Kaseya Fundamentals Workshop

Kaseya Fundamentals Workshop

Developed by

Kaseya UniversityPowered by

IT ScholarsKaseya Version 6.5

Last updated March, 2014

Policy Management

What is Covered?• Motivation• Overview• Policies• Organization /

Machine Groups• Machines• Policy Assignment

Rules

• Settings• Policy Matrix• Dashboard• Logs• Standard Solution

Package• Summary


Motivation:Agent Templates

vs. Policy Management

Agent Templates• Pros

– Enables consistency of service delivery.– Promotes standard/best practices.– Allows agent configurations to be pushed

during the initial installation of the agent.• Cons

– Requires user intervention.– Any changes must be applied to all the similar

agents every time.– May put too much load on the KServer as there

may not be a consistent way to distribute the load.

Policy Management• Pros

– Enables consistency of service delivery.– Promotes standard/best practices. – Provides automatic policy deployment.– Provides automatic policy compliance check.– Supports load distribution.– Simplifies the application and management of

policies based on Orgs, Groups, and Views.• Cons

– May take longer than agent templates to apply the initial configuration, but worth the investment.

Agent Templates Settings• Agent settings can be copied during

installation of Kaseya agents– Agent Deployment Package can reference an

Agent Template or the settings in another agent.

Agent Settings• Menu options• Credentials• Working Directory• Other options

– Audit Scan / Patch Scan– Event Log Settings– Agent – Alerts– Monitor Sets– Agent Procedures

Note• An agent template will have an orange

square icon to emphasize the fact that the an agent associated with this record has not checked into the KServer.

• Its sole purpose is to provide additional customized settings for agents with similar roles so that such settings can be added to the settings of already-deployed agents or be used as part of an agent package.

http://kaseya2.cis.fiu.edu/AgentTab/agentStatus.asp

It Is Your T

urn!

Progress Check• Do you know how Agent Templates and

Policy Management are different?

• When should you use Agent Templates?

• When should you use Policy Management?


Overview

Overview• The Policy Management (KPM) module

manages agent settings by policy.• In the following slides, we introduce:

– Policies– Policy Assignment– Policy Compliance– Policy Conflicts– Overriding Policies– Importing/Exporting Policies– Policy Terminology– Function Overview

Policies• Each policy comprises sub-categories of

agent settings called policy objects.• Policy Objects include:

– Agent Menu, Alerts, Audit Schedule, Checkin, Credential, Distribute Files (on-premise only), Event Log Settings, Kaseya Anti-Malware, Kaseya AntiVirus, Kaseya Security, Log History, Machine Profile, Monitor Sets, Patch File Source, Patch Procedure Schedule, Patch Reboot Action, Patch Settings, Patch Windows Automatic Update, Protection, Remote Control, and Working Directory.

Policy Assignment• Policies can be assigned to machines,

machine groups, or organizations.• A view further filters the affected machines.• Once assigned, policies are propagated

automatically, without further intervention. • Changing a machine's association with a

machine group, organization, or view, causes the appropriate policies to be automatically re-deployed.

Policy Compliance & Conflicts• A compliance cycle checks that each

machine is in compliance with applied policies.

• VSA users can check the status of each machine to ensure it is in compliance with applied policies.

• Multiple policies can be assigned to each machine.

• If policies conflict, policy assignment rules determine which policy objects are obeyed and which are ignored.

Overriding Policies• A policy can be overridden. • A policy override condition exists if agent

settings for a machine have been set manually, outside of the Policy Management module. – For example, making changes to the agent

menu of a machine using the Agent > Agent Menu function.

• Policy Management policies for that object will be ignored from then on.

• Policy overrides can also be cleared.

Importing/Exporting Policies• Policies can be imported and exported using

System > Import Center.• A System cabinet provides built-in policies that

reflect best-practice solutions for common IT management tasks.

• Policies can be configured for an organization automatically using the Systems Management Configuration setup wizard and these System cabinet policies.

• Policies can be imported from agent templates.

Policy Terminology• Applying a policy means the changes made

to its policy objects are marked for deployment.

• Deployment means the applied changes are propagated to target machines, based on the deployment interval set using the Policy Management > Settings function.

• Pending changes are changes to policies or policy objects that have been saved but not yet applied.

Note• Because deployment may take a while, the

target machine might not be in compliance between the time the policy is applied and the policy is deployed.

Policy Management Function Overview

a) Overview: Illustrates the Policy Management workflow graphically.

b) Dashboard: Provides a dashboard view of Policy Management activities.

c) Logs: Displays a log of Policy Management module activity.d) Policy Matrix: Displays the policy status of all machines your

scope authorizes you to see. A policy status icon displays in the left most column for every machine on this page.

e) Policies: Defines agent settings by policy.f) Settings: Schedules the interval for automatic deployment of all

policies to all assigned machines.g) Organizations / Machine Groups: Assigns policies to

organizations and machine groups.h) Machines: Assigns policies to individual machines. You can also

clear Policy Management policy overrides using this function, enabling applied policies to take effect.

abcd

ef

gh

Policy Management Overview


Policies

Overview: The Policy Function

a

a) The Policy function defines agent policies. b) Policies are organized by a folder tree. c) A System cabinet provides built-in policies that reflect best-practice solutions for

common IT management tasks. d) Settings: Agent policy settings are grouped by setting category in this tab. e) Assigned Machine Groups: The organizations and machines groups assigned to a

policy display on this tab. f) Assigned Machines: Use this tab to determine the machines that are members of a

policy.

b

c

d e f

CREATE POLICYLAB 1

LAB• Create a policy for servers.

Steps to Create a Policy – Add Folder

1

2

3

4

5

6

Steps to Create a Policy – Add Policy

1

2

3

4

7

8

9

10

Steps to Create a Policy – Heading

• Name: The name of a policy.• Description: The description of a policy.• View: A view definition associated with

the policy. Once a policy is assigned to a view definition, the policy only applies to machines that are members of that view. This prevents the unintentional assignment of a policy to all machines in the VSA. Assigning a policy to a view is not required if the policy is only assigned directly to a machine using the Machines function.

1

2

37

1311

12

14

15

16

LAB Parts• We have divided the policy creation lab into

smaller parts, each addressing the settings required in each category of the server policy.

• We first introduce each category and then exercise what we have learned by applying the corresponding server settings to the policy category.

The Agent Menu Category• This category assigns agent menu settings:

– Enable Agent Icon: Check to display the agent icon in the system tray of the managed machine. Uncheck to hide the agent icon and prevent the use of agent menu options.

– About <Agent>: Check to enable the machine user to click this option to display the About box for the installed agent. The default option label Agent can be customized.

