Admin Arsenal User Manual © 2007-2010 Admin Arsenal

Admin ArsenalUser Manual

© 2007-2010 Admin Arsenal

All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, ormechanical, including photocopying, recording, taping, or information storage and retrieval systems - without thewritten permission of the publisher.

Products that are referred to in this document may be either trademarks and/or registered trademarks of therespective owners. The publisher and the author make no claim to these trademarks.

While every precaution has been taken in the preparation of this document, the publisher and the author assume noresponsibility for errors or omissions, or for damages resulting from the use of information contained in thisdocument or from the use of programs and source code that may accompany it. In no event shall the publisher andthe author be liable for any loss of profit or any other commercial damage caused or alleged to have been causeddirectly or indirectly by this document.

Printed: August 2010

Admin Arsenal


3Contents

3


Table of Contents

Foreword 0

Part I Introduction 6

................................................................................................................................... 61 Introducing Admin Arsenal

................................................................................................................................... 72 Quick Start Guide

.......................................................................................................................................................... 7Before you Begin

.......................................................................................................................................................... 8Install Command Line

.......................................................................................................................................................... 8Running for the First Time

.......................................................................................................................................................... 9Organize Your Computers

.......................................................................................................................................................... 10Run Inventory Reports

.......................................................................................................................................................... 10Reboot Computers

.......................................................................................................................................................... 10Software Deployment

Part II What's New 1.5 10

................................................................................................................................... 111 Update Notes

................................................................................................................................... 142 What's new in 1.4

................................................................................................................................... 143 What's New in 1.3

................................................................................................................................... 154 What's New in 1.2

................................................................................................................................... 165 What's New in 1.1

Part III Concepts 17

................................................................................................................................... 181 Access Report Templates

................................................................................................................................... 182 Active Directory Synchronization

................................................................................................................................... 193 Background Processes

................................................................................................................................... 194 Collections

................................................................................................................................... 205 Database Files

................................................................................................................................... 216 Double-Hop Authentication

................................................................................................................................... 217 Heartbeat & Scanning

................................................................................................................................... 228 Inventory

................................................................................................................................... 229 Trial Version

................................................................................................................................... 2310 Monitors

................................................................................................................................... 2311 New Remote Service Method

................................................................................................................................... 2412 Software Deployment

.......................................................................................................................................................... 24Silent Installs

................................................................................................................................... 2513 Performance Counters

................................................................................................................................... 2614 Remote Control

................................................................................................................................... 2615 Remote Processes

................................................................................................................................... 2716 Reports

................................................................................................................................... 2717 Scan Errors

................................................................................................................................... 2818 Tools

Admin Arsenal4


................................................................................................................................... 2919 Troubleshooting Connection Issues

................................................................................................................................... 3020 Wildcards

Part IV Reference 30

................................................................................................................................... 301 Windows

.......................................................................................................................................................... 30Browse Active Directory

.......................................................................................................................................................... 31Collection

.......................................................................................................................................................... 32Computer

......................................................................................................................................................... 33Testing

......................................................................................................................................... 33Admin Share

......................................................................................................................................... 34DNS Lookup

......................................................................................................................................... 34Ping

......................................................................................................................................... 35Remote Registry

......................................................................................................................................... 35WMI

......................................................................................................................................................... 36Environment

......................................................................................................................................................... 36Disks

......................................................................................................................................................... 37Displays

......................................................................................................................................................... 37Shares

......................................................................................................................................................... 37Printers

......................................................................................................................................................... 38NICs

......................................................................................................................................................... 38Groups

......................................................................................................................................................... 38Users

......................................................................................................................................................... 39Processes

......................................................................................................................................................... 39Services

......................................................................................................................................................... 40Softw are

......................................................................................................................................................... 40Monitors

......................................................................................................................................................... 40Hardw are

.......................................................................................................................................................... 40Computers Window

.......................................................................................................................................................... 41Deploy

.......................................................................................................................................................... 41Initialize Wizard

......................................................................................................................................................... 42Background Service Step

......................................................................................................................................................... 42Active Directory Step

......................................................................................................................................................... 42E-Mail Step

......................................................................................................................................................... 42Test Computers Step

.......................................................................................................................................................... 43Main Window

.......................................................................................................................................................... 43Monitors

......................................................................................................................................................... 44Performance Counters

......................................................................................................................................................... 44Event Log

......................................................................................................................................................... 45Heartbeat

......................................................................................................................................................... 45Processes

......................................................................................................................................................... 46Services

......................................................................................................................................................... 46Actions

......................................................................................................................................... 47Service

......................................................................................................................................... 47Command

......................................................................................................................................... 47E-Mail

......................................................................................................................................... 48Event Log

......................................................................................................................................... 48Popup

......................................................................................................................................... 48Reboot

.......................................................................................................................................................... 48Monitor Log

.......................................................................................................................................................... 50Move Database

.......................................................................................................................................................... 51Past Deployments

.......................................................................................................................................................... 51Performance Counter Charting

.......................................................................................................................................................... 52Performance Counter Set

5Contents

5


.......................................................................................................................................................... 53Performance Counter Sets

.......................................................................................................................................................... 53Preferences

.......................................................................................................................................................... 55Print

.......................................................................................................................................................... 55Reboot/Shutdown

.......................................................................................................................................................... 55Remote Command

.......................................................................................................................................................... 56Remote Command Options

.......................................................................................................................................................... 56Remote Password

.......................................................................................................................................................... 56Report

.......................................................................................................................................................... 57Select Object

.......................................................................................................................................................... 57Select Performance Counter

.......................................................................................................................................................... 57Task

.......................................................................................................................................................... 57Unexpected Error

................................................................................................................................... 582 Command Line Utilities

.......................................................................................................................................................... 58DcomAcls

Part V Online Resources 60

Index 61

Admin Arsenal6


1 Introduction

Welcome to Admin Arsenal, Simply Systems Management.

Introducing Admin ArsenalProvides a brief overview of Admin Arsenal. Start here if you are new to Admin Arsenal.

What's New in Admin ArsenalDescribes the new features available in Admin Arsenal. Start here if you've used the program before.

Quick Start GuideA quick read to get you up and running.

ConceptsDescribes the concepts underlying Admin Arsenal. In-depth coverage of the important issues.

WindowsDescribes in detail each of the windows and forms in Admin Arsenal.

Online ResourcesGet more information online.

Microsoft, Windows, .NET, and Active Directory are either registered trademarks or trademarks of MicrosoftCorporation in the United States and/or other countries.

1.1 Introducing Admin Arsenal

Admin Arsenal is a collection of tools for use by Microsoft® Windows® system administrators. As the nameimplies, it's a collection focused on a single goal, that of improving the lives of administrators. Within you willfind tools to remotely deploy software, report on hardware & software inventory, monitor the health of yourcomputers, and much more.

Other Enterprise Systems Management solutions require you to discover the computers on your network andthen maintain a separate database of computers. This is a duplication of effort since you already have adatabase of computers, your Active Directory domain. Admin Arsenal synchronizes with Active Directoryautomatically, keeping itself up to date with changes in AD. When computers are added to or removed from ADthey will automatically be changed in Admin Arsenal. This requires less maintenance on the part of theadministrators and keeps things from getting out of sync.

Major Features

Remote Software DeploymentDeploy software onto one or more computers simultaneously.

Hardware/Software InventoryKnow what's installed where. Use our flexible reports to get a quick look at what's out there, or use our Access Report Templates to customize the reports to your heart's content.

Monitor your EnvironmentCreate monitors to watch performance counters, service, and processes. When problems happen, takeaction to correct the problem. From sending and e-mail to rebooting computers, Admin Arsenal has youcovered.

Performance Counters

Introduction 7


Use Admin Arsenal's powerful counter charting tools to watch your environment in real time.

So Much MoreWake-on-LAN, rebooting, remote desktop, and more round out the administrator's arsenal.

See Also

Quick Start Guide

1.2 Quick Start Guide

Quick Start guides you through what you need to know to get up and running. The following steps will getAdmin Arsenal installed, your database created & populated, and your first management tasks.

Before you BeginPrerequisites required before using Admin Arsenal.

Install Command LineCommand line options for installing Admin Arsenal silently or remotely.

Running for the First TimeAdmin Arsenal needs a little information to get started.

Organize Your ComputersCreate collections to organize your computers into useful groups.

Run Inventory ReportsRun your first inventory reports.

Reboot ComputersTry rebooting several computers at once.

Software DeploymentDeploy software remotely on a large number of computers.

1.2.1 Before you Begin

Admin Arsenal requires that certain things be in place prior to running.

Microsoft .NET 2.0

Admin Arsenal requires that the management system have Microsoft .NET Framework 2.0 or higher. It can bedownloaded and installed from Microsoft's web site. Please note that .NET is only necessary on the machinewhere Admin Arsenal is installed. Machines to be managed with Admin Arsenal do not require .NET.

Active Directory

Admin Arsenal synchronizes data with Microsoft Active Directory (AD) and uses your AD authentication toremotely manage computers. The computer where Admin Arsenal is installed, as well as all computers to bemanaged, must be members of an AD Domain. Also, the user account you use when using Admin Arsenalmust be a domain account, and have sufficient rights on each computer you’re managing (typically this wouldbe administrative rights). If you try to manage a computer on which you do not have administrative rights, youwill still be able to perform the tasks for which you have sufficient rights.

Firewall Exceptions

For remote administration to be possible, there must be firewall exceptions in place on any computer that has

http://www.microsoft.com/downloads/details.aspx?familyid=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en

Admin Arsenal8


a firewall. Obviously, if a workstation is blocking remote file access then software cannot be installed on itremotely.

If your computers are using the Windows firewall, the simplest way to configure them is with a GPO. Using theGPO editor enable the following exceptions under under Computer Configuration > Administrative Templates >Network > Network Connections > Windows Firewall:

Allow remote administration exceptionAllow ICMP exceptionsAllow Remote Desktop exception

If you are using other firewalls, you will need to open access for the following services. Windows ManagementInstrumentation (WMI), remote procedure calls (RPC), Distributed Component Object Model (DCOM), and SMBfile shares (for the admin shares).

WMI (Windows Management Instrumentation) and DCOM (Distributed Compononent Object Model)

Admin Arsenal utilizes WMI and DCOM to perform its tasks. One of the most common problems that AdminArsenal faces is a misconfigured DCOM environment. If you wish to use a remote management tool like AdminArsenal then Remote Management must be enabled. Using the tool DCOMACLS.EXE, located in yourProgram Files\\Admin Arsenal directory, you can verify and set the necessary DCOM settings for AdminArsenal. For more information on using this tool to properly set your DCOM configuration please see the Dcomacls section of Help.

Windows Vista and Windows 2008 Server

Windows Vista and 2008 Server have one additional setting which needs to be enabled. This setting is neededto allow remote access to the hardware database for hardware scans. Using the GPO editor enable "Allowremote access to the PnP Interface" in Computer Configuration > Administrative Templates > System > DeviceInstallation.

1.2.2 Install Command Line

The Admin Arsenal installer .exe file supports the following command-line options. These are used mainly forunintended or remote installations.

/sSilent install, shows no user interface.

/l=<logfile.ext>Logs installation activity to a text file. Used for troubleshooting why an install failed.

TARGETDIR=<target>Installs Admin Arsenal into a directory other than the default of %ProgramFiles%\Brisworks\Admin Arsenal.

Uninstall:msiexec /q /x A5A876F8-BEE7-42AE-88DB-5EE2684C21CC

1.2.3 Running for the First Time

Read Before you Begin to ensure your system is ready for using Admin Arsenal.

Initialize Wizard

The Initialize Wizard will take you through a few questions to gather information needed by Admin Arsenal.

The only piece of information that is absolutely required by Admin Arsenal to get started is your Active Directorycontainer. This container is used for synchronizing with AD. This container must hold all of the computers youwish to manage, either directly or through child containers. The wizard will prompt you for some other

Introduction 9


information which is useful, but it's not necessary to provide before using the product.

If you wish to use Admin Arsenal to manage all computers in your domain, simply select the top levelcontainer.

If you are only working with a subset of your tree, select the lowest container holding all of your computers. Thiswill prevent computers from cluttering up your database which you don't want to manage.

Note If you are upgrading from an installation of Admin Arsenal 1.1 or earlier, your database files will beimported into the new SQL Server database automatically. Your AdminArsenal.mdb file will be renamedAdminArsenal.1.2.bak and you can delete your Admin Arsenal directory.

Finished

That's it. You are now up and running. Admin Arsenal will immediately begin testing your computers for onlinestatus and start scanning their inventory.

Other Tasks

If you are going to be using e-mail notification with Monitors, you will need to set up your e-mail server. Set thisinformation using the Preferences window available from the Admin Arsenal menu in the Main Window.

1.2.4 Organize Your Computers

Collections allow you to keep your computers organized. You'll notice a couple of collections already exist afteryou install. Use these collections as a guide to creating your own. Let's see when collections are helpful.

