Agents
Table of Contents:
◊ MachineStatus◊ InstallAgents◊ LANDiscovery◊ ConfigureAgents◊ UpgradeVersion
Agents
2 Chapter 2 - Agents Sadjadi et al.
Kaseya Virtual SystemAdministrator (hereafter VSA) allows for remote and automatic management ofcomputersandnetworkdevicesbothindividuallyandingroupsthatmaybespannedacrossdomains,clients,locationsoranyotherstructure.Thisgreatlyfacilitatesincreasedautomationbasedontheabilitytocreateanduse“bestpractices”andgreatlydecreasestheamountoftimeittakestocompleteroutinemaintenancetasks.Toachieve this,VSAprovides for configurationand installationof aKaseyaagent oneachof themanagedmachines.AsdepictedinFig.2.1,aKaseya agent (hereafteragent)isasoftwarethatisinstalledonamanagedmachinewiththesolepurposeofcarryingoutthetasksassignedbyVSAuser.Agentsarefullyconfigurabletofurtherfacilitateautomationandremotecontrol.Agentsareinstalledassystemservicesusingpackagesthatdefineexpectedbehavior.Eachinstalledagentrepresentsonlyonecomputerandusesuponeoftheavailableagentlicenses.UnderstandingtheagentfoundationconceptswillgreatlystreamlinethesuccessfulmanagementofmachinesusingVSA.
Agent GroupingVSA organizes managed computers (and therefore the agents they host) within an organization into ahierarchy.Thishierarchyplaceseachcomputerat auniqueposition that clearly identifies thepositionofthecomputer(eitherlogicalorphysical)withintheorganization.Thisway,anorganizationisdividedintoanumberofrelevantgroups,eachgroupisoptionallydividedintosubgroups,whichcouldinturnhaveitsownsubgroups.Thelastsubgroupcontainstheactualcomputersthataremembersofthatgrouporsubgroup.While for any organization, one can arrive atmultiple valid organizational hierarchies, existence of onlyonehierarchyissufficientforuniqueidentificationofmanagedmachines.Withinthishierarchy,machines,groups,andorganizations,arerespectivelyassignedMachineIDs,GroupIDsandOrganizationIDs.Itisthiscombination of MachineID.GroupID.OrganizationID that uniquely identifies each machine because eachagentininstalledononlyonemanagedcomputer.Uniqueidentificationofmanagedcomputerswillthereforeyielduniqueidentificationoftheirinstalledagents.
NotethatallmachineIDsbelongtoamachinegroupIDandoptionallyasubgroupID.AllmachinegroupIDsbelongtoanorganizationID.Anorganizationtypicallyrepresentsasinglecustomeraccount.Ifanorganizationissmall,itmayhaveonlyonemachinegroupcontainingtheentiremachineIDsinthatorganization.Alargerorganizationmayhavemanymachinegroupsandsubgroups,usuallyorganizedbytheirlocationornetwork.
Fig.2.2showsanexampleofanorganizationstructure.Inthisstructure,asingleorganizationhasvariousgroupsandeachgrouphasitsownsetofmachines.AgentsareinstalledoneachofthesemachinesandeachagentisassignedauniquemachineIDtodistinguishthemfromeachother.
Introduction
Fig. 2.1: Kaseya
agents can be deployed to
computers to monitor and
manage your network
Age
nts
3Chapter 2 - Agents Sadjadi et al.
AnorganizationcanhavemultiplesuborganizationsandgroupscanhavesubgroupsasshowninFig.2.3andFig.2.4
Machinegroupsaremembersoforganizations.Machinesub-groupsaremembersofmachinegroups.
Agent FilteringVSAenablesthefilteringofagentstolimitthenumberofmachinesdisplayedonallfunctionpagestothosethatarescreenedatthemoment.Therearethreewaystofilteragents:MachineID,MachineGroupandView.BydefaultVSAdisplaysallmachineIDsinallgroupswithnoviewsasshowninFig.2.5
Note: Even if VSA user selects “<All Groups>”, only groups the user is granted access to will be displayed.
Fig. 2.2: An example of a generic
organization structure
Fig. 2.3: Parent organizations
and child organizations
Fig. 2.4: Groups and sub-Groups
Agents
4 Chapter 2 - Agents Sadjadi et al.
Portionsofthispagearelabeledinthefigure.Abriefdescriptionforeachlabelisprovidedbelow.
1. Machine ID: IfaspecificmachineIDneedstobesearched,themachineIDoronlyitsbeginninglet-tersareenteredinthisfieldasshownintheFig.2.5aboveandtheApplybuttonisclicked.MakesurethattheappropriateMachinegroupisselected.IfyouarenotsureofthemachinegroupthemachineIDbelongsto,select“<AllGroups>”.
2. Machine Groups:Machinegroupscanbeselectedfromthedropdownbox.Forexample,if“ABC”isanorganizationwithmachinegroupssuchas“Sales”and“Marketing,”thegroupsarelistedas:
3. Views: ViewsprovidemoreflexibilityforfilteringoftheagentsbyallowinguserstodefinefiltersbasedonspecificcharacteristicsofthemachinesthatarehostingtheagentsasshowninFig.2.6andFig.2.7.Anynumberofviewscanbecreatedandsharedwithotheradministrators.AnewviewcanbecreatedbyclickingonEditbuttontotherightoftheViewsdrop-downlistasshowninFig.2.5andthenconfiguringattributesofthenewviewfromtheViewdefinitionwindowshowninFig.2.6-1andFig.2.6-2.
Group Name DescriptionABC ListsallmachineIDsundertheABCorganizationABC.Sales Lists allmachine IDs under theABCorganization/Sales
group.ABC.Marketing Lists all machine IDs under the ABC organization/
Marketinggroup.
Fig. 2.6-1 and Fig. 2.6-2: View
definitions
Fig. 2.5: Filtering by Machine ID,
Machine group and View
Age
nts
5Chapter 2 - Agents Sadjadi et al.
TheViewdefinitionswindowletsyoufurtherrefineamachineID/machinegroupfilterbasedonat-tributescontainedoneachmachineasshowninthefigureabove.TheavailableoptionsintheViewdefinitionswindowareexplainedbelow:
View by Machine ID• Set machine ID - CheckingthisboxoverridesanyvaluesetfortheMachineIDfieldontheMa-chineID/GroupIDfilterpanelwiththevalueenteredhere.TheMachineIDfieldontheMachineID/GroupIDfilterpanelisdisabledtopreventinadvertentchangeswhiledisplayingaviewwithSetmachineIDselected.• Set group ID - CheckingthisboxoverridestheGroupIDfilterontheMachineID/GroupIDfilterpanelwiththevalueenteredhere.TheGroupIDfieldontheMachineID/GroupIDfilterpanelisdisabledtopreventinadvertentchangeswhiledisplayingaviewwithSetgroupIDselected.• Only show selected machine IDs –AviewneedstobesavedfirstbeforeselectingmachinesIDsusingthisoption.Oncetheviewissaved,a<N>machinesselectedlinkdisplaystotherightofthisoption.Clickthislinktodisplayadefinecollectionwindow,whichallowsyoutocreateaviewusinganarbitrarycollectionofmachineIDs.
View by Network Status and Address• Show machines that have / have not / never been online in the last N periods -ChecktolistthosemachineswhoseagentshavecheckedintotheKServer,ornot,withinthespecifiedperiodoftime.UsetheNeveroptiontofiltermachineIDtemplateaccounts,becausetheseaccountsnevercheckin.• Show machines that are suspended / not suspended -Checktolistmachinesthataresuspend-edorarenotsuspended.• Show machines that have/have not rebooted in the last N periods-Checktolistmachinesthathavenotrebootedinthespecifiednumberofperiods.• Machines with Credential status -Checktolistmachineswiththeselectedcredentialstatus.• Connection gateway filter -Checktoonlylistmachinesthathaveaconnectiongatewaymatchingthespecifiedfilter.Includeanasterisk“*”wildcardwiththetextyouentertomatchmultiplerecords.
Example:66.221.11.*matchesallconnectiongatewayaddressesfrom66.221.11.1through66.221.11.254.
• IP address filter-ChecktoonlylistmachinesthathaveanIPaddressmatchingthespecifiedfilter.Includeanasterisk“*”wildcardwiththetextyouentertomatchmultiplerecords.
Example:66.221.11.*matchesallIPaddressesfrom66.221.11.1through66.221.11.254.
View by Operating System• OS Type -ChecktoonlylistmachinesthatmatchtheselectedoperatingsystemasreportedusingtheAudit>Name/OSInfo.• OS Version -ChecktoonlylistmachinesthatmatchtheOSversionstringasreportedusingAudit>Name/OSInfo.Usethisfiltertoidentifymachinesbyservicepack.
View Machines Based on Procedure History/Status• With agent procedure scheduled/not scheduled -Checktoonlylistmachinesthathavethespecifiedagentprocedureeitherscheduledtorunornot.• Last execution status success/failed -Checktoonlylistmachinesthathavealreadyexecutedtheselectedagentprocedure.Selecttheappropriateradiobuttontolistmachinesthatsuccessfullyexecutedtheagentprocedureorfailedtoexecutetheagentprocedure.• Agent procedure has / has not executed in the last N days -Checktoonlylistmachinesthathaveorhavenotexecutedtheagentprocedureinthespecifiedperiodoftime.
View Machines by Application• Contains/Missing application -Checktoonlylistmachinesthathave,ordon’thave,anapplica-tioninstalledusingthespecifiedfilter.Includeanasterisk“*”wildcardwiththetextyouentertomatchmultiplerecords.• Version string is > < = N -Checktofurtherrefinetheapplicationfilterwithaversionnumbergreaterthan,lessthanorequaltoaspecifiedvalue.
Agents
6 Chapter 2 - Agents Sadjadi et al.
View Machines by Patch Update• Show/Hide members of patch policy-CheckingthisboxworkstogetherwiththemachineIDandgroupIDfilterstoonlylistspecificmachinesbelonging(Show)ornotbelonging(Hide)toaspecificpatchpolicy.• Machines that have no patch scan results (unscanned) -Checktoonlylistmachinesthathavenotbeenscannedformissingpatches.• Machines missing greater than or equal to N patches -ChecktoonlylistmachinesmissingaspecifiednumberofMicrosoftpatches.• Use Patch Policy -ChecktoonlylistmachinesmissingaspecifiednumberofapprovedmissingMicrosoftpatches.• Patch scan schedule / not schedule-Checktoonlylistmachineswitheitherapatchscheduledornotscheduled.• Last execution status for patch scan success / failed -Checktoonlylistmachineswhosepatchscansucceededorfailed.• Patch scan has / has not executed in the last <N> <periods>-Checktoonlylistmachineswhosepatchscanhasorhasnotexecutedwithinaspecifiedtimeperiod.• Machines with Reboot Pending for patch installations -Checktoonlylistmachineswithare-bootpendingforpatchinstallations.• Machines with Patch Test Result -Checktoonlylistmachineswiththeselectedpatchtestresult.• MachineswithPatchAutomaticUpdateconfiguration-Checktoonlylistmachineswiththeselectedautomaticupdateconfiguration.• Machines with Patch Reboot Action configuration -Checktoonlylistmachineswiththeselect-edRebootActionconfiguration.• Machines with Patch File Source configuration -Checktoonlylistmachineswiththeselectedpatchfilesourceconfiguration.• Machines missing a specific patch (identified by the patch’s 6 digit KB Article ID) -Checktoonlylistmachinesmissingaspecificpatch.
View Machines by Agent Data• Advanced Agent Data Filter-CheckandclicktheDefineFilterbuttontofurtherrefinetheviewusingtheFilterAggregateTable.
AdvancedagentdatafilteroptionsareshowninFig.2.7.Advancedfilteringletsyoudesigncomplexsearchestoisolatedatatojustthosevaluesthatistobesearched.Thefieldsareselfexplanatoryanddependingontherequirementthevaluescanbeenteredintheappropriatefieldstofilterthedata.
Fig. 2.7: Advanced
agent data filter
Age
nts
7Chapter 2 - Agents Sadjadi et al.
Agent Functions OverviewFig.2.8showstheavailablefunctionsintheagentmodule.Thelistofagentfunctionsandabriefde-scriptionoftheiruseislistedinthetablebelow.Inthefollowingsections,eachfunctionisexplainedindetail.
Fig. 2.8Agent
Functions
Section Function Description2.1 MachineStatus2.1.1 AgentStatus Displaysactiveuseraccounts,IPad-
dressesandlastcheck-intimes.2.1.2 AgentLogs Displayslogsof:
• Agentsystemanderrormessages• Executionofagentprocedures,whethersuccessfulorfailed.• Configurationchangesmadebyauser.• Send/receivedataforapplicationsthataccessthenetwork.• Application,System,andSecurityeventlogdatacollectedfrommanagedmachine.• Alarmlog• Remotecontrollog• Logmonitoring
2.1.3 LogHistory Specifieshowlongtostorelogdata.2.1.4 EventLogSettings Specifieseventlogtypesandcategories
includedineventlogs.2.2 InstallAgents2.2.1 Create CreatesmachineIDaccountsand/or
installpackagesforinstallingagentsonsinglemachines.
2.2.2 Delete DeletesmachineIDaccounts.2.2.3 Rename RenamesexistingmachineIDaccounts.
Agents
8 Chapter 2 - Agents Sadjadi et al.
2.2.4 ChangeGroup Reassignsmachinestoadifferentma-chinegrouporsubgroup.
2.2.5 DeployAgents Createsagentinstallpackagesforinstall-ingagentsonmultiplemachines.
2.3 LANDiscovery2.3.1 LANWatch Usesanexistingagentonamanaged
machinetoperiodicallyscanthelocalareanetworkforanyandallnewdevicesconnectedtothatLANsincethelasttimeLANWatchran.
2.3.2 InstallAgents InstallstheagentonaremotesystemandcreatesanewmachineID/groupIDaccountforanynewPCdetectedbyLANWatch.
2.3.3 ViewLAN DisplaystheresultsofthelatestLANWatchscan.
2.3.4 ViewADComputers ListsallcomputerslistedinanActiveDirectorywhenLANWatchrunsonasystemhostingActiveDirectory.InstallsagentsonADmachines.
2.3.5 ViewADUsers ListsallActiveDirectoryusersdiscoveredbyLANWatchwhenLANWatchrunsonasystemhostingActiveDirectory.CreatesVSAusersfromADusers.
2.3.6 ViewvPro DisplayshardwareinformationaboutvPro-enabledmachinesdiscoveredwhilerunningLANWatch.
2.4 ConfigureAgents2.4.1 CopySettings Masscopiessettingsfromonemachine
accounttoothermachineaccounts.2.4.2 Import/Export Importsandexportsagentsettings,
includingscheduledagentprocedures,assignedmonitorsets,andeventsets,asXMLfiles.
2.4.3 Suspend Suspendsallagentoperations,suchasagentprocedures,monitoring,andpatch-ing,withoutchangingtheagent’ssettings.
2.4.4 AgentMenu Customizestheagentmenuonmanagedmachines.
2.4.5 Check-InControl Controlsagentcheck-infrequencyonagentmachines.
2.4.6 WorkingDirectory Setsthepathtoadirectoryusedbytheagenttostoreworkingfiles.
2.4.7 EditProfile Editsmachineaccountinformation.2.4.8 PortalAccess Setsupaccountstoallowmachineus-
ersremotecontrolaccesstotheirownmachines.
2.4.9 SetCredential SetsalogoncredentialfortheagenttouseinPatchManagement,theUseCredentialprocedurecommand,KaseyaEndpointSecurity,andDesktopPolicyandMigration.
Age
nts
9Chapter 2 - Agents Sadjadi et al.
2.1.1 Agent StatusTheAgentStatuspageprovidesasummaryviewofawidevarietyofagentdata.Anydatapertainingtotheagentcanbeobtainedbyselectingtheappropriatedatacolumn.Thedatacolumnsarefullycustomizableandcanbeselectedaccordingtotherequirements.Fig.2.9showsageneralviewoftheagentstatuspage.Portionsofthispagearelabeledinthefigure.Abriefdescriptionforeachlabelisprovidedbelow.
1. Select Columns:Selectcolumnscanbeusedtospecifywhichcolumnsaretobedisplayedintheagentstatuswindow.Fig.2.10showstheColumnSelectwindow.Theorderingofthecolumndatacanberearrangedusingtheupanddownarrowbuttons.