– <Contact Administrator...>: Check to enable the machine user to click this option to display either the user's Portal Access page or a different contact URL. The default option label Contact Administrator... can be customized.

– <Your Company URL...>: Check to enable the machine user to click this option to display the URL specified in the corresponding URL field.

The Agent Menu Category (cont)– Disable Remote Control: Check to allow the machine

user to enable/disable remote control to the user's managed machine.

– Set Account...: Check to enable the machine user to click this option to display their machineID.groupID.organizationID and change the Kaseya Server address the agent checks into.

– Refresh: Check to enable the machine user to initiate an immediate full check-in.

– Exit: Check to enable the machine user to terminate the agent service on the managed machine.

LAB – Part 1• Agent Menu:

– Set the agent menu on the servers so that they only show the Refresh option.

Steps to Create a Policy – Agent Menu

1

2

5

3

4

8

6

7

The Agent Procedures Category• This category assigns agent procedures:

– Add Procedure: Adds and schedules an agent procedure.

– Remove Procedure: Removes a selected agent procedure.

Note: When multiple policies are assigned to the same machine, all assigned agent procedures in all assigned policies are deployed to that machine.

LAB – Part 2• Agent Procedures:

– Schedule the Server Maintenance agent procedure to run weekly on Sunday sometime between 12am and 4am of the agent’s local time.

– If the machine is not turned on when the maintenance is scheduled, then the machine will skip that maintenance cycle and will attempt to run the maintenance a week later.

Steps to Create a Policy – Agent Procedures

8

9

1

2

3 67

4

5


10

11

1

2

3

4


1

2

12 14

13

15

16

17

18


191

2

3

4

The Alerts Category• This category assigns standard alert notifications.

Each type of alert has different configuration settings:– Agent Status: alerts when an agent is offline, first goes

online, or someone has disabled remote control on the selected machine.

– Application Changes: alerts when a new application is installed or removed on selected machines.

– Get File: alerts when a procedure's getFile() or getFileInDirectoryPath() command executes, uploads the file, and the file is now different from the copy previously stored on the Kaseya Server. If there was no previous copy on the Kaseya Server, the alert is created.

– Hardware Changes: alerts when a hardware configuration changes on the selected machines.

The Alerts Category (cont)– Low Disk: alerts when available disk space falls below a

specified percentage of free disk space.– Event Log: alerts when an event log entry for a selected

machine matches a specified criteria. After selecting the event log type, you can filter the alert conditions specified by event set and by event category.

– LAN Watch: scans a machine’s local LAN and detects new machines and devices connected to the machine's LAN.

– Agent Procedure Failure: alerts when an agent procedure fails to execute on a managed machine.

– Protection Violation: alerts when a file is changed or access violation detected on a managed machine.

– Patch Alert: alerts for patch management events on managed machines (See Patch Settings category).

Note• When multiple policies are assigned to the

same machine, all assigned event log alerts in all assigned policies are deployed to that machine.

• For all other types of alerts, only one policy can be in effect at any one time.

LAB – Part 3• Alerts:

– Set Alerts for Agent Status• Alerts: Agent has not checked in for 10 minutes;

rearm after 12 hours; User disables remote control.• Actions: Alarm and Email

– Set Alerts for Application Changes• Alerts: New applications installed; Existing

applications deleted.• Actions: Alarm and Email

– Set Alerts for Hardware Changes• Alerts: When any hardware changes.• Actions: Alarm and Email

LAB – Part 3 (cont)– Set Alerts for Low Disk

• Alerts: When any fixed partition has less than 20% of free space.

• Actions: Alarm and Email

– Set Alerts for Event Logs:• Alerts: System and Application Errors; Alert once;

Ignore additional alarms for one day.• Actions: Alarm and Email

Steps to Create a Policy – Alerts – Agent Status

6

8

7

1

2

3

4

5


67

1

2

3

4

9

13

10

16

1214

15

11


6

1

2

3

4

Steps to Create a Policy – Alerts – Application Changes

6

18

17

1

2

3

4


617

1

2

3

4

19

20

24

2223

21


6

1

2

3

4

Steps to Create a Policy – Alerts – Hardware Changes

6

26

25

1

2

3

4


625

1

2

3

4

27

28

30

29


6

1

2

3

4

Steps to Create a Policy – Alerts – Low Disk

6

32

31

1

2

3

4


631

1

2

3

4

33

34

37

3635


6

1

2

3

4

Steps to Create a Policy – Alerts–Event Logs–Application Error

6

39

38

1

2

3

4


638

1

2

3

4

40

41

48

43

44

45 46

47

42


6

1

2

3

4

Steps to Create a Policy – Alerts – Event Logs – System Error

6

50

49

1

2

3

4


649

1

2

3

4

51

52

59

54

55

56 57

58

53


6

1

2

3

460

The Audit Schedule Category• This category assigns schedules for a Latest

Audit, Baseline Audit, and System Audit. There are three scheduling options:– Edit Schedule: Edits an existing audit schedule. – Reset: A schedule for this type of audit is not set

for this policy. If this same type of audit has a schedule defined in a lower-priority policy, it is allowed to take effect.

– None: A schedule for this type of audit is not set for this policy. If this same type of audit has a schedule defined in a lower priority policy, it is not allowed to take effect.

LAB – Part 4• Audit Schedule:

– Schedule Baseline Audit• Frequency: Annually; Beginning on January 1st

through the 14th; Between 6am-6pm .

– Schedule System Info and Latest Audit• Frequency: Daily; Skip if offline; Between 6am-6pm.

Steps to Create a Policy – Audit Schedule – Latest Audit

6

7

1

2

3

4

5


9

14

810 11

12

13

Steps to Create a Policy – Audit Schedule – Baseline Audit

6

7

1

2

3

4

15


17

25

1618 19

20

22

21

23

24

Steps to Create a Policy – Audit Schedule – System Audit

6

7

1

2

3

4

15

26


28

33

2729 30

31

32

Steps to Create a Policy – Audit Schedule

6

7

1

2

3

4

15

26

34

The Check-in Category• This category assigns agent check-in settings:

– Primary KServer: Enter the IP address or fully qualified host name of the machine’s primary Kaseya Server; the latter is recommended.

– Primary Port: Enter the port number of the primary Kaseya Server; default is 5721.

– Secondary KServer: Enter the IP address or fully qualified host name of the machine’s secondary Kaseya Server; the latter is recommended.

– Secondary Port: Enter the port number of the secondary Kaseya Server; default is 5721.

