Upload
iola
View
75
Download
15
Embed Size (px)
DESCRIPTION
Kaseya Fundamentals Workshop. Policy Management. Developed by Kaseya University. Powered by IT Scholars. Kaseya Version 6.5 Last updated March, 2014. What is Covered?. Motivation Overview Policies Organization / Machine Groups Machines Policy Assignment Rules. Settings - PowerPoint PPT Presentation
Citation preview
Kaseya Fundamentals Workshop
Developed by
Kaseya UniversityPowered by
IT ScholarsKaseya Version 6.5
Last updated March, 2014
Policy Management
What is Covered?• Motivation• Overview• Policies• Organization /
Machine Groups• Machines• Policy Assignment
Rules
• Settings• Policy Matrix• Dashboard• Logs• Standard Solution
Package• Summary
Kaseya Fundamentals Workshop
Motivation:Agent Templates
vs. Policy Management
Agent Templates• Pros
– Enables consistency of service delivery.– Promotes standard/best practices.– Allows agent configurations to be pushed
during the initial installation of the agent.• Cons
– Requires user intervention.– Any changes must be applied to all the similar
agents every time.– May put too much load on the KServer as there
may not be a consistent way to distribute the load.
Policy Management• Pros
– Enables consistency of service delivery.– Promotes standard/best practices. – Provides automatic policy deployment.– Provides automatic policy compliance check.– Supports load distribution.– Simplifies the application and management of
policies based on Orgs, Groups, and Views.• Cons
– May take longer than agent templates to apply the initial configuration, but worth the investment.
Agent Templates Settings• Agent settings can be copied during
installation of Kaseya agents– Agent Deployment Package can reference an
Agent Template or the settings in another agent.
Agent Settings• Menu options• Credentials• Working Directory• Other options
– Audit Scan / Patch Scan– Event Log Settings– Agent – Alerts– Monitor Sets– Agent Procedures
Note• An agent template will have an orange
square icon to emphasize the fact that the an agent associated with this record has not checked into the KServer.
• Its sole purpose is to provide additional customized settings for agents with similar roles so that such settings can be added to the settings of already-deployed agents or be used as part of an agent package.
It Is Your T
urn!
Progress Check• Do you know how Agent Templates and
Policy Management are different?
• When should you use Agent Templates?
• When should you use Policy Management?
Kaseya Fundamentals Workshop
Overview
Overview• The Policy Management (KPM) module
manages agent settings by policy.• In the following slides, we introduce:
– Policies– Policy Assignment– Policy Compliance– Policy Conflicts– Overriding Policies– Importing/Exporting Policies– Policy Terminology– Function Overview
Policies• Each policy comprises sub-categories of
agent settings called policy objects.• Policy Objects include:
– Agent Menu, Alerts, Audit Schedule, Checkin, Credential, Distribute Files (on-premise only), Event Log Settings, Kaseya Anti-Malware, Kaseya AntiVirus, Kaseya Security, Log History, Machine Profile, Monitor Sets, Patch File Source, Patch Procedure Schedule, Patch Reboot Action, Patch Settings, Patch Windows Automatic Update, Protection, Remote Control, and Working Directory.
Policy Assignment• Policies can be assigned to machines,
machine groups, or organizations.• A view further filters the affected machines.• Once assigned, policies are propagated
automatically, without further intervention. • Changing a machine's association with a
machine group, organization, or view, causes the appropriate policies to be automatically re-deployed.
Policy Compliance & Conflicts• A compliance cycle checks that each
machine is in compliance with applied policies.
• VSA users can check the status of each machine to ensure it is in compliance with applied policies.
• Multiple policies can be assigned to each machine.
• If policies conflict, policy assignment rules determine which policy objects are obeyed and which are ignored.
Overriding Policies• A policy can be overridden. • A policy override condition exists if agent
settings for a machine have been set manually, outside of the Policy Management module. – For example, making changes to the agent
menu of a machine using the Agent > Agent Menu function.
• Policy Management policies for that object will be ignored from then on.
• Policy overrides can also be cleared.
Importing/Exporting Policies• Policies can be imported and exported using
System > Import Center.• A System cabinet provides built-in policies that
reflect best-practice solutions for common IT management tasks.
• Policies can be configured for an organization automatically using the Systems Management Configuration setup wizard and these System cabinet policies.
• Policies can be imported from agent templates.
Policy Terminology• Applying a policy means the changes made
to its policy objects are marked for deployment.
• Deployment means the applied changes are propagated to target machines, based on the deployment interval set using the Policy Management > Settings function.
• Pending changes are changes to policies or policy objects that have been saved but not yet applied.
Note• Because deployment may take a while, the
target machine might not be in compliance between the time the policy is applied and the policy is deployed.
Policy Management Function Overview
a) Overview: Illustrates the Policy Management workflow graphically.
b) Dashboard: Provides a dashboard view of Policy Management activities.
c) Logs: Displays a log of Policy Management module activity.d) Policy Matrix: Displays the policy status of all machines your
scope authorizes you to see. A policy status icon displays in the left most column for every machine on this page.
e) Policies: Defines agent settings by policy.f) Settings: Schedules the interval for automatic deployment of all
policies to all assigned machines.g) Organizations / Machine Groups: Assigns policies to
organizations and machine groups.h) Machines: Assigns policies to individual machines. You can also
clear Policy Management policy overrides using this function, enabling applied policies to take effect.
abcd
ef
gh
Policy Management Overview
Kaseya Fundamentals Workshop
Policies
Overview: The Policy Function
a
a) The Policy function defines agent policies. b) Policies are organized by a folder tree. c) A System cabinet provides built-in policies that reflect best-practice solutions for
common IT management tasks. d) Settings: Agent policy settings are grouped by setting category in this tab. e) Assigned Machine Groups: The organizations and machines groups assigned to a
policy display on this tab. f) Assigned Machines: Use this tab to determine the machines that are members of a
policy.
b
c
d e f
CREATE POLICYLAB 1
LAB• Create a policy for servers.
Steps to Create a Policy – Add Folder
1
2
3
4
5
6
Steps to Create a Policy – Add Policy
1
2
3
4
7
8
9
10
Steps to Create a Policy – Heading
• Name: The name of a policy.• Description: The description of a policy.• View: A view definition associated with
the policy. Once a policy is assigned to a view definition, the policy only applies to machines that are members of that view. This prevents the unintentional assignment of a policy to all machines in the VSA. Assigning a policy to a view is not required if the policy is only assigned directly to a machine using the Machines function.
1
2
37
1311
12
14
15
16
LAB Parts• We have divided the policy creation lab into
smaller parts, each addressing the settings required in each category of the server policy.
• We first introduce each category and then exercise what we have learned by applying the corresponding server settings to the policy category.
The Agent Menu Category• This category assigns agent menu settings:
– Enable Agent Icon: Check to display the agent icon in the system tray of the managed machine. Uncheck to hide the agent icon and prevent the use of agent menu options.
– About <Agent>: Check to enable the machine user to click this option to display the About box for the installed agent. The default option label Agent can be customized.
– <Contact Administrator...>: Check to enable the machine user to click this option to display either the user's Portal Access page or a different contact URL. The default option label Contact Administrator... can be customized.
– <Your Company URL...>: Check to enable the machine user to click this option to display the URL specified in the corresponding URL field.
