have the
optional Help Desk Module installed.
2. In the Choose action drop-down list, select Add New Item. The Software Library : Edit Detail
screen appears.
3. Select or clear the Enabled check box.
Select this box to make the software library visible to users on the Help Desk.
4. Specify the Package Type under the Software Choice section:
Download Select this type to include documentation, files, or other software that does not
automatically install.
Install Select this type to select software that will install automatically on the user’s
machine. The user must have the KBOX Agent installed to run installations.
Script Select this type to select a script to include in the software library. The user
must have the KBOX Agent installed to run scripts.
5. From the Package Type drop-down list, choose the software to install. You can filter the list by
entering any filter options in the Filter box.
6. Specify the information to include with your package under the User Portal Page Details section:
Installation Instructions Specify the installation instructions. Any defined instructions, legal
policy, cost information, and so on, are posted along with the por-
tal package for user visibility.
Product Key Specify the product key that is specified in the Asset Detail page
in Asset | Assets for Assets of License type.
E-mail Product Key to User Select this option if you want to send download instructions at the
time of user download.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 195
Request Mgr Notification Select this option to require users to enter their manager’s mail
address for notification prior to downloading or installing the soft-
ware library.
7. If you select the Install package type, specify the command line to run the installation, including any
necessary install switches or other parameters.
Note that users must have the KBOX Agent installed on their machines in order to run
the installations or scripts.
8. If you selected the Script package type, choose the script from the Script drop-down list.
9. Type any notes in the Additional Notes field.
10. Specify the following informations, as necessary.
Corporate License Text Enter any text related to the Corporate License.
Vendor License Text Enter any text related to Vendor License.
Unit Cost Enter the cost per Unit.
Documentation File Browse the desired documentation file. The Documentation File
size is displayed after the file is selected.
11. If desired, select a label from the Limit Access To User Labels list to limit software library
deployment to specific users.
12. Select the Also Restrict By Machine Label check box to restrict software library deployment by
machine label.
13. Click Save.
A major benefit of the Help Desk is that it provides your users with the resources they
need to solve many of the most common support issues on their own, thus alleviating
some of the burden on your support staff. Be sure to provide adequate information to
your users so that you, and they, can experience the full benefit of this feature.
1. Select User Portal | Software Library, or select Help Desk | Software Library if you have the
optional Help Desk Module installed.
2. Select the check box beside the user(s) you want to apply a label to.
3. Select the appropriate label under Apply Label from the Choose action drop-down list.
1. Select User Portal | Software Library, or select Help Desk | Software Library if you have the
optional Help Desk Module installed.
2. Select the check box beside the user(s) you want to remove the label from.
3. Select the appropriate label under Remove Label from the Choose action drop-down list.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 196
To delete a package:
1. Select User Portal | Software Library, or select Help Desk | Software Library if you have the
optional Help Desk Module installed.
2. To delete a package, select the check box beside the package and choose Delete Selected Item(s)
from the Choose action drop-down list.
3. Click OK to confirm deletion.
If you have the optional Help Desk Module installed, you can also create a new
Knowledge Base article from the comments in a Ticket by clicking the Create KB
article button on the Ticket Detail page. For more information, see “Creating and
Editing Help Desk Tickets,” on page 217.
1. Select User Portal | Knowledge Base tab, or select Help Desk | Knowledge Base if you have the
optional Help Desk Module installed.
2. Select Add New Item from the Choose action drop-down list. The Knowledge Base: Edit Article
page appears.
3. Enter the following article information:
Title A specific description of the issue covered in the article. Make the title as descriptive
as possible and use common terms so that it will be easy for an end-user to locate
information about a problem.
Category A general description of the type of issue. (For example, “printing” or “network
access”).
Platform The operating systems to which this article applies.
Importance The relative relevance of the article’s contents. (For example, “reference” or “low”; or
“critical” or “high”.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 197
Use Mark- Select or check this box. Markdown is a plain text formatting syntax, and a software
down tool, written in Perl, that converts the plain text formatting to HTML. Markdown is a
text-to-HTML filter; it translates an easy-to-read/easy-to-write structured text format
into HTML. Markdown's text format is most similar to that of plain text e-mail, and
supports features such as headers, *emphasis*, code blocks, block quotes, and links.
Examples of sample formatting if the Use Markdown check box is selected:
*normal emphasis with asterisks* normal emphasis with asterisks
**strong emphasis with asterisks** strong emphasis with asterisks
This is some text *emphasized* with asterisks.
This is some text emphasized with asterisks.
For more information about markdown, see http://daringfireball.net/projects/mark-
down/
Limit Access Select the labels you want to limit access to.
To User Labels
Article Text Enter any text about the article.
Note: You can include external links to web pages by using href for that link. For
example, <a href="http://www.kace.com/">Visit KACE!</a>
You can include images by using src. For example, <img src="http://www.kace.com/
img/nav/new/4_27_06/logo.gif">
To see how the article appears to your users on the Help Desk, click on the article’s title,
and then click the User URL on the Edit Article page.
1. Select User Portal | Knowledge Base tab, or select Help Desk | Knowledge Base if you have the
optional Help Desk Module installed.
2. Click the linked article title. The Knowledge Base: Edit Article page appears.
3. Click the [Edit] link to update the article details.
4. Modify article details, then click Save.
1. Select User Portal | Knowledge Base tab, or select Help Desk | Knowledge Base if you have the
optional Help Desk Module installed.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 198
2. To delete an article, select the check box beside the article and choose Delete Selected Item(s)
from the Choose action drop-down list.
3. Click OK to confirm deletion.
1. Select User Portal| Knowledge Base tab, or select Help Desk | Knowledge Base if you have the
optional Help Desk Module installed.
2. Click the linked article title. The Knowledge Base: Edit Article page appears.
3. Click the [Edit] link, then click Delete.
4. Click OK to confirm deletion.
Managing Users
When logged in as an administrator, you can add users to the User Portal or Help Desk either manually or
automatically. Depending upon the permissions assigned to the users logged into the Help Desk, all or only
a subset of the Help Desk features may be available. When adding users to the Help Desk, be sure to
specify the correct user permission level.
1. Select User Portal | Users, or select Help Desk | Users if you have the optional Help Desk Module
installed.
2. In the Choose action drop-down list, select Add New Item. The User : Edit User Detail page
appears.
3. Enter the necessary user details. Do not specify legal characters in any field.
User Name Enter the name the user will use to access Help Desk. This is a mandatory field.
Full Name Enter the user’s full name. This is a mandatory field.
Email Enter the user’s e-mail address. This is the address to which Help Desk mes-
sages, if enabled, will be sent. This is a mandatory field for Help Desk installa-
tions.
Domain Enter an active directory domain. This is an optional field.
Budget Code Enter the financial department code. This is an optional field.
Location Enter the name of a site or building. This is an optional field.
Work Phone Enter the user’s work phone number. This is an optional field.
Home Phone Enter the user’s home phone number. This is an optional field.
Mobile Phone Enter the user’s mobile phone number. This is an optional field.
Pager Phone Enter the user’s pager phone number. This is an optional field.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 199
Custom 1
Custom 2 Enter information in the custom fields if necessary. This is an optional field.
Custom 3
Custom 4
Password Blank or empty passwords are not valid for new users. The user will be created
but the user cannot be activated without a valid password. This is a mandatory
field.
Confirm Password Retype the user’s password. This is a mandatory field.
Assign To Label Select the labels to assign.
Role This is a mandatory field. Enter the user’s role:
Admin—This user role can log on and access all the features of the
administrator UI and User Portal or Help Desk. This role is selected by
default. The users can log on to the Help Desk, only if they have the
optional Help Desk Module installed.
ReadOnly Admin—This user role can log on, but cannot modify any settings
in the administrator UI and User Portal or Help Desk. The users can log on
to the Helpdesk, only if they have the optional Help Desk Module installed.
User—This user role can log on only to the User Portal or Help Desk. The
users can log on to the Helpdesk, only if they have the optional Help Desk
Module installed.
Login Not Allowed—This user cannot log on to the User Portal or Help Desk.
Note: The roles listed above are system provided roles and are not editable. To
create a new role, Refer to “Roles,” on page 203.
Lock user out of Select this check box to lock the user out of the User Portal.
User Portal
Allowed to be Required for Help Desk installations. Select this check box to permit any user
assigned Help (Admin, ReadOnlyAdmin, or User) to be assigned as owner of Help Desk tickets.
Desk Tickets
4. To assign users as owners of help desk tickets, go to Helpdesk Queues page. For more information on
help desk queues, Refer to “Helpdesk Queues,” on page 207.
5. Click Save. The Users page appears.
1. Select User Portal | Users, or select Help Desk | Users if you have the optional Help Desk Module
installed.
2. Select the check box beside the user(s) you want to apply a role to.
3. Select the appropriate role to apply from the Choose action drop-down list.
1. Select User Portal | Users, or select Help Desk | Users if you have the optional Help Desk Module
installed.
2. Select the check box beside the user(s) you want to apply a label to.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 200
3. Select the appropriate label under Apply Label from the Choose action drop-down list.
1. Select User Portal | Users, or select Help Desk | Users if you have the optional Help Desk Module
installed.
2. Select the check box beside the user(s) you want to remove the label from.
3. Select the appropriate label under Remove Label from the Choose action drop-down list.
To delete a user:
1. Select User Portal | Users, or select Help Desk | Users if you have the optional Help Desk Module
installed.
2. To delete users, do one of the following:
From the Users List view, select the check box beside the user, then select Delete Selected
Item(s) from the Choose action drop-down list.
From the User : Edit User Detail page, click Delete.
3. Click OK to confirm deleting the selected user.
1. Select User Portal | Users, or select Help Desk | Users if you have the optional Help Desk Module
installed.
2. Click the user name whose password you want to change. The User : Edit Detail page appears.
3. Modify the password as follows:
Password Blank or empty passwords are not valid for new users. The user will be created
but the user can not be activated without a valid password. This is a mandatory
field.
Confirm Password Retype the user’s password. This is a mandatory field.
Importing Users
You can import Users and Labels directly from your LDAP or Active Directory system into KBOX.
To import users:
1. Select User Portal | Users, or select Help Desk | Users if you have the optional Help Desk Module
installed.
2. In the Choose action drop-down list, select Import Users. The User : Import page appears.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 201
3. Specify the LDAP Server Details in the Choose attributes to import section:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 202
5. If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP
Browser Wizard. For more information on how to use the LDAP Browser Wizard, Refer to “LDAP
Browser Wizard,” on page 245.
6. Click Next.
7. Select the value from the drop-down list next to each LDAP attribute to map the values from your LDAP
server into the User record on the KBOX. The fields in Red are mandatory. The LDAP Uid must be a
unique identifier for the user record.
8. Select a label to add to the KBOX. Press CTRL and click to select more than one label. This list displays
a list of all the Label Attribute values that were discovered in the search results.
9. Click Next.
10. Review the information displayed in the tables below. The Users to be Imported table displays list of
users reported and the Labels to be Imported table displays the list of labels reported. The Existing
Users table and the Existing Labels table display the list of Users and Labels that are currently on the
KBOX. Only users with a LDAP UID, User Name, and E-mail value will be imported. Any records that do
not have these values are listed in the Users with invalid data table.
11. Click Next to start the import.
This user can log on to and access all features of the administrator UI and User Portal or Help Desk. He
can log on to the Helpdesk, only if you have the optional Help Desk Module installed.
Roles
Roles are assigned to each user to limit access to different tabs in the Administrator Console and the User
Portal. You can restrict the tabs displayed for a user is allowed when the administrator logs in to the
Administrator Console and the user logs in to the User Portal.
Following are the permissions that can be applied for each tab.
Write:
The user will have write access for the tab. The administrator or user will be able to edit the fields
present on the screen.
Read:
The organization will have only read access for the tab. The administrator or user will be not be able to
edit the fields present on the screen. He/she will be not be able to add / edit / delete any item present
in the list.
Hide:
The tab will be hidden and the administrator or user will not be able to view that tab.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 203
Creating and Editing Roles
You can create new roles or edit the existing roles from the Roles page by going to Help desk | Roles
tab. It is recommended that you first create the roles, since it is required to specify the role while creating
users.
To create a role:
Record Created The date and time when the Role was first created. This is a Read-only field.
Record Last Modified The date and time when the Role was last modified. This is a Read-only field.
Role Name Enter a name for the role. This is a mandatory field.
Description Enter the description for the role.
4. Under Permissions ADMIN Console, click the individual tab link to expand it. Or click the [Expand All]
link to expand all the tabs.
5. Under each tab, click the All Write option, All Read option or the All Hide option to assign the
respective permission to all the sub tabs. Or click the Custom option to assigned appropriate
permission to individual sub tabs.
6. If you click Custom option, select the appropriate permission from the drop-down list next to each
tab.
7. Under Permissions USER Console, click the UserUI link to expand it.
8. Under each tab, click the All Write option, All Read option, or the All Hide option to assign the
respective permission to all the sub tabs. Or click the Custom option to assigned appropriate
permission to individual sub tabs.
9. If you click Custom option, select the appropriate permission from the drop-down list next to each
tab.
10. Click Save.
If you assign READ permission to General Settings and User Authentication under
Settings, then all other settings; AMP Settings, Network Settings, Security Settings and
Date & Time Settings will also have READ permission.
If you assign HIDE permission to General Settings and User Authentication under
Settings, then the Control Panel tab is hidden.
From KBOX 1000 Release 4.3 onwards, you can set and edit the permissions of users
on Virtual Kontainers tab from the User Role: Edit detail page.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 204
To edit a role:
Record Created The date and time when the Role was first created. This is a Read-only field.
Record Last Modified The date and time when the Role was last modified. This is a Read-only field.
Role Name Enter a name for the role. This is a mandatory field.
Description Enter the description for the role.
5. Under Permissions ADMIN Console, click the individual tab link to expand it. Or click the [Expand All]
link to expand all the tabs.
6. Under each tab, click the All Write option, All Read option or the All Hide option to assign the
respective permission to all the sub tabs. Or click the Custom option to assigned appropriate
permission to individual sub tabs.
7. If you click Custom option, select the appropriate permission from the drop-down list next to each
tab.
8. Under Permissions USER Console, click the UserUI link to expand it.
9. Under each tab, click the All Write option, All Read option or the All Hide option to assign the
respective permission to all the sub tabs. Or click the Custom option to assigned appropriate permission
to individual sub tabs.
10. If you click Custom option, select the appropriate permission from the drop-down list next to each
tab.
11. Click Save.
To delete a role:
To duplicate a role:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 205
6. Click Save.
If the end-user also happens to be a support technician and you have given the permission to own Help
Desk tickets as well as assigned label to the user (see “Managing Users,” on page 199), this user is known
as a Help Desk user.
Users who are also Help Desk users (i.e., they can be assigned Help Desk tickets), can perform these
additional functions:
Delete Help Desk tickets
By default, view unassigned tickets and additions to tickets assigned to them, and view other tickets by
using the View by owner drop-down list
Change a ticket’s status, priority, or owner
The Help Desk users do not need Administrator rights on the KBOX. They can manage all their Help Desk
ticket activities via the user portal available at http://kbox.
Note: The Help Desk users need Administrator rights if they have to deploy software or run reports.
Administrators can create, modify, and manage Help Desk tickets from the Tickets tab in the Administrator
UI. Administrators can also use the security, scripting, and distribution features to resolve Help Desk
tickets, then use the Knowledge Base to create the documentation that references the resolution for users.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 206
From the Tickets tab, administrators can:
Create or delete Help Desk tickets
Sort the Ticket view by owner or submitter, summary, priority, or status
Change a ticket’s status, priority, or owner
Helpdesk Queues
Helpdesk Queues allows to partition helpdesk for use by different groups. Each queue can be configured
independently. They can have separate custom fields, e-mail addresses, ticket defaults, and so on.
Name Enter a name for the queue. The name that is displayed in the
From field when users receive e-mails from the Help Desk.
Email Address Enter the e-mail address used to send e-mail to and from the Help
Desk.
Note: Specify an e-mail address that is not used by any other help
desk queue, as each queue must have an unique e-mail address.
Alt. Email Address Enter the alternate e-mail address to which users can submit Help
Desk tickets.
Field(s) Description
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 207
6. The Name field displays the name that is displayed in the From field when users receive e-mails from
the Help Desk. This field retains the information you specified in the previous page. You can modify the
name if required.
7. In the Email Address displays the e-mail address to which users can submit Help Desk tickets. This
field retains the information you specified in the previous page. You can modify the e-mail address if
required.
8. In the Alt. Email Address field, specify the alternate e-mail address to which users can submit Help
Desk tickets.
9. Select the Allow all users as submitters check box to allow all users to submit tickets to this queue.
You can limit the submitters to a queue by user label. Press CTRL and click labels from the Restrict
Submitters By Label list, to select more than one label.
10. You can assign ticket owners by label. Press CTRL and click labels from the Ticket Owners By
Label list, to select more than one label. The users in that label can be assigned as the owners of Help
Desk tickets.
11. Select the Accept email from unknown users check box to accept e-mails from unknown users.
12. In the Ticket Defaults area, specify the following settings:
Category Enter the default category for tickets. Options include Software, Hardware, Network,
and Other.
Status Enter the default status for tickets. Options include New, Opened, Closed, and Need
More Info.
Impact Enter the default impact for tickets. Options include Many people can’t work, Many
people inconvenienced, 1 person can’t work, and 1 person inconvenienced.
Priority Enter the default priority for tickets. Options include Low, Medium, and High.
13. In the E-mail on Events area, specify to whom, and under what circumstances, e-mails should be
sent:
Recipients:
Owner - The Help Desk user assigned to the ticket
Submitter - The user who submitted the ticket
Ticket CC - The e-mail recipients listed in the CC area of the ticket
Category CC - The e-mail recipients listed in the CC List area for the Ticket Category.
Events:
Any Change - Any change to any field on the ticket.
Owner Change - A change to the owner field on the ticket. By default, e-mails are sent to the old
and new owners of the ticket.
Status Change - A change to the status field on the ticket.
Comment - A comment on the ticket.
Resolution Change - A change to the Resolution field on the ticket.
Escalation - The ticket enters escalation based on the configured settings. For more information,
see “Understanding the Escalation Process,” on page 221.
Satisfaction Survey - Indicate whether you want to send an mail requesting that the submitter
complete a satisfaction survey when the ticket is closed. For more information, see “About the
Satisfaction Survey,” on page 222.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 208
New Ticket Via Email - Select this check box for an e-mail notification on a new ticket.
14. Click Save.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 209
Customizing Help Desk fields
Where the basic Help Desk configuration page allowed you to set default values for the various drop-down
lists in the Help Desk fields, the Customization page allows you to customize the values that appear in
those drop-down lists, as well as add up to six custom fields.
1. In the Category Values area, click the icon beside a category value to modify it. Editable fields
appear for that value.
2. Edit the Category Values fields:
3. Click the icon beside a Category value to change its order in the drop-down list.
1. In the Status Values area, click the icon beside a category value to modify it.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 210
2. Edit the Status Values field:
3. Click the icon beside a Status value to change its order in the drop-down list.
You cannot remove Status values to which tickets are currently assigned.
If you want to change the values, add a new value first, move those tickets with the old
value to the new value. Once the value is not being used, you can safely delete the
value.
1. In the Priority Values area, click the icon beside a category value to modify it.
Editable fields appear for that value. Edit the Priority Values fields:
Name Enter a name for the custom field.
Color The displayed color of this status on the ticket list pages.
Escalation Time The interval after which an open ticket of this priority is escalated. Enter a time
integer and a unit from the drop-down list.
2. Click the icon beside a Priority value to change its order in the drop-down list.
You cannot remove Priority values to Tickets which are currently assigned.
If you want to change the values, add a new value first, move those tickets with the old
value to the new value. Once the value is not being used, you can safely delete the
value.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 211
To customize Impact values:
1. In the Impact Values area, click the icon beside an Impact value to modify it.
3. Click the icon beside an Impact value to change its order in the drop-down list.
You cannot remove Impact values to Tickets which are currently assigned.
If you want to change the values, add a new value first, move those tickets with the old
value to the new value. Once the value is not being used, you can safely delete the
value.
1. In the Custom fields area, click the Edit item icon to modify the fields.
2. In the Name field, enter the names for the custom fields as you want them to be displayed on the
Ticket Details page.
The custom fields are added as text boxes that hold up to 255 characters. You can add up to six custom
fields.
3. Enter the select values in the Select Values field.
Select Values are used for custom fields with Field Type of Single Select or Multiple Select. These values
should be entered as comma-separated strings.
4. Select the field type in the Field Type list.
5. Select the Only Editable By Owners check box to make this field editable by owners.
6. To remove a custom field, clear the name from the field value.
When you remove the name of a field, values for that custom field will be removed from all tickets.
When you rename a field, values for that custom field will be retained.
7. Click Save to apply your changes.
8. In the Ticket List View area, click the Edit item icon to modify the desired Ticket List View fields.
9. Select the name in the Name list.
10. Specify the width in the Width field and then click Save.
11. Click Save.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 212
You can create fifteen custom fields.
1. In the Ticket List View area, click the icon beside an attribute to modify it.
2. Click the icon beside an attribute to change its order in the drop-down list.
3. Click the icon to add an attribute to the Ticket List View drop-down list.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 213
The following symbols are available in all templates:
$userui_url
$helpdesk_name
$helpdesk_email
The following symbols are available in templates for e-mail involving tickets:
$ticket_escalation_minutes
$ticket_priority
$ticket_number
$ticket_title
$ticket_url
$ticket_history
$change_desc
The following symbols are available in the "Response to Unknown Email Address" template:
$subject
$quoted_mail
Ticket Rules
Ticket Rules allow you to periodically run queries and take various actions on the resulting list of tickets.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 214
12. Choose the values to change.
13. Under Define Ticket Rule, select an attribute whose value you want to change, from the drop-down
list. For example, Priority.
14. Specify the new attribute value. For example, High.
The Priority of the tickets that were searched, will now be changed to high.
15. Click Done. The Ticket Rule : Edit Detail page appears. You can configure settings for running the
SQL query periodically and take various actions on the resulting list of tickets.
16. Specify the following information:
Record Created The date and time when the Rule was first created. This is a Read-only field.
Record Last The date and time when the Rule was last modified. This is a Read-only field.
Modified
Title Enter a title for the rule.
Order Enter a number. The rule will be executed according to the evaluation order
specified.
Queue The name of the queue the ticket belongs to. This is a Read-only field.
Notes Enter notes, if any.
Frequency Select the appropriate frequency from the drop-down list. The rule will be run
according to the selected frequency.
Next Run The date and time when the rule will be run next time. This is a Read-only field.
Enabled Select the check box to enable the ticket rule. The ticket rule will run only if you
enable it.
Select Query This SQL is generated by the Ticket Rule wizard from the inputs that you speci-
fied during searching for Tickets in the Ticket Rule page. This is a SQL SELECT
statement that will return a set of ticket IDs to operate on. This query will be
run based on the Frequency selected above.
You can click the View Ticket Search Results link to view the search results.
Note: You must not manually edit the SQL statements generated by the Ticket
Rule Wizard, without fully understanding the ramifications of doing so. You can
easily write SQL that can degrade the performance of your KBOX.
Send query Select the text box send a table of results of the Select Query to the e-mail
results to some- address(es) specified. All the columns returned by the Select Query will be
one included in the e-mail.
Enter the e-mail addresses in the Email text area. You can specify more than
one e-mail address, by separating them with commas.
Results are tick- Select the check box to add a comment to each ticket from the Select Query.
ets, add a com- This is useful because the Update Query specified later may update a Ticket
ment to each without logging that information. Here you could add a message like 'Ticket
one Rule: Increase Priority to High triggered.' This would give you an indication of
what tickets have been changed.
Enter your comments in the Comment text area.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 215
Send an email Select the check box to send an e-mail to e-mail address that will be returned by
for each result the Select Query. An e-mail will be sent to each e-mail address returned by the
row Select Statement in the E-mail Column.
Variables will be replaced in the body of the e-mail. For example, strings like
$title and $due_date will be replaced by the values in the columns names TITLE
and DUE_DATE respectively. Any column returned by the select statement can
be replaced in that way.
The SQL generated by the Ticket Rule Wizard will supply OWNER_EMAIL and
SUBMITTER_EMAIL as well as CC_LIST as possible values.
Enter the subject in the Subject text field.
Enter the e-mail column name in the E-mail Column text field. For example,
OWNER_EMAIL. E-mail will be sent to each e-mail address returned by the
Select Statement in this E-mail Column.
Enter an e-mail message in the E-mail Body text area.
Run an update Select the check box to run an update query using the results from the query in
query, using the the Update Query field.
results from the Using this query you can run an additional sql UPDATE statement, replacing the
one above string <TICKET_IDS> with a comma separated list of IDs extracted from the
Select Query. Such that "update HD_TICKET set TITLE = 'changed' where
HD_TICKET.ID in (<TICKET_IDS>)" would turn into "update HD_TICKET set
TITLE = 'changed' where HD_TICKET.ID in (1,2,3)"
This SQL is generated by the Ticket Rule wizard from the inputs that you speci-
fied while changing the attribute values in the Ticket Rule page.
Note: The Run Log will show a count of the changed rows. This may differ from
the selected rows, if the data was already set to the requested values. The
update sql that is generated by the Ticket Rule wizard will not update the ticket
row if an incorrect value is entered for fields like Priority or Submitter.
Run Log Each time the rule runs, the run log will be updated with the last results of that
execution. Any failures or errors will be displayed.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 216
Creating and Editing Help Desk Tickets
Depending on whether you are creating a ticket from mail, the Administrator UI, or from the Help Desk,
you will have different options available to you. This section describes each of these methods. Regardless
of the method used to submit a Help Desk ticket, all interested parties will receive a confirmation mail that
includes a link to the submitted ticket.