The Check-in Category (cont)– Check-In Period: Enter the time interval for an agent

to wait before performing a quick check-in with the Kaseya Server. If a recent update has been set by a VSA user, the agent starts working on the task at the next check-in. The agent maintains a persistent connection to the Kaseya Server. As a result, quick check-in times do not affect response times from the agent. The quick check-in time sets the maximum time to wait before re-establishing a dropped connection.

• Setting all of your machine's quick check-in time to 30 seconds guarantees each agent recovers from a dropped connection within 30 seconds, assuming connectivity is successful.

The Check-in Category (cont)– Bind to KServer: If checked, the agent is bound to a

unique Kaseya Server ID. – Bandwidth Throttle: Limits the agent to consuming

a specified maximum amount of bandwidth on the system with this control. Disable by entering a 0.

– Warn if multiple agents use same account: The Kaseya Server can detect if more than one agent is connecting to the Kaseya Server and using the same machineID.groupID.OrganizationID.

– Warn if agent on same LAN as KServer connects through gateway: May be useful if you manage machines that share the same LAN as your KServer.

LAB – Part 5• Check-in:

– Set the Primary and Secondary KServer to the KServer DNS name.

– Set the Primary and Secondary Port to 5721.– Set the Check-in Period to 30 seconds.– Set no Bandwidth Throttle.– Select Warn if multiple agents use same

account.

Steps to Create a Policy – Check-in

6

7

1

2

3

4

5

8

9 10

11

12

13

14

The Credential Category• This category assigns a credential to a policy.

– Use organization defaults: If checked credentials set as Agent Credential in the Audit > View Assets function and Audit > Manage Credentials function are used in place of the credential specified using the Agent > Set Credential function.

– Username: Enter the username for the credential. – Password: Enter the password associated with the

username above.– Domain:

• Local user account: Logs into machine locally.• Use machine's current domain: Uses the domain

reported by the most recent latest audit.

LAB – Part 6• Credential:

– Set the policy to use the following credential:• Username: Enter your username. • Password: Enter your password.• Domain: Select Use machine's current domain.

Steps to Create a Policy – Credential

6

1

2

3

4

5

11

7

8

9

10

The Distribute File Category(on-premise only)

• This category distributes files stored on the Kaseya Server to machines assigned this policy.– Select server file: Select a file to distribute to

managed machines. These are the same set of files managed by clicking the Manage Files... link on this page.

– Specify full path and filename to store file on remote machine: Enter the path and filename to store this file on selected machine IDs.

LAB – Part 7• Distribute File:

– No file should be distributed to the managed machines by this policy.

Steps to Create a Policy – Distribute File

6

1

2

3

4

5

7

The Event Log Settings Category• This category specifies the event log types

and categories included in the Log History. • Event logs must be enabled for a machine

before event log alerts can be configured for that machine.

• However, in v6.5, event logs are automatically collected for the corresponding alerts.

LAB – Part 8• Event Log Settings:

– Collect all System and Application Error event logs.

Steps to Create a Policy – Event Log Setting

67

1

2

3

4

5


89

10

11

6

1

2

3

4

7


6

1

2

3

412

The LAN Cache Category• This category assigns a LAN Cache to a

policy.

LAB – Part 9• LAN Cache:

– Create a LAN Cache on dc and assign it to this policy.

Steps to Create a Policy – LAN Cache

5

1

2

3

4

6

7


1

2


13

8

9

10

11

12

14

15

The Log History Category• This category assigns log entry settings.

– Set days to keep log entries, check to archive to file:

• Configuration Changes: The log of configuration changes made by each user.

• Network Statistics: The log of incoming and outgoing packet count information and the application or process transmitting and/or receiving such packets.

• Agent Procedure Log: Displays a log of successful/failed agent procedures.

• Remote Control Log: Displays a log of remote control events.

• Alarm Log: The log of all alarms issued.

The Log History Category (cont)• Monitor Action: The log of alert conditions that have

occurred and the corresponding actions, if any, that have been taken in response to them.

• Sys Log: The log of all System Check external systems.• Agent Uptime: The log of the agent online/offline status.

– Set days to keep monitoring logs for all machines; the following monitoring log settings are applied system-wide.

• Event Log: The log of all events. The events collected are specified in more detail using Agent > Event Log Settings.

• Monitor Log: The log of data collected by monitoring sets.• SNMP Log: The log of all data collected by SNMP sets.• Agent Log: The log of agent, system, and error messages.

LAB – Part 10• Log History:

– Set retention period to 30 days for all logs.

Steps to Create a Policy – Log History

6

7

1

2

3

4

5

8

9

10

11

12

13

14

15

The Machine Profile Category• This category assigns machine profile

settings.– Contact Name: Enter the name of the individual

using the managed machine. – Contact Email: Enter the email address of the

individual using the managed machine. – Contact Phone: Enter the phone number of the

individual using the managed machine. – Admin Email: Enter the email address providing

administrator support for this managed machine. – Language Preference: Determines the language

displayed by an agent menu.

The Machine Profile Category (cont)

– Machine Role: The machine role to apply to selected machines.

– Notes: Enter any notes about a machine account. Show notes as tooltip: If checked, Edit Profile notes are included as part of the tooltip.

– Auto assign tickets: Auto assign a ticket to this machine if the Ticketing email reader receives an email from the same email address as the Contact Email.

Note: if multiple machines have the same contact email, then only one machine can have the Auto assign tickets checkbox checked.

LAB – Part 11• Machine Profile:

– Make sure that the contact information (i.e., Contact Name, Contact Email, and Contact Phone) are blank/empty.

– Set the Admin Email to your email.– Set the Language Preference to English.– Set the Machine Role to Default.– Select Show notes as tooltip.– Select Auto assign tickets.

Steps to Create a Policy – Machine Profile

6

7

1

2

3

4

5

8

13

9

10

1112

The Monitor Sets Category• This category assigns monitor sets to a

policy.– Add Monitor Set: Adds and schedules monitor

sets. – Actions:

• Create Alarm• Create Ticket• Run Script <agentprocedure> on <machineID>• Email Recipients

– Remove Monitor Set: Removes selected monitor sets.

Note• When multiple policies are assigned to the

same machine all assigned monitor sets in all assigned policies are deployed to that machine.

LAB – Part 12• Monitor Sets:

– Monitor Set: Assign the Servers monitor set.– Actions: Alarm &Email

Steps to Create a Policy – Monitor Sets

67

1

2

3

4

5

8

9

11

10


6

1

2

3

412

The Patch Source Category• This category defines the file source for patch.

– Select as many options as you see fit:• Copy packages to working directory on local drive

with most free space: Downloads patches to the Working Directory, but use the drive on the managed machine with the most free disk space.