The Agent Menu Category (cont)– Disable Remote Control: Check to allow the machine
user to enable/disable remote control to the user's managed machine.
– Set Account...: Check to enable the machine user to click this option to display their machineID.groupID.organizationID and change the Kaseya Server address the agent checks into.
– Refresh: Check to enable the machine user to initiate an immediate full check-in.
– Exit: Check to enable the machine user to terminate the agent service on the managed machine.
LAB – Part 1• Agent Menu:
– Set the agent menu on the servers so that they only show the Refresh option.
Steps to Create a Policy – Agent Menu
1
2
5
3
4
8
6
7
The Agent Procedures Category• This category assigns agent procedures:
– Add Procedure: Adds and schedules an agent procedure.
– Remove Procedure: Removes a selected agent procedure.
Note: When multiple policies are assigned to the same machine, all assigned agent procedures in all assigned policies are deployed to that machine.
LAB – Part 2• Agent Procedures:
– Schedule the Server Maintenance agent procedure to run weekly on Sunday sometime between 12am and 4am of the agent’s local time.
– If the machine is not turned on when the maintenance is scheduled, then the machine will skip that maintenance cycle and will attempt to run the maintenance a week later.
Steps to Create a Policy – Agent Procedures
8
9
1
2
3 67
4
5
Steps to Create a Policy – Agent Procedures
10
11
1
2
3
4
Steps to Create a Policy – Agent Procedures
1
2
12 14
13
15
16
17
18
Steps to Create a Policy – Agent Procedures
191
2
3
4
The Alerts Category• This category assigns standard alert notifications.
Each type of alert has different configuration settings:– Agent Status: alerts when an agent is offline, first goes
online, or someone has disabled remote control on the selected machine.
– Application Changes: alerts when a new application is installed or removed on selected machines.
– Get File: alerts when a procedure's getFile() or getFileInDirectoryPath() command executes, uploads the file, and the file is now different from the copy previously stored on the Kaseya Server. If there was no previous copy on the Kaseya Server, the alert is created.
– Hardware Changes: alerts when a hardware configuration changes on the selected machines.
The Alerts Category (cont)– Low Disk: alerts when available disk space falls below a
specified percentage of free disk space.– Event Log: alerts when an event log entry for a selected
machine matches a specified criteria. After selecting the event log type, you can filter the alert conditions specified by event set and by event category.
– LAN Watch: scans a machine’s local LAN and detects new machines and devices connected to the machine's LAN.
– Agent Procedure Failure: alerts when an agent procedure fails to execute on a managed machine.
– Protection Violation: alerts when a file is changed or access violation detected on a managed machine.
– Patch Alert: alerts for patch management events on managed machines (See Patch Settings category).
Note• When multiple policies are assigned to the
same machine, all assigned event log alerts in all assigned policies are deployed to that machine.
• For all other types of alerts, only one policy can be in effect at any one time.
LAB – Part 3• Alerts:
– Set Alerts for Agent Status• Alerts: Agent has not checked in for 10 minutes;
rearm after 12 hours; User disables remote control.• Actions: Alarm and Email
– Set Alerts for Application Changes• Alerts: New applications installed; Existing
applications deleted.• Actions: Alarm and Email
– Set Alerts for Hardware Changes• Alerts: When any hardware changes.• Actions: Alarm and Email
LAB – Part 3 (cont)– Set Alerts for Low Disk
• Alerts: When any fixed partition has less than 20% of free space.
• Actions: Alarm and Email
– Set Alerts for Event Logs:• Alerts: System and Application Errors; Alert once;
Ignore additional alarms for one day.• Actions: Alarm and Email
Steps to Create a Policy – Alerts – Agent Status
6
8
7
1
2
3
4
5
Steps to Create a Policy – Alerts – Agent Status
67
1
2
3
4
9
13
10
16
1214
15
11
Steps to Create a Policy – Alerts – Agent Status
6
1
2
3
4
Steps to Create a Policy – Alerts – Application Changes
6
18
17
1
2
3
4
Steps to Create a Policy – Alerts – Application Changes
617
1
2
3
4
19
20
24
2223
21
Steps to Create a Policy – Alerts – Application Changes
6
1
2
3
4
Steps to Create a Policy – Alerts – Hardware Changes
6
26
25
1
2
3
4
Steps to Create a Policy – Alerts – Hardware Changes
625
1
2
3
4
27
28
30
29
Steps to Create a Policy – Alerts – Hardware Changes
6
1
2
3
4
Steps to Create a Policy – Alerts – Low Disk
6
32
31
1
2
3
4
Steps to Create a Policy – Alerts – Low Disk
631
1
2
3
4
33
34
37
3635
Steps to Create a Policy – Alerts – Low Disk
6
1
2
3
4
Steps to Create a Policy – Alerts–Event Logs–Application Error
6
39
38
1
2
3
4
Steps to Create a Policy – Alerts–Event Logs–Application Error
638
1
2
3
4
40
41
48
43
44
45 46
47
42
Steps to Create a Policy – Alerts–Event Logs–Application Error
6
1
2
3
4
Steps to Create a Policy – Alerts – Event Logs – System Error
6
50
49
1
2
3
4
Steps to Create a Policy – Alerts – Event Logs – System Error
649
1
2
3
4
51
52
59
54
55
56 57
58
53
Steps to Create a Policy – Alerts – Event Logs – System Error
6
1
2
3
460
The Audit Schedule Category• This category assigns schedules for a Latest
Audit, Baseline Audit, and System Audit. There are three scheduling options:– Edit Schedule: Edits an existing audit schedule. – Reset: A schedule for this type of audit is not set
for this policy. If this same type of audit has a schedule defined in a lower-priority policy, it is allowed to take effect.
– None: A schedule for this type of audit is not set for this policy. If this same type of audit has a schedule defined in a lower priority policy, it is not allowed to take effect.
LAB – Part 4• Audit Schedule:
– Schedule Baseline Audit• Frequency: Annually; Beginning on January 1st
through the 14th; Between 6am-6pm .
– Schedule System Info and Latest Audit• Frequency: Daily; Skip if offline; Between 6am-6pm.
Steps to Create a Policy – Audit Schedule – Latest Audit
6
7
1
2
3
4
5
Steps to Create a Policy – Audit Schedule – Latest Audit
9
14
810 11
12
13
Steps to Create a Policy – Audit Schedule – Baseline Audit
6
7
1
2
3
4
15
Steps to Create a Policy – Audit Schedule – Baseline Audit
17
25
1618 19
20
22
21
23
24
Steps to Create a Policy – Audit Schedule – System Audit
6
7
1
2
3
4
15
26
Steps to Create a Policy – Audit Schedule – System Audit
28
33
2729 30
31
32
Steps to Create a Policy – Audit Schedule
6
7
1
2
3
4
15
26
34
The Check-in Category• This category assigns agent check-in settings:
– Primary KServer: Enter the IP address or fully qualified host name of the machine’s primary Kaseya Server; the latter is recommended.
– Primary Port: Enter the port number of the primary Kaseya Server; default is 5721.
– Secondary KServer: Enter the IP address or fully qualified host name of the machine’s secondary Kaseya Server; the latter is recommended.
– Secondary Port: Enter the port number of the secondary Kaseya Server; default is 5721.
