Kaseya Fundamentals
Workshop
DAY TWO
Developed by
Kaseya University
Powered by
IT Scholars
Kaseya Version 6.2
Last updated on Jan. 24, 2012
How can you ask
your question?
• Type your question in the
GoToMeeting Chat
• From time to time, I will stop
to answer them
• If you have a burning
question, you can also raise
your hand to indicate that
you need an answer quickly!
• For offline questions, send
them to
[email protected]
4-Step Reinforcement Learning
• Step 1: Being Exposed!
– A new concept is introduced by the instructor. If you missed it,
you can watch the streaming videos before the next lecture.
• Step 2: Getting Involved! (Optional)
– If after listening to the lecture (or watching the videos in Step 1),
you have not yet comfortable with all the concepts, you can
practice using the interactive videos after the lecture is over.
• Step 3: Practice Makes Perfect!
– You can practice using your dedicated virtual lab during the
lecture sessions, following the steps introduced by the instructor.
If you fall behind, just listen to the lecture and take notes. You can
perform your lab assignments after the lecture is over.
• Step 4: Mastering the Concepts! (Optional)
– You can read about all the detailed functions available in each
Kaseya module by reading the corresponding book chapters. You
can then assess your knowledge by taking a quiz.
Important Notes
• Please Follow the Presentation
– Don’t worry if you can’t complete the LABs.
– You can finish the labs as homework.
• Review Steps
– Watch the streaming videos (Step 1)
– Work with the Interactive Videos (Step 2)
– Practice in Your Virtual Lab (Step 3)
• Check the correctness of your work by looking at
the screenshots included lab review slides at the
beginning of the next slide set.
– Scan the Book Chapter & Take the Quiz (Step 4)
Progress Check
It Is Your Turn!
• Are you logged into www.it-scholars.com?
If not, please login now.
• Have you started your virtual lab? If not,
please start your virtual labs for the next
3.5 hours.
Questions?
It Is Your Turn!
• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your
questions to [email protected] too.
• If you are falling behind the steps in the
lab, please just watch the presentation,
take some notes, and perform your labs
after the lecture.
Roadmap!
1.
Monday, Day One
4.
– Overview
– System Architecture
– Agents
2.
–
–
–
–
LAB Review
Agent Procedures
Remote Control
Live Connect
Tuesday, Day Two
– LAB Review
– Agent Template and Policy
Management Concepts
– Audit
– Patch Management
3.
Thursday, Day Four
Wednesday, Day Three
– LAB Review
– Monitor
– Ticketing
5.
Friday, Day Five
– LAB Review
– Agent Template vs. Policy
Management
– System
– Info Center
Kaseya Fundamentals
Workshop
LAB REVIEW
Part 1
• Define Organization Structure
– Define fiu-<USERNAME> as the organization
– Define SCIS, MR, GL and CEC as machine
groups for this organization.
Org & Machine Groups
Screenshot taken after Part1
Part 2 & 3
• Create agent deployment packages
– “package4mr-<USERNAME>”
– “package4scis-<USERNAME>”
– “package4gl-<USERNAME>”
– “package4cec-<USERNAME>”
• Deploy agents
– dc and pc1: Manually
– ws1: Using AD Users
– guest1: Using AD Computers
– laptop1: LAN Watch
Agent Deployment Packages
Screenshot taken after Part3
AD Users
Screenshot taken after Part3
AD Computers
Screenshot taken after Part3
LAN Watch
Screenshot taken after Part3
Agent Status
Screenshot taken after Part3
Agent Icon in System Tray
Screenshots taken after Part3
Part 4
• Define a “view” named “Windows 2003
Server-<USERNAME>” that once selected
will only show machines with Windows
Server 2003 operating system on them.
• Define another “view” named “XP<USERNAME>” that will only show
machines with the Windows XP operating
system on them.
• Make sure to check the correctness of this
newly created “views” by trying them.