• Delete package after install (from working directory): The install package is typically deleted after the install to free up disk space.

• Download from Internet if machine is unable to connect to the file server: Optionally check this box to download from the internet. This is especially useful for laptops that are disconnected from the company network but have internet access.

The Patch Source Category (cont.)– Only choose one option for the following ones:

• Download from Internet: Each managed machine downloads directly from the internet.

• (On-Premise Only) Pulled from system server: If not on the KServer, they are downloaded on the KServer, then used for all subsequent distributions to managed machines.

• Pulled from file server using UNC path: If many machines on the same LAN, patch files can be downloaded to a local directory on a selected machine ID and shared by other machines on the LAN.

• Pulled from LAN Cache: Uses the Agent > LAN Cache function to manage file sourcing for patch executable files.

• More options (choose one):– File Server automatically gets patch files from:

• The Internet: Use this setting when the file server machine has full internet access.

• (On-Premise Only) The system server: Use this setting when the file server machine is blocked from getting internet access.

LAB – Part 13• Patch File Source

– Select these options:• Copy packages to the working directory on local

drive with most free space.• Delete package after install.• Download from Internet if machine is unable to

connect to the file server.• Pulled from LAN Cache

Steps to Create a Policy – Patch Source

6

1

2

3

4

5

789

11

12

The Patch Procedure Schedule Category

• This category schedules two tasks that can be assigned to a policy.– Patch Scan: Schedules scans to search for

missing patches on each managed machine. – Automatic Update: Schedules an update of

managed machines with Microsoft patches on a recurring basis. Automatic Update obeys both the Patch Approval Policy and the Patch Reboot Action policy.

The Patch Procedure Schedule Category (cont)

• A schedule can be set to:– Reset: A schedule for this task is not set for this

policy. If this same task has a schedule defined in a lower priority policy, it is allowed to take effect.

– None: A schedule for this task is not set for this policy. If this same task has a schedule defined in a lower priority policy, it is not allowed to take effect.

LAB – Part 14• Patch Procedure Schedule:

– Patch Scan Schedule:• Schedule patch scans on Wednesday of each week

from 6am-6pm.• If a server is powered off, simply skip the patch

scan. Servers should not be powered on as they may be off line or shut down for maintenance purposes.

– Patch Automatic Update Schedule:• No patch should be automatically updated on any

server.

Steps to Create a Policy – Patch Procedure Schedule

6

7

1

2

3

4

5

Steps to Create a Policy – Patch Procedure Schedule - Scan

9

15

8 10 11

12

14

13

1

2


6

7

1

2

3

416

The Patch Reboot Action Category• This category assigns a reboot action to a policy

for patch executable files.– Reboot immediately after update: Reboots the

computer immediately after the install completes.– Reboot <day of week> at <time of day> after install:

The computer is rebooted at the selected day of week and time of day.

– Warn user that machine will reboot in <N> minutes (without asking permission): The warning pops giving the user a short time to save work.

– Skip reboot if user logged in: If the user is logged in, the reboot is skipped. This is the default setting.

The Patch Reboot Action Category (cont.)

– If user logged in ask to reboot every <N> minutes until the reboot occurs.

– If user logged in ask permission. Reboot if no response in <N> minutes. Reboot if user not logged in.

– If user logged in ask permission. Do nothing if no response in <N> minutes. Reboot if user not logged in.

– Do not reboot after update: Does not reboot. You can be notified via email when a new patch has been installed by selecting, “When reboot required, send email” and providing an email address.

LAB – Part 15• Patch Reboot Action:

– Do not reboot after update.– When reboot required, send email to you.

Steps to Create a Policy – Patch Reboot Action

6

1

2

3

4

5

7

8

The Patch Settings Category• This category assigns patch settings to a

policy.– Choose whether to run procedures:

• Pre/Post Procedure• after Initial Update• before Automatic Update• after Automatic Update

– Patch Policy Membership: Assign one or more patch policy names to this policy.

– Patch Alert: Check any of the checkboxes to perform their corresponding actions when an alert condition is encountered.

LAB – Part 16• Patch Settings:

– Assign Server Patching to this policy.– Set Patch Alert for:

• Alerts:– New Patch is Available– Agent credential is invalid or missing– Patch install fails– Windows Auto Update changes

• Actions:– Create Alarm and Email

Steps to Create a Policy – Patch Settings – Policy Membership

7

6

1

2

3

4

5

Steps to Create a Policy – Patch Settings – Patch Alarms

12

1

2

3

4

8

9

10

11

13

1514

16

The Patch Windows Automatic Update Category

• This category assigns the following policy:– Disable Windows Automatic Update to let

Patch Management control system patching: • Check to disable Windows Automatic Updates on

selected machines. This will allow Kaseya Patch Management to control patching of the managed machines.

• Overrides the existing user settings and disables the controls in Windows Automatic Updates so the user cannot change any of the settings.

• Users can still patch their systems manually.

LAB – Part 17• Patch Windows Automatic Update:

– Disable Windows Automatic Update.

Steps to Create a Policy – Patch Windows Automatic Update

6

1

2

3

4

5

7

8

The Protection Category• This category assigns file, application and

network access to a policy.• Here are the options:

– File Access Control: Adds and schedules monitor sets.

– Application Blocker: Blocks an application from running on a machine.

– Network Access: • Notify user when app blocked• Enable/Disable driver at next reboot• Apply Unlisted Action

LAB – Part 18• Protection:

– File Access Control: • Add DVD Player (“c:\windows\system32\

dvdplay.exe”).

– Application Blocker: • Block Microsoft Paint (“mspaint.exe”).

– Network Access: • Do not change the setting.

Steps to Create a Policy – Protection

6

7

1

2

3

4

5

Steps to Create a Policy – Protection – File Access

6

1

2

3

4

9

10

8


6

1

2

3

4

Steps to Create a Policy – Protection – Application Blocker

6

1

2

3

4

11 12

Steps to Create a Policy – Protection – Network Access

1

2

3

4

13

14

The Remote Control Category• This category assigns remote control user

notification settings to a policy.– Select a user notification type:

• Silently take control• If user logged in display alert • If user logged in ask permission • Require Permission. Denied if no one logged in

– Other options:• Notify user when session terminates • Require admin note to start remote control

LAB – Part 19• Remote Control:

– Set user notification type to Silently take control

– Select Require admin note to start remote control

Steps to Create a Policy – Remote Control

6

8

1

2

3

4

5

7

9

The Update List by Scan Category

• This category assigns Update List by Scan schedules to a policy.– For Windows 2000 and Earlier Windows

Machines - Users may elect to run Update Lists by Scan on a recurring basis for the purpose of discovering new counter objects on those machines.