The Check-in Category (cont)– Check-In Period: Enter the time interval for an agent
to wait before performing a quick check-in with the Kaseya Server. If a recent update has been set by a VSA user, the agent starts working on the task at the next check-in. The agent maintains a persistent connection to the Kaseya Server. As a result, quick check-in times do not affect response times from the agent. The quick check-in time sets the maximum time to wait before re-establishing a dropped connection.
• Setting all of your machine's quick check-in time to 30 seconds guarantees each agent recovers from a dropped connection within 30 seconds, assuming connectivity is successful.
The Check-in Category (cont)– Bind to KServer: If checked, the agent is bound to a
unique Kaseya Server ID. – Bandwidth Throttle: Limits the agent to consuming
a specified maximum amount of bandwidth on the system with this control. Disable by entering a 0.
– Warn if multiple agents use same account: The Kaseya Server can detect if more than one agent is connecting to the Kaseya Server and using the same machineID.groupID.OrganizationID.
– Warn if agent on same LAN as KServer connects through gateway: May be useful if you manage machines that share the same LAN as your KServer.
LAB – Part 5• Check-in:
– Set the Primary and Secondary KServer to the KServer DNS name.
– Set the Primary and Secondary Port to 5721.– Set the Check-in Period to 30 seconds.– Set no Bandwidth Throttle.– Select Warn if multiple agents use same
account.
Steps to Create a Policy – Check-in
6
7
1
2
3
4
5
8
9 10
11
12
13
14
The Credential Category• This category assigns a credential to a policy.
– Use organization defaults: If checked credentials set as Agent Credential in the Audit > View Assets function and Audit > Manage Credentials function are used in place of the credential specified using the Agent > Set Credential function.
– Username: Enter the username for the credential. – Password: Enter the password associated with the
username above.– Domain:
• Local user account: Logs into machine locally.• Use machine's current domain: Uses the domain
reported by the most recent latest audit.
LAB – Part 6• Credential:
– Set the policy to use the following credential:• Username: Enter your username. • Password: Enter your password.• Domain: Select Use machine's current domain.
Steps to Create a Policy – Credential
6
1
2
3
4
5
11
7
8
9
10
The Distribute File Category(on-premise only)
• This category distributes files stored on the Kaseya Server to machines assigned this policy.– Select server file: Select a file to distribute to
managed machines. These are the same set of files managed by clicking the Manage Files... link on this page.
– Specify full path and filename to store file on remote machine: Enter the path and filename to store this file on selected machine IDs.
LAB – Part 7• Distribute File:
– No file should be distributed to the managed machines by this policy.
Steps to Create a Policy – Distribute File
6
1
2
3
4
5
7
The Event Log Settings Category• This category specifies the event log types
and categories included in the Log History. • Event logs must be enabled for a machine
before event log alerts can be configured for that machine.
• However, in v6.5, event logs are automatically collected for the corresponding alerts.
LAB – Part 8• Event Log Settings:
– Collect all System and Application Error event logs.
Steps to Create a Policy – Event Log Setting
67
1
2
3
4
5
Steps to Create a Policy – Event Log Setting
89
10
11
6
1
2
3
4
7
Steps to Create a Policy – Event Log Setting
6
1
2
3
412
The LAN Cache Category• This category assigns a LAN Cache to a
policy.
LAB – Part 9• LAN Cache:
– Create a LAN Cache on dc and assign it to this policy.
Steps to Create a Policy – LAN Cache
5
1
2
3
4
6
7
Steps to Create a Policy – LAN Cache
1
2
Steps to Create a Policy – LAN Cache
13
8
9
10
11
12
14
15
The Log History Category• This category assigns log entry settings.
– Set days to keep log entries, check to archive to file:
• Configuration Changes: The log of configuration changes made by each user.
• Network Statistics: The log of incoming and outgoing packet count information and the application or process transmitting and/or receiving such packets.
• Agent Procedure Log: Displays a log of successful/failed agent procedures.
• Remote Control Log: Displays a log of remote control events.
• Alarm Log: The log of all alarms issued.
The Log History Category (cont)• Monitor Action: The log of alert conditions that have
occurred and the corresponding actions, if any, that have been taken in response to them.
• Sys Log: The log of all System Check external systems.• Agent Uptime: The log of the agent online/offline status.
– Set days to keep monitoring logs for all machines; the following monitoring log settings are applied system-wide.
• Event Log: The log of all events. The events collected are specified in more detail using Agent > Event Log Settings.
• Monitor Log: The log of data collected by monitoring sets.• SNMP Log: The log of all data collected by SNMP sets.• Agent Log: The log of agent, system, and error messages.
LAB – Part 10• Log History:
– Set retention period to 30 days for all logs.
Steps to Create a Policy – Log History
6
7
1
2
3
4
5
8
9
10
11
12
13
14
15
The Machine Profile Category• This category assigns machine profile
settings.– Contact Name: Enter the name of the individual
using the managed machine. – Contact Email: Enter the email address of the
individual using the managed machine. – Contact Phone: Enter the phone number of the
individual using the managed machine. – Admin Email: Enter the email address providing
administrator support for this managed machine. – Language Preference: Determines the language
displayed by an agent menu.
The Machine Profile Category (cont)
– Machine Role: The machine role to apply to selected machines.
– Notes: Enter any notes about a machine account. Show notes as tooltip: If checked, Edit Profile notes are included as part of the tooltip.
– Auto assign tickets: Auto assign a ticket to this machine if the Ticketing email reader receives an email from the same email address as the Contact Email.
Note: if multiple machines have the same contact email, then only one machine can have the Auto assign tickets checkbox checked.
LAB – Part 11• Machine Profile:
– Make sure that the contact information (i.e., Contact Name, Contact Email, and Contact Phone) are blank/empty.
– Set the Admin Email to your email.– Set the Language Preference to English.– Set the Machine Role to Default.– Select Show notes as tooltip.– Select Auto assign tickets.
Steps to Create a Policy – Machine Profile
6
7
1
2
3
4
5
8
13
9
10
1112
The Monitor Sets Category• This category assigns monitor sets to a
policy.– Add Monitor Set: Adds and schedules monitor
sets. – Actions:
• Create Alarm• Create Ticket• Run Script <agentprocedure> on <machineID>• Email Recipients
– Remove Monitor Set: Removes selected monitor sets.
Note• When multiple policies are assigned to the
same machine all assigned monitor sets in all assigned policies are deployed to that machine.
LAB – Part 12• Monitor Sets:
– Monitor Set: Assign the Servers monitor set.– Actions: Alarm &Email
Steps to Create a Policy – Monitor Sets
67
1
2
3
4
5
8
9
11
10
Steps to Create a Policy – Monitor Sets
6
1
2
3
412
The Patch Source Category• This category defines the file source for patch.
– Select as many options as you see fit:• Copy packages to working directory on local drive
with most free space: Downloads patches to the Working Directory, but use the drive on the managed machine with the most free disk space.
• Delete package after install (from working directory): The install package is typically deleted after the install to free up disk space.
• Download from Internet if machine is unable to connect to the file server: Optionally check this box to download from the internet. This is especially useful for laptops that are disconnected from the company network but have internet access.
The Patch Source Category (cont.)– Only choose one option for the following ones:
• Download from Internet: Each managed machine downloads directly from the internet.