Views: Windows 2003 Server
Screenshot taken after Part4
Views: XP
Screenshot taken after Part4
Part 5
• Customize Agent Menus
– Remove the agent icon from the servers
– On workstations, don’t allow users to exit
– Provide an option inside of the agent menu to
go to your company’s website
– Disable the “Disable Remote Control” option
and “Set Account” only on ws1, guest1, and
pc1.
Agent Menu
Screenshot taken after Part5
Part 6
• Use the Application Blocker to block solitaire.
Application Blocker
Screenshot taken after Part6
Part 7
• Generate a report through the Info Center
module showing the successful check-in
and install of agents using Agent Logs
report.
Agent Log Report
Screenshot taken after Part7
Progress Check
It Is Your Turn!
Are you done with all the Agent labs?
Have you checked the correctness of your
work?
Questions?
It Is Your Turn!
• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your
questions to [email protected] too.
• If you are falling behind the steps in the
lab, please just watch the presentation,
take some notes, and perform your labs
after the lecture.
Kaseya Fundamentals
Workshop
AUDIT
Three Types of Audits
• Baseline Audit
– The Baseline Audit captures the configuration of the
system in a known working state.
• System Audit
– The System Info captures the system’s information that
will rarely change (i.e., processor, disk drive, memory,
etc.).
• Latest Audit
– Latest Audit captures the most up-to-date
configuration of the system and you will configure it to
audit changes made to the machine on a daily basis.
AUDIT
• Baseline Audit and System Info should be
executed only once.
• Baseline Audit, System Info, and Latest
Audit are done by default when an AGENT
is installed on a machine.
• Future Topic - Use Policy Management
Module to schedule the LATEST AUDIT for a
specific Organization or Machine Group.
AUDIT
• Assumption
– The auditing has been completed and
scheduled
• Tasks
– View the audit information of the computers
View Audit
27. View all the tabs under the two groups, View Group Data and View
Individual Data. Note what type of information can be obtained
through audit and what it can be used for future applications.
Audit Summary
• View Audit Information.
– Audit Summary
• Provides a view of the data returned by audits of machines.
– Configure Column Sets
• Create NEW Column Sets
Revisit Machine Views
• Views (Machine Views)
• Review Imported Views from the IT Service
Delivery Kit.
• Review specific Machine Views
Review Inventory Information
• Perform an Inventory Data Walkthrough
– Machine Summary
– System Information
– Installed Applications
• All Executable Files
– Add/Remove programs
• Note the Uninstall String for each Application
– Software Licenses
– Documents
Progress Check
It Is Your Turn!
Do you know the different types of audit?
Do you know how they are different?
Should all different audit types run at the
same interval?
Questions?
It Is Your Turn!
• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your
questions to [email protected] too.
• If you are falling behind the steps in the
lab, please just watch the presentation,
take some notes, and perform your labs
after the lecture.
Kaseya Fundamentals
Workshop
Agent Template
vs.
Policy Management
Benefits of Agent Templates
• Consistency of Service delivery
• Standard Practice
• Kaseya Agent Basic Configurations is
pushed during initial Kaseya Agent
Installation
Benefits of Policy Management
• Consistency of Service delivery
• Standard Practice
• Ensure distributed systems are in
Compliance with IT policies
• Simplify the application and management
of policies based on Organizations or
Machine Groups.
Agent Template vs.
Policy management
• Agent Template will push agent
configuration settings during initial Kaseya
Agent Installation
• Policy Management will ensure that Agents
will follow certain Agent Policies.
– Allow for simplified policy enforcement across
distributed organizations.
• STAY TUNED…..
Agent Templates Settings
• Agent settings are copied during
installation of Kaseya Agent
– Agent Deployment Package can reference an
Agent Template
Agent Settings
•
•
•
•
•
Menu options
Credentials
Working Directory
Check-in Control
Other options
– Audit Scan / Patch Scan
– Event Log Settings
– Agent – Alerts
– Monitor Sets
– Agent Procedures
LAB
• Assumptions
– In the next few months a large number of
computers will be added to your environment
– You figured that there are only three type of
machines in your environment
• Tasks
– Develop three customized agent templates
that incorporate the required agent settings for
machines with similar roles
• Instructional lab computers
• Guest computers
• Servers
A Group for Agent Templates
•
1.