Problem

You need to identify all of the XP computers on your network which do not yet have service pack 2.

Solution

Create a new Dynamic Collection using the Containers menu. Give the new collection a meaningful name,such as "XP Machines without SP 2" and then add the following filters:

1. Online yes2. O/S contains XP3. O/S Service Pack less than 2 That's it, now you have a collection which will always be kept up to date. You can now use this collection to runreports, as a target for tools and commands, or just simply for your own information.

Problem

You want to group machines by which floor they're on, however they have no inventory which can identify whichwhere they are and they're not organized in Active Directory by location.

Solution

Dynamic Collections aren't much help if the computer doesn't have anything which can be used as a filter. Inthis case you can use a normal Collection. These collections are managed manually, so you can organize yourcomputers in any number of ways.

Create a Collection by using the Containers menu. Give the collection a name and then drag and dropcomputers into the collection from other containers. You can select and drag multiple computers at once usingthe shift and ctrl keys. Once you have your collection populated, its members will only be removed if youremove them manually or they're deleted in Active Directory.

Admin Arsenal10


1.2.5 Run Inventory Reports

As soon as you run Admin Arsenal for the first time it will begin scanning the computers in your network fortheir inventory. Once this inventory is in your database, you will have a wealth of information at your fingertips.

ProblemYou need to know how many of each operating system you have installed on your entire network.

SolutionRight click on All Computers in the main window, select reports > Operating System > Counts. You will beshown a list of the O/S and the number of computers upon which it's installed.

Reports can be run against any object in the database, from a single computer all the way up to your entirenetwork. If you needed to know the above information for only a single department, you could accomplish iteasily. First you need a container with all of the computers in the department, then right click on the containerand select the report.

1.2.6 Reboot Computers

Rebooting groups of computers can be helpful from time to time.

ProblemYou want to reboot a department's computers after work to prepare for a software push.

SolutionSelect a container which holds the computers in question. Right-click on the container, select Tools > Reboot.In the reboot dialog, select the parameters for the reboot. You may want to give the users a notice for a coupleof minutes so that you don't reboot someone's computer while they are working. Click Reboot Now and thereboots will happen immediately.

1.2.7 Software Deployment

No one likes deploying software one computer at a time if they can avoid it.

ProblemYou need deploy Adobe Acrobat Reader to all of your computers quickly.

SolutionYou have AdbeRdr80_en_US.exe downloaded to your computer. Right-click on All Computers (or OnlineComputers, to avoid trying to deploy to computers that aren't turned on). Select Tools > Deploy. In the deploywindow, click the ... button to browse to your Acrobat install file. In Command Line add /qn (this is critical, sincethe install must be silent or it will sit waiting forever for the user to answer the install questions). That's it, clickDeploy File and watch your computers get the Acrobat treatment.

2 What's New 1.5

The following are the major feature enhancements in this release, for more detail on individual versionupdates, read the Update Notes.

Custom SQL for Dynamic CollectionsDynamic Collections can now use custom SQL filters for greater flexibility.

Custom Tools

What's New 1.5 11


Added Custom Tools to allow for the addition of external tools to be invoked within Admin Arsenal.

Added OS Architecture fieldCreate collection or reports based on whether the OS is 32 or 64 bit.

2.1 Update Notes

The following are the changes made in each build of Admin Arsenal. This list is more detailed than what'slisted What's New, showing all minor changes including bug fixes and enhancements.

1.4.0.132

Implemented new remote service method for dealing with UAC.

1.4.0.130

Fixed a bug where the event log was full and the errors.txt file grew too large.Fixed bug where scanning of computers with no Processor entries in WMI failed.Reworded some menu items to make more clear.

1.4.0.118

Improve compatibility with new Admin Arsenal support web site.

1.4.0.105

Reports can now be edited (or created new) by specifying their SQL.Added an option to automatically export to the report templates file every hour.Improved lookup of computers in DNS.Improved reporting of errors when remote command is sent to multiple computers.Added new default collections.Other minor fixes.

1.4.0.87

Fixed problems some users experienced running near the expiration of the trial period.Fixed problems creating databases at application startup which caused crashes for some users.Fixed "Divide by Zero" error when saving some collections.Other minor fixes.

1.4.0.78

Improved the export to report template process to prevent hanging and provide better feedback.

1.4.0.76

Added repair utility to repair database when corrupted by hardware problems.Minor bug fixes

1.4.0.0

Initial release of 1.4

1.3.2.8

Fixed problem accessing clipboard when it contained the EnhancedMetafile type.

Admin Arsenal12


1.3.2

Fixed problem setting user privilege when installing background service.Fixed problem keeping monitor logs trimmed.Minor interface and performance enhancements.

1.3.1.23

Fixed problem with certain collection filters which ran too slowly.Fixed problem creating service log on.

1.3.1

Added new installation wizard to aid in preparing new installations.Added display of Background Service status to the bottom of the main window.All date fields in collection filters work better when the value is empty.Fixed bug when upgrading with certain existing collection names.Improved sorting of IP address on main window.Fixed operation with certain non-Western European languages (notably, Turkish).Changed database access to allow limited access to database files on a server.Fixed problem scanning for 32-bit software on 64-bit system.

1.3.0

Initial release of 1.3.

1.2.61

Improved error handling when attempting remote assist and remote desktop on Windows 2000.Fixed problem showing reports for computers which were deleted in Active Directory.Fixed error when opening Admin Arsenal when the Windows clipboard was unavailable.Fixed an error during scanning of certain computer's MAC Addresses.

1.2.60

Fixed problem drawing items in the main window tree while scrolling.Fixed problem deleting a collection when certain collection windows were open.Improved installation of trial version over full version.

1.2.59

Improved event log error logging for monitors.Fixed problem running tools from the task window for multiple computers.Fixed problem in viewing main window tree on Windows 2000.

1.2.58

Fixed problem installing MSI files with a space in their name.Improved display of AD containers in main window when deleted by AD import process.Improved error message when importing corrupt monitors, counter sets, and collections.Improved rebooting of computers when they have applications open.

1.2.57

Fixed error when pressing F1 for windows that didn't have a help document.

What's New 1.5 13


Fixed problem with opening dynamic collections that referred to other collections.

1.2.56

Fixed problem with scanning certain combinations of environment variables.Corrected display of free space in logical disk report.Fixed display of current user names for non-Vista systems.Improved display when importing corrupt monitor, collection, or counter set file.Computer process pane now reports any errors reading processes from the client computer.

1.2.55

Fixed problems displaying large disk and memory module capacities in some reports.Fixed problem exporting documents in trial version.

1.2.54

Improved error handling when attempting to open a deleted computer.Fixed bug when using AD Container as target to certain tasks.

1.2.53

Initial release of 1.2

1.1.1015

Improved error logging for some background processes.Corrected potential multi-threading in database access.Improved check for latest version.

1.1.1014

Added DcomAcls.exe to help with WMI Access Denied errors.

1.1.1013

Improved reading of serial numbers during inventory scans.Fixed problem in showing Fit to Graph performance counters.Saving performance counter set automatically refreshes active view.Combine output and error data from remote commands.

1.1.1011

Fixed problem running Remote Assist with UAC enabled.Add System Drive to computer inventory.Add Running and Not Running types to service and process monitors.Add monitor log entry for number of disabled actions.Show IPV4 addresses for Vista with IPV6 installed.Fix error when opening deleted computer object.Fixed sorting of uptime column in main window.

1.1.1010

Fixed problems when entering non-numeric text in collection filters.

1.1.1009

Admin Arsenal14


Fixed bug where tasks would sometimes fail with an unexpected error on start up.Fixed potential problem with computer window not opening properly when double-clicked.

1.1.1001

Initial release of 1.1.

2.2 What's new in 1.4


Added MSP and MSU supportSoftware Deployment now provides native support for deploying Microsoft Installer patches and updates viaMSP and MSU files. MSU files will only work with Windows Vista and Windows 2008 platforms.

Added deployment with BAT and CMD fileSoftware deployments can now more easily be run with BAT and CMD script files, including command-lineparameters.

Network Interface Card support in inventoryWe now collect information related to your Network Interface Cards (NICs).This data is seen on the individualcomputer windows and, of course, you can create a custom report to display and arrange the data.

Printer inventory scan1.4 allows you to see which printers are configured at each target system. Note that we only report printers asthey are know to the target systems. Admin Arsenal does NOT scan the network for printing devices and reportthe results.

Database stability improvements1.4 removes many of the annoying database timeouts that users experienced with past versions.

2.3 What's New in 1.3


Computer Container WindowComputer containers can now be opened in separate windows, showing all of the computer informationavailable in the main window. These windows can be refreshed independently of the main window and can beset to refresh automatically every 10 seconds.

Connectivity TestingAdmin Arsenal requires a number of remote access protocols to communicate with computers remotely. The Computer window has a new pane called Testing which runs a number of tests to verify that these remoteprotocols are working properly. If not, you will be given some ideas for remediation of the connectivityproblems.

Display Device ScanningInventory now includes scanning of display devices. This information comes from the Extended DisplayIdentification Data of the monitor, if it is provided. Most plug and play monitors support this data structure.

What's New 1.5 15


Heartbeat MonitorNow the heartbeat status of computers can be monitored. All normal triggers can be fired when a computergoes online or offline.

Improved Remote Process MechanismThe mechanism by which Admin Arsenal runs commands and deploys software remotely on other computershas been improved. The new mechanism is faster, uses fewer resources, and is more robust.

Monitors Can Be DisabledMonitors can now be disabled without having to remove all of their targets. This allows for temporary stoppingof monitors during maintenance and other tasks where it is desirable to stop the unnecessary firing of triggers.

New Software Deploy Configuration OptionsRemote deployments are more configurable. Deployments can have a timeout to give up waiting for them tofinish. Also, the number of concurrent deployments can be limited.

New Popup ActionThe popup action for monitors no longer needs the messenger service. This message uses Admin Arsenal'sremote commands and msg.exe.

Remote Command/Deploy DependenciesAdmin Arsenal can copy a constant set of files to each remote machine when running a remote command ordeployment. This will allow tools available during the remote actions without having to pre-copy the files to allof the computers.

Remote Command PasswordA new option to send a password to remote commands and deployments has been added to alleviate the double-hop problem.

Service for Background ProcessesAdmin Arsenal's background processes can now be executed in separate Windows service to allow them tocontinue working even when the console is not running.

VNC SupportVNC is now supported for remote control along with Remote Desktop and Remote Assist.



Collection FoldersCollections can now be organized in a hierarchy. Folders can not only be used to keep collections organized,but they can roll up computers from the collections within them, creating supersets of computers.

External Domain SupportUsers can now manage computers in domains which differ from the domain of the user account. This willallow the management of remote domains.

Admin Arsenal16


New Database EngineThe database engine used by Admin Arsenal has been changed to improve stability and scalability. Thischange will allow for the implementation of some of the new features which are planned for future releases.

Performance and Stability EnhancementsAs usual, this update includes enhancements to performance and stability at all levels.



Performance Counter ImprovementsYou can now combine multiple counter sets when viewing counters on a single computer. On the Performance Counter window use the menu to add additional counter sets, or drag another counter set ontothe chart.It's no longer necessary to create a counter set to view counters. From the Main window or Computerwindow use the "Open Counter Window" menu item to open a blank counter chart. Use the menu there toopen individual counters.You can edit the properties of a counter in a chart without editing the counter set. Simply double click on thecounter in the list.New scaling, "Fit to Window." This scaling option automatically adjusts the chart for the counter so that theline always fits within the chart. Use this to automatically shrink down counters with very high values, or togrow counters with tiny values.

Monitor ImprovementsMonitor groups in addition to individual computers. You can have monitors applied to groups, such ascollections and AD containers. With dynamic collections, computers have monitoring stop and startautomatically as they are added to and removed from the collection. The same with AD containers, when acomputer is added to AD, it will start monitoring as soon as it's synchronized with Admin Arsenal.You can now add any number of actions to a monitor, and in any order.Monitors can now reboot computers when triggered.Monitors can run arbitrary command-line programs when triggered.Monitors can start/stop/pause/restart services when triggered.Monitors now keep logs of actions taken to sample computers and trigger actions. The logs are availablefrom each computer window's monitor pane.

ToolsReboot allows the computer to be shutdown, and not restarted.Installations now keep a history of files and options, making reuse of past installs easier.Remote commands can be given a timeout value.

Import/ExportYou can export collections, monitors, and performance counters to a file and import them back into AdminArsenal from the main window. This is useful for sharing collections with other Admin Arsenal users.Many lists of objects can be exported to a comma separated value (CSV) file for use in spreadsheets anddatabases.

Remote DesktopImproved Remote Desktop size preferences

ReportingNow includes a template file for using Microsoft Access to create custom reports.

What's New 1.5 17


InventoryShare permissions are now included in inventory.

