Apr
10
2014

Dr. K’s Korner – Customer Q&A

Every month we take questions for Dr. K. and answer the best one in front of the world!

Have a question for Dr. K? Send an e-mail to kketeam@kace.com

QuestionDr. K- Is it possible to get instant alerts when software is detected/no longer detected? If so, how?

Answer: Well, not really “instant”, but you can get them pretty quickly. A few terminology things to keep in mind-

  • Alerts=Desktop Messaging; Displayed locally upon agent inventory.
  • E-Mail Alerts=E-mail to specific user about a condition; sent up to every 15 minutes.
  • Scheduled Reports=Highly customizable E-Mail; send up to every hour.

With that in mind, you might choose to use any or all of the options. For example- a good alert might be detecting the presence of unwanted software and displaying a desktop alert to the user reminding them of a policy; supplement that with a script or Managed Install to remove the software title. A good notification or report might be something like this:

SELECT CONCAT(S.DISPLAY_NAME, ' ', S.DISPLAY_VERSION) AS 'Software', A.NAME as 'Computer', AH.TIME as 'Installed' FROM ASSET_HISTORY AH, ASSET A, ASSET_TYPE AST, SOFTWARE S WHERE AST.ASSET_CATEGORY = "Computer" and A.ID = AH.ASSET_ID and DATE(AH.TIME) > DATE(DATE_SUB(NOW(), INTERVAL 24 HOUR)) ORDER BY Installed, Computer

There are many other examples of SQL and similar approaches on ITNinja. One of my favorite examples that shows some good efforts towards filtering out commonly accepted items such as patches is http://www.itninja.com/question/software-changes-history Adjust the interval portion to fit your desired schedule so you don’t get too much overlap. For example if I were running the report daily, I’d set the interval to INTERVAL 2 DAY but if I were getting mail hourly i’d likely set it to INTERVAL 90 MINUTE. Hope that helps!

Thanks for the question – I’ll get you a prize soon for picking your question!
—Dr. K

Posted in New Posts, Tech Talk | Tagged , , , , , | Leave a comment
Apr
8
2014

Best Practices for Migration from Windows XP – Phase III: Deployment

Today, April 8, 2014, is the last ‘Patch Tuesday’ for PCs running on Windows XP.  No more support from Microsoft and no more patches fixing newly discovered security holes.  Even though the end of life date for XP has been known for years, Windows XP still remains the second most popular operating system out there behind Windows 7 – with approximately a fourth of the world’s PCs still running on Windows XP (slightly higher for consumer, slightly lower for businesses and government)[1].  If you have not migrated off of XP, it is time to start.  Dell Software has established a four-phase process for successful and timely migration of your devices from Windows XP to Windows 7 or 8, and provides the tools to automate and simplify each step:

This is the third in a series of four blog posts discussing each of these phases.

Phase III – Deployment:  Migration of systems and user content

Once you have inventoried your environment and decided what will be migrated over and have made sure that all of your applications will work on the new OS, the next step is the actual deployment of the new OS to your machines.  You can do a number of things to make this step faster and more reliable.

First, use a systems imaging solution that will allow you to create a small number of thin, hardware-independent “gold master” images that can easily be kept up to date.  Create a few core images and then layer unique drivers, updates, applications, configurations, and user settings on top of the image as required.  This allows you to significantly reduce the number and size of master images and greatly simplifies image management.

Second, use a solution that offers a centralized deployment system that supports network installations and installations to remote sites.  Forcing users to bring their PCs to IT for imaging or having IT visit each location can be a great resource drain as well as cause a significant loss in productivity during the migration process.  In addition, distributing images to each remote client separately can be an extremely bandwidth-intensive process.  Use a solution that can deploy images to systems over the network and to locations that have little or no on-site IT support and/or are subject to limited bandwidth availability.  A solution that can create replication servers on remote sites to act as local distribution points for deploying images – the image file is transferred once to a single host system at the remote site, which then deploys to image to local individual systems – can help with this process and greatly reduce bandwidth consumption.

Finally, use a solution that has automated system deployment functionality built in, including automation of complex pre- and post-installation tasks, such as user state migration, post OS installation of applications, and multiple system reboots.  By automating complex tasks, you can initiate unattended deployments during off-work hours, minimizing both the time consumed by IT and the disruption to end users.  If you are engaging in a large scale migration project and refreshing hardware as part of the process, a solution that can multicast – deploy an image to multiple systems simultaneously – can also greatly speed up the time it takes to get your systems off Windows XP.

The Dell KACE K2000 Deployment Appliance is the ideal solution for the Deployment Phase of your Windows Migration project.  The K2000 provides for deployment of thin, hardware independent “gold master” system images, making it easier to maintain a small number of up-to-date images, further minimizing post-installation tasks because they are editable and can be hardware-independent.  The K2000 also simplifies driver management by automatically downloading a feed of the latest drivers from Microsoft and Dell, which are organized by computer model.  In addition, the K2000 supports deployment over your network as well as through remote site servers that require no IT support and virtually no dedicated hardware at those remote sites.  Finally, K2000’s powerful task engine automates all systems deployment tasks, including disk imaging, OS and application provisioning, user state migration, and repair and recovery for systems that won’t boot.  The task engine provides real time communication between the K2000 and the systems being deployed and also is tightly integrated with K2000 multicast deployment capabilities.  This allows for true “lights off” deployment – the ability to set a large number of systems to image overnight, go home, and come back in the morning with the task complete.