• (On-Premise Only) Pulled from system server: If not on the KServer, they are downloaded on the KServer, then used for all subsequent distributions to managed machines.
• Pulled from file server using UNC path: If many machines on the same LAN, patch files can be downloaded to a local directory on a selected machine ID and shared by other machines on the LAN.
• Pulled from LAN Cache: Uses the Agent > LAN Cache function to manage file sourcing for patch executable files.
• More options (choose one):– File Server automatically gets patch files from:
• The Internet: Use this setting when the file server machine has full internet access.
• (On-Premise Only) The system server: Use this setting when the file server machine is blocked from getting internet access.
LAB – Part 13• Patch File Source
– Select these options:• Copy packages to the working directory on local
drive with most free space.• Delete package after install.• Download from Internet if machine is unable to
connect to the file server.• Pulled from LAN Cache
Steps to Create a Policy – Patch Source
6
1
2
3
4
5
789
11
12
The Patch Procedure Schedule Category
• This category schedules two tasks that can be assigned to a policy.– Patch Scan: Schedules scans to search for
missing patches on each managed machine. – Automatic Update: Schedules an update of
managed machines with Microsoft patches on a recurring basis. Automatic Update obeys both the Patch Approval Policy and the Patch Reboot Action policy.
The Patch Procedure Schedule Category (cont)
• A schedule can be set to:– Reset: A schedule for this task is not set for this
policy. If this same task has a schedule defined in a lower priority policy, it is allowed to take effect.
– None: A schedule for this task is not set for this policy. If this same task has a schedule defined in a lower priority policy, it is not allowed to take effect.
LAB – Part 14• Patch Procedure Schedule:
– Patch Scan Schedule:• Schedule patch scans on Wednesday of each week
from 6am-6pm.• If a server is powered off, simply skip the patch
scan. Servers should not be powered on as they may be off line or shut down for maintenance purposes.
– Patch Automatic Update Schedule:• No patch should be automatically updated on any
server.
Steps to Create a Policy – Patch Procedure Schedule
6
7
1
2
3
4
5
Steps to Create a Policy – Patch Procedure Schedule - Scan
9
15
8 10 11
12
14
13
1
2
Steps to Create a Policy – Patch Procedure Schedule
6
7
1
2
3
416
The Patch Reboot Action Category• This category assigns a reboot action to a policy
for patch executable files.– Reboot immediately after update: Reboots the
computer immediately after the install completes.– Reboot <day of week> at <time of day> after install:
The computer is rebooted at the selected day of week and time of day.
– Warn user that machine will reboot in <N> minutes (without asking permission): The warning pops giving the user a short time to save work.
– Skip reboot if user logged in: If the user is logged in, the reboot is skipped. This is the default setting.
The Patch Reboot Action Category (cont.)
– If user logged in ask to reboot every <N> minutes until the reboot occurs.
– If user logged in ask permission. Reboot if no response in <N> minutes. Reboot if user not logged in.
– If user logged in ask permission. Do nothing if no response in <N> minutes. Reboot if user not logged in.
– Do not reboot after update: Does not reboot. You can be notified via email when a new patch has been installed by selecting, “When reboot required, send email” and providing an email address.
LAB – Part 15• Patch Reboot Action:
– Do not reboot after update.– When reboot required, send email to you.
Steps to Create a Policy – Patch Reboot Action
6
1
2
3
4
5
7
8
The Patch Settings Category• This category assigns patch settings to a
policy.– Choose whether to run procedures:
• Pre/Post Procedure• after Initial Update• before Automatic Update• after Automatic Update
– Patch Policy Membership: Assign one or more patch policy names to this policy.
– Patch Alert: Check any of the checkboxes to perform their corresponding actions when an alert condition is encountered.
LAB – Part 16• Patch Settings:
– Assign Server Patching to this policy.– Set Patch Alert for:
• Alerts:– New Patch is Available– Agent credential is invalid or missing– Patch install fails– Windows Auto Update changes
• Actions:– Create Alarm and Email
Steps to Create a Policy – Patch Settings – Policy Membership
7
6
1
2
3
4
5
Steps to Create a Policy – Patch Settings – Patch Alarms
12
1
2
3
4
8
9
10
11
13
1514
16
The Patch Windows Automatic Update Category
• This category assigns the following policy:– Disable Windows Automatic Update to let
Patch Management control system patching: • Check to disable Windows Automatic Updates on
selected machines. This will allow Kaseya Patch Management to control patching of the managed machines.
• Overrides the existing user settings and disables the controls in Windows Automatic Updates so the user cannot change any of the settings.
• Users can still patch their systems manually.
LAB – Part 17• Patch Windows Automatic Update:
– Disable Windows Automatic Update.
Steps to Create a Policy – Patch Windows Automatic Update
6
1
2
3
4
5
7
8
The Protection Category• This category assigns file, application and
network access to a policy.• Here are the options:
– File Access Control: Adds and schedules monitor sets.
– Application Blocker: Blocks an application from running on a machine.
– Network Access: • Notify user when app blocked• Enable/Disable driver at next reboot• Apply Unlisted Action
LAB – Part 18• Protection:
– File Access Control: • Add DVD Player (“c:\windows\system32\
dvdplay.exe”).
– Application Blocker: • Block Microsoft Paint (“mspaint.exe”).
– Network Access: • Do not change the setting.
Steps to Create a Policy – Protection
6
7
1
2
3
4
5
Steps to Create a Policy – Protection – File Access
6
1
2
3
4
9
10
8
Steps to Create a Policy – Protection
6
1
2
3
4
Steps to Create a Policy – Protection – Application Blocker
6
1
2
3
4
11 12
Steps to Create a Policy – Protection – Network Access
1
2
3
4
13
14
The Remote Control Category• This category assigns remote control user
notification settings to a policy.– Select a user notification type:
• Silently take control• If user logged in display alert • If user logged in ask permission • Require Permission. Denied if no one logged in
– Other options:• Notify user when session terminates • Require admin note to start remote control
LAB – Part 19• Remote Control:
– Set user notification type to Silently take control
– Select Require admin note to start remote control
Steps to Create a Policy – Remote Control
6
8
1
2
3
4
5
7
9
The Update List by Scan Category
• This category assigns Update List by Scan schedules to a policy.– For Windows 2000 and Earlier Windows
Machines - Users may elect to run Update Lists by Scan on a recurring basis for the purpose of discovering new counter objects on those machines.
– This is the only reason to run Update Lists by Scan on a recurring basis.
LAB – Part 20• Update List By Scan:
– Schedule Update List By Scan to run once.
Steps to Create a Policy – Update List By Scan
6
7
1
2
3
4
5
Steps to Create a Policy – Update List By Scan
9
10
81
2
Steps to Create a Policy – Update List By Scan
6
7
1
2
3
411
The Working Directory Category • This category assigns a working directory to
a policy.– Working Directory: Sets the path to a directory
on the managed machine used by the agent to store working files.
LAB – Part 21• Working Directory:
– Set the working directory to “c:\kworking”.
Steps to Create a Policy – Working Directory
6
1
2
3
4
57
8
Save and Apply• Click Save and Apply to save and apply
settings for a selected policy. • Apply means the settings are propagated to
assigned machines. • A confirmation message lets you Apply Now
or Allow scheduler to apply, which applies changes using the deployment interval specified in Policy Management > Settings.