InstallInstalls are saved in a history for reuse. Use the Past Installs button the Install window.Installs can now copy the entire directory where the install file is located, for proper dependencies.MSI and EXE files can be dragged onto the main window to initiate an install.

MiscellaneousTasks now show their elapsed time.Processes can have their priority changed from the Processes Pane.

3 Concepts

This section contains detailed explanations of many of the concepts behind Admin Arsenal.

Access Report TemplatesMake custom reports.Active Directory SynchronizationHow and when does Admin Arsenal sync with Active Directory.Background ProcessesWhat Admin Arsenal is doing behind the scenes.CollectionsHow collections help you organize your systems.Database FilesInformation on how Admin Arsenal stores its data.Double-Hop AuthenticationDealing with authentication problems with remote commands and software deployment.Heartbeat & ScanningWhen and how does Admin Arsenal gather data from computers.InventoryKnow what's installed where.License KeyHow license keys work with the system.MonitorsMonitoring the health of your computers.Performance CountersKeeping tabs on your systems in real time.Remote ControlControl computers remotely.Remote ProcessesRun commands on computers remotely.ReportsGenerating reports.Software DeploymentDeploy software to multiple computers simultaneously.Scan ErrorsCommon errors reported by inventory scans, and their solutions.ToolsThe management tools to use when working with computers.Troubleshooting Connection IssuesAssistance with problems connecting to computers remotely.

Admin Arsenal18


WildcardsUsing wildcards to search for just what you want.

3.1 Access Report Templates

Admin Arsenal includes a set of templates for creating custom reports in Microsoft Access. Thesetemplates are located in a file called Report Templates.mdb in the Admin Arsenal program directory.

In order to use the templates, you will need to export your Admin Arsenal database into the ReportTemplates.mdb file. Use the Export to Report Templates File... menu item under the Reports menu todo this. You will be prompted for the name of the MDB file to export to. The export will take a fewseconds and then the MDB file will have a mirror of your current Admin Arsenal database ready for reportwriting.

You should copy the Report Templates.mdb file to another location before doing the export in order toleave the original intact.

Auto ExportBy clicking on "Auto Export Templates File" you can select a file to be export to automatically every 60 minutes.This will remain enabled until you click the menu again to uncheck it. You can still export manually to any fileeven while this is enabled.

Note: Upgrades to Admin Arsenal may add to or modify the structure of database necessitating a new ReportTemplates.mdb file. If this happens, you can get the latest MDB file from the Admin Arsenal program directoryand export any custom queries and reports from your old MDB file into it. The copy of the MDB file in the AdminArsenal directory will always have the latest structure built in.

3.2 Active Directory Synchronization

Admin Arsenal will manage computers that are members of your Active Directory domain. It is used as theauthoritative source of computers in your environment, and saves you the problems of scanning networkaddresses and maintaining separate databases of computer objects. Adding new computers to ActiveDirectory will cause them to automatically be added to Admin Arsenal (as well as deletes and changes).

Admin Arsenal will periodically synchronize its database with Active Directory. This synchronization is one-way;data is only read from Active Directory and never written back.

Root ContainerThe synchronization is performed based upon a root container, synchronizing all computers below theselected root. By selecting an appropriate root container, you can have Admin Arsenal synchronize with only asubset of your domain. This is useful if you work with only some of the computers in Active Directory, such as adepartmental Organizational Unit. Simply select the container which is above all of the computers you wish tomanage. If you wish to manage all computers in your domain, select the top level container in Active Directory.

Synchronization IntervalUse the Preferences window to change the time to wait between synchronizations (the default value is 15minutes).

Manual SynchronizationYou can have Admin Arsenal sync immediately with AD, instead of waiting for the interval to expire. Click on"Synchronize with Active Directory" under the Admin Arsenal menu.

See Also

Concepts 19


Running for the First Time

3.3 Background Processes

There are a number of things that Admin Arsenal is doing in the background to keep your system up to date.

Active Directory ImportTo keep the computers showing in Admin Arsenal and Active Directory in sync, Admin Arsenal periodicallyreads what is in Active Directory and makes the appropriate changes in the database. By default, this happensevery 15 minutes. The interval can be changed using the Preferences window.

HeartbeatAdmin Arsenal periodically checks each computer in the database to see if it is online. It also gathers someother information during these checks. The standard interval is to check each computer ever 1 minute. Thisinterval is per computer, so the actual checks will be spread out. The interval can be changed using the Preferences window.

Inventory ScanningAdmin Arsenal scans the inventory of each computer once per day (by default.) As with the other processes,this interval can be changed using the Preferences window.

MonitorsMonitors run in the background periodically testing computers and firing triggers. The intervals are set on eachmonitor individually.

These background processes run automatically inside the Admin Arsenal process. Starting with version 1.3these processes can be run inside a Windows service allowing them to continue running even when theAdmin Arsenal console is not running. This service can be installed using the the Preferences window.

Windows services must run under a domain account in order to access network resources. You will need togive this service the name and password of a domain account which has sufficient rights to perform all ofthese tasks. This can be your user account, but it could just as easily be a special service account created forthe purpose. Just ensure that it has the necessary rights to read WMI databases, remote registries, and filesystems on your network.

Windows 2000There are special security restrictions for the background service when running on Windows 2000. See thenote under Preferences.

3.4 Collections

Collections allow you to organize your computers for easy use and reporting. All collections are displayed onthe left of the Main Window. Admin Arsenal ships with a set of default collections which you can delete ormodify as you choose.

Collections can be the target of tasks, such as reboot or deploy, or as criteria for a report. There are three typesof collections available.

Dynamic CollectionsDynamic collections are based upon properties of the computers and as the name implies will change ascomputer properties change. You set up dynamic collections by defining criteria and the collection will alwaysbe updated as computers change. Criteria can be nearly every piece if information in the database, such ashardware, software, operating systems, and IP address. When used as a target for an operation, the members

Admin Arsenal20


will always be calculated at the time they are needed, keeping the members as up to date as possible.

Static CollectionsStatic collections are populated manually. Computers in a static collection will remain there until you removethem or they are deleted from Active Directory.

You add computers to a static collection by dragging the computers from the right side of the Main Window tothe desired collection on the left. Alternately, you can right-click on a computers in the Main Window, select theAdd to Collection menu item, and select the collection. Removing computers from collection is as simple asselecting the collection, clicking on the computers to remove, and pressing the Delete key or the Remove itemon the Computer menu.

Collection FoldersCollection folders container other folders. These folders can be used to create a hierarchy of collections. Eachfolder can contain any type of collection, including other collection folders. You can move collections into acollection folder by dragging them from other parts of the tree on the main window.

Collection folders can contain the computers that are members of the collections they contain, this is referredto as "rolling up" the computers. Right-click on a collection folder and use the Collection Folder Rollup menuitem to set the roll up type.

All ChildrenComputers are only included in this collection folder if a given computer is a member of each and everycollection within the folder. Any ChildrenComputers are included if they are members of any collection within the folder.No ChildrenNo computers roll up to the collection, and so the collection folder will have no computers.

See Also

Organize Your Computers | Collection

3.5 Database Files

Admin Arsenal stores all of its data in a single database file called Main.sdf. This file is located, by default,under the standard Application Data directory (which is typically C:\Documents and Settings\UserName\Application Data\Brisworks\Admin Arsenal). It is known to the O/S under the variable name %APPDATA%.This directory will also contain a couple of other files which are used by Admin Arsenal.

Settings.iniStores configuration information for the console application, such as window positions, location & sorting ofcolumns in lists, and other brick a-brack. Errors.txtThis file will be present if there was ever a problem writing an error or warning to the Windows Event Log.The errors destined for the event log will be redirected here.Background.lock and Background.service.lockThese files help to synchronize access to the database file between the background service and theconsole. These files will be created and deleted as needed by the system.

Database Files on a ServerYou can have your database files on a server if your IT infrastructure moves the Application Data to a server oryou've moved the database files by setting the AADBPATH environment variable. There are some limitationsyou need to be aware of if this is the case.

Concepts 21


Admin Arsenal uses Microsoft SQL Server Compact Edition as its database engine. This database is limited toa single process when accessing files on a network share. As such, you won't be able to use the backgroundservice and the console at the same time when the files are on a server. You also won't be able to have morethan one instance of the console open simultaneously. You will get an error about a sharing violation if you tryto access the database file from more than one program.

3.6 Double-Hop Authentication

Passing credentials between Windows computers on a network can sometimes lead to a "double-hop"problem. This problem occurs when a user who is logged into one computer runs a program on anothercomputer. Since the second computer doesn't have access the the user's password (which was used to loginto the first computer) the second computer cannot authenticate to a third computer. This is the "second-hop"between the second and third computer. This will be an issue in Admin Arsenal when a remote command ordeployment requires access to the resources of a third computer, such as to retrieve files off of a server share.Since the user's credentials have already made the first hop from the Admin Arsenal console computer to theremote computer it's not possible to authenticate to the server.

There are two solutions to the double-hop problem. One solution is available in recent versions of ActiveDirectory and the other is available in Admin Arsenal version 1.3 and later.

DelegationThe first solution to the double-hop problem is delegation; a setting in Active Directory. When a computer istrusted for delegation it is trusted by other computers for authentication even if it doesn't hold the user's primarylogon. This setting is off by default, but can be turned on in "Active Directory User's and Computers." Thecomputer's account property sheet has a delegation tab. Upon enabling trust for delegation the computermust be rebooted and any user account wishing to use the delegation must be logged out and back in again.

Send PasswordStarting with version 1.3 of Admin Arsenal the user has the option of sending the password along with aremote command or deployment. This allows the user to be authenticated directly to the given computer,alleviating the double-hop problem. The password is encrypted during the transit from the console to the targetcomputer to prevent it being sniffed. To send a password simply check the "Send Password" box on the deployor remote command window. You will then be prompted for your password which will be sent. You will only be prompted for your password once during an Admin Arsenal session. Further remote commands ordeployments within the same session will not need to be prompted.

3.7 Heartbeat & Scanning

Certain information about computers is automatically scanned on a regular interval. The interval can bechanged using the Preferences Window. There are two types of data that get scanned.

HeartbeatStatus refresh includes online/offline (from an ICMP ping), IP address, and current user. By default, status isrefreshed every 300 seconds (5 minutes.)

Inventory ScanAll computer data except that from Active Directory and the Heartbeat is reloaded during an inventory scan. Bydefault, inventory is scanned every 24 hours. Inventory scans can take a few minutes depending upon theamount of inventory being collected. A computer with many shares can take considerable time to scan.

This information is read mainly from WMI and the registry.

Both types of information can be refreshed manually by using the Update Inventory and Update Status tool fromthe Main Window or the Computer Window.

http://www.microsoft.com/sql/editions/compact/default.mspx

Admin Arsenal22


See Also

Inventory

3.8 Inventory

Inventory is read remotely from each computer in your environment and stored locally in a database. This wayyou have access to this inventory data continuously even if the computer in question is down. This inventorycan be reported on as well as be used for creating dynamic collections. The following are the categories ofinventory which are taken:

Basic InventoryIncludes O/S information, computer manufacturer & model, Serial Number, and boot time.DisksMake, model, and size of all fixed disks, along with any partitions on those disks.Display DevicesInformation from the Plug and Play Extended Display Identification Data.EnvironmentName and value of all environment variables for all users.HardwareAll hardware devices, as shown by the hardware device manager.Local Users and GroupsAll users and groups on the computer. Groups report all members, even those members which are fromdifferent computers. Note that Active Directory servers won't show any local users, because all users aredomain and not local on these machines.Mac AddressMac address of the network adapters.Memory ModulesThe type and size of memory modules.Network Interface CardsInformation related to each Network Interface Card (NIC). Type, MAC Address, Manufacturer, WindowsConnection name and Status.PrintersInformation on printers from the managed computer's perspective. Which printers are defined. Device Id,Description, Driver, Port, Sharing and Location. This information is extracted via WMI.ServiceServices installed and their properties such as user account and start type.SharesAll file shares and their permissions.SoftwareAll installed software as shown in the Add/Remove software control panel.

Most of this inventory can be viewed by opening a computer from the main window.

See Also

Organize Your Computers | Heartbeat & Scanning | Computer

3.9 Trial Version

Admin Arsenal has a 30-day trial version which can be downloaded from the Admin Arsenal web site. Weencourage users to make full use of the software to ensure they are satisfied before making their purchase.The trial version is not limited in any way from the full, purchased version.

Once users are ready to purchase Admin Arsenal, they can do so from the Admin Arsenal web site.

http://www.brisworks.com/Trial.aspx

https://www.brisworks.com/Order/Default.aspx

Concepts 23


3.10 Monitors

Monitors are processes that run in the background watching for certain events about which to notify you. Theseevents can be services starting and stopping, processor utilization running too high, free disk space too low, ormany other things.

Monitors can be applied to one or more computers, either individually or through a group. Initially monitors arenot applied to any computers. After creating a monitor you will need to apply that monitor to the computers youwish to be watched, and you can turn off monitors from computers at any time. Monitors are only run whileAdmin Arsenal is running, stopping the application will stop all monitors until restart.