Example:DisplaytheMachineID,Currentuser,LastRebootTime,LastCheckinTime,GroupID&TimeZone.
1. SelectMachine IDintheNotDisplayedwindow.ClickAdd>>2. SelectCurrent User intheNotDisplayedwindow.ClickAdd>>3. SelectLast ReboottimeintheNotDisplayedwindow.ClickAdd>>4. SelectLast CheckintimeintheNotDisplayedwindow.ClickAdd>>5. SelectGroup ID intheNotDisplayedwindow.ClickAdd>>6. Select Time ZoneintheNotDisplayedwindow.ClickAdd>>
OncealltheoptionsareselectedandaddedtotheDisplayedwindow,theApplybuttonmustbeclickedtoapplythedesiredsettings.
Fig. 2.10: Select columns
2.5 UpgradeVersion2.5.1 UpdateAgent Updatestheagentsoftwareonmanaged
machines.
2.1 Machine Status
Fig. 2.9: Agent status page
Agents
10 Chapter 2 - Agents Sadjadi et al.
VSAprovidesawidevarietyofagentdatathatcanbedisplayedintheAgentstatuspageaccordingtotherequirements.Thelistofcolumndataalongwithabriefdescriptionthatcanbeselectedislistedbelow.
Column DescriptionMachineID MachineIDlabelusedthroughoutthesystem.GroupID ThegroupIDportionofthemachineID.LastCheckinTime MostrecenttimewhenamachinecheckedintotheKServer.FirstCheckinTime TimewhenamachinefirstcheckedintotheKServer.LastRebootTime Timeofthelastknownrebootofthemachine.TimeZone Thetimezoneusedbythemachine.ComputerName Computernameassignedtothemachine.Domain/Workstation Theworkgroupordomainthecomputerbelongsto.AgentGUID AgloballyuniqueidentifierforamtachineID.groupIDaccountandits
correspondingagent.DNSComputerName ThefullyqualifiedDNScomputernameforthemachine,whichcomprises
thecomputernameplusthedomainname.Forexample:jsmithxp.acme.com.Displaysonlythecomputernameifthemachineisamemberofaworkgroup.
OperatingSystem Operationsystemtypethemachineisrunning.OSVersion Operationsystemversionstring.IPAddress IPaddressassignedtothemachine.SubnetMask Networkingsubnetassignedtothemachine.DefaultGateway Defaultgatewayassignedtothemachine.ConnectionGateway IPaddressseenby theKServerwhen thismachinechecks in. If the
machine isbehindaDHCPserver, this is thepublic IPaddressof thesubnet.
Country ThecountryassociatedwiththeConnectionGateway.MACAddress MACaddressoftheLANcardusedtocommunicatewiththeKServer.DNSServer1,2 IPaddressoftheDNSserversassignedtothemachine.DHCPServer TheIPaddressoftheDHCPserverusedbythismachine.Primary/SecondaryWINS
WINSsettings.
CPUType Processormakeandmodel.CPUSpeed Clockspeedoftheprocessor.CPUCount ThenumberofCPUs.RAMSize MBytesofRAMonthemachine.AgentVersion VersionnumberoftheKaseyaagentloadedonthemachine.CurrentUser Logonnameofthemachineusercurrentlyloggedintothemachine(if
any).LastLoggedInUser Logonnameofthelastpersontologintothemachine.PortalAccessLogon LogonnamegiventoamachineuserforloggingintotheKServer.PortalAccessRemoteControl
Enabledifthismachineusercanloginandgetremotecontrolaccesstotheirownmachinefromanothermachine.Disabledifaccessisdenied.
Age
nts
11Chapter 2 - Agents Sadjadi et al.
PortalAccessTicketing Enabledifthismachineusercanloginandentertroubletickets.Disabledifaccessisdenied.
PortalAccessChat EnabledifthismachineusercaninitiatechatsessionswithaVSAuser.Disabledifaccessisdenied.
Primary/SecondaryKServer
IPaddress/namethemachineusestocommunicatewiththeKServer.
QuickCheckinPeriod Quickcheckintimesettinginseconds.ContactName MachineusernameenteredinEditProfile.ContactEmail EmailaddressenteredinEditProfile.ContactPhone PhonenumberenteredinEditProfile.ContactNotes NotesenteredinEditProfile.Manufacturer Systemmanufacturer.ProductName Systemproductname.SystemVersion Productversionnumber.SystemSerialNumber Systemserialnumber.ChassisSerialNumber Serialnumberontheenclosure.ChassisAssetTag Assettagnumberontheenclosure.ExternalBusSpeed Motherboardbusspeed.MaxMemorySize Maxmemorysizethemotherboardcanhold.MaxMemorySlots Totalnumberofmemorymoduleslotsavailable.ChassisManufacturer Manufactureroftheenclosure.ChassisType Enclosuretype.ChassisVersion Enclosureversionnumber.MotherboardManufacturer
Motherboardmanufacturer.
MotherboardProduct MotherboardproductID.MotherboardVersion Motherboardversionnumber.MotherboardSerialNum
Motherboardserialnumber.
ProcessorFamily Processortypeinstalled.ProcessorManufacturer Processormanufacturer.ProcessorVersion ProcessorversionID.CPUMaxSpeed Maxprocessorspeedsupported.CPUCurrentSpeed Speedprocessoriscurrentlyrunningat.vProHostName ThenameofthevProenabledmachinesetbyvProconfiguration.vPro-ComputerName ThenameofthevPro-enabledmachinesetbytheoperatingsystem.vPro-Model ThemodelofthevPro-enabledmachine.vPro-Manufacturer ThemanufacturerofthevPro-enabledmachine.vPro-Version TheversionofthevPro-enabledmachine.vPro-SerialNumber TheserialnumberofthevPro-enabledmachine.vPro-AssetNumber AnassetmanagementidentifierassignedtothevPro-enabledmachine.vPro-MotherboardManufacturer
ThemanufacturerofthemotherboardofthevPro-enabledmachine.
vPro-MotherboardVersion
TheversionnumberofthemotherboardofthevPro-enabledmachine.
Agents
12 Chapter 2 - Agents Sadjadi et al.
2. Filter: Filterisusedfordisplayingselectiveinformationofrowsinthepagingarea.Forexample,tosearchforthemachineID“pc1.cec.fiu-johndoe”,enter“pc1*”inthetextboxinthewindowasshownintheFig.2.11nexttoMachineID.
Note: “*” asterisk wildcard can be used with the text you enter to match multiple records.
3. Reset filter:TheResetfilterisusedtoclearallthefiltersettings.Thisoptionisnotdisplayedbyde-fault.Itisonlydisplayediftheadvancedfilterisselected.TheadvancedfiltercanbeusedbyselectingFilter.
Check-In StatusOnceamachineIDiscreatedforanagent,check-inicondisplaysnexttoeachmachineIDaccountinVSA.Theseiconsindicatetheagentcheck-instatusofeachmanagedmachine.TheseiconsappearinmostofthemodulesinVSAanditisimportanttoremembertheiconstoquicklydeterminethestatusoftheagentonaparticularmachine.Belowisalistofalliconsandabriefexplanationofthestatustheyindicate.
AgentisOnlinebutwaitingforfirstaudittocomplete. Agentisonline. Agentisonlineandusercurrentlyloggedon.Icondisplaysatooltipshowingthelogonname. Agentisonlineandusercurrentlyloggedon,butusernotactivefor10minutes. Agentiscurrentlyoffline. Agenthasnevercheckedin. Agentisonlinebutremotecontrolhasbeendisabled Agenthasbeensuspended
2.1.2 Agent LogsTheAgent Logs pagedisplays the logdata foreachof themanagedmachines.Foreach typeof logacorresponding logreport isprovided.Thishelps to identify theevents thatoccurredwithacorrespondingmanagedmachine.TheeventsalongwiththetimearedisplayedinthiswindowasshowninFig.2.12.
vPro-MotherboardSerialNumber
TheserialnumberofthemotherboardofthevPro-enabledmachine.
vPro-MotherboardAssetTag
An asset management identifier assigned to the motherboard of thevPro-enabledmachine.
vPro-BiosVendor ThevendoroftheBIOSofthevPro-enabledmachine.vPro-BiosVersion TheversionoftheBIOSofthevPro-enabledmachine.
Fig. 2.11: Advanced
filter
Age
nts
13Chapter 2 - Agents Sadjadi et al.
Note: The system automatically limits the number of log entries per log type per machine to 1000. Once the limit has been reached, if archiving is enabled, and deleted from the system, log entries exceeding the limit are archived,. The archive option is set in Agent > Log History.
Portionsofthispagearelabeledinthefigure.Abriefdescriptionforeachlabelisprovidedbelow.
1. Selecting Machine ID:SelectthemachineIDforwhichyouwanttoseetheloginformation.
2. Select Log: SelectLogallowsyoutochoosetheappropriateloginformationtobedisplayedfortheselectedmachineID.Thetypesoflogthatareavailableare:
• Alarm Log -Listsallalarmstriggeredfortheselectedmachine.• Monitor Action Log -Thelogofalarm conditions*thathaveoccurredandthecorrespondingac-tions,ifanyhasbeentakeninresponsetothem.• Agent Log -Displaysalogofagent,system,anderrormessages.• Configuration Changes -DisplaysVSAsettingschangesfortheselectedmachine.• Network Statistics -Displaysalogofsend/receivedatafornetworkapplications.• Event Logs -DisplayseventlogdatacollectedbyWindows.ItisnotavailableforWin9x.Onlyeventlogsthatapplytotheselectedmachinedisplayintheeventlogdrop-downlist.AmonitorwizardicondisplaysnexttoeventlogentriesintheVSAandinLiveConnect.Hover-ingthecursoroverthemonitorwizardiconofalogentrydisplaysawizard.Thewizardenablesyoutocreateaneweventsetcriteriabasedonthatlogentry.Theneweventsetcriteriacanbeaddedtoanyneworexistingeventset.Theneworchangedeventsetisimmediatelyappliedtothemachinethatservedasthesourceofthelogentry.Changinganexistingeventsetaffectsallmachinesassignedtousethateventset.ThemonitorwizardicondisplaysinLive Connect > Event Viewer,Live Connect > Agent Data > Event Log andAgent > Agent Logs.
• Agent Procedure Log -Displaysalogofsuccessful/failedagentprocedures.• Remote Control Log -Displaysalogofsuccessful/failedremotecontrolsessions.• Log Monitoring -DisplaysLogmonitoringentries.
Fig. 2.12:Agent Logs
Fig. 2.13: Events per
page
Alarm Condition :Analarmconditionexistswhenamachine’sperformancesucceedsorfailstomeetpre-definedcriteria.
Agents
14 Chapter 2 - Agents Sadjadi et al.
3. Events per page:Eventsperpageallowyoutospecifythenumberofrowsthatcanbedisplayedintheagentlogspage.
Example:Selecting“10”fromthedropdownmenuasshowninFig.2.13belowwoulddisplay10rowsofevents.
4. Filter:Filteroptionisusedtorestricttheamountofdatadisplayed.TheEventlogfilterhasdifferenteventcategories.Youcanspecifyadifferentadvancedfilterforeacheventcategoryandcolumnofdatadisplayed.Afterpopulatingtheoptions,clickApply.BydefaultApplyEventLogfilterisselected.Iftheoptionisnotselected,thefiltersarenotapplied.
5. Start Date / End Date / Refresh:Thisoptionallowsyoutofilterthelogdatabyspecifyingthedaterange.ClickRefreshtoseethenewfiltereddata.
2.1.3 Log HistoryTheLog Historypage(Fig.2.14)determinesthenumberofdaystostorethelogonaperlogbasisforeachmachineID.Thesesettingsaresetasdefault fromtheagent installpackage(seesection2.2fordetails).Thispagealsodetermineswhetheragentlogdataissubsequentlyarchivedtotextfileslocatedonanetworkdirectory.
• LogdataisdisplayedusingAgentlogsorprintedtoareportusingInfo Center > Reporting > Logs. • System > Check-in-Policy canrestrictthenumberofdaysuserscankeeplogentries,toavoidplacingunduestressonserversrunningtheKServerservice.
Log File LocationsMonitoring data log archives are stored in the <KaseyaRoot>\UserProfiles\dbBackup directory.This is toimproveperformanceonsystemswherethelogdatabaseisonadifferentserver.AllotheragentlogarchivesarestoredinthedirectoryspecifiedbytheSystem > Configure > Log file archivepathfield.
Portionsofthispagearelabeledinthefigure.Abriefdescriptionforeachlabelisprovidedbelow.
1. Set days to keep log entries, check to archive to file:Setthenumberofdaystokeeplogdataforeachtypeoflog.Checkthecheckboxforeachlogtoarchivelogfilespasttheircutoffdate.
• Agent Log -Thelogofagent,system,anderrormessages.• Configuration Changes-Thelogofconfigurationchangesmadebyeachuser.• Network Statistics-Thelogofincomingandoutgoingpacketcountinformationandtheapplica-tionorprocesstransmittingand/orreceivingsuchpackets.Thisinformationcanbeviewedindetail
Fig. 2.14: Log History
Age
nts
15Chapter 2 - Agents Sadjadi et al.
usingAgent>AgentLogs>NetworkStatistics.• Agent Procedure Log-Displaysalogofsuccessful/failedagentprocedures.• Remote Control Log -Displaysalogofremotecontrolevents.• Alarm Log -Thelogofallalarmsissued.• Monitor Action-Thelogofalarmconditionsthathaveoccurredandthecorrespondingactions,ifanythathavebeentakeninresponsetothem.• SYS log-Thelogofallsystemcheckexternalsystems.
2. Set days to keep monitoring logs for all machines:Thefollowingmonitoringlogsettingsareap-pliedsystem-wide.• Event Log -Thelogofallevents.TheeventscollectedarespecifiedinmoredetailusingAgent>Eventlogsettings• Monitor Log -Thelogofdatacollectedbymonitoringsets.• SNMP Log-ThelogofalldatacollectedbySNMPsets.
3. Select All Archive / Unselect All Archive:ClickSelect All Archivelinktocheckallarchivecheck-boxesonthepage.ClickUnselect AllArchivelinktouncheckallarchivecheckboxesonthepage.
4. Update:ClickUpdatetoupdateselectedmachineIDswithagentlogsettings.
2.1.4 Event Log SettingsAnEventLogservicerunsonWindowsoperatingsystems(NotavailablewithWin9x)anditenableseventlogmessagestobeissuedbyWindowbasedprogramsandcomponents.Theseeventsarestoredineventlogslocatedoneachmachine.TheeventlogsofmanagedmachinesstoredintheKServerdatabase,serveasthebasisofalertsandreports,andbearchived.TheEvent LogSettings page as shownbelow inFig. 2.15 specifies the event log types and categoriesincludedinAgent > Log History.ThelistofeventlogtypesavailableonthispagecanbeupdatedusingMonitor > Updatelistsbyscan.
Portionsofthispagearelabeledinthefigure.Abriefdescriptionforeachlabelisprovidedbelow.
1. Event log types:Dependingontheoperatingsystem,theeventlogtypesavailableincludebutarenotlimitedto:• Applicationlog• DirectoryService• DNSServer• InternetExplorer• Security• System
Fig. 2.15: Event Log Settings
Agents
16 Chapter 2 - Agents Sadjadi et al.
2. Event categories:TheeventcategoriesstoredbyVSAforthismachineIDandeventlog:• Error• Warning• Information• SuccessAudit• FailureAudit• Critical-AppliesonlytoVista.• Verbose-AppliesonlytoVista.
3. Update:AddseventlogtypeslistedintheAssigned Event LogslistboxtothesetofeventlogtypesalreadyassignedtoselectedmachineIDs.
4. Replace:ReplacesalleventlogtypesassignedtoselectedmachineIDswiththeeventlogtypeslistedintheAssigned Event Logslist.
5. ClearAll:ClearsalleventlogtypesassignedtoselectmachineIDs.
To specify Event Log Settings:
1. ClickaneventlogtypeintheEvent Log Types listbox.Holddownthe[Ctrl]keytoclickmultipleeventlogtypes.2. ClickAdd>> orAdd all>>toaddeventlogtypestotheAssigned Event Typeslistbox.Click<<Removeor<<Removealltoremoveeventlogtypesfromthe Assigned Event Typeslistbox.3. Checkoneormoreeventcategories:Error, Warning, Information, Success Audit, Failure Audit, Critical, Verbose.4. SelectoneormoremachineIDs.5. ClickUpdateorReplacetoapplythesesettingstoselectedmachineIDs.