2.
3.
4.
Create a machine group for templates, called “Templates”.
Open the System module. Go to Orgs / Groups / Depts > Manage.
Verify if the Organization “FIU-<USERNAME>” is checked.
Click on Machine Group on the right hand side of the module.
Click on New.
A Group for Agent Templates
5.
Create a group by typing its name “Templates” under Machine
Group Name. Click Save.
Creating Agent Templates
•
6.
7.
8.
9.
10.
Create three agent templates: “Server”, “Instructional”, and “Guest”
Open the Agent module. Go to Install Agents > Create.
Type in “Server” in the textbox under New Machine ID.
Select “Templates” under the Group ID textbox.
Click on Create.
Repeat steps 6-9 for the “InstructionalTemplate” and
“GuestTemplate”.
Note
• An agent template will have an orange
square icon to emphasize the fact that
the agent template will never be installed
on a computer.
• Its sole purpose is to provide additional
customized settings for agents with similar
roles so that such setting can be added to
the settings of already deployed agents or
be used as part of an agent package.
Progress Check
It Is Your Turn!
Do you know how Agent Templates and
Policy Management are different?
When should you use Agent Templates?
When should you use Policy Management?
Have you created the three agent
templates?
Questions?
It Is Your Turn!
• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your
questions to [email protected] too.
• If you are falling behind the steps in the
lab, please just watch the presentation,
take some notes, and perform your labs
after the lecture.
Kaseya Fundamentals
Workshop
PATCH MANAGEMENT
Patch Management
•
•
•
•
•
Patch Scan
Patch Policy
File Source
Reboot Action
Patch Update
Background Story
• At this time, operating system patches are
applied on an individual basis.
• An organized and closely monitored
method is needed to facilitate and monitor
distribution and application of all necessary
patches to the managed computers.
• Kaseya's Patch Management module allows
you to accomplish all these tasks and
monitor patch activities.
Exercises
• Implement policies that will keep the
computers updated and avoid potential
security risks by having non-patched
computers within the environment.
• Set up Kaseya to scan all the computers to
allow the VSA to keep a detailed record as
to which patches have been installed.
• Configure Kaseya to download the patches
from one central server to save bandwidth
and decrease redundant network traffic.
LAB
• Tasks
– To keep an accurate record of all the patches
installed on each computer, it would be best to
schedule a scan, through Kaseya's VSA, to all
the computers.
– While this is not a heavy process, it would still
be best to schedule the scan during a time
when the computer is otherwise idle.
Patch Scan
•
1.
Using Scan Machine, schedule a scan to run every day at 3:00am on
all the agent templates.
Open the Patch Management module. Go to Manage Machines >
Scan Machine.
Patch Scan
1.
Go to Manage Machines > Scan Machine.
Patch Scan
2.
3.
Select all the agent templates.
Click on the Schedule button.
Patch Scan
4.
5.
Set the scan to run
Daily at 3:00am with a
Distribution window of
1 hour.
Click on Submit.
Progress Check
It Is Your Turn!
Have you scheduled a patch scan on all
your agent templates?
Have you run an initial patch scan on all
your machine?
Note: You need to do this at least once on
one Windows 2003 and one XP machines,
so that your KServer is aware of what
operating systems are in your network.
Questions?
It Is Your Turn!
• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your
questions to [email protected] too.
• If you are falling behind the steps in the
lab, please just watch the presentation,
take some notes, and perform your labs
after the lecture.
LAB
• Background information
– Policies are like templates in which you can
approve/deny a group of patches, or an
individual patch.