There are four types of monitors.

Event LogAn event log monitor watches for matching entries to appear in a computer's event log. This is useful forkeeping an eye on processes that may log errors or warnings. This monitor will periodically check the event logfor new entries, see if any entry matches the criteria you've defined, and will trigger a notification if any meet thecriteria. Note: if multiple entries match the criteria within a single sample period, only the first entry(chronologically) will trigger a notification.

HeartbeatThis monitor watches for the heartbeat (online/offline) status of a computer to change. The heartbeat servicemust be running for this monitor to work properly.

Performance CountersWindows systems include a wealth of information provided as performance counters. These monitors watchfor the value of a performance counter to exceed a threshold, triggering when the threshold is exceeded acertain number of times in a row. Once a monitor is triggered, it won't trigger again until after the performancecounter drops below the threshold. Thresholds can be defined as either above or below, indicating what typeof counter movement triggers the monitor.

ProcessesProcess monitors watch for processes to be started and stopped.

Services

Service monitors watch for services to be started and stopped.

When monitors are triggered, Admin Arsenal will take one or more Actions.

3.11 New Remote Service Method

Admin Arsenal now includes an optional method for remote commands and software deployments that can beused to overcome some problems encountered with the existing remote command method.

The current method uses WMI to execute programs on remote computers. However, this method can haveissues, particularly with UAC (see below.) This new method is rebuilt from the ground up, and is therefore anoption which can be turned on in the Preferences window.

Some notes on the difference with the new method are below.

Logon as a Service

Admin Arsenal24


When using "Send Password" the user's account will need to be given the "Logon as a Service" privilege if theuser doesn't already have it(or is not a member of a group that does.) This will be handled automatically andAdmin Arsenal as needed.

CMD.EXEThe current WMI based method executes all programs with the cmd.exe program built into Windows. The newservice based method does not, and this requires a change when running certain commands. Runningcommands such as "dir" or deploying batch files now require adding "cmd /c" before the command. Forexample, "cmd /c dir c:\"

UACUser Account Control, or UAC, can cause problems with software deployments and remote commands whenusing WMI. Windows will prompt the user to confirm the installation or command, but since the prompt occursin the background there is no way to accept the prompt. This can manifest in a number of ways, such asdeployments that appear to succeed (but do not install anything) or strange error codes like 1, 6, or 740. Thenew service method authenticates differently and doesn't require the elevation prompt.

3.12 Software Deployment

Admin Arsenal can deploy software remotely on one or more computers. This deployment typically occurs inthe background with no intervention from a user on the computer. In order for the deployment to occur silently, itmust have an installer which supports silent or unattended installations. If the installation is made forMicrosoft Installer and packaged as an MSI file, it should support the silent install. The same mechanism canbe used to repair or uninstall software, provided the installer is built for this.

Remote deployments are accomplished by copying the deployment files to the target computer, and executingeither the installer itself (for .EXE files) or MSIEXEC.EXE (for .MSI files). You will want to test the installation toensure you have the proper command line arguments before attempting to deploy remotely. Otherwise youmay have to kill the installation process on the computer before you can try again.

To start a remote deploy right-click on the computer or group you wish to deploy to and click Tools > Deploy. This will open the Deploy dialog which will let you pick the properties of the deployment and enter anycommand line arguments. Additionally, simply drag the .EXE or .MSI file from Windows Explorer to thecomputer or group in question.

See Also

Software Deployment | Processes | Remote Services

3.12.1 Silent Installs

In order to install software remotely, it is critical to understand the concept of a silent, or unattended,installation.

A silent installation is one which installs software without requiring any intervention from a user on thecomputer's console. If an installation asks for information from a user, such as an installation directory or toread a license agreement, then the software cannot be installed remotely. This is because the user interfacewhich is waiting for a button to be clicked is not visible when run remotely, so a user won't be able to do whatthe installation is asking, even if they knew it was there. The result is an installation that appears to "hang" andnever return.

Many application installers support an option known as silent, or unattended. This option will install thesoftware either with a default set of properties (such as file locations) or with options provided on a commandline. The vast majority of application installers that use MSI, MSU, or MSP support a silent option (in fact, the

http://en.wikipedia.org/wiki/User_Account_Control

Concepts 25


installation developer would need to go out of their way to break the silence, as it were).

EXE installations, however, are a mixed bag. Some support the silent option, while others don't. And even forthose that do, it's sometimes difficult to determine how to enable it.

Finding the Silent OptionsThere are a number of resources that can be tried when trying to find the silent option for an installer.

1. Product documentation. Quite often, vendors who have a silent option will list the option in theirdocumentation, usually along with other command line options to configure the installation.

2. Web searches. It's likely that other people have been looking for the silent option online. Searching for"acrobat install silent" for example yields a number of hits.

3. Ask the installer. Many installers have an option which can give you some usage information. Try using /? or /h.

4. Trial and error. There are a number of silent options which are used repeatedly. Options which we've seeninclude /s /q /qn -silent /p:silent -option "silent"

If all else fails, you can visit our forums for some more assistance, we get this question quite a bit and may beable to point you in the right direction.

Test It OutIt's important that you test out the silent install before you deploy the installer remotely, otherwise you may endup waiting for quite a while before you realize you're missing something. Simply run the installer on yourcomputer with the proper options and make sure it completes without prompting for anything. It's okay if theinstaller shows an interface, such as a progress bar, as long as it never stops and waits for you to do anything.

More InformationFor more information on software deployment issues, please download our white paper, Unplugging theSneakernet: Remote Software Deployment for Windows.

3.13 Performance Counters

Windows systems provide a wealth of information in the form of Performance Counters. Many Windowscomponents and third party applications provide data as counters. These counters are provided as numbersrepresenting things such as percentage free disk space, counts of connections, and number of open files. Thenumber associated with a counter is updated continuously as the responsible component or application runs.Performance Counters are used by Admin Arsenal in two ways.

Performance Counter MonitorCounters can be monitored and trigger a notification when they exceed a threshold.

Performance Counter ChartingProvides for viewing of performance counters in real-time as a chart. When used for charting, Admin Arsenalorganizes counters into Performance Counter Sets, each containing up to 32 performance counters.Counter sets make it easy to apply commonly used counters to different computers quickly.

There are literally hundreds of counters provided by Windows components alone, not including those providedby third party applications. Browsing through these counters can be cumbersome, so Admin Arsenal providesdifferent ways to select counters.

http://forums.adminarsenal.com

http://brisworks.com/WhitePapers/Unplugging_The_Sneakernet.aspx

http://brisworks.com/WhitePapers/Unplugging_The_Sneakernet.aspx

Admin Arsenal26


3.14 Remote Control

Admin Arsenal provides access to a number of remote control tools. These tools are not a part of AdminArsenal, but are accessed directly through the Tools menu.

Remote DesktopWindows provides remote desktop as a way to remotely access the Windows console. This tool must beenabled on each computer using the Computer Properties dialog. Users sitting at the computer's console willnot see any activity performed through remote desktop, so it may not be the best choice for conducting helpdesk tasks. The size of the remote desktop window can be set using the Preferences window.

Remote AssistWindows has a remote assist feature allowing an administrator to remotely control the user's session. Theuser at the console will be able to see what the administrator is doing, however starting remote assist requiressomeone sitting at the console to acknowledge and authorize the access. Remote assist needs to be enabledon each computer.

VNCVNC is a free remote desktop package available from a number of sources. It is not included with AdminArsenal (we recommend RealVNC or TightVNC but most viewers should work). It allows remote control ofcomputers similar to remote assist and remote desktop with some additional features. VNC is software whichneeds to be installed on both the console computer and the computer being remote controlled. Admin Arsenalwill initiate a remote control session using the vncviewer.exe application installed as part of the VNC package.You can configure VNC settings in the Preferences Window.

3.15 Remote Processes

For Remote Commands and Software Deployment Admin Arsenal needs to run an executable on one of yourmanaged computers. This is accomplished by copying some files to the remote computer and executing them.

ADMIN$The files are placed into a directory on the ADMIN$ administrative share with a name like AARemote_###(where ### is a series of unique numbers and letters). Within this directory is a subdirectory called execwhich contains any files for the particular task, such as the MSI installer files. When the remote command isexecuted, this exec directory is used as the current directory.

CMD.EXEThe remote commands are executed as a child process of cmd.exe. This allows the full functionality of cmd.exe commands (such as dir, copy, ren, etc) to be used.

CleanupThe directory should only exist as long as is necessary to perform whatever task is required, but it may stickaround if something goes wrong, such as a network interruption or power failure. Admin Arsenal tries to cleanup any files hanging around after errors. These directories can be cleaned up if needed by simply deletingthem.

EncryptionThe command line being run is encrypted before being copied to the remote computer. This will prevent thenetwork being sniffed and any sensitive information being read. If the user's password is being sent then it,too, is encrypted across the wire.

Note: Admin Arsenal now includes a New Remote Service Method that is currently in beta but can be used insituations where this method doesn't work properly (such as with UAC.)

http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx

http://support.microsoft.com/kb/305608

http://www.realvnc.com

http://www.realvnc.com

http://www.tightvnc.com

Concepts 27


3.16 Reports

Admin Arsenal provides a wide range of predefined reports. Reports can be run either against the entiredatabase of computers, or only against a subset.

To run a report against a subset of computers, right-click on the computer group (a collection or a selected setof computers in the Main Window), and click on the report to run.

Reports can now be altered or new new reports can be created, see the Report Window for more information.

To make more customized reports, Admin Arsenal includes Access Report Templates which are reports in aMicrosoft Access database for easy modification.

See Also

Report

3.17 Scan Errors

Concepts

Scan Errors

The following are some of the more common errors you may see from a scan: Failed to open hardware database, remote registry service may not be running

Verify that the Remote Registry and Plug and Play services are running.

If the target system is Windows Vista or Windows 2008 and later then also verify that the Policy "Allowremote access to the PnP interface" is Enabled. This Policy is found in your Policy Editor under"Computer Configuration \ Administrative Templates \ System \ Device Installation".

Computer not found in DNS

If you see this error it is because the computer name (as provided by Active Directory) cannot be resolvedby DNS. Verify that this machine has a correct entry in DNS. A simple way to verify for yourself that acomputer record exists (or doesn't exist) in DNS is to run NSLOOKUP.

Requested registry access is not allowed...

Admin Arsenal28


If you see this error you need to set the appropriate permissions to allow you to traverse the listed RegistryKey. The error is usually followed by the name and path of the key that Admin Arsenal was unable toaccess.

WMI Access Denied

First and foremost, make certain that the account being used has Administrative permissions (i.e. Accountis a member of the local Administrators group)

This error can be caused by inappropriate DCOM security settings. Please refer to DCOMACLS utility tocorrect.

Generic Failure

Please submit a question to our forums.

3.18 Tools

There are a number of tools that can be used to manage computers in your environment. Some commandscan only be executed on a single computer, some can be executed on groups, such as a collections. Selectthe computer or group and pick the desired tool from the Tools menu.

Remote DesktopRuns the Windows remote desktop tool on the selected computer. You can change the size of the openedwindow in Preferences. Remote desktop must be enabled on the target computer.

Remote AssistRuns the Windows remote assist tool on the selected computer. This tool can only be used if a user is currentlogged into the computer, otherwise you will need to use Remote Desktop. Remote assist must be enabled onthe target computer.

VNCInitiates a VNC remote control session on the target computer. VNC must be installed on both the console andtarget computers for VNC to work.

RebootReboots one or more computers. Selecting the Reboot tool opens the Reboot window allowing you tocustomize the task.

WakeIssues a Wake-On-LAN to one or more computers. The computers must have Wake-On-LAN enabled (typicallyin the BIOS settings). By default, Wake can only work on the local subnet. To use Wake in a routedenvironment, your routers will need to be configured to broadcast Wake packets.

Remote CommandRuns a command-line program on one or more computers. Selecting the Run Command tool opens eitherthe Remote Command or Remote Command Options window (depending on how many computers areselected), which will let you enter the command-line to execute.

Deploy SoftwareDeploys an application on one or more computers. Deployments can be either an executable (.exe) file or aMicrosoft Installer (.msi) file. Selecting the Deploy tool opens the Deploy window letting you select thedeployment file and options.


http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx



http://en.wikipedia.org/wiki/Wake-on-LAN

Concepts 29


Scan InventoryScan the inventory on the selected computers. Typically, a computer's inventory is automatically updated on aregular interval, and this tool will do an immediate update.

HeartbeatRefresh the heartbeat of the selected computers, including online status, current user, and IP address.Typically, a computer's status is automatically updated on a regular interval, and this tool will do an immediateupdate.

Connectivity TestingPerform several tests to verify that the computers are properly configured to allow the remote access neededby Admin Arsenal.

ManageOpens the Windows MMC management tool. This is the same tool that is opened when you right click on "MyComputer" and select the Manage menu item.