LAB – Part 22• Save and apply the policy.
Steps to Create a Policy – Save and Apply
1
2
3
45
6
Steps to Create a Policy – Save and Apply
1
2
3
45
7
It Is Your T
urn!
Progress Check• Do you know
– how to create a new policy?
– why a view should be associated to a policy?
– what are the different categories of a policy?
– how to set the parameters of a policy to reflect the policy of your organization?
Kaseya Fundamentals Workshop
Organization/Machine Groups
The Org / Machine Groups Function
• This function assigns policies to organizations and machine groups.
• A System cabinet provides built-in policies that reflect best-practice solutions for common IT management tasks.
• Policies can be automatically assigned to an organization using the Systems Management Configuration setup wizard and these System cabinet policies.
• We will explain the Systems Management utility and the standard solution package later.
Overview: The Organization / Machine Group Function
1
2
g
a
h
a) Select & Assign: Selects and assigns a policy to an organization or machine group.b) Select All: Selects all organizations.c) Unselect All: Unselects all organizations.d) Collapse All: Fully collapses the organization/machine group tree.e) Expand All: Fully expands the organization/machine group tree.f) Remind me that items will automatically synchronize when moved: Displays a
popup message that changes will be applied immediately. Applies per VSA user.g) Machine Groups: List of Organizations, sub-orgs, and machine groups.h) Policies: List of your policies in their folder tree and the System policies.
b c d e f
Policies Without Views
• Assigning a view to a policy in the Policies function is required in order to assign a policy using the Organizations/Machine Groups function.
• This prevents the unintentional assignment of a policy to all machines in the VSA.
• You can assign an entire folder of policies to an organization or machine group; in this case, policies without a specified view are ignored.
ASSIGN POLICY TO AN ORGLAB 2
LAB• Assign the Server policy to FIU-<your
username>.
Steps to Assign a Policy to an Org / Machine Group
1
2
3
5
4
• Assigning Policies: You can select an org/machine group and a policy and click on Select & Assign. Alternatively, you can simply drag and drop a policy from the Policies folder tree in the right hand pane to the Org / Machine Groups tree in the middle pane.
Steps to Assign a Policy to an Org / Machine Group
1
2
3
5
4
6
Steps to Assign a Policy to an Org / Machine Group
1
2
Kaseya Fundamentals Workshop
Machines
The Machines Function• This function assigns policies to individual
machines. • The list of machine IDs you can select
depends on the machine ID / group ID filter.
Overview: The Machine Function
1
2d
a
e
a) Assign: Assigns policies to machines.b) Clear Override: Clears policy overrides on
selected machines. User must click Reprocess Policies to finish the process.
c) Reprocess Policies: All policy objects assigned to a machine are re-marked for deployment and reprocessed.
d) Displays policies assigned by machine.e) Displays policies assigned by orgs/groups.
b c
Reprocess Policies• All policy objects assigned to a machine can
be re-marked for deployment and reprocessed.
• To reduce unnecessary server activity and network traffic, each policy object is deployed only once to a machine, even if additional policies are assigned to the machine that includes the same policy object.
• If agent settings for a machine are unexpected, use this option to re-deploy all policy objects assigned to a machine.
REPROCESS POLICIESLAB 3
LAB• To expedite the processing of the policy
assigned to the FIU-<your username> in the previous lab, use reprocess policies on the affected managed machines.
Steps to Reprocess Policies
1
2
3
4
Steps to Reprocess Policies
1
2
3
4
5
Steps to Reprocess Policies
1
2
3
4
6
Steps to Reprocess Policies
• It may take a while until the policy status icon becomes green, which means that the agent is In Compliance with the assigned policy.
1
2
Kaseya Fundamentals Workshop
Policy Assignment Rules
Policies Assignment Rules
• Multiple policies can be assigned to any organization, machine group, or machine.
• A machine with multiple policies assigned has conflicting policies when both specify the same policy object(s).– Multiple policies are not in conflict if different
policy objects are specified in each policy.– The following policy objects combine with each
other so that no conflicts occur:• Event log alerts, distribute files, monitor sets, and
agent procedures.
Policies Assignment Rules (cont)
Order of Precedence in Org/Machine Group Function:– Policies assigned to a lower level in an organization
hierarchy have precedence over policies assigned to a higher level in the same organization hierarchy.
– Unless a lower-level policy conflicts, policies assigned to one level apply to all lower levels.
– When multiple policies are assigned to the same organization or machine group, the assigned policies have precedence based on the proximity to the machine. The “closer” to the machine, the higher the precedence:
• Policies assigned at the Machine Group take precedence over those assigned at the Global level.
• Policies assigned at any sub-group level take precedence over those assigned at a parent group level.
• Policies assigned directly to a machine take precedence over those assigned at any Machine Group level.
Policies Assignment Rules (cont)
• Order of Precedence in Machine Function:– Policies assigned by machine have precedence
over all policies assigned to that machine by organization/machine group.
– Policies assigned by machine have precedence in the order listed.
• All policy assignments can be overridden by changing agent settings manually throughout the VSA.– Manual changes have precedence over all
policies assignments.
Policies Assignment Rules (cont)
• A policy can be associated with a view– Associating a policy with a view does not, by
itself, assign a policy to any machine.– When a machine is assigned to a policy by
organization or by machine group, an associated view filters the machines associated with a policy. If a machine is not a member of the view definition, then the policy will not be assigned to that machine.
– When a policy is assigned directly to a machine, the view associated with a policy is ignored and the policy will be propagated to that machine.
Kaseya Fundamentals Workshop
Settings
The Settings Function• This function schedules the interval for
automatic deployment of all policies to all assigned machines.
Overview: The Settings Function
1
2
a
a) Deployment Interval: This setting determines how frequently policy deployment occurs. As new machines appear or their existing associations are changed, policies may need to be deployed or re-deployed. Setting the deployment interval to manual requires the user to click the Apply Now button in the Policies function to deploy a policy.
b) Edit Schedule: A compliance check compares agent settings to the policies assigned to that agent to determine if it is in compliance.
c) Reset: Clears the recurring schedule.
b c
SETTINGSLAB 4
LAB• Schedule the interval for automatic
deployment of all policies to all assigned machines to be 5 minutes.
• Check for compliance once a day, every day, sometime between 6 am to 6 pm.
Steps to Set the Deployment Interval and Compliance Check
1
2
3 4
5
Steps to Set the Deployment Interval and Compliance Check
1
2
7
11
6
8 9
10
Steps to Set the Deployment Interval and Compliance Check
1
2
Kaseya Fundamentals Workshop
Policy Matrix
The Policy Matrix Function• This function displays the policy status of all
machines your scope authorizes you to see. • A policy status icon displays in the left-most
column for every machine on this page. • Hovering the cursor over a policy status
icon on this page displays a Policy Details window.
Overview: Policy Status Icon
1
2
Policy Status Icons:In Compliance: The agent settings match those of all policies assigned to this machine.
Marked for Deployment: At least one policy assigned to this machine has been changed and is scheduled to be deployed. No Policy Attached: No policies are assigned to this machine. Out of Compliance: At least one agent setting does not match at least one active policy assigned to this machine.
Overridden: At least one agent setting does not match at least one active policy assigned to this machine, due to a user override.