– This is the only reason to run Update Lists by Scan on a recurring basis.

LAB – Part 20• Update List By Scan:

– Schedule Update List By Scan to run once.

Steps to Create a Policy – Update List By Scan

6

7

1

2

3

4

5


9

10

81

2


6

7

1

2

3

411

The Working Directory Category • This category assigns a working directory to

a policy.– Working Directory: Sets the path to a directory

on the managed machine used by the agent to store working files.

LAB – Part 21• Working Directory:

– Set the working directory to “c:\kworking”.

Steps to Create a Policy – Working Directory

6

1

2

3

4

57

8

Save and Apply• Click Save and Apply to save and apply

settings for a selected policy. • Apply means the settings are propagated to

assigned machines. • A confirmation message lets you Apply Now

or Allow scheduler to apply, which applies changes using the deployment interval specified in Policy Management > Settings.

LAB – Part 22• Save and apply the policy.

Steps to Create a Policy – Save and Apply

1

2

3

45

6

Steps to Create a Policy – Save and Apply

1

2

3

45

7

It Is Your T

urn!

Progress Check• Do you know

– how to create a new policy?

– why a view should be associated to a policy?

– what are the different categories of a policy?

– how to set the parameters of a policy to reflect the policy of your organization?


Organization/Machine Groups

The Org / Machine Groups Function

• This function assigns policies to organizations and machine groups.

• A System cabinet provides built-in policies that reflect best-practice solutions for common IT management tasks.

• Policies can be automatically assigned to an organization using the Systems Management Configuration setup wizard and these System cabinet policies.

• We will explain the Systems Management utility and the standard solution package later.

Overview: The Organization / Machine Group Function

1

2

g

a

h

a) Select & Assign: Selects and assigns a policy to an organization or machine group.b) Select All: Selects all organizations.c) Unselect All: Unselects all organizations.d) Collapse All: Fully collapses the organization/machine group tree.e) Expand All: Fully expands the organization/machine group tree.f) Remind me that items will automatically synchronize when moved: Displays a

popup message that changes will be applied immediately. Applies per VSA user.g) Machine Groups: List of Organizations, sub-orgs, and machine groups.h) Policies: List of your policies in their folder tree and the System policies.

b c d e f

Policies Without Views

• Assigning a view to a policy in the Policies function is required in order to assign a policy using the Organizations/Machine Groups function.

• This prevents the unintentional assignment of a policy to all machines in the VSA.

• You can assign an entire folder of policies to an organization or machine group; in this case, policies without a specified view are ignored.

ASSIGN POLICY TO AN ORGLAB 2

LAB• Assign the Server policy to FIU-<your

username>.

Steps to Assign a Policy to an Org / Machine Group

1

2

3

5

4

• Assigning Policies: You can select an org/machine group and a policy and click on Select & Assign. Alternatively, you can simply drag and drop a policy from the Policies folder tree in the right hand pane to the Org / Machine Groups tree in the middle pane.


1

2

3

5

4

6


1

2


Machines

The Machines Function• This function assigns policies to individual

machines. • The list of machine IDs you can select

depends on the machine ID / group ID filter.

Overview: The Machine Function

1

2d

a

e

a) Assign: Assigns policies to machines.b) Clear Override: Clears policy overrides on

selected machines. User must click Reprocess Policies to finish the process.

c) Reprocess Policies: All policy objects assigned to a machine are re-marked for deployment and reprocessed.

d) Displays policies assigned by machine.e) Displays policies assigned by orgs/groups.

b c

Reprocess Policies• All policy objects assigned to a machine can

be re-marked for deployment and reprocessed.

• To reduce unnecessary server activity and network traffic, each policy object is deployed only once to a machine, even if additional policies are assigned to the machine that includes the same policy object.

• If agent settings for a machine are unexpected, use this option to re-deploy all policy objects assigned to a machine.

REPROCESS POLICIESLAB 3

LAB• To expedite the processing of the policy

assigned to the FIU-<your username> in the previous lab, use reprocess policies on the affected managed machines.

Steps to Reprocess Policies

1

2

3

4


1

2

3

4

5


1

2

3

4

6


• It may take a while until the policy status icon becomes green, which means that the agent is In Compliance with the assigned policy.

1

2


Policy Assignment Rules

Policies Assignment Rules

• Multiple policies can be assigned to any organization, machine group, or machine.

• A machine with multiple policies assigned has conflicting policies when both specify the same policy object(s).– Multiple policies are not in conflict if different

policy objects are specified in each policy.– The following policy objects combine with each

other so that no conflicts occur:• Event log alerts, distribute files, monitor sets, and

agent procedures.

Policies Assignment Rules (cont)

Order of Precedence in Org/Machine Group Function:– Policies assigned to a lower level in an organization

hierarchy have precedence over policies assigned to a higher level in the same organization hierarchy.

– Unless a lower-level policy conflicts, policies assigned to one level apply to all lower levels.

– When multiple policies are assigned to the same organization or machine group, the assigned policies have precedence based on the proximity to the machine. The “closer” to the machine, the higher the precedence:

• Policies assigned at the Machine Group take precedence over those assigned at the Global level.

• Policies assigned at any sub-group level take precedence over those assigned at a parent group level.

• Policies assigned directly to a machine take precedence over those assigned at any Machine Group level.


• Order of Precedence in Machine Function:– Policies assigned by machine have precedence

over all policies assigned to that machine by organization/machine group.

– Policies assigned by machine have precedence in the order listed.

• All policy assignments can be overridden by changing agent settings manually throughout the VSA.– Manual changes have precedence over all

policies assignments.


• A policy can be associated with a view– Associating a policy with a view does not, by

itself, assign a policy to any machine.– When a machine is assigned to a policy by

organization or by machine group, an associated view filters the machines associated with a policy. If a machine is not a member of the view definition, then the policy will not be assigned to that machine.

– When a policy is assigned directly to a machine, the view associated with a policy is ignored and the policy will be propagated to that machine.


Settings

The Settings Function• This function schedules the interval for

automatic deployment of all policies to all assigned machines.

Overview: The Settings Function

1

2

a

a) Deployment Interval: This setting determines how frequently policy deployment occurs. As new machines appear or their existing associations are changed, policies may need to be deployed or re-deployed. Setting the deployment interval to manual requires the user to click the Apply Now button in the Policies function to deploy a policy.

b) Edit Schedule: A compliance check compares agent settings to the policies assigned to that agent to determine if it is in compliance.

c) Reset: Clears the recurring schedule.

b c

SETTINGSLAB 4

LAB• Schedule the interval for automatic

deployment of all policies to all assigned machines to be 5 minutes.