Event ViewerOpens the Windows Event Viewer on the target computer.

3.19 Troubleshooting Connection Issues

In order for Admin Arsenal to properly work with the computers in your network, it needs to be able tocommunicate with them. There are a number of technologies that need to be in place for this communicationto work properly:

1. DNSEach computer must be registered in DNS under their "fully qualified domain name" (e.g. computer1.yourcompany.local.)

2. ICMP EchoCommonly known as Ping, this is how Admin Arsenal determines if computers are online. Firewall rulesquite often block this communication.

3. ADMIN$ ShareEach Windows computer has, a hidden shared folder called ADMIN$ which allows access foradministrators to the system directory remotely. Firewall rules quite often block file sharing.

4. Remote RegistryRemote registry allows for keys to be read from other computers. Recent versions of Windows have theRemote Registry service disabled by default.

5. WMIWMI is a collection of technologies that allow for access to a variety of management information, and is theprimary source of information for Admin Arsenal.

Common ProblemsSome of the most common problems encountered include:

1. Firewalls. Without the proper firewall rules in place no remote management tool will work correctly.2. DNS. Stale records and different addresses for long names & short names are common problems.3. DCOM Permissions. WMI uses DCOM to communicate remotely and it can be fragile. WMI Access Denied is

one of the most common WMI errors.

If you encounter a problem communicating with a computer (its inventory won't update or a software

http://community.adminarsenal.com/index.php?topic=34.0

Admin Arsenal30


deployment fails) the first thing to try is the Testing pane on the Computer Window. Most of the time, theproblem will be highlighted there.

3.20 Wildcards

There are places in Admin Arsenal where you can use a wildcard. Wildcards are used to match patterns of text.There are two wildcard characters that can be used.

*This character matches zero or more characters. For example, the pattern admin* will match admin arsenal,administrator, and admin, but it will not match addmin.

?This character matches exactly one character. For example, the pattern admin? will match admins but notadmin nor administrator.

These wildcards work the same as they do on a command-line, such as "dir *.exe".

4 Reference

This section is a reference for all of the windows in Admin Arsenal. The more important windows are:

Main WindowThe main console into your environment. All other tools are accessible from here.ComputerProvides a wealth of information for an individual computer. Allows you to perform a number of actions oncomputers.CollectionEdit a dynamic collection. Gives you the power to organize your computers in the best way for your use.Performance Counter ChartingKeep an eye on your computers using Windows built in performance counters.MonitorsKeep a tab on your computers.DeployDeploy software remotely.Remote CommandRun command-line programs on computers remotely.

And so much more...

4.1 Windows

This section contains detailed information on every window in the Admin Arsenal interface.

4.1.1 Browse Active Directory

This window allows you to browse to an Active Directory container.

You will see a tree of containers, with the top level being the root of your Active Directory domain. Admin Arsenalwill use the currently authenticated user to access the domain to which the computer belongs. If the domaincontroller cannot be reached, or you are logged in as a user with insufficient rights, you will receive an error.

To select a container, simply click on it in the tree and press the OK button.

Reference 31


To switch to a different domain in your Active Directory forest, click on the "Other Domain..." button.

See Also

Preferences

4.1.2 Collection

Allows you to edit a dynamic collection.

Each dynamic collection is made up of a name and criteria.

Collection NameEnter or change the name of the collection here. Collection names must be unique, and you will receive anerror if you try to create a collection with a name that already exists.

MatchDetermines how criteria are to be evaluated. All means that a computer must have each and every criteria matched in order to be included in the collection. Any means that a computer must only have one of the criteria selected.Not All means that a computer is only included if it matches none of the criteria.Not Any means that a computer is included if it doesn't match one or more criteria.

CriteriaEach criterion that make up a collection are stacked one per row. When you create a new collection, there willonly be one. To create new criteria, click on the add button. To remove one, click on the remove button next tothe row to delete.

Criteria TypesEach field, available in the list on the left, has a data type which determine the types of comparisons that canbe used.

Data Type Comparison NotesText Contains

Does not ContainEqualsDoes not EqualStarts WithEnds WithMatches Use wildcards * and ?, like would be used to match

file names on the command-line.Does not MatchDate/Time Equals

Does not EqualBeforeAfterBetween The given range is inclusive.Not BetweenIn the LastNot in the Last

Number EqualsDoes not EqualGreater ThanLess ThanBetween The given range is inclusive.Not Between

Yes/No Yes

Admin Arsenal32


NoCollection Member Of Collections cannot be recursive, you cannot have

collection use itself as a criterion either directly orindirectly.

Not Member Of

SQL Allows for a custom SQL filter (see below)

Custom SQLWhen using the custom SQL field type enter what you would use for the WHERE clause of an SQL statement.For example entering "name = 'computer1'" is processed as "select * from Computer C where name ='computer1'".

All of the tables and fields that are available are listed in the SQL portion of the Report window. You can createa test report looking for the computers you want and then copy & paste the WHERE clause into the collectionfield.

To get assistance with writing SQL for your collections please post a question on our Forums and we'll giveyou the SQL you need.

4.1.3 Computer

The Computer Window provides access to information and tools for a single computer. It is available frommost everywhere a computer is listed, typically by double-clicking on the computer.

The window is broken down into a number of panes. Click the button for the desired pane on the left of thewindow to access it. Not all menu items are available for every pane.

View Performance Counter SetUse the View > View Counter on Computer menu to start Performance Counter Charting for this computer.

ToolsUse the Tools menu to access the Tools for this computer.

DCOM SecurityThere are two menu items under the Computer menu which can be used to help with WMI security problems.

Grant Me DCOM RightsIf you received a WMI Access Denied error, it is most likely caused by improper DCOM rights. Use this menuitem to give your current user account DCOM rights for WMI. This creates the proper ACLs to grant only youruser account access to DCOM. It's best used for testing purposes, since you will probably want to gain DCOMaccess through a group. If you are a member of a group which has been directly denied access, then this won'twork since the deny ACL takes precedence over an allow ACL.

Clear My DCOM RightsUse this menu item to remove the rights assigned above. It's useful when you were only testing your rightsabove and you want to clean up the ACLs.

Available PanesProperties

General information about the computer.Testing

Test connectivity with the computer.Environment

Environment variables.


Reference 33


DisksInformation on disk drives.

DisplaysInformation on attached displays (monitors)

SharesShared directories.

Printers Printers connected to the computer

NICsNetwork Interface Cards (NICs) connected to computer

GroupsLocal user groups.

UsersLocal users.

ProcessesRunning processes.

ServicesInstalled services.

HardwareInstalled devices.

SoftwareInstalled software.

MonitorsView and change Monitors enabled on the computer.

See Also

Inventory

4.1.3.1 Testing

This pane is used to test connectivity with the computer to ensure that it can be managed by Admin Arsenal.Several tests are performed and you will see an error message if the test fails. Click the More Info link to getdetail on any failed test, including common solutions.

The following tests are performed (in this order)

DNS Lookup Checks that the name of the computer is in DNS.

Ping Tests that the computer responds to an ICMPping.

Admin Share Connects to the ADMIN$ share on the computerto ensure that it is available.

Remote Registry Verifies connectivity with the registry on theremote computer.

WMI Ensures that WMI can be accessed remotely.

4.1.3.1.1 Admin Share

This test verifies that the ADMIN$ share exists and you have rights to it. This is a hidden share that exists bydefault on Windows computers. It normally points to the System32 directory and is locked down to onlyAdministrators. It is necessary for Remote Command and Deploy to work properly, as they both require files tobe copied to the target computer.

Admin Arsenal34


To test the ADMIN$ share, Admin Arsenal first enumerates the directory (gets a list of file names, the same asthe dir command), creates a temporary directory, and then deletes it. This should give a fairly good indicationthat the the computer has a properly set up ADMIN$ share.

Common Errors

Computer name not found in DNS.The computer is not registered in DNS and is therefore unreachable.

The network path was not found.The computer cannot be contacted. Most commonly the computer is offline, has a firewall blocking access, orthe server service is turned off.

Windows cannot find the network path. Verify that the network path is correct and the destinationcomputer is not busy or turned off. If Windows still cannot find the network path, contact your networkadministrator.This error is similar to the one above, and can be caused by the same conditions.

Logon failure: unknown user name or bad password.The ADMIN$ share is available but you don't have rights to access. This can be caused by the computer notbeing a member of the domain or its trust relationship being broken with Active Directory.

See Also

Testing

4.1.3.1.2 DNS Lookup

This test verifies that the computer name is registered with DNS. Without DNS it is not possible to locate thecomputer on the network.

Common Errors


See Also

Testing

4.1.3.1.3 Ping

This test sends an ICMP ping to the target computer. The test will succeed if the computer returns the ping.

Common Errors


Ping did not respond.The ping was sent to the computer, but it didn't respond. This will happen if the computer is offline or if there isa firewall blocking ICMP echo requests.

Configuring ICMP Settings

http://technet2.microsoft.com/WindowsServer/en/library/3181ab4c-d851-495e-99a6-332bb7fb26ec1033.mspx?mfr=true

Reference 35


See Also

Testing

4.1.3.1.4 Remote Registry

This test verifies that the registry can be read remotely. This is needed by a number of tasks includinginventory, performance counters, remote command, deploy, and others.

Similar to the ADMIN$ share test, the registry is opened remotely, some information is read, a temporaryregistry key is created and then deleted.

Common Errors


The network path was not found.The computer cannot be contacted. Most commonly the computer is offline, has a firewall blocking access.

Windows cannot find the network path. Verify that the network path is correct and the destinationcomputer is not busy or turned off. If Windows still cannot find the network path, contact your networkadministrator.This error is similar to the one above, and can be caused by the same conditions.

The interface is unknown.This error is most often caused by the remote registry service being turned off.

Attempted to perform an unauthorized operation.The registry is available but you don't have rights to access. This can be caused by the computer not being amember of the domain or its trust relationship being broken with Active Directory.

See Also

Testing

4.1.3.1.5 WMI

This is one of the most critical tests, and one of the most common to have problems. WMI is Microsoft'sWindows Management Instrumentation and it provides access to a great deal of information and tools tomanage computers remotely. It is critical to almost every operation of Admin Arsenal and must be workingproperly for Admin Arsenal to function.

Common Errors


Computer UnreachableThe computers is either offline or the WMI service cannot be reached. WMI uses DCOM which in turn usesRPC and they must all be working properly for WMI to be available. Microsoft has some detailed documentswhich should help you with many problems accessing WMI remotely.

http://support.microsoft.com/kb/875605http://msdn2.microsoft.com/en-us/library/aa822854.aspx


http://msdn2.microsoft.com/en-us/library/aa822854.aspx

Admin Arsenal36


WMI Access DeniedThis is a common problem because WMI uses DCOM which has its own set of security separate from file andregistry access. It is not uncommon for 3rd-party programs to mess with the DCOM security settings. Microsofthas some documentation dealing with WMI security.

http://www.microsoft.com/technet/scriptcenter/guide/sas_wmi_prxd.mspx?mfr=truehttp://msdn2.microsoft.com/en-us/library/aa393266.aspxhttp://www.microsoft.com/technet/solutionaccelerators/hardwareassessment/wv/e9840206-8b3c-43ce-8416-9e5b49dc2d77.mspx

The Computer window has a menu item to directly grant yourself DCOM rights needed by WMI.

See Also

Testing

4.1.3.2 Environment

View all of the environment variables on the computer. Environment variables are broken out by user. Click ona single entry to see the full value in the box at the bottom.

Columns

Name The name of the variable.

User The user that owns the variable. Variables listedfor user <SYSTEM> exist for all users.

Value The value of the variable.

See Also

Inventory

4.1.3.3 Disks

Shows information about installed disk drives on the computer. Along with each disk, you can see anypartitions that exist on the disk.

Each disk is listed by its model name, with the following pieces of data.

Device The name of the device as it's known toWindows.

Model The model name as defined by themanufacturer.

Manufacturer The maker of the disk, if available.

Interface Type of disk connection.

Media What type of media the disk uses.

Size Total size of the disk drive.

Partitions Any partitions on the disk will be shown with itsfile system, size, and free space.

See Also

Inventory

http://www.microsoft.com/technet/scriptcenter/guide/sas_wmi_prxd.mspx?mfr=true

http://msdn2.microsoft.com/en-us/library/aa393266.aspx

http://www.microsoft.com/technet/solutionaccelerators/hardwareassessment/wv/e9840206-8b3c-43ce-8416-9e5b49dc2d77.mspx#EQD

http://www.microsoft.com/technet/solutionaccelerators/hardwareassessment/wv/e9840206-8b3c-43ce-8416-9e5b49dc2d77.mspx#EQD

Reference 37


4.1.3.4 Displays

Shows information about displays attached to the computer.

Each display is listed by its description, with the following pieces of data.

Device The name of the device as it's known toWindows.

Model The model name as defined by themanufacturer.