Inactive: This policy status only displays in the Policy Details window, indicating an ignored policy object.
The Policy Detail Window• The Policy Details window displays two
tabs.– Policy Object Status Details:
• Lists every policy and policy category applied to a selected machine.
– Machine Effective Policy Settings: • Lists every policy setting in effect for a selected
machine. • Since more than one policy can be applied to a
machine, some applied settings may be ignored, based on policy assignment rules.
Overview: Policy Detail Window
• Hovering the cursor over a policy status icon on this page displays a Policy Details window.
• The Policy Details window displays two tabs:a) Policy Object Status Details: Lists every policy and policy category applied to a
selected machine.b) Machine Effective Policy Settings: Lists every policy setting in effect for a
selected machine. Since more than one policy can be applied to a machine, some applied settings may be ignored, based on policy assignment rules.
a b
POLICY MATRIXLAB 5
LAB• Check the policy status of dc.• Determine the list of all the policies and
policy objects applied to dc.• Determine the list of all policy settings in
effect for dc.
Steps to Check Policy Matrix – Policy Status Icon
1
2
indicates that dc agent settings match those of all policies assigned to this machine.
Steps to Check Policy Matrix – Policy Status Icon
• Hover over to see the Matrix Detail for dc.
• The Policy Object Status Details tab lists all of the policies and their categories applied to dc.
3
5
4
Steps to Check Policy Matrix –Machine Effective Policy Settings
7
6
• The Machine Effective Policy Settings tab lists of all policy setting in effect for dc.
8
Kaseya Fundamentals Workshop
Create Policy from Agent Template
IMPORT POLICY FROM AGENT TEMPLATE
LAB6
Note• In this lab, we assume that you have
created agent templates as instructed in the previous training modules.
• If this is not the case, create a new policy from scratch for Workstation as you did for Server.
• When using a template, you must be careful to double check all of the settings.
Note• Before importing a policy from a template,
you MUST double check all the settings to make sure everything is according to your policies.
• For example, you have to ensure the schedules are set to the local time of the agent, rather than that of the server, which may be in a different time zone.
• Also, some cleanups may be in order; for example, there may be redundant agent procedures for Audit, etc.
LAB• You have been trying to provide consistent
settings for similar managed machines at FIU using two agent templates: Servers and Workstations.
• You’ve learned about the advantages of Policies, but creating the Server policy in the previous lab proved to have many similar steps as you completed for configuring the templates.
• In this lab, you attempt to create a Workstation policy by importing the settings from its corresponding template and then apply the newly-created Workstation policy to the FIU-<username> organization.
Steps to Create a Policy from a Template
1
2
34
5
6
7
8
Steps to Create a Policy – Heading
• Name: Workstation• Description: Workstation• View: Assign this policy to the
XP-<your username> view, which you created previously.
1
2
34
119
10
12
13
14
LAB Parts• Similar to creating the Server policy, we
have divided this policy creation lab into smaller parts, each addressing the settings required in each category of the server policy.
LAB – Part 1• Agent Menu:
– Check that the agent menu on workstations is set so that it only shows the Refresh option and a Web link to FIU’s website (http://www.fiu.eu); set properly if not.
Steps to Create a Policy – Agent Menu
1
2
5
3
4
9
6
8
7
LAB – Part 2• Agent Procedures:
– Check that Workstation Maintenance is scheduled as follows (set properly if not):
• Schedule the Workstation Maintenance agent procedure to run weekly sometime on a weekday from 6pm to 6am of the agent’s local time.
• If a user was logged in, inform the user that a weekly maintenance is rescheduled for one hour later and reschedule accordingly.
• If the machine is not turned on when the maintenance is scheduled, then try to wake the machine up.
– Remove any other scheduled agent procedure.
Steps to Create a Policy – Agent Procedures – Remove
1
2
36
8
4
5
7
9
Steps to Create a Policy – Agent Procedures – Edit
1
2
36
11
4
10
Steps to Create a Policy – Agent Procedures – Edit
1214
13
15
16
18
17
Steps to Create a Policy – Agent Procedures – Edit
191
2
3
4
LAB – Part 3• Alerts:
– Check that Alerts for Agent Status is set as follows (set properly if not):
• Alerts: Agent has not checked in for 30 days; Rearm after 1 day; User disables remote control.
• Actions: Alarm and Email
– Check that Alerts for Hardware Changes is set as follows (set properly if not):
• Alerts: When any hardware changes.• Actions: Alarm and Email
LAB – Part 3 (cont)– Check that Alerts for Low Disk is set as follows
(set properly if not):• Alerts: When any fixed partition has less than 10%
of free space.• Actions: Alarm and Email
– Check that Alerts for Event Logs are set as follows (set properly if not):
• Alerts: System and Application Errors; Alert once; Ignore for one day.
• Actions: Alarm and Email
Steps to Create a Policy – Alerts–Event Log–Application Error
68
1
2
3
4
7
5
Steps to Create a Policy – Alerts–Event Log–Application Error
9
10
17
12
13
14 15
16
11
Steps to Create a Policy – Alerts – Agent Status
6
1
2
3
4
18
19
Steps to Create a Policy – Alerts – Agent Status
20
24
21
27
2325
26
22
Steps to Create a Policy – Alerts – Event Logs – System Error
6
1
2
3
4
28
29
Steps to Create a Policy – Alerts – Event Logs – System Error
30
31
38
33
34
35 36
37
32
Steps to Create a Policy – Alerts – Low Disk
6
1
2
3
4
39
40
Steps to Create a Policy – Alerts – Low Disk
41
42
45
43
44
Steps to Create a Policy – Alerts – Hardware Changes
6
1
2
3
4
46
47
Steps to Create a Policy – Alerts – Hardware Changes
48
49
51
50
LAB – Part 4• Audit Schedule:
– Check that Baseline Audit is scheduled as follows (schedule correctly if not):
• Frequency: Annually; Beginning on January 1st through the 14th; Between 6am-6pm.
– Check that System Info and Latest Audit are scheduled as follows (schedule correctly if not):
• Frequency: Daily; Skip if offline; Between 6am-6pm.
Steps to Create a Policy – Audit Schedule – Latest Audit
6
7
1
2
3
4
5
Steps to Create a Policy – Audit Schedule – Latest Audit
9
14
810 11
12
13
Steps to Create a Policy – Audit Schedule – Baseline Audit
6
7
1
2
3
4
15
Steps to Create a Policy – Audit Schedule – Baseline Audit
17
25
1618 19
20
22
21
23
24
Steps to Create a Policy – Audit Schedule – System Audit
6
7
1
2
3
4
15
26
Steps to Create a Policy – Audit Schedule – System Audit
28
33
2729 30
31
32
Steps to Create a Policy – Audit Schedule
6
7
1
2
3
4
15
26
34
LAB – Part 5• Check-in:
– Check that the Primary and Secondary Kserver are set to your KServer DNS name (set if not).
– Check that the Primary and Secondary Port are set to 5721 (set if not).
– Check that the Check-in Period is set to 30 seconds (set if not).
– Check that no Bandwidth Throttle is set (set to zero, if not).
– Check that Warn if multiple agents use same account is selected (select if not).