CC List A comma-separated list of additional e-mail addresses for users who might be
interested in changes to this ticket. You can filter the list by entering any filter
options.
Note: You can enter only 200 characters in the CC list field. To bypass this limita-
tion you can create e-mail aliases for large distribution lists.
Submitter
Click the icon to select the submitter from the drop-down list. You can filter the
list by entering any filter options.
See Also Link(s) to related tickets. When editing this list, enter the Ticket IDs as comma-sep-
arated integers.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 217
Referrers If other tickets Refer to this ticket in the see also field, those ticket IDs will appear
here after this ticket is saved.
Owners only Select the check box to have the comment you are entering visible only to users
who are authorized to own tickets.
KB article Select an KB article from the drop-down list. You can filter the list by entering any
lookup filter options.
Comment The contents of the selected KB article will be populated in the comment field. This
field is editable.
Attachment Browse the desired attachment file.
4. Click Save.
After you create the new ticket, you can open the ticket record and view a print-friendly
version of the ticket, e-mail the ticket to someone, and click the Find Relevant Articles
link to locate Knowledge Base articles related to the ticket.
The submitter will get a confirmation e-mail with a link to the specific ticket, if you have
selected the New Ticket Via Email check box in the Help Desk Configuration page.
Only users with ticket ownership privileges can do this. If a non-owner were to try to do
this, his or her @-lines would be considered text and included in the comment.
For example, replying to a ticket e-mail with the following text would close the bug, change the owner, and
add a comment:
@status=closed
@owner=joe
I fixed that problem. If it happens again, talk to Joe.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 218
due_date The date can be in any format. For example, 2/3/2004, next friday or Febru-
ary 3, 2004. To clear the due date use the values empty string ("") or "null".
impact Enter the impact.
owner Enter the owner's user name, full name, or e-mail address. You can clear the owner
by using the empty string ""
priority Enter the priority
resolution Enter the resolution.
status Enter the status.
submitter Enter the submitter's user name, full name, or e-mail address. If the specified
name does not match an existing user and if the queue has "Accept email from
unknown users" check box selected, a new user will be created. If you think that
this might happen, you can include both a full name and an e-mail address. For
example, Full name <email address>
title Enter the title.
Custom fields
You can also set custom fields. The value must be a name having an underscore. For example, If the field
name is eye color, the value should be eye_color. You can also make two custom fields which have the
same name with an underscore. In this case, the assignment will go to the first of the two custom fields.
You'll get an error if you try to put a bad value into a select or multiselect custom field. To select multiple
values in a multiselect custom field, the values should be comma-separated.
The lines at the beginning of an e-mail starting with "@" are special. You'll get errors if they're not
assignments as described above. For example,
@owner=NoSuchUser
@status=NoSuchStatus
Errors will be e-mailed back to you. The e-mail will use the "Email Ticket Error" template. For more
information on e-mail templates, Refer to “Help Desk E-mail Customization,” on page 213.
1. Select the check box beside the ticket(s) you want to edit.
2. From the Choose action drop-down list, select the desired option:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 219
To edit a ticket from the Ticket Tick page:
When reassigning a ticket to a new owner using the Choose action drop-down list,
the number in parentheses (), indicates the number of tickets currently assigned to that
Help Desk user.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 220
Searching Help Desk tickets
From the Ticket List page, users can search tickets submitted by them, as well as view tickets by other
owners. You can use Advanced Search options to locate tickets. Advanced search allows you to use
operators such as contains, >, <, =, and Match RegEx.
Match RegEx allows for wildcard and other search expressions standard to PERL users. “%” functions as
the wildcard (similar to * in the DOS world). For additional information about RegEx searching, visit http:/
/www.regular-expressions.info/ and/or http://dev.mysql.com/doc/mysql/en/regexp.html.
Normally, a backslash (\) is used as an escape character in any programming language.
Therefore if a user wants to search for a character (for example, “.”) in any string, he is required to use
two backslashes (i.e. \\.). One backslash is used as an escape character, whereas the other backslash is
used for searching the character (“.”) in a string.
However the way KBOX is coded this can be accomplished by a single quote only. A user need not put
double backslashes (i.e \\.) to search the character (“.”) in the string. So for searching a regular expression
in a string in KBOX, a single backslash is sufficient.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 221
Each ticket has a Priority, and each Priority has an Escalation Time associated with it. Tickets are
escalated if they have been open longer than the time specified by their priority setting. Tickets also have
a Status that can either be Open, Stalled, or Closed. Tickets with an Open status will trigger an escalation
mail every n minutes, where n is the time specified by the Escalation Time assigned to the priority. For
example, by default, the KBOX has a Priority value of High, with an Escalation Time of 30 minutes. This
means that for each ticket that is marked as High Priority, an escalation mail will be sent every 30 minutes
to notify people that the ticket is still Open.
Tickets that are Stalled or Closed do not trigger escalation e-mails. Moving a ticket from Open to Stalled or
Closed, and then back to Open will not change the creation time, so the escalation mails will continue to
be processed based on the original time. For example, if you were to open a ticket, close it after 5 minutes,
then reopen it after 35 minutes, an escalation e-mail would be sent saying that the ticket is older than 30
minutes. After that e-mail is sent, the next e-mail would go out after an additional 30 minutes had elapsed.
You determine who receives the escalation e-mails in the Email on Events area of the Help Desk
Configuration settings. You could choose to send the escalation e-mail to any of the following:
The ticket owner
The submitter
The e-mail address(es) listed in the Ticket CC area
The e-mail address(es) listed in the Category CC area.
By specifying the recipient for escalation e-mails, you are routing open tickets to the right person or people
who can help to resolve the issue.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 222
Running Help Desk Reports
The KBOX provides several default reports you can run on the Help Desk.
You can view these reports by selecting the Reporting tab and then selecting HelpDesk from the View
by category drop-down list.
By default, the KBOX includes the Help Desk reports shown in the table below. For convenience, each of
these reports is available in a variety of formats: HTML, PDF, CSV, and TXT.
Closed Satisfaction Survey last 31 days Lists by Owner all Closed Satisfaction Surveys in the last 31
by Owner days.
Closed Ticket Resolutions last 31 days by Lists by Owner all Closed Ticket Resolutions in the last 31
Owner days.
Closed Ticket Resolutions last 7 days by Lists by Owner all Closed Ticket Resolutions in the last 7 days.
Owner
Closed Tickets last 31 days by Category Lists by Category all Help Desk tickets that have been closed
in the last 31 days.
Closed Tickets last 31 days by Owner Lists by Owner all Help Desk tickets that have been closed in
the last 31 days.
Closed Tickets last 7 days by Owner Lists by Owner all Help Desk tickets that have been closed in
the last 7 days.
Escalated/Open Tickets by Owner Lists by Owner all escalated and open Help Desk tickets.
Open Tickets by Category Lists by Category all open Help Desk tickets.
Open Tickets by Owner Lists by Owner all open Help Desk tickets.
Open Tickets last 7 days by Owner Lists by Owner all open Help Desk tickets opened in the last 7
days.
Stalled Tickets by Owner Lists by Owner all tickets that are past their due date but not
in escalation (stalled tickets).
Stalled/Open Tickets by Category Lists by Category all stalled and open Help Desk tickets.
Stalled/Open Tickets by Impact Lists by Impact all stalled and open Help Desk tickets.
Stalled/Open Tickets by Owner Lists by Owner all stalled and open Help Desk tickets.
Stalled/Open Tickets by Priority Lists by Priority all stalled and open Help Desk tickets.
Stalled/Open Tickets by Status Lists by Status all stalled and open Help Desk tickets.
Stalled/Open Tickets with Due Date by Lists by Owner and due date all stalled and open Help Desk
Owner tickets.
Work Report Date Range - Long Notes Displays date, ticket #, technician and hours worked as a
Display header above the Notes for a Work entry for 2006-04-01
through 2006-07-01.
Work Report last 31 days Reports all tickets for which work has been logged for the last
31 days.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 223
Help Desk Report Description
Work Report last 31 days - Customize Use this report if you want to build a customized report show-
ing only select fields for all tickets for which work has been
logged for the last 31 days.
Work Report last 31 days - Long Notes Displays date, ticket #, technician, and hours worked as a
Display header above the Notes for each Work entry.
Work Report last 31 days by Person Displays all people who logged work
during the last 31 days first by person, and then by ticket and
time.
If you need to create custom reports, see Chapter 12,“Creating and Editing
Reports,” starting on page 230 for information on using the Report Wizard.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 224
C H A P T E R 12
Reporting
225
The KBOX Reports Overview
The KBOX is shipped with many stock reports. The reporting engine utilizes XML-based report layouts to
generate reports in HTML, PDF, CSV, XSL and TXT formats.
By default, the KBOX provides reports in the following general categories:
Compliance
Hardware
Help Desk
KBOX
Network
Patching
Security
Software
Template
Types of Reports
Within each of the general categories mentioned above, there are various reports you can run to display
information about the computers on your network. Descriptions of each type of report you can run are
provided below. Help desk reports are discussed in Chapter 11,“User Portal and Help Desk,” starting on
page 193.
Compliance Hotfix Compliance Shows the list of computers that have the speci-
fied hotfix installed.
Compliance Software Compliance Simple Lists the licenses and counts like the License list
page with details such as vendor, PO#, and
Notes.
Compliance Software License Compliance Lists software and computers that are impacted
Complete by each license record.
Compliance Unapproved Software Lists software found on computers that do not
Installation have approved licenses.
Hardware C drives less than 2G free Shows which computers with less than 2
gigabytes of free space.
Hardware Computer - Video/Ram/Proc by Lists all computers and their video, ram and pro-
Label cessor information sorted by label and name.
Hardware Computer Export This report is intended to generate a CSV listing
for data export to other programs.
Hardware Computer Inventory Detail Detail listing of all computers on the KBOX
network with full field detail.
Note: When this report is opened in XLS format,
it gives an Apache Tomcat error.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 226
Category Report Description
Hardware Computer Listing by Free Disk Lists computer disk drives in order of total free
Space disk space.
Hardware Computer Listing by Label Lists all computers by all KBOX labels.
Hardware Computer Listing by Memory Lists computer RAM in order of total memory
size.
Hardware Computer Listing by Operating Sorts all computers by Operating System type
System and sums OS Types.
Hardware Computer Uptime Report Reports the uptime of the computers.
Help Desk Closed Satisfaction Survey last Lists by Owner all Closed Satisfaction Surveys in
31 days by Owner the last 31 days.
Help Desk Closed Ticket Resolutions last 31 Lists by Owner all Closed Ticket Resolutions in
days by Owner the last 31 days.
Help Desk Closed Ticket Resolutions last 7 Lists by Owner all Closed Ticket Resolutions in
days by Owner the last 7 days.
Help Desk Closed Tickets last 31 days by Lists by Category all Help Desk tickets that have
Category been closed in the last 31 days.
Help Desk Closed Tickets last 31 days by Lists by Owner all Help Desk tickets that have
Owner been closed in the last 31 days.
Help Desk Closed Tickets last 7 days by Lists by Owner all Help Desk tickets that have
Owner been closed in the last 7 days.
Help Desk Escalated/Open Tickets by Lists by Owner all escalated and open Help Desk
Owner tickets.
Help Desk Open Tickets by Category Lists by Category all open Help Desk tickets.
Help Desk Open Tickets by Owner Lists by Owner all open Help Desk tickets.
Help Desk Open Tickets last 7 days by Lists by Owner all open Help Desk tickets opened
Owner in the last 7 days.
Help Desk Stalled Tickets by Owner Lists by Owner all tickets that are past their due
date but not in escalation (stalled tickets).
Help Desk Stalled/Open Tickets by Lists by Category all stalled and open Help Desk
Category tickets.
Help Desk Stalled/Open Tickets by Impact Lists by Impact all stalled and open Help Desk
tickets.
Help Desk Stalled/Open Tickets by Owner Lists by Owner all stalled and open Help Desk
tickets.
Help Desk Stalled/Open Tickets by Priority Lists by Priority all stalled and open Help Desk
tickets.
Help Desk Stalled/Open Tickets by Status Lists by Status all stalled and open Help Desk
tickets.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 227
Category Report Description
Help Desk Stalled/Open Tickets with Due Lists by Owner and due date all stalled and open
Date by Owner Help Desk tickets.
Help Desk Work Report Date Range - Long Displays date, ticket #, technician and hours
Notes Display worked as a header above the Notes for a Work
entry for 2006-04-01 through 2006-07-01.
Help Desk Work Report last 31 days Reports all tickets for which work has been
logged for the last 31 days.
Help Desk Work Report last 31 days - Use this report if you want to build a customized
Customize report showing only select fields for all tickets for
which work has been logged for the last 31 days.
Help Desk Work Report last 31 days - Long Displays date, ticket #, technician, and hours
Notes Display worked as a header above the Notes for each
Work entry.
Help Desk Work Report last 31 days by Displays all people who logged work
Person during the last 31 days first by person, and then
by ticket and time.
KBOX Boot/Login Policies Lists all the activities that could happen at
machine boot time or after the user logs in.
KBOX KBOX Agent Roll Out Log Reports when a computer record was first cre-
ated.
KBOX KBOX Communication Lists by day the latest communication from com-
puters on the network.
KBOX MI's enabled on all machines Lists all the managed installations that are
enabled on all machines.
KBOX Scripts enabled on all machines This report lists the scripts that are enabled on all
machines.
Network Network Info - Domain Listing This report lists computers groups computers by
domain/workgroup.
Network Network Info - IP Address Lists computers in order of IP Address (ascend-
Listing ing).
Network Network Scan Report Displays the results of the nightly Network Scan.
Patching Critical Bulletin List Lists all critical bulletins.
Patching For each Machine, what patches Lists of all patches on each computer in the
are installed KBOX network.
Patching For each Patch, what machines Lists the computers having each software patch
have it installed in inventory.
Patching How many computers have each Software Inventory listing sorted by software title
Patch installed showing number of seats deployed.
Patching Installation Status of each Lists the installation status of each enabled
enabled Patch patch.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 228
Category Report Description
Patching Needs Review Bulletin List List of all the Bulletins that need review.
Patching Patches waiting to be deployed Lists all patches waiting to be deployed.
Security Number of machines with OVAL Lists, for each OVAL test, how many machines
vulnerabilities failed the test and are therefore vulnerable.
Security OVAL Machine Report Reports all the machines and how many OVAL
tests that each of them failed.
Security SANS Top 10 - Q2 2005 Reports all OVAL results from vulnerabilities
reported by SANS.
Security Threatening Items Displays all items of threat level 4 or 5 and the
computers which have them.
Security Top 10 OVAL Vulnerabilities Displays a Pie graph of the top 10 OVAL vulnera-
bilities that have been reported by the OVAL
scan.
Software Software Export Generates a CSV listing for data export to other
programs.
Software Software Installed But Not Used Lists, by software item, where software has been
Last 6 Months installed but not used according to software
metering. This only works when you have
attached the metering to a particular software
item which limits you to a particular version of
software.
Software Software Inventory By Vendor Software Inventory listing grouped by vendor
showing number of seats deployed.
Software Software Listing By Label Lists all software titles organized by all KBOX
labels.
Software Software not on any computer Listing of all software titles that are not currently
installed on any computers.
Software Software on Computer Listing of all software on each computer in the
KBOX network.
Software Software OS Report - Graph Pie graph showing the list and count of Operating
Systems currently deployed on your network.
Software Software Title & Version - Com- This report lists the computers having each soft-
puter List ware title in inventory.
Software Software Title - Computer List This report lists computers having each Microsoft
(MS Only) software title in inventory.
Software Software Title Deployed Count Software Inventory sorted by software title show-
ing number of seats deployed.
Template Computer Listing - XP SP2 Lists all computers, reporting if XP SP2 is
installed? installed or not. Change 'Windows XP Service
Pack 2' to any other Software title you are inter-
ested in. Sorted by installation status.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 229
Category Report Description
Template Computer Listing with Software Computer Listing sorted by LABEL with comput-
Template ers having software names like "Microsoft Office
Professional%".
Template Custom Inventory Template Reports the values returned by a custom inven-
tory rule that you can setup in the Software Item
page. Change 'McAfeeDATFile' to be the name of
the Software item with the Custom Inventory
Rule in it.
Template Log File Information Template This is a template that lists the values returned
from a 'Log File Information' action in a script.
Replace 'AccessedDate: ' with the actual attribute
that you returned.
Template Log Registry Value Template This template lists the values returned from a
script using the 'Log Registry Value' action.
Replace the value '!doc =' with the appropriate
value name that you entered in the script.
Template Machines By Label X with Soft- Reports all the machines in label(s) and indicates
ware Y Installed if they have a particular software product
installed. Replace KBOX with the name of the
software you are looking for and QA_LABEL and
KBOX_LABEL with the labels of the machines you
want included.
Running Reports
To run any of the KBOX reports, click the desired format type (HTML, PDF, CSV, XLS or TXT). For the HTML
format, the report is displayed in a new window. If you select PDF, CSV, XLS or TXT formats, you can open
the file or save it to your computer.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 230
To create a new report using the table presentation type:
Report Title Enter a display name for the report. Make this as descriptive as pos-
sible, so you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already
exist, it is added to the drop-down list on the Reports list page.
Description Describe the information that the report provides.
4. Click the appropriate topic name from the Available Topics list. For example, software.
5. Click the Table presentation type icon.
6. Click Next.
7. To choose table columns:
a Click the Appropriate column name from the Available columns list.
b Click to add that column to the Display Columns list. You can change the column order by
clicking or .
c To remove a column from the Display list, click the appropriate column and click .
8. Click Next.
9. To define the criteria for displaying records in the report:
a Click the Appropriate field name from the Available Fields list. Columns that you chose in the
previous step appear under display fields. You can also choose a field from among all fields available
for that topic. For example, Threat Level.
b Click Add.
c Select the appropriate operator from the comparison drop-down list. For example, Greater Than.
d Enter the appropriate value in the text field. For example, 3.
This rule filters the data and display only software that has Threat Level greater than 3.
e Click OK. The rule is added in the list of Current Rules. You can add more than one rule.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 231
b Click to add that column to the Display Columns list. You can change the column order by
clicking or .
c To remove a column from the Display list, click the appropriate column and click .
12. Click Next.
13. You can customize the report layout. You can drag to set column order, width and add spacers. You
can drag and drop between columns as well as between columns and spacer. Click on the column and
report headings for further menu of labels, grouping, summary and other options.
The options available are as follows:
Title Click on the title displayed before spacer to display the field name of spacer, Add as a
group and Add as a column options.
Spacer Click on spacer to display the field name of spacer and Add as a column options.
Column Click on column to display the column name, change label, switch to group, remove col-
umn, summaries and move to right or left depending upon the column alignment options.
14. Click Save to save the report. The KBOX Reports page is displayed with the new report in the list. To
run the new report, click the desired format (HTML, PDF, CSV, XLS or TXT). For the HTML format, the
report is displayed in a new window. If you select PDF, CSV, XLS or TXT formats, you can open the file
or save it to your computer.
You can jump to steps 1-5 of the Reporting Wizard Step. Step 1 and Step 2 are
mandatory and can not be left blank.
Report Title Enter a display name for the report. Make this as descriptive as possible, so
you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already exist, it is
added to the drop-down list on the Reports list page.
Description Describe the information that the report provides.
4. Click the appropriate topic name from the Available Topics list. For example, software.
5. Click the Chart presentation type icon.
6. Click Next.
7. To choose table columns:
a Click the Appropriate column name from the Available columns list.
b Click to add that column to the Display Columns list. You can change the column order by
clicking or .
c To remove a column from the Display list, click the appropriate column and click .
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 232
8. Click Next.
9. To define the criteria for displaying records in the report:
a Click the Appropriate field name from the Available Fields list. Columns that you chose in the
previous step appear under display fields. You can also choose a field from among all fields available
for that topic. For example, Threat Level.
b Click Add.
c Select the appropriate operator from the comparison drop-down list. For example, Greater Than.
d Enter the appropriate value in the text field. For example, 3.
This rule filters the data and display only software that has Threat Level greater than 3.
e Click OK. The rule is added in the list of Current Rules. You can add more than one rule.
You can jump to steps 1-5 of the Reporting Wizard Step. Step 1 and Step 2 are
mandatory and can not be left blank.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 233
To create a new SQL report from scratch:
Title Enter a display name for the report. Make this as descriptive as possible, so
you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already exist, it
is added to the drop-down list on the Reports list page.
Output File Name Enter the name for the file generate when this report is run.
Description Describe the information that the report provides.
Output Types Select the appropriate formats that should be available for this report.
SQL Select Statement Enter the query statement that generates the report data. For reference,
consult the MYSQL documentation.
Break on Columns A comma-separated list of SQL column names. The report generates break
headers and sub totals for these columns. This setting refers to the auto-
generated layout.
XML Report Layout Select this check box if you have changed the columns that are being
returned by the query so that the XML Report Layout is regenerated using
the new columns. This option creates the Report XML layout based on the
SQL you enter.
Note: If you have just changed a sort order or a where clause, you need
not recreate the layout.
For assistance with formatting the report XML, JRXML format is used. You can use iReports
to design reports with JRXML. The documentation is available at http://
jasperforge.org/jaspersoft/opensource/business_intelligence/ireport/.
Once you click the Save button, the report wizard is disabled for that report.
Title Edit the display name for the report if required. Make this as descriptive as
possible, so you can distinguish this report from others.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 234
Report Category Edit or enter the category for the report. If the category does not already
exist, it is added to the drop-down list on the Reports list page.
Output File Name Edit or enter the name for the file generate when this report is run.
Description Describe the information that the report provides.
Output Types Select the appropriate formats that should be available for this report.
SQL Select Statement Edit or enter the query statement that generates the report data. For refer-
ence, consult the MYSQL documentation.
Break on Columns A comma-separated list of SQL column names. The report generates break
headers and sub totals for these columns. This setting refers to the auto-
generated layout.
XML Report Layout Select this check box if you have changed the columns that are being
returned by the query so that the XML Report Layout is regenerated using
the new columns. This option creates the Report XML layout based on the
SQL you enter. You can edit, if necessary.
Note: If you have just changed a sort order or a where clause, you need
not recreate the layout.
6. Click Save.
Editing the SQL of a report disables modifying it with the Report Wizard.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 235
6. Click on Save button to update these settings.
1. Click on existing SQL report. The KBOX Report : Edit Detail page appears.
2. Click Preview to view the report. You can customize the report by changing its title, SQL query, or
layout.
3. Click Preview to view the customized report.
Scheduling Reports
Reports can be scheduled from the Schedule Reports tab. From the Report Schedules List page you can
open existing schedules, create new schedules, or delete them. You can also search schedules using
keywords.
Record Created Displays the date and time when the schedule was first created. This field is
read-only.
Record Last Modified Displays the date and time that the schedule was last modified. This field is
read-only.
Schedule Title Enter a display name for the schedule. Make this as descriptive as possible,
so you can distinguish this schedule from others.
Description Enter the information that the schedule would provide.
Report to Schedule Select the appropriate report you would like to schedule. You can filter the
list by entering any filter options.
Report Output Click the desired output report format (PDF, Excel, CSV, or TXT) that should
Formats be available for this scheduled report.
Recipients
Click the icon to enter the recipient’s e-mail address,
or choose Select user to add from the drop-down list.
This is a mandatory filed.
Email Notification
Subject Enter the subject of the schedule. The subject can help to
quickly identify what the schedule is about.
Message Text Enter the message text in the notification.
Don’t Run on a Schedule Select to run the schedules in combination with an event rather
than on a specific date or at a specific time.
Run Every n hours Select to run the schedules at the specified time.
Run Every day/specific day at Select to run the schedules on specified day at the specified time.
HH:MM AM/PM
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 236
Run on the nth of every month/ Select to run the tests on the specified time on the 1st, 2nd, or
specific month at HH:MM AM/PM any other date of every month or only the selected month.
To run a schedule:
To delete a schedule:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 237
Alert Messages
Alert messages provide a way for you to interact with your users by displaying a message in a pop-up
window. The Alerts List page displays the messages you have distributed to users.
From the Alerts List page you can open existing alerts, create new alerts, or delete alerts. You can also
search messages using keywords.
The Alerts feature works only if there is a constant connection between the KBOX Agent
and the KBOX. For information on how to set up the constant connection, Refer to
“Configuring AMP Settings for the Server,” on page 24.
The pending alert messages are displayed in the AMP Message Queue if they are not
pushed to the target machine. The alert messages remain in the queue till the Keep
Alive time interval elapses or if the connection between the KBOX Agent and the KBOX
is lost or interrupted. Once the time interval is elapsed, the messages are deleted from
the queue and the alerts expires.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 238
E-mail Alerts
E-mail Alerts differ from Alerts (broadcast messages) in an e-mail alert you can send out messages to
administrators based on more detailed criteria. The E-mail Alert feature relies on the Inventory |
Computers engine to create a notification that are sent to administrators when computers meet the
criteria you specify.
The KBOX 1000 Series checks the computers listed in the inventory against the criteria in the E-mail Alert
once in every hour until one or more computers meet the criteria, then a message is sent to the
administrator(s) specified in the alert details.
Filters
The KBOX 1000 Series allows you to create two specific type of filters.
They are as follows:
Machine Filter
Software Filter
You can view the list of available filters from the Reporting | Filters tab. With the Filters tab you can:
Add A New Machine Filter
Add A New Software Filter
Delete a Filter
Order Machine Filters
Order Software Filters
For Adding A New Machine Filter, Refer to Chapter 3,“Creating Search Filters for Computer
Inventory,” starting on page 56.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 239
For Adding A New Software Filter, Refer to Chapter 3,“Creating Search Filters for Software
Inventory,” starting on page 67.
To edit a filter:
Filter Type Specifies whether the filter type is Machine Filter or Software Filter.
Assigned From the drop-down list, choose the appropriate label you want to assign. Click on
Label Details to edit label details. For more information on editing able details, Refer to
Chapter 3,“Labels,” starting on page 84.