To find out more about how the KACE Appliances can help you with your Windows Migration project, please see:

An upcoming Dell webcast on end of XP support by Microsoft

A joint IDC and Dell KACE webinar on Windows Migration

A Dell Whitepaper on Windows Migration

 

Posted in Featured, New Posts, Tech Talk | Tagged , , , , , , | Leave a comment
Apr
5
2014

Dr. K’s Korner – Ideas For Success

 

This segment will take a look at Rich Trouton’s various shell scripting examples and how they might be useful when deploying OS X images. Rich is a Mac system admin and author of Der Flounder, an excellent resource for all things OS X administration. The following script examples can be found at Rich’s github repository. Many of these snippets will save you time from having to configure mundane settings or tweaking the more consumer oriented behavior of OS X. These scripts might be useful from the K1000, or the K2000- Depending on what you’re trying to accomplish, and when. Let’s dive into a few select portions of the scripting:

We can easily set/adjust a time zone during/after the imaging process so it’s set how we like it:

 # Run systemsetup -listtimezones to see what options you might want to use in $TimeZone- Example "US/Central" or "US/Eastern" # Set the time zone: /usr/sbin/systemsetup -settimezone $TimeZone

If ever we want to use a disk for Time Machine, we’ll set it up. No need to ask for every hard drive I attach. A simple bit of scripting that saves your help desk from getting calls whenever someone plugs in an external drive:

 # Disable Time Machine's pop-up message whenever an external drive is plugged in defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true

Unify the Finder display format every time it opens so users can be more productive:

# Configure Finder to use Column View defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.finder "AlwaysOpenWindowsInColumnView" -bool true 

An excellent security tweak, this locks down the environment so users can’t either intentionally or accidentally login as root and seriously cause some damage to the local system:

 # Disable root login by setting root's shell to /usr/bin/false dscl . -create /Users/root UserShell /usr/bin/false

SSH allows for some remote management, like VNC that you might want/need as an administrator:

# Turn SSH on systemsetup -setremotelogin on

Disabling Gatekeeper isn’t necessarily a great idea, but it might be desired in some situations:

# Turn off Gatekeeper spctl --master-disable

As you can see, Mr. Trouton’s scripts can save you a lot of time and money. If you need to do something to one Mac, there’s a fair chance you need to do it to more, so write a script and make it easy! We have barely scratched the surface of all of the different scripts available, so do check out the github repository in addition to the endless possibilities that you’ll find via your favorite search engine. If you want to do something to multiple devices, there’s probably a solution out there- don’t be afraid to try and/or ask in ITNinja forums.

Posted in New Posts, Tech Talk | Tagged , , , , , , | Leave a comment
Apr
3
2014

Mobile Devices in Education: A Comprehensive Management Approach

The wide use of mobile devices on campus networks is growing at a rapid pace. As tablets, laptops, and smartphones make their way into classrooms and curriculum, many K-12 school districts and high learning institutions are embracing the realty of mobile devices on their campuses.

 
Tablet with screen displaying a bookWith the accelerating adoption of mobile devices in education, both institution-owned and personal, IT departments are forced to rethink the way they manage end-user devices. The IT department needs to design a stable strategy for provisioning, securing and supporting the devices that will be accessing the institution’s network and resources.

This paper outlines an approach that Dell has developed and tested to meet the unique needs of education. Conceived as an easy-to-use solution for education institutions, it is designed to be simple to implement and manage, and to address a variety of mobile devices.

Download Mobile Devices in Education: A Comprehensive Management Approach today!

Posted in Featured, New Posts | Tagged , , | Leave a comment
Apr
3
2014

K2000 Kloser Look: How driver management works

Drivers are stored on the Samba shares within your K2000 Deployment Appliance. The K2000 exposes 2 driver-related shares:

  • Drivers
  • Drivers_Postinstall

What are these folders for? Each serves a different purpose, but in a nutshell- Drivers is for drivers used during OS install for either starting the installation, or providing drivers TO the installer; Drivers_Postinstall is used after the installation of a Scripted Install, in order to enable

DRIVERS folder: This folder contains a folder for every OS supported, and two folders for KBE (one for the KBE 32-bit and another for the KBE 64-bit).

What’s the difference in KBE folders/drivers and the rest? Well, KBE is Windows PE, and therefore it needs some minimal drivers in order to install Windows.
You may need to include the drivers for storage and network, but not much more. We only recommend including the bare minimum drivers needed for the KBE to be able to access the disks of the device that it is booting from, and the network driver to communicate to the K2000. Do not add to these folders drivers for video, sound or other devices.

Which driver’s platform I need to add for KBE? KBE (KACE boot environment) is a special version of Windows PE based on either Windows 7 or 8, so you need to download drivers for the PE version your boot environment is based upon. The following table clarifies the drivers you will need:

Using PE Version Drivers
WAIK for Windows 7 WinPE 3.0 Use drivers for Windows 7
ADK for Windows 8 WinPE 4.0 Use drivers for Windows 8
ADK for Windows 8.1 WinPE 5.0 Use drivers for Windows 8.1

IMPORTANT Due to the fact that there are only 2 folders for KBE drivers, one for the 32-bit and the other for the 64-bit version, and not a couple of folder for every type of WinPE/WAIK, remember that only one type of drivers at time can be in that folder. Do not mix Windows 7, Windows 8 and Windows 8.1 drivers in these folders.

Drivers_Postinstall folder: Under this folder you need to add all the drivers that the machine will need after the scripted install is finished (Its ‘normal life’) like storage, network, audio, video etc etc… If your machine is a Dell machine the Driver Feed functionality does most of the job for you; Library -> Driver Feed allows us to search for the device and OS to and download the driver packages. If your machine is not a Dell machine, or you need to add additional drivers, you will need to add them under this directory.

See more at: http://www.itninja.com/blog/view/a-syncretic-overview-on-management-works-in-k2000-3-5-3-6

Posted in New Posts, Tech Talk | Tagged , , , , | Leave a comment