• Tasks
– Create two policies
• One for all the XP machines
• One for the Windows 2003 Server machines
– The policies should automatically apply
• All Security Updates approved on all machines
• All optional updates pending approval.
Note
• We create W2K3 and XP templates.
– If there were Windows 2008 servers or other
servers in the environment, it would be better
to name the policy for all the Windows servers
as just "Servers”
– By the same token, if the were other
workstations in the environment, it would be
better to name the policy for all the
workstations as just "Workstations".
Creating Patch Policy for W2K3
• Create a patch policy, W2K3-PM-Policy<USERNAME>
• Set it to apply all future Security Updates by
default.
• Everything else should be set to Pending
Approval.
• Use a filter to deny patches that are optional
and have not been superseded by other
updates.
Creating Patch Policy for W2K3
6.
7.
8.
Go to Patch Management > Patch Policy > Create/Delete.
Type “W2K3-PM-Policy-<USERNAME>” for the policy name.
Click on Create.
Creating Patch Policy for W2K3
9. Go to Patch Policy > Approval by Policy.
10. Select “W2K3-PM-Policy-<USERNAME>” under the Policy dropdown
list.
11. Click on the green checkmark for all the Security Update rows. The
Green checkmark is under the column Default Approval Status.
12. Make sure the other rows’ Default Approval Status is set to Pending
Approval.
13. Click on Total at the bottom of the table. A new page will load up.
Creating Patch Policy for W2K3
Note
• If the links on this page are not available or
some of the patch categories are not listed,
it basically means that you have not yet
done any patch scan on your machines.
• Make sure to perform a patch scan on dc
and one of the XP machines before defining
the patch policies.
Creating Patch Policy for W2K3
14. Click on Filter... A new window will open up.
Creating Patch Policy for W2K3
15. Select Optional Updates from the Classification / Type dropdown.
16. Select Not Superseded from the Superseded dropdown.
17. Click on Apply
Creating Patch Policy for W2K3
18. Click on Select All.
19. Click on Deny.
Creating Patch Policy for XP
• A patch policy, XP-PM-Policy-<USERNAME>
• Set it to all future Security Updates by default
• Everything else should be set to Pending
Approval.
Creating Patch Policy for XP
20. Go to Patch Management > Patch Policy > Create/Delete.
21. Type “XP-PM-Policy-<USERNAME>” for the policy name.
22. Click on Create.
Creating Patch Policy for XP
24. Select “XP-PM-Policy-<USERNAME>” under the Policy dropdown list.
25. Click on the green checkmark for all the Security Update rows..
26. Set the other rows’ Default Approval Status to Pending Approval.
Creating Patch Policy for XP
• Approve all Security Updates for all patch policies.
27. Go to Patch Management > Patch Policy > Approve By Patch.
28. Click on Edit next to Patch View. A new window will open up.
Creating Patch Policy for XP
29. Select All Security
Updates (High Priority)
from the Classification
/ Type dropdown.
30. Select Not Superseded
from the Superseded
dropdown.
31. Type “<USERNAME>
Patch View” in the
View Name textbox.
Click on Save.
Creating Patch Policy for XP
32. Click on Select All.
33. Click on Approve.
Patch Policy
• Policy / Group By Views
– Classification vs. Product Views
Note:
Between the two views
the Default Approval Status is
determined by:
Highest
Denied
--------------------Pending
Approval
Lowest
Approved
Null Patch Policy
• A null patch policy is one that all its patches
are set to the default Pending Approval
status.
• Note that once this policy is applied to any
machine, no patches would be approved,
as Pending Approval acts like denied, and
when combined with any other policies,
the result is not applying any patches.
• This is useful when you want, for example,
to temporarily not let any patches to be
installed on a group of machines.
Progress Check
It Is Your Turn!
Have you created the two patch policies?
Have you approved and denied the patches
for these two patch policies?
Do you know what is a Null Patch Policy?
Questions?
It Is Your Turn!
• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your
questions to [email protected] too.