Label Notes Displays note relevant to the label, if entered in the Notes field.
Filter SQL This field displays the filter query in the SQL format. You can click on Duplicate
to create a new filter with same Filter SQL text.
4. Click Save.
When you click on Duplicate to create a new filter with same Filter SQL text, you can
only reassign it to a new label.
3. Click the icon beside a filter listed to modify it. By default, when a new machine filter is created, it
has an order value of 100.
4. You can specify the order in which this filter runs by editing the Order value for this filter. Filters with
descending Order values executes first.
5. Click Save.
3. Click the icon beside a filter listed to modify it. By default, when a new software filter is created, it
has an order value of 100.
4. You can specify the order in which this filter runs by editing the Order value for this filter. Filters with
descending Order values executes first.
5. Click Save.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 240
Exporting Reports
You can export the existing reports of individual organizations in the .jrxml format, which can be viewed
through iReport.
You can customize the exported report by changing the layout, font size or background color in iReport
and import this customized report in the KBOX.
To export a report:
Importing Reports
You can import an existing report exported or a new report created in the .jrxml format, using the iReport
wizard.
The Reporting module of the KBOX currently does not support the subreport feature
of JasperReports.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 241
C H A P T E R 13
LDAP
The KBOX LDAP feature lets you to browse and search the data
located on the LDAP Server.
242
LDAP Browser
The LDAP Browser allows you to browse and search the data located on the LDAP Server. For example,
Active Directory Server.
You must have the Bind DN and the Password to log on to the LDAP Server.
LDAP Server Enter the IP or the Host Name of the LDAP Server.
Note: For connecting through SSL, use the IP or the Host Name, as
ldaps://HOSTNAME
If you have a nonstandard SSL certificate installed on your LDAP server
such as internally-signed or a chain certificate not from a major
certificate provider such as Verisign, you need to contact KACE Support
for assistance before proceeding.
LDAP Port Enter the LDAP Port number, which could be either 389/636 (LDAPS).
LDAP Login Enter the Bind DN
For example:
CN=Administrator,CN=Users,DC=kace,DC=com
LDAP Password Enter the password for the LDAP login.
3. Click test.
4. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names)
available on that directory is displayed. These base DNs can be used as a start point to browse and
search the directory.
If the connection was not established, the Operation Failed message appears, which could be due to
one of the following reasons:
The IP or Host Name provided is incorrect.
The LDAP server is not up.
The login credentials provided are incorrect.
5. Click a Base DN or click Next.
A new window displays the Search Base DN and the Search Filter. The Search Base DN is populated on
the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN
and the Search Filter.
6. You can also use the Filter Builder to create complex filters. Click Filter Builder. The Query Builder
is displayed. Specify the following information.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 243
7. To add more than one attribute:
Conjunction Operator Select the conjunction operator from the drop - down list. For
example, AND.
Note: This field is available for the previous attribute only when
you add a new attribute.
Add Click Add. You can add multiple attributes.
Search Scope Click One level to search at the same level or click Sub-tree
level to search at the sub-tree level.
8. Click OK. The query appears in the Search Filter text area. For example,
(samaccountname=admin).
9. Click Browse to display all the immediate child nodes for the given base DN and search filter. Click
Search to display all the direct and indirect child nodes for the given base DN and search filter.
LDAP Server Enter the IP or the Host Name of the LDAP Server.
Note: For connecting through SSL, use the IP or the Host Name, as
ldaps://HOSTNAME
If you have a nonstandard SSL certificate installed on your LDAP server
you need to contact KACE Support for assistance before proceeding. A
nonstandard certificate can be an internally-signed or a chain certificate
that is not from a major certificate provider such as Verisign.
LDAP Port Enter the LDAP Port number, which could be either 389/636 (LDAPS).
LDAP Login Enter the Bind DN
For example:
CN=Administrator,CN=Users,DC=kace,DC=com
LDAP Password Enter the password for the LDAP login.
3. Click test.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 244
4. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names)
available on that directory is displayed. These base DNs can be used as a start point to browse and
search the directory.
If the connection was not established, the Operation Failed message appears, which could be due to
one of the following reasons:
The IP or Host Name provided is incorrect.
The LDAP server is not up.
The login credentials provided are incorrect.
5. Click a Base DN or click Next.
A new window displays the Search Base DN and the Search Filter. The Search Base DN is populated on
the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN
and the Search Filter.
6. Click the Go to LDAP Easy Search link. The LDAP EasySearch page appears.
7. Enter any key word for search and click GO.
For more specific search you can click the Indexed field option or Non-Indexed field option. You
can also specify Other attributes, separated by comma.
3. Click test.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 245
4. On a successful connection to the LDAP server, a list of possible base DNs (Distinguished Names)
available on that directory is displayed. These base DNs can be used as a start point to browse and
search the directory.
If the connection was not established, the Operation Failed message appears, which could be due to
one of the following reasons:
The IP or Host Name provided is incorrect.
The LDAP Server is not up.
The login credentials provided are incorrect.
5. Click Next or one of the base DNs to advance to the next step.
A new window displays the Search Base DN and the Search Filter. The Search Base DN is populated on
the basis of the Base DN that you selected in the previous screen. You can modify the Search Base DN
and the Search Filter.
6. You can also use the Filter Builder to create complex filters. Click Filter Builder. The Query Builder is
displayed. Specify the following information.
Conjunction Operator Select the Conjunction Operator from the drop - down list. For
example, AND.
Note: This field is available for the previous attribute only when
you add a new attribute.
Add Click Add. You can add multiple attributes.
Search Scope Click One level to search at the same level or click Sub-tree
level to search at the sub tree level.
8. Click OK. The query appears in the Search Filter text area. For example,
(samaccountname=admin).
9. Click Browse to display all the immediate child nodes for the given base DN and search filter or click
Search to display all the direct and indirect child nodes for the given base DN and Search Filter.
The search results are displayed in the left panel.
10. Click a child node to view its attributes.
The attributes are displayed in the right panel.
11. Click Next to confirm the LDAP configuration.
12. Click Next to use the displayed settings.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 246
LDAP Filters
LDAP Filters allow the automatic labeling of machine records based on LDAP or Active Directory
interaction. The search filter will be applied to the external server and should any entries be returned then
automatic labeling results.
If the external server requires credentials for administrative login (aka non-anonymous
login), supply these credentials.
If no LDAP user name is given, then an anonymous bind will be attempted. Each LDAP
filter may connect to a different LDAP/AD server.
You may bind to an LDAP query based on the following KBOX variables:
Computer Name
Computer Description
Computer MAC
IP Address
User name
User Domain
Domain User
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 247
Search Filter Enter the Search Filter.
For example:
(&(sAMAccountName=admin)(memberOf=CN=financial,DC=kace,DC=
com))
LDAP Login Enter the LDAP login.
For example:
LDAP Login: CN=Administrator, CN=Users,DC=kace=com
LDAP Password Enter the password for the LDAP login.
If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP
Browser Wizard. For more information on how to use the LDAP Browser Wizard, Refer to Chapter
11,“Importing Users,” starting on page 201.
4. Click Save.
Each time a machine checks into the KBOX, this query will run against the LDAP server. The admin
value in the 'Search Filter' will be replaced with the name of the user that is logged onto this machine.
If a result is returned, then the machine gets the label specified in the Associated Label field.
NOTE: To test your Filter, click the Test button and review the results.
You can also create an LDAP Filter using the LDAP Browser.
4. Click Next to configure the LDAP settings. The LDAP Browser Wizard is displayed. For more
information on how to use the LDAP Browser Wizard, Refer to “LDAP Browser Wizard,” on page 245.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 248
User Authentication
Instead of setting up users individually on the Users tab, you can configure the KBOX 1000 Series for local
authentication, or External LDAP Server Authentication. The KBOX can then access a directory service
(such as LDAP) for user authentication. This allows users to log into the KBOX 1000 Series Administrator
portal using their domain user name and password, without having to add users individually from the
Users tab.
1. Select Settings | Control Panel. The KBOX Settings: Control Panel page appears.
2. Click User Authentication. The KBOX Settings: Authentication page appears.
3. Click the [Edit Mode] link.
4. Specify the Authentication method you want to use:
5. Click Edit Mode to edit External LDAP Server Authentication fields. Click the appropriate icons next to
the server name to perform described actions:
Icon Description
Schedules a user import for this server
6. You can have more than one LDAP Server/Directory configured. Click Add New Server to add a new
LDAP Server.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 249
All servers must have a valid IP address or Host Names entered in the Server Host
Name field, or the KBOX will wait to timeout on an invalid IP address, resulting into
login delays when using LDAP Authentication.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 250
The user can log on to Help Desk only if, optional Help Desk Module is installed.
2. Click icon next to the server name in the list of servers to schedule a user import.
The User Import : Schedule - Choose attributes to import: Step 1 of 3 page appears.
3. The LDAP Server Details are displayed,
LDAP Server This is a Read-only field that displays the IP or Host Name of the LDAP
Server.
LDAP Port Displays the LDAP Port number which could be either 389 (LDAP)/636
(LDAPS). This is a Read-only field.
Search Base DN This is a read only field that displays the Search Base DN.
Search Filter This is a read only field that displays the Search Filter.
LDAP Login This is a read only field that displays the LDAP login.
LDAP Password The LDAP login password. This is a Read-only field.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 251
Binary Attributes Enter the Binary Attributes. For example, objectsid.
Binary Attributes indicates which attributes should be treated as binary
for purposes of storage.
Max # Rows Enter the maximum rows. This will limit the result set that is returned in
the next step
Debug Output Select the check box to view the debug output in the next step.
If you are unable to fill in the information for Search Base DN and Search Filter, you can use the LDAP
Browser Wizard. For more information on how to use the LDAP Browser Wizard, Refer to “LDAP
Browser Wizard,” on page 245.
5. In Email Notification section, Click to enter the recipient’s e-mail address, or choose Select user to
add from the drop-down list.
6. In Scheduling section, specify the scan schedule:
Don’t Run on a Schedule Select this to not have the user import run on a schedule
Run Every day/specific day Select to run the schedules on specified day at the specified time.
at HH:MM AM/PM
Run on the nth of every Select to run the tests on the specified time on the 1st, 2nd, or any
month/specific month at other date of every month or only the selected month.
HH:MM AM/PM
7. Click Next.
The User Import : Schedule - Define mapping between User attributes and LDAP attributes: Step 2 of 3
page opens.
8. Select the value from the drop-down list next to each LDAP attribute to map the values from your LDAP
server into the User record on the KBOX. The fields in Red are mandatory. The LDAP Uid must be a
unique identifier for the user record.
9. Select a label to add to the KBOX. Press CTRL and click to select more than one label. This list displays
a list of all the Label Attribute values that were discovered in the search results.
10. Click Next.
11. Review the information displayed in the tables below. The Users to be Imported table displays list of
users reported and the Labels to be Imported table displays the list of labels reported. The Existing
Users table and the Existing Labels table display the list of Users and Labels that are currently on the
KBOX. Only users with a LDAP UID, User Name, and E-mail value will be imported. Any records that do
not have these values are listed in the Users with invalid data table.
12. Click Next to start the import.
The User Import : Schedule - Import data into the KBOX: Step 3 of 3 page opens.
13. Click Import Now to save the schedule information and load the user information into the KBOX.
After importing, you will be taken to the User list page, where you can edit the imported user records.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 252
14. Click Save to save schedule information.
After saving, you will be taken to the KBOX Settings: Authentication page.
The imported user can log on to and access all features of the administrator UI and
User Portal or Help Desk depending on the role assigned.
Optional Help Desk Module needs to be installed for logging on to the Help Desk.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 253
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 254
C H A P T E R 14
255
Configuring General Settings for the Server
This section covers the general server configuration settings you should modify before you use the KBOX.
Company-Institu- Enter the name of your company. This name appears in every pop-up window or
tion Name alerts displayed to your users. For example, KACE.
User Email Suffix Enter the domain to which your users send e-mail. For example, kace.com.
System Enter the e-mail address of the KBOX administrator.
Administrator This address receives system-related alerts, including any critical messages.
Email
Login Organiza- Select the check box to enable the Login Organization Drop-down.
tion Drop-down By enabling the Login Organization dropdown, the empty Organization: field
on the Welcome login page will be replaced by a drop-down of the configured
organizations.
Note: The organization field or drop-down only appears if more than one
organization is configured.
Organization Fast Select the check box to enable Organization Fast Switching.
Switching By enabling Organization Fast Switching, the static Organization: field at the
top right corner of every page is replaced with a drop-down of organizations to
which the user has access.
Only those organizations that have the same user name and password appear in
the drop-down.
Send to Kace Crash reports Select the check box to send a report to KACE in the
event of a KBOX crash.
This option is recommended, since it provides additional
information to the Kace Technical Support team in case
you need assistance.
Enable AppDeploy Select the check box to enable your KBOX to share data
Live! with the AppDeploy Live! web site.
Current KBOX Load Average This value depicts the load on the KBOX server at any given
point of time. For the KBOX UI to remain responsive, the value
in this field must be between 0.0 and 10.0 .
Last Task Throughput Update This value indicates the date and time when the KBOX Task
Throughput was last updated.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 256
KBOX Task Throughput At any given point of time, the KBOX has multiple tasks
scheduled such as Inventory, Scripting, Patching updates and
execution of scripts. The value in this field governs how the
scheduled tasks are balanced by the KBOX. Larger the value,
more are the tasks attempted by the KBOX, and more is the
load on system resources.
Note: The value of the KBOX Task Throughput can be
increased only in following scenario:
Current KBOX Load Average is not higher than 10.0
Last Task Throughput Update time exceeds 15 minutes
Agent "Download Throttle" This settings decides the maximum number of the KBOX
Agents that can downloading packages at one point in time.
The packages are not deployed on machines after the Package
Download Throttle has been reached.
For example, if the value is set to 100 and 100 agents are
connected and receiving a deployment, the 101st agent is
deferred till one of these 100 agents has finished
communicating with the KBOX.
5. Specify the following User Portal settings if required to customize the User Portal page:
Custom Report Logo Displayed at the top of reports generated by the KBOX 1000 Series for each of
(.jpg) the organization associated with it.
The report image dimensions are 120x32 pixels, this is specified in the auto-
generated XML layout. You can adjust the xml report if you need a different
layout size.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 257
List of Open Ports required for the KBOX Server
Please ensure that following ports are not blocked by your firewall. These ports are required to access the
KBOX server.
Any changes made to the Network settings on this page will force the KBOX to reboot
after saving. Total reboot downtime should be 1 to 2 minutes provided that the changes
result in a valid configuration.
KBOX Server (DNS) We recommend adding a static IP entry for “kbox” to your DNS, and using the
Hostname default Hostname and Web Server Name. The fully-qualified domain name of
the KBOX on your network is the value of Hostname concatenated with
KBOX Web Server
Domain.
Name
For example, kbox.kace.com.
The clients will connect to KBOX using the Web Server Name, which can be
the hostname, fully-qualified domain name, or IP address.
For example, kbox.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 258
Static IP Address The IP address of the KBOX server.
Note: Be extremely careful when changing this setting. If the IP address is
entered incorrectly, refer to the KBOX console and use the konfig login to
correct it.
Domain The domain that the KBOX is on. The default value is corp.kace.com
Subnet mask The domain that the KBOX is on. The default value is 255.255.255.0
Default gateway Your default gateway.
Primary DNS The primary DNS server the KBOX should use to resolve hostnames.
Secondary DNS The secondary DNS server the KBOX should use to resolve hostnames. This is
an optional setting.
Network Speed Your network speed. The network speed setting should match the setting of
your local LAN switch. When set to auto negotiate the system automatically
determines the best value. This requires the switch to support auto-negotiate.
Otherwise contact your network administrator for the exact setting to be
used.
4. To set Network Server Options, perform the following steps under Network Server Options:
a Set the external SMTP Server, to enable e-mail notifications through this SMTP server. To set SMTP
Server, select the Use SMTP Server check box, and then enter the SMTP Server name in the SMTP
Server box.
The server named here must allow anonymous (non-authenticated) outbound mail transport.
Ensure that your organization’s network policies allow the KBOX to contact the SMTP server directly.
The mail server must be configured to allow relaying of mail from the KBOX without authentication.
You can test the e-mail service by using Network utilities. For more information on how to use
Network Utilities, refer to “Troubleshooting Tools,” on page 268.
b To set Proxy Server, select the Use Proxy Server check box, and then specify the following proxy
settings, if necessary:
Proxy Type Enter the proxy type, either HTTP or SOCKS5
Proxy Server Enter the name of the proxy server
Proxy Port Enter the port for the proxy server, the default port is 8080
Proxy (Basic) Auth Select the check box to use the local credentials for accessing the proxy
server
Proxy Username Enter the user name for accessing the proxy server
Proxy Password Enter the password for accessing the proxy server
The KBOX includes support for a proxy server which uses basic, realm-based authentication i.e a proxy
server which prompts for a username and password as shown in the following figure.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 259
If your proxy server uses some other kind of authentication you must add the IP address of the KBOX
on the exception list of the proxy server.
5. Click Set Options to set the Network Server options.
If you want to setup users for a specific organization, log into that organization.
To add a user:
User Name Enter the name the user types to enter the system console. This field is manda-
tory.
Full Name Enter user’s full name. This field is mandatory.
Email Enter user’s e-mail address. This field is mandatory.
Domain Enter an active directory domain. This field is optional.
Budget Code Enter the financial department code. This field is optional.
Location Enter the name of a site or building. This field is optional.
Work Phone Enter the user’s work phone number. This field is optional.
Home Phone Enter the user’s home phone number. This field is optional.
Mobile Phone Enter the user’s mobile phone number. This field is optional.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 260
Pager Phone Enter the user’s pager phone number. This field is optional.
Custom 1
Custom 2 Enter information in the custom fields if necessary. This field is optional.
Custom 3
Custom 4
Password Enter the password for the new user. Blank or empty passwords are not valid for
new users. The user will be created but the user cannot be activated without a
valid password. This field is mandatory.
Confirm Password Reenter the user’s password. This field is mandatory.
Permissions Specify the user’s logon permissions. This field is mandatory:
Admin—This user can logon to and access all features of the system
console.
ReadOnly Admin—This user can log on, but cannot modify any settings in
the system console.
5. Click Save.
To delete a user:
Password Enter the password for the new user. Blank or empty passwords are not valid for
new users. The user will be created but the user cannot be activated without a
valid password. This field is mandatory.
Confirm Password Reenter the user’s password. This field is mandatory.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 261
Configuring Security Settings for the
Server
Security Settings are not mandatory but are required to enable certain functionalities like Samba Share,
SSL settings, SNMP, SSH, Offbox DB Access, and FTP access on the KBOX Server. To use any of the
Security Settings features, you must enable them.
If you make changes to the security settings, the KBOX will need to be rebooted before
any changes can take effect.
SSH Enabled Select this check box if you want to permit someone to login to the
KBOX via SSH.
Enable backup via ftp Select this check box if you want to enable backup via ftp. The KBOX
creates a backup of the database and the files stored on it, daily. By
default, these files can be accessed by you via a read-only ftp server.
Refer Chapter 16,“To access the backup files through ftp:,” starting on
page 295.
If you do not need this feature and want to disable the FTP server,
clear this check box.
Secure backup files Select this check box if you want to prevent users from accessing the
KBOX backup files without logging on to the KBOX.
Note: Even if the Secure backup files check box is not selected, you
can still access the KBOX backup files. You can do this by entering the
full URL in the browser without logging on to the KBOX.
Enable SNMP monitoring Select this check box if you want to allow SNMP monitoring. The SNMP
is a network or appliance monitoring protocol that is supported by
many third party products.
If you do not want to expose the KBOX SNMP data, clear this check
box.
Enable database access Select this check box if you want to allow the KBOX database access.
The KBOX database is accessible via port 3306, to allow you to run
reports via an off board tool like Access or Excel.
If you do not want to expose the database in this way, clear this check
box.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 262
5. In the Samba Share Settings area, specify the following settings:
Enable Organization File Select this check box if you want to allow each organization to leverage
Shares the KBOX's client share as an install location for the client.
The KBOX has a built-in windows file server that can be used by the
provisioning service to assist in distributing the KBOX Client on your
network. KACE recommends that this file server only be enabled when
performing client software installs.
Require NTLMv2 on KBOX Select this check box if you want to allow NTLMv2 authentication for the
File Shares KBOX files shares. When you enable this option, the clients connecting
to the KBOX File Shares require support for NTLMv2 and have to
authenticate to the KBOX using NTLMv2. Enabling this option disables
"lanman auth" and "ntlm auth" on the samba server.
Note: NTLMv2 is more secure than NTLM and LANMAN, but non-
NTLMv2 configurations are more common, and this option is usually
turned off.
Require NTLMv2 on KBOX Certain functions on the KBOX are supported via samba client functions
Samba Client Usage (e.g. Agent Provisioning). Select this check box if you want to force
these functions to authenticate to off-board network file shares using
NTLMv2. Enabling this option enables the "client ntlmv2 auth" option on
samba client functions.
Note: NTLMv2 is more secure than NTLM and LANMAN, but non-
NTLMv2 configurations are more common, and this option is usually
turned off.
6. In the Optional SSL Settings area, specify the following settings, if required:
Enable port 80 access When you activate SSL, port 80 continues to be active, unless Enable
port 80 access check box is unchecked. By default, the standard
KBOX Agent installers attempt to contact the KBOX via port 80, and
then switch to SSL over port 443, after getting the server configuration.
If you disable port 80, you need to contact KACE Support to adjust the
agent deployment scripts to handle SSL. For ease of agent deployment,
leave port 80 active.
SSL Enabled on port 443 Select this check box if you want to allow the clients check in to the
KBOX server using https. Refer “SSL Certificate Wizard,” on page 264.
If you have your own SSL certificate and SSL private key, click [Edit
Mode] to edit the field values. In the Set SSL Private Key File field,
browse to the SSL Private Key file and browse to the signed SSL Certifi-
cate, in the Set SSL Certificate File field.
Note: Once you switch over to SSL, this is a one-way automatic shift
for the clients. The clients need to be reconfigured manually, if you later
decide not to use SSL.
7. Click Set Security Options, to save the changes and reboot the KBOX.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 263
8. In the Download New Patch Definitions area, click [Edit Mode] to edit the fields and specify as
follows:
Download on the nth of every Select to download the patches on the specified time on the 1st,
month/specific month at HH:MM 2nd or any other date of every month or only the selected
AM/PM month.
9. In the Stop Download Of Patch Definitions area, click [Edit Mode] to edit the field values and
specify the following:
Allow download of patch defini- Select to allow download of the patch definitions to complete.
tions to complete
Stop patch download process by Select to stop the download the patches at the specified time.
at HH:MM AM/PM
10. Click Set Patching Options, to save the changes and reboot the KBOX.
To enable SSL, you need the correct SSL Private Key file and a signed SSL Certificate. If
your private key has a password it will prevent the KBOX from restarting automatically.
Contact KACE support if you have this issue.
1. Select KBOX Settings | Control Panel. The KBOX Settings: Control Panel page appears.
2. Click Security Settings. The KBOX Security Settings page appears.
3. Click SSL Certificate Wizard. The KBOX Advanced SSL Settings page appears.
4. Click [Edit Mode] to edit the fields and specify the following:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 264
Common Name Enter a common name of the KBOX you are creating the SSL
certificate for.
e-mail Enter your e-mail address.
5. Click Set CSR Options. Your Certificate Signing Request is displayed in the field below the Set CSR
Options button. You need to copy the text between the lines “-----BEGIN CERTIFICATE REQUEST-----
and -----END CERTIFICATE REQUEST-----” along with these lines, and then send it to the person who
provides your company with web server certificates.
6. Your Private Key is displayed under Private Key field. It will be deployed to the KBOX when you
upload a valid certificate and subsequently click Deploy.
Do not send the private key to anyone. It is displayed here in case you want to deploy
this certificate to another web server.
Click Create Self Signed Certificate and for Deploy to be displayed.
7. Click Create Self Signed Certificate. The SSL certificate is generated. This certificate will not be
accepted by any of the KBOX clients until it is added into the trusted certificate database on every
machine running the KBOX client.
8. Click Deploy to deploy the certificates and turn on SSL on the KBOX. Click OK to reboot the KBOX.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 265
Configuring AMP Settings
Agent Messaging Protocol (AMP) is the KBOX Communications Protocol used by the KBOX Server with its
respective KBOX Agents.
KACE's AMP includes server, client, and communications components to perform optimized real-time
communications for control of systems management operations.
AMP provides:
Persistent connection between the KBOX Server
Server driven inventory updates
Higher scalability in terms of number of nodes supported on one KBOX 1000 Server
Better scheduling control and reliability
These settings are specific to the AMP infrastructure and do not affect other KBOX configuration settings or
runtime operations. These settings control both the runtime state of the AMP server and also the
operational state of the KBOX Agent.
Changing these settings will temporarily interrupt communications between the KBOX
Appliance and the KBOX Agents. Exercise caution when changing these settings and
contact KACE Technical Support for any questions regarding these parameters.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 266
To configure AMP Settings:
In order for the KBOX SERVER to accept connections via AMP it must have the
AMP Protocol Port 52230 open and available INBOUND to the KBOX IP
ADDRESS. (i.e. the KBOX SERVER must be able to accept connections through
this port number INBOUND without restriction from an INBOUND filter/firewall.)
Example of an INBOUND restriction:
“A NAT Firewall such as Cisco or SonicWall blocking INBOUND port 52230 to the
KBOX IP ADDRESS.”
Allow inbound Protocol Port 52230 to the KBOX SERVER.
This can be allowed through a One-to-One Inbound NAT Policy.
Note: If you change the default AMP Port of 52230 you must update the
ALLOWED OUTBOUND/INBOUND port on your filter/firewall.
Enable Select the check box to enable different levels of "server" debug/logging to the server's
Server log file.