Flood DetectionIf1000events,notcountingblacklisteventsareuploadedtotheKServerbyanagentwithinonehour,furthercollectionofeventsofthatlogtypearestoppedfortheremainderofthathour.Aneweventisinsertedintotheeventlogtorecordthatcollectionwassuspended.Attheendofthehour,collectionautomaticallyresumes.ThispreventsshorttermheavyloadsfromswampingyourKServer.Alarmdetectionandprocessingoperatesregardlessofwhethercollectionissuspended.
2.2.1 CreateTheCreatepagecreatesamachineIDaccountandanagentinstallpackageforasinglemachine.YoucreatethemachineIDaccountfirst,andthencreateaninstallpackageforonesinglemachine.TypicallytheCreatepageappliesto:
• Machine ID templates-Inthiscase,noinstallpackageneedstobecreated,sinceagenttem-platesarenotintendedforinstallationtoamachine.• Secured environments-Securedenvironmentsmayrequireeachmachinebesetupmanually.Forexample,youmightberequiredtonameanewmachineIDaccountmanuallyand/orcreateanagentinstallpackagewithauniquecredentialforasinglemachine.Ausermustbeloggedintoatargetmachinelocallytoinstallthepackage.
Agent license counts
Thefollowingeventsaffectagentlicensecounts:
2.2 Install Agents
Age
nts
17Chapter 2 - Agents Sadjadi et al.
• An“unused”agentlicenseischangedto“used”ifamachineIDaccountiscreatedandtheagentinstalled.• Iftheagentisdeletedbutnottheaccount,theagentlicenseisstillconsidered“used”.• Iftheaccountisdeleted,regardlessofwhathappenstotheagent,theagentlicensegoesbackto“unused”.• Ifanaccountiscreated,buttheagentisnotyetinstalledthefirsttime,theaccountiscalledanagenttemplate.Agenttemplateaccountsarenotcountedas“used”untilyouinstalltheagent.
Including credentials in agent install packagesIfnecessary,anagentinstallpackagecanbecreatedthatincludesanadministrator credential*toaccessacustomernetwork.Credentialsareonlynecessaryifusersareinstallingpackagesonmachinesanddonothaveadministratoraccesstotheirnetwork.Theadministratorcredentialisencrypted,neveravailableincleartextform,andboundtotheinstallpackage.
Operating System SelectionAgentpackagescanbecreatedtoinstallagentsonmachinesrunningeitherWindowsorMacintoshoperatingsystems,ortoautomaticallychoosethetypeofoperatingsystemofthedownloadingcomputer.
Machine ID templatesMachineIDtemplateisamachineIDrecordwithoutanagent.SinceanagentneverchecksintoamachineID templateaccount, it isnotcountedagainstyour total licensecount.YoucancreateasmanymachineIDtemplatesasyouwantwithoutadditionalcost.Whenanagentinstallpackageiscreated,thepackage’ssettingsaretypicallycopiedfromaselectedmachineIDtemplate.MachineIDtemplatesareusuallycreatedandconfiguredforcertaintypesofmachine.Machinetypeexamplesincludedesktops,Autocad,Quickbooks,smallbusinessservers,Exchangeservers,SQLServers,etc.AcorrespondinginstallpackagecanbecreatedbasedoneachmachineIDtemplateyoudefine.
Thefollowingoperationscanbeperformedwiththehelpofagenttemplates.
• CreatemachineIDtemplatesusingAgent > Create.• ImportamachineIDtemplateusingAgent > Import/Export.• DeployanagentinstallpackageonanagenttemplateusingAgent > Deploy Agents.• CopyselectedsettingsfromagenttemplatestoexistingmachineIDaccountsusingAgent > Copy Settings.• IdentifythetotalnumberofagenttemplateaccountsinyourVSAusingSystem > Statistics.• ConfiguresettingsfortheagenttemplateusingthestandardVSAfunctions• SeparateagenttemplatesarerecommendedforWindowsandMacintoshmachines.• AlternativelyapackagecanbecreatedthatselectstheappropriateOSautomaticallyandcopyset-tingsfromatemplatethatincludesanagentprocedurethatusesOSspecificsteps.
1. SelectamachineIDfromthepagingareaasshowninFig.2.16abovebyclickingontheradiobuttonnexttoit.2. ClickonSet.YoucannoticethatthemachineIDthatwasselectedappearsunderCopy new ac-
Fig. 2.16: Copy Settings while creating machine ID
Credential:Acredentialisthelogonnameandpasswordusedtoauthenticateauserorprocess’saccesstoamachineornetworkorsomeotherresource.
Agents
18 Chapter 2 - Agents Sadjadi et al.
count settingsfromasshowninthefigureabove.3. EnterthenameofthemachineIDintheNew machine IDfieldandclickCreate.
Note: If you do not include a machine ID to copy from and click Create, a new, usable machine ID account is created using KServer defaults. You can copy settings between existing machine ID accounts at any time using Agent > Copy Settings.
Fig.2.17belowshowsthegeneralviewandalltheavailablefunctionsthataresupportedontheCreatepage.
1. New Machine ID:EnterauniquenameforthenewmachineIDyouarecreating.
2. Group ID:SelectanexistinggroupIDforthenewmachineIDyouarecreating.Thedefaultisroot.unnamedGroupIDsarecreatedbyaVSAuserusingSystem>Orgs/Groups/Depts>Manage.
3. Create:ClickCreatetocreatethenewmachineIDfortheselectedgroupID.
4. Set/Clear new accounts created in group ID <GroupID> copy settings from <Machine ID>:ForeachgroupIDyoucanspecifyadifferentdefaultmachineIDtocopysettingsfrom.
• SelectamachineIDtocopysettingsfrombyclickingtheradiobuttonnexttoanymachineIDlistedinthepagingarea.• SelectagroupIDfromthegroup ID drop-downlist.• ClicktheSettoensurethatnewmachineIDsyoucreatefortheselectedgroupIDwillcopysettingsfromtheselecteddefaultmachineID.• Clickthelinktoremovethisassignment.
5. Set/Clear accounts created in unassigned group IDs copy settings from <Machine ID>:ThisoptionspecifiesthedefaultmachineIDtocopysettingsfromifnodefaultmachineIDissetforagroupID.Thisoptiononlydisplaysformasterroleusers.
• SelectamachineIDtocopysettingsfrombyclickingtheradiobuttonnexttoanymachineIDlistedinthepagingarea.Initiallythisvalueissettounassigned.• ClickSettoensurethatnewmachineIDscreatedwithoutagroupdefaultmachineIDcopysettingsfromthemasterroleuser’sdefaultmachineID.Initiallythisvalueissettounas-signed.• ClicktheClearlinktoremovethisassignment.
2.2.2 DeleteTheDeletepage(Fig.2.18)deletesthreedifferentcombinationsofmachineIDaccountsandagents.
• Uninstall agent first at next check-in:Uninstalltheagentfromthemachineandremovethema-chineIDaccountfromtheKServer.Theaccountisnotdeleteduntilthenexttimetheagentsuccess-
Fig. 2.17: Create Page
Age
nts
19Chapter 2 - Agents Sadjadi et al.
fullychecksin.• Delete account now without uninstalling the agent:LeavetheagentinstalledandremovethemachineIDaccountfromtheKServer.• Uninstall the agent and keep the account:Uninstalltheagentfromthemachinewithoutremov-ingthemachineIDaccountfromtheKServer.
Portionsofthispagearelabeledinthefigure.Abriefdescriptionforeachlabelisprovidedbelow.
1. Machine.Group ID:ThelistofMachine.GroupIDsisdisplayedbasedontheMachineID/GroupIDfilterandthemachinegroupstheuserisauthorizedtoview.
2. Select Uninstall/Delete option:Makeachoiceofuninstall/deletedependingontherequirement.
3. Delete Accounts:Deleteaccountsoptiondeletes/uninstallthemachineIDthatwasselecteddependingontheoptionselected.
4. Clean Database:RemovingamachineaccountusingthisDeletepagemarksthemachineac-countfordeletion.Actualdeletionusuallyoccursduringoffhourstopreserveresourcesduringworkinghours.Therearesomecaseswhereitisusefultopurgemachineaccountsimmediately.Forexample,yourKServermayexceedtheagentlicensecount.ClickClean Databasetoimmediatelypurgema-chineaccountsthatarealreadymarkedfordeletion.
5. Select old accounts that have not checked in since <date>:ClicktheSelect oldhyperlinktocheckallmachineIDsinthepagingareathathavenotcheckedinsincethespecifieddate.ThisisaneasywaytoidentifyandremoveobsoletemachineIDs.
6. Last Check-In:Displaysthetimethemachine’sagentlastcheckedintotheKServer.Agentsthathavenotchecked-inrecentlydisplaythisinformationinredtext.
2.2.3 RenameThe Rename pagerenamesanyexistingmachineIDaccounttoanewone.YoucanchangethemachineIDand/orre-assign it toadifferentgroupID.TheRenamepageisshowninFig.2.19andall theoptionssupportedbythismodulearelistedbelow.
Fig. 2.18: Delete Page
Agents
20 Chapter 2 - Agents Sadjadi et al.
1. Rename Account:ThisoptionrenamesaselectedmachineIDaccounttoanewone.
2. Merge offline account <Offline Machine ID> into <Select Machine ID> Delete <Offline Ma-chine ID> after merge:Mergeoptionisusedtocombinelogdatafromtwodifferentaccountsintothesamemachine.Thiscouldbenecessaryifanagentwasuninstalledandthenre-installedwithadiffer-entaccountname.Mergecombinestheaccountsasfollows:• Logdatafrombothaccountsarecombined.• Baseline Audit*datafromtheoldofflineaccountreplacesanybaselinedataintheselectedac-count.• Alertsettingsfromtheselectedaccountarekept.• Pendingagentproceduresfromtheselectedaccountarekept.Pendingagentproceduresfromtheoldofflineaccountarediscarded.• Theoldaccountisdeletedafterthemerge.
Theaboveoperationcanbeperformedasfollows:• Select Merge offline accountoptionandselectthemachineIDfromthedropdownmenu.• SelectamachineIDfromthelistofmachineID’sdisplayedinthepagingarea.• ClickMerge.
Note: Since the machine can only be active on a single account, only offline accounts are provided in the drop-down list to merge with.
3. New Name:EntertheNewNamefortheselectedmachineID.
4. Group ID:SelecttheGroupIDtoassigntotheselectedmachineIDaccount.ThedefaultleavesthegroupIDunchanged.
5. Machine.Group ID:ThelistofMachine.GroupIDsdisplayedisbasedontheMachineID/GroupIDfilterandthemachinegroupstheuserisauthorizedtoview.Clicktheradiobuttontotheleftofthemachineaccountyouwishtorename.
6. New name at next Check in:Liststhenewnameoftheaccountthenexttimethatagentchecksin.Onlypendingrenamesaredisplayedhere.
2.2.4 Change groupTheChangeGrouppage(Fig2.20)assignsasingleormultiplemachineIDsbelongingtoonegroupIDtoadifferentgroupID.MachinesthatarecurrentlyofflineareassignedtothenewgroupIDthenexttimetheycheckin.
Baseline audit:Theconfigurationofthesysteminitsoriginalstate.Typicallyabaselineauditisperformedwhenasystemisfirstsetup.
Fig. 2.19: Rename Page
Age
nts
21Chapter 2 - Agents Sadjadi et al.
1. Machine.Group ID:Thelistofmachine.groupIDsdisplayedisbasedonthemachineID/groupIDfilterandthemachinegroupstheuserisauthorizedtoview.
2. Select new group ID:SpecifythenewgroupIDtoassigntoeachselectedmachineIDfromthedropdownlist.
3. Move:TheMoveoptionassignsselectedmachineIDstotheselectedgroupID.
MovingaMachineIDtoaDifferentGroup
• SelectoneormoremachineIDsinthepagingarea.• SelectagroupIDfromtheSelect new group IDdrop-downmenu.• ClicktheMovebutton.
2.2.5 Deploy AgentsThe Deploy Agentpagecreatesanddistributesanagentinstallpackagetomultiplemachines.Agent > Create canbeusedtocreateamachineIDaccountandagentinstallpackageintwoseparatestepsandapplythemtoasinglemachine.Agent > Createcanalsobeusedtocreateagenttemplatesorre-installanagentforanexistingmachineID.
Note: To install agents on remote machines, use Agent > Install Agents
Deploy Agents Wizard
TheDeploy Agents installpackageiscreatedusingthe Configure Automatic Account Creationwizard.ThewizardcopiesagentsettingsfromanexistingmachineIDoragenttemplateandgeneratesaninstallpackagecalled“KcsSetup”.AllsettingsandpendingagentproceduresfromthemachineIDtheagentsettingsarecopiedfrom–exceptthemachineID,groupID,andorganizationID–areappliedtoeverynewmachineIDcreatedwiththepackage.
Including Credentials in Agent Install Packages
Ifnecessary,anagentinstallpackagecanbecreatedthatincludesanadministratorcredentialtoaccessacustomernetwork.Credentialsareonlynecessaryifusersareinstallingpackagesonmachinesanddonothaveadministratoraccesstotheirnetwork.Theadministratorcredentialisencrypted,neveravailableincleartextform,andisboundtotheinstallpackage.
Editing Existing Install Packages
TypicallyanexistingDeployAgentsinstallpackageiseditedjustbeforere-distribution.Themostcommonchangesmadetoaninstallpackageare:
Fig. 2.20: Change group
page
Agents
22 Chapter 2 - Agents Sadjadi et al.
• Pre-selectinganorganizationID,groupIDorsub-groupID.• Assigningacredential,ifnecessary.
Onceedited,theinstallpackagecanbere-createdanddistributedtoitstargetcustomerandlocation.
Distribution Methods
Oncetheagentinstallpackageiscreated,youcanusethefollowingmethodstothepackage:
1. Logon
• Windows-SetupanNTlogonproceduretoruntheinstallpackageeverytimeauserlogsintothenetwork.
Note: Windows 98 is not supported.
• Macintosh-SetupaMacOSXLoginHookProceduretoruntheinstallpackageeverytimeauserlogsintothenetwork.
2. Email
Email “KcsSetup” toalluserson thenetwork.Download theappropriate installpackage from theDeployAgentspage,andthenattachittoanemailonyourlocalmachine.Youcanalsocopyandpastethelinkofthedefaultinstallpackageintoanemailmessage.
3. LAN Watch
UserscandiscovernewlyaddedmachinesduringaLANWatchandsubsequently installagentsremotelyusingthe Agent > Install Agents page.
4. Active Directory
RunLANWatchonanActiveDirectorymachine.Fromthenon,WindowsagentscanbeinstalledautomaticallyonWindowsmachinesassoonasusersloginusingtheActiveDirectory.
5. Manual
Youcaninstructuserstodownloadaninstallpackageagentfromthe“http://<VSA_Address>/dl.asp”websitetotheirtargetmachines.Ifmorethanoneinstallpackageisdisplayedonthewebsite,instructuserswhichpackageshouldbeselected.Userscanexecutethe“KcsSetup”installerusinganyofthefollowingmethods:
Windows• Doubleclick“KcsSetup”tolaunchit.• Openacommand line window(CMD)andtype“KcsSetup”followedbyanydesiredcommandlineswitches.• SelectRunfromtheWindows Start menu andtype“KcsSetup”followedbyanydesiredcommandlineswitches.
Macintosh• Doubleclick“KcsSetup”tolaunchit.• Openaterminalprocess,navigatetowhere“KcsSetup”islocatedandlaunch“KcsSetup”followedbyanydesiredcommandlineswitches.
Default User Install PackagesEachusercanspecifytheirowndefaultinstallpackagebyselectingtheSetDefaultradiobuttontotheleftof thepackagename.Userscandownload theirowndefaultagent immediatelybyselecting theClick to
Age
nts
23Chapter 2 - Agents Sadjadi et al.
downloaddefaultAgentlinkontheDeployAgentspage.
Unique ID Number
Youcantelluserswhichinstallpackagetodownloadbyreferencingtheinstallpackage’suniqueIDnumber.(Example:http://<VSA_Address>/dl.asp?id=123).ThedefaultinstallpackageisdisplayedwithitsuniqueIDnumberintheheaderoftheDeployAgentspage.