• If you are falling behind the steps in the
lab, please just watch the presentation,
take some notes, and perform your labs
after the lecture.
LAB
• Background information
– Downloading all the patches to a file server
and distributing it to all the machines on
network will allow you to save bandwidth.
• Tasks
– Configure all the templates to pull from the file
server
• Using the UNC path \\192.168.0.10\PatchTemp
• Set the patch directory to “C:\PatchTemp” on the dc
• If the computer cannot access DC, it should then
download from the Internet.
Note
• Note that instead of \\dc\PatchTemp, we
use \\192.168.0.10\PatchTemp, as pc1 and
laptop1 cannot resolve “dc”, because they
are not part of the FIU domain.
• If you look at the network diagram, you can
see that 192.168.0.10 is actually the IP
address of one of the cards on dc.
• Yes, you could use the IP address of dc’s
other network card (i.e., 192.168.1.10)
instead too.
Setting Patch File Source
•
39.
40.
41.
42.
43.
44.
45.
46.
Using File Source set up all the machines so that they download their
updates from the DC. If the DC is unreachable, the machine should
then download it from the Internet. The UNC path should be
“\\dc\PatchTemp” while the local directory should be
“C:\PatchTemp”.
Open the Patch Management module. Go to Configure > File Source.
Select all the agent templates.
Select Pulled from file server using UNC path.
Type “\\dc\PatchTemp” next to Pulled from file server using UNC
path.
Select “fiu-<USERNAME>.mr” next to Machine Group Filter.
Select “dc.mr.fiu-<USERNAME>” next to File share located on.
Type in “C:\PatchTemp” next to in local directory.
Select the Download from Internet if machine is unable to connect
to the file server checkbox..Click on Apply.
Setting Patch File Source
LAB
• Background Information
– Certain updates require the Windows OS to
restart to finish installation.
• Tasks
– Set up the XP machines so that they restart
only when a user is not online.
– For servers, set up an email notification so that
you can plan the restart and notify in advance
the users of the server maintenance.
Setting Reboot Action
•
47.
48.
49.
50.
51.
Use Reboot Action to set the Guest and Instructor templates to Skip
reboot if user logged in immediately after applying new patches and
updates. Then, set the Server template to notify you immediately,
via email, when a reboot is required after applying new patches and
updates.
Open the Patch Management module. Go to Configure > Reboot
Action.
Select the Guest and Instructor templates.
Click on Skip reboot if user logged in.
Click on Apply.
Repeat steps 47-50 for the Server template. Set the Server template
to send the reboot notification to your personal email.
Why do we need to change the Server Template Reboot Action from the
default Skip reboot if user logged in?
Setting Reboot Action
Note
• Setting to skip reboot means it may take longer for the
patch to take effect, thus increasing the risk of
vulnerability.
• The instructional computers are set to reboot at night
automatically after an install, since no user work at night
and we do not worry about losing open files.
• However if the target machines were end user machines,
the best policy would be to set the workstations to "ask"
and reboot if not logged in.
• The KaUsrTsk.exe is the application that determines
whether a user is logged in or not.
LAB
• Assumptions
– We have setup the patch policies to our liking.
• Tasks
– We need to setup Kaseya to apply the patches
automatically to the machines.
Applying Patch Policies
52. Go to Patch Management > Manage Machines > Automatic Update.
Applying Patch Policies
53. Select all the template agents in the list
Applying Patch Policies
54. Click on Schedule
Applying Patch Policies
55. Click on Daily
56. Set the run time to
5:00 AM with a
distribution window
of 1 hour.
57. Click on Submit
LAB
• Assumptions
– All three agents templates contain all the patch
management settings.
• Tasks
– Push the settings captured in the templates to
all the currently deployed agents with the
similar roles.
Copy Settings
• Copy the settings from the templates to the
specified computers on the network.
– Server template will be used for the MR
building.
– Instructional template will be used for the SCIS
and CEC buildings.