Debug
Enable SSL Select the check box to enable SSL for AMP. The activation of SSL is for AMP Only. The
for AMP check box must be selected to activate SSL over AMP even though the General KBOX
settings may have SSL enabled already. This allows the separate configuration of AMP
traffic to be un-encrypted even though all other KBOX communication is SSL encrypted.
Note: Select the check box only if SSL is already enabled on the KBOX and you want the
client to server AMP traffic to be encrypted.
4. Click Save and Restart to the save the settings and restart the AMP server.
5. You can click Restart AMP Server to restart the AMP server without saving the settings.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 267
Configuring Date & Time Settings of the
KBOX Server
It is very important to keep the time of the KBOX accurate as most time calculations are made on the
server.
When updating the time zone, the KBOX Web Server will be restarted in order for it to
reflect the new zone information. Active connections may be dropped during the restart
of the web server. After saving changes, this page will automatically refresh after 15
seconds.
Last Updated Displays the date and time when the settings were last updated.
It is a readonly field.
Current Time Displays the current date and time. It is a read-only field.
Time Zone Select the appropriate time zone from the drop-down list.
Automatically syn- Select the check box to automatically synchronize the KBOX time with an inter-
chronize with an net time server.
Internet time server Enter the time server in the text box. For example, time.kace.com
Set the clock on the Select the check box to manually set the KBOX clock.
KBOX manually Select the appropriate time and date from the drop-down lists.
Troubleshooting Tools
The KBOX Troubleshooting Tools page contains tools to help KBOX administrators and KACE Technical
Support to troubleshoot problems with this KBOX.
To access the KBOX Troubleshooting Tools page, go to Settings | Support | Troubleshooting Tools.
The Troubleshooting Tools page appears.
You can use Network Utilities to test various aspects of this KBOX's network connectivity.
1. Select Settings | Support. The KBOX Settings: KACE Support page appears.
2. Click Troubleshooting Tools. The Troubleshooting Tools page appears.
3. Click the [Edit Mode] link.
4. Enter the IP Address in the text box.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 268
5. Select the appropriate network utility from the drop-down list.
6. Click Test.
You can download KBOX Troubleshooting Logs. KACE Technical Support may request that you
send them KBOX Troubleshooting Logs to help in troubleshooting some issues. Click the click here
link to download KBOX Troubleshooting Logs.
Select the Enable Tether check box under KACE Support Tether to allow KACE Technical Support to
access your KBOX.
Enter the key supplied by KACE in the text box. KACE Technical Support will provide you a key when
this type of support is required.
Single Sign-On
The Single Sign-On feature (KBOX Linking and Manage Linked KBOX Appliances) enables users to
authenticate once and gain access to multiple KBOXs. The Single Sign-On feature allows users to switch
between different KBOXs without having to re-login into each appliance individually.
The KBOX linking allows multiple KBOX appliance owners to easily switch between their different KBOX
management consoles. To configure KBOX appliance linking on your network, enable or select the Enable
KBOX Appliance Linking check box on each appliance. Assign a unique name to each KBOX appliance
must be given a unique friendly name. For example, “KBOX A”. The other appliances are shown preceded
by this unique name in the fast switching drop-down list located in the top left-hand corner of the user
interface. This name (KBOX A) is used to identify the appliance when it is listed in the fast switching drop-
down list located at the top right corner of each page. After you link the KBOX Appliance, you can manage
the linked KBOX Appliances from the KBOX Linked Appliances list page.
Only those appliances that have the same login username and password appear in the
fast switching drop-down list.
Only the linked appliances must be accessible to each other. If a hostname is specified instead of an IP
address while linking two or more appliances, the hostname entry must exist in the hosts file of the
appliance. Following combination of appliances can be linked:
KBOX 1000 and KBOX 2000 appliances
KBOX 1000 and KBOX 1000 appliances
1. Select KBOX Settings | Control Panel. The KBOX Settings: Control Panel page appears.
2. Click Linking KBOX Appliances Settings. The Linking KBOX Appliances Settings page appears.
By default, this page is disabled.
3. Click the [Edit Mode] link. This enables the Linking KBOX Appliances Settings page.
4. Select the Enable KBOX Appliance Linking check box to enable the linking.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 269
Once linking is enabled, return to the Control Panel page and click the Manage Linked KBOX
Appliances link to configure remote KBOX appliances.
After enabling linking on the KBOX appliance, the organizations of the linked KBOX
1200 appliance are listed in the fast switching drop-down list. Only those organizations
of the KBOX 1200 appliance, that have the same login username and password appear
in the fast switching drop-down list.
For linking between KBOX 1100 and KBOX 2000 or two KBOX 1100 appliances, only the
friendly name of the linked KBOX is displayed in the fast switching drop-down list.
KBOX Friendly Name This value is used by all other KBOXs as a system reference in the user
(this server) interface.
Remote Login Expiration This value corresponds to the amount of time after the initial login to this
server. You can use the fast switching drop-down to switch to a linked
KBOX Appliance without providing login credentials. After this time lapse,
provide the login credentials when switching to a linked KBOX Appliance.
Request Timeout This value corresponds to the amount of time this server waits for a remote
KBOX Appliance to respond to a linking request.
Key Fingerprint Key Fingerprint is a symbolic part of the linking key from the functionality
point of view, and is not used when linking any appliances. This key is
generated after you click Set Options.
Linking Key Linking Key is used for linking two KBOX appliances. This key is generated
after you click Set Options. Copy the Linking Key details into the other
KBOX appliance for linking them together.
6. Repeat the above steps to create linking for the other KBOX appliance.
1. Select KBOX Settings | Control Panel. The KBOX Settings: Control Panel page appears.
2. Click Linking KBOX Appliances Settings. The Linking KBOX Appliances Settings page appears. By
default, this page is disabled.
3. Click the [Edit Mode] link. This enables the Linking KBOX Appliances Settings page.
4. Clear the Enable KBOX Appliance Linking check box to disable linking.
5. Click Set Options.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 270
Manage Linked KBOX Appliances
Click the Manage Linked KBOX Appliances link on the KBOX Settings: Control Panel page for
linking other KBOX Appliances to the KBOX you configured earlier.
If KBOX linking is not enabled, you are redirected to the Linking KBOX Appliances
Settings page when you click the Manage Linked KBOX Appliances link.
For linking two KBOX appliances, the Linking Key of one KBOX appliance (for example,
KBOX A) must be copied into the other KBOX appliance (for example, KBOX B).
Similarly, the Linking Key of the “KBOX B” appliance must be copied into the “KBOX A”
appliance.
1. Select KBOX Settings | Control Panel. The KBOX Settings: Control Panel page appears.
2. Click Manage Linked KBOX Appliances. The KBOX Linked Appliances page appears.
3. Select Add New Item from the Choose action drop-down list.
The KBOX Linking Appliance: Edit Detail page is displayed.
4. Specify the following:
Remote KBOX Host Name The name of the KBOX on which linking is enabled. For example, KBOX A.
Connect using SSL Select this check box if the remote KBOX Appliance is configured for SSL.
Linking Key The linking key of the KBOX appliance on which linking is enabled. The
linking details can only be edited here.
Status Messages If the settings are configured correctly, the Connection successful
message is displayed after you click Save and Test Connection.
5. Click Save.
6. Repeat the above steps to add another KBOX appliance (for example, KBOX B).
7. Login to the previously configured KBOX appliance (for example, KBOX A) and copy the linking key.
Paste it in the Linking Key field of KBOX B.
8. Similarly, copy the linking key from the KBOX B appliance and paste it in the Linking Key field of KBOX
A.
9. Click Save.
10. Click Test Connection to verify the linking between the two linked KBOX appliances.
11. Re-login into the KBOX to see the newly updated linked KBOX Appliances with the friendly name
prefixed in the fast switching drop-down list.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 271
The KBOX Linked Appliances page contains the fields described in the table below:
Field Description
You can now navigate from one KBOX appliance to another and then back to the
previous KBOX appliance from the fast switching drop-down list using the Single Sign-
On feature. The login credentials should be same for the two KBOX appliances to be
able to get linked.
1. Select KBOX Settings | Control Panel. The KBOX Settings: Control Panel page appears.
2. Click Manage Linked KBOX Appliances. The KBOX Linked Appliances page appears.
3. Select the check box beside the KBOX Link Appliance(s) you want to delete.
4. Select Delete Selected Item(s) from the Choose action drop-down list.
5. Click OK to confirm deletion.
After a linked appliance is deleted, you can still switch between the appliances until you log off and login
again from the KBOX Server. The linked appliance will not appear in the fast switching drop-down list, and
you cannot switch between the appliances after you perform a logoff and login action.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 272
The KBOX Summary
The KBOX Summary page provides information about the configuration and operation of your KBOX
appliance. When you log on to the KBOX System Console, by default the System Home module displaying
the System Summary tab appears.
The counter automatically adjusts if the number increases beyond one hundred.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 273
Web Server Load
Displays the number of apache sockets connected to the server.
The counter automatically adjusts if the number of sockets connected increases beyond
one hundred.
Tasks in Progress
Displays the total number of tasks in progress on server.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 274
To view KBOX Summary details:
As this page is refreshed, the record count information is refreshed. A new KBOX
installations will mostly contain zero or no record counts.
KBOX Version
Provides information of the KBOX version that you are currently running.
For example, the KBOX server build at your end is 4.3.16712.
KACE comes up with a new patch for the server build 4.3.16712. The patch name is 4.3.16800 and it is
pushed to the corporate server.
If you click on the Check for upgrade button in the KBOX Settings| Server Maintenance page, the
latest build is available in the Upgrade KBOX field on the KBOX Settings: Server Maintenance page. Click
Upgrade now to upgrade your KBOX Server to the build 4.3.16800 build.
The An upgrade to 4.3.16800 is now available link also appears in the Home | Summary page.
Computer Statistics
Provides a summary of the computers on your network, including a breakdown of the operating systems in
use. In addition, if the number of computers on your network exceeds the number allowed by your KBOX
license key, you are notified of it here.
Software Statistics
Provides a summary of the software in the KBOX Inventory. The summary the number of software titles
that have been uploaded to the KBOX.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 275
Alert Summary
Provides a summary of the alerts that have been distributed to the computers on your network, separated
by message type. This also indicates the number of alerts that are active and expired.
The IT Advisory refers to the number of Knowledge Base Articles in Help Desk.
OVAL Information
Provides a summary of the OVAL definitions received and the number of vulnerabilities detected on your
network. The summary includes the date and time of the last OVAL download (successful and attempted)
and the number of OVAL tests in the KBOX, in addition to the numbers of computers that have been
scanned.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 276
C H A P T E R 15
277
Overview of Organizations
The KBOX 1000 Series System Management Appliances organization feature enables you to group
machines to allow for a high level of separation between logical areas of responsibility within a company.
These groups are referred to as an Organization. This feature is accessible to the system administrator
through the System Administrative Console. The system administrator creates these organizations and
assigns them roles to limit access to specific tabs. The administrators of each organization cannot view or
perform activities on machines that belong to other organizations other than their own.
Default Organization
The default organization will have everything coming into the KBOX. The default organization will allow the
administrator to view or perform activities on machines in all organizations. If a machine is not set in a
filter then the machine will go to the default organization.
To create an organization:
Record Created Displays the date and time that the Organization was first created.
This field is read-only.
Record Last Modified Displays the date and time that the Organization was last modified.
This field is read-only.
Name Enter the name for the new organization. This field is mandatory.
Description Enter the description for the new organization.
Role Select the appropriate role from the drop-down list.
Note: You should first create the role by going to Organizations |
Roles tab, before you can select that specific role from this list.
4. Click Save.
After clicking Save you will be taken to the next page.
5. Scroll down and click the [Edit Mode] link.
6. Enter the following information:
Record Created Displays the date and time that the Organization was first created.
This field is read-only.
Record Last Modified Displays the date and time that the Organization was last modified.
This field is read-only.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 278
Name Enter a name for the organization. This field is mandatory. This
field retains the information you specified in the previous page.
You can modify the name if required.
Description Enter the description for the organization. This field retains the
information you specified in the previous page. You can modify the
description if required.
Role Select the appropriate role from the drop-down list. This field
retains the role you selected in the previous page. You can modify
this selection if required.
Note: You must first create the role by going to Organizations |
Roles tab, before you can select that specific role from this list.
Organization Filters Select the filter that will be used to direct a new machine checking
into the KBOX, to the this organization. Press CTRL and click
to select more than one filter.
Note: You must first create the filter by going to Organizations |
Filters tab, before you can select that specific filter from this list.
Computer Count Displays the number of computers checking in to the organization.
This field is read-only.
Database Name Displays the name of the database the organization is using. This
field is read-only.
Report User Displays the report user name used to generate all reports in the
specific organization.
By having a report user name you can provide access to the orga-
nizational database (for additional reporting tools), but not give
write access to anyone.
Report User Password Enter the report user password.
Suggested
Field Notes
Setting
Communications 12:00 AM to The interval during which the KBOX Agent is allowed to
Window 12:00 AM communicate with the KBOX 1000 Series appliance. For
example, to allow the KBOX Agent to connect between
1:00 AM and 6:00 AM only, select 1:00 AM from the first
dropdown list, and 6:00 AM from the second drop-down
list.
Agent “Run interval” 1 hours The interval that the KBOX Agent will check into the KBOX
1000 Series. Each time a KBOX Agent connects, it will
reset its connect interval based on this setting. The default
setting is once every hour.
Agent “Inventory 0 The interval (in hours) that the KBOX Agent will inventory
Interval” the computers on your network. If set to zero, the KBOX
1000 Series will inventory clients at every Run Interval.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 279
Agent “Splash Page KBOX is verifying The message that appears to users when communicating
Text” your PC Configu- with the KBOX 1000 Series.
ration and man-
aging software
updates.
Please Wait...
Scripting Update 15 minutes Set the frequency with which the KBOX Agent should
Interval download new script definitions. The default interval is 15
minutes.
Scripting Ping 600 seconds Set the frequency with which the KBOX Agent should test
Interval the connection to the KBOX 1000 Series appliance. The
default interval is 600 seconds.
To view historical connection information, go to KBOX
Settings | Logs. Click Stats.
Agent Log Retention Agent Log Retention disallows the server to store the
scripting result information that comes up from the agents.
The default is to store all the results. This can have a
performance impact on the KBOX. Turning this off, gives
you less information about what each client is doing, but
will allow the agent check-ins to process faster.
8. Click Save.
Sometimes it may happen that your machine does not show up in the KBOX Inventory after installing the
KBOX Agent. By default the KBOX Agent communicates with the KBOX using http: over port 80. Assuming
network connectivity is in place, newly-installed the KBOX Agents to fail to connect to the KBOX during the
first-time setup due to the problems with the default "KBOX" host name in DNS.
1. If you set up the KBOX in your DNS using a host name other than the default "kbox", or need agents to
reach KBOX by using the IP address instead of the DNS name, you must install the KBOX Agent
specifying the SERVER property. For example,
Windows:
c:\>KInstallerSetup.exe -server=mykbox -display_mode=silent
or
c:\>KInstallerSetup.exe -server=192.168.2.100 -display_mode=silent
Macintosh®:
/Library/KBOXAgent/Home/bin/setkbox mykbox
or
/Library/KBOXAgent/Home/bin/setkbox 192.168.2.100
Linux:
/KACE/bin/setkbox mykbox
or
/KACE/bin/setkbox 192.168.2.100
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 280
Solaris:
/KACE/bin/setkbox mykbox
or
/KACE/bin/setkbox 192.168.2.100
2. To correct the server name for an already-installed client, edit the "ServerHost" value in:
Windows:
c:\program files\kace\kbox\config.xml
Macintosh®:
/var/kace/kagentd/kbot_config.yaml
Linux:
/var/KACE/kagentd/kbot_config.yaml
Solaris:
/var/KACE/kagentd/kbot_config.yaml
3. Verify that you are able to ping the KBOX and reach it via a web browser at http://kbox.
4. Verify that Internet Options are not set to use proxy, or proxy is excluded for the local network or the
KBOX.
5. Verify that no firewall or anti-spyware software is blocking communication between the KBOX and any
of the agent components, including:
KBOXManagementService.exe
KBOXClient.exe
KUpdater.exe
kagentd (OS X/ Unix)
6. Verify that the KBOXManagementService.exe (Windows) or the kagentd (OS X/ Unix) processes
are running. The agent will show up as 'perl' in the OS X Activity Monitor.
If after verifying these items, you are still unable to get the agent to connect to the KBOX, contact KACE
Support for further assistance.
To edit an organization:
Record Created Displays the date and time that the Organization was first created.
This is a read-only field.
Record Last Modified Displays the date and time that the Organization was last modified.
This is a read-only field.
Name Enter a name for the organization. This field is mandatory. This
field retains the information you specified in the previous page.
You can modify the name if required.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 281
Description Enter the description for the organization. This field retains the
information you specified in the previous page. You can modify the
description if required.
Role Select the appropriate role from the drop-down list. This field
retains the role you selected in the previous page. You can modify
this selection if required.
Note: You must first create the role by going to Organizations |
Roles tab, before you can select that specific role from this list.
Organization Filters Select the filter that will be used to direct a new machine checking
into the KBOX, to this organization. Press CTRL and click to select
more than one filter.
Note: You must first create the filter by going to Organizations |
Filters tab, before you can select that specific filter from this list.
Computer Count Displays the number of computers checking in to the organization.
This field is read-only.
Database Name DIsplays the name of the database the organization is using. This
field is read-only.
Report User Displays the report user name used to generate all reports in the
specific organization.
By having a report user name you can provide access to the
organizational database (for additional reporting tools), but not
give write access to anyone.
Report User Password Enter the report user password.
Communications 12:00 AM to 12:00 AM The interval during which the KBOX Agent is allowed to
Window communicate with the KBOX 1000 Series appliance.
For example, to allow the KBOX Agent to connect between
1:00 AM and 6:00 AM only, select 1:00 AM from the first
dropdown list, and 6:00 AM from the second drop-down
list.
Agent “Run 1 hours The interval that the KBOX Agent will check into the KBOX
Interval” 1000 Series. Each time a KBOX Agent connects, it will
reset its connect interval based on this setting. The default
setting is once every hour.
Agent “Inventory 0 The interval (in hours) that the KBOX 1000 Series appli-
Interval” ance will inventory the client computers on your network.
If set to zero, the KBOX 1000 Series will inventory clients
at every Run Interval.
Agent “Splash KBOX is verifying your The message that appears to users when communicating
Page Text” PC Configuration and with the KBOX 1000 Series.
managing software
updates. Please
Wait...
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 282
Field Suggested Setting Notes
Scripting Update 15 minutes Set the frequency with which the KBOX Agent should
Interval download new script definitions. The default interval is 15
minutes.
Scripting Ping 600 seconds Set the frequency with which the KBOX Agent should test
Interval the connection to the KBOX 1000 Series appliance. The
default interval is 600 seconds.
To view historical connection information, go to KBOX
Settings | Logs. Click Stats.
Agent Log Reten- Agent Log Retention disallows the server to store the
tion scripting result information that comes up from the
agents. The default is to store all the results. This can
have a performance impact on the KBOX. Turning this off,
gives you less information about what each client is doing,
but will allow the agent check-ins to process faster.
The default credentials admin/admin are automatically created when you create an
organization.
To delete an organization:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 283
Organizational Roles
Roles are assigned to each organization to limit access to different tabs in the Administrator Console and
the User Portal. You can restrict what tabs an organization is allowed to see when the administrator logs in
to the Administrator Console and the user logs in to the User Portal.
Following are the permissions that can be applied for each tab.
Write:
The organization will have write access for the tab. The administrator or user will be able to edit the
fields present on the screen.
Read:
The organization will have only read access for the tab. The administrator or user will be not be able to
edit the fields present on the screen. He/she will be not be able to add / edit / delete any item present
in the list.
Hide:
The tab will be hidden and the administrator or user will not be able to view that tab.
Default Role
Default role will have access to all tabs in the Administrator Console and the User Portal. The default role
will have write access for all tabs. The administrator or user will be able to edit the fields present on the
screen.
To create a role:
Record Created Displays the date and time that the Organization was first created.
This field is read-only.
Record Last Modified Displays the date and time that the Organization was last modified.
This field is read-only.
Name Enter the name for the new organization. This field is mandatory.
Description Enter the description for the new organization.
4. Under Permissions ADMIN Console, click the individual tab link to expand it. Or click the [Expand All]
link to expand all the tabs.
5. Under each tab, click the All Write option, All Read option or the All Hide option to assign the respective
permission to all the sub tabs. Or click the Custom option to assigned appropriate permission to
individual sub tabs.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 284
6. If you click Custom option, select the appropriate permission from the drop-down list next to each
tab.
7. Under Permissions USER Console, click the UserUI link to expand it.
8. Under each tab, click the All Write option, All Read option or the All Hide option to assign the respective
permission to all the sub tabs. Or click the Custom option to assigned appropriate permission to
individual sub tabs.
9. If you click Custom option, select the appropriate permission from the drop-down list next to each tab.
10. Click Save.
If you assign HIDE permission to General Settings and User Authentication under
Settings, then the Control Panel tab is hidden.
For users upgrading from 1100 to 1200: When using 1100, if you assign HIDE
permission to all tabs other than Logs and Server Maintenance under Settings. Then
after upgrading to 1200 the settings tab gets hidden from the Administrator console.
From KBOX 1000 Release 4.3 onwards, you can set and edit the permissions for Virtual
Kontainers tab from the Organization Role: Edit detail page. You must have the
appropriate KBOX license to access the Virtual Kontainer tab on this page.
To edit a role:
Record Created Displays the date and time that the Organization was first created.
This field is read-only.
Record Last Modified Displays the date and time that the Organization was last modified.
This field is read-only.
Name Enter the name for the new organization. This field is mandatory.
Description Enter the description for the new organization.
4. Under Permissions ADMIN Console, click the individual tab link to expand it. Or click the [Expand All]
link to expand all the tabs.
5. Under each tab, click the All Write option, All Read option or the All Hide option to assign the respective
permission to all the sub tabs. Or click the Custom option to assigned appropriate permission to
individual sub tabs.
6. If you click Custom option, select the appropriate permission from the drop-down list next to each tab.
7. Under Permissions USER Console, click the UserUI link to expand it.
8. Under each tab, click the All Write option, All Read option or the All Hide option to assign the
respective permission to all the sub tabs. Or click the Custom option to assigned appropriate
permission to individual sub tabs.
9. If you click Custom option, select the appropriate permission from the drop-down list next to each tab.
10. Click Save.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 285
To delete a role:
To duplicate a role:
5. Click Save.
The Associated Organizations table displays the list of organizations associated with this role.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 286
Organizational Filters
Filters are used to direct a new machine checking into the KBOX, to the appropriate organization. Each
organization can be assigned more than one filter. The filters will execute according to the ordinal specified
when the filters are created. If a machine is not set in a filter, it will go to the default organization.
A machine can be directed to the appropriate organizations, in following ways:
One or more Filters will be executed against the machine that is checking in. If one
of the filters is successful, the machine will be redirected to the correct organization.
If there is no filter that matches to the machine, it will be put into the default
organization. The system administrator can then manually move that machine from the
default organization to the appropriate organization.
If the external server requires credentials for administrative login (aka non-anonymous
login), supply those credentials. If no LDAP user name is given, then an anonymous
bind will be attempted. Each LDAP filter may connect to a different LDAP/AD server
Enabled Select the check box to enable the data filter. You have to enable
the filter in order to use it.
Name Enter a name for the filter.
Description Enter the description for the filter.
Evaluation Order Enter a number. The filter will be executed according to the evalu-
ation order specified.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 287
6. Select the condition from the drop-down list. For example, contains
7. Enter the Attribute Value. For example, XXX.XX.*
In the above example, machines from the specified IP range will be filtered and directed to the
organization to which this filter is applied.
Note: You can add more than one criteria.
8. Select the Conjunction Operator from the drop - down list to add more criteria. For example, AND.
9. Click the Add Criteria link to add one more criteria.
10. Click Save.
Enabled Select the check box to enable this filter. You have to enable the filter in order to
use it.
Name Enter a name for the filter.
Description Enter the description for the filter.
Evaluation Order Enter a number. The filter will be executed according to the evaluation order
specified.
Server Host Name (or IP ) Specify IP or Host Name of the LDAP Server.
Note: For connecting through SSL, use the IP or the Host Name, as
ldaps://HOSTNAME
LDAP Port Number Specify the LDAP Port number which could be either 389 / 636
(LDAPS).
Search Base DN Enter the Search Base DN.
For example:
CN=Users,DC=hq,DC=corp,DC=kace,DC=com
Search Filter Specify the Search Filter.
For example: (samaccountname=admin)
LDAP Login Specify the LDAP login.
For example:
LDAP Login:
CN=Administrator,CN=Users,DC=hq,DC=corp,DC=kace,DC=com
LDAP Password Enter the password for the LDAP login.
(if required)
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 288
6. Click Save.
To edit a filter:
Enabled Select the check box to enable this filter. You have to enable the fil-
ter in order to use it.
Name Enter a name for the filter.
Description Enter the description for the filter.
Evaluation Order Enter a number. The filter will be executed according to the evalu-
ation order specified.
To delete a filter:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 289
KBOX Computers
The KBOX Computers page lists all the machines that are checking into the KBOX. It displays details for
each computer such as Name, Organization - the computer is currently checking into, Last Sync - when the
computer last checked in to the KBOX, Description and the IP Address.
Advanced Search
Although you can search computer inventory using keywords like Windows XP, or Acrobat, those types of
searches might not give you the level of specificity you need. Advanced search, on the other hand, allows
you to specify values for each field present in the inventory record and search the entire inventory listing
for that value. For example, if you needed to know which computers had a particular version of BIOS
installed in order to upgrade only those affected machines.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 290
You can edit the machine filter criteria. For more information on how to edit a filter, refer to “Creating
and Editing Organizational Filters,” on page 287.