Assigning New Machine IDs to Machine Group by IP Address
MaintainingmultipleagentinstallpackagesinAgent > Deploy Agents,oneforeachorganization,canbetimeconsuming.Insteadsomeserverprovidersuseasingleagentpackagefortheunnamedorganizationandperformallinstallsusingthispackage.System > Naming Policycanreassignnewagentstothecorrectorganization.groupIDautomatically–thefirsttimetheagentscheckin–basedoneachmanagedmachine’sIPorconnectiongateway.Agent > CopySettingsmaybescheduledafterwards,tocopyspecifickindsofagentsettingsbymachineIDtemplatetothetypeofmachinerevealedbythebaselineaudit.Thiscanbeautomatedusingagentprocedures.
Automatic Account CreationYoumusthaveautomaticaccountcreationenabledusingSystem > Check-in Policy toautomaticallycreateamachineIDaccountwhenaDeployAgentspackageisinstalled.
Operating System SelectionAgentpackagescanbecreatedtoinstallagentsonmachinesrunningeitherWindowsorMacintoshoperatingsystems,ortoautomaticallychoosethetypeofoperatingsystemofthedownloadingcomputer.
Create PackageTocreateapackage,clickCreate PackagetostartaConfigure Automatic Account Creation wizardwhereyoucanspecifyallconfigurationparametersfortheinstallpackage.Thewizardisa7stepprocess:
1. SpecifyhowthemachineIDisassigned.• PrompttheusertoenteramachineID.• UsethecomputernameasthemachineID.• SettheusernameofthecurrentlyloggedonuserasthemachineID.• SpecifyafixedmachineIDforthisinstallpackage.
2. DefinerulesfornamingthegroupID.• ExistingGroup-SelectanexistinggroupIDfromadrop-downlist.• DomainName-Usestheuser’sdomainname.• NewGroup-SpecifyanewgroupID.Thisoptiononlydisplaysformasterroleusers.• PromptUser-AsksusertoenteragroupID.Thisoptiononlydisplaysformasterroleusers.
Fig. 2.21: Specifying the
machine ID assignment
Agents
24 Chapter 2 - Agents Sadjadi et al.
3. Specifyagentinstallpackagecommandlineswitchesincludingtheabilitytoinstallsilentlywithoutanytaskbarsordialogboxes.
Note: Silent installs, also called silent deploys, do not prompt the user for input. Silent installs may not require user input or else provide a typical configuration that serves the purposes of most users, or else provide command line parameters that enable users to configure the installation at execution.
4. SpecifythemachineIDtocopysettingsandpendingagentproceduresfrom.Allcopiedsettingsandpendingagentprocedures—excepttheorganizationID,machineID,andgroupID—areappliedtoeverynewmachineIDcreatedwiththepackage.
Fig. 2.22: Specifying
the group ID assignment
Fig. 2.23: Specifying the installer
options
Fig. 2.24: Selecting an account to
copy settings from
Age
nts
25Chapter 2 - Agents Sadjadi et al.
5. Selecttheoperatingsystemyouarecreatingtheinstallpackagefor:Automatically choose OS of downloading computer,WindowsorMacintosh.
6. Optionallybindauserlogoncredentialtotheinstallpackage.FillintheAdministrator Credentialformtosecurelybinduserrightstotheinstallpackage.
• Userswithoutadministratorrightscaninstallthepackagesuccessfullywithouthavingtoenteranadministratorcredential.• Iftheadministratorcredentialisleftblankandtheuserdoesnothaveadministratorrightstoinstallsoftware,theinstallpackagepromptstheusertoenteranadministratorcredentialdur-ingtheinstall.Ifthepackageisalsosilent“KcsSetup”willfailwithoutanydialoguemessagesexplainingthis.
Note: Credentials are only necessary if users are installing packages on machines and do not have administrator access to their network.
7. Nametheinstallpackageforeasyreferencelater.ThisnamedisplaysontheDeployAgentspageandthedl.aspdownloadpage.
Fig. 2.25: Selecting an agent type
Fig. 2.26: Binding
administrator credentials to the install
package
Agents
26 Chapter 2 - Agents Sadjadi et al.
Editing the Default Install Package
TheDefaultInstallpackagesetsthedefaultvaluesdisplayedwhenyoucreateanewpackage.NormallytheDefaultInstallpackageshouldnotbemodified.TheSavebuttonisdisabledbydefault.ToenabletheSavebuttonfortheDefaultInstallpackage,dothefollowingasamasterroleuser:
1. ClicktheSharebuttonnexttotheDefault Install package.2. ClickTake Ownership.3. CheckAllow other users to modify.4. ClickSave.5. ClicktheediticonnexttotheDefault Installpackage.
Note: If you delete the Default Install package, it is re-created immediately.
Fig.2.28belowshowstheDeployAgentspageandalltheavailablefunctionsthatthismoduleprovides.Theyare:
Portionsofthispagearelabeledinthefigure.Abriefdescriptionforeachlabelisprovidedbelow.
1. Click to download default Agent:ClickthelinktodownloadthecurrentVSAuser’sdefaultpack-agedirectlyfromthepage.
2. Users can download agents from:Thewebaddressfortheagenttodownloadfromcanbepro-videdtousertodownloadtheagent.TheuniqueIDnumberensuresthatwhenthelinkisclicked,thedefaultinstallpackageisselectedanddownloaded.
3. Manage packages from all administrators:ThisoptioncanbecheckedtodisplayallpackagescreatedbyallVSAusers.Onceahiddenpackageisdisplayed,youcanusethepackage,makethe
Fig. 2.27: Naming the
install package
Fig. 2.28: Deploy Agents
Age
nts
27Chapter 2 - Agents Sadjadi et al.
packagepublicortakeownership.Thisoptionisonlyavailabletomasterroleusers.
4. Set Default:AnagentinstallpackagecanbesetasdefaultinstallpackagebyselectingtheradiobuttontotheleftofthepackagenameintheSet Default column.
5. Delete Icon:Clickthedeleteicontoremoveapackagefromthepagingarea.Ifyoucreatedthepackage,thenthisalsodeletesthepackagefromthesystemandremovesitforallVSAusers.
6. Edit Icon:ClicktheediticonnexttoapackagetochangetheparametersforthatpackageusingtheConfigureAutomaticAccountCreationwizard.
7. Package Name:Thisfielddisplaysthenameofthepackage.
8. Public Package:Publicpackagerowsdisplaywithabrownbackground.Privatepackagerowsdisplaywithagraybackground.
9. Share:ClickSharetoshareaprivatepackagewithotherusers,userrolesortomakethepackagepublic.
10. List on dl.asp:Clickthe dl.asplinkinthecolumnheadertodisplaythewebpagemachineusersseewhentheyinstallanagentontheirmachine.Checkaboxinthiscolumntoincludeitspackageinthelistofavailabledownloadpackagesonthedl.asppage.
11. Description:Displaysthedescriptionofthepackage.
2.3.1 LAN WatchLAN WatchusesanexistingagentonamanagedmachinetoperiodicallyscanthelocalareanetworkforanyandallnewdevicesconnectedtothatLANsincethelasttimeLANWatchran.ThesenewdevicescanbeworkstationsandserverswithoutagentsorSNMPdevices.Optionally,VSAcansendanalertwhenaLANWatchdiscoversanynewdevice.LANWatcheffectivelyusestheagentasaproxytoscanaLANbehindafirewallthatmightnotbeaccessiblefromaremoteserver.
Using Multiple Machines on the Same LANTypically,youdonothavetorunaLANWatchonmorethanonemachineinascanrange.SomereasonstodoaLANWatchonmultiplemachineswithinthesamescanrangeinclude:
• TherearemultipleSNMPCommunitieswithinthesamescanrangeandthereforetherearemultiplemachineswithdifferentSNMPCommunityReadvalues.• TherearemultiplevPro-enabledcredentialsrequired.• Therearedifferentalertconfigurationsrequired.• TheuserwishestohaveredundantSNMPmonitoring
LAN Watch and Install Agents using Windows or MacintoshBothWindowsandMacintoshagentscandiscoverWindowsandMacintoshmachineson thesameLANusingLANWatch.
Agent > Install Agents canonlyinstallagentson:
• WindowsmachinesiftheLANWatchdiscoverymachinewasaWindowsmachine.
2.3 LAN Discovery
Agents
28 Chapter 2 - Agents Sadjadi et al.
• MacintoshmachinesiftheLANWatchdiscoverymachinewasaMacintoshmachine.
ThegenericviewoftheLANWatchpageisshowninFig.2.29below.Theoptionsthatareavailableforthismoduleare:
1. Schedule:ClickScheduletodisplaytheSchedulerwindow,whichisusedthroughoutVSAtoscheduleatask.Scheduleataskonceorperiodically.Eachtypeofrecurrence-Once,Hourly,Daily,Weekly,Monthly,Yearly-displaysadditionaloptionsappropriateforthattypeofrecurrence.Periodicschedulingincludessettingstartandenddatesfortherecurrence.Notalloptionsareavailableforeachscheduledtask.Optionsinclude:
• DistributionWindow-Reschedulesthetasktoarandomlyselectedtimenolaterthanthenumberofperiodsspecified,tospreadnetworktrafficandserverloading.• Skipifoffline-Ifcheckedandthemachineisoffline,skipandrunduringthenextscheduledperiodandtime.Ifblankandthemachineisoffline,runthetaskassoonasthemachineisonlineagain.• Powerupifoffline–ItisavailableforWindowsonly.Ifchecked,powersupthemachineifoffline.RequiresWake-On-LANorvProandanothermanagedsystemonthesameLAN.• Excludethefollowingtimerange-Ifchecked,specifiesadate/timerangetonotperformthetask.
2. Cancel:ClickCanceltostopthescheduledscan.CancelalsodeletesallrecordsofthedevicesidentifiedonaLANfromVSA.Ifyoure-scheduleLANWatchafterclickingCancel,eachdeviceontheLANisre-identifiedasthoughforthefirsttime.
3. Scan IP Range:SettheminimumandmaximumIPaddressestoscanhere.SelectingamachineIDtoscan,bycheckingtheboxnexttothatmachine’sname,automaticallyfillsintheminimumandmaximumIPrangebasedonthatmachine’sIPaddressandsubnetmask.
Note: LAN Watch does not scan more than 2048 IP addresses. If the subnet mask of the machine running LAN Watch specifies a larger IP range, LAN Watch limits it to 2048 addresses. LAN Watch only detects addresses on the local subnet to the machine you run LAN Watch from. For example, with a subnet mask of 255.255.255.0, there can be no more than 253 other devices on the local subnet.
4. Enable SNMP:Ifchecked,scanforSNMP devices*withinthespecifiedScanIPRange.SNMPDevicesarenetworkdevicessuchasprinters,routers,firewalls,serversandUPSdevicesthatcan’tsupporttheinstallationofanagent.ButaVSAagentinstalledonamanagedmachineonthesamenetworkasthedevicecanreadorwritetothatdeviceusingsimplenetworkmanagementprotocol(SNMP).Read/writeinstructionsarecommunicatedusingasetofobjectvariables.Collectively,thesetofobjectvariablesmadeavailablebyadeviceiscalleditsManagementInformationBaseorMIB.TheobjectswithinaMIBarethereforereferredtoasMIBobjects.
5. Read Community Name / Confirm:LANWatchcanonlyidentifySNMPdevicesthatsharethesameSNMPcommunityreadvalueasthemanagedmachineperformingtheLANWatch.Enterthe
Fig. 2.29: LAN Watch
SNMP Devices: Networkdevicessuchasprinters,routers,firewalls,serversandUPSdevicesthatcan’tsupporttheinstallationofanagent.
Age
nts
29Chapter 2 - Agents Sadjadi et al.
valueintheReadCommunityNameandConfirmtextboxes.
Note: Community names are case sensitive. Typically the default read community name value is public, but may be reset by an administrator to Public, PUBLIC, etc.`
6. Enable vPro:ThisoptionisavailableinWindowsonly.Ifchecked,identifiesvPro-enabledma-chineswithinthespecifiedScanIPRange.ThemachinedoesnotneedtobeavPromachinetodiscovervPromachinesusingLANWatch.IfavPromachineisusedastheLANWatchdiscoverymachine,itcannotdiscoveritself.
7. Enable Alerts:IfEnable AlertsischeckedandanewdeviceisdiscoveredbyLANWatch,analertissenttoallemailaddresseslistedinEmailRecipients.LANWatchalertsandemailrecipientscanalsobespecifiedusingtheMonitor>Alertspage.
Note:Machines that have not been connected to the LAN for more than 7 days and then connect are flagged as new devices and will generate an alert.
8. Email Recipients:Ifalertsareenabled,entertheemailaddresseswherealertnotificationsaresent.Youcanspecifyadifferentemailaddressforeachmanagedmachine,evenifitisforthesameevent.The FromemailaddressisspecifiedusingSystem>OutboundEmail.
9. Ignore devices seen in the last <N> days:Enterthenumberofdaystosuppressalertsfornewdevices.Thispreventscreatingalertsfordevicesthatareconnectedtothenetworktemporarily.
10. Run Script:Iftheoptionischeckedandanalarmconditionisencountered,anagentprocedureisrun.YoumustclicktheSelectagent procedurelinktochooseanagentproceduretorun.Youcanop-tionallydirecttheagentproceduretorunonaspecifiedrangeofmachineIDsbyclickingthismachineIDlink.ThesespecifiedmachineIDsdonothavetomatchthemachineIDthatencounteredthealarmcondition.
11. Skip alert if MAC address matches existing agent:CheckingthisboxsuppressesalertsifthescanidentifiesthattheMACaddressofanetworkdevicebelongstoanexistingmanagedmachinewithanagentonit.OtherwiseamanagedmachinethatwasofflineforseveraldaysandcomesbackonlinetriggersanunnecessaryalertduringaLANWatch.
12. Machine.Group ID:ThelistofMachine.GroupIDsdisplayedisbasedontheMachineID/GroupIDfilterandthemachinegroupstheuserisauthorizedtoview
13. IP Range Scanned:TheIPaddressesthatarescannedbytheselectedmachineIDwhenLANWatchruns.
14. Last Scan:Thistimestampshowswhenthelastscanoccurred.Whenthisdatechanges,newscandataisavailabletoview.
15. Primary DC:ThisisavailableforWindowsonly.Ifaprimarydomaincontrollericonisdisplayed,thismachineIDisaprimarydomaincontroller.Ifchecked,performingascanonaprimarydomaincontrollerrunningActiveDirectoryenablesyouto“harvest”theusersandcomputersthroughoutadomain.YoucansubsequentlyinstallVSAagentsautomaticallyoncomputerslistedinActiveDirectoryandcreateVSAusersandVSAusersbasedonActiveDirectoryadministratorcredentials.
16. SNMP Active:IftheSNMPiconisdisplayed,SNMPdevicesareincludedinthescheduledscan.
17. vPro Active:Thisoptionisavailableforwindowsonly.IfthevProiconisdisplayed,vPromachinesareincludedintheschedulescan.
18. Alert Active:IfcheckedLANWatchalertsareenabledforthisscan.
Agents
30 Chapter 2 - Agents Sadjadi et al.
2.3.2 Install AgentsTheInstallAgentspage installs theagentonaremotesystemandcreatesanewmachine ID /group IDaccountforanynewmachinedetectedbyLANWatch.InstallAgentsremotelyinstallsthepackagescreatedusingAgents > DeployAgents.A list ofmachines with scan results is displayed when this page is firstdisplayed.ClickinganymachineIDdisplaysatablelistingallmachineswithahostname.Machineswithoutanagentdisplayinredtext.
Therearetwomethodsofselectingmachinestoinstallagentson:
1. AlistofmachinesisdisplayedonthispagethathaverunLANWatch.ClickinganyLANWatchmachinedisplaysalistingofalldiscoveredmachines.Machineswithoutanagentdisplayinredtext.2. YoucanalsoinstallanagentbyenteringanIPaddressorhostnamethatyouknowthediscoverymachinehasaccessto,evenifit’snotlistedonthepage.
Using the Same Operating System for Discovery and Agent InstallsWindows,Macintosh,andLinuxagentscandiscoverWindows,Macintosh,andLinuxmachinesonthesameLANusingLANWatch.Agent>InstallAgentscanonlyinstallagentson:
• WindowsmachinesiftheLANWatchdiscoverymachinewasawindowsmachine.• MacintoshmachineiftheLANWatchdiscoverymachinewasaMacintoshmachine.• LinuxmachinesiftheLANWatchdiscoverymachinewasaLinuxmachine.