Manufacturer The maker of the display, if available.

Manufacturer ID The ID of the manufacturer as assigned byVESA.

Model ID The unique numeric ID of the model.

Build Date The date the display was manufactured.

Serial Number The display's serial number (if available.)

Instance ID The ID of the display as known to Windows.

See Also

Inventory

4.1.3.5 Shares

View all of the shares and their permissions on this computer. Click on a share to see its permissions at thebottom of the pane.

Share Columns

Share Name The public name of the share.

Path Which folder is shared.

Description User defined description.

Permission Columns

User The user for whom permissions have been set.

Read, Write, Full Each right will be marked with either a greencheck (allowed), a red X (denied), or blank (notassigned).

See Also

Inventory

4.1.3.6 Printers

Shows information about Printers attached to or defined for the computer.

Each printer is listed by its name, with the following pieces of data.

Default If this printer is the default printer for the system.

Device ID The name or ID that WMI reports for thiscomputer.

Comment Value of the Comments field in the PrinterProperties (defined in Windows Control Panel).

Driver Name of the Printer driver used by Windows.

Admin Arsenal38


Port Name of Port used. This is defined when thePrinter is connected to Windows.

Sharing The Share type of the printer.

Location Value of the Location field in the PrinterProperties (defined in Windows Control Panel).

See Also

Inventory

4.1.3.7 NICs

Shows information about Network Interface Cards (NICs) attached to the computer.

Each NIC is listed by its name, with the following pieces of data.

Device ID The Device ID is the ID of the Device as defined in Windows Management Instrumentation(WMI).

Type Type of NIC (e.g. Ethernet 802.3)MAC Address The Media Access Control address of the NIC.Manufacturer Name of Manufacturer of NIC (e.g. Broadcom).Connection Type of Connection (i.e. Wireless or Local Area)Status Status of NIC (e.g. Disconnected, Connected, etc).

See Also

Inventory

4.1.3.8 Groups

Shows all local groups on the computer. Click on a group to view the users that are members of the group. The members list includes non-local users.

Columns

Name The name of the group.

Description The description of the group.

SID The security identifier of the group. Right-clickand select columns to unhide this column.

See Also

Inventory

4.1.3.9 Users

Shows all local users on the computer. Click on a user to view the local groups to which the user belongs.

Columns

Name The name of the user.

Description The description of the user.

SID The security identifier of the user. Right-clickand select columns to unhide this column.

See Also

Inventory

Reference 39


4.1.3.10 Processes

View and manipulate running process on this computer. The processes can be viewed as a flat list (thedefault) or as a tree, using the parent/child relationship of the processes.

Menu Commands

Update Speed The speed at which the list is automaticallyrefreshed. You can refresh the list at any time bypressing F5 or the refresh button.

Columns Show/Hide columns. Many of the columns arehidden by default.

View as Tree Toggles the viewing of the processes as a treeor flat list.

Change Priority Change the priority of the selected process.

Kill Kills the selected process. Processes are killedimmediately, with no opportunity so save anywork or close open files.

Columns

Image Name The name of the process, typically the name ofthe executable.

PID The Process Identifier.

CPU Percentage of CPU usage.

CPU Time Total amount of CPU time used by the process.

Memory Amount of memory used by the process.

Peak Memory The high-water mark of memory usage since theprocess started.

Page Faults Virtual memory page faults.

User Name Name of the owner of the process.

Base Priority Priority of the process. Higher priorities get moreCPU time to run.

Handle Count Number of system handles allocated by theprocess.

Thread Count Number of threads running in the process.

4.1.3.11 Services

View installed services on this computer. The State column only contains data if the computer can becontacted and the state of the services read. All other information is taken from the local database, and is onlyas current as the last inventory scan.

Menu Commands

Start, Stop, Pause, Restart Performs the action on the service. Not allservices can be paused.

Columns Show/Hide columns. Some of the columns arehidden by default.

Columns

Title The display name of the service.

Name The name of the service, used on the command-

Admin Arsenal40


line when starting and stopping services with"net stop servicename".

State The current state of the service.

Start How the service reacts when the computerstarts. Can be Auto (starts when the computerdoes), Manual (can be started later, or byanother service), and Disabled (cannot bestarted).

Account The user account the service runs under.

Description Detailed description of the service.

Path The path of the executable that runs.

See Also

Inventory | Heartbeat & Scanning

4.1.3.12 Software

View all of the installed software on the computer. This list is populated from the Add/Remove Programscontrol panel. Software can be installed for only single users, and this list combines the list for all users, whichmeans it may contain more items than you can see when you run the Add/Remove Programs control panel onthe computer.

Columns

Name Application's name.

Version The application's version.

Publisher The manufacturer of the application (can beblank).

See Also

Inventory

4.1.3.13 Monitors

View Monitors installed on the computer. All monitors that have a check next to them are running for thiscomputer. You can change the running monitors by checking or unchecking the boxes. You can also add andedit monitors by using the menu.

Right-click on a monitor to view is Log.

See Also

Monitors | Monitors Window

4.1.3.14 Hardware

Shows all installed hardware devices. This list mirrors that provided by the Device Manager in Windows.

See Also

Inventory

4.1.4 Computers Window

The computers window displays the contents of any computer container. The information and tools duplicatethose available from the Main Window. One additional feature of the computers window is the ability toautomatically refresh the window once every 10 seconds. This option is useful for watching the changes in adynamic collection such as during an inventory scan. You can open multiple views on the same container oropen different containers for visual comparison.

Reference 41


To open the computer window, double click on a container in the Main Window tree or use the Open menu itemin the Container or context menu.

Note: The auto refresh setting does not persist between windows.

4.1.5 Deploy

Allows you to deploy applications on one or more remote computers. You will need either a Microsoft Installerfile (.msi) or an an installer packaged as an executable (.exe). Installers that provide the option of runningquietly (that is, don't provide a user interface or prompt the user for information) are best for remote installs.

Past DeploymentsClick the Past Deployments button to view a list of all deployments that have been run in the past, so you don'tneed to re-enter all data for a previous deployment.

Deployment FileThe file for the installer. It will be copied to the remote computer and executed with any command-line optionsyou provide. If you select an MSI file, you will be allowed to selection additional options.

Include Entire DirectoryCopies all of the files in the same directory of the deployment file to the target computer during install. Use thiswhen the file has dependencies. This copies not only all files, but also all subdirectories, so ensure that youonly copy the files you need.

Include DependenciesCopies all of the dependent files to the target computer before the deployment is started. If one of thedependent file names is the same as one of the deployment files, it will be overwritten with the deployment file.

Send PasswordCheck to send your password to the target computer. The password is encrypted and sent for the remoteprocess to log in locally as a way to avoid the double-hop problem.

OperationThe type of install to run, the options are Install, Repair, and Uninstall.

QuietAdds the /q parameter to the MSI command-line to run quietly.

RestartOptions to handle restarts after the deployment. Options are No Restart, Prompt User, Force Restart.

Other OptionsAny other command-line options to use. To refer to the name of the file on the command line, enter {file}. Thiswill be replaced with the actual name of the file after it is copied to the remote system.

Command LineThe command-line options to use when the program is run. To refer to the name of the file on the commandline, enter {file}. This will be replaced with the actual name of the file after it is copied to the remote system. ForMSI files, this command line is read-only, use the Other Options above.

4.1.6 Initialize Wizard

The initialization wizard is available the first time a new installation is run. It allows the user to specifyinformation to get Admin Arsenal up and running.

All of the settings in the wizard can be changed in the Preferences window available from the Admin Arsenal

Admin Arsenal42


menu on the main window.

WelcomeThis first step shows a welcome and gives information about how to use the Initialize Wizard.

Active DirectoryAllows the user to select the Active Directory container to manage.

E-MailE-Mail is used by monitors which have an E-Mail Action. Admin Arsenal needs to know which e-mail server touse and which e-mail address to send notifications from.

Background ServiceStarting with Admin Arsenal 1.3 background processes can be run using a Windows Service. This will allowthe processes to run uninterrupted even when the Admin Arsenal console is closed.

Test ComputersThe final step of the Initialize Wizard performs connectivity tests on each of the computers which were importedfrom Active Directory. These tests find problems (or potential problems) with connectivity to the computerswhich may prevent Admin Arsenal from managing them properly.

4.1.6.1 Background Service Step

Part of the Initialize Wizard, this step allows for the installation of the Background Service.

The Background Service needs to run under an account which has enough access to all managed computersto run Inventory, Heartbeat, Monitors, and Active Directory Synchronization. Typically this is the sameadministrator account used to run Admin Arsenal, but it can be a special account setup for the privilege. Youcan create a special service account with a long password that doesn't expire if you wish to not have to changethe service password when your administrator password expires.

If you don't check the "install background service" box, then you can install the service later using the Preferences window.

4.1.6.2 Active Directory Step

Part of the Initialize Wizard, this step allows the user to select the Active Directory container to manage.

This is the only step in the wizard which is required to continue. Simply select on the container you wish to useand click Next.

4.1.6.3 E-Mail Step

Part of the Initialize Wizard, this step allows the setting of mail information for use by Monitors.

Enter the server name (or address) to use for outbound e-mail and the address from which e-mails will besent. You can click on the "Send Test Mail" button to verify your settings. This will send an e-mail from theentered address to itself.

4.1.6.4 Test Computers Step

Part of the Initialize Wizard, this step performs Testing on each of the managed computers to detectconfiguration problems with may prevent Admin Arsenal from running correctly.

Failing the ping test may simply mean that the computer is offline, and isn't necessarily a concern. However, if

Reference 43


a machine fails the ping and is online, is usually means that there is a firewall blocking ICMP requests.

This window only shows the number of computers which failed each test. To get detailed information about thetests, check the "Show detail when wizard closes" box and click "Finish."

4.1.7 Main Window

The main window is your central access to managing your computers with Admin Arsenal. There are a numberof tasks you can perform from here.

Open Individual ComputersDouble-click on a computer in the right side of the window to view the properties of the computer.

Open Computers WindowDouble-click on a container in the tree to open the computer list in a separate window.

View Collections and Active Directory ContainersClick on the name of a collection or container on the left side of the window to view the computers that belongto the group.

Add Computers to Static CollectionsTo add a computer to a static collection, drag it to the collection.

Manage CollectionsYou can add, delete, and rename collections. To rename a collection, click on its name and hit F2 or right-clickon the collection and pick Rename. Double-click on a dynamic collection to edit its criteria.

Synchronize with Active DirectoryActive Directory Synchronization happens on a regular interval, but you can force the synchronizationimmediately by using the menu.

Change PreferencesUsing the menu you can change the global preferences of Admin Arsenal.

Access ToolsUse the Tools to perform operations on groups of computers.

Run ReportsUse the Reports menu on the top or the Reports menu on the right-click popups to view reports.

Export CollectionsUse the Export Collection or Export Multiple Collections menu under the File menu (also available when youright click on the container list on the left). This exports the definition of the collection(s) to an XML file which canbe imported back into Admin Arsenal. Useful for sharing collections between Admin Arsenal users.

Import CollectionsUse the Import Collections menu item under the file menu (also available when you right click on the containerlist on the left). This will allow you to select a file that was exported by Admin Arsenal and import its collections.Alternately, you can drag an exported file from Windows Explorer and drop it on the container list.

4.1.8 Monitors

Manage Monitors. In the top of the window you will see a list of all monitors and how many computers they aremonitoring. Click on a monitor to see the computers and groups that are monitored below. You can drag

Admin Arsenal44


computers or containers from the Main Window to start monitoring them, or drag the monitor onto a computeror group in the Main Window.

Enabling/DisablingMonitors can be enabled and disabled by right-clicking on them and selecting the Enabled menu. Disabledmonitors appear with a small red X in their icon.

4.1.8.1 Performance Counters

Edit the properties of a Performance Counter Monitor.

Monitor NameThe name of the monitor. Names must be unique.

CategoryThe category name of the counter to be monitored. To select a counter, click on the ... button.

CounterThe name of the counter to be monitored. To select a counter, click on the ... button.

InstanceThe instance name for the counter (optional). To select a counter, click on the ... button.

Sample RateHow often to read the counter for its value.

ThresholdThe number the counter must be Above or Below to trigger the monitor.

SamplesThe number of samples that must be Above or Below the threshold in order to trigger the monitor.

ActionsActions to take when the monitor is triggered.

4.1.8.2 Event Log

Edit the properties of an Event Log Monitor.


Sample RateHow often to read the event log looking for matching events.

Log NameThe name of the Log to watch. All computers have logs for Application, Security, and System. However,applications can create new logs. If the monitored computer doesn't have a log with this name, then themonitor will never trigger.

Event TypeCheck one or more event types to monitor for. Only events of the checked type(s) will be tested.

SourceSource application name of the event. Use Wildcards to match a pattern. If left blank, all sources will match.

Reference 45


CategoryEnter a number to match an event category. If left blank, all categories will match.

Event IDEnter a number to match an event ID. If left blank, all event IDs will match.