• Check for compliance once a day, every day, sometime between 6 am to 6 pm.

Steps to Set the Deployment Interval and Compliance Check

1

2

3 4

5


1

2

7

11

6

8 9

10


1

2


Policy Matrix

The Policy Matrix Function• This function displays the policy status of all

machines your scope authorizes you to see. • A policy status icon displays in the left-most

column for every machine on this page. • Hovering the cursor over a policy status

icon on this page displays a Policy Details window.

Overview: Policy Status Icon

1

2

Policy Status Icons:In Compliance: The agent settings match those of all policies assigned to this machine.

Marked for Deployment: At least one policy assigned to this machine has been changed and is scheduled to be deployed. No Policy Attached: No policies are assigned to this machine. Out of Compliance: At least one agent setting does not match at least one active policy assigned to this machine.

Overridden: At least one agent setting does not match at least one active policy assigned to this machine, due to a user override.

Inactive: This policy status only displays in the Policy Details window, indicating an ignored policy object.

The Policy Detail Window• The Policy Details window displays two

tabs.– Policy Object Status Details:

• Lists every policy and policy category applied to a selected machine.

– Machine Effective Policy Settings: • Lists every policy setting in effect for a selected

machine. • Since more than one policy can be applied to a

machine, some applied settings may be ignored, based on policy assignment rules.

Overview: Policy Detail Window

• Hovering the cursor over a policy status icon on this page displays a Policy Details window.

• The Policy Details window displays two tabs:a) Policy Object Status Details: Lists every policy and policy category applied to a

selected machine.b) Machine Effective Policy Settings: Lists every policy setting in effect for a

selected machine. Since more than one policy can be applied to a machine, some applied settings may be ignored, based on policy assignment rules.

a b

POLICY MATRIXLAB 5

LAB• Check the policy status of dc.• Determine the list of all the policies and

policy objects applied to dc.• Determine the list of all policy settings in

effect for dc.

Steps to Check Policy Matrix – Policy Status Icon

1

2

indicates that dc agent settings match those of all policies assigned to this machine.

Steps to Check Policy Matrix – Policy Status Icon

• Hover over to see the Matrix Detail for dc.

• The Policy Object Status Details tab lists all of the policies and their categories applied to dc.

3

5

4

Steps to Check Policy Matrix –Machine Effective Policy Settings

7

6

• The Machine Effective Policy Settings tab lists of all policy setting in effect for dc.

8


Create Policy from Agent Template

IMPORT POLICY FROM AGENT TEMPLATE

LAB6

Note• In this lab, we assume that you have

created agent templates as instructed in the previous training modules.

• If this is not the case, create a new policy from scratch for Workstation as you did for Server.

• When using a template, you must be careful to double check all of the settings.

Note• Before importing a policy from a template,

you MUST double check all the settings to make sure everything is according to your policies.

• For example, you have to ensure the schedules are set to the local time of the agent, rather than that of the server, which may be in a different time zone.

• Also, some cleanups may be in order; for example, there may be redundant agent procedures for Audit, etc.

LAB• You have been trying to provide consistent

settings for similar managed machines at FIU using two agent templates: Servers and Workstations.

• You’ve learned about the advantages of Policies, but creating the Server policy in the previous lab proved to have many similar steps as you completed for configuring the templates.

• In this lab, you attempt to create a Workstation policy by importing the settings from its corresponding template and then apply the newly-created Workstation policy to the FIU-<username> organization.

Steps to Create a Policy from a Template

1

2

34

5

6

7

8

Steps to Create a Policy – Heading

• Name: Workstation• Description: Workstation• View: Assign this policy to the

XP-<your username> view, which you created previously.

1

2

34

119

10

12

13

14

LAB Parts• Similar to creating the Server policy, we

have divided this policy creation lab into smaller parts, each addressing the settings required in each category of the server policy.

LAB – Part 1• Agent Menu:

– Check that the agent menu on workstations is set so that it only shows the Refresh option and a Web link to FIU’s website (http://www.fiu.eu); set properly if not.

http://www.fiu.eu/

Steps to Create a Policy – Agent Menu

1

2

5

3

4

9

6

8

7

LAB – Part 2• Agent Procedures:

– Check that Workstation Maintenance is scheduled as follows (set properly if not):

• Schedule the Workstation Maintenance agent procedure to run weekly sometime on a weekday from 6pm to 6am of the agent’s local time.

• If a user was logged in, inform the user that a weekly maintenance is rescheduled for one hour later and reschedule accordingly.

• If the machine is not turned on when the maintenance is scheduled, then try to wake the machine up.

– Remove any other scheduled agent procedure.

Steps to Create a Policy – Agent Procedures – Remove

1

2

36

8

4

5

7

9

Steps to Create a Policy – Agent Procedures – Edit

1

2

36

11

4

10


1214

13

15

16

18

17


191

2

3

4

LAB – Part 3• Alerts:

– Check that Alerts for Agent Status is set as follows (set properly if not):

• Alerts: Agent has not checked in for 30 days; Rearm after 1 day; User disables remote control.


– Check that Alerts for Hardware Changes is set as follows (set properly if not):

• Alerts: When any hardware changes.• Actions: Alarm and Email

LAB – Part 3 (cont)– Check that Alerts for Low Disk is set as follows

(set properly if not):• Alerts: When any fixed partition has less than 10%

of free space.• Actions: Alarm and Email

– Check that Alerts for Event Logs are set as follows (set properly if not):

• Alerts: System and Application Errors; Alert once; Ignore for one day.


Steps to Create a Policy – Alerts–Event Log–Application Error

68

1

2

3

4

7

5

Steps to Create a Policy – Alerts–Event Log–Application Error

9

10

17

12

13

14 15

16

11


6

1

2

3

4

18

19


20

24

21

27

2325

26

22


6

1

2

3

4

28

29


30

31

38

33

34

35 36

37

32


6

1

2

3

4

39

40


41

42

45

43

44


6

1

2

3

4

46

47


48

49

51

50

LAB – Part 4• Audit Schedule:

– Check that Baseline Audit is scheduled as follows (schedule correctly if not):

• Frequency: Annually; Beginning on January 1st through the 14th; Between 6am-6pm.

– Check that System Info and Latest Audit are scheduled as follows (schedule correctly if not):

• Frequency: Daily; Skip if offline; Between 6am-6pm.


6

7

1

2

3

4

5


9

14

810 11

12

13


6

7

1

2

3

4

15


17

25

1618 19

20

22

21

23

24


6

7

1

2

3

4

15

26


28

33

2729 30

31

32

Steps to Create a Policy – Audit Schedule

6

7

1

2

3

4

15

26

34

LAB – Part 5• Check-in:

– Check that the Primary and Secondary Kserver are set to your KServer DNS name (set if not).