Note:Macintosh agent install packages require a credential when usingAgent > InstallAgent, or wheninstallingagentsusingthe/s“silentinstall”switch.
Note:ForLinuxmachines,therootusernamealonewithoutahostnameordomainmustbeused.
Installing Agents on Selected Machines1. Enteraadministratorcredentialforthemachinesyou’veselected.
• Ifthetargetmachineisonadomain,theadministratorcredentialmustincludethedomain.Theusernamefieldmustbeintheformdomain\administratororadministrator@domain.Ifthetargetmachineisnotonadomain,thentheadministratorcredentialmustincludethehostnameintheformhostname\administrator.ForLinuxmachines,therootusernamealonewithoutahostnameordomainmustbeused.
2. Selectanagentinstallpackage.Theselectedagentinstallpackagemustbeappropriatefor:• WindowsmachinesiftheLANwatchdiscoverymachinewasaWindowsmachine.• MacintoshmachinesiftheLANWatchdiscoverymachinewasaMacintoshmachine.• LinuxmachinesiftheLANWatchdiscoverymachinewasaLinuxmachine.
3. ClickInstall.
Kconnect and SSHThefollowingtechnologiesareusedbyAgent>InstallAgentstoinstallagentsonremotesystemsafteraLANWatchscanisrunonthediscoverymachine.
• KconnectenablestheinstallationofagentpackagesonremotetargetsystemsrunningaWindowsoperatingsystem• SSH(akaSecureShell)isanetworkprotocolthatallowsdatatobeexchangedusingasecurechannelbetweentwonetworkeddevices.ThisprotocolisprimarilyusedonUnix-basedsystems,includingMacOSXandLinux.
• MacOSX10.3.9andabovemachinesmusthaveSSHRemoteLogininSystemPrefer-ences>Sharing>RemoteLoginenabledtosupporttheremoteinstallofMacintoshagentsusingInstallAgents.• OnLinuxsshdmustbeinstalledandenabled.ThisisnotenabledbydefaultinsomeLinuxdistributions.
• Avalidcredentialsetwithadministratorrightsisrequiredtosuccessfullyinstallanagentremotely.
Age
nts
31Chapter 2 - Agents Sadjadi et al.
Note:TheKcsSetupinstallerskipsinstallationifitdetectsanagentisalreadyonamachineifthe/eswitchispresentintheinstallerpackage.Theinstalleroverwritesinstallationifitdetectsanagentisalreadyinstalledonamachineifthe/rswitchispresentintheinstallerpackage.The/rswitchoverridesthe/eswitchifbothswitchesareincludedintheagentpackage.
Running KconnectWhenInstallAgentisrun,Kconnect.exeisdownloadedfromtheKServerintothec:\kworkingdirectoryandrunusingthefollowingcommandline.Youdon’thavetocreatethiscommandline.InstallAgentdoesitforyou.c:\kworking\kconnect \\hostname -u “adminname” -p “password” -c -f -d “c:\kworking\kcssetup.exe” > c:\kworking\LANInsAipAddr.txt
ThetermshostnameandipAddrrefertotheremotemachine.IftheagentisonadriveotherthanC:thentheworkingfilesarereferencedtothesamedrivetheagentisinstalledon.
Kconnect Error MessagesIfaremoteWindowsagentinstallationfailsforanyreason,theKServerpassesbacktheresultsreportedbyKconnect.exe.Typically,Kconnect.exeissimplyreportingOSerrorsthatitreceivedtryingtoexecuteacall.
Typical Reasons for Install FailureForageneralagent install issuesandfailuresreferAgents>DeployAgents> Install issuesandfailures.AdditionalissuesandfailurerelatedtoremoteinstallationofagentsusingInstallAgentsinclude:
• FileandPrinterSharingNotEnabled-VerifyFileandPrinterSharingisenabledonthetargetma-chine’sfirewallifthetargetmachine’sfirewallison.• BlockedbyNetworkSecurityPolicy
• Windows-Kconnect.execonnectstotheremotePCthroughtheRPCserviceandrunsasalocalaccount.RemoteaccesstothisserviceiscontrolledbyaLocalorDomainSecuritySetting.OpenLocalSecurityPolicy(partofAdministrativeTools).OpenLocalPolicies\Secu-rityOptions\Networkaccess:Sharingandsecuritymodelforlocalaccounts.ThepolicymustbesettoClassicforKconnect.exetooperateacrossthenetwork.• Macintosh-SSHcanbeblockedbyclientmanagementnetworkpolicies,whichareconfig-uredusingServerAdmininMacOSX10.4andlater.
• FailuretoConnect-TheRPCserviceisnotavailableonthetargetmachine.Forexample,XPHomedoesnotsupportRPC.Thispreventsanythingfromremotelyexecutingonthatbox.OnWin-dowsXPyoucanturnthisserviceonbyopeningWindowsExplorerandselectingTools-FolderOp-tion...-Viewtab.ScrolltothebottomofthelistanduncheckUsesimplefilesharing.TheXPdefaultconfigurationsareasfollows:
• XPProonadomain-RPCenabledbydefault.Usesimplefilesharingisunchecked.• XPProinaworkgroup-RPCdisabledbydefault.Usesimplefilesharingischecked.• XPHome-RPCdisabledalways.Usesimplefilesharingisnotavailable.
• NetworkPathNotFound-Ifyougetamessagesayingthatthenetworkpathcouldnotbefound,itmeansthattheadmin$shareisnotavailableonthatmachine.Theadmin$shareisadefaultsharethatwindowscreateswhenitboots,itispossibletoturnthisoffviathelocalsecuritypolicy,ordomainpolicy.IfyouwanttocheckthesharesonthatremotemachineyoucanuseKconnect.exetoretrievealistforyou.Typekconnect\\“netshare”.Checkthattheadmin$shareexistsandpointstoc:\win-dowsorc:\winntonolderoperatingsystems.• BlockedbyAnti-VirusProgram-Someanti-virusprogramsmayclassifyKconnect.exeandSSHassecuritythreatsandblockitsexecution.• InvalidCredential-Thecredentialmusthaveadministratorrightsonthelocalmachine.Theagentrequiresadministratorrightstoinstallsuccessfully.
• Ifthetargetmachineisonadomain,theadministratorcredentialmustincludethedomain.Theusernamefieldmustbeintheformdomain\administratororadministrator@domain.Ifthetargetmachineisnotonadomain,thentheadministratorcredentialmustincludethehostnameintheformhostname\administrator.ForLinuxmachines,therootusernamealonewithoutahostnameordomainmustbeused.• OnVista,7,and2008machines,ensureUserAccountControl(UAC)isdisabledforthe
Agents
32 Chapter 2 - Agents Sadjadi et al.
administratorrightscredentialbeingused.• MacOS-MacintoshagentinstallpackagesrequireacredentialwhenusingAgent>InstallAgent,orwheninstallingagentsusingthe/s“silentinstall”switch.• Linux-LinuxmachinescredentialsmustusetherootuserontheInstallAgentspage.Em-beddingarootcredentialintheagentinstallpackageisunnecessaryforLinuxagentinstallpackagesusedontheInstallAgentspage.
SSH Not Installed or Enabled -MacOSX10.3.9andabovemachinesmusthaveSSHRemoteLogininSystemPreferences>Sharing>RemoteLoginenabledtosupporttheremoteinstallofMacintoshagentsusingInstallAgents.OnLinuxsshdmustbeinstalledandenabled.ThisisnotenabledbydefaultinsomeLinuxdistributions.
Installing Linux Agents Manually1. FromaLinuxmachineopenaFirefoxorChromebrowserinaGnomesessionandlogintothe
VSA.
2. DisplaytheAgent > Install Agents >Deploy Agentspage.
3. ClicktheClicktodownloaddefaultAgenthyperlinktobegindownloadingthethedefaultagentinstallpackage.ALinuxagentinstallpackagewilldownload.
Note:Alternately,youcancreateyourownLinuxpackagebypressingCreate Packageandsteppingthroughthewizard.
4. Oncethedownloadiscomplete,locatetheKcsSetup.shfileinthedownloaddirectoryoftheLinuxmachine.
Note:IfyouhavedownloadedKcsSetup.exeorKcsSetup.zip,youhavedownloadedthewronginstallfilebecausetheselectedinstallpackageisdedicatedtoWindowsorMacintoshinstalls.
5. Issuethefollowingcommandsasroot:#chmod+xKcsSetup.sh#./KcsSetup.sh
Theagentinstallsandstarts.LogintoyourVSAandviewthestatusoftheagent.
Forfurtherinformationseetheinstalllogfile,locatedat:/tmp/KASetup_<pid>.logwhere<pid>istheprocessidofthe./KcsSetup.shexecution.
Note:RunKcsSetup.sh-V-Dforverboseterminaloutput
Note:RunKcsSetup.sh-Xtosavethetempfilescreatedinthe/tmpfile.Savingthesefilesisusefulwhentroubleshootingafailedinstall.
6. AftertheLinuxagentisinstalled,loginandlogouttoseetheKaseyaagenticoninaGnomepanel.
Installing Linux Agents Using LAN Watch and Install Agents
1. ScheduleaLANWatchscanusinganexistingLinuxagentasthediscoverymachine.
2. InstallaLinuxagentonadiscoveredLinuxmachine,usingtheInstallAgentspage.
• EnterrootintheAdmin Logonfield.
• EnterthepasswordfortherootuserofthetargetedLinuxmachinesinthePassword field.
• SelectanagentinstallpackageintheSelect an Agent Package to installfield.
Age
nts
33Chapter 2 - Agents Sadjadi et al.
• CheckthecheckboxesnexttooneormoretargetedLinuxmachines,orentertheIPaddressornameofatargetedLinuxmachineintheundiscovered machine field.
• ClicktheSubmit button.
Uninstalling a Linux Agent Manually
A<install-dir>/bin/KcsUninstalleralwaysgetsinstalledwiththeagentandwillremovetheagent.Agentsaretypicallyinstalledtothe/optdirectory.
Issuethefollowingcommandsasroot:#./KcsUninstaller
Note:Runthecommand./KcsUninstaller-D-Vtouninstalltheagentwithverboseterminaloutput
Fig2.30belowshowsthegenericviewoftheInstallagentspage.theoptionsavailableonthispagearelistedandexplainedbelow.
1. Admin Logon Name:Theadministratornameusedtoremotelyaccesstheselectedmachine.TheAdminLogonNamemusthaveadministratorrightsontheremoteselectedmachine.Multipleaccountsmayhaveadministratorrightsonthesamemachine.Yourdomainadministratoraccountmaybediffer-entthanthelocaladministratoraccount.Toensureyouareusingthedomainaccount,enterthelogonnameusingthedomain\administratorformat.Ifthedomainisleftoff,thelocalaccountwillbeused.
2. Password:ThepasswordassociatedwiththeAdminLogonName.
3. Install:ClickInstalltoscheduleaninstallationoftheselectedinstallpackageonallselectedma-chines.
4. Cancel:ClickCanceltocancelexecutionofthistaskonselectedmanagedmachines.
5. Select a Windows Agent Package to Install:Selecttheagentpackagetoremotelyinstallonselectedmachines.ThesepackagesarecreatedusingAgents>DeployAgents.
6. IP address to install an undiscovered machine:EnteranIPaddresstoinstallagentonthatmachine.
Note: This feature allows you to install agent on a machine using the IP address within the network only.
Fig. 2.30: Install Agents page
Agents
34 Chapter 2 - Agents Sadjadi et al.
7. Hide devices that match the MAC address of existing machine IDs:CheckthisboxtohideallmachinesonaLANwithaMACaddress*matchingtheMACaddressofanexistingmachineID/groupIDaccount.
8. Hide devices that match the computer names of existing machine in <machine ID>:CheckthisboxtohidemachinesthathaveacommoncomputernameinthissamegroupID.ALANWatchmaydiscoveramanagedmachinewithaseconddeviceusingadifferentMACIDthentheoneusedtoreporttotheKServer.Forexample,thesamemanagedmachinemayconnecttotheinternetusingdirectconnectionandhaveasecondwirelessconnectionwithadifferentMACID.Checkingthisboxhidestheseconddevicefromthislistsothatyoudon’tassumeyou’vefoundanewunmanagedma-chine.
9. Host Name:ThehostnameofeachdeviceontheLANdiscoveredbythelatestLANWatchscan.
10. IP Address:TheprivateIPaddressofeachdevicediscoveredbythelatestLANWatchscan.
11. MAC Address:TheMACaddressofeachdevicediscoveredbythelatestLANWatchscan.
12. Vendor:Thesystemmanufacturer.
13. Last Seen:ThetimeeachdevicewaslastdetectedbythelatestLANWatchscan.
2.3.3 View LANTheView LAN(Fig2.31)pagedisplaystheresultsofthelatestLANWatchscanrunonamachineID.Onlymachine IDswith returnedscandatacanbeselected.Clickanymachine ID todisplaya table listingallmachinesanddevicesfoundbyLANWatchrunonthatmachineID.Dataonlydisplays inthehostnamecolumnformachines,notdevices.Pagingrowscanbesortedbyclickingcolumnheadinglinks.
1. Host Name:ThehostnameofeachdeviceontheLANdiscoveredbythelatestLANWatchscan.Ahostnameonlydisplaysforcomputers.Hubs,switches,routers,orothernetworkappliancesdonotreturnahostname.
2. IP Address:TheprivateIPaddressofeachdevicediscoveredbythelatestLANWatchscan.
3. MAC Address:TheMACaddressofeachdevicediscoveredbythelatestLANWatchscan.
4. Vendor:Thesystemmanufacturer.
5. Last Seen:ThetimeeachdevicewaslastdetectedbythelatestLANWatchscan.
6. SNMP Info:SNMPidentifyinginformation
Fig. 2.31: View LAN page
MAC address: MACaddressistheuniquemediaaccesscontroller(MAC)identifierassignedtonetworkinterfacecards(NIC).
Age
nts
35Chapter 2 - Agents Sadjadi et al.
2.3.4 View AD ComputersTheViewADComputerspageshowsallcomputerslistedinanActive Directory*whenLANWatchrunsonasystemhostingActiveDirectory.ActiveDirectoryisadirectoryserviceusedtostoreinformationaboutthenetworkresourcesacrossadomain.ItsmainpurposeistoprovidecentralauthenticationandauthorizationservicesforWindowsbasedcomputers.AnActiveDirectorystructureisahierarchicalframeworkofobjects.Theobjectsfallintothreebroadcategories:resources(e.g.printers),services(e.g.e-mail)andusers(useraccountsandgroups).TheADprovidesinformationontheobjects,organizestheobjects,controlsaccessandsetssecurity.VSAcanreferenceinformationstoredinActiveDirectoryduringaLANWatch.ViewADComputerscanbeusedtoinstallagentsautomaticallyoncomputerslistedintheActiveDirectorybypolicyatcomputerstartup.
Usingthismethodhasthefollowingbenefits:
• Thispolicyensuresanagentisalwayspresentonamachineateveryreboot,eveniftheagentissubsequentlyremovedbyauser.• AgentscanbedeployedtoanentireADnetworkevenifVSAuserdoesnotknowthelocalcreden-tialsforeachcomputer.• ALANWatchscanperformedbyanADmachinediscoversallcomputersthataremembersofadomain,whetherthemachinesareonlineornot.
Summary ViewThesummaryviewofViewADComputerslistsalldomaincontrollersthathaverunLANWatchforallmachinegroups.
• Discovered By:ListsthemachineID.groupIDnamesofdomaincontrollersthathaveperformedaLANWatchscan.• Computers Found:Liststhenumberofcomputers,withorwithoutagents,listedinthedomaincontrollerdirectory.• Agents Installed:Liststhenumberofcomputerswithagentsthatarealsolistedinthedomaincontroller’sdirectly.
Details ViewThedetails viewofViewADComputersdisplays computers listed in activedirectory serviceshostedoncomputersthathaverunLANWatchwithinaspecifiedmachinegroup.
Installing Agents on Active Directory ComputersYoucanassociatean installpackagewithanADcomputer.This installsanagentpackagewhen theADcomputerreboots,unlesstheagentisalreadyinstalled.YoucanspecifytheagentpackageinstalledforeachADcomputer.