UserEnter a user name to match. Use Wildcards to match a pattern. If left blank, all users will match.

ComputerEnter a computer name to match. Use Wildcards to match a pattern. If left blank, all computers will match.

DescriptionEnter a description name to match. Use Wildcards to match a pattern. If left blank, all descriptions will match.


4.1.8.3 Heartbeat

Edit the properties of a Heartbeat Monitor.



EventThe event to watch for. There are 4 choices:1. Stopped

The computer shut down between samples. The monitor will only trigger once until a sample finds thecomputer online.

2. StartedThe computer started between samples. The monitor will only trigger once until a sample finds thecomputer offline.

3. OnlineThe computer is online, regardless of its state during the last sample. The monitor will continue to trigger oneach sample as long as the computer remains online.

4. OfflineThe computer is offline, regardless of its state during the last sample. The monitor will continue to trigger oneach sample as long as the computer remains offline.

NoteThis monitor requires that the heartbeat service be running and enabled to work properly. The samples aretaken from the heartbeat status in the database, not directly from the individual computer.


4.1.8.4 Processes

Edit the properties of a Process Monitor.


Admin Arsenal46



Process NameThe name of the process to monitor. Must match exactly the name of the process, which typically includes thefile name extension (.exe).


The process stopped between samples.2. Started

The process started between samples.3. Running

The process is running, regardless of its state during the last sample.4. Not Running

The process is not running, regardless of its state during the last sample.


4.1.8.5 Services

Edit the properties of a Service Monitor.



Process NameThe name of the service to monitor. This is the service name, not its display name. Use the name you wouldwhen using "net start" or "net stop" on the command-line.


The service stopped between samples.2. Started

The service started between samples.3. Running

The service is running, regardless of its state during the last sample.4. Not Running

The service is not running, regardless of its state during the last sample.


4.1.8.6 Actions

Actions are different ways in which a monitor can notify you that a monitor has been triggered. Each notificationwill send a message that can include data from the monitor that was triggered, such as the name of themonitor, the time & date, and what type of event triggered the monitor. There are three types of actions.

Command

Reference 47


Run a command-line program on any computer.

E-MailSends an e-mail to any e-mail address. Requires that the Monitor E-Mail settings be set in Preferences.

Event LogLogs an entry to the local event log.

PopupPops up a notification on any computer in the network.

RebootReboots a computer. Can be the monitored computer or any other computer on your network.

VariablesMonitor actions can include variables, which will be replaced with data from the event itself. For example, an e-mail action can include the name of the computer that triggered the monitor in its subject line. Variables arenames enclosed in curly braces, such as {Target} for the name of the triggering computer. Each type of monitorhas different variables, though there are variables that are shared among all monitors.

Everywhere a variable can be used, there is a button marked with >, which when you click on it will give you alist of variables that are usable.

4.1.8.6.1 Service

Change the running state of a service, typically restarting.

ComputerThe computer to change the service on. It can use variables.The most likely variable to use is {Target} which isthe computer being monitored, however any computer can be used, including {Console} which is the computeron which Admin Arsenal is running.

ServiceThe name of the service to change. It can use variables.

Action to TakeThe change to make in the service state.

4.1.8.6.2 Command

Run a command-line program on any computer. This command uses the same mechanism as the RemoteCommand tool, so all of the same rules apply.

ComputerThe computer to run the command on. It can use variables. The most likely variable to use is {Target} which isthe computer being monitored, however any computer can be used, including {Console} which is the computeron which Admin Arsenal is running.

CommandThe command line to run. It can use variables.

4.1.8.6.3 E-Mail

An e-mail will be sent when the monitor is triggered. In order for e-mails to be sent from Admin Arsenal, thereare two settings that need to be made. These indicate which e-mail server to use and which address e-mailsneed to come from. These can be set in the Preferences window.

Recipient

Admin Arsenal48


The e-mail address that will be used. To send to multiple addresses, separate the addresses with commas. Ifleft blank, the e-mail will be sent to the address in the Monitor E-mail Preferences.

SubjectThe subject line that will be used. It can include variables.

MessageThe body of the e-mail. It can use variables.

4.1.8.6.4 Event Log

An entry will be put in the event log on the computer where Admin Arsenal is run.

Event TypeThe type of the event to create, Information, Warning, or Error.

MessageThe description of the event. It can use variables.

4.1.8.6.5 Popup

A popup message will be sent to any computer.

ComputerThe computer on which the popup will appear. It can use variables. The most likely variables to use are{Target} and {Console} which are the computer being monitored and the computer Admin Arsenal is runningon, respectively.

MessageThe message to show. It can use variables.

4.1.8.6.6 Reboot

Reboot a computer in the network. Typically this is the computer being monitored, but it can be any othercomputer as well.

ComputerThe computer to be rebooted. It can use variables. The most likely variable to use is {Target} which is thecomputer being monitored.

TimerThe number of seconds to warn the user before rebooting.

RestartRestart the computer after shutting down.

MessageA message to show the user before the reboot occurs (Timer must be more than 0 for this message to show).It can use variables.

4.1.9 Monitor Log

Shows monitor log events for the given computer and monitor. As Monitors are assigned to a target machinethe Monitor Log will display the result of each iteration of the Monitor Interval.

The number of log entries is controlled by the value Monitor Log Limit as set in the Monitors pane of the Preferences Window.

Reference 49


Admin Arsenal50


4.1.10 Move Database

If you wish to move your Admin Arsenal database from its default location you may do so using the MoveDatabase... command under the Admin Arsenal menu.

The default location of the database is %APPDATA%\Brisworks\Admin Arsenal

The example below shows the Move Database window after the database was moved to C:\AADB.

NOTE: If you move the Admin Arsenal database file to a remote server you will NOT be able to run the AdminArsenal Background Service. The Background service is created in the Preferences window under theBackground section.

Reference 51


4.1.11 Past Deployments

Select the deployment that was used in the past, to populate the Deployment window.

4.1.12 Performance Counter Charting

This window gives you a real-time view of Performance Counters on a computer. The counters can be paused,

unpaused, and restarted. Restarting the counter using the refresh button will clear the chart and startcounting again. If the counter set is edited, either from this window or from the Performance Counter Setswindow will cause the counting to be restarted.

The performance counters are sampled every 60 seconds. The chart contains 120 samples, representing thelast 2 minutes worth of data.

Add Counter SetAdd an additional counter set to this window. If any individual counter is already showing, it will not be addedagain.

Admin Arsenal52


Add CounterAdd an additional counter to the window.

Counter PropertiesChange the settings of the counter currently selected in the grid at the bottom of the window.

Remove CounterRemove the selected counter from the window.

4.1.13 Performance Counter Set

Edit the properties of a Performance Counter Set. Each counter set can have up to 8 counters.

Set NameThe name of the counter set, must be unique.

CategoryThe category name of the counter to be monitored. To select a counter, click on the ... button.

CounterThe name of the counter to be monitored. To select a counter, click on the ... button.

InstanceThe instance name for the counter (optional). To select a counter, click on the ... button.

ColorThe color to use for the chart.

Show AverageShow a dotted line in the chart representing the average of the samples over the whole set of samples visiblein the chart.

Show MaximumShow a line representing the highest value showing in the chart.

Show MinimumShow a line representing the lowest value showing in the chart.

FactorIncrease or decrease the value of the counter to fit it within the chart. The chart represents values from 0 to 100,and some counters show values much higher than 100 or very small so that they're not visible on the chart.Use the factor to multiply or divide the sample value to get it to show on the chart. You can use any number,and the drop down includes many common values. Alternatively, you can choose "Fit to Graph" to have thegraph scale to fit the window, so the highest value shows at the top of the graph.

Reference 53


4.1.14 Performance Counter Sets

Manage Performance Counter Sets. The window includes a list of all Performance Counter Sets. Simply dragthe counter set to a computer listed in the Main Window, or drag a computer from the Main Window to aperformance counter to start charting.

4.1.15 Preferences

Manages global properties.

Active DirectoryShows the root container used for synchronization and the last time the synchronization was run. Allows you tochange the number of minutes between AD sync. If your directory changes a lot, set this number lower. If yourdirectory is fairly static, set it higher. The default is 15 minutes. You can also disable the synchronizationcompletely, if needed. If the sync is disabled, you can perform it manually in this window, or from the File menuon the Main Window.

Note If you change the root container, it will be synchronized immediately. This may change which computersare synchronized. It is recommended that you restart the console after changing the root container.

BackgroundAdmin Arsenal support executing background processes in a Windows service separate from the console. Youcan install the service as well as start/stop it from this page. When you install the service, you will be requiredto provide a user name and password for the service. Since the service needs to access remote computers asthough it were you, this account will need to have administrative rights similar to yours. You can use your ownaccount, or an account created specifically for this purpose.

Note: When running on Windows 2000, the user installing the background service must have the "Act as partof the operating" system privilege (set either through a GPO or gpedit.msc). Also, the user account used for thebackground process must have the "Logon as a service" privilege.

Custom ToolsAllows for the creation of custom tools to be added to the tools menu. Each tool works on a single computerand can run any external program, passing in the computer name as a parameter.

Each tool is defined on a single line with a Name (what will appear in the menu) and a command (what will beexecuted) separated by an equal sign. You can have as many custom tools as you would like.

ExampleOpen ADMIN$ Share=explorer.exe "\\%TARGET%\ADMIN$"

If you want to use a keyboard shortcut for the tool put it in the name after a semicolon (but before the equalsign.) Be sure to use a shortcut that is not used elsewhere, or you won't be able to use the shortcut properly.

ExampleOpen ADMIN$ Share;Ctrl+Alt+O=explorer.exe "\\%TARGET%\ADMIN$"

DatabaseShows the location of your main database file. This database location can be changed by setting anenvironment variable called AADBPATH. By default it is "%AppData%\Brisworks\Admin Arsenal". If you changelocation, you will need to copy all of the database files to the new location or the next time Admin Arsenal runs itwill create a new database.

Note: Read Database Files for notes on limitations when moving the data files to a server.

Admin Arsenal54


DependenciesSet the dependent files which can be used while running a Remote Command or Install. Put one file name perline. Each file will be copied to the exec directory before the command or install is started.

HeartbeatSets how often the computers' online status is updated. Each computer's status is updated on its ownschedule, so that only computers whose last update was this distance in the past will be updated. You canalso disable the update entirely, in which case you'd need to manually update status using the Tools. Checkthe "Verify computer name when looking up addresses" checkbox to force the Heartbeat service to perform areverse DNS lookup to verify that the IP Address syncs up with the expected computer name.

InventorySets how often the computer inventory is updated. Each computer's inventory is updated on its own schedule,so that only computers whose last update was this distance in the past will be updated. You can also disablethe scan entirely, in which case you'd need to manually update inventory using the Tools.

MonitorsSettings to use for sending e-mails from triggered monitors. You will need access to an SMTP server in orderto send e-mail notifications. All e-mails sent from a monitor will come from the sender address listed here.Click "Sent Test Message" to ensure that the settings are accurate. The program will send a test e-mail fromthe sender address to the sender address using the SMTP server.

Monitor Log Limit is the number of entries that will be kept in a computer's monitor log (there is one log permonitor and computer). Set to 0 to disable logging of monitors.

Remote DesktopSet the size of the Remote Desktop window.

Remote ServiceEnable New Remote Service Method (BETA.)

Software DeployDeployments can be configured with a timeout and the number of concurrent deployments. The timeout is inseconds and can be enabled and disabled. The number of concurrent deployments affects how manydeployments are run within a single task. If you start up multiple deploy tasks, they will run concurrently witheach other. This is useful in low bandwidth situations where you only want one copy of the deployment files togo over the wire at a time.

Upgrade CheckCheck the Enabled box to allow Admin Arsenal to automatically check for new a new version at startup.

VNCIn order for VNC remote control to work properly, Admin Arsenal needs to know the location of the VNC viewerapplication (typically called vncviewer.exe). When installed, Admin Arsenal will attempt to locate your VNCviewer program. If it cannot find it (or if you install VNC after Admin Arsenal) then you will need to enter the fullpath of the viewer application.

VNC servers also sometimes use a different display number than the default of 0. If necessary in yourenvironment you can enter the number here as well. Please consult your VNC documentation for moreinformation. Note: RealVNC 3 uses display 1 by default.

WMI

Reference 55


WMI connection timeout is the number of seconds to wait for connections to be made to the WMI database onremote computers. Increase this value if you see WMI timeout errors on computers that you know are online.This can be caused by high network latency or narrow network connections.

4.1.16 Print

This window is opened showing a document whenever a window is printed.

Save AsAllows you to save the print document to a file. This option is the same as used when you save a web page inInternet Explorer.

Page SetupSelect settings for the page used when printing.

Print PreviewPulls up a window showing what the document will look like when printed to the selected printer.

PrintSends the document to the printer.

4.1.17 Reboot/Shutdown

Allows you set options for rebooting or shutting down one or more computers.