Steps to Create a Policy – Check-in
6
7
1
2
3
4
5
89 10
11
12
13
14
LAB – Part 6• Credential:
– Check that the policy is set to use the following credential (set if not):
• Username: Enter your username. • Password: Enter your password.• Domain: Select Use machine's current domain.
Steps to Create a Policy – Credential
6
1
2
3
4
5
11
7
8
9
10
LAB – Part 7• Distribute File:
– Check that no file is set to be distributed to the managed machines by this policy (remove if any).
Steps to Create a Policy – Distribute File
6
1
2
3
4
5
8
7
Steps to Create a Policy – Distribute File
6
1
2
3
4
8
7
9
Steps to Create a Policy – Distribute File
10
1
2
3
47
LAB – Part 8• Event Log Settings:
– Check that all System and Application Error event logs are set to be collected (set if not).
Steps to Create a Policy – Event Log Setting
67
1
2
3
4
5
89
10
11
Steps to Create a Policy – Event Log Setting
6
1
2
3
412
LAB – Part 9• LAN Cache:
– Check that the LAN Cache on dc is assigned to this policy (assign if not).
Steps to Create a Policy – LAN Cache
6
1
2
3
4
5
7
8
LAB – Part 10• Log History:
– Check that 30 days is set for all the logs (set if not).
Steps to Create a Policy – Log History
6
7
1
2
3
4
5
8
9
10
11
12
13
14
15
LAB – Part 11• Machine Profile:
– Verify the contact information (i.e., Contact Name, Contact Email, and Contact Phone) is blank/empty.
– Verify the Admin Email is set to your email.– Verify the Language Preference is set to
English.– Verify the Machine Role is set to Default.– Verify that Show notes as tooltip is selected.– Verify that Auto assign tickets is selected.
Steps to Create a Policy – Machine Profile
6
7
1
2
3
4
5
8
13
9
10
1112
LAB – Part 12• Monitor Sets:
– Monitor Set: Check that the Workstations monitor set is added to this policy (add if not).
– Actions: Alarm &Email
Steps to Create a Policy – Monitor Sets
68
1
2
3
4
5
7
Steps to Create a Policy – Monitor Sets
9
10
12
11
13
Steps to Create a Policy – Monitor Sets
6
1
2
3
414
LAB – Part 13• Patch File Source:
– Check that these options are selected (select if not):
• Copy packages to the working directory on local drive with most free space.
• Delete package after install.• Download from Internet if machine is unable to
connect to the file server.• Pulled from LAN Cache
Steps to Create a Policy – Patch Source
6
1
2
3
4
5
789
11
12
LAB – Part 14• Patch Procedure Schedule:
– Check that Patch Scan is scheduled as follows (schedule properly if not):
• Schedule patch scans on Wednesday of each week from 6am-6pm.
• Enable the power management option on these schedules so that any machines powered off during the day can be awakened.
LAB – Part 14 (cont)– Check that patch Automatic Update is
scheduled as follows (schedule properly if not):• Schedule patch scans on Thursday of each week
from 6am-6pm.• Enable the power management option on these
schedules so that any machines powered off during the day can be awakened.
Steps to Create a Policy – Patch Procedure Schedule
6
7
1
2
3
4
5
Steps to Create a Policy – Patch Procedure Schedule
9
15
8 10 11
12
14
13
Steps to Create a Policy – Patch Procedure Schedule
6
7
1
2
3
4
16
Steps to Create a Policy – Patch Procedure Schedule
18
24
1719 20
21
23
22
Steps to Create a Policy – Patch Procedure Schedule
6
7
1
2
3
4
16
25
LAB – Part 15• Patch Reboot Action:
– Check that reboot action is set so that if user logged in, reboot action prompts to reboot every 60 minutes until reboot occurs; reboot if user not logged in (set if not).
Steps to Create a Policy – Patch Reboot Action
6
1
2
3
4
5
7
8
LAB – Part 16• Patch Settings:
– Check that Workstation Patching policy is assigned to this policy (assign if not).
– Check that Patch Alert is set for the following alerts (set properly if not):
• Actions:– Create Alarm and Email
• Alerts:– Agent credential is invalid or missing– Patch install fails– Windows Auto Update changes
Steps to Create a Policy – Patch Settings – Policy Membership
7
6
1
2
3
4
5
Steps to Create a Policy – Patch Settings – Policy Membership
1
2
3
4
8
9
10
11
12
14 13
15
LAB – Part 17• Patch Windows Automatic Update:
– Check that Windows Automatic Update is disabled (disable it if not).
Steps to Create a Policy – Patch Windows Automatic Update
6
1
2
3
4
5
7
8
LAB – Part 18• Protection:
– Check that File Access Control is set as follows (set properly if not):
• No setting is assigned.
– Check that Application Blocker is set as follows (set properly if not):
• Block Solitaire (“sol.exe”).
– Check that Network Access is set as follows (set properly if not):
• No setting is assigned.
Steps to Create a Policy – Protection
6
1
2
3
4
5
sol.exe 7 8
Steps to Create a Policy – Protection
1
2
3
4
9
10
LAB – Part 19• Remote Control:
– Verify (set properly if not):• User notification type is set to If user logged in
display alert: "The system administrator <admin> is about to remote control your computer.”
• Notify user when session terminates: "The system administrator <admin> has terminated the remote control session."
• Require admin note to start remote control.
Steps to Create a Policy – Remote Control
6
9
1
2
3
4
5
7
12
8
10
11
LAB – Part 20• Update List By Scan:
– Check that Update List By Scan is scheduled to run once (schedule if not).
Steps to Create a Policy – Update List By Scan
6
7
1
2
3
4
5
Steps to Create a Policy – Update List By Scan
9
10
8
Steps to Create a Policy – Update List By Scan
6
7
1
2
3
411
LAB – Part 21• Working Directory:
– Check that the working directory is set to “c:\kworking” (set if not).
Steps to Create a Policy – Working Directory
6
1
2
3
4
5
7
8
LAB – Part 22• Apply the policy.
Steps to Create a Policy – Apply Policy
1
2
3
4
5
6
Steps to Create a Policy – Apply Policy
7
1
2
3
4
Steps to Create a Policy – Apply Policy
1
2
LAB – Part 23• Assign the policy to FIU-<your username>.
Steps to Create a Policy – Assign a Policy to an Org
1
2
3
5
4
Steps to Create a Policy – Assign a Policy to an Org
1
2
3
5
4
6
Steps to Create a Policy – Assign a Policy to an Org
1
2
LAB – Part 24• To expedite the processing of the policy
assigned to the FIU-<your username> in the previous steps, manually Reprocess Policies on the affected managed machines.
Steps to Create a Policy – Reprocess Policies
1
2
3
4
Steps to Create a Policy – Reprocess Policies
1
2
3
4
5
Steps to Create a Policy – Reprocess Policies
6
1
2
3
4
Steps to Create a Policy – Reprocess Policies
1
27
• Hover over the policy status icon on ws1 to to view the detailed window and determine why the policy is out of compliance.
Steps to Create a Policy – Clear Overrides
• You realize that some of the policy objects have been overridden manually.
• Therefore, you should use the Clear Override function to clear these manual overrides.
Steps to Create a Policy – Clear Overrides
1
2
8
9
Steps to Create a Policy – Clear Overrides
1
2
8
9
10
Steps to Create a Policy – Clear Overrides
1
2
8
9
11
Steps to Create a Policy – Clear Overrides
1
2
• It may take a while until the policy status icon becomes green. The green icon indicates the agent is in compliance with the assigned policy.