AsshowninFig.2.32,toassociateaninstallpackagewithanADcomputer:
1. CheckShow DetailsasshowninFig.2.32belowtodisplaytheCanonical Name*ofdiscoveredcomputersinthepagingarea.2. SelectanagentpackagefromtheSelect an Agent Package to install drop-downlist.3. ClickInstall Agent Policy.4. OptionallyclickUpdate Agent Policies tocopyachangedagentinstallpackagetotheADcom-puter.TheupdatedinstallpackagereplacesthecopyontheADcomputer.5. OptionallyselectanADcomputerandclickCanceltoun-associateaninstallpackagewithanADcomputer.
Active Directory:ActiveDirectoryisadirectoryserviceusedtostoreinformationaboutthenetworkresourcesacrossadomain
Canonical Name:TheprimarynameforanobjectinDNS.Eachobjectcanalsohaveanunlimitednumberofaliases.
Agents
36 Chapter 2 - Agents Sadjadi et al.
2.3.5 View AD UsersTheView AD Users pagelistsallADusersdiscoveredbyLANWatchwhenLANWatchrunsonasystemhostingActiveDirectory.
UsingViewADUsers:• AgentscanbeautomaticallyinstalledoneachmachineanADuserlogsonto.• VSAuserslogonscanbecreatedbasedonADuserlogons.• PortalAccesslogonscanbecreatedbasedonADuserlogons.• Contact information can be extracted fromAD users and applied to the contact information formachineIDs.
Summary ViewThesummaryviewofViewADComputerslistsalldomaincontrollersthathaverunLANWatchforallmachinegroups.
• Discovered By:ListsthemachineID.groupIDnamesofdomaincontrollersthathaveperformedaLANWatchscan.• Computers Found:Liststhenumberofcomputers,with or without agents,listedinthedomaincontrollerdirectory.• Agent Installed:Liststhenumberofcomputerswith agentsthatarealsolistedinthedomaincon-troller’sdirectory.
Details viewThedetailsviewofViewADUsersdisplaysalistofActiveDirectoryusersondomaincontrollersthatranLANWatchwithinaspecifiedmachinegroup.Installing agents on any machine an AD User logs ontoYoucanassociateaninstallpackagewithanADUser.ThisinstallsanagentpackageonanymachineanADuserlogsonto,unlesstheagentisalreadyinstalled.Eveniftheagentissubsequentlyremovedfromamachine,theagentwillbere-installedthenexttimetheADuserlogson.YoucanspecifytheagentpackageinstalledforeachADuser.
AsshowninFig.2.33,toassociateaninstallpackagewithanADUser:1. SelectADuserslistedintheLogon NamecolumnofthepagingareaasshowninFig.2.33.2. SelectanagentpackagefromtheSelect an Agent Package to Installdrop-downlist.3. ClickInstall Agent Policy.4. OptionallyclickUpdate Agent PoliciestocopyachangedagentinstallpackagetotheADuser’scomputer.TheupdatedinstallpackagereplacesthecopyontheADuser’scomputer.5. SelectanADuserandclickCanceltoun-associateaninstallpackagewithanADuser.
Fig. 2.32: Installing agents
on active directory of a
computer.
Age
nts
37Chapter 2 - Agents Sadjadi et al.
Creating VSA Users Based on AD Users
VSAuserscreatedusingthismethodlogontoVSAusingtheirADdomain,username,andpassword.Thismeansusersonlyhavetomaintaincredentialsinasinglelocation,theActiveDirectory.
Note: If a VSA staff record is created based on an AD user, VSA staff record can only be changed in AD and not within VSA but can be done only in Active Directory.An AD user can only be associated with either a VSA user logon or a machine user logon but not both.
AsshowninFig.2.34,tocreateanewVSAuserbasedonanADuser:1. SelectanADuserslistedintheLogon NamecolumnofthepagingareaasshowninFig.2.34.2. SelectauserrolefromtheSelect Roledrop-downlist.3. SelectascopefromtheSelect Scopedrop-downlist.4. ClickCreate User.
YoucanconfirmthecreationofthenewVSAuserusingSystem>Users.VSAusernamesbasedonADusersareformattedasfollows:<domainname>|<username>.
Creating Portal Access Logons Based on AD Users
Portal AccesslogonscanbecreatedbasedonADusers.VSAuserscreatedusingthismethodcanlogontoVSAPortalAccessmenuusing theirADdomain,username,andpassword.Thismeanscredentialsonlyhavetobemaintainedinasinglelocation,theActiveDirectory.
Fig. 2.33: Associate n
install package with an AD
User
Fig. 2.34: Creating VSA
users based on AD Users
Agents
38 Chapter 2 - Agents Sadjadi et al.
Note: If a Portal Access logon is created based on an AD user logon, the Portal Access username and password can only be changed in AD and not within VSA.An AD user can only be associated with either a VSA user logon or a Portal Access machine but not both.
As shown in Fig. 2.35, to create a new Portal Access logon based on an AD user:1. ClicktheunassignedlinkforanADuserlistedintheAssigned TocolumnofthepagingareaasshowninFig.2.35.2. SelectamachineID.groupIDaccountinthepopupwindow.Thepopupwindowcloses.3. SelectthecheckboxforthissameADuserintheleftmostcolumn.4. ClickCreate Machine Logon.
YoucanconfirmthecreationofthenewVSAuserusingAgent > Portal Access.
Creating Staff Members Based on AD Users
CreatestaffmemberrecordsbasedonADusers.IfADuserinformationischanged,thenVSAupdatesthecorrespondingstaffmemberrecordwiththeADuserinformation.Thismeansuserinformationonlyhastobemaintainedinoneplace,theActiveDirectory.
Note: If a VSA staff record is created based on an AD user, VSA staff record can only be changed in not be AD and not within VSA.
As shown in Fig. 2.36, to create new VSA Portal Access logon based on an AD user:1. SelectadepartmentfromtheSelect Departmentdrop-downlistasshowninFig2.36.2. SelectthecheckboxforanADuserintheleftmostcolumn.3. ClickCreate Staff Member.
Fig. 2.35: Creating portal access logons
basd on AD Users.
Age
nts
39Chapter 2 - Agents Sadjadi et al.
YoucanconfirmthecreationofthenewVSAuserusingSystem > Manage.
Converting Your VSA Logon to use your Domain Logon
YoucanconvertyourownVSAlogontouseyourdomainlogonasfollows:
1. OpentheSystem > Change LogonpageinVSA.2. EnteryourcurrentVSApasswordintheOld Passwordfield.3. Enteryoudomainanddomainlogonname,formattedallinlowercaseusingtheformatdomain/username,intheUsernamefield.4. EnteryourdomainpasswordintheNew Password / Confirm Passwordfields.
ThisenablesyoutologontoVSAusingyourdomainlogonandhaveyourVSAlogonnameandpasswordmanagedusingActiveDirectory.At thesame time,youcancontinue touseallyourpreviousVSAsharerights,proceduresandotherusersettings.
2.3.6 View vProTheView vPropagedisplayshardwareinformationaboutvPro-enabledmachinesdiscoveredwhilerunningLANWatch.Thisinformationisonlyavailableifamachine’svProcredentialisspecifiedbytheLANWatch.
TypesofhardwareinformationreturnedbythevPromachineinclude:• Agentcheck-instatus,ifthevPromachinehasanagentinstalled• ComputerInformation• MotherboardAssetInformation• BIOSInformation• ProcessorInformation• RAMInformation• HardDriveInformation
Note: vPro-enabled machines with a vPro credential can be powered up, powered-down or rebooted using Remote Control > Power Management. A vPro-enabled machine can be booted up using an ISO file using Remote Control > Remote ISO Boot.
Fig. 2.36: Create staff members
based on AD users.
Agents
40 Chapter 2 - Agents Sadjadi et al.
2.4.1 Copy SettingsTheCopy SettingspagecopiesselectedsettingsfromasinglemachineIDtomultiplemachineIDs.YoucancopysettingsfromonlyonesourcemachineIDortemplateatatime.ButyoucancopydifferenttypesofsettingsfromdifferentsourcemachineIDsortemplatesinsuccession.
Copy Settings and Templates
MachineIDtemplatesareinitiallyusedtocreateanagentinstallpackageusingthetemplateasthesourcetocopysettingsfrom.Butevenafteragentsareinstalledonmanagedmachines,youmightneedtoupdatesettingsonexistingmachineIDaccountsasyourcustomerrequirementschangeandyourknowledgeofVSAgrows.Inthiscase,useAgent > Copy SettingstocopythesechangestoanynumberofmachinesIDsyouareauthorizedtoaccess.
Itisrecommendedtomakechangestoaselectedtemplatefirst,thenusingthattemplateasthesourcemachineIDtocopychangesfrom.ThisensuresthatyourmachineIDtemplatesremainthe“masterrepositories”ofallyouragentsettingsandarereadytoserveasthesourceofagentinstallpackagesandexistingmachineIDaccounts.
Procedure to copy settings
1. ClickSelectmachineIDtoselectthesourcemachinethatyouwanttocopythesettingsfrom.
2. SelectthesourcemachinefromthepopupwindowbyselectingtheappropriategroupID.
2.3ConfigureAgents
Fig. 2.37: Select Machine
ID.
Age
nts
41Chapter 2 - Agents Sadjadi et al.
3. OncethemachineIDisselected,asecondpopupwindowscreendisplaysthetypeofsettingsthatcanbecopied.SelecttheappropriatesettingsaccordingtotherequirementandclickDonetoaddsettingstotargetmachineswithoutreplacingexistingsettings.
4. SelectthemachineID’syouwanttoapplythesettingstoandclickCopy.
Fig. 2.38:Select source
machine
Fig. 2.39:Select settings and click done
Agents
42 Chapter 2 - Agents Sadjadi et al.
2.4.2 Import/Export
TheImport / ExportpageimportsandexportsmachineIDaccountsettingsasXMLfiles,includingscheduledagentprocedures,assignedmonitorsetsandeventsets.Logdataisnotincludedintheimportorexport.YoucanuseImport/ExporttomigratemachineIDaccountsettings,includingmachineIDtemplates,fromoneKServertothenext.
To Export Machine ID Settings
1. ClicktheselectmachineIDlink.Amachineselectionpopupwindowdisplays.2. OptionallyfilterthedisplayofthemachineIDslistedusingthemachineID/groupIDfilter.ClickamachineIDlinktoexport.ThemachineIDyouselectednowdisplaysontheImport/Exportpage.3. ClickExport.ThepagedisplaysanXMLstatementoftheagentsettingsbeingexported.
ExporttheXMLstatementby:
• CopyingtheXMLtexttotheclipboard.• Right-clickingtheDownloadlinkandselectingtheSave Target As optiontosavetheXMLtextasanXMLfileonyourlocalcomputer.
To Import Machine ID Settings
• ClickChoose FileandbrowsetoselectanXMLfilerepresentingthesettingsofamachineIDac-count.TypicallytheseXMLfilesarecreatedbyexportingthemfromanotherKServer.• ClickImport.Asetofadditionaloptionsdisplays.• AcceptorspecifythenameofthemachineID.Anewoneiscreatedifthisnamedoesn’talreadyexistintheKServer.• AcceptorselectadifferentgroupID.• OptionallychecktheboxnexttoReplace existing data if this machine ID already exists.• OptionallychangetheemailnotificationaddressforallalertsdefinedforthismachineIDaccount.• ClickFinishtocompletetheimport.
2.4.3 SuspendTheSuspendpage(Fig.2.41)suspendsallagentoperations,suchasagentprocedures,monitoring,andpatching,withoutchangingtheagent’ssettings.Whensuspended,amachineIDdisplaysasuspendediconnexttoit.
Fig 2.40: Click copy
Age
nts
43Chapter 2 - Agents Sadjadi et al.
WhileamachineIDaccountissuspendedthemanagedmachinedisplaysagrayagenticoninthesystemtray.
1. Suspend:ClickSuspendtosuspendagentoperationsonselectedmachineIDs.
2. Resume:ClickResumetoresumeagentoperationsonselectedmachineIDs.
3. Machine.Group ID:ThelistofMachine.GroupIDsdisplayedisbasedontheMachineID/GroupIDfilterandthemachinegroupstheuserisauthorizedtoview.
4. Suspended:DisplaysSuspendedifthemachineIDissuspended.
2.4.4 Agent MenuTheAgent Menupagespecifiestheoptionsthatdisplayintheagentmenuofauser’smachine.Theuserdisplaystheagentmenubyright-clickingtheagenticoninthesystemtrayofthemanagedmachine.Thispagecanalsopreventtheagenticonfromdisplayingontheuser’smachine.Changesmadeusingthispagetakeeffectatthenextagentcheck-inanddisplayinredtextuntilthen.
Hiding the Agent Icon on the User’s Machine
Tohidetheagenticonontheuser’smachine,dothefollowing:
1. SelectoneormoremachineIDs.2. UnchecktheEnable Agent Icon checkbox.3. ClickUpdate.
Alltheothercheckboxsettingswillbedimmedtoindicatethatallagentmenuoptionshavebeendisabled.
Preventing the User from Terminating the Agent Service on the User’s Machine
If theExitoption isenabledonauser’smanagedmachine, theusercan terminate theagentserviceonthemanagedmachinebyselectingthisoption.Whentheagentserviceisstopped,themanagedmachinebecomesinvisibletoVSAusersandcannolongerreceivecommandsfromtheKServer.
ToremovetheExitoptionfromagentmenusonmanagedmachines:
1. SelectoneormoremachineIDs.2. UnchecktheExitcheckbox.3. ClickUpdate.
Fig 2.41: Suspend page
Agents
44 Chapter 2 - Agents Sadjadi et al.
TheAgentMenupageisshowninFig.2.42andtheoptionsavailableforthismoduleare:
1. Checkboxes
• Enable Agent Icon -Checktodisplaytheagenticoninthesystemtrayofthemanagedmachine.Unchecktohidetheagenticonandpreventtheuseofagentmenuoptions.
• About <Agent>-ItisthetextappendedtothelabelfortheAboutoptionontheagentmenu.ChecktoenablethemachineusertoclickthisoptiontodisplaytheAboutboxfortheinstalledagent.Forexample,iftheAbouttitleisAgentthenthelabeloftheAboutoptiondisplaysasAgent.
• <Contact Administrator> -Checktoenablethemachineusertoclickthisoptiontodisplayeithertheuser’sPortal Access*pageoradifferentcontactURL.PortalAccessisaLiveConnectsessioninitiatedbythemachineuser.ThemachineuserdisplaysthePortalAccesspagebyclickingtheagenticononthesystemtrayofamanagedmachine.PortalAccesscontainsmachineuseroptionssuchaschangingtheuser’scontactinformation,creatingortrackingtroubletickets,chattingwithVSAus-ersorremotecontrollingtheirownmachinefromanothermachine.PortalAccesslogonsaredefinedusingAgent>PortalAccess.ThefunctionlisttheuserseesduringaPortalAccesssessionisdeter-minedbytheSystem>MachineRolespage.YoucancustomizePortalAccesssessionsusingtheSystem>Customize:LiveConnectpage.ThedefaultoptionlabelContactAdministratorcanbecustomized.ThetextdisplayedontheagentmenuforcontactingaVSAuser.
Example:ContactJohnDoe
• Custom Title-ThetextdisplayedontheagentmenuforcontactingacustomURL.Example:FloridaInternationalUniversity
• <Your Company URL> -ChecktoenablethemachineusertoclickthisoptiontodisplaytheURLspecifiedinthecorrespondingURLfield.
• Disable Remote Control -Checktoenablethemachineuserclickthisoptiontodisableremotecontrolontheuser’smanagedmachine.
• Set Account-ChecktoenablethemachineusertoclickthisoptiontodisplaytheirmachineID.groupID.organizationIDandchangetheKServeraddresstheagentchecksinto.
• Refresh-Checktoenablethemachineusertoinitiateanimmediatefullcheck-in.
• Exit-Checktoenablethemachineusertoterminatetheagentserviceonthemanagedmachine.
Fig. 2.42: Agent Menu
Age
nts
45Chapter 2 - Agents Sadjadi et al.
2. Update:Click UpdatetoapplyagentmenusettingstoselectedmachineIDs.
3. Machine.Group ID:ThelistofMachine.GroupIDsdisplayedisbasedontheMachineID/GroupIDfilterandthemachinegroupstheuserisauthorizedtoview.