Countdown TimerThe number of seconds to display a window on the computer being shut down, warning the user to save dataand close applications.

RestartRestart the computer after it shuts down.

MessageAn optional message to show in the window that pops up on the computer.

4.1.18 Remote Command

Runs a command-line command on a computer and returns the result. This window is available when runninga command on a single computer. If a command is to be run on multiple computers, you will use the RemoteCommand Options window.

Remote Command LineThe command to be run, just as you would when using cmd.exe locally. The command runs with a current directory underneath the Windows directory. The name of the directory willvary depending on when it is run and if there are other commands running on the computer. Run the command"dir" to see which directory is being used.

Execute with cmd.exeRuns the command using cmd.exe. This is necessary for some commands (such as dir) which are built intocmd.exe.

TimeoutThe number of seconds to wait for the command to complete. When set to 0, the command will never time out.

Include DependenciesCopies all of the dependent files to the target computer before the command is started.

Send Password

Admin Arsenal56


Check to send your password to the target computer. The password is encrypted and sent for the remoteprocess to log in locally as a way to avoid the double-hop problem.

Command ResultsShows you the output from the remote command.

Note, running a remote command that requires user input will hang forever until the user closes the programor it is killed.

4.1.19 Remote Command Options

When running a command on more than one computer. Simply enter the command-line to run. For moreinformation, see the Remote Command window. When you run the command, the Task window will openwhere you can get the output from the command on each computer.

Remote Command LineThe command to be run, just as you would when using cmd.exe locally. The command runs with a current directory underneath the Windows directory. The name of the directory willvary depending on when it is run and if there are other commands running on the computer. Run the command"dir" to see which directory is being used.

Execute with cmd.exeRuns the command using cmd.exe. This is necessary for some commands (such as dir) which are built intocmd.exe.

TimeoutThe number of seconds to wait for the command to complete. When set to 0, the command will never time out.

Include DependenciesCopies all of the dependent files to the target computer before the command is started.

Send PasswordCheck to send your password to the target computer. The password is encrypted and sent for the remoteprocess to log in locally as a way to avoid the double-hop problem.

4.1.20 Remote Password

This window shows when you have selected to send your password with a remote command or deployment.You will only be prompted for this password once during a session, as the password is kept for re-use.

4.1.21 Report

This window allows you to view, edit, and print reports.

SQLEach report is defined by an SQL statement. You can click the "Edit SQL" button or menu item to see the SQLthat each report is using. Using this window you can change the SQL and see the results of the change (byclicking Refresh.) The SQL dialect used by Admin Arsenal is Microsoft SQL Compact Edition version 3.5.

Save AsYou can make a copy of a report by clicking on "Save As." You will be able to enter a category and name for thereport copy. It's a good idea to make copies of the built-in reports before experimenting (so that you don't losethe original SQL.)

Database Column and Table NamesClick on the "Fields" button to the right of the SQL edit pane to see a list of all table and column names in the

http://msdn.microsoft.com/en-us/library/bb734673.aspx

Reference 57


database. Clicking on the name of the table or column will insert it into the report's SQL.

<computerfilter>This special identifier within the SQL indicates where the filter clause for the computer group will go. If a reportincludes the Computer table it's a good idea to include this identifier so that the report can be run against a Collection. Without it, the report will always be run against all computers in the database. Do not include<computerfilter> if the Computer table isn't included, it will result in an error when the report is run.

SQL HelpPlease don't hesitate to visit our Forums to get assistance formulating your SQL statements.

4.1.22 Select Object

This window will open when you need to select a collection or computer. You can type in part of the computeror collection name to filter the list, then double-click on an item.

4.1.23 Select Performance Counter

Use this window to select a Performance Counter. There are three ways to select counters.

RecentCounters that are used anywhere within Admin Arsenal. Allows you to easily find and re-use counters you'veused in the past.

BrowseBrowse counters available on computers. You will be given a list of computers which you can use to findexisting counters. Not all counters are available on all computers, because many of them are installed bydifferent applications. Not all counters have instances. For example, Processor % Processor Usage counterhas one instance for each processor, and one for all processors combined. Memory Available Bytes has noinstances because it's relative to the entire computer.

4.1.24 Task

This window will be shown whenever you run a task on one or more computers. You can see the statusof the task on each computer as well as abort some or all tasks. Due to the nature of reporting status,aborting a task may not actually stop it because either was already completed before the task windowshowed it finished, or the process is far enough along that aborting the task will do nothing. In thesecases, the task will appear to be aborted, but they may already be finished or may still be running.

If the task was a remote command, you can view the output from the command on each computer by right-clicking on the computer and selecting See Output.

4.1.25 Unexpected Error

In the unlikely event that an unexpected error occurs while running Admin Arsenal, you will be shown the Errorwindow. The error window will provide you a way to report the error to Admin Arsenal Support, so that we mayanalyze the error to make future improvements. No personal information will be sent, unless you choose toprovide it. You can submit the error details without any additional information, if you wish, it will still be veryhelpful.

If you include your e-mail address, we may contact you for more information or let you know of a work around orfix. You e-mail address will never be used for any other purpose.


Admin Arsenal58


4.2 Command Line Utilities

This section contains detailed information for each command line utility included with Admin Arsenal.

4.2.1 DcomAcls

DcomAcls is a command line utility to set and view security rights and properties for DCOM on computers. Thisutility is useful if you see the "WMI Access Denied" error during inventory scans. WMI uses DCOM for remotecommunication, and if your account doesn't have the proper authority, you will not be able to access WMIremotely. DcomAcls.exe can be included in a GPO to fix the DCOM security for large groups of people, or it canbe used to set the permissions on individual computers. The Windows utility dcomcnfg.exe provides a GUI forsetting these values. Use this MMC snapin for more information on the nature of these settings.

Syntax:

dcomacls -computer [computer] -allow [rights specifiers] -deny [rights specifiers] -none [rights specifiers] -view [rights specifiers] -property [property specifiers] -viewproperty [properties]

The parameters can be used in any order.

-computerUse this parameter to specify the computer to set or view. If omitted, then the current computer is used.

-allow, -deny, -noneUse to set the DCOM rights for a group or user. The format for the rights specifier is "right:user". There are sixavailable rights, each with a short and long name which can be used in the specifier. The rights are:

AL.L access-limits-localAL.R access-limits-remoteLL.LL launch-limits-local-launchLL.RL launch-limits-remote-launchLL.LA launch-limits-local-activationLL.RA launch-limits-remote-activation

When specifying rights the wildcards * and ? can be used. The user name can contain a domain or if thedomain is omitted, the current domain is used.

Allow grants the user the given right, deny revokes access, and none removes both allow and deny ACLs. Touse more than one specifier at a time, separate them with commas.

Example:

-allow ll.*:domain\administrators (allows the domain\administrators group access to all launch-limit rights)-allow *.L*:everyone,*:administrator

-view View is used to determine which rights to display. The specifier is the same as above, except that the username can also use a wildcard. If no specifier is provided, then all rights for all users as shown. To use morethan one specifier at a time, separate them with commas.

Example:

-view *:domain\* (view all of the rights assigned to all domain users and groups)

-property

Reference 59


Sets DCOM properties on the computer. The format for each specifier is "name=value". The properties andtheir allowed values are:

EnabledTurns DCOM on or off. Use the values true and false.

InternetTurns on DCOM over HTTP. Use the values true and false.

AuthenticationSpecifies the type of DCOM authentication to use. Can be one of Default, None, Connect, Call, Packet,PacketIntegrity, or PacketPrivacy.

ImpersonationSpecifies the type of impersonation for DCOM. Can be one of Default, Anonymous, Identify, Impersonate, orDelegate.

ReferenceTurn on additional security for references. Not available if either None or Anonymous are selected forAuthentication or Impersonation, respectively.

Example:

-property enabled=true,internet=false (turns on DCOM and turns off DCOM over HTTP)

-viewpropertyView the DCOM properties. The specifier is a comma separated list of the properties to show. If no specifier isgiven, then all properties are shown.

Example:

-viewproperty enabled,internet

-protocolsSet the protocols used by DCOM. The specifier is a comma separated list of the protocols to set. The order ofthe protocols affects their priority.

The following are the allowed protocols:

tcp Connection-oriented TCP/IPudp Datagram UDP/IPhttp Tunneling TCP/IP

Example:

-protocols tcp,http

-viewprotocolsView the protocols which are currently set for use by DCOM.

NotesAny changes are made prior to reading values to display, regardless of parameter order. Therefore, the rightsand properties displayed will include any changes also specified on the command line.

Admin Arsenal60


Examples

# Views all rights on the computer named serverdcomacls -view -computer server

# Revokes remote access for the administrator user and then shows the results.dcomacls -deny *remote*:administrator -view *:administrator

# Turns DCOM on and grants everyone full accessdcomacls -allow *:everyone -property enabled=true

5 Online Resources

The Admin Arsenal web site provides a wealth of information to help you operate and understand AdminArsenal.

http://www.adminarsenal.comAdmin Arsenal main site.

http://support.adminarsenal.comSupport options and information.

http://www.adminarsenal.com/FAQs.aspxFrequently asked questions.

http://documentation.adminarsenal.com/AdminArsenal/1.4/AdminArsenal.pdfPrintable version of this documentation.

http://www.adminarsenal.com

http://support.adminarsenal.com

http://www.adminarsenal.com/FAQs.aspx

http://documentation.adminarsenal.com/AdminArsenal/1.4/AdminArsenal.pdf

Index 61


Index- A -Access Tools 43

access-limits 58

access-limits-local 58

access-limits-remote 58

Action to Take 47

Actions 23

Active Directory 7, 18, 41

Active Directory Container 8

Active Directory Synchronization 8, 18

Add Computers to Static Collections 43

After 31

All 31

Any 31

- B -Background Processes 19

Base Priority 39

Before 31

Before you Begin 7, 8

Between 31

Browse Active Directory 30

Browse counters 57

- C -category name 44, 52

Change Database 43

Change Preferences 43

Charting 25, 32

collection name 19, 31, 57

Collections 19

Command Line 41, 55

Command Results 55

Computer Window 21, 32

Contains 31

Countdown Timer 55

CPU Time 39

CPU usage 39

criteria 19, 23, 31, 43

- D -data type 31

DCOM 58

DcomAcls 58

defining criteria 19

Deploy 41, 51

Deploy File 41

Disks 36

Disks View 32

Does not Contain 31

Does not Equal 31

Does not Match 31

Dynamic Collections 19

- E -E-Mail Action 46

E-Mail Settings 8

Ends With 31

Environment 36

Environment View 32

Equals 31

Error 57

Event Log 23

- F -Firewall 7

forums 24, 27

- G -Getting up and running 6

Greater Than 31

Groups View 32

- H -Handle Count 39

Hardware View 32

- I -ICMP 21

Admin Arsenal62


Image Name 39

In the Last 31

Information Refresh 21

Install 19, 28

install file 28

instance 44, 52, 57

Interface 36

Interval 18

Inventory Refresh 21

IP address 21

- L -launch-limits 58

launch-limits-local-activation 58

launch-limits-local-launch 58

launch-limits-remote-activation 58

launch-limits-remote-launch 58

Less Than 31

- M -Main Window 6, 8, 19, 21, 27, 43, 53

Managing Collections 19

Match 31

Matches 31

MDAC 7

Member Of 31

Memory 39, 57

Microsoft .NET 2.0 7

monitor 6

Monitor E-Mail 46, 53

Monitor Name 44, 45, 46

Monitors View 32

- N -Not All 31

Not Any 31

Not Between 31

Not in the Last 31

Not Member Of 31

- O -Open Computers 43

Operation 41

Organizational Unit 18

Other Options 41

- P -Page Faults 39

partitions 36

Past Deployments 51

Peak Memory 39

Performance Counter Charting 25, 32, 51

Performance Counter Sets 25, 51, 53

Performance Counters 23

PID 39

ping 21

Popup 46, 48

Preferences 8, 18, 21, 28, 43, 46, 53

Preferences Window 26

Prerequisites 7

Print 55

Processes 23

Processes View 32

- Q -Quick Start 7

Quiet 41

- R -Reboot 28

Remote Assist 28

Remote Desktop 28

Report 56

Requirements 7

Restart 41

Root Container 18

Run Command 28

Run Reports 43

- S -Select Object 57

Select Performance Counter 57

Services 23

Services View 32

Shares 37

Shares View 32

Index 63


SID 38

SMTP 8

Software 40

Software View 32

Starts With 31

Startup Wizard 8

Static Collections 19

Status Refresh 21

Synchronization Interval 18

- T -Task 57

Thread Count 39

Threshold 44

Tools 28

Trial 22

Trigger 23

- U -Update Inventory 28

Update Notes 10

Update Status 28

Used Counters 57

Users 38

Users View 32

- V -Variables 46

- W -Wake 28

Wildcards 30

Wizard 8

WMI 53

WMI Access Denied 58