– Guest template will be used for the GL
building.
Copy Settings
58. Open the Agent module. Go to Configure Agents > Copy Settings.
59. Click on select machine ID link and a new window will open up.
Copy Settings
60. Select “fiu-<USERNAME>.templates”.
61. Click on “Server” from the list of templates shown.
Copy Settings
62. Select All under Do Not Copy, Replace for Patch Settings, Patch File
Source and Patch Policy Memberships, Agent Procedure Schedules.
Copy Settings
•
Note: When you have a schedule in Agent Procedures activity on an
agent template, you need to make sure Agent Procedure Schedules is
selected in copy settings.
63. Select all the computers in the MR building and click on the Copy
button.
64. Repeat steps 52-57 for the Instructional and Guest templates.
Progress Check
It Is Your Turn!
Have you setup the File Source?
Did you apply the policies to the machines?
Did you see some patches to appear in the
File Source on dc?
Does the reboot actions are set as
instructed?
Questions?
It Is Your Turn!
• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your
questions to [email protected] too.
• If you are falling behind the steps in the
lab, please just watch the presentation,
take some notes, and perform your labs
after the lecture.
LAB
• Background Information
– Windows Automatic Update can interfere with the
functionality of Kaseya's Patch Management and must
be disabled.
• Tasks
– Disable Windows Automatic Update for all computers.
Note: In previous versions of Kaseya, Kaseya did not support
applying Windows auto update option to agent templates.
In the current version, however, this is supported.
Disabling Windows Auto Update
65. Open the Patch Management
module. Go to Configure >
Windows Auto Update.
66. Select all the computers.
67. Select Disable – Disable Windows
automatic Update to let patch
management control system
patching.
68. Click on Apply.
Note
• If the checkboxes are missing, please wait
5-10 minutes and refresh the page as the
Patch Scan is not completed yet.
• Checkboxes will not display for any
machine that either has an operating
system that does not support Windows
Automatic Updates, or for which an initial
Scan Machine has not been completed.
LAB
• Assumptions
– Microsoft has released a new KB article and it
entails a new version of Internet Explorer;
however, management has asked you not to
install it and to prevent future installations of it
via Windows Updates.
• Tasks
– Use KB Override to accomplish this task since it
will override all current patch policies and
future patches.
– KB article (KB944036) for IE8.
Denying a Patch Globally
•
69.
70.
71.
Prevent Internet Explorer from installing by using KB Override.
Go to Patch Management > Patch Policy > KB Override.
Type in “944036” in the KB Article textbox.
Click Deny.
Note
• If this patch has already been denied, it
means that another administrator who
shares this Kaseya server with you have
already performed this task.
• If this is the case, you can first remove it, by
clicking on the X icon, and add this setting
by going through the above steps.
• This way, you will make sure that your work
is reflected in the system logs for future
reference.
Initial Update
• One Time Patch Update
– Initial Update will complete a patch update
process on machines
• NOTE: All patches that are approved will be
installed. If no Patch Policy is assigned all patches
will be installed
• NOTE: It will automatically reboot the machines
without any warning.
Progress Check
It Is Your Turn!
Have you turned off the Windows auto
update?
Were you able to use the KB Override?
Questions?
It Is Your Turn!
• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your
questions to [email protected] too.
• If you are falling behind the steps in the
lab, please just watch the presentation,
take some notes, and perform your labs
after the lecture.
Roadmap!
1.
Monday, Day One
4.
–
–
–
–
– Overview
– System Architecture
– Agents
2.
LAB Review
Agent Procedures
Remote Control
Live Connect
Tuesday, Day Two
– LAB Review
– Agent Template and Policy
Management Concepts
– Audit
– Patch Management
3.
Thursday, Day Four
Wednesday, Day Three
– LAB Review
– Monitor
– Ticketing
5.
Friday, Day Five
– LAB Review
– Agent Template vs. Policy
Management
– System
– Info Center
THE END!