4. ACObSRx:ThiscolumnsummarizestheagentmenuoptionsenabledforamachineID.ACOb-SRxappliestothekeyboardshortcutsthatareusedtoaccesseachoptionintheagentmenu.Aletterindicatesthatoptiondisplaysintheagentmenu.A“-”indicatesthatmenuoptiondoesnotdisplayintheagentmenu.
A=AboutAgentC=ContactUserO=LaunchestheURLspecifiedintheURLfield.TheagentdisplaysthetextlistedinthefieldtotheleftoftheURLfield.b=DisableRemoteControlS=SetAccountR=Refreshx=Exit
5. Contact URL:TheURLtodisplaywhentheContactAdministratoroptionisselectedbythema-chineuser.ThedefaultURListhePortalAccesspage.AdifferentURLcanbeentered.
6. Custom URL:TheURLtodisplaywhenthisagentmenuoptionisselectedbytheuser.
2.4.5 Check-In ControlTheCheck-In ControlpagespecifieswhenandwhereeachagentshouldcheckinwithaKServer.Changesmadeusingthispagetakeeffectatthenextagentcheck-inanddisplayinredtextuntilthen.YoucanspecifytheprimaryandsecondaryKServernames/IPaddressesusedbytheagenttocheckin,thebandwidthconsumedbyanagenttoperformtasksandthecheck-inperiod.
Note: The primary and secondary KServer values and the minimum and maximum check-in periods are subject to the policies set using System > Check-in Policy. This prevents users from selecting settings that place undue stress on servers running the KServer service.Check-in Control information can also be maintained using the Agent Settings tab of the Live Connect and Machine Summary pages.
Migrating Agents from one KServer to Another
YoumaydecideforperformanceorlogisticalreasonstomigratemanagedmachinestoanewKServer.Thiscanbedoneatanytime,whetherornottheagentsarecurrentlycheckingin.
1. AttheoriginalKServer,setthePrimary KServer settingtopointtothenewKServeraddress.2. AttheoriginalKServer,pointtheSecondary KServer settingtotheoriginalKServer.3. AtthenewKServer,setboththePrimaryandSecondaryKServertopointtothenewKServer.4. WaitforalltheagentstosuccessfullycheckintothenewKServer.Atthattime,theoriginalKServercanbetakenoff-line.
Changing the Port used by Agents to Check into the KServer
1. SetthePrimary Port tothenewport.2. SettheSecondary Port totheoldport.3. Waitforthenewsettingstotakeeffectonalltheagents.4. DisplaytheSystem > Configure page.Enterthenewportnumberinthe Specify port Agents check into serverwitheditboxandclicktheChange Portbutton.
Agents
46 Chapter 2 - Agents Sadjadi et al.
TheCheck-Incontrolpage isshown inFig.2.43 .The listofall theavailable functionssupportedby thismoduleare:
Portionsofthispagearelabeledinthefigure.Abriefdescriptionforeachlabelisprovidedbelow.
1. Primary KServer:EntertheIPaddressorfullyqualifiedhostnameofthemachineID’sprimaryKServer.ThissettingisdisplayedinthePrimaryKServercolumn.Kaseyaagentsinitiateallcommuni-cationwiththeKServer.ForthisreasontheagentsmustalwaysbeabletoreachthedomainnameorIP(InternetProtocol)addressassignedtotheKServer.ChooseanIPaddressordomainnamewhichcanberesolvedfromalldesirednetwork(s),bothonthelocalLANandacrosstheinternet.
Note: Although a public IP address may be used, Kaseya recommends using a domain name server (DNS) name for the KServer. This practice is recommended as a precaution should the IP address need to change. It is easier to modify the DNS entry than redirecting orphaned agents.
2. Primary Port:EntertheportnumberofeithertheprimaryKServeroravirtualsystemserver.ThissettingisdisplayedinthePrimaryKServercolumn.
Warning: Do NOT use a computer name for your server. The agent uses standard WinSock calls to resolve a fully qualified host name into an IP address, which is used for all agent connections. Resolving a computer name into an IP address is done by NETBIOS, which may or may not be enabled on each computer. NETBIOS is an optional last choice that the Windows will attempt to use to resolve a name. Therefore, only fully qualified names or IP addresses are supported.
3. Secondary KServer:EntertheIPaddressorfullyqualifiedhostnameofthemachineID’ssec-ondaryKServer.ThissettingisdisplayedintheSecondary KServercolumn.
4. Secondary Port:EntertheportnumberofeitherthesecondaryKServeroravirtualsystemserver.ThissettingisdisplayedintheSecondary KServercolumn.
5. Check-In Period:Enterthetimeintervalforanagenttowaitbeforeperformingaquickcheck-inwiththeKServer.Acheck-inconsistsofacheckforarecentupdatetothemachineIDaccount.IfarecentupdatehasbeensetbyaVSAuser,theagentstartsworkingonthetaskatthenextcheck-in.ThissettingisdisplayedintheCheck-In Periodcolumn.Theminimumandmaximumcheck-inperiodsallowedaresetusingSystem > Check-in Policy.
Note: The agent maintains a persistent connection to the KServer. As a result, quick check-in times do not effect response times from the agent. The quick check-in time sets the maximum time to wait before re-establishing a dropped connection. Setting all your machine’s quick check-in time to 30 seconds guarantees each agent recovers from a dropped connection within 30 seconds, assuming connectivity is successful.
Fig. 2.43: Checkin control
Age
nts
47Chapter 2 - Agents Sadjadi et al.
6. Bandwidth Throttle:BandwidthThrottlelimitstheagenttoconsumingamaximumamountofbandwidthonthesystemwiththiscontrol.Bydefaulttheagentsharesbandwidthwithallotherrunningapplicationssoyoutypicallydonotneedbandwidththrottleenabled.Disablebandwidththrottlebyenteringa0.
7. Warn if multiple agents use same account:TheKServercandetectifmorethanoneagentisconnectingtotheKServerandusingthesamemachineID.groupID.OrganizationID.Thisproblemcouldbecausedbyinstallinganagentinstallpackagepre-configuredwiththemachineIDonmorethanonemachine.Checkthisboxtoreceivenotificationsofmorethanoneagentusingthesameac-counteachtimeyoulogintotheKServerasauser.
8. Warn if agent on same LAN as KServer connects through gateway:IfyouaremanagingmachinesthatsharethesameLANasyourKServerthenyoumaygetthisalert.BydefaultallagentsconnectbacktotheKServerusingtheexternalname/IPaddress.TCP/IPmessagesfromtheseagentstravelthroughyourinternalLANtoyourrouter,andthenbacktotheKServer.Someroutersdoapoorjobofroutinginternaltrafficbackthroughthemselves.CheckthisboxtoreceiveanotificationwhentheKServerdetectsanagentmaybeonthesameLANbutconnectingthroughtherouter.
Note: Agents on the same LAN as the KServer should specify the internal IP address shared by both the agent and the KServer on the Check-In Control page.
9. Update:ClickUpdatetoupdateallselectedmachineIDswiththeoptionspreviouslyselected.
10. Bind to Kserver:Ifchecked,theagentisboundtoauniqueKserverID.Boundagentscannotcheck-insuccessfullyunlesstheuniqueKserverIDtheyareboundtousingtheAgent>Check-inControlpagematchestheuniqueIDassignedtotheKServerusingtheSystem>Configurepage.Alockiconinthepagingareasshowstheagentisbound.Tounbindagents,selectmachinesIDs,ensureBindtoKserverisuncheckedandclickUpdate.Thelockiconnolongerdisplaysforselectedmachines.
11. Machine.Group ID:ThelistofMachine.GroupIDsdisplayedisbasedontheMachineID/GroupIDfilterandthemachinegroupstheuserisauthorizedtoview.
2.4.6 Working DirectoryTheWorking Directorypagesetsthepathtoadirectoryusedbytheagenttostoreworkingfiles.Dependingon the taskathand, theagentusesseveraladditional files.Theserver transfers these files toaworkingdirectoryusedbytheagentonthemanagedmachine.ForselectedmachineIDsyoucanchangethedefaultworkingdirectoryfromC:\kworkingtoanyotherlocation.
Warning:Do not delete files and folders in theworking directory.Theagent uses the data stored in theworkingdirectorytoperformvarioustasks.
Youcanprovide thisdirectory insecurityprograms,suchasviruscheckers, toallowoperationssuchasRemoteControlfrombeingblocked.ThegeneralviewoftheWorkingdirectorypageisshowninFig.2.44onthenextpageandtheoptionssupportedbythismoduleare:
Agents
48 Chapter 2 - Agents Sadjadi et al.
Portionsofthispagearelabeledinthefigure.Abriefdescriptionforeachlabelisprovidedbelow.
1. Set:ClickSettosetselectedmachineIDsusetheworkingdirectorypreviouslyentered.
2. Set a path to a directory used by the agent to store working files:Enterthepathofthework-ingdirectoryusedbytheagentonthemanagedmachine.
3. Set as System Default:ClickSet as System Default tosetasystem-widedefaultfortheagentworkingdirectory.Thisoptiononlydisplaysformasterroleusers.
4. Machine.Group ID:ThelistofMachine.GroupIDsdisplayedisbasedontheMachineID/GroupIDfilterandthemachinegroupstheuserisauthorizedtoseeusingSystem>UserSecurity>Scopes.
5. Working Path:ThepathoftheworkingdirectoryassignedtothismachineID.OnaMacOSXsystem,ifthepathnamecontainsaspace,thenitmustbeprecededwithabackslash.Forexample:/tmp/name\with\three\spaces
2.4.7EditProfileTheEditProfilepagemaintainscontact information, the languagepreference for theagentmenuon theuser’smachineandnotesabouteachmachineID/groupIDaccount.Profileinformationcanbemaintainedinthreeotherplaces:
• ThecontactinformationintheEditProfilepagecanbeautomaticallypopulatedwhenanewac-countiscreatedusingtheAgent > Createpage.• VSAusersandmachineuserscanbothmaintaincontactinformationusingtheChange Profile tabintheLiveConnectorPortalAccesswindow.• VSAusersonlycanmaintainnotesandcontactinformationusingtheAgent Settings taboftheLiveConnectandMachineSummarypages.
Tochangeuseraccountssettings:
1. SelectamachineIDinthepagingarea.2. EnterNotes,AdminEmail,ContactName,ContactEmailandContactPhoneinformation.3. PressUpdate.
Fig.2.45belowshowsthegeneralviewoftheEditProfilepageandtheoptionsavailableforthismoduleare:
Fig. 2.44: Working Directory
Age
nts
49Chapter 2 - Agents Sadjadi et al.
1. Notes:NotesaboutamachineIDaccountcanbeenteredinthisfield.Helpfulinformationcanincludethemachine’slocation,thetypeofmachine,thecompany,oranyotheridentifyinginformationaboutthemanagedmachine.
2. Show notes as tooltip:Ifchecked,Edit Profilenotesareincludedaspartofthetooltipthatdis-playswheneverthecursorhoversoveramachineID’scheck-instatusicon.
3. Auto assign tickets: AutoassignatickettothismachineIDiftheTicketing > Email reader receivesanemailfromthesameemailaddressasthecontactemail.Applieswhennewemailscomeintotheticketingemailreaderthatdonotmapintoanyoftheemailmappings.
Note: If multiple machine IDs have the same contact email, then only one machine ID can have this checkbox checked.
4. Contact Name:Enterthenameoftheindividualusingthemanagedmachine.Thissettingisdis-playedintheContact Namecolumn.
5. Contact Email:Entertheemailaddressoftheindividualusingthemanagedmachine.ThissettingisdisplayedintheContact Emailcolumn.
6. Contact Phone:Enterthephonenumberoftheindividualusingthemanagedmachine.Thisset-tingisdisplayedintheContact Phonecolumn.
7. Admin Email:Entertheemailaddressoftheindividualresponsibleforadministeringsupporttothemanagedmachine.Thiscanbethemachineuser,butisoftensomeonewhoispartoftheITstaffofthecompanythatownsthemanagedmachine.ThissettingisdisplayedintheAdmin Emailcol-umn.
8. Language Preference:ThelanguageselectedintheLanguage Preferencedrop-downlistdeter-minesthelanguagedisplayedbyanagentmenuonamanagedmachine.ThelanguagesavailablearedeterminedbythelanguagepackagesinstalledusingSystem > Preferences.
9. Machine Role:ThemachineroletoapplytoselectedmachineIDs.MachinerolesdeterminethePortalAccessfunctionsavailabletothemachineuser.
10. Update:ClickUpdatetoupdateselectedmachineIDswiththeprofileinformationpreviouslyentered.
11. Machine.Group ID:ThelistofMachine.GroupIDsdisplayedisbasedontheMachineID/Group
Fig. 2.45: Edit Profile
Agents
50 Chapter 2 - Agents Sadjadi et al.
IDfilterandthemachinegroupstheuserisauthorizedtoseeusingSystem > User Security > Scopes.
2.4.8 Portal AccessALiveConnectsessionrunbyamachineuseriscalledPortal Access.ThePortalAccesspagedefinesthelogonnameandpassword,bymachineID,requiredtouseLiveConnectasamachineuserremotely.
Accessing Portal Access Locally
MachineusersdonothavetologontoPortalAccesslocally.ClickingtheagenticoninthesystemtrayoftheirmachineinitiatesthePortalAccesssessionwithouthavingtologon.
Accessing the Portal Access Logon Page Remotely
AmachineusercandisplaythePortalAccesslogonpagefortheirownmachinefromanothermachineasfollows:
1. Browse to the http://your_KServer_address/access/ page, substituting the appropriate target KServernameforyour_KServer_addressintheURLtext.
2.LogonbyenteringtheusernameandpasswordassignedtothemachineID.TheusernameandpasswordisspecifiedusingtheAgent > Portal Accesspage.
ThePortalAccesspagedisplays.Themachineusercanclickanymenuoptionasthoughheorshewereloggedinfromtheirownmanagedmachine.Themachineusercanclickthedesktoporfiletransfermenuoptionstoinitiatearemoteconnectiontotheirownmachine,createorviewticket,orinitiateachat,iftheseoptionsareenabledbymachinerole.
Re-Enabling User Logons
Machineuser logonsfollowthesameSystem > Logon Policy asVSAuser logons.Ifauserattemptstologontoomanytimeswiththewrongpasswordtheiraccountwillautomaticallybedisabled.Youcanre-enablethelogonbysettinganewpasswordorwaitingforthedisableaccounttimetolapse.
TheoptionsavailableinPortalAccesspageareshowninFig.2.46andlistedbelow:
1. Logon Name:EntertheLogon Name theusermustusetologintoVSAtoinitiatechatsessions,enterorviewticketsand/orgetremoteaccesstotheirmachine.Logonnamesandpasswordsare
Fig. 2.46: Portal Access
Age
nts
51Chapter 2 - Agents Sadjadi et al.
casesensitive.Passwordsmustbeatleastsixcharacterslong.The Logon Namedefaultstothema-chineID.groupIDname.
2. Create Password, Confirm Password:Defineapasswordforthemachineuserlogon.Pass-wordsmustbeatleast6characterslong.ThemachineusercanchangethepasswordafterVSAuserassignsone.
3. Apply:ClickApplytoapplythePortalAccesslogonnameandpasswordtotheselectedmachineID.
4. Clear:PermanentlyremovethePortalAccesslogoncredentialfromtheselectedmachineID.
5. Machine.Group ID:ThelistofMachine.GroupIDsdisplayedisbasedontheMachineID/GroupIDfilterandthemachinegroupstheuserisauthorizedtoview.
6. Logon Name:ThePortalAccesslogonnameassignedtothismachineID.
7. User Web Logon:DisplaysEnabledifaPortalAccesslogonnameandpasswordhasbeenas-signedtothismachineID.IndicatesthatamachineusercanlogintothePortalAccesspagefortheirownmachineremotelyusingawebbrowseronanyothermachine.