Refiltering Computer(s)
You can refilter the computers, which will recheck the computers against all filters. For example, you can
check if the filter created by you is being applied correctly to the intended computers. You first create the
new filter by going to the Organizations | Filters tab. Now in the KBOX Computers page, you refilter the
computers. The organizations column will display the new organization name in red besides the old
organization name, against those computers on which the filter has got applied.
To refilter computer(s):
Redirecting Computer(s)
You can redirect a computer to a different organization. For example, a computer is checking into
organization A, you can redirect that computer to organization B. So next time when the computer checks
in, it will check into organization B.
To redirect computer(s):
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 291
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 292
C H A P T E R 16
293
The KBOX Maintenance Overview
The KBOX Settings | Server Maintenance page allows you to perform a variety of functions to maintain and
update the KBOX 1000 Series appliance like:
Access the most recent KBOX server backups
Upgrade your KBOX 1000 Series server to newer server versions
Retrieve updated OVAL definitions
Restore to backed-up versions and also create a new backup of the KBOX 1000 Series at any time
The KBOX Settings | Server Maintenance tab also enables you to reboot and shutdown the KBOX, as
well as update the KBOX license key information.
From the Server Maintenance tab you can:
Upgrade the KBOX appliance
Update OVAL vulnerability definitions
Create a backup the KBOX appliance
Enter or update the KBOX License Key
Restore to most recent backup
Restore to factory default settings
Restore from uploaded backup files
Reboot the KBOX
Shutdown the KBOX
The following sections describe some of the most commonly used features of the KBOX Settings |
Server Maintenance tab.
1. Select KBOX Settings | Server Maintenance. The KBOX Server Maintenance page appears.
2. Scroll down and click the [Edit Mode] link.
3. Click Check for Upgrade.
If the upgrade is available, the label Available Upgrade along with the build number is displayed. Click
the [Release Notes] link to view the release notes of the available build.
If the upgrade is not available, the label ‘Your KBOX is up to date’, is displayed.
4. Click Upgrade Now to upgrade to the available build. When the KBOX has finished upgrading the
latest updates, your KBOX will reboot with the latest features.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 294
Backing up the KBOX Data
By default, the KBOX 1000 Series automatically takes backup at 2:00 AM and creates two files on the
backup drive: kbox_dbdata.gz, containing the database backup, and kbox_file.tgz, containing any files and
packages you have uploaded to the KBOX 1000 Series appliance.
1. Select KBOX Settings | Server Maintenance. The KBOX Server Maintenance page appears.
2. Click the backup links on the sidebar.
3. Click Save in the alert that appears, then specify a location for the files.
4. Browse to the location where you want to store the files, then click Save.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 295
2. At the C:\ prompt, type:
ftp kbox
3. Enter the following login credentials:
Username: kbftp
Password: getbxf
4. Type the following ftp commands:
1. Click KBOX Settings | Server Maintenance. The KBOX Server Maintenance page appears.
2. Scroll down and click the [Edit Mode] link.
3. Click the Restore from Backup button.
1. Click KBOX Settings | Server Maintenance. The KBOX Server Maintenance page appears.
2. Scroll down and click the [Edit Mode] link.
3. In the Database Backup Files field, click Browse and locate the backup file.
4. In the KBOX Backup Files field, click Browse and locate the backup file.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 296
5. Click Restore from Upload Files.
1. Click KBOX Settings | Server Maintenance. The KBOX Server Maintenance page appears.
2. Scroll down and click the [Edit Mode] link.
3. Click the Restore Factory Settings button.
1. Open your browser and go to the URL for the KBOX appliance (http://kbox/admin).
2. Click the About KBOX link located at the bottom of the page.
Server Version
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 297
Updating the license key
After installing an upgrade to the KBOX server, you may need to enter a new KACE license key to fully
activate the KBOX. You should have the new license key to upgrade your KBOX 1000 Series appliance.
1. Select KBOX Settings | Server Maintenance. The KBOX Server Maintenance page appears.
2. Scroll down and click the [Edit Mode] link.
3. Under License Information, enter your new license key
4. Click Save License.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 298
Patch Definitions
Although the definitions for Microsoft patches are updated automatically on a scheduled basis, you can
retrieve the latest files manually from the Server Maintenance page.
1. Select KBOX Settings | Server Maintenance. The KBOX Server Maintenance page appears.
2. Scroll down and click the [Edit Mode] link.
3. Click Update Patching to update your patch definitions.
1. Select KBOX Settings | Server Maintenance. The KBOX Server Maintenance page appears.
2. Scroll down and click the [Edit Mode] link.
3. Click Delete Patch All files to delete all the patch files downloaded.
4. Click Delete Unused Patch files to delete unused downloaded patch files.
Enhanced Content
You can enable or disable Enhanced Content as follows:
1. Select KBOX Settings | Server Maintenance. The KBOX Server Maintenance page appears.
2. Scroll down and click the [Edit Mode] link.
3. Click Enable Enhanced Content to switch to the EC (Enhanced Content) Mode.
1. Select KBOX Settings | Server Maintenance. The KBOX Server Maintenance page appears.
2. Scroll down and click the [Edit Mode] link.
3. Click Disable Enhanced Content to switch to the Non-EC (Enhanced Content) Mode.
After changing the EC mode, you should update patches. Click Update Patching
besides Update Patch Definitions from KACE field to do so.
The Patch Subscription Settings page displays the language support only when EC
is enabled.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 299
The following table depicts the difference between EC Mode and Non-EC Mode:
You can use the Reboot and Shutdown buttons after you click the "Edit Mode" link at
the bottom of the page.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 300
Troubleshooting the KBOX
The KBOX provides several log files that can help you detect and resolve errors. The log files are rotated
automatically as each grows in size so no additional administrative log maintenance procedures are
required. Log maintenance checks are performed daily.
The KBOX maintains the log of all the activities performed in the last seven days. KACE Technical Support
may request that you send the KBOX Server logs if they need more information in troubleshooting an
issue. To download the logs, click the Download Logs link. For more information, see “Downloading Log
Files,” on page 301.
Hardware Disk Status Displays the status of the KBOX disk array.
Server KBOX Log Displays the errors generated on the server.
Access Displays the HTTP Server's access information.
Server errors Displays errors or server warnings regarding any of the onboard server
processes.
Stats Displays the number of connections the KBOX is processing over time.
Updates Displays details of any KBOX patches or upgrades applied using the
Update KBOX function.
Client Client Errors Displays the KBOX Agent exception logs.
AMP Server Displays AMP server errors.
AMP Queue Displays AMP Queue errors.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 301
KBOX Agent—Enable debug logging on the KBOX Agent to troubleshoot machine inventory,
managed installations, and file synchronizations
KBOX AMP Service—Enable debug logging on the windows KBOX Agent to troubleshoot the on-
demand running of Desktop Alerts, Run-Now scripts, and Patching. You can enable debug logging by
configuring AMP Settings. For information on how to configure AMP Settings page, refer to Chapter
1,“Configuring AMP Settings for the Server,” starting on page 24.
Windows Debugging
Stop the KBOX management service and edit the file: C:\Program Files\KACE\KBOX\config.xml and change
the value of the debugLoggingEnabled flag to read:
<debugLoggingEnabled>true</debugLoggingEnabled>
Now restart the KBOX Management service. This will cause KBOXManagementService to log additional
debugging information to the file KBOT_LOG.txt
Create an empty file with the name: C:\Program Files\KACE\KBOX\KBCLIENT_DEBUG. This will cause
KBOX Client to log debug information to a file in the same directory named debug.log
The KBOX Client debug log file documents the details of gathering machine inventory, executing custom
inventory rules, and outputs the managed installs and file synchronizations to be run based on interaction
with the KBOX server. If an installation fails, it is possible to duplicate the issue using the same command
found in the debug.log file and run locally on the client machine. If there are any errors they can be tested
and investigated on the client machine.
The AMP service can be debugged by adding the following to the c:\program files\kace\kbox\AMP.conf file
debug=true
For information on debug logging on Linux, Solaris, and Macintosh® platforms, refer to
Appendix D,“Manual Deployment of the KBOX Agent,” starting on page 342.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 302
Understanding Disk Log Status Data
The log you are likely to interact with most often when troubleshooting the KBOX is the Disk Status log. If
there is a physical problem with the KBOX, that issue should be reflected here.
The KBOX 1000 Series Server and the KBOX Agent exceptions are reported every night to kace.com if you
enabled crash reporting on the KBOX Settings | General tab.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 303
Error Status is displayed
here
The figures above display the difference in the Disk status log when no error is found and when an error
exists. Although this section does not describe every possible error message that could be displayed here,
many of the errors that occur can be resolved by following the same set of steps:
Step Description
Step 1: Rebuild If the disk status log error reads “Degraded” this is an indication that you
need to rebuild the array. To do this, click the Rebuild Disk Array but-
ton. Rebuilding can take up to 2 hours. If the error continues to display,
proceed to step 2.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 304
Step Description
Step 2: Power Down and In some cases, the degraded array may be caused by a hard-drive that is
Reseat the Drives no longer seated firmly in the drive-bay.
In these cases, the disk status will usually show "disk missing" for that
drive in the log. Power down the KBOX 1000 Series.
Once the appliance is powered off, eject each of the hard-drives and then
re-insert them, making sure that the drive is firmly in the bay.
Power the machine back on and then look again at the disk status log to
see if that has resolved the issue.
If an error state still exists, try rebuilding again or proceed to Step 3.
Step: Call KACE If you have the previous steps and are still experiencing errors, please
Technical Support contact KACE Technical Support by e-mail (support@kace.com) or
phone (888) 522-3638 option 2.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 305
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 306
C H A P T E R 17
307
The KBOX Reports Overview
The KBOX appliance ships with many included stock reports. The reporting engine utilizes XML-based
report layouts to generate reports in HTML, PDF, CSV, XSL and TXT formats.
By default, the KBOX appliance provides reports in the following general categories:
Compliance
Hardware
KBOX
Network
Patching
Security
Software
Template
Types of Reports
Within each of the general categories mentioned above, there are various reports you can run to display
information about the computers on your network. Descriptions of each type of report you can run are
provided below.
Compliance Hotfix Compliance Shows which computers have the specified hot-
fix installed.
Compliance Software Compliance Simple Lists the licenses and counts like the License list
page with details such as vendor, PO#, and
Notes.
Compliance Software License Compliance Lists software and computers that are impacted
Complete by each license record.
Compliance Unapproved Software Lists software found on computers that do not
Installation have approved licenses.
Hardware C drives less than 2G free Shows which computers have less than 2
gigabytes of free space.
Hardware Computer - Video/Ram/Proc by Lists all computers and their video, RAM and
Label processor information sorted by label and name.
Hardware Computer Export This report is intended to generate a CSV listing
for data export to other programs.
Hardware Computer Inventory Detail Detail listing of all computers on the KBOX
Appliances network with full field detail.
Note: When this report is opened in XLS format,
it gives an Apache Tomcat error.
Hardware Computer Listing by Free Disk Lists computer disk drives in order of total free
Space disk space.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 308
Category Report Description
Hardware Computer Listing by Label Lists all computers by all the KBOX labels.
Hardware Computer Listing by Memory Lists computer RAM in order of total memory
size.
Hardware Computer Listing by Operating Sorts all computers by Operating System type
System and sums OS Types.
Hardware Computer Uptime Report Reports the uptime of the computers.
KBOX Boot/Login Policies Lists all the activities that could happen at
machine boot time or after the user logs in.
KBOX KBOX Agent Roll Out Log Reports when a computer record was first cre-
ated.
KBOX KBOX Communication Lists by day the latest communication from com-
puters on the network.
KBOX MI's enabled on all machines Lists all the managed installations that are
enabled on all machines.
KBOX Scripts enabled on all machines This report lists the scripts that are enabled on
all machines.
Network Network Info - Domain Listing This report lists computers groups and comput-
ers by domain/workgroup.
Network Network Info - IP Address Lists computers in ascending order of IP Address
Listing
Network Network Scan Report Displays the results of the nightly Network Scan.
Patching Critical Bulletin List Lists all critical bulletins.
Patching For each Machine, what Lists of all patches on each computer in the
patches are installed KBOX network.
Patching For each Patch, what machines Lists the computers having each software patch
have it installed in inventory.
Patching How many computers have Software Inventory listing sorted by software
each Patch installed title showing number of seats deployed.
Patching Installation Status of each Lists the installation status of each enabled
enabled Patch patch.
Patching Needs Review Bulletin List List of all the Bulletins that need review.
Patching Patches waiting to be deployed Lists all patches waiting to be deployed.
Security Number of machines with OVAL Lists, for each OVAL test, how many machines
vulnerabilities failed the test and are therefore vulnerable.
Security OVAL Machine Report Reports all the machines and the OVAL tests
failed by each of them.
Security SANS Top 10 - Q2 2005 Reports all OVAL results from vulnerabilities
reported by SANS.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 309
Category Report Description
Security Threatening Items Displays all items of threat level 4 or 5 and the
computers which have them.
Security Top 10 OVAL Vulnerabilities Displays a Pie graph of the top 10 OVAL vulnera-
bilities that have been reported by the OVAL
scan.
Software Software Export Generates a CSV listing for data export to other
programs.
Software Software Installed But Not Used Lists, by software item, where software has
Last 6 Months been installed but not been used according to
the software metering. This only works when
you have attached the metering to a particular
software item which limits you to a particular
version of software.
Software Software Inventory By Vendor Software Inventory listing grouped by vendors
showing number of seats deployed.
Software Software Listing By Label Lists all software titles organized by all the KBOX
labels.
Software Software not on any computer Listing of all software titles that are not currently
installed on any computers.
Software Software on Computer Listing of all software on each computer in the
KBOX network.
Software Software OS Report List showing the count of Operating Systems
currently deployed on your network.
Software Software Title & Version - Com- This report lists the computers having each soft-
puter List ware title in the inventory.
Software Software Title - Computer List This report lists the computers having each soft-
ware title in the inventory.
Software Software Title - Computer List This report lists computers having each
(MS Only) Microsoft software title in the inventory.
Software Software Title Deployed Count Software Inventory sorted by software titles
showing number of seats deployed.
Template Computer Listing - XP SP2 Lists all computers, and identifies whether XP
installed? SP2 is installed or not. Change 'Windows XP Ser-
vice Pack 2' to any other Software title you are
interested in. Sorted by installation status.
Template Computer Listing with Software Computer Listing sorted by LABEL with comput-
Template ers having software names like "Microsoft Office
Professional%".
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 310
Category Report Description
Template Custom Inventory Template Reports the values returned by a custom inven-
tory rule that you can setup in the Software
Item page. Change 'McAfeeDATFile' to be the
name of the Software item with the Custom
Inventory Rule in it.
Template Log File Information Template This is a template that lists the values returned
from a 'Log File Information' action in a script.
Replace 'AccessedDate: ' with the actual
attribute that you returned.
Template Log Registry Value Template This template lists the values returned from a
script using the 'Log Registry Value' action.
Replace the value '!doc =' with the appropriate
value name that you entered in the script.
Template Machines By Label X with Soft- Reports all the machines in label(s) and indi-
ware Y Installed cates if they have a particular software product
installed. Replace the KBOX with the name of
the software you are looking for and QA_LABEL
and KBOX_LABEL with the labels of the
machines you want included.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 311
Running Reports
To run any of the KBOX reports, click the desired format (HTML, PDF, CSV, XLS or TXT). For the HTML
format, the report is displayed in a new window. If you select PDF, CSV, XLS or TXT formats, you can open
the file or save it to your computer.
Report Title Enter a display name for the report. Make this as descriptive as pos-
sible, so you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already
exist, it is added to the drop-down list on the Reports list page.
Description Describe the information that the report provides.
4. Click the appropriate topic name from the Available Topics list. For example, software.
5. Click the Table presentation type icon.
6. Click Next.
7. To choose table columns:
a Click the Appropriate column name from the Available columns list.
b Click to add that column to the Display Columns list. You can change the column order by
clicking or .
c To remove a column from the Display list, click the appropriate column and click .
8. Click Next.
9. To define the criteria for displaying records in the report:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 312
a Click the Appropriate field name from the Available Fields list. Columns that you chose in the
previous step appear under display fields. You can also choose a field from among all fields available
for that topic. For example, Threat Level.
b Click Add.
c Select the appropriate operator from the comparison drop-down list. For example, Greater Than.
d Enter the appropriate value in the text field. For example, 3.
This rule filters the data and display only software that has Threat Level greater than 3.
e Click OK. The rule is added in the list of Current Rules. You can add more than one rule.
b Click to add that column to the Display Columns list. You can change the column order by
clicking or .
c To remove a column from the Display list, click the appropriate column and click .
12. Click Next.
13. You can customize the report layout. You can drag to set column order, width and add spacers. You
can drag and drop between columns as well as between columns and spacer. Click on the column and
report headings for further menu of labels, grouping, summary and other options.
The options available are as follows:
Title Click on the title displayed before spacer to display the field name of spacer, Add as a
group and Add as a column options.
Spacer Click on spacer to display the field name of spacer and Add as a column options.
Column Click on column to display the column name, change label, switch to group, remove col-
umn, summaries and move to right or left depending upon the column alignment options.
14. Click Save to save the report. The KBOX Reports page is displayed with the new report in the list. To
run the new report, click the desired format (HTML, PDF, CSV, XLS or TXT). For the HTML format, the
report is displayed in a new window. If you select PDF, CSV, XLS or TXT formats, you can open the file
or save it to your computer.
You can jump to steps 1-5 of the Reporting Wizard Step. Step 1 and 2 are mandatory
and can not be left blank.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 313
To create a new report using the chart presentation type:
Report Title Enter a display name for the report. Make this as descriptive as pos-
sible, so you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already
exist, it is added to the drop-down list on the Reports list page.
Description Describe the information that the report provides.
4. Click the appropriate topic name from the Available Topics list. For example, software.
5. Click the Chart presentation type icon.
6. Click Next.
7. To choose table columns:
a Click the Appropriate column name from the Available columns list.
b Click to add that column to the Display Columns list. You can change the column order by
clicking or .
c To remove a column from the Display list, click the appropriate column and click .
8. Click Next.
9. To define the criteria for displaying records in the report:
a Click the Appropriate field name from the Available Fields list. Columns that you chose in the
previous step appear under display fields. You can also choose a field from among all fields available
for that topic. For example, Threat Level.
b Click Add.
c Select the appropriate operator from the comparison drop-down list. For example, Greater Than.
d Enter the appropriate value in the text field. For example, 3.
This rule filters the data and display only software that has Threat Level greater than 3.
e Click OK. The rule is added in the list of Current Rules. You can add more than one rule.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 314
Line: Displays categories or dates along the X-axis, values along the Y-axis.
12. Select the appropriate category field from the Category Field drop-down list.
13. Select the summary from the Summary drop-down list, beside appropriate Value field name. If you
have more than one Value field, you can change the value field order by clicking or .
14. Select the Show legend check box if you want to display a legend in the chart.
15. Specify the Chart width and Chart height in pixels, in the text fields.
16. Click Save to save the report.
The KBOX Reports page is displayed with the new report in the list.
You can jump to steps 1-5 of the Reporting Wizard Step. Step 1 and 2 are mandatory
and can not be left blank.
Title Enter a display name for the report. Make this as descriptive as possible, so
you can distinguish this report from others.
Report Category Enter the category for the report. If the category does not already exist, it
is added to the drop-down list on the Reports list page.
Output File Name Enter the name for the file that is generated, when this report is run.
Description Describe the information that the report provides.
Output Types Specify the formats that should be available for this report.
SQL Select Statement Enter the query statement for generating the report data. For reference,
consult the MYSQL documentation.
Break on Columns A comma-separated list of SQL column names. The report is generated
break headers and sub totals for these columns. This setting refers to the
auto-generated layout.
Query All Orgs Select this check box to query the databases of all organizations.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 315
XML Report Layout When checked, this option creates the XML layout based on the SQL you
enter. Select this check box if you have changed the columns that are being
returned by the query so that the XML Report Layout is regenerated using
the new columns.
For assistance with formatting the report XML, JRXML format is used. You can use
iReports to design reports with JRXML. The documentation is available a http://
jasperforge.org/jaspersoft/opensource/business_intelligence/ireport/.
Once you click the Save button, the report wizard is disabled for that report.
Title Edit the display name for the report if required. Make this as descriptive as
possible, so you can distinguish this report from others.
Report Category Edit or enter the category for the report. If the category does not already
exist, it is added to the drop-down list on the Reports list page.
Output File Name Edit or enter the name for the file generate when this report is run.
Description Describe the information that the report provides.
Output Types Select the appropriate formats that should be available for this report.
SQL Select Statement Edit or enter the query statement for generating the report data. For refer-
ence, consult the MYSQL documentation.
Break on Columns A comma-separated list of SQL column names. The report is generated
break headers and sub totals for these columns. This setting refers to the
auto-generated layout.
XML Report Layout Select this check box if you have changed the columns that are being
returned by the query so that the XML Report Layout is regenerated using
the new columns. This option creates the Report XML layout based on the
SQL you enter. You can edit, if necessary.
Note: If you have just changed a sort order or a where clause, you need
not recreate the layout.
6. Click Save.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 316
Editing the SQL of a report disables modifying it with the Report Wizard.
1. Click on existing SQL report. The KBOX Report : Edit Detail page appears.
2. Click Preview to view the report. You can customize the report by changing its title, SQL query, or
layout.
3. Click Preview to view the customized report.
Scheduling Reports
Reports can be scheduled from the Schedule Reports tab. From the Report Schedules List page you can
open existing schedules, create new schedules, or delete them. You can also search schedules using
keywords.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 317
2. Select Create a New Schedule from the Choose action drop-down list. The Schedule Reports: Edit
Detail page appears.
3. Specify the following schedule details:
Record Created Displays the date and time when the schedule was first created. This field is
read-only.
Record Last Modified Displays the date and time that the schedule was last modified. This field is
read-only.
Schedule Title Enter a display name for the schedule. Make this as descriptive as possible,
so you can distinguish this schedule from others.
Description Enter the information that the schedule would provide.
Report to Schedule Select the appropriate report you would like to schedule. You can filter the
list by entering any filter options.
Report Output Click the desired output report format (HTML, PDF, Excel, CSV, or TXT) that
Formats should be available for this scheduled report.
Recipients
Click the icon to enter the recipient’s e-mail address, or
choose Select user to add from the drop-down list. This
is a mandatory filed.
Email Notification
Subject Enter the subject of the schedule. The subject can help to
quickly identify what the schedule is about.
Message Text Enter the message text in the notification.
Don’t Run on a Schedule Select to run the schedules in combination with an event rather
than on a specific date or at a specific time.
Run Every n hours Select to run the schedules at the specified time.
Run Every day/specific day at Select to run the schedules on specified day at the specified time.
HH:MM AM/PM
Run on the nth of every month/ Select to run the tests on the specified time on the 1st, 2nd, or
specific month at HH:MM AM/PM any other date of every month or only the selected month.
To run a schedule:
To delete a schedule:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 318
Exporting Reports
You can export the existing reports of individual organizations in the .jrxml format, which can be viewed
through iReport.
You can customize the exported report by changing the layout, font size or background color in iReport
and import this customized report in the KBOX.
To export a report:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 319
Importing Reports
You can import an existing report exported or a new report created in the .jrxml format, using the iReport
wizard.
The Reporting module of the KBOX currently does not support the subreport feature
of JasperReports.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 320
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 321
A P P E N D I X A
Macintosh® Users
322
Inventory
The KBOX 1000 Series Inventory feature lets you identify machines and software on your network and
organize computers by using labels and filters. Inventory is collected by the KBOX Agent and reported
when computers check in with the KBOX 1000 Series. The data is then listed on one of the following
Inventory tabs:
Computers
Software
MIA
The inventory data is collected automatically according to the schedule specified under the KBOX Agent
Settings. For information on how to change the Agent settings, Refer to Chapter 2,“KBOX Agent
Settings,” starting on page 44.
You can search for Macintosh® machines in the Computer Search & Filter page using Advanced search.
In the Advanced Search sub tab you can search for Macintosh® machines using attributes like OS
Name, and so on. For more information on how to use Advanced Search, Refer to Chapter 3,“Using
Advanced Search for Computer Inventory,” starting on page 56.
You can use the Create Notification feature to search the inventory for Macintosh® machines that meet
certain criteria, such as disk capacity or OS version, and then send an e-mail automatically to an
administrator. For example, if you wanted to know when computers had a critically low amount of disk
space left, you could specify the search criteria to look for a value of 5 MB or smaller in the Disk Free field,
and then notify an administrator who can take appropriate action. For more information on how to create
notifications, Refer to Chapter 3,“Creating Computer Notifications,” starting on page 57.
Filtering provides a way to dynamically apply a label based on search criteria. It is often helpful to define
filters by inventory attribute. For example, you could create a label called “San Francisco Office” and create
a filter based on the IP range or subnet for machines in San Francisco. Whenever machines check in that
meet that attribute, they would receive the San Francisco label. This is particularly useful if your network
includes laptops that often travel to remote locations.
You can also create a label to group all your Macintosh® machines. Once grouped by a label, software,
reports, or software deployments on your Macintosh® machines can all be managed very easily. For more
information on the labeling feature, Refer to Chapter 3,“Labels,” starting on page 84.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 323
Distribution
The KBOX 1000 Series Distribution feature provides various methods for deploying software, updates, and
files to computers on your network.
Managed Installations enable you to deploy software to the computers on your network that require an
installation file to run. You can create a Managed Installation package from the Distribution | Managed
Installation page.