– Check that the Primary and Secondary Port are set to 5721 (set if not).

– Check that the Check-in Period is set to 30 seconds (set if not).

– Check that no Bandwidth Throttle is set (set to zero, if not).

– Check that Warn if multiple agents use same account is selected (select if not).

Steps to Create a Policy – Check-in

6

7

1

2

3

4

5

89 10

11

12

13

14

LAB – Part 6• Credential:

– Check that the policy is set to use the following credential (set if not):

• Username: Enter your username. • Password: Enter your password.• Domain: Select Use machine's current domain.

Steps to Create a Policy – Credential

6

1

2

3

4

5

11

7

8

9

10

LAB – Part 7• Distribute File:

– Check that no file is set to be distributed to the managed machines by this policy (remove if any).


6

1

2

3

4

5

8

7


6

1

2

3

4

8

7

9


10

1

2

3

47

LAB – Part 8• Event Log Settings:

– Check that all System and Application Error event logs are set to be collected (set if not).


67

1

2

3

4

5

89

10

11


6

1

2

3

412

LAB – Part 9• LAN Cache:

– Check that the LAN Cache on dc is assigned to this policy (assign if not).


6

1

2

3

4

5

7

8

LAB – Part 10• Log History:

– Check that 30 days is set for all the logs (set if not).

Steps to Create a Policy – Log History

6

7

1

2

3

4

5

8

9

10

11

12

13

14

15

LAB – Part 11• Machine Profile:

– Verify the contact information (i.e., Contact Name, Contact Email, and Contact Phone) is blank/empty.

– Verify the Admin Email is set to your email.– Verify the Language Preference is set to

English.– Verify the Machine Role is set to Default.– Verify that Show notes as tooltip is selected.– Verify that Auto assign tickets is selected.

Steps to Create a Policy – Machine Profile

6

7

1

2

3

4

5

8

13

9

10

1112

LAB – Part 12• Monitor Sets:

– Monitor Set: Check that the Workstations monitor set is added to this policy (add if not).

– Actions: Alarm &Email


68

1

2

3

4

5

7


9

10

12

11

13


6

1

2

3

414

LAB – Part 13• Patch File Source:

– Check that these options are selected (select if not):

• Copy packages to the working directory on local drive with most free space.

• Delete package after install.• Download from Internet if machine is unable to

connect to the file server.• Pulled from LAN Cache

Steps to Create a Policy – Patch Source

6

1

2

3

4

5

789

11

12

LAB – Part 14• Patch Procedure Schedule:

– Check that Patch Scan is scheduled as follows (schedule properly if not):

• Schedule patch scans on Wednesday of each week from 6am-6pm.

• Enable the power management option on these schedules so that any machines powered off during the day can be awakened.

LAB – Part 14 (cont)– Check that patch Automatic Update is

scheduled as follows (schedule properly if not):• Schedule patch scans on Thursday of each week

from 6am-6pm.• Enable the power management option on these

schedules so that any machines powered off during the day can be awakened.


6

7

1

2

3

4

5


9

15

8 10 11

12

14

13


6

7

1

2

3

4

16


18

24

1719 20

21

23

22


6

7

1

2

3

4

16

25

LAB – Part 15• Patch Reboot Action:

– Check that reboot action is set so that if user logged in, reboot action prompts to reboot every 60 minutes until reboot occurs; reboot if user not logged in (set if not).

Steps to Create a Policy – Patch Reboot Action

6

1

2

3

4

5

7

8

LAB – Part 16• Patch Settings:

– Check that Workstation Patching policy is assigned to this policy (assign if not).

– Check that Patch Alert is set for the following alerts (set properly if not):

• Actions:– Create Alarm and Email

• Alerts:– Agent credential is invalid or missing– Patch install fails– Windows Auto Update changes


7

6

1

2

3

4

5


1

2

3

4

8

9

10

11

12

14 13

15

LAB – Part 17• Patch Windows Automatic Update:

– Check that Windows Automatic Update is disabled (disable it if not).

Steps to Create a Policy – Patch Windows Automatic Update

6

1

2

3

4

5

7

8

LAB – Part 18• Protection:

– Check that File Access Control is set as follows (set properly if not):

• No setting is assigned.

– Check that Application Blocker is set as follows (set properly if not):

• Block Solitaire (“sol.exe”).

– Check that Network Access is set as follows (set properly if not):

• No setting is assigned.


6

1

2

3

4

5

sol.exe 7 8


1

2

3

4

9

10

LAB – Part 19• Remote Control:

– Verify (set properly if not):• User notification type is set to If user logged in

display alert: "The system administrator <admin> is about to remote control your computer.”

• Notify user when session terminates: "The system administrator <admin> has terminated the remote control session."

• Require admin note to start remote control.

Steps to Create a Policy – Remote Control

6

9

1

2

3

4

5

7

12

8

10

11

LAB – Part 20• Update List By Scan:

– Check that Update List By Scan is scheduled to run once (schedule if not).


6

7

1

2

3

4

5


9

10

8


6

7

1

2

3

411

LAB – Part 21• Working Directory:

– Check that the working directory is set to “c:\kworking” (set if not).

Steps to Create a Policy – Working Directory

6

1

2

3

4

5

7

8

LAB – Part 22• Apply the policy.

Steps to Create a Policy – Apply Policy

1

2

3

4

5

6


7

1

2

3

4


1

2

LAB – Part 23• Assign the policy to FIU-<your username>.

Steps to Create a Policy – Assign a Policy to an Org

1

2

3

5

4


1

2

3

5

4

6


1

2

LAB – Part 24• To expedite the processing of the policy

assigned to the FIU-<your username> in the previous steps, manually Reprocess Policies on the affected managed machines.

Steps to Create a Policy – Reprocess Policies

1

2

3

4


1

2

3

4

5


6

1

2

3

4


1

27

• Hover over the policy status icon on ws1 to to view the detailed window and determine why the policy is out of compliance.

Steps to Create a Policy – Clear Overrides

• You realize that some of the policy objects have been overridden manually.

• Therefore, you should use the Clear Override function to clear these manual overrides.


1

2

8

9


1

2

8

9

10


1

2

8

9

11


1

2

• It may take a while until the policy status icon becomes green. The green icon indicates the agent is in compliance with the assigned policy.

It Is Your T

urn!

Progress Check• Do you know:

– how to create a new policy from an existing agent template?

– what some of the shortcomings of importing templates are?

– how to check the parameters of an imported policy to properly reflect the policy of your organization?