2.4.9 Set CredentialTheSet Credential page registers the credential required by an agent to perform user level tasks on amanagedmachine.Acredentialisthelogonnameandpasswordusedtoauthenticateauserorprocess’saccess to amachine or network or some other resource.Most agent tasks do not require a credential.Credentialsarespecificallyrequiredorreferencedbythefollowing:
• Patch Management-IfacredentialisdefinedforamachineID,thenPatchManagementinstallsallnewpatchesusingthiscredential.Therefore,SetCredentialshouldalwaysbeauserwithadminis-tratorrights.• Patch Status-PatchStatusresetstestresultseverytimeamachineID’sSetCredentialchanges.• FileSource-FileSourcemayrequireasetcredentialbedefinedforthemachineIDactingasthefileshare.• Patch Alert-SetupanalerttonotifyyouifamachineID’scredentialismissingorinvalid.• Office Source-TheagentmusthaveacredentialtoaccessthealternateOfficesourcelocation,incaseapatchisbeinginstalledwhennouserisloggedintothemachine.• If-Then-Else-TheUseCredentialcommandintheagentprocedureeditorrequiresacredentialbedefinedinSetCredentialtorunsuccessfully.• Image Location-IfaUNCpathisspecifiedinImageLocation,acredentialmustbedefinedusingSetCredentialthatprovidesaccesstothisUNCpath.Withoutthecredential,themachinewillnothaveaccesstotheimagelocationandthebackupwillfail.• View Definitions-IncludesaMachineswithCredentialstatusoptionthatallowsyoutofilterthedisplayofmachineIDsonanyagentpagebytheircredentialstatus.• Desktop Policy and Migration -Installingtheclientforthismodulerequiresacredentialbede-fined.
2.5 Upgrade version
Agents
52 Chapter 2 - Agents Sadjadi et al.
Blank Passwords
Blankpasswordscanbeusedifthemanagedmachine’sLocalSecurityPolicyallowsblankpasswords.Onthemanagedmachine,opentheLocalSecurityPolicytoolinAdministrativeTools.NavigatetoLocalPolicies
-SecurityOptions.LookforapolicynamedAccounts: Limit local account use of blank passwords to console logon only.Thedefaultsettingisenabled.Changeittodisabledandacredentialwithablankpasswordwillwork.Fig.2.47belowshows thegenericviewof theSetCredentialpage.Theoptionssupportedby thismodulearelistedonthenextpage:
1. Username:Entertheusernameforthecredential.Typicallythisisauseraccount.
2. Password:Enterthepasswordassociatedwiththeusernameabove.
3. Domain• Local user account -Selectthisoptiontouseacredentialthatlogsintothismachinelocally,with-outreferencetoadomain.• Use machine’s current domain -Createacredentialusingthedomainnamethismachineisamemberof,asdeterminedbythelatestaudit.ThismakesiteasiertoSelect All andrapidlysetacommonusername/passwordonmultiplemachines,evenifselectedmachinesaremembersofdiffer-entdomains.• Specify domain -Manuallyspecifythedomainnametouseforthiscredential.
4. Apply:AssignthecredentialtoallcheckedmachineIDs.MachineIDswithassignedcredentialsdisplaytheusernameanddomainintheassociatedtablecolumns.
5. Clear:RemovethecredentialfromallcheckedmachineIDs.
6. Test:ClickTesttoverifywhetherausername/password/domaincredentialwillworkbeforeassign-ingittoamachineID.
7. Cancel:ClickCanceltocancelthetestingofausername/password/domaincredential.
Fig 2.47: Set credential
page
Age
nts
53Chapter 2 - Agents Sadjadi et al.
2.5.1 Update AgentTheUpdateAgentpage(Fig.2.48)schedulesmanagedmachinestobeupdatedwiththelatestversionoftheagentsoftwareattheagent’snextcheck-in.Updatingtheagentsoftwaremakesnochangestotheagentsettingsyouhavedefinedforeachagent.
.
1. Update Agent:ClickUpdate Agenttoscheduleselectedmachinestobeupdated.
2. Remind me at logon when agents need an update:Ifchecked,apopupwindowdisplayswhenVSAuserslogonifmanagedmachinesundertheircontrolneedtobeupdatedwiththelatestversionoftheagentsoftware.ThereminderonlydisplaysifatleastoneagentwithinVSAuser’sscoperequiresupdating.Userscandisablethisfeatureatlogontimeandcanre-activateitbyselectingthischeckbox.
3. Force update even if agent is at version x.x.x.x: Ifchecked,machinesselectedforupdateareupdatedwithnewfilestoreplacetheagentfilesonthemanagedmachine,eveniftheagentversioniscurrentlyuptodate.Thisperformsacleaninstallationoftheagentfiles.
4. After update run agent procedure <select agent procedure>:Selectanagentproceduretorunimmediatelyafteranagentupdatecompletes.Thiscapabilityletsyoure-applycustomizationstoanagentthatmaybelostafteranagentupdate.Typicallythesecustomizationsinvolvehidingorrenam-ingagentidentifiersonmanagedmachinessoastopreventusersfromrecognizingtheagentiseveninstalled.
5. Cancel Update:ClickCancel Updatetocancelapendingupdateonselectedmanagedmachines.
6. Machine.Group ID:Thelistofmachine.groupIDsdisplayedisbasedonthemachineID/groupIDfilterandthemachinegroupstheuserisauthorizedtoview.
7. Agent Version:Theversionoftheagentsoftwarerunningonthemanagedmachine.Versionnumbersinredindicatethattheversionontheagentmachineisnotthesameasthelatestversionavailable.
Fig 2.48: Update agent
page
2.5 Upgrade version
Agents
54 Chapter 2 - Agents Sadjadi et al.
8. Update Agent Procedure:Theagentprocedureassignedtorunwhentheagentisupdated.
9. Last Update:Thedatetheagentwaslastupdatedonthemanagedmachine.Sincetheservermustwaitforthemanagedmachinetocheck-in,accordingtothecheck-inscheduleasspecifiedinAgent > Check-In Control,PendingdisplaysintheLast Updatecolumnuntilthenextcheck-inoc-curs.
2.6.1 File AccessTheFileAccess page (Fig 2.49) prevents unauthorized access to files onmanagedmachines by rogueapplicationsorusers.Anyapplicationcanbeapprovedordeniedaccesstothefile.
Note: You may also block operating system access to the protected file by blocking access to explorer.exe and/or cmd.exe. This prevents the file from being renamed, moved, or deleted therefore completely locking down the file from tampering.
1. Block:Toprotectafilefromaccessbyrogueapplications,enterthefilenameandclicktheBlockbutton.ThisdisplaystheFileAccesspopupwindow.
Thedialogpresentstheuserwithoneofthefollowingoptions:
• Filenametoaccesscontrol-Enterthefilenameand/oraportionofthefullpath.Forexample,add-ingafilenamedprotectme.doctothelistprotectsoccurrencesofprotectme.docinanydirectoryonanydrive.• New-Addinanewapplicationtotheaccesslist.YoucanmanuallyentertheapplicationorusetheSearchbuttontoselectanapplicationname.• Remove-Removesanapplicationfromtheapprovedaccesslist.• Search-SelectamachineIDtosearchthelistofapplicationsinstalledonthatmachineIDandse-lectanapplicationname.ThislistisbasedonthelatestauditperformedonthatmachineID.Youarenotactuallybrowsingthemanagedmachine.• Askusertoapproveunlisted-Letsusersapprove/denyaccesstothefileonaperapplicationbasiseachtimeanewapplicationtriestoaccessthatfile.Usethisfeaturetobuildupanaccesscontrollist
2.6 Protection
Fig 2.49: File Access
Age
nts
55Chapter 2 - Agents Sadjadi et al.
basedonnormalusage.• Denyallunlisted-Blocksanapplicationfromaccessingthefile.Selectthisoptionifyouarealreadysureofwhichfilesneedaccessandwhichdonot.
2. Unblock: RemoveanapplicationfromtheprotectionlistbyclickingtheUnblockbutton.ThisopensanewdialogboxlistingallprotectedfilesfortheselectedmachineIDs.Youcanremovefilesfromjusttheselectedmachineorfromallmachinescontainingthatfilepath.
3. Machine.Group ID: ThelistofMachine.GroupIDsdisplayedisbasedontheMachineID/GroupIDfilterandthemachinegroupstheuserisauthorizedtoview.
4. Filename:Filenameofthefiletobeblocked.Clicktheediticonnexttoanyfilenametochangefileaccesspermissionsforthatfilename.
5. Approved Apps:ListsapplicationsapprovedtoaccessthefilesonthemachineID.
6. Ask User Approval:Ifchecked,theuserofamachineIDisaskedtoapprovefileaccessifanunapprovedapplicationattemptstoaccessthefile.
2.6.2 Network AccessThe Network Access page lets you approve or deny TCP/IP-protocol-based network access on a perapplicationbasis.Userscanalsobenotifiedwhenanunlistedapplicationaccessesthenetwork,permittingordenyingthatapplicationnetworkaccess.Typicallythisfunctionisusedtocontrolaccesstointernalandexternalinternetsites,butcanincludeinternalLANtrafficthatalsousestheTCP/IPprotocol.
Warning:ApplicationsthatdonotusetheWindowsTCP/IPstackinthestandardwaymayconflictwiththedriverusedtocollectinformationandblockaccess,especiallyolderlegacyapplications.
ThefunctionsoftheNetworkAccesspageislistedinFig2.50
1. Notify user when app blocked: ClickEnabletonotifytheuserwhenablockedapplicationat-temptstoaccessthenetwork.Usethisfunctiontobuilduptheaccesslistbasedonnormalusage.Thisletsyouseewhichapplicationsonyoursystemareaccessingthenetworkandwhen.
Oncethisoptionisenabled,oneofthefollowingoptionsmustbechosen:
• Always-Allowstheapplicationaccesstothenetworkindefinitely.Userswillnotbepromptedagain.• Yes-Allowstheapplicationaccesstothenetworkforthedurationofthesession.Userswillbe
Fig 2.50: Network Access
Agents
56 Chapter 2 - Agents Sadjadi et al.
promptedagain.• No-Deniestheapplicationaccesstothenetworkforthedurationofthesession.Userswillbepromptedagain.• Never-Deniestheapplicationaccesstothenetworkindefinitely.Userswillnotbepromptedagain.
2. Enable/Disable driver at next reboot: Enable/Disablethenetworkaccessprotectiondriverforanagent.ApplicationsthatdonotusetheWindowsTCP/IPstackinthestandardwaymayconflictwiththisdriver,especiallyolderlegacyapplications.Theagentcannotmonitornetworkstatisticsorblocknetworkaccessifthisdriverisdisabled.
Driver
Thisdriverfunctionneedstobeenabledtoblocknetworkaccessandmonitornetworkbandwidthstatistics.Thedriverisdisabledbydefault.ThisdriverinsertsitselfintotheTCP/IPstacktomeasureTCP/IP-protocol-basednetworktrafficbyapplication.
Todeterminewhichapplicationsshouldbeapprovedordeniednetworkaccess,usetheNetworkStatistics*reporttoviewnetworkbandwidthutilizationversustime.Ithelpsyouanalyzeandidentifypeakbandwidthconsumersbyclickingthegraph’sdatapoints.
Note: Network Statistics will be covered in the Info center chapter later on. Info Center > Reports > Logs > Network Statistics Log
3. Apply Unlisted Action:Anunlistedapplicationisonethathasnotbeenexplicitlyapprovedorde-niedaccesstothenetwork.Selecttheactiontotakewhenanunlistedapplicationattemptstoaccessthenetwork.• Askusertoapproveunlisted-Aconfirmationdialogboxdisplaysifanunlistedapplicationattemptstoaccessthenetwork.• Approveallunlisted-Theunlistedapplicationisgrantedaccesstothenetwork.• Denyallunlisted-Theunlistedapplicationisdeniedaccesstothenetworkandtheapplicationisclosedonthemanagedmachine.
4. Machine.Group ID: ThelistofMachine.GroupIDsdisplayedisbasedontheMachineID/GroupIDfilterandthemachinegroupstheuserisauthorizedtoview.
5. Notify User: AgreencheckmarkintheNotifyUsercolumnindicatesthatthemanagedmachineuserisnotifiedwhenanapplicationattemptstoaccessthenetworkthathasbeendeniednetworkac-cess.
Tonotifytheuserwhenaapplicationhasbeendenied:• SelectmachineIDs.• ClicktheEnablebuttonforNotifyuserwhenappisblocked.
Toremovethisnotification:• SelectmachineIDsthatdisplayagreencheckmarkintheNotifycolumn.• ClicktheDisablebuttonforNotifyuserwhenappisblocked.
6. Enable Driver: IdentifiesonapermachineIDbasis,whichmachineshavethenetworkprotectiondriverenabledornot.
7. Unlisted Action: DisplaystheUnlistedActiontotakewhenanunlistedapplicationattemptstoac-cessthenetwork.SeeApplyUnlistedActionabove.
8. Approved Apps / Denies Apps• Approvedapplicationsarelistedinthefirstrow.• Deniedapplicationsarelistedinthesecondrow.• IftheApproveallunlistedradiooptionisselectedandappliedtoamachineID,thentheapproved
Age
nts
57Chapter 2 - Agents Sadjadi et al.
applicationlistisreplacedbythephraseApproveAllUnlisted.• IfDenyallunlistedradiooptionisselectedandappliedtoamachineID,thenthedeniedapplicationlistisreplacedbythephraseDenyAllUnlisted.
Toapproveordenynetworkaccesstooneormoreapplications:
1. CheckthecheckboxnexttooneormoremachineIDsintheMachine.GroupIDcolumnasshowninFig2.51
ClickthelinkofanymachineIDintheMachine.GroupIDcolumn.ItdoesnothavetobethemachineIDyouchecked.ThisdisplaystheApplicationListpopupwindow,listingallapplicationsinstalledonthatmachineID.ThelistisbasedonthelatestauditthatwasperformedforthatmachineID.
2. SincethelistintheApplicationList(Fig2.52)windowmaybelarge,youcancontroltheapplica-tionsdisplayedbyclickingFiltertofilterthelist.3. Checkthecheckboxesnexttotheapplicationnameyouwishtoapproveordenynetworkaccessto.4. YoucanalsoenterapplicationnamesintheAddapplicationsnotfoundbyaudithereeditfield,toidentifyapplicationsnotlisted.5. ClicktheSelectbuttontoconfirmyourselectionsandclosetheApplicationListwindow.These-lectedapplicationsnowdisplayatthetopofthepage.
6. ClickApproveAppsorDenyApps(Fig2.53).TheapplicationsselectedintheApplicationListwin-dowareaddedfromtheApprovedApps/DeniedAppscolumn.
Fig 2.51
Fig 2.52
Agents
58 Chapter 2 - Agents Sadjadi et al.
ToremoveapproveanddenysettingsforoneormoremachineIDs• CheckthecheckboxnexttooneormoremachineIDsintheMachine.GroupIDcolumn.• ClicktheRemoveAppsbutton.
2.6.3 Application BlockerTheApplicationBlocker (Fig2.54)pagepreventsanyapplication fromrunningonamachine ID.Blockedapplicationscannotberenamed,moved,ordeletedfromthesystem.
1. Block:Toblockanapplicationfromrunningonamachine:
1. SelectoneormoremachineIDs.OnlymachineIDscurrentlymatchingtheMachineID/GroupIDfilteraredisplayed.2. Entertheapplication’sfilenameintheeditbox.
Theapplicationcanbe referencedby filenameand/oraportionof the fullpath.Forexample,addinganapplication named blockme.exe to the list, prevents all occurrences of blockme.exe, on any directory oron anydrive, from running.Addingmyfolder\blockme.exeprevents occurrencesof the application in anydirectorynamedmyfolderfromrunning.
Fig 2.53
Fig 2.54: Application
Blocker
Age
nts
59Chapter 2 - Agents Sadjadi et al.
3. ClicktheBlockbutton.4. TheblockedapplicationdisplaysintheApplicationcolumnbesidetheselectedmachineIDs.
2. Unblock: Tounblockanapplicationfromtheblockedlist:
1. SelectoneormoremachineIDsthatshowblockedapplicationsintheApplicationcolumn.2. ClicktheUnblockbutton.ThisopensaFileAccesspopupwindowlistingallblockedapplicationsfortheselectedmachineIDs.3. Clickoneormoreblockedapplications.4. ClicktheUnblockbutton.Thewindowcloses.5. TheblockedapplicationnolongerdisplaysintheApplicationcolumnbesidetheselectedmachineIDs.
3. Machine.Group ID:ThelistofMachine.GroupIDsdisplayedisbasedontheMachineID/GroupIDfilterandthemachinegroupstheuserisauthorizedtoview.
4. Application:Filenameoftheapplicationbeingblocked.
Note: If multiple agents are installed on a machine, only one agent at a time controls the drivers required to use File Access, Network Access, Application Blocker. These functions can only be performed by the agent controlling these drivers.