It Is Your T
urn!
Progress Check• Do you know:
– how to create a new policy from an existing agent template?
– what some of the shortcomings of importing templates are?
– how to check the parameters of an imported policy to properly reflect the policy of your organization?
Kaseya Fundamentals Workshop
Dashboard
The Dashboard Function• This function provides a dashboard view of
Policy Management activities, including:– Policy Status: Hover the cursor over a pie slice
to see the amount and percentage that pie slice represents.
– Agent Policy Status: Hover the cursor over a pie slice to see the amount and percentage that pie slice represents.
– Pending Events: Lists policies that have been changed and saved, but not yet applied. Only applied settings are propagated to assigned machines.
Overview: Dashboard
1
2 a
a) Policy Status: Displays the distribution in different policy statuses.b) Agent Policy Status: Displays the distribution in different agent policy statuses.c) Pending Events: Lists policies that have been changed and saved, but not yet
applied. Only applied settings are propagated to assigned machines.
b
c
DASHBOARDLAB 7
LAB• Using the policy dashboard, find out:
– the amount and percentage of the policy in different statuses.
– the amount and percentage of the agent policy in different statuses.
– the policies that have been changed and saved, but not yet applied.
Steps to Read Information from Dashboard
1
2
34
5
6
7
• For Policy Status, hover the cursor over a pie slice to see the amount and percentage that pie slice represents.• For Agent Policy Status, hover the cursor over a pie slice to see the amount and percentage that pie slice represents.• For Pending Events, see the list of policies in the table at the bottom of this page.
Kaseya Fundamentals Workshop
Logs
The Logs Function• This function displays a log of Policy
Management module activity by:– Event ID– Event Name– Message– Admin– Event Date
• The table in this page supports selectable columns, column sorting, column filtering, and flexible columns widths.
Overview: Logs
1
2
It Is Your T
urn!
Progress Check• Do you know:
– how to read the information provided to you in the policy dashboard function?
– when you should review the policy logs and what you should look for?
Kaseya Fundamentals Workshop
Standard Solution Package
Standard Solution Package• Quickly configure and apply machine
management policies– Audit Scheduling– Monitoring – Alerts– Patch Management– Agent Procedures for Routine Machine
Maintenance• Policies are automatically assigned to an
Organization based on options enabled in the wizard
• Will not override current Agent Configuration
Standard Solution Package• What does it include?
– Policies– Agent Procedures – Monitor Sets – Event Sets– Views– Patch Management Policies
• Standard Solution Package creates a Cabinet / Folder – System / Core
Standard Solution Package• Supported OS platforms
– Microsoft Windows XP, 2003, 2003 R2, Vista, 2008, 2008 R2, 7, 2012
– Apple Macintosh Mac OS X 10.5 (Leopard), 10.6 (Snow Leopard), 10.7 (Lion), 10.8 (Mountain Lion)
– Linux OS SuSE Linux Enterprise 10 and 11, Red Hat Enterprise Linux 5 and 6, Ubuntu 8.04 and higher, and OpenSuSE 11, CentOS 5 & 6
Standard Solution Package• 3rd Party Systems Supported
» Email/Messaging• Exchange 2003, 2007, 2010, SMTP, IMAP, POP3, Blackberry Enterprise Server
» AntiVirus / AntiMalware• Symantec AntiVirus v10, Corporate Edition v10, Endpoint Protection v11• McAfee VirusScan / Enterprise, Total Protection, Endpoint Protection• Sophos AntiVirus• Trend Micro OfficeScan v10, Worry-Free Business Security v11• AVG Technologies AntiVirus v8• Kaspersky Endpoint Security v8• Microsoft Security Essentials, Forefront Endpoint Protection• Microsoft Security Center Integrated 3rd Party AV/AM Products
» Backup/Recovery• Symantec Backup Exec v10 / 11 / 12 / 12.5 / 2010 / 2012• Computer Associates BrightStor ARCServe Backup r11.1 / 11.5 / 12 / 12.5 / 15
» Database Servers• Microsoft SQL Server 2005/2008/2008 R2
» Remote Access• Terminal Server, Citrix MetaFrame / Presentation Server / XenApp
» Network Infrastructure• Microsoft Active Directory, File & Print, DHCP Server, DNS Server, FTP Server
» Web Servers• Microsoft IIS 6/7, SharePoint Server 2007 / 2010
Standard Solution PoliciesMaking changes to the Standard Solution Package• From within a function where the System cabinet is
visible (Policy Management > Policies; Monitor > Monitor Sets; Agent Procedures > Schedule/Create):– PRESS and HOLD the CTRL (control) key on your keyboard.– Using your mouse, drag and drop the individual object or an entire
folder from the System cabinet to the Private or Shared cabinet.• Note: You MUST press the CTRL button BEFORE attempting to drag/drop the object
– The selected object(s) will be copied to the Private/Shared cabinet.– Copied object(s) can now be customized
• Create Labels for the policies to keep track of versions• Must abide by Policy application precedence rules
STANDARD SOLUTION PACKAGELAB 8
LAB• Background Story:
– A Prof. at College of Engineering and Computing (cec) has recently received a grant from the National Science Foundation (NSF) to work with some primary school teachers at Palmetto Elementary.
– As part of this project, laptop1 has been sent to the school to be used by the teachers.
– You need to create a new organization for this school and use the Standard Solution Package to manage the computer in this school.
Steps to Use Standard Solution Package – Create an Org
1
2
3
456
7
Steps to Use Standard Solution Package –System Management
1
2
9
10
8
Steps to Use Standard Solution Package –System Management
11
12
13
Steps to Use Standard Solution Package –System Management
14
15
Steps to Use Standard Solution Package –System Management
16
17
21
181920
Steps to Use Standard Solution Package –System Management
22
Steps to Use Standard Solution Package –System Management
1
2
9
10
8
23
Steps to Use Standard Solution Package –Change Group
24
25
26
27
28
Steps to Use Standard Solution Package –Change Group
24
25
Steps to Use Standard Solution Package – Orgs / Groups
29
30
Steps to Use Standard Solution Package – Machines
29
31
• It may take a while for the policy status icon to become green. A green icon indicates the agent is in compliance with the assigned policy.
Steps to Use Standard Solution Package – Policy Matrix
29
32
It Is Your T
urn!
Progress Check• Why should you use Standard Solution
Package?
• Where is the wizard for automatically configuring an organization with the Standard Solution Package?
• Is it possible to fine-tune the policies in the Standard Solution Package and customize them to your liking?
Kaseya Fundamentals Workshop
Summary
Summary• Policies vs. Agent Templates• Creating policies from scratch or templates.• Assigning policies to
orgs/groups/machines.• Policy conflict resolution and precedence.• Policy override and clearing override.• Policy Matrix, Dashboard, and Logs.• Standard Solution Package.
Policy Management Overview• Policy Assignment
– Organization or Machine Groups– Multiple Policy Assignments– Precedence Level
• Folder Level: the higher in the list, the greater the precedence
• Policy Level: the higher in the list, the greater the precedence
• VSA Specific Module Functionality – Overrides Policy
• Automatic Policy Deployment– Compliance Check
Policy Management Overview
THE END!