From the Managed Installations tab you can:
Create or delete Managed Installations
Execute or disable Managed Installations
Specify a Managed Action
Apply or remove a label
Search Managed Installations by keyword
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 324
5. If you have selected a zip/tgz/tar.gz file, then the contents will be unpacked and the root directory is
searched for all .pkg files. The installation command will be run against each of these .pkg files. The
KBOX will search for all the .pkg files on the top level of an archive and execute that same installer
command on all the files in alphabetical order. After that, the KBOX will search for all plain applications
(.app) on the top level of the archive and copy them to /Applications with the following command:
ditto -rscs Application.app /Applications/Application.app
If you wish to execute a script or change any of the above mentioned command lines, you can specify
the appropriate script invocation as the Full Command Line. You can specify wildcard in the filenames
you use. Enclose the filename in single or double quotation marks if it contains spaces. The files will be
extracted into a directory in "/tmp" and that will become the current working directory of the
command.
On MacOS, you do not need to include any other files in your archive other than your
script if that's all you wish to execute.
Ensure that you specify the relative path to the executable in the Full Command Line field, if you wish
to execute a shell script or other executable that you have included inside an archive. Remember, you'll
be executing your command inside a directory alongside the files which have been extracted. For
example, if you want to run a file called "installThis.sh", you would package it up alongside a .pkg file
and then put the command "./installThis.sh" in the Full Command Line field. If you archived it inside
another directory, like "foo", the Full Command Line field should be "./foo/installThis.sh".
Both these examples, as well as some other KBOX functions, assume that "sh" is in root's PATH. If
you're using another scripting language, you may need to specify the full path to the command
processor you wish to run in the Full Command Line, like "/bin/sh ./installThis.sh". Be sure to include
appropriate arguments for an unattended, batch script.
If you select the uninstall check box in the MI detail, the KBOX will remove each .app it finds in the top
level of your archive from the Applications folder. Thus, if you include two files in your archive named
"MyApp.app" and "MyOtherApp.app", those two applications will disappear from your Applications
folder if they exist there.
Uninstallation in this way will be performed only if the archive or package is downloaded to the client. If
you select the check box for "Run Command Only", you should specify a full command line to ensure
the correct removal command is run on the correct package. Since no package is downloaded in this
case, you should specify the path in the installation database where the package receipt is stored or
run the correct file removal command to delete the files from the Applications folder. In that case, you
can download a script inside an archive and run the script on the Full Command Line.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 325
6. If your package requires additional options, you can enter the following installation details:
Run Parameters You can not apply "Run Parameters" to the above mentioned com-
mands.
Full Command Line You do not need to specify a full command line. The server executes
the installation command by itself. The Macintosh® client will try to
install this via:
installer -pkg packagename.pkg -target / [Run Parameters]
or
ditto -rsrc packagename.app /Applications/theapp
If you do not want to use the default command at all, you can replace
it completely by specifying the complete command line here. Remem-
ber that if you have specified an archive file, this command will run
against all of the .pkg files or .app files it can find.
Un-Install using Full Select this check box to uninstall software. If the Full Command Line
Command Line above is filled in, it will be run. Otherwise, by default the agent will
attempt the command, which is generally expected to remove the
package.
Run Command Only Select this check box to run the command line only.This will not down-
load the actual digital asset.
Notes Enter additional information in this field, if any.
Managed Action Managed Action allows you to select the most appropriate time for this
package to be deployed. Execute anytime (next available) and
Disabled are the only options available for Macintosh® platform.
Deploy to All Machines Select this check box if you want to deploy to all the machines.
Limit Deployment To Select a label to limit deployment only to machines grouped by that
Selected Labels label. Press Command and click labels to select more than one label.
If you have selected any label that has a replication share or an alter-
nate download location specified, then the KBOX will copy digital
assets from that replication share or alternate download location
instead of downloading them directly from the KBOX.
Note: The KBOX will always use a replication share in preference to an
alternate location.
Limit Deployment To Listed You can limit deployment to one or more machines. From the drop-
Machines down list, select a machine to add to the list. You can add more than
one machine. You can filter the list by entering filter options.
Deploy Order The order in which software should be installed. Lower deploy order
will deploy first.
Max Attempts Enter the maximum number of attempts, between 0 and 99, to indi-
cate the number of times the KBOX 1000 Series appliance will try to
install the package. If you specify 0, the KBOX will enforce the instal-
lation forever.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 326
Deployment Window(24H Enter the time (using a 24 hr. clock) to deploy the package. Deploy-
clock) ment Window times affect any of the Managed Action options. Also,
the run intervals defined in the System Console, under Organiza-
tions | Organizations for this specific organization, override and/or
interact with the deployment window of a specific package.
9. Click Save.
For more information about Distribution, Refer to Chapter 6,“Distribution,” starting on page 102.
For more information about Managed installations, Refer to Chapter 6,“Managed Installations,” starting on
page 106.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 327
Patching
The KBOX 1000 Series Patching feature enables you to quickly and easily deploy patches to your network.
The Detect and Deploy Patches feature allows you to create schedules for detecting and deploying
patches. Patching schedules are used to define when patch detection and deployment will run on a set of
machines. For more information about Detect and Deploy patches, Refer to Chapter 9,“Detect and Deploy
Patches,” starting on page 172.
The Patch Listing feature allows you to review the list of available patches. You can search for
Macintosh® patches in the Patching Listing page by selecting the appropriate Macintosh® operating
system under View by Operating System from the View by drop-down list. Refer to Chapter 9,“Patch
Listing,” starting on page 169.
You can use the Advanced Search feature to search for Macintosh® patches. In the Advanced Search
sub tab you can select the appropriate Macintosh® operating system from the OS drop-down list. For more
information on how to use Advanced Search, Refer to Chapter 9,“Using Advanced Search for
Patching,” starting on page 170.
You can use the Filter feature to automatically search the patch list using predefined search criteria. In
the Filter sub tab you can select the appropriate Macintosh® operating system from the OS drop-down list.
To allow the KBOX to download Apple Security updates for Macintosh®, you need to select the appropriate
operating system from the Macintosh Platform list in the Patch Subscription Settings page. You can
select more than one Macintosh® operating system. For more information on patch download settings,
Refer to Chapter 9,“Subscription Settings,” starting on page 169.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 328
Asset Management
The KBOX 1000 Series allows you to manage and track assets in your environment in a flexible and
customizable way. By establishing asset types and relationships to other asset types and other objects in
the KBOX, you will be able to report on existing assets as well as track licensing and cost information in a
way that works for you in your environment.
For more information about Asset Management Refer to, Chapter 4,“Asset Management,” starting on
page 86.
AppDeploy Live
AppDeploy.com contains information on installation, deployment and systems management automation.
By putting all of the relevant information in one place, it eliminates the need for searching answers
through vendor sites, discussion boards and technical publications. It offers computer administrators an
easy way to search for answers and solutions.
For more information about AppDeploy Live, Refer to Chapter 3,“AppDeploySM Live,” starting on page 76.
Reporting
The KBOX 1000 Series provides a variety of alert and reporting features that enable you to communicate
easily with users and to get a detailed view of the activity on your network. The KBOX 1000 Series ships
with many included stock reports. The reporting engine utilizes XML-based report layouts to output report
types of HTML, PDF, CSV, and TXT.
You can view various types of reports like, Computer Listing By Label, Computer Listing By Operating
System, Patches installed, Software OS Report - Graph, and so on.
For more information on Reporting, Refer to Chapter 12,“Reporting,” starting on page 225.
Logs
The KBOX provides several log files that can help you detect and resolve errors. The KBOX maintains the
last seven days of activity in the logs. KACE Technical Support may request that you send the KBOX Server
logs if they need more information in troubleshooting an issue. To download the logs, click the Download
Logs link. For more information, Refer to Chapter 16,“Downloading Log Files,” starting on page 301. You
can access the KBOX Server logs by going to the KBOX Settings | Logs tab.
For more information on KBOX Logs, Refer to Chapter 16,“Troubleshooting the KBOX,” starting on
page 301.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 329
A P P E N D I X B
330
Adding Steps to Task Sections
Refer to the following table when adding steps to a Policy or Job task. These are the steps available in the
step drop-down lists in the Verify, On Success, Remediation, On Remediation Success, and On Remediation
Failure sections of a task. The Column headings V, OS, R, ORS, and ORF indicate whether a particular step
is available in the corresponding Task sections.
Always Fail X X
Call a Custom DLL Call function "%{procName}" from X X X
Function "%{path}\%{file}"
Create a Custom Create object "%{className}" from X X X
DLL Object "%{path}\%{file}"
Create a message Create a message window named X X X X X
window "%{name}" with title "%{title}", message
"%{message}" and timeout "%{timeout}"
seconds.
Delete a registry Delete "%{key}" from the registry. X X
key
Delete a registry Delete "%{key}!%{name}" from the reg- X X
value istry.
Destroy a message Destroy the message window named X X X X X
window "%{name}".
Install a software Install "%{name}" with arguments X X
package "%{install_cmd}".
Note: This step requires you to choose
from a list of software packages already
uploaded using the functionality in the
Inventory/Software tab. For more infor-
mation, see “Adding Software to Inven-
tory,” on page 68.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 331
Step Description V OS R ORS ORF
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 332
Step Description V OS R ORS ORF
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 333
Step Description V OS R ORS ORF
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 334
Step Description V OS R ORS ORF
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 335
A P P E N D I X C
Database Tables
336
The KBOX Database Tables
Refer to the following table when creating custom reports for a specific organisation. For more
information, see Chapter 12,“Reporting,” starting on page 225.
Table Used In
ADVISORY HelpDesk
ADVISORY_LABEL_JT HelpDesk
ASSET Asset
ASSET_DATA_1 Asset
ASSET_DATA_2 Asset
ASSET_DATA_3 Asset
ASSET_DATA_4 Asset
ASSET_DATA_5 Asset
ASSET_DATA_6 Asset
ASSET_DATA_7 Asset
ASSET_DATA_8 Asset
ASSET_FIELD_DEFINITION Asset
ASSET_FILTER Asset
ASSET_HIERARCHY Asset
ASSET_HISTORY Asset
ASSET_TYPE Asset
AUTHENTICATION KBOX
CLIENTDIST_LABEL_JT KBOX
CLIENT_DISTRIBUTION KBOX
CUSTOM_FIELD_DEFINITION Custom Fields
CUSTOM_VIEW Custom View
FILTER Labeling
FS File Synchronization
FS_LABEL_JT File Synchronization
FS_MACHINE_JT File Synchronization
GLOBAL_OPTIONS KBOX
HD_ATTACHMENT Help Desk
HD_CATEGORY Help Desk
HD_EMAIL_EVENT Help Desk
HD_IMPACT Help Desk
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 337
Table Used In
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 338
Table Used In
LABEL Labeling
LDAP_FILTER Labeling
LDAP_IMPORT_USER User
LICENSE Inventory
LICENSE_MODE Inventory
MACHINE Inventory
MACHINE_CUSTOM_INVENTORY Inventory
MACHINE_DISKS Inventory
MACHINE_KUID Inventory
MACHINE_LABEL_JT Inventory
MACHINE_NICS Inventory
MACHINE_NTSERVICE_JT Inventory
MACHINE_PROCESS_JT Inventory
MACHINE_REPLITEM Replication
MACHINE_SOFTWARE_JT Inventory
MACHINE_STARTUP_PROGRAMS Inventory
MACHINE_STARTUPPROGRAM_JT Inventory
MESSAGE Alerts
MESSAGE_LABEL_JT Alerts
MI Managed Installs
MI_ATTEMPT Managed Installs
MI_LABEL_JT Managed Installs
METER Software Metering
METER_COUNTER Software Metering
MSP_MI_TEMPLATE Patching
NODE Network Scan
NODE_LABEL_JT Network Scan
NODE_PORTS Network Scan
NODE_SNMP_IF Network Scan
NODE_SNMP_SYSTEM Network Scan
NOTIFICATION Alerts
NTSERVICE Inventory
NTSERVICE_LABEL_JT Inventory
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 339
Table Used In
OPERATING_SYSTEMS Inventory
OVAL_STATUS OVAL
PORTAL User Portal
PORTAL_LABEL_JT User Portal
PROCESS Inventory
PROCESS_LABEL_JT Inventory
PROVISION_CONFIG Provisioning
PROVISION_NODE Provisioning
REPLICATION_LANGUAGE Replication
REPLICATION_PLATFORM Replication
REPLICATION_SCHEDULE Replication
REPLICATION_SHARE Replication
REPORT Reporting
REPORT_FIELD Reporting
REPORT_FIELD_GROUP Reporting
REPORT_JOIN Reporting
REPORT_OBJECT Reporting
REPORT_SCHEDULE Reporting
SCAN_FILTER Labeling
SCAN_SETTINGS Network Scan
SOFTWARE Inventory
SOFTWARE_LABEL_JT Inventory
SOFTWARE_OS_JT Inventory
STARTUPPROGRAM Inventory
STARTUPPROGRAM_LABEL_JT Inventory
THROTTLE KBOX
USER User
USERIMPORT_SCHEDULE User
USER_HISTORY User Portal
USER_KEYS User Portal
USER_LABEL_JT User
USER_ROLE User
USER_ROLE_PERMISSION_VALUE User
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 340
Table Used In
Table Used In
ORGANIZATION Organisation
ORGANIZATION_FILTER Organisation
ORG_ROLE Organisation
OVAL_DEFINITION Organisation
PATCHLINK_ARCHITECTURE Patching
PATCHLINK_LANGUAGE Patching
PATCHLINK_OS_TYPE Patching
PATCHLINK_PATCH Patching
PATCHLINK_PLATFORM Patching
PATCHLINK_RESOURCE Patching
REPORT Reporting
REPORT_JOIN Reporting
REPORT_SCHEDULE Reporting
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 341
A P P E N D I X D
342
Manual Deployment of the KBOX Agent on
Linux
Installing and Configuring the KBOX Agent
1. Ensure that you have kboxagent-buildnumber.i386.rpm on your computer.
2. Open the command line interface.
3. Type rpm -ivh kboxagent-buildnumber.i386.rpm, and then press ENTER.
The installer creates the following directories on your computer:
/KACE - This is the base directory in which the entire KBOX Agent is installed on the client machine.
/KACE/bin - This directory contains all the executable files.
/KACE/lib - This directory contains data such as version number, default configuration files, and
others for the KBOX Agent.
/KACE/data - This directory contains the application code organized as libraries.
/var/KACE/kagentd - This directory contains the kbot_config.yaml file.
4. Type cd KACE/bin, and then press ENTER.
5. Set the name of the KBOX server by typing ./setkbox name_of_kbox_server.
6. Restart all KBOX Agent services and connect to the KBOX server by typing ./runallkbots.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 343
Checking whether the Agent is Running
1. Open the command line interface.
2. Type ps aux | grep kagentd, and then press ENTER.
Linux Debugging
Logging on to the Management Service:
1. Open the command line interface.
2. Type sudo touch /var/kace/kagentd/debug_agent.tag, and then press ENTER.
3. Type sudo /etc/rc.d/init.d/SMMPctl stop, and then press ENTER.
4. Type sudo /etc/rc.d/init.d/SMMPctl start, and then press ENTER.
The debug_agent.log file contains debug logs.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 344
Logging on to the AMP Service:
edit /var/kace/SMMP/SMMP.conf
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 345
Removing the KBOX Agent
1. Open the command line interface.
2. Type /etc/init.d/SMMPctl stop, and press ENTER.
3. Type /usr/sbin/pkgrm -A -n KBOX-agent, and press ENTER.
4. Type /usr/bin/rm -rf /KACE/, and press ENTER.
Solaris Debugging
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 346
Logging on to the AMP Service:
edit /var/kace/SMMP/SMMP.conf
The KBOX Agent normally checks in using the "Run Interval" schedule specified in the
KBOX Agent Settings page. For debugging and testing purposes, KACE provides ways
that can be used to force a check-in outside this normal schedule.
You can run the file runallkbots located in /KACE/bin to force the KBOX Agent to
check in with the KBOX 1000 appliance.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 347
/var/kace/kagentd - This directory contains the kbot_config.yaml file.
8. Type cd Library/KBOXAgent/Home/bin, and then press ENTER.
9. Set the name of the KBOX server by typing ./setkbox name_of_kbox_server.
10. Restart all KBOX Agent services and connect to the KBOX server by typing ./runallkbots.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 348
2. Type cat Library/KBOXAgent/Home/data/version, and then press ENTER.
Macintosh® Debugging
The KBOX Agent normally checks in using the "Run Interval" schedule specified in the
KBOX Agent Settings page. For debugging and testing purposes, KACE provides ways
that can be used to force a check-in outside this normal schedule.
You can run the file runallkbots located in /Library/KBOXAgent/Home/bin to
force the KBOX Agent to check in with the KBOX 1000 appliance.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 349
A P P E N D I X E
Agent Customization
350
Agent Customization
You can create a self-executing zip file that includes custom installation items like non-standard path or
custom server name.
1. Copy the necessary files for your customization. You will need the following files:
7zip-v442.exe,
7zip-v442_extra.zip,
The KInstallerSetup.exe, from the client version you want to customize.
The 7zip-v442.exe and 7zip-v442_extra.zip files can be downloaded from the internet. The
KInstallerSetup.exe is file is available at the KACE Support website.
2. Install 7-zip.
3. Unzip the 7zip_v442_extra.zip file into the directory where the 7-zip is installed. (by default the
directory is C:\Program Files\7-Zip).
Ensure that the file 7zS.sfx is in the top-level directory.
The path used for this location is 7-Zip-install. This file is important because it has the actual
executable stub for a self-extracting installer executable.
4. Start the 7-Zip File Manager from the Start menu.
5. Select the KInstallerSetup.exe executable for the client version to customize using the 7-Zip File
Manager.
6. Click the extract button to extract it into a directory of your choice. Keep the Current Path names
selected in the Path mode box. The Overwrite without prompt option can be selected for the
Overwrite mode. Do not specify a password.
7. Navigate to the desired folder and edit the kinstaller.exe.config file with a text editor to change any
settings for customization. The display_mode can have the values interactive, quiet, and silent. The
hostname of the server is server_name.
8. Save your changes. Execution of the kinstaller.exe file in this directory installs with the settings as
specified in the .config file.
9. Open the 7-Zip File Manager and select kinstaller.exe, kinstaller.exe.config, es-ES and
install_files.
10. Click the Add button. The archive format is 7z, Create SFX archive in the options box is cleared.
11. Save the .7z file and note down the path. Here the .7z file is "jkboxInstaller.7z" and the path to it
is <<jkbox-installpath>>
12. Create a text file - config.txt - which includes the settings for the self-executing zip. Ensure that the
file is saved with UTF-8 encoding. The file should contain the following commands, which will indicate
to 7-zip that the kinstaller should run when the self-executing zip runs:
;!@Install@!UTF-8!
Progress="no"
RunProgram="kinstaller.exe"
Directory=""
;!@InstallEnd@!
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 351
13. Open a new command-line window.
14. Execute the following command to create a self-executing file from the .7z file:
Copy /b "<<7-Zip-install>>\7zS.sfx" + "<<config-file-path>>\config.txt" +
"<<jkbox-installpath>>\jkboxInstaller.7z" "<<Installer_Name>>.exe"
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 352
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 353
A P P E N D I X F
354
The following syntaxes are the standard freebsd maintenance messages:
Removing stale files from /var/preserve:
Cleaning out old system announcements:
Removing stale files from /var/rwho:
Backup passwd and group files:
Verifying group file syntax:
Backing up mail aliases:
Disk status:
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 355
0
plip0 1500 0 0 0 0
0
lo0 16384 699 0 699 0
0
lo0 16384 your-net localhost 699 - 699 -
-
lo0 16384 localhost ::1 0 - 0 -
-
lo0 16384 fe80:4::1 fe80:4::1 0 - 0 -
-
The above table reports information about the network status of the KBOX.
Make sure the Ierrs/Oerrs are zero. Other values indicate some sort of network failure.
If you notice consistent errors, contact KACE support for assistance.
The above indicates the amount of time the KBOX has been up since the last time it
was powered off.
There will not be any users logged onto the machine.
The load averages will vary depending on the load on the KBOX was when this report
was run.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 356
tar: Removing leading /' from member names
The message above are the standard freebsd messages regarding the health of the
mail systems.
There should not be mail in the queues. However, if an item still exists, check your
SMTP settings from the KBOX Settings page.
The above message indicates a KBOX specific message telling you that the backups
have been successfully completed and are on the /kbackup disk, available through the
ftp interface.
The above table indicates the status of your raid drives. If you ever see the disks
DEGRADED or not REBUILDING properly, contact KACE support to address the problem.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 357
KBDB.FILTER OK
KBDB.FS OK
KBDB.FS_LABEL_JT OK
KBDB.GLOBAL_OPTIONS OK
KBDB.LABEL OK
KBDB.LDAP_FILTER OK
KBDB.LICENSE OK
KBDB.LICENSE_MODE OK
KBDB.MACHINE OK
KBDB.MACHINE_CUSTOM_INVENTORY OK
KBDB.MACHINE_DISKS OK
KBDB.MACHINE_LABEL_JT OK
KBDB.MACHINE_NICS OK
KBDB.MACHINE_PROCESS OK
KBDB.MACHINE_SOFTWARE_JT OK
KBDB.MACHINE_STARTUP_PROGRAMS OK
KBDB.MESSAGE OK
KBDB.MESSAGE_LABEL_JT OK
KBDB.MI OK
KBDB.MI_LABEL_JT OK
KBDB.NETWORK_SETTINGS OK
KBDB.NOTIFICATION OK
KBDB.OPERATING_SYSTEMS OK
KBDB.PORTAL OK
KBDB.PORTAL_LABEL_JT OK
KBDB.PRODUCT_LICENSE OK
KBDB.REPORT OK
KBDB.SCHEDULE OK
KBDB.SERVER_LOG OK
KBDB.SOFTWARE OK
KBDB.SOFTWARE_LABEL_JT OK
KBDB.SOFTWARE_OS_JT OK
KBDB.THROTTLE OK
KBDB.TIME_SETTINGS OK
KBDB.TIME_ZONE OK
KBDB.USER OK
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 358
KBDB.USER_HISTORY OK
KBDB.USER_KEYS OK
KBDB.USER_LABEL_JT OK
-- End of daily output --
The database is checked every night for any inconsistencies and these are automatically
repaired.
If you see any failures from this output, contact KACE Support for assistance.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 359
A P P E N D I X G
360
Warranty and Support Information
Information concerning hardware and software warranty, hardware replacement, product returns,
technical support terms and product licensing can be found in the KACE End User License agreement
accessible at:
http://www.kace.com/license/standard_eula
FreeBSD
This product (KBOX) includes software developed by Free Software Foundation, Inc. GNU GENERAL
PUBLIC LICENSE, Version 2, June 1991. Copyright (C) 1989, 1991 Free Software Foundation, Inc.,675
Mass Ave, Cambridge, MA 02139, USA. The verbatim copies of the license document can be distributed,
but the document should not be changed.
Preamble
The licenses for most software are designed to take away your freedom to share and change it. By
contrast, the GNU General Public License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This General Public License applies to most of
the Free Software Foundation's software and to any other program whose authors commit to using it.
(Some other Free Software Foundation software is covered by the GNU Library General Public License
instead.) You can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are
designed to make sure that you have the freedom to distribute copies of free software (and charge for this
service if you wish), that you receive source code or can get it if you want it, that you can change the
software or use pieces of it in new free programs; and that you know you can do these things.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 361
To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask
you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute
copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the
recipients all the rights that you have. You must make sure that they, too, receive or can get the source
code. And you must show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which
gives you legal permission to copy, distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain that everyone understands that there
is no warranty for this free software. If the software is modified by someone else and passed on, we want
its recipients to know that what they have is not the original, so that any problems introduced by others
will not reflect on the original authors' reputations.
Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that
redistributors of a free program will individually obtain patent licenses, in effect making the program
proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free
use or not licensed at all.
The precise terms and conditions for copying, distribution and modification follow.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND
MODIFICATION
1. This License applies to any program or other work which contains a notice placed by the copyright
holder saying it may be distributed under the terms of this General Public License. The “Program”,
below, refers to any such program or work, and a “work based on the Program” means either the
Program or any derivative work under copyright law: that is to say, a work containing the Program or a
portion of it, either verbatim or with modifications and/or translated into another language.
(Hereinafter, translation is included without limitation in the term “modification”.) Each licensee is
addressed as “you”.
Activities other than copying, distribution and modification are not covered by this License; they are
outside its scope. The act of running the Program is not restricted, and the output from the Program is
covered only if its contents constitute a work based on the Program (independent of having been made
by running the Program). Whether that is true depends on what the Program does.
2. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any
medium, provided that you conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the notices that Refer to this License and to
the absence of any warranty; and give any other recipients of the Program a copy of this License along
with the Program.
You may charge a fee for the physical act of transferring a copy, and you may at your option offer
warranty protection in exchange for a fee.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 362
3. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on
the Program, and copy and distribute such modifications or work under the terms of Section 1 above,
provided that you also meet all of these conditions:
a You must cause the modified files to carry prominent notices stating that you changed the files and
the date of any change.
b You must cause any work that you distribute or publish, that in whole or in part contains or is derived
from the Program or any part thereof, to be licensed as a whole at no charge to all third parties
under the terms of this License.
c If the modified program normally reads commands interactively when run, you must cause it, when
started running for such interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a notice that there is no warranty (or
else, saying that you provide a warranty) and that users may redistribute the program under these
conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is
interactive but does not normally print such an announcement, your work based on the Program is
not required to print an announcement.)
These requirements apply to the modified work as a whole. If identifiable sections of that work are
not derived from the Program, and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those sections when you distribute
them as separate works. But when you distribute the same sections as part of a whole which is a
work based on the Program, the distribution of the whole must be on the terms of this License,
whose permissions for other licensees extend to the entire whole, and thus to each and every part
regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely
by you; rather, the intent is to exercise the right to control the distribution of derivative or collective
works based on the Program.
In addition, mere aggregation of another work not based on the Program with the Program (or with
a work based on the Program) on a volume of a storage or distribution medium does not bring the
other work under the scope of this License.
4. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or
executable form under the terms of Sections 1 and 2 above provided that you also do one of the
following:
a Accompany it with the complete corresponding machine-readable source code, which must be
distributed under the terms of Sections 1 and 2 above on a medium customarily used for software
interchange; or,
b Accompany it with a written offer, valid for at least three years, to give any third party, for a charge
no more than your cost of physically performing source distribution, a complete machine-readable
copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above
on a medium customarily used for software interchange; or,
c Accompany it with the information you received as to the offer to distribute corresponding source
code. (This alternative is allowed only for noncommercial distribution and only if you received the
program in object code or executable form with such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for making modifications to it. For
an executable work, complete source code means all the source code for all modules it contains, plus
any associated interface definition files, plus the scripts used to control compilation and installation
of the executable. However, as a special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary form) with the major components
(compiler, kernel, and so on) of the operating system on which the executable runs, unless that
component itself accompanies the executable.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 363
If distribution of executable or object code is made by offering access to copy from a designated
place, then offering equivalent access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not compelled to copy the source along
with the object code.
5. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under
this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and
will automatically terminate your rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses terminated so long as such parties
remain in full compliance.
6. You are not required to accept this License, since you have not signed it. However, nothing else grants
you permission to modify or distribute the Program or its derivative works. These actions are prohibited
by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any
work based on the Program), you indicate your acceptance of this License to do so, and all its terms
and conditions for copying, distributing or modifying the Program or works based on it.
7. Each time you redistribute the Program (or any work based on the Program), the recipient
automatically receives a license from the original licensor to copy, distribute or modify the Program
subject to these terms and conditions. You may not impose any further restrictions on the recipients'
exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties
to this License.
8. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason
(not limited to patent issues), conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of
this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License
and any other pertinent obligations, then as a consequence you may not distribute the Program at all.
For example, if a patent license would not permit royalty-free redistribution of the Program by all those
who receive copies directly or indirectly through you, then the only way you could satisfy both it and
this License would be to refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any particular circumstance, the
balance of the section is intended to apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any patents or other property right claims
or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of
the free software distribution system, which is implemented by public license practices. Many people
have made generous contributions to the wide range of software distributed through that system in
reliance on consistent application of that system; it is up to the author/donor to decide if he or she is
willing to distribute software through any other system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of
this License.
9. If the distribution and/or use of the Program is restricted in certain countries either by patents or by
copyrighted interfaces, the original copyright holder who places the Program under this License may
add an explicit geographical distribution limitation excluding those countries, so that distribution is
permitted only in or among countries not thus excluded. In such case, this License incorporates the
limitation as if written in the body of this License.
10. The Free Software Foundation may publish revised and/or new versions of the General Public License
from time to time. Such new versions will be similar in spirit to the present version, but may differ in
detail to address new problems or concerns.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 364
Each version is given a distinguishing version number. If the Program specifies a version number of this
License which applies to it and “any later version”, you have the option of following the terms and
conditions either of that version or of any later version published by the Free Software Foundation. If
the Program does not specify a version number of this License, you may choose any version ever
published by the Free Software Foundation.
11. If you wish to incorporate parts of the Program into other free programs whose distribution conditions
are different, write to the author to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this.
Our decision will be guided by the two goals of preserving the free status of all derivatives of our free
software and of promoting the sharing and reuse of software generally.
NO WARRANTY
12. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE
PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN
WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS”
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH
YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY
SERVICING, REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY
COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE
PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL,
SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO
USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
FREEBSD FOUNDATION
IMPORTANT LEGAL NOTICE CONCERNING SUN MICROSYSTEMS, INC. (Sun) JAVA STANDARD EDITION
(JSE) TECHNOLOGY: There are certain branding and other requirements associated with your commercial
use and redistribution of JSE that You must fulfill. You will need to sign a Trademark License Agreement
with Sun. In addition, if you are interested in using the combined FreeBSD and JSE technology in a field-
of-use other than "Java-enabled general purpose desktop computers and general purpose servers", you
will need to sign an additional commercial use license with Sun permitting redistribution in the desired field
of use. Before downloading the Software, you must review and comply with the terms and conditions set
forth in the Sun Licensed Rights Notice, which is attached as Exhibit A.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 365
You must be an OEM to download this Software. An OEM is a person who will download the Software and
bundle it with other software before distributing the bundled product to its end users. You must have
obtained a current Trademark License Agreement from Sun before downloading the Software. By pressing
the ACCEPT button below you may continue your download, which is your representation and warranty
that you have signed Suns Trademark License Agreement and (if applicable) an additional commercial use
license with Sun. By completing your download you also agree to be bound by all of the terms of this
License Agreement.
IMPORTANT READ CAREFULLY: This OEM License Agreement (Agreement) is a legal agreement between
you (in your capacity as an individual and as an agent for your company, institution, or other entity) and
the FreeBSD Foundation (Foundation). Accessing, downloading, installing, using or copying of the
Software (as hereafter defined) by you or a third party on your behalf indicates your agreement to be
bound by the terms and conditions of this Agreement. If you do not agree to these terms and conditions,
do not access, download, install, use or copy the Software. In the absence of this Agreement, you have no
rights in the Software.
1. LICENSE GRANT.
a Subject to all third party intellectual property claims and without warranty of any nature, Foundation
hereby grants to you, and you hereby accept, a non-exclusive license (License) to: (i) download,
install and use one copy of the Software in binary executable form on a single computer system
located on your premises; (ii) use the Software in binary executable form to create or develop other
software products; (iii) distribute and sublicense the Software to third parties in binary executable
form, as an integrated component of another software product, only for use as an integrated
component of that software product, and subject to the terms of this Agreement; (iv) to download
and/or use one copy of the related materials provided by Foundation (Related Materials) in electronic
format and/or hard copy format; and (v) distribute and sublicense the Related Materials in electronic
and/or hard copy format in conjunction with the distribution of the Software as provided in this
Agreement; all subject to the following terms and conditions:
(i) you may not distribute any copies of the Software to third parties except in binary executable
form, as an integrated component of another software product, only for use as an integrated
component of that software product, and subject to the terms of this Agreement;
(ii) you may not distribute copies of the Related Materials to third parties except in conjunction
with the distribution of the Software in binary executable form as an integrated component of another
software product;
(iii) you agree to take reasonable precautions to prevent other parties from reverse engineering,
decompiling, or disassembling your copy of the Software;
(iv) you may not rent, lease, or lend the Software or the Related Materials; and
(v) in the event that you breach any of the terms of this Agreement, Foundation may terminate
the License and you must destroy all copies of the Software and Related Materials.
b Subject to the terms and conditions of this Agreement, you may create a hyperlink between an
Internet website owned and controlled by you and the Foundations website, which hyperlink
describes in a fair and accurate manner where the Software may be obtained, provided that you do
not frame the Website or otherwise give the false impression that Foundation is somehow associated
with, or otherwise endorses or sponsors your website. Any goodwill associated with such hyperlink
shall inure to the sole and exclusive benefit of Foundation. Other than the creation of such hyperlink,
nothing in this Agreement shall be construed as conferring upon you any right to make any reference
to Foundation or to its trademarks, service marks or any other indicia of origin owned by Foundation,
or to indicate in any way that your products or services are in any way sponsored, approved,
endorsed by or affiliated with Foundation.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 366
2. RIGHTS RESERVED.
a This License does not grant you any right to enhancements or updates to, or support or maintenance
for, the Software or any modifications made by Foundation;
b Foundation is free to license the Software on terms different from those contained herein;
c Foundation and its licensors hereby expressly reserve all rights in the Software which are not
expressly granted to you under the License; and, without limiting the generality of the foregoing,
Foundation and its licensors retain all title, copyright, and other intellectual property and proprietary
rights in the Software and any copies thereof, and you do not acquire any rights, express or implied,
other than those expressly set forth in this Agreement.
3. COPYRIGHT. You hereby acknowledge and agree that the Software is protected by United States
copyright law and international treaty provisions. You must reproduce all copyright notices, trademark
notices and other proprietary notices of Foundation and its licensors on any copies of the Software and
Related Materials and you must not remove such notices;
4. MAINTENANCE AND SUPPORT. Foundation is under no obligation whatsoever to provide
maintenance or support for the Software or to notify you of bug fixes, patches, or upgrades to the
features, functionality or performance of the Software (Enhancements) (if any), whether developed by
Foundation or others. If, in its sole discretion, Foundation makes an Enhancement available to you and
does not enter into a separate written license agreement with you relating to such Enhancement, then
that Enhancement will be deemed incorporated into the Software and subject to this Agreement.
5. WARRANTY DISCLAIMER. THE SOFTWARE IS PROVIDED TO YOU AS IS WITHOUT WARRANTY OF
ANY TYPE OR NATURE, AND FOUNDATION AND ITS LICENSORS HEREBY EXPRESSLY DISCLAIM ANY
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOTLIMITED TO, ANY IMPLIED WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NON-INFRINGEMENT OR
ANY WARRANTIES ARISING BY USAGE OF TRADE, COURSE OF DEALING OR COURSE OF
PERFORMANCE. IN ADDITION, FOUNDATION AND ITS LICENSORS EXPRESSLY DISCLAIM ANY
LIABILITY FOR THE ACCURACY, COMPLETENESS OR USEFULNESS OF THE SOFTWARE AND DO NOT
WARRANT THAT THE SOFTWARE WILL FUNCTION UNINTERRUPTED, THAT IT IS ERROR-FREE OR
THAT ANY ERRORS WILL BE CORRECTED. YOU ASSUME TOTAL RESPONSIBILITY AND RISK FOR YOUR
USE OF THE SOFTWARE, INCLUDING, BUT NOT LIMITED TO ANY DEFECTS OR INACCURACIES
THEREIN.
6. LIMITATION OF LIABILITY. IN NO EVENT SHALL FOUNDATION OR ITS LICENSORS BE LIABLE FOR
ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR
NATURE, INCLUDING, BUT NOT LIMITED TO, LOSS OF PROFITS OR LOSS OF DATA, FOR ANY REASON
WHATSOEVER, WHETHER SUCH LIABILITY IS ASSERTED ON THE BASIS OF CONTRACT, TORT
(INCLUDING NEGLIGENCE OR STRICT LIABILITY), OR OTHERWISE, EVEN IF FOUNDATION HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES. IN NO EVENT SHALL FOUNDATIONS
LIABILITY FOR DAMAGES ARISING FROM OR IN CONNECTION WITH THIS AGREEMENT EXCEED THE
GREATER OF $500 OR THE AMOUNT PAID BY YOU FOR THE SOFTWARE. BECAUSE SOME STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL
DAMAGES, THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. IN THE EVENT THAT APPLICABLE LAW
DOES NOT ALLOW THE COMPLETE EXCLUSION OR LIMITATION OF LIABILITY OF CLAIMS AND
DAMAGES AS SET FORTH IN THIS AGREEMENT, FOUNDATIONS LIABILITY IS LIMITED TO THE
GREATEST EXTENT PERMITTED BY LAW.
7. INDEMNIFICATION. You shall defend, indemnify and hold harmless Foundation and its licensors and
their respective directors, officers, agents, employees and volunteers from and against any and all
claims, suits, losses, damages, costs, fees and expenses arising out of or in connection with this
Agreement. You shall pay all costs incurred by Foundation in enforcing this provision, including
reasonable attorneys fees and court costs. You agree that under no circumstances will Foundation
indemnify you or any other person.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 367
8. TERM AND TERMINATION. The License will continue perpetually unless terminated by Foundation
in accordance with this Agreement. If you breach any term of this Agreement and failure to cure such
breach within thirty (30) days after receipt of written notice specifying the breach, this Agreement shall
automatically terminate. Upon the termination of this Agreement, you shall immediately cease using
the Software and provide Foundation with written certification of your compliance with the foregoing.
The termination of this Agreement shall not relieve you of your obligations arising prior to such
termination. Notwithstanding any provision in this Agreement to the contrary, Sections 5 through 7
shall survive the termination of this Agreement.
9. EXPORT CONTROLS. You shall observe all applicable United States and foreign laws and regulations
(if any) with respect to the export, re-export, diversion or transfer of the Software, related technical
data and direct products thereof, including, but not limited to the Export Administration Regulations.
10. THIRD PARTY SOFTWARE. You acknowledge and agree that the Software includes Java Standard
Edition (the Technology) and you agree to be bound by the terms of the Sun Community Source
License (Copyright 1994-2006 Sun Microsystems, Inc. All rights reserved). You also represent and
warrant that you have obtained all appropriate trademark and other licenses from Sun. You also agree
to install and use the Software on a product which (i) has a principle purpose that is substantially
different from that of the stand-alone Technology; (ii) represents a significant functional and value
enhancement to the Technology; (iii) operates in conjunction with the Technology; and (iv) is not
marketed as a technology which replaces or substitutes for the Technology. In addition, you must brand
your product with the applicable Java logo.
GENERAL. You shall not assert against Foundation or its licensors any claim for infringement or
misappropriation of any intellectual property rights in any way relating to the Software. This Agreement
shall be governed by, construed and enforced in accordance with the laws of the State of California,
excluding its rules governing conflicts of laws. In the event that any provision of this Agreement is deemed
illegal or unenforceable, Foundation may, but is not obligated to, post on the Website a new version of this
Agreement which, in Foundations opinion, reasonably preserves the intent of this Agreement. This
Agreement is binding upon and shall inure to the benefit of Foundation and its successors and assigns.
This Agreement represents the entire understanding of the parties, and superceded all previous
communications, written or oral, relating to the subject of this Agreement.
Exhibit A
Dear Valued Customer,
Thank you for choosing the Java Standard Edition platform technology (Java SE) with your FreeBSD
Operating Environment (FreeBSD). Your license with FreeBSD and Sun Microsystems, Inc. (Sun) currently
only permits you to use and distribute the FreeBSD and Java SE technologies within a limited, non-
commercial field of use. In an effort to maximize your options for both platforms, the FreeBSD Foundation
and Sun want to share with you the process for enabling you to make commercial use of the FreeBSD and
Java SE technologies in a broader field if you so desire.
I. Current Field of Use for Java SE
You may currently redistribute the combined FreeBSD and Java SE technologies so long as it is bundled
with or integrated in Java-enabled general purpose desktop computers and servers, pursuant to your
license with FreeBSD Foundation and you have executed a Trademark License with Sun (see Section III
below). You may not distribute Java SE in any other devices or fields of use, including, without limitation,
embedded applications, embedded devices, cell phones, wireless devices, TV devices, telematics devices
and home gateway devices.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 368
II. Additional Fields of Use Commercial Use
If you are interested in using the combined FreeBSD and Java SE technology in a field-of-use other than
"Java-enabled general purpose desktop computers and general purpose servers", you will need to sign an
additional commercial use license with Sun permitting redistribution in the desired field of use. There are
fees associated with the commercial use license. In order to obtain the additional license for review and
execution, please send an e-mail to Freebsd_Sun_Info@sun.com with the following information: Name
of the company; Name, Title, Contact information of the person that will execute the license, field-of use
of the product, name of the product. After you receive confirmation from a Sun representative, you will
receive the commercial license agreement permitting the additional field of use for Java SE. Please review,
sign and send two originals of this agreement to your Sun representative.
III. Trademark Licensee
There are certain branding requirements associated with your use and distribution of Java SE that You
must fulfill. You will also need to sign a Trademark License Agreement with Sun. There are no additional
fees associated with the Trademark License Agreement. In order to obtain the Trademark License
Agreement for review and execution, lease send an e-mail to Freebsd_Sun_Info@sun.com with the
following information: Name of the company; Name, Title, Contact information of the person that will
execute the license, field-of use of the product, name of the product.
After you receive confirmation from a Sun representative, you will receive the Trademark License
Agreement. Please review, sign and send two originals of the Trademark License Agreement to your Sun
representative.
Thank you for your attention regarding this matter.
Sincerely,
FreeBSD Foundation
Apache
This product (KBOX) includes software developed by The Apache Software Foundation (http://
www.apache.org/). Apache License Version 2.0, January 2004 http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions. “License” shall mean the terms and conditions for use, reproduction, and distribution as
defined by Sections 1 through 9 of this document. “Licensor” shall mean the copyright owner or entity
authorized by the copyright owner that is granting the License. “Legal Entity” shall mean the union of
the acting entity and all other entities that control, are controlled by, or are under common control with
that entity. For the purposes of this definition, “control” means (i) the power, direct or indirect, to cause
the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty
percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. “You” (or
“Your”) shall mean an individual or Legal Entity exercising permissions granted by this License.
“Source” form shall mean the preferred form for making modifications, including but not limited to
software source code, documentation source, and configuration files. “Object” form shall mean any
form resulting from mechanical transformation or translation of a Source form, including but not limited
to compiled object code, generated documentation, and conversions to other media types. “Work” shall
mean the work of authorship, whether in Source or Object form, made available under the License, as
indicated by a copyright notice that is included in or attached to the work (an example is provided in
the Appendix below).
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 369
“Derivative Works” shall mean any work, whether in Source or Object form, that is based on (or derived
from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works
shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof. “Contribution” shall mean any work of authorship, including the
original version of the Work and any modifications or additions to that Work or Derivative Works thereof,
that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an
individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this
definition, “submitted” means any form of electronic, verbal, or written communication sent to the Licensor
or its representatives, including but not limited to communication on electronic mailing lists, source code
control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the
purpose of discussing and improving the Work, but excluding communication that is conspicuously marked
or otherwise designated in writing by the copyright owner as “Not a Contribution.”
“Contributor” shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has
been received by Licensor and subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor
hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform,
sublicense, and distribute the Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor
hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and
otherwise transfer the Work, where such license applies only to those patent claims licensable by such
Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their
Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent
litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct or contributory patent infringement,
then any patent licenses granted to You under this License for that Work shall terminate as of the date
such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in
any medium, with or without modifications, and in Source or Object form, provided that You meet the
following conditions:
a You must give any other recipients of the Work or Derivative Works a copy of this License; and
b You must cause any modified files to carry prominent notices stating that You changed the files; and
c You must retain, in the Source form of any Derivative Works that You distribute, all copyright,
patent, trademark, and attribution notices from the Source form of the Work, excluding those notices
that do not pertain to any part of the Derivative Works; and
d If the Work includes a “NOTICE” text file as part of its distribution, then any Derivative Works that
You distribute must include a readable copy of the attribution notices contained within such NOTICE
file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of
the following places: within a NOTICE text file distributed as part of the Derivative Works; within the
Source form or documentation, if provided along with the Derivative Works; or, within a display
generated by the Derivative Works, if and wherever such third-party notices normally appear. The
contents of the NOTICE file are for informational purposes only and do not modify the License. You
may add Your own attribution notices within Derivative Works that You distribute, alongside or as an
addendum to the NOTICE text from the Work, provided that such additional attribution notices
cannot be construed as modifying the License.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 370
e You may add Your own copyright statement to Your modifications and may provide additional or
different license terms and conditions for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the
Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally
submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions. Notwithstanding the above, nothing herein
shall supersede or modify the terms of any separate license agreement you may have executed with
Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service
marks, or product names of the Licensor, except as required for reasonable and customary use in
describing the origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides
the Work (and each Contributor provides its Contributions) on an “AS IS” BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation,
any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or
redistributing the Work and assume any risks associated with Your exercise of permissions under this
License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence),
contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts)
or agreed to in writing, shall any Contributor be liable to You for damages, including any direct,
indirect, special, incidental, or consequential damages of any character arising as a result of this
License or out of the use or inability to use the Work (including but not limited to damages for loss of
goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or
losses), even if such Contributor has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works
thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or
other liability obligations and/or rights consistent with this License. However, in accepting such
obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any
other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for
any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any
such warranty or additional liability.
OpenLDAP
This product (KBOX 1000 Series) includes software developed by The OpenLDAP Foundation. The
OpenLDAP Public License, Version 2.8, 17 August 2003. Redistribution and use of this software and
associated documentation. (“Software”), with or without modification, are permitted provided that the
following conditions are met:
1. Redistributions in source form must retain copyright statements and notices,
2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of
conditions, and the following disclaimer in the documentation and/or other materials provided with the
distribution, and
3. Redistributions must contain a verbatim copy of this document.
The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by
a version number. You may use this Software under terms of this license revision or under the terms of
any subsequent revision of the license.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 371
THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS ``AS IS''
AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR
OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The names of the authors and copyright holders must not be used in advertising or otherwise to
promote the sale, use or other dealing in this Software without specific, written prior permission. Title
to copyright in this Software shall at all times remain with copyright holders.
OpenLDAP is a registered trademark of the OpenLDAP Foundation.
Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved.
Permission to copy and distribute verbatim copies of this document is granted.
OpenSSL
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the
original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses
are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact
openssl-core@openssl.org.
OpenSSL License
Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided
that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the
following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following
acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.
(http://www.openssl.org/)"
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote
products derived from this software without prior written permission. For written permission, please
contact openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their
names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org/)"
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 372
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL
PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product
includes software written by Tim Hudson (tjh@cryptsoft.com).
This library is free for commercial and non-commercial use as long as the following conditions are adhered
to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc.,
code; not just the SSL code. The SSL documentation included with this distribution is covered by the same
copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed.
If this package is used in a product, Eric Young should be given attribution as the author of the parts of the
library used. This can be in the form of a textual message at program startup or in documentation (online
or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided
that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following
disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following
acknowledgement:
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The word
'cryptographic' can be left out if the routines from the library being used are not cryptographic related
:-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application
code) you must include an acknowledgement:
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 373
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or
derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another
distribution licence [including the GNU Public Licence.]
Exim
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document,
but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your freedom to share and change it. By
contrast, the GNU General Public License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This General Public License applies to most of
the Free Software Foundation's software and to any other program whose authors commit to using it.
(Some other Free Software Foundation software is covered by the GNU Lesser General Public License
instead.) You can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are
designed to make sure that you have the freedom to distribute copies of free software (and charge for this
service if you wish), that you receive source code or can get it if you want it, that you can change the
software or use pieces of it in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask
you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute
copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the
recipients all the rights that you have. You must make sure that they, too, receive or can get the source
code. And you must show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which
gives you legal permission to copy, distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain that everyone understands that there
is no warranty for this free software. If the software is modified by someone else and passed on, we want
its recipients to know that what they have is not the original, so that any problems introduced by others
will not reflect on the original authors' reputations.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 374
Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that
redistributors of a free program will individually obtain patent licenses, in effect making the program
proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free
use or not licensed at all.
The precise terms and conditions for copying, distribution and modification follow.
0. This License applies to any program or other work which contains a notice placed by the copyright
holder saying it may be distributed under the terms of this General Public License. The "Program",
below, refers to any such program or work, and a "work based on the Program" means either the
Program or any derivative work under copyright law: that is to say, a work containing the Program or a
portion of it, either verbatim or with modifications and/or translated into another language.
(Hereinafter, translation is included without limitation in the term "modification".) Each licensee is
addressed as "you".
Activities other than copying, distribution and modification are not covered by this License; they are
outside its scope. The act of running the Program is not restricted, and the output from the Program is
covered only if its contents constitute a work based on the Program (independent of having been made
by running the Program). Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any
medium, provided that you conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the notices that Refer to this License and to
the absence of any warranty; and give any other recipients of the Program a copy of this License along
with the Program.
You may charge a fee for the physical act of transferring a copy, and you may at your option offer
warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on
the Program, and copy and distribute such modifications or work under the terms of Section 1 above,
provided that you also meet all of these conditions:
a You must cause the modified files to carry prominent notices stating that you changed the files and
the date of any change.
b You must cause any work that you distribute or publish, that in whole or in part contains or is derived
from the Program or any part thereof, to be licensed as a whole at no charge to all third parties
under the terms of this License.
c If the modified program normally reads commands interactively when run, you must cause it, when
started running for such interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a notice that there is no warranty (or
else, saying that you provide a warranty) and that users may redistribute the program under these
conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is
interactive but does not normally print such an announcement, your work based on the Program is
not required to print an announcement.)
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 375
These requirements apply to the modified work as a whole. If identifiable sections of that work are
not derived from the Program, and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those sections when you distribute
them as separate works. But when you distribute the same sections as part of a whole which is a
work based on the Program, the distribution of the whole must be on the terms of this License,
whose permissions for other licensees extend to the entire whole, and thus to each and every part
regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your
rights to work written entirely by you; rather, the intent is to exercise the right to control the
distribution of derivative or collective works based on the Program.
In addition, mere aggregation of another work not based on the Program with the Program (or with
a work based on the Program) on a volume of a storage or distribution medium does not bring the
other work under the scope of this License.
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or
executable form under the terms of Sections 1 and 2 above provided that you also do one of the
following:
a Accompany it with the complete corresponding machine-readable source code, which must be
distributed under the terms of Sections 1 and 2 above on a medium customarily used for software
interchange; or,
b Accompany it with a written offer, valid for at least three years, to give any third party, for a charge
no more than your cost of physically performing source distribution, a complete machine-readable
copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above
on a medium customarily used for software interchange; or,
c Accompany it with the information you received as to the offer to distribute corresponding source
code. (This alternative is allowed only for noncommercial distribution and only if you received the
program in object code or executable form with such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for making modifications to it. For
an executable work, complete source code means all the source code for all modules it contains, plus
any associated interface definition files, plus the scripts used to control compilation and installation
of the executable. However, as a special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary form) with the major components
(compiler, kernel, and so on) of the operating system on which the executable runs, unless that
component itself accompanies the executable.
If distribution of executable or object code is made by offering access to copy from a designated
place, then offering equivalent access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not compelled to copy the source along
with the object code.
4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under
this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and
will automatically terminate your rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses terminated so long as such parties
remain in full compliance.