Dashboard

The Dashboard Function• This function provides a dashboard view of

Policy Management activities, including:– Policy Status: Hover the cursor over a pie slice

to see the amount and percentage that pie slice represents.

– Agent Policy Status: Hover the cursor over a pie slice to see the amount and percentage that pie slice represents.

– Pending Events: Lists policies that have been changed and saved, but not yet applied. Only applied settings are propagated to assigned machines.

Overview: Dashboard

1

2 a

a) Policy Status: Displays the distribution in different policy statuses.b) Agent Policy Status: Displays the distribution in different agent policy statuses.c) Pending Events: Lists policies that have been changed and saved, but not yet

applied. Only applied settings are propagated to assigned machines.

b

c

DASHBOARDLAB 7

LAB• Using the policy dashboard, find out:

– the amount and percentage of the policy in different statuses.

– the amount and percentage of the agent policy in different statuses.

– the policies that have been changed and saved, but not yet applied.

Steps to Read Information from Dashboard

1

2

34

5

6

7

• For Policy Status, hover the cursor over a pie slice to see the amount and percentage that pie slice represents.• For Agent Policy Status, hover the cursor over a pie slice to see the amount and percentage that pie slice represents.• For Pending Events, see the list of policies in the table at the bottom of this page.


Logs

The Logs Function• This function displays a log of Policy

Management module activity by:– Event ID– Event Name– Message– Admin– Event Date

• The table in this page supports selectable columns, column sorting, column filtering, and flexible columns widths.

Overview: Logs

1

2

It Is Your T

urn!

Progress Check• Do you know:

– how to read the information provided to you in the policy dashboard function?

– when you should review the policy logs and what you should look for?


Standard Solution Package

Standard Solution Package• Quickly configure and apply machine

management policies– Audit Scheduling– Monitoring – Alerts– Patch Management– Agent Procedures for Routine Machine

Maintenance• Policies are automatically assigned to an

Organization based on options enabled in the wizard

• Will not override current Agent Configuration

Standard Solution Package• What does it include?

– Policies– Agent Procedures – Monitor Sets – Event Sets– Views– Patch Management Policies

• Standard Solution Package creates a Cabinet / Folder – System / Core

Standard Solution Package• Supported OS platforms

– Microsoft Windows XP, 2003, 2003 R2, Vista, 2008, 2008 R2, 7, 2012

– Apple Macintosh Mac OS X 10.5 (Leopard), 10.6 (Snow Leopard), 10.7 (Lion), 10.8 (Mountain Lion)

– Linux OS SuSE Linux Enterprise 10 and 11, Red Hat Enterprise Linux 5 and 6, Ubuntu 8.04 and higher, and OpenSuSE 11, CentOS 5 & 6

Standard Solution Package• 3rd Party Systems Supported

» Email/Messaging• Exchange 2003, 2007, 2010, SMTP, IMAP, POP3, Blackberry Enterprise Server

» AntiVirus / AntiMalware• Symantec AntiVirus v10, Corporate Edition v10, Endpoint Protection v11• McAfee VirusScan / Enterprise, Total Protection, Endpoint Protection• Sophos AntiVirus• Trend Micro OfficeScan v10, Worry-Free Business Security v11• AVG Technologies AntiVirus v8• Kaspersky Endpoint Security v8• Microsoft Security Essentials, Forefront Endpoint Protection• Microsoft Security Center Integrated 3rd Party AV/AM Products

» Backup/Recovery• Symantec Backup Exec v10 / 11 / 12 / 12.5 / 2010 / 2012• Computer Associates BrightStor ARCServe Backup r11.1 / 11.5 / 12 / 12.5 / 15

» Database Servers• Microsoft SQL Server 2005/2008/2008 R2

» Remote Access• Terminal Server, Citrix MetaFrame / Presentation Server / XenApp

» Network Infrastructure• Microsoft Active Directory, File & Print, DHCP Server, DNS Server, FTP Server

» Web Servers• Microsoft IIS 6/7, SharePoint Server 2007 / 2010

Standard Solution PoliciesMaking changes to the Standard Solution Package• From within a function where the System cabinet is

visible (Policy Management > Policies; Monitor > Monitor Sets; Agent Procedures > Schedule/Create):– PRESS and HOLD the CTRL (control) key on your keyboard.– Using your mouse, drag and drop the individual object or an entire

folder from the System cabinet to the Private or Shared cabinet.• Note: You MUST press the CTRL button BEFORE attempting to drag/drop the object

– The selected object(s) will be copied to the Private/Shared cabinet.– Copied object(s) can now be customized

• Create Labels for the policies to keep track of versions• Must abide by Policy application precedence rules

STANDARD SOLUTION PACKAGELAB 8

LAB• Background Story:

– A Prof. at College of Engineering and Computing (cec) has recently received a grant from the National Science Foundation (NSF) to work with some primary school teachers at Palmetto Elementary.

– As part of this project, laptop1 has been sent to the school to be used by the teachers.

– You need to create a new organization for this school and use the Standard Solution Package to manage the computer in this school.

Steps to Use Standard Solution Package – Create an Org

1

2

3

456

7

Steps to Use Standard Solution Package –System Management

1

2

9

10

8


11

12

13


14

15


16

17

21

181920


22


1

2

9

10

8

23

Steps to Use Standard Solution Package –Change Group

24

25

26

27

28

Steps to Use Standard Solution Package –Change Group

24

25

Steps to Use Standard Solution Package – Orgs / Groups

29

30

Steps to Use Standard Solution Package – Machines

29

31

• It may take a while for the policy status icon to become green. A green icon indicates the agent is in compliance with the assigned policy.

Steps to Use Standard Solution Package – Policy Matrix

29

32

It Is Your T

urn!

Progress Check• Why should you use Standard Solution

Package?

• Where is the wizard for automatically configuring an organization with the Standard Solution Package?

• Is it possible to fine-tune the policies in the Standard Solution Package and customize them to your liking?


Summary

Summary• Policies vs. Agent Templates• Creating policies from scratch or templates.• Assigning policies to

orgs/groups/machines.• Policy conflict resolution and precedence.• Policy override and clearing override.• Policy Matrix, Dashboard, and Logs.• Standard Solution Package.

Policy Management Overview• Policy Assignment

– Organization or Machine Groups– Multiple Policy Assignments– Precedence Level

• Folder Level: the higher in the list, the greater the precedence

• Policy Level: the higher in the list, the greater the precedence

• VSA Specific Module Functionality – Overrides Policy

• Automatic Policy Deployment– Compliance Check

Policy Management Overview

THE END!

Documents

Kaseya Fundamentals Workshop