5. You are not required to accept this License, since you have not signed it. However, nothing else grants
you permission to modify or distribute the Program or its derivative works. These actions are prohibited
by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any
work based on the Program), you indicate your acceptance of this License to do so, and all its terms
and conditions for copying, distributing or modifying the Program or works based on it.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 376
6. Each time you redistribute the Program (or any work based on the Program), the recipient
automatically receives a license from the original licensor to copy, distribute or modify the Program
subject to these terms and conditions. You may not impose any further restrictions on the recipients'
exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties
to this License.
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason
(not limited to patent issues), conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of
this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License
and any other pertinent obligations, then as a consequence you may not distribute the Program at all.
For example, if a patent license would not permit royalty-free redistribution of the Program by all those
who receive copies directly or indirectly through you, then the only way you could satisfy both it and
this License would be to refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any particular circumstance, the
balance of the section is intended to apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any patents or other property right claims
or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of
the free software distribution system, which is implemented by public license practices. Many people
have made generous contributions to the wide range of software distributed through that system in
reliance on consistent application of that system; it is up to the author/donor to decide if he or she is
willing to distribute software through any other system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of
this License.
8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by
copyrighted interfaces, the original copyright holder who places the Program under this License may
add an explicit geographical distribution limitation excluding those countries, so that distribution is
permitted only in or among countries not thus excluded. In such case, this License incorporates the
limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions of the General Public License
from time to time. Such new versions will be similar in spirit to the present version, but may differ in
detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies a version number of this
License which applies to it and "any later version", you have the option of following the terms and
conditions either of that version or of any later version published by the Free Software Foundation. If
the Program does not specify a version number of this License, you may choose any version ever
published by the Free Software Foundation.
10. If you wish to incorporate parts of the Program into other free programs whose distribution
conditions are different, write to the author to ask for permission. For software which is copyrighted by
the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions
for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of
our free software and of promoting the sharing and reuse of software generally.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 377
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE
PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED
IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH
YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY
SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY
COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE
PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL,
SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO
USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
Samba
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is
not allowed.
Preamble
The licenses for most software are designed to take away your freedom to share and change it. By
contrast, the GNU General Public License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This General Public License applies to most of
the Free Software Foundation's software and to any other program whose authors commit to using it.
(Some other Free Software Foundation software is covered by the GNU Library General Public License
instead.) You can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are
designed to make sure that you have the freedom to distribute copies of free software (and charge for this
service if you wish), that you receive source code or can get it if you want it, that you can change the
software or use pieces of it in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask
you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute
copies of the software, or if you modify it.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 378
For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the
recipients all the rights that you have. You must make sure that they, too, receive or can get the source
code. And you must show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which
gives you legal permission to copy, distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain that everyone understands that there
is no warranty for this free software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so that any problems introduced by
others will not reflect on the original authors' reputations.
Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that
redistributors of a free program will individually obtain patent licenses, in effect making the program
proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free
use or not licensed at all.
The precise terms and conditions for copying, distribution and modification follow.
0. This License applies to any program or other work which contains a notice placed by the copyright
holder saying it may be distributed under the terms of this General Public License. The "Program",
below, refers to any such program or work, and a "work based on the Program" means either the
Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it, either verbatim or with modifications
and/or translated into another language. (Hereinafter, translation is included without limitation in the
term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not covered by this License; they are
outside its scope. The act of running the Program is not restricted, and the output from the Program is
covered only if its contents constitute a work based on the Program (independent of having been made
by running the Program). Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any
medium, provided that you conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the notices that Refer to this License and to
the absence of any warranty; and give any other recipients of the Program a copy of this License along
with the Program.
You may charge a fee for the physical act of transferring a copy, and you may at your option offer
warranty protection in exchange for a fee.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 379
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on
the Program, and copy and distribute such modifications or work under the terms of Section 1 above,
provided that you also meet all of these conditions:
a You must cause the modified files to carry prominent notices stating that you changed the files and
the date of any change.
b You must cause any work that you distribute or publish, that in whole or in part contains or is derived
from the Program or any part thereof, to be licensed as a whole at no charge to all third parties
under the terms of this License.
c If the modified program normally reads commands interactively when run, you must cause it, when
started running for such interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a notice that there is no warranty (or
else, saying that you provide a warranty) and that users may redistribute the program under these
conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is
interactive but does not normally print such an announcement, your work based on the Program is
not required to print an announcement.)
These requirements apply to the modified work as a whole. If identifiable sections of that work are
not derived from the Program, and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those sections when you distribute
them as separate works. But when you distribute the same sections as part of a whole which is a
work based on the Program, the distribution of the whole must be on the terms of this License,
whose permissions for other licensees extend to the entire whole, and thus to each and every part
regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely
by you; rather, the intent is to exercise the right to control the distribution of derivative or collective
works based on the Program.
In addition, mere aggregation of another work not based on the Program with the Program (or with
a work based on the Program) on a volume of a storage or distribution medium does not bring the
other work under the scope of this License.
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or
executable form under the terms of Sections 1 and 2 above provided that you also do one of the
following:
a Accompany it with the complete corresponding machine-readable source code, which must be
distributed under the terms of Sections 1 and 2 above on a medium customarily used for software
interchange; or,
b Accompany it with a written offer, valid for at least three years, to give any third party, for a charge
no more than your cost of physically performing source distribution, a complete machine-readable
copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above
on a medium customarily used for software interchange; or,
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 380
c Accompany it with the information you received as to the offer to distribute corresponding source
code. (This alternative is allowed only for noncommercial distribution and only if you received the
program in object code or executable form with such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for making modifications to it. For
an executable work, complete source code means all the source code for all modules it contains, plus
any associated interface definition files, plus the scripts used to control compilation and installation
of the executable. However, as a special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary form) with the major components
(compiler, kernel, and so on) of the operating system on which the executable runs, unless that
component itself accompanies the executable.
If distribution of executable or object code is made by offering access to copy from a designated
place, then offering equivalent access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not compelled to copy the source along
with the object code.
4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under
this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and
will automatically terminate your rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses terminated so long as such parties
remain in full compliance.
5. You are not required to accept this License, since you have not signed it. However, nothing else grants
you permission to modify or distribute the Program or its derivative works. These actions are prohibited
by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any
work based on the Program), you indicate your acceptance of this License to do so, and all its terms
and conditions for copying, distributing or modifying the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the Program), the recipient
automatically receives a license from the original licensor to copy, distribute or modify the Program
subject to these terms and conditions. You may not impose any further restrictions on the recipients'
exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties
to this License.
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason
(not limited to patent issues), conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of
this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License
and any other pertinent obligations, then as a consequence you may not distribute the Program at all.
For example, if a patent license would not permit royalty-free redistribution of the Program by all those
who receive copies directly or indirectly through you, then the only way you could satisfy both it and
this License would be to refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any particular circumstance, the
balance of the section is intended to apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any patents or other property right claims
or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of
the free software distribution system, which is implemented by public license practices. Many people
have made generous contributions to the wide range of software distributed through that system in
reliance on consistent application of that system; it is up to the author/donor to decide if he or she is
willing to distribute software through any other system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of
this License.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 381
8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by
copyrighted interfaces, the original copyright holder who places the Program under this License may
add an explicit geographical distribution limitation excluding those countries, so that distribution is
permitted only in or among countries not thus excluded. In such case, this License incorporates the
limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions of the General Public License
from time to time. Such new versions will be similar in spirit to the present version, but may differ in
detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies a version number of this
License which applies to it and "any later version", you have the option of following the terms and
conditions either of that version or of any later version published by the Free Software Foundation. If
the Program does not specify a version number of this License, you may choose any version ever
published by the Free Software Foundation.
10. If you wish to incorporate parts of the Program into other free programs whose distribution
conditions are different, write to the author to ask for permission. For software which is copyrighted by
the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions
for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of
our free software and of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE
PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN
WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH
YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY
SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY
COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE
PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL,
SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO
USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 382
OVAL
Berkeley Software Design, Inc. License
Copyright (c) 2005, The MITRE Corporation All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided
that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the
following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of The MITRE Corporation nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PHP
This product (KBOX) includes software developed by The PHP Group. The PHP License, version 3.0.
Copyright (c) 1999 - 2004 The PHP Group. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, is permitted provided that
the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the
following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the distribution.
3. The name “PHP” must not be used to endorse or promote products derived from this software without
prior written permission. For written permission, please contact group@php.net.
4. Products derived from this software may not be called “PHP”, nor may “PHP” appear in their name,
without prior written permission from group@php.net. You may indicate that your software works in
conjunction with PHP by saying “Foo for PHP” instead of calling it “PHP Foo” or “phpfoo”.
5. The PHP Group may publish revised and/or new versions of the license from time to time. Each version
will be given a distinguishing version number. Once covered code has been published under a particular
version of the license, you may always continue to use it under the terms of that version. You may also
choose to use such covered code under the terms of any subsequent version of the license published
by the PHP Group. No one other than the PHP Group has the right to modify the terms applicable to
covered code created under this License.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 383
6. Redistributions of any form whatsoever must retain the following acknowledgment: “This product
includes PHP, freely available from <http://www.php.net/>”.
THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on behalf of the PHP Group.
The PHP Group can be contacted via E-mail at group@php.net.
For more information on the PHP Group and the PHP project, please see http://www.php.net. This
product includes the Zend Engine, freely available at http://www.zend.com.
Sendmail
This product (KBOX) includes software developed by Sendmail, Inc.
SENDMAIL LICENSE
The following license terms and conditions apply, unless a different license is obtained from Sendmail,
Inc., 6425 Christie Ave, Fourth Floor, Emeryville, CA 94608, USA, or by electronic mail at
license@sendmail.com.
License Terms:
Use, Modification and Redistribution (including distribution of any modified or derived work) in source and
binary forms is permitted only if each of the following conditions is met:
1. Redistributions qualify as “freeware” or “Open Source Software” under one of the following terms:
a Redistributions are made at no charge beyond the reasonable cost of materials and delivery.
b Redistributions are accompanied by a copy of the Source Code or by an irrevocable offer to provide a
copy of the Source Code for up to three years at the cost of materials and delivery. Such
redistributions must allow further use, modification, and redistribution of the Source Code under
substantially the same terms as this license. For the purposes of redistribution “Source Code” means
the complete compilable and linkable source code of sendmail including all modifications.
2. Redistributions of source code must retain the copyright notices as they appear in each source code
file, these license terms, and the disclaimer/limitation of liability set forth as paragraph 6 below.
3. Redistributions in binary form must reproduce the Copyright Notice, these license terms, and the
disclaimer/limitation of liability set forth as paragraph 6 below, in the documentation and/or other
materials provided with the distribution. For the purposes of binary distribution the “Copyright Notice”
refers to the following language: “Copyright (c) 1998-2003 Sendmail, Inc. All rights reserved.”
4. Neither the name of Sendmail, Inc. nor the University of California nor the names of their contributors
may be used to endorse or promote products derived from this software without specific prior written
permission. The name “sendmail” is a trademark of Sendmail, Inc.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 384
5. All redistributions must comply with the conditions imposed by the University of California on certain
embedded code, whose copyright notice and conditions for redistribution are as follows:
a Copyright (c) 1988, 1993 The Regents of the University of California. All rights reserved.
b Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met: (i) Redistributions of source code must retain the
above copyright notice, this list of conditions and the following disclaimer. (ii) Redistributions in
binary form must reproduce the above copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided with the distribution. (iii) Neither
the name of the University nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written permission.
6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY SENDMAIL, INC. AND
CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SENDMAIL, INC., THE REGENTS OF THE
UNIVERSITY OF CALIFORNIA OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
#ZipLib
The license is released under the GPL with an exception which allows the linking to non GPL programs.
The exception to the GPL is as follows:
Linking this library statically or dynamically with other modules is making a combined work based on this
library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As
a special exception, the copyright holders of this library give you permission to link this library with
independent modules to produce an executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under terms of your choice, provided that
you also meet, for each linked independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from or based on this library. If you
modify this library, you may extend this exception to your version of the library, but you are not obligated
to do so. If you do not wish to do so, delete this exception statement from your version.
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 385
Preamble
The licenses for most software are designed to take away your freedom to share and change it. By
contrast, the GNU General Public License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This General Public License applies to most of
the Free Software Foundation's software and to any other program whose authors commit to using it.
(Some other Free Software Foundation software is covered by the GNU Library General Public License
instead.) You can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are
designed to make sure that you have the freedom to distribute copies of free software (and charge for this
service if you wish), that you receive source code or can get it if you want it, that you can change the
software or use pieces of it in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask
you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute
copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the
recipients all the rights that you have. You must make sure that they, too, receive or can get the source
code. And you must show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which
gives you legal permission to copy, distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain that everyone understands that there
is no warranty for this free software. If the software is modified by someone else and passed on, we want
its recipients to know that what they have is not the original, so that any problems introduced by others
will not reflect on the original authors' reputations.
Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that
redistributors of a free program will individually obtain patent licenses, in effect making the program
proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free
use or not licensed at all.
The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC
LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains a notice placed by the copyright
holder saying it may be distributed under the terms of this General Public License. The “Program”,
below, refers to any such program or work, and a “work based on the Program” means either the
Program or any derivative work under copyright law: that is to say, a work containing the Program or a
portion of it, either verbatim or with modifications and/or translated into another language.
(Hereinafter, translation is included without limitation in the term “modification”.) Each licensee is
addressed as “you”. Activities other than copying, distribution and modification are not covered by this
License; they are outside its scope. The act of running the Program is not restricted, and the output
from the Program is covered only if its contents constitute a work based on the Program (independent
of having been made by running the Program). Whether that is true depends on what the Program
does.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 386
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any
medium, provided that you conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the notices that Refer to this License and to
the absence of any warranty; and give any other recipients of the Program a copy of this License along
with the Program.
You may charge a fee for the physical act of transferring a copy, and you may at your option offer
warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on
the Program, and copy and distribute such modifications or work under the terms of Section 1 above,
provided that you also meet all of these conditions:
a You must cause the modified files to carry prominent notices stating that you changed the files and
the date of any change.
b You must cause any work that you distribute or publish, that in whole or in part contains or is derived
from the Program or any part thereof, to be licensed as a whole at no charge to all third parties
under the terms of this License.
c If the modified program normally reads commands interactively when run, you must cause it, when
started running for such interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a notice that there is no warranty (or
else, saying that you provide a warranty) and that users may redistribute the program under these
conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is
interactive but does not normally print such an announcement, your work based on the Program is
not required to print an announcement.) These requirements apply to the modified work as a whole.
If identifiable sections of that work are not derived from the Program, and can be reasonably
considered independent and separate works in themselves, then this License, and its terms, do not
apply to those sections when you distribute them as separate works. But when you distribute the
same sections as part of a whole which is a work based on the Program, the distribution of the whole
must be on the terms of this License, whose permissions for other licensees extend to the entire
whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely
by you; rather, the intent is to exercise the right to control the distribution of derivative or collective
works based on the Program.
In addition, mere aggregation of another work not based on the Program with the Program (or with
a work based on the Program) on a volume of a storage or distribution medium does not bring the
other work under the scope of this License.
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or
executable form under the terms of Sections 1 and 2 above provided that you also do one of the
following:
a Accompany it with the complete corresponding machine-readable source code, which must be
distributed under the terms of Sections 1 and 2 above on a medium customarily used for software
interchange; or,
b Accompany it with a written offer, valid for at least three years, to give any third party, for a charge
no more than your cost of physically performing source distribution, a complete machine-readable
copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above
on a medium customarily used for software interchange; or,
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 387
c Accompany it with the information you received as to the offer to distribute corresponding source
code. (This alternative is allowed only for noncommercial distribution and only if you received the
program in object code or executable form with such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for making modifications to it. For an
executable work, complete source code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to control compilation and installation of the
executable. However, as a special exception, the source code distributed need not include anything that
is normally distributed (in either source or binary form) with the major components (compiler, kernel,
and so on) of the operating system on which the executable runs, unless that component itself
accompanies the executable.
If distribution of executable or object code is made by offering access to copy from a designated place,
then offering equivalent access to copy the source code from the same place counts as distribution of
the source code, even though third parties are not compelled to copy the source along with the object
code.
4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under
this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and
will automatically terminate your rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses terminated so long as such parties
remain in full compliance.
5. You are not required to accept this License, since you have not signed it. However, nothing else grants
you permission to modify or distribute the Program or its derivative works. These actions are prohibited
by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any
work based on the Program), you indicate your acceptance of this License to do so, and all its terms
and conditions for copying, distributing or modifying the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the Program), the recipient
automatically receives a license from the original licensor to copy, distribute or modify the Program
subject to these terms and conditions. You may not impose any further restrictions on the recipients'
exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties
to this License.
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason
(not limited to patent issues), conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of
this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License
and any other pertinent obligations, then as a consequence you may not distribute the Program at all.
For example, if a patent license would not permit royalty-free redistribution of the Program by all those
who receive copies directly or indirectly through you, then the only way you could satisfy both it and
this License would be to refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any particular circumstance, the
balance of the section is intended to apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any patents or other property right claims
or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of
the free software distribution system, which is implemented by public license practices. Many people
have made generous contributions to the wide range of software distributed through that system in
reliance on consistent application of that system; it is up to the author/donor to decide if he or she is
willing to distribute software through any other system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of
this License.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 388
8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by
copyrighted interfaces, the original copyright holder who places the Program under this License may
add an explicit geographical distribution limitation excluding those countries, so that distribution is
permitted only in or among countries not thus excluded. In such case, this License incorporates the
limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions of the General Public License
from time to time. Such new versions will be similar in spirit to the present version, but may differ in
detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies a version number of this
License which applies to it and “any later version”, you have the option of following the terms and
conditions either of that version or of any later version published by the Free Software Foundation. If
the Program does not specify a version number of this License, you may choose any version ever
published by the Free Software Foundation.
10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions
are different, write to the author to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this.
Our decision will be guided by the two goals of preserving the free status of all derivatives of our free
software and of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE
PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN
WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS”
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH
YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY
SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY
COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE
PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL,
SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO
USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 389
Other Copyrights
Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in
compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is
distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
or implied. See the License for the specific language governing permissions and limitations under the
License.
The PHP License, version 3.0
Copyright (c) 1999 - 2004 The PHP Group. All rights reserved.
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 390
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 391
Index
A
Adding computers to inventory 65
Adding Software to Inventory 68
Administrator Console 2, 3
Advanced Search - Computer Inventory 56
Advanced Search - Software Inventory 66
Agent Customization 351, 354
Alert Messages 238
AMP Message Queue 51
AMP Settings 24
AppDeploy Live 329
AppDeploySM Live 76
Asset Association 88
Asset Management 87
Managing Assets 91
Asset Types 87
Auto Provisioning 31
B
Backing up KBOX 1000 Series data 295
Downloading backup files 295
C
Client bundle 49
Client Check-In Rate 9, 273
Clients Connected 11
Common Deployments on Linux 115
Standard RPM Example 115
Standard TAR.GZ Example 119
Common Deployments on Macintosh® 124
Common Deployments on Solaris™ 120
Standard TAR.GZ Example 123
Common Deployments on Windows 110
Standard EXE Example 114
Standard MSI Example 110
Standard ZIP Example 114
Compression mode 114
Computer Asset 88
Computer Details 58
Activities 62
Failed Managed Installs 62
Help Tickets 62
Labels 62
To Install List 62
Asset 64
Asset History 64
Asset Information 64
Related Assets 64
Inventory Information 59
Hardware 59
KBOX Agent 60
Network Interfaces 60
Notes 61
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 392
Operating System 61
Printers 60
User 61
Logs 63
KBOX Agent Logs 63
Portal Install Logs 64
Scripting Logs 64
Security 63
Oval Vulnerabilities 63
Patching Detect/Deploy Status 63
Threat Level 5 List 63
Software 61
Custom Inventory Fields 62
Installed Patches via Inventory 62
Installed Programs 61
Running Processes 62
Services 62
Startup Programs 62
Uploaded Files 62
Summary 58
Computer Notifications 57
Computer statistics 13, 275
Computers 290
Configuration Policies 157
Conventions xiii
Custom Data Fields 71
Custom Inventory ID (rule) 69
Customize download page 137
CVE 179
D
Daily Run Output 354
Database Tables 337
Date & Time Settings 26
Default Role 284
Delete a configuration 40, 41
Deployment Options 15
Desktop Settings
Desktop Settings 158
Desktop Shortcuts Wizard 159
Detect and Deploy Patches 172
Digital Asset 72
Disable a configuration 42
Disk log status data 303
Distribution 103
Distributing Packages through an Alternate Location 105
Distributing Packages through KBOX 104
Types of Distribution Packages 104
DNS 4
Download Location 105
Duplicate a configuration 40
E
Edit Mode Link xiii
E-mail Alerts 239
Enable a configuration 41
Enable Tether xvii
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 393
Escalation process 221
Event Log Reporter 160
F
Factory settings 297
File Synchronizations 124
G
General settings 16
Generating Reports 94
Global Search 14
H
Help Desk 206
Help Desk E-mail 213
Help Desk fields 210
Category Values 210
custom value fields 212
Help Desk Customization page 210
Impact values 212
Priority values 211
Status Values 210
Ticket List View 213
Help Desk Reports 223
Help Desk Tickets 217
Helpdesk Queues 207
Home Module 9
I
Importing Asset 95
Installation Parameters 106
Inventory 55
IP Scan 97
iPhone 131
Administrative Access 131, 132
Asset Collection Script 134
Collection Settings Configuration 133
Configuration 135
Configuration Profiles 132
Profile Details 132
J
JumpStart Program xvii
K
KACE Professional Services xviii
KBOX Agent Update 47
Agent Patches 48
Update KBOX Agent Automatically 47
KBOX Appliance Components 2
KBScriptRunner 45
Knowledge Base 197
L
Labels 84
LDAP Browser 243
LDAP Browser Wizard 245
LDAP Easy Search 244
LDAP Filters 247
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 394
License Compliance 11
License key 298
Licensing 93
Log-in Script 16
Logs 301
M
Macintosh® Users 322
AppDeploy Live 329
Asset Management 329
Distribution 324
Inventory 323
Logs 329
Patching 328
Reporting 329
User Portal and Help Desk 328
Manage Enterprise Distribution 132
Managed Installations 106
Windows Platform 107
Managed Operating Systems 12
Manual Deployment of KBOX Agent 342
Linux 343
Macintosh® 347
Solaris 345
Manual Provisioning 34, 37
McAfee SuperDAT Updater 189
MIA Computers 83
MIA Settings 83
Minimum server version 297
Mobile UI into KBOX 137
MSI Installer policy 160
Multiple Machine Provisioning 29
N
Network Scan Summary 14, 276
Network Settings 258
Network Utilities 268
O
Organizational Components 3
Organizational Filters 287
Data Filter 287
LDAP Filter 287
Organizational Roles 284
Organizations 278
OVAL 179
OVAL definitions 300
OVAL Reports 183
OVAL Settings and Schedule 182
OVAL Tests 180
P
Patch Bulletin Information 13, 276
Patch Definitions 299
Deleting 299
Enhanced Content 299
Updating 299
Patching 167
Advanced Search 170
Enhancements 168
Patch Label 171
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 395
Patch Listing 169
Quality Assurance 167
Reports 176
Saved Search 170
Subscription Settings 169
Workflow 168
Processes 77
Provisioned Configurations 40
Provisioning Results 42, 43
Q
Quarantine Policy 190
Lift Quarantine Action 191
R
Rebooting KBOX 300
Redirecting computer(s) 291
Refiltering computer(s) 291
Registry Settings 157
Remote behavior 158
Replication 127
Replication Enhancements in KBOX Agent 4.3 130
Replication Share Details 129
Replication Share for patches 176
Reports 226, 308
Types of Reports 226, 308
Restoring KBOX 1000 Series Settings 296
Roles 203
Run Now Function 154
S
Satisfaction survey 222
Scheduled Scans 97
Script Detail 155
Scripting 143
Adding Scripts 145
Duplicating an existing script 153
Duplicating scripts 153
Editing Scripts 150
Importing scripts 152
Scripting Log Files 156
Search Filters - Computer Inventory 56
Search Filters - Software Inventory 67
Security 179
Security Policies 184
Disallowed Programs Settings 187
Internet Explorer Settings 184
McAfee AntiVirus Settings 188
Symantec AntiVirus Settings 189
XP SP2 Firewall Settings 186
Security Settings 262
Server Network Configuration 5
Server update 298
Service 81
Setting up your first KBOX Agent 14
Setting Up Your New KBOX server 4
Setup Location 4
Shutting down KBOX 300
Single Sign-On 269
Software Asset 71
Software Deployment Components 3
Software Distribution Summary 13, 275
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 396
Software Inventory 66
Software Library 195
Software Metering 74
Software statistics 13, 275
Software Threat Level 10
SSL Certificate Wizard 23, 264
Startup 79
Steps for Task sections 331
Summary 9
Support xiv
Support page xiv
Support ticket xv
System Console 2
System Console Users 260
System requirements 29
T
Tasks In Progress 12
Test Organization Filter 290
The KBOX Modules 6
The KBOX Summary 273
Ticket Attributes 218
Ticket Rules 214
Token Replacement Variables 153
Troubleshooting Tools 268
U
UltraVNC Wizard 162
Un-Installer 163
Unpacking the Appliance 4
Upgrading KBOX 294
Use Markdown 198
User Authentication 249
User Portal 3, 194
Administrator view 194
End user view 194
Users 199
Adding users automatically 201
Adding users manually 199
Importing users 201
V
Version 13
W
Wake-on-LAN 140
Troubleshooting Wake-on-LAN 141
Wake-on-LAN Request 140
Web Server Load 274
Windows Automatic Update Settings 164
Windows Debugging 302
Windows Update Policy 176
Administrator Guide for KBOX 1000 series, version 4.3 